Add a data persistent disk in infra

mithril-infra/assets/startup-vm.sh

@@ -5,6 +5,7 @@ rm -f /startup-ready.txt
 
 # Update and install dependencies
 sudo apt update -y
+sudo apt upgrade -y
 sudo apt install -y jq tree ca-certificates curl gnupg lsb-release 
 
 # Install sqlite3
@@ -29,5 +30,8 @@ sudo chown "curry":"curry" /home/curry/.docker -R
 sudo chmod g+rwx "/home/curry/.docker" -R
 sudo service docker start
 
+# Remove curry user from sudo group
+sudo deluser curry sudo
+
 # Add /startup-ready.txt
 touch /startup-ready.txt

mithril-infra/main.data-disk.tf

@@ -0,0 +1,100 @@
+
+resource "google_compute_attached_disk" "data" {
+  depends_on = [
+    google_compute_instance.vm_instance,
+    google_compute_disk.data
+  ]
+
+  disk        = google_compute_disk.data.id
+  instance    = google_compute_instance.vm_instance.id
+  device_name = "mithril-data-disk"
+}
+
+resource "google_compute_disk" "data" {
+  depends_on = [
+    google_compute_instance.vm_instance
+  ]
+
+  name     = "${local.environment_name}-data"
+  type     = var.google_compute_instance_data_disk_type
+  zone     = var.google_zone
+  size     = var.google_compute_instance_data_disk_size
+  image    = var.google_compute_instance_data_disk_image
+  snapshot = var.google_compute_instance_data_disk_snapshot
+  labels = {
+    environment = local.environment_name
+    type        = "data"
+  }
+}
+
+resource "google_compute_resource_policy" "policy-data" {
+  name   = "${local.environment_name}-policy-data"
+  region = var.google_region
+  snapshot_schedule_policy {
+    schedule {
+      daily_schedule {
+        days_in_cycle = var.google_compute_instance_data_disk_snapshot_pace_days
+        start_time    = var.google_compute_instance_data_disk_snapshot_start_time
+      }
+    }
+    retention_policy {
+      max_retention_days    = var.google_compute_instance_data_disk_snapshot_max_retention_days
+      on_source_disk_delete = "KEEP_AUTO_SNAPSHOTS"
+    }
+  }
+}
+
+resource "null_resource" "mithril_mount_data_disk" {
+  depends_on = [
+    google_compute_attached_disk.data
+  ]
+
+  triggers = {
+    attached_disk = google_compute_attached_disk.data.id
+  }
+
+  connection {
+    type        = "ssh"
+    user        = "root"
+    private_key = local.google_service_account_private_key
+    host        = google_compute_address.mithril-external-address.address
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      <<-EOT
+# Format data disk if necessary
+if sudo blkid /dev/sdb; then 
+  echo "Data disk already formatted"
+else 
+  # Copy previous data folder if necessary
+  if [ -d "/home/curry/data" ]; then
+    echo "Copy previous data folder"
+    docker kill $(docker container ls -q)
+    mv /home/curry/data /home/curry/data.copy
+  fi
+
+  # Format data disk
+  echo "Format data disk"
+  mkfs.ext4 -m 0 -E lazy_itable_init=0,lazy_journal_init=0,discard /dev/disk/by-id/google-mithril-data-disk
+fi
+
+# Mount data disk
+echo "Mount data disk"
+mkdir -p /home/curry/data
+mount -o discard,defaults /dev/disk/by-id/google-mithril-data-disk /home/curry/data
+
+# Restore previous data folder if necessary
+if [ -d "/home/curry/data.copy" ]; then
+  echo "Restore previous data folder"
+  cp -R /home/curry/data.copy/* /home/curry/data/
+  rm -rf /home/curry/data.copy
+fi
+
+# Update rights of data directory
+chown "curry":"curry" /home/curry/data -R
+echo "Data disk mounted!"
+    EOT
+    ]
+  }
+}

mithril-infra/main.vm.tf

@@ -18,6 +18,10 @@ resource "google_compute_network" "vpc_network" {
 }
 
 resource "google_compute_instance" "vm_instance" {
+  depends_on = [
+    google_compute_disk.boot
+  ]
+
   name         = "${local.environment_name}-vm"
   machine_type = var.google_machine_type
   tags         = ["mithril", local.environment_name, var.environment_prefix, var.cardano_network]
@@ -31,7 +35,12 @@ resource "google_compute_instance" "vm_instance" {
   metadata_startup_script = file("./assets/startup-vm.sh")
 
   boot_disk {
-    source = google_compute_disk.boot.name
+    source      = google_compute_disk.boot.name
+    auto_delete = false
+  }
+
+  lifecycle {
+    ignore_changes = [attached_disk]
   }
 
   network_interface {
@@ -51,32 +60,33 @@ resource "google_compute_disk" "boot" {
   snapshot = var.google_compute_instance_boot_disk_snapshot
   labels = {
     environment = local.environment_name
+    type        = "boot"
   }
 }
 
-resource "google_compute_address" "mithril-external-address" {
-  name = "${local.environment_name}-ip"
-}
-
-resource "google_compute_resource_policy" "policy" {
-  name   = "${local.environment_name}-policy"
+resource "google_compute_resource_policy" "policy-boot" {
+  name   = "${local.environment_name}-policy-boot"
   region = var.google_region
   snapshot_schedule_policy {
     schedule {
       daily_schedule {
-        days_in_cycle = 1
-        start_time    = "04:00"
+        days_in_cycle = var.google_compute_instance_boot_disk_snapshot_pace_days
+        start_time    = var.google_compute_instance_boot_disk_snapshot_start_time
       }
     }
     retention_policy {
-      max_retention_days    = var.google_snapshot_max_retention_days
+      max_retention_days    = var.google_compute_instance_boot_disk_snapshot_max_retention_days
       on_source_disk_delete = "KEEP_AUTO_SNAPSHOTS"
     }
   }
 }
 
-resource "google_compute_disk_resource_policy_attachment" "attachment" {
-  name = google_compute_resource_policy.policy.name
+resource "google_compute_disk_resource_policy_attachment" "policy-attachment-boot" {
+  name = google_compute_resource_policy.policy-boot.name
   disk = google_compute_disk.boot.name
   zone = var.google_zone
 }
+
+resource "google_compute_address" "mithril-external-address" {
+  name = "${local.environment_name}-ip"
+}

mithril-infra/mithril.aggregator.tf

@@ -5,7 +5,8 @@ resource "null_resource" "mithril_aggregator" {
   ]
 
   triggers = {
-    image_id = var.mithril_image_id
+    image_id    = var.mithril_image_id,
+    vm_instance = google_compute_instance.vm_instance.id
   }
 
   connection {

mithril-infra/mithril.bootstrap.tf

@@ -1,9 +1,5 @@
 resource "null_resource" "mithril_bootstrap" {
 
-  /*depends_on = [
-    null_resource.vm_startup
-  ]*/
-
   connection {
     type        = "ssh"
     user        = "curry"
@@ -12,7 +8,8 @@ resource "null_resource" "mithril_bootstrap" {
   }
 
   triggers = {
-    image_id = var.mithril_image_id
+    image_id    = var.mithril_image_id,
+    vm_instance = google_compute_instance.vm_instance.id
   }
 
   provisioner "file" {

mithril-infra/mithril.monitoring.tf

@@ -4,6 +4,10 @@ resource "null_resource" "mithril_monitoring" {
     null_resource.mithril_reverse_proxy
   ]
 
+  triggers = {
+    vm_instance = google_compute_instance.vm_instance.id
+  }
+
   connection {
     type        = "ssh"
     user        = "curry"

mithril-infra/mithril.reverse-proxy.tf

@@ -1,10 +1,12 @@
 resource "null_resource" "mithril_reverse_proxy" {
   depends_on = [
-    null_resource.mithril_bootstrap
+    null_resource.mithril_bootstrap,
+    null_resource.mithril_mount_data_disk
   ]
 
   triggers = {
-    image_id = var.mithril_image_id
+    image_id    = var.mithril_image_id,
+    vm_instance = google_compute_instance.vm_instance.id
   }
 
   connection {

mithril-infra/mithril.signer.tf

@@ -12,7 +12,8 @@ resource "null_resource" "mithril_signer" {
   ]
 
   triggers = {
-    image_id = var.mithril_image_id
+    image_id    = var.mithril_image_id,
+    vm_instance = google_compute_instance.vm_instance.id
   }
 
   connection {

mithril-infra/variables.tf

@@ -61,6 +61,67 @@ variable "google_compute_instance_boot_disk_snapshot" {
   default     = ""
 }
 
+variable "google_compute_instance_boot_disk_snapshot_max_retention_days" {
+  type        = number
+  description = "Number of days after a boot disk snapshot is dropped"
+  default     = 30
+}
+
+variable "google_compute_instance_boot_disk_snapshot_pace_days" {
+  type        = number
+  description = "Pace of the boot disk snapshot in days"
+  default     = 1
+}
+
+variable "google_compute_instance_boot_disk_snapshot_start_time" {
+  type        = string
+  description = "Start time of the boot disk snapshot"
+  default     = "04:00"
+}
+
+
+variable "google_compute_instance_data_disk_size" {
+  type        = number
+  description = "Size of the data disk in GB"
+  default     = 250
+}
+
+variable "google_compute_instance_data_disk_type" {
+  type        = string
+  description = "Type of disk"
+  default     = "pd-standard"
+}
+
+variable "google_compute_instance_data_disk_image" {
+  type        = string
+  description = "Image of the data disk"
+  default     = ""
+}
+
+variable "google_compute_instance_data_disk_snapshot" {
+  type        = string
+  description = "Snapshot used to restore the data disk"
+  default     = ""
+}
+
+variable "google_compute_instance_data_disk_snapshot_max_retention_days" {
+  type        = number
+  description = "Number of days after a data disk snapshot is dropped"
+  default     = 30
+}
+
+variable "google_compute_instance_data_disk_snapshot_pace_days" {
+  type        = number
+  description = "Pace of the data disk snapshot in days"
+  default     = 1
+}
+
+variable "google_compute_instance_data_disk_snapshot_start_time" {
+  type        = string
+  description = "Start time of the data disk snapshot"
+  default     = "03:00"
+}
+
 variable "google_service_credentials_json_file" {
   type        = string
   description = "The credentials of the GCP service account"
@@ -72,12 +133,6 @@ variable "google_storage_bucket_max_age" {
   default     = 14
 }
 
-variable "google_snapshot_max_retention_days" {
-  type        = number
-  description = "Number of days after a disk snapshot is dropped"
-  default     = 30
-}
-
 locals {
   google_service_credentials_json_file_decoded = jsondecode(file(var.google_service_credentials_json_file))
   google_service_account_private_key           = local.google_service_credentials_json_file_decoded.private_key