mirror of
https://github.com/digital-asset/daml.git
synced 2024-11-10 10:46:11 +03:00
cfae2d88f5
* fixup terraform config Two changes have happened recently that have invalidated the current Terraform files: 1. The Terraform version has gone through a major, incompatible upgrade (#8190); the required updates for this are reflected in the first commit of this PR. 2. The certificate used to serve [Hoogle](https://hoogle.daml.com) was about to expire, so Edward created a new one and updated the config directly. The second commit in this PR updates the Terraform config to match that new, already-in-prod setting. Note: This PR applies cleanly, as there are no resulting changes in Terraform's perception of the target state from 1, and the change from 2 has already been applied through other channels. CHANGELOG_BEGIN CHANGELOG_END * update hoogle cert
263 lines
6.6 KiB
HCL
263 lines
6.6 KiB
HCL
# Copyright (c) 2021 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
resource "google_compute_network" "hoogle" {
|
|
name = "hoogle-network"
|
|
}
|
|
|
|
resource "google_compute_firewall" "hoogle" {
|
|
name = "hoogle-firewall"
|
|
network = google_compute_network.hoogle.name
|
|
target_tags = ["hoogle"]
|
|
|
|
source_ranges = ["130.211.0.0/22", "35.191.0.0/16"]
|
|
|
|
allow {
|
|
protocol = "tcp"
|
|
ports = ["8080", "8081"]
|
|
}
|
|
}
|
|
|
|
resource "google_compute_instance_template" "hoogle" {
|
|
name_prefix = "hoogle-"
|
|
machine_type = "n1-standard-1"
|
|
tags = ["hoogle"]
|
|
labels = local.machine-labels
|
|
|
|
disk {
|
|
boot = true
|
|
disk_size_gb = 20
|
|
source_image = "ubuntu-os-cloud/ubuntu-1604-lts"
|
|
}
|
|
|
|
metadata_startup_script = <<STARTUP
|
|
#! /bin/bash
|
|
set -euo pipefail
|
|
apt-get update
|
|
apt-get -y upgrade
|
|
### stackdriver
|
|
curl -sSL https://dl.google.com/cloudagents/install-logging-agent.sh | bash
|
|
### nginx
|
|
apt-get -y install nginx
|
|
cat > /etc/nginx/nginx.conf <<NGINX
|
|
user www-data;
|
|
worker_processes auto;
|
|
pid /run/nginx.pid;
|
|
events {
|
|
worker_connections 768;
|
|
}
|
|
http {
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
access_log /var/log/nginx/access.log;
|
|
error_log /var/log/nginx/error.log;
|
|
server {
|
|
listen 8081 default_server;
|
|
server_name _;
|
|
return 307 https://hoogle.daml.com\$request_uri;
|
|
}
|
|
}
|
|
NGINX
|
|
service nginx restart
|
|
### hoogle
|
|
apt-get -y install curl git
|
|
useradd hoogle
|
|
mkdir /home/hoogle
|
|
chown hoogle:hoogle /home/hoogle
|
|
cd /home/hoogle
|
|
curl -sSL https://get.haskellstack.org/ | sh
|
|
runuser -u hoogle bash <<HOOGLE_SETUP
|
|
git clone https://github.com/ndmitchell/hoogle.git
|
|
cd hoogle
|
|
git checkout 73fa6b5c156e0015e135a564e2821719611abe03
|
|
stack init --resolver=lts-14.7
|
|
stack build
|
|
stack install
|
|
export PATH=/home/hoogle/.local/bin:$PATH
|
|
mkdir daml
|
|
curl https://docs.daml.com/hoogle_db/base.txt --output daml/base.txt
|
|
hoogle generate --database=daml.hoo --local=daml
|
|
nohup hoogle server --database=daml.hoo --log=.log.txt --port=8080 >> out.txt &
|
|
HOOGLE_SETUP
|
|
cat > /home/hoogle/refresh-db.sh <<CRON
|
|
#!/usr/bin/env bash
|
|
set -euxo pipefail
|
|
log() {
|
|
echo "[\$(date -Is)] \$1" >> /home/hoogle/cron_log.txt
|
|
}
|
|
log "Checking for new DAML version..."
|
|
cd /home/hoogle/hoogle
|
|
mkdir new-daml
|
|
if ! curl --fail -s https://docs.daml.com/hoogle_db/base.txt --output new-daml/base.txt; then
|
|
curl -s https://docs.daml.com/hoogle_db.tar.gz --output db.tar.gz
|
|
tar xzf db.tar.gz -C new-daml --strip-components=1
|
|
fi
|
|
if ! diff -rq daml new-daml; then
|
|
log "New version detected. Creating database..."
|
|
rm -rf daml
|
|
mv new-daml daml
|
|
rm daml.hoo
|
|
/home/hoogle/.local/bin/hoogle generate --database=daml.hoo --local=daml
|
|
log "Killing running instance..."
|
|
killall hoogle
|
|
log "Stating new server..."
|
|
nohup /home/hoogle/.local/bin/hoogle server --database=daml.hoo --log=.log.txt --port=8080 >> out.txt &
|
|
log "New server started."
|
|
else
|
|
log "No change detected."
|
|
rm -rf new-daml
|
|
fi
|
|
log "Done."
|
|
CRON
|
|
chmod +x /home/hoogle/refresh-db.sh
|
|
chown hoogle:hoogle /home/hoogle/refresh-db.sh
|
|
echo "*/5 * * * * /home/hoogle/refresh-db.sh" | crontab -u hoogle -
|
|
STARTUP
|
|
|
|
network_interface {
|
|
network = google_compute_network.hoogle.name
|
|
access_config {}
|
|
}
|
|
|
|
service_account {
|
|
email = "log-writer@da-dev-gcp-daml-language.iam.gserviceaccount.com"
|
|
scopes = ["cloud-platform"]
|
|
}
|
|
|
|
scheduling {
|
|
automatic_restart = false
|
|
on_host_maintenance = "TERMINATE"
|
|
preemptible = true
|
|
}
|
|
|
|
lifecycle {
|
|
create_before_destroy = true
|
|
}
|
|
}
|
|
|
|
resource "google_compute_instance_group_manager" "hoogle" {
|
|
provider = google-beta
|
|
name = "hoogle"
|
|
base_instance_name = "hoogle"
|
|
zone = local.zone
|
|
target_size = "3"
|
|
|
|
version {
|
|
name = "hoogle"
|
|
instance_template = google_compute_instance_template.hoogle.self_link
|
|
}
|
|
|
|
named_port {
|
|
name = "https"
|
|
port = "8080"
|
|
}
|
|
|
|
named_port {
|
|
name = "http"
|
|
port = "8081"
|
|
}
|
|
|
|
auto_healing_policies {
|
|
health_check = google_compute_health_check.hoogle-https.self_link
|
|
|
|
# Compiling hoogle takes some time
|
|
initial_delay_sec = 2500
|
|
}
|
|
|
|
update_policy {
|
|
type = "PROACTIVE"
|
|
minimal_action = "REPLACE"
|
|
max_unavailable_fixed = 1
|
|
}
|
|
}
|
|
|
|
resource "google_compute_global_address" "hoogle" {
|
|
name = "hoogle"
|
|
ip_version = "IPV4"
|
|
}
|
|
|
|
resource "google_compute_health_check" "hoogle-http" {
|
|
name = "hoogle-http"
|
|
check_interval_sec = 1
|
|
timeout_sec = 1
|
|
|
|
tcp_health_check {
|
|
port = 8081
|
|
}
|
|
}
|
|
|
|
resource "google_compute_backend_service" "hoogle-http" {
|
|
name = "hoogle-http"
|
|
health_checks = [google_compute_health_check.hoogle-http.self_link]
|
|
port_name = "http"
|
|
|
|
backend {
|
|
group = google_compute_instance_group_manager.hoogle.instance_group
|
|
}
|
|
}
|
|
|
|
resource "google_compute_url_map" "hoogle-http" {
|
|
name = "hoogle-http"
|
|
default_service = google_compute_backend_service.hoogle-http.self_link
|
|
}
|
|
|
|
resource "google_compute_target_http_proxy" "hoogle-http" {
|
|
name = "hoogle-http"
|
|
url_map = google_compute_url_map.hoogle-http.self_link
|
|
}
|
|
|
|
resource "google_compute_global_forwarding_rule" "hoogle_http" {
|
|
name = "hoogle-http"
|
|
target = google_compute_target_http_proxy.hoogle-http.self_link
|
|
ip_address = google_compute_global_address.hoogle.address
|
|
port_range = "80"
|
|
}
|
|
|
|
resource "google_compute_health_check" "hoogle-https" {
|
|
name = "hoogle-https"
|
|
check_interval_sec = 1
|
|
timeout_sec = 1
|
|
|
|
tcp_health_check {
|
|
port = 8080
|
|
}
|
|
}
|
|
|
|
resource "google_compute_backend_service" "hoogle-https" {
|
|
name = "hoogle-https"
|
|
health_checks = [google_compute_health_check.hoogle-https.self_link]
|
|
port_name = "https"
|
|
|
|
backend {
|
|
group = google_compute_instance_group_manager.hoogle.instance_group
|
|
}
|
|
}
|
|
|
|
resource "google_compute_url_map" "hoogle-https" {
|
|
name = "hoogle-https"
|
|
default_service = google_compute_backend_service.hoogle-https.self_link
|
|
}
|
|
|
|
resource "google_compute_target_https_proxy" "hoogle-https" {
|
|
name = "hoogle-https"
|
|
url_map = google_compute_url_map.hoogle-https.self_link
|
|
|
|
ssl_certificates = [local.ssl_certificate_hoogle]
|
|
}
|
|
|
|
resource "google_compute_global_forwarding_rule" "hoogle_https" {
|
|
name = "hoogle-https"
|
|
target = google_compute_target_https_proxy.hoogle-https.self_link
|
|
ip_address = google_compute_global_address.hoogle.address
|
|
port_range = "443"
|
|
}
|
|
|
|
output "hoogle_address" {
|
|
value = google_compute_global_address.hoogle.address
|
|
}
|