4095538acf
Our current Terraform setup attempts to create three static files on our GCS buckets. The issue is that these buckets are configured to automatically delete files that are older than X days, and there is no way to exclude specific files from that. Therefore, the created files disappear after some time, and running `terraform plan` suddenly looks like the infrastructure has changed. Moreover, the added value of these three files seems questionable: two of them provide `index.html` type of functionality for our two caches, whereas the third is automatically created by `nix` when pushing to the cache anyway (if it doesn't exist already). This PR also reduces the cache eviction time for the nix cache to 60 days, as a full year seemed a bit long. CHANGELOG_BEGIN CHANGELOG_END |
||
---|---|---|
.. | ||
modules/gcp_cdn_bucket | ||
.gitignore | ||
apply | ||
bazel_cache.tf | ||
data_bucket.tf | ||
dumps_bucket.tf | ||
hoogle_server.tf | ||
main.tf | ||
nix_cache.tf | ||
periodic_killer.tf | ||
README.md | ||
vsts_agent_linux_startup.sh | ||
vsts_agent_linux.tf | ||
vsts_agent_windows.tf | ||
writer.tf |
DAML
This is the terraform code used by the DAML repository to deploy supporting infrastructure such as the Bazel caches, Nix caches and Azure Pipeline (VSTS) Agents.
Setup
To deploy the infrastructure changes, you will to get access to the
da-dev-gcp-daml-language
Google project from DA IT. Then run
gcloud auth login
to configure the local credentials.
Deployment
All the infrastructure is currently deployed using Terraform. For convenience we have a little wrapper script that you can run to apply the latest changes:
$ ./apply
Writer service-account key
To avoid holding the secret key into the store, creating the key has to be done through the UI.
This can be done here: https://console.cloud.google.com/iam-admin/serviceaccounts/details/104272946446260011088?project=da-dev-gcp-daml-language
Setting up credentials
In order to interact with these Terraform files, you will need security to give
you access to the relevant GCP project (da-dev-gcp-daml-language
), and login
via gcloud
by running:
gcloud auth application-default login --account your.name@gcloud-domain.com