From faf1604308d982397e777111fe1c8d53be0f397f Mon Sep 17 00:00:00 2001 From: Gary Verhaegen Date: Wed, 3 Jan 2024 17:32:22 +0100 Subject: [PATCH] infra: remove stale GCP resources (#18082) --- infra/periodic_killer.tf | 101 --------------------------------------- infra/ubuntu.tf | 16 ------- infra/ubuntu_gcp.tf | 81 ------------------------------- infra/windows.tf | 14 ------ infra/windows_gcp.tf | 100 -------------------------------------- 5 files changed, 312 deletions(-) delete mode 100644 infra/periodic_killer.tf delete mode 100644 infra/ubuntu_gcp.tf delete mode 100644 infra/windows_gcp.tf diff --git a/infra/periodic_killer.tf b/infra/periodic_killer.tf deleted file mode 100644 index dc8c0bb6fb2..00000000000 --- a/infra/periodic_killer.tf +++ /dev/null @@ -1,101 +0,0 @@ -# Copyright (c) 2023 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved. -# SPDX-License-Identifier: Apache-2.0 -# -# This file defines a machine meant to destroy/recreate all our CI nodes every -# night. - -resource "google_service_account" "periodic-killer" { - account_id = "periodic-killer" -} - -resource "google_project_iam_custom_role" "periodic-killer" { - role_id = "killCiNodes" - title = "Permissions to list & kill CI nodes" - permissions = [ - "compute.instances.delete", - "compute.instances.list", - "compute.zoneOperations.get", - "compute.zones.list", - ] -} - -locals { - accounts_that_can_kill_machines = [ - # should reference google_project_iam_custom_role.periodic-killer.id or - # something, but for whatever reason that's not exposed. - "serviceAccount:${google_service_account.periodic-killer.email}", - - "user:gary.verhaegen@digitalasset.com", - "user:gerolf.seitz@digitalasset.com", - ] -} - -resource "google_project_iam_member" "periodic-killer" { - count = length(local.accounts_that_can_kill_machines) - project = local.project - role = google_project_iam_custom_role.periodic-killer.id - member = local.accounts_that_can_kill_machines[count.index] -} - -resource "google_compute_instance" "periodic-killer" { - count = 0 - name = "periodic-killer" - machine_type = "g1-small" - zone = "us-east4-a" - labels = local.machine-labels - - boot_disk { - initialize_params { - image = "ubuntu-1804-lts" - } - } - - network_interface { - network = "default" - - // Ephemeral IP to get access to the Internet - access_config {} - } - - service_account { - email = google_service_account.periodic-killer.email - scopes = ["cloud-platform"] - } - allow_stopping_for_update = true - - metadata_startup_script = < /root/log - -cat < /root/periodic-kill.sh -#!/usr/bin/env bash -set -euo pipefail -echo "\$(date -Is -u) start" - -MACHINES=\$(/snap/bin/gcloud compute instances list --format=json | jq -c '.[] | select(.name | startswith("ci-")) | [.name, .zone]') - -for m in \$MACHINES; do - MACHINE_NAME=\$(echo \$m | jq -r '.[0]') - MACHINE_ZONE=\$(echo \$m | jq -r '.[1]') - # We do not want to abort the script on error here because failing to - # reboot one machine should not prevent trying to reboot the others. - /snap/bin/gcloud -q compute instances delete \$MACHINE_NAME --zone=\$MACHINE_ZONE || true -done - -echo "\$(date -Is -u) end" -CRON - -chmod +x /root/periodic-kill.sh - -cat <> /etc/crontab -0 4 * * * root /root/periodic-kill.sh >> /root/log 2>&1 -CRONTAB - -tail -f /root/log - -STARTUP -} diff --git a/infra/ubuntu.tf b/infra/ubuntu.tf index bde791aa52a..8b3b866c17d 100644 --- a/infra/ubuntu.tf +++ b/infra/ubuntu.tf @@ -3,22 +3,6 @@ locals { ubuntu = { - gcp = [ - { - name = "ci-u1", - disk_size = 400, - size = 0, - assignment = "default", - nix = "su --command \"sh <(curl -sSfL https://nixos.org/nix/install) --daemon\" --login vsts" - }, - { - name = "ci-u2", - disk_size = 400, - size = 0, - assignment = "default", - nix = "su --command \"sh <(curl -sSfL https://nixos.org/nix/install) --daemon\" --login vsts" - }, - ], azure = [ { name = "du1", diff --git a/infra/ubuntu_gcp.tf b/infra/ubuntu_gcp.tf deleted file mode 100644 index d42238c8760..00000000000 --- a/infra/ubuntu_gcp.tf +++ /dev/null @@ -1,81 +0,0 @@ -# Copyright (c) 2023 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved. -# SPDX-License-Identifier: Apache-2.0 - -resource "google_compute_region_instance_group_manager" "vsts-agent-ubuntu_20_04" { - count = length(local.ubuntu.gcp) - provider = google-beta - name = local.ubuntu.gcp[count.index].name - base_instance_name = local.ubuntu.gcp[count.index].name - region = "us-east1" - target_size = local.ubuntu.gcp[count.index].size - - version { - name = local.ubuntu.gcp[count.index].name - instance_template = google_compute_instance_template.vsts-agent-ubuntu_20_04[count.index].self_link - } - - # uncomment when we get a provider >3.55 - #distribution_policy_target_shape = "ANY" - - update_policy { - type = "PROACTIVE" - minimal_action = "REPLACE" - max_surge_fixed = 3 - min_ready_sec = 60 - - instance_redistribution_type = "NONE" - } -} - -resource "google_compute_instance_template" "vsts-agent-ubuntu_20_04" { - count = length(local.ubuntu.gcp) - name_prefix = "${local.ubuntu.gcp[count.index].name}-" - machine_type = "c2-standard-8" - labels = local.machine-labels - - disk { - disk_size_gb = local.ubuntu.gcp[count.index].disk_size - disk_type = "pd-ssd" - source_image = "ubuntu-os-cloud/ubuntu-2004-lts" - } - - lifecycle { - create_before_destroy = true - } - - metadata = { - startup-script = templatefile("${path.module}/ubuntu_startup.sh", { - vsts_token = secret_resource.vsts-token.value - vsts_account = "digitalasset" - vsts_pool = "ubuntu_20_04" - size = local.ubuntu.gcp[count.index].disk_size - gcp_logging = <3.55 - #distribution_policy_target_shape = "ANY" - - update_policy { - type = "PROACTIVE" - minimal_action = "REPLACE" - - # minimum is the number of availability zones (3) - max_surge_fixed = 3 - - # calculated with: serial console last timestamp after boot - VM start - # 09:54:28 - 09:45:55 = 513 seconds - min_ready_sec = 520 - - instance_redistribution_type = "NONE" - } -} - -resource "google_compute_instance_template" "vsts-agent-windows" { - count = length(local.windows.gcp) - name_prefix = "${local.windows.gcp[count.index].name}-" - machine_type = "c2-standard-8" - labels = local.machine-labels - - disk { - disk_size_gb = local.windows.gcp[count.index].disk_size - disk_type = "pd-ssd" - - # find the image name with `gcloud compute images list` - source_image = "windows-cloud/windows-2016" - } - - # Drive D:\ for the agent work folder - disk { - disk_size_gb = local.windows.gcp[count.index].disk_size - disk_type = "pd-ssd" - } - - lifecycle { - create_before_destroy = true - } - - metadata = { - // Prepare the machine - windows-startup-script-ps1 = templatefile("${path.module}/windows_startup.ps1", { - vsts_token = nonsensitive(secret_resource.vsts-token.value) - vsts_account = "digitalasset" - vsts_pool = "windows-pool" - gcp_logging = <