mm3 terraform

terraform/README.md

@@ -0,0 +1,15 @@
+
+## Terraform to launch mm3 instance
+
+Modify the steps as necessary.  
+
+gcloud config configurations create cppal
+gcloud config configurations activate cppal
+gcloud config set project boostorg-project1
+gcloud config set account [email protected]
+
+gcloud auth application-default login
+
+terraform init
+terraform apply
+

terraform/example-instance.config

@@ -0,0 +1,93 @@
+
+# A more full example of a "google_compute_instance".
+# Most of these settings don't need to be specified.
+# Adjust as needed.
+# The main.tf file is more appropriate.
+
+provider "google" {
+  project = "boostorg-project1"
+  region  = "us-central1"
+  zone    = "us-central1-c"
+}
+
+resource "google_compute_instance" "example" {
+  allow_stopping_for_update  = null
+  can_ip_forward             = false
+  deletion_protection        = false
+  description                = null
+  desired_status             = null
+  enable_display             = false
+  hostname                   = null
+  key_revocation_action_type = "NONE"
+  labels                     = {}
+  machine_type               = "n2-standard-2"
+  metadata                   = {}
+  metadata_startup_script    = null
+  min_cpu_platform           = null
+  name                       = "lists"
+  resource_policies          = []
+  tags                       = ["elasticsearch", "munin", "nrpe", "email", "http-server", "https-server", "lb-health-check", "mailman3-core", "postgres-client", "prometheus"]
+  zone                       = "us-central1-c"
+  boot_disk {
+    auto_delete             = true
+    device_name             = "lists"
+    disk_encryption_key_raw = null # sensitive
+    interface               = null
+    kms_key_self_link       = null
+    mode                    = "READ_WRITE"
+    # source                  = "https://www.googleapis.com/compute/v1/projects/boostorg-project1/zones/us-central1-c/disks/mm3-test"
+    initialize_params {
+      enable_confidential_compute = false
+      image                       = "https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/images/ubuntu-2404-noble-amd64-v20241004"
+      labels                      = {}
+      provisioned_iops            = 0
+      provisioned_throughput      = 0
+      resource_manager_tags       = {}
+      resource_policies           = []
+      size                        = 50
+      storage_pool                = null
+      type                        = "pd-balanced"
+    }
+  }
+  confidential_instance_config {
+    confidential_instance_type  = null
+    enable_confidential_compute = false
+  }
+  network_interface {
+    internal_ipv6_prefix_length = 0
+    ipv6_address                = null
+    network                     = "https://www.googleapis.com/compute/v1/projects/boostorg-project1/global/networks/default"
+    network_ip                  = "10.128.0.15"
+    nic_type                    = null
+    queue_count                 = 0
+    stack_type                  = "IPV4_ONLY"
+    subnetwork                  = "https://www.googleapis.com/compute/v1/projects/boostorg-project1/regions/us-central1/subnetworks/default"
+    subnetwork_project          = "boostorg-project1"
+    access_config {
+      nat_ip                 = "104.154.182.161"
+      network_tier           = "PREMIUM"
+      public_ptr_domain_name = null
+    }
+  }
+  reservation_affinity {
+    type = "ANY_RESERVATION"
+  }
+  scheduling {
+    automatic_restart           = true
+    instance_termination_action = null
+    min_node_cpus               = 0
+    on_host_maintenance         = "MIGRATE"
+    preemptible                 = false
+    provisioning_model          = "STANDARD"
+  }
+  service_account {
+    email  = "[email protected]"
+    scopes = ["https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring.write", "https://www.googleapis.com/auth/service.management.readonly", "https://www.googleapis.com/auth/servicecontrol", "https://www.googleapis.com/auth/trace.append"]
+  }
+  shielded_instance_config {
+    enable_integrity_monitoring = true
+    enable_secure_boot          = false
+    enable_vtpm                 = true
+  }
+}
+

terraform/main.tf

@@ -0,0 +1,45 @@
+
+# A terraform configuration to launch a mailman service instance
+
+provider "google" {
+  project = "boostorg-project1"
+  region  = "us-central1"
+  zone    = "us-central1-a"
+}
+
+resource "google_compute_address" "lists_ip_address_ext" {
+  name = "lists-ip-address-ext"
+  address_type = "EXTERNAL"
+}
+
+resource "google_compute_address" "lists_ip_address_int" {
+  name = "lists-ip-address-int"
+  address_type = "INTERNAL"
+}
+
+resource "google_compute_instance" "example" {
+  machine_type               = "n2-standard-2"
+  name                       = "lists"
+  tags                       = ["elasticsearch", "munin", "nrpe", "email", "http-server", "https-server", "lb-health-check", "mailman3-core", "postgres-client", "prometheus"]
+  zone                       = "us-central1-c"
+  boot_disk {
+    auto_delete             = true
+    device_name             = "lists"
+    mode                    = "READ_WRITE"
+    initialize_params {
+      image                       = "https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/images/ubuntu-2404-noble-amd64-v20241004"
+      size                        = 150
+      type                        = "pd-balanced"
+    }
+  }
+  network_interface {
+    network                     = "default"
+    network_ip                  = google_compute_address.lists_ip_address_int.address
+    stack_type                  = "IPV4_ONLY"
+    access_config {
+      nat_ip = google_compute_address.lists_ip_address_ext.address
+      network_tier           = "PREMIUM"
+    }
+  }
+}
+