-
Notifications
You must be signed in to change notification settings - Fork 2
/
host.tf
135 lines (111 loc) · 3.5 KB
/
host.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
provider "google" {
project = var.gcp_project
region = var.gcp_region
}
variable "gcp_project" {}
variable "host_count" {
}
variable "gcp_region" {
default = "europe-west3"
}
variable "gcp_zone" {
default = "a"
}
variable "host_type" {
default = "n2-standard-16"
}
output "zone" {
value = local.zone
}
output "host_ip_internal" {
value = google_compute_instance.komet-host.*.network_interface.0.network_ip
}
output "host_name" {
value = formatlist("%s.%s.%s", google_compute_instance.komet-host.*.name, local.zone, var.gcp_project)
}
output "host_id" {
value = google_compute_instance.komet-host.*.name
}
output "project" {
value = var.gcp_project
}
# the zone variable must be within the region
# hence this weird setup
locals {
zone = "${var.gcp_region}-${var.gcp_zone}"
}
# we use a version of Ubuntu 22.04 LTS
# this data item gives us the latest available image
data "google_compute_image" "ubuntu2204image" {
family = "ubuntu-2204-lts"
project = "ubuntu-os-cloud"
}
# we want our instances to be able to talk to each other directly
# hence we add them all to a dedicated network
resource "google_compute_network" "komet-network" {
name = "komet-network"
description = "This network connects Celestial hosts."
auto_create_subnetworks = true
}
resource "google_compute_firewall" "komet-net-firewall-internal" {
name = "komet-net-firewall-internal"
description = "This firewall allows internal communication in the network."
direction = "INGRESS"
network = google_compute_network.komet-network.id
source_tags = ["komet-host"]
allow {
protocol = "all"
}
}
# we also need to enable ingress to our machines
resource "google_compute_firewall" "komet-net-firewall-external" {
name = "komet-net-firewall-external"
description = "This firewall allows external connections to our instance for ssh."
network = google_compute_network.komet-network.id
direction = "INGRESS"
source_ranges = ["0.0.0.0/0"]
allow {
protocol = "tcp"
ports = ["22"]
}
}
# reserve a static external IP address
# makes rebooting the host easier
resource "google_compute_address" "komet-host-ip" {
name = "komet-host-ip-${count.index}"
count = var.host_count
}
# we need to create an image for our hosts
# this needs a custom license to use nested virtualization
resource "google_compute_image" "komet-host-image" {
name = "komet-host-image"
source_image = data.google_compute_image.ubuntu2204image.self_link
licenses = ["https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/licenses/ubuntu-2204-lts", "https://www.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx"]
}
# the host instance runs Ubuntu 22.04
resource "google_compute_instance" "komet-host" {
name = "komet-host-${count.index}"
machine_type = var.host_type
zone = local.zone
count = var.host_count
allow_stopping_for_update = true
boot_disk {
initialize_params {
size = 128 # 64GB for swap, 64GB for files
image = google_compute_image.komet-host-image.self_link
type = "pd-ssd"
}
}
# adapter for internal network
network_interface {
network = google_compute_network.komet-network.id
# use the static IP address
access_config {
nat_ip = google_compute_address.komet-host-ip[count.index].address
}
}
service_account {
scopes = ["cloud-platform"]
}
tags = ["komet-host"]
}