From f6711fca235d369f7cbede51c12a607aad9b281f Mon Sep 17 00:00:00 2001 From: sdarwin Date: Thu, 7 Nov 2024 08:39:45 -0700 Subject: [PATCH] mm3 terraform --- terraform/README.md | 15 +++++ terraform/example-instance.config | 93 +++++++++++++++++++++++++++++++ terraform/main.tf | 45 +++++++++++++++ 3 files changed, 153 insertions(+) create mode 100644 terraform/README.md create mode 100644 terraform/example-instance.config create mode 100644 terraform/main.tf diff --git a/terraform/README.md b/terraform/README.md new file mode 100644 index 0000000..6799532 --- /dev/null +++ b/terraform/README.md @@ -0,0 +1,15 @@ + +## Terraform to launch mm3 instance + +Modify the steps as necessary. + +gcloud config configurations create cppal +gcloud config configurations activate cppal +gcloud config set project boostorg-project1 +gcloud config set account sam@cppalliance.org + +gcloud auth application-default login + +terraform init +terraform apply + diff --git a/terraform/example-instance.config b/terraform/example-instance.config new file mode 100644 index 0000000..796dd14 --- /dev/null +++ b/terraform/example-instance.config @@ -0,0 +1,93 @@ + +# A more full example of a "google_compute_instance". +# Most of these settings don't need to be specified. +# Adjust as needed. +# The main.tf file is more appropriate. + +provider "google" { + project = "boostorg-project1" + region = "us-central1" + zone = "us-central1-c" +} + +resource "google_compute_instance" "example" { + allow_stopping_for_update = null + can_ip_forward = false + deletion_protection = false + description = null + desired_status = null + enable_display = false + hostname = null + key_revocation_action_type = "NONE" + labels = {} + machine_type = "n2-standard-2" + metadata = {} + metadata_startup_script = null + min_cpu_platform = null + name = "lists" + resource_policies = [] + tags = ["elasticsearch", "munin", "nrpe", "email", "http-server", "https-server", "lb-health-check", "mailman3-core", "postgres-client", "prometheus"] + zone = "us-central1-c" + boot_disk { + auto_delete = true + device_name = "lists" + disk_encryption_key_raw = null # sensitive + interface = null + kms_key_self_link = null + mode = "READ_WRITE" + # source = "https://www.googleapis.com/compute/v1/projects/boostorg-project1/zones/us-central1-c/disks/mm3-test" + initialize_params { + enable_confidential_compute = false + image = "https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/images/ubuntu-2404-noble-amd64-v20241004" + labels = {} + provisioned_iops = 0 + provisioned_throughput = 0 + resource_manager_tags = {} + resource_policies = [] + size = 50 + storage_pool = null + type = "pd-balanced" + } + } + confidential_instance_config { + confidential_instance_type = null + enable_confidential_compute = false + } + network_interface { + internal_ipv6_prefix_length = 0 + ipv6_address = null + network = "https://www.googleapis.com/compute/v1/projects/boostorg-project1/global/networks/default" + network_ip = "10.128.0.15" + nic_type = null + queue_count = 0 + stack_type = "IPV4_ONLY" + subnetwork = "https://www.googleapis.com/compute/v1/projects/boostorg-project1/regions/us-central1/subnetworks/default" + subnetwork_project = "boostorg-project1" + access_config { + nat_ip = "104.154.182.161" + network_tier = "PREMIUM" + public_ptr_domain_name = null + } + } + reservation_affinity { + type = "ANY_RESERVATION" + } + scheduling { + automatic_restart = true + instance_termination_action = null + min_node_cpus = 0 + on_host_maintenance = "MIGRATE" + preemptible = false + provisioning_model = "STANDARD" + } + service_account { + email = "672562504125-compute@developer.gserviceaccount.com" + scopes = ["https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring.write", "https://www.googleapis.com/auth/service.management.readonly", "https://www.googleapis.com/auth/servicecontrol", "https://www.googleapis.com/auth/trace.append"] + } + shielded_instance_config { + enable_integrity_monitoring = true + enable_secure_boot = false + enable_vtpm = true + } +} + diff --git a/terraform/main.tf b/terraform/main.tf new file mode 100644 index 0000000..0f758ee --- /dev/null +++ b/terraform/main.tf @@ -0,0 +1,45 @@ + +# A terraform configuration to launch a mailman service instance + +provider "google" { + project = "boostorg-project1" + region = "us-central1" + zone = "us-central1-a" +} + +resource "google_compute_address" "lists_ip_address_ext" { + name = "lists-ip-address-ext" + address_type = "EXTERNAL" +} + +resource "google_compute_address" "lists_ip_address_int" { + name = "lists-ip-address-int" + address_type = "INTERNAL" +} + +resource "google_compute_instance" "example" { + machine_type = "n2-standard-2" + name = "lists" + tags = ["elasticsearch", "munin", "nrpe", "email", "http-server", "https-server", "lb-health-check", "mailman3-core", "postgres-client", "prometheus"] + zone = "us-central1-c" + boot_disk { + auto_delete = true + device_name = "lists" + mode = "READ_WRITE" + initialize_params { + image = "https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/images/ubuntu-2404-noble-amd64-v20241004" + size = 150 + type = "pd-balanced" + } + } + network_interface { + network = "default" + network_ip = google_compute_address.lists_ip_address_int.address + stack_type = "IPV4_ONLY" + access_config { + nat_ip = google_compute_address.lists_ip_address_ext.address + network_tier = "PREMIUM" + } + } +} +