battlecode · nour-massri · Apr 13, 2025 · Apr 8, 2025 · Apr 13, 2025 · Apr 13, 2025
diff --git a/deploy/.gitignore b/deploy/.gitignore
@@ -32,3 +32,6 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+
+#private key for cpw vm ssh
+*.pem
diff --git a/deploy/cpw/main.tf b/deploy/cpw/main.tf
@@ -1,25 +1,56 @@
 resource "google_service_account" "this" {
   account_id   = "${var.name}-agent"
-  display_name = "Saturn Agent"
-  description  = "Service account for performing Saturn actions"
+  display_name = "CPW Agent"
+  description  = "Service account for performing CPW actions"
+}
+
+resource "tls_private_key" "ssh" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+# Create a secret for the SSH private key
+resource "google_secret_manager_secret" "ssh_private_key" {
+  secret_id = "${var.secret_id}"
+
+  replication {
+    automatic = true
+  }
+}
+
+# Store the SSH private key in the secret
+resource "google_secret_manager_secret_version" "ssh_private_key" {
+  secret      = google_secret_manager_secret.ssh_private_key.id
+  secret_data = tls_private_key.ssh.private_key_pem
+
+  depends_on = [google_secret_manager_secret.ssh_private_key]
 }
 
 resource "google_project_iam_member" "log" {
   project = var.gcp_project
   role    = "roles/logging.logWriter"
   member  = "serviceAccount:${google_service_account.this.email}"
+
+  depends_on = [google_service_account.this]
 }
 
 resource "google_project_iam_member" "monitoring" {
   project = var.gcp_project
   role    = "roles/monitoring.metricWriter"
   member  = "serviceAccount:${google_service_account.this.email}"
+
+  depends_on = [google_service_account.this]
 }
 
 resource "google_secret_manager_secret_iam_member" "this" {
   secret_id = var.secret_id
   role      = "roles/secretmanager.secretAccessor"
   member    = "serviceAccount:${google_service_account.this.email}"
+
+  depends_on = [
+    google_service_account.this,
+    google_secret_manager_secret.ssh_private_key
+  ]
 }
 
 # Create an isolated VPC for the cpw VM
@@ -28,6 +59,7 @@ resource "google_compute_network" "cpw" {
   auto_create_subnetworks = false
   routing_mode            = "REGIONAL"
 
+  depends_on = [google_compute_network.cpw]
 }
 
 # Create a subnet within the isolated VPC
@@ -57,6 +89,8 @@ resource "google_compute_firewall" "ssh" {
 
   source_ranges = ["0.0.0.0/0"]  # Consider restricting this for security
   target_tags   = ["${var.name}-ssh"]
+
+  depends_on = [google_compute_network.cpw]
 }
 
 # Allow websocket connections from cpw.battlecode.org
@@ -73,17 +107,6 @@ resource "google_compute_firewall" "websocket" {
   target_tags   = ["${var.name}-websocket"]
 }
 
-module "container" {
-  source  = "terraform-google-modules/container-vm/google"
-  version = "~> 2.0"
-
-  container = {
-    image = var.image
-    args  = [
-    ]
-  }
-}
-
 resource "google_compute_instance" "this" {
   name         = var.name
   machine_type = var.machine_type
@@ -93,7 +116,7 @@ resource "google_compute_instance" "this" {
 
   boot_disk {
     initialize_params {
-      image = module.container.source_image
+      image = var.image
       size  = var.disk_size
     }
   }
@@ -118,33 +141,16 @@ resource "google_compute_instance" "this" {
   }
 
   metadata = {
-    gce-container-declaration = module.container.metadata_value
     google-logging-enabled    = true
     google-monitoring-enabled = true
     ssh-keys = "ubuntu:${tls_private_key.ssh.public_key_openssh}"
   }
-
-  depends_on = [
+    depends_on = [
+    google_service_account.this,
     google_secret_manager_secret_iam_member.this,
+    google_compute_subnetwork.this,
+    google_compute_address.static,
+    tls_private_key.ssh,
+    google_secret_manager_secret_version.ssh_private_key
   ]
 }
-
-resource "tls_private_key" "ssh" {
-  algorithm = "RSA"
-  rsa_bits  = 4096
-}
-
-# Create a secret for the SSH private key
-resource "google_secret_manager_secret" "ssh_private_key" {
-  secret_id = "${var.name}-ssh-private-key"
-
-  replication {
-    automatic = true
-  }
-}
-
-# Store the SSH private key in the secret
-resource "google_secret_manager_secret_version" "ssh_private_key" {
-  secret      = google_secret_manager_secret.ssh_private_key.id
-  secret_data = tls_private_key.ssh.private_key_pem
-}
diff --git a/deploy/main.tf b/deploy/main.tf
@@ -140,7 +140,7 @@ module "staging_network" {
 
 module "cpw" {
   source      = "./cpw"
-  name        = "cpwc"
+  name        = "cpw"
   gcp_project = var.gcp_project
   gcp_region  = var.gcp_region
   gcp_zone    = var.gcp_zone
@@ -150,7 +150,7 @@ module "cpw" {
   subnetwork_ip_cidr  = "10.0.4.0/24"
   secret_id           = "cpw-ssh-key"
   machine_type        = "n2-standard-4" #4 vCPUs, 16GB RAM
-  image               = "ubuntu-os-cloud/ubuntu-2204-lts"
+  image               = "projects/debian-cloud/global/images/family/debian-11"
   disk_size           = 50
 }