From 26f3413597580dab902a224dbbfd4e647eea05bf Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Wed, 25 Oct 2023 13:31:04 +0200 Subject: buildfarm --- terraform/buildfarm/.terraform.lock.hcl | 43 ++++++++++++++++++++++++++ terraform/buildfarm/backend.tf | 12 ++++++++ terraform/buildfarm/buildfarm-redis.tf | 9 ++++++ terraform/buildfarm/buildfarm-server.tf | 41 +++++++++++++++++++++++++ terraform/buildfarm/buildfarm-worker01.tf | 50 +++++++++++++++++++++++++++++++ terraform/buildfarm/main.tf | 38 +++++++++++++++++++++++ terraform/buildfarm/terragrunt.hcl | 3 ++ terraform/conflatorio-docker/traefik.tf | 8 +++++ terraform/dns/vpn-cname.tf | 14 +++++++++ 9 files changed, 218 insertions(+) create mode 100644 terraform/buildfarm/.terraform.lock.hcl create mode 100644 terraform/buildfarm/backend.tf create mode 100644 terraform/buildfarm/buildfarm-redis.tf create mode 100644 terraform/buildfarm/buildfarm-server.tf create mode 100644 terraform/buildfarm/buildfarm-worker01.tf create mode 100644 terraform/buildfarm/main.tf create mode 100644 terraform/buildfarm/terragrunt.hcl diff --git a/terraform/buildfarm/.terraform.lock.hcl b/terraform/buildfarm/.terraform.lock.hcl new file mode 100644 index 0000000..378c8ed --- /dev/null +++ b/terraform/buildfarm/.terraform.lock.hcl @@ -0,0 +1,43 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/kreuzwerker/docker" { + version = "2.24.0" + constraints = "2.24.0" + hashes = [ + "h1:1z0/qA77T3PS/1m4vRO8UgWjHjk5/v+f3JfGbMyzX18=", + "zh:181fefd55c8eb75efe9815c43fdd76422b57951ef53b5d5f19273a00fdf0e2e2", + "zh:2ec84e029d169f188be2addf7f45c2555f226f67d4b6fb66c1749ed5b2c4a76a", + "zh:6f5cf945148485f57b919d31a30f1a5a93d45f4e8edfdb0b80b22258d51795d8", + "zh:8d00c2c459a48453f52a00a8d1ffdb7bcf72fe4b3b09ffcfd52218c4646fa7fa", + "zh:9bd6e06601e0a972b9ce01150e32e76b76b4caf1d9798daf4cf16d06e2a8d4a3", + "zh:af72591132dc8cd338f293e458403851e6b8a6ac4c4d25a3268940f9763df7aa", + "zh:c4a47c5c7ad2ff1fc5212e69c5ef837a127346264e46ce7b5d13362545e4aa70", + "zh:c6d68f33efcd3372331ed0d58ec49e8b01ddc132934b14d2d45977076950e4b3", + "zh:db228855ae7235095d367f3597719747e5be0dd9ce2206ea02062560b518c08a", + "zh:e8d6ce89642925f2e813d0b829bd5562582de37eaa39351e231ab474383e703a", + "zh:ec83d8c86a918d25eb824cc99f98924ef8949eb69aa40cb5ff2db24369e52d9c", + "zh:ee0032d3d86adeeca7fdd4922bb8db87dbb5cd0093c054ff8efe2260de0b624c", + "zh:f033b70f342f32eeb98c213e6fc7098d7afd22b3146a5cb6173c128b0e86d732", + "zh:f1bc3a2c4f152f8adc9a1f9c852496232ef31073b149945756c13bc9688cf08b", + ] +} + +provider "registry.terraform.io/lokkersp/sops" { + version = "0.6.10" + constraints = "0.6.10" + hashes = [ + "h1:atU8NIBxpNTWY+qBubvEOfjOn4K1aCDoq1iUFocgIHQ=", + "zh:0f053a26392a581b1f1ce6316cb7ed8ec4cc75e7f5f1cf7cfd45050b6b3c87ea", + "zh:207bb96c4471fce9aeb1b3c217d772692c3d865d294cf4d2501dad41de36a15e", + "zh:28506e8f1f3b9eaa95d99043440328044ee6340143535e5751538328a529d001", + "zh:3cae3bcea9e35fdc5b3f2af1b4580cd625c996448ad0c676c772260e46b25289", + "zh:3e44daaf82986c2b0028aeb17b867f3c68ed5dd8ac8625ba0406cf2a5fd3d92e", + "zh:457fb8ca2e677af24f9a4bdd8b613b1d7b604ad7133541657e5757c19268da71", + "zh:473d727c228f021a3df8cc8dcc6231ad7f90ed63f9e47c36b597d591e76228da", + "zh:48c4c1df39fd76ec8bd5fe9ac70cdc0927ac8be95582dbe46458b3442ce0fcd9", + "zh:728b19cb5c07e5e9d8b78fd94cc57d4c13582ecd24b7eb7c4cc2bf73b12fe4d1", + "zh:c51ed9af591779bb0910b82addeebb10f53428b994f8db653dd1dedcec60916c", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/terraform/buildfarm/backend.tf b/terraform/buildfarm/backend.tf new file mode 100644 index 0000000..4c06fb8 --- /dev/null +++ b/terraform/buildfarm/backend.tf @@ -0,0 +1,12 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +terraform { + backend "s3" { + bucket = "terraform-a6726272-73ff-11ed-8bdd-c79eb8376e05" + key = "buildfarm/terraform.tfstate" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + region = "eu-central-1" + endpoint = "eu-central-1.linodeobjects.com" + } +} diff --git a/terraform/buildfarm/buildfarm-redis.tf b/terraform/buildfarm/buildfarm-redis.tf new file mode 100644 index 0000000..231e6aa --- /dev/null +++ b/terraform/buildfarm/buildfarm-redis.tf @@ -0,0 +1,9 @@ +resource "docker_container" "redis" { + image = docker_image.redis.image_id + name = "buildfarm-redis" + must_run = true + + networks_advanced { + name = docker_network.buildfarm.name + } +} diff --git a/terraform/buildfarm/buildfarm-server.tf b/terraform/buildfarm/buildfarm-server.tf new file mode 100644 index 0000000..3399cb8 --- /dev/null +++ b/terraform/buildfarm/buildfarm-server.tf @@ -0,0 +1,41 @@ +resource "docker_container" "server" { + image = docker_image.server.image_id + name = "buildfarm-server" + must_run = true + + networks_advanced { + name = docker_network.buildfarm.name + } + + networks_advanced { + name = data.docker_network.traefik.name + } + + # ports { + # internal = 8090 + # external = 8090 + # protocol = "tcp" + # ip = "fdf3:aad9:a885:77dd::2" + # } + + # { label = "traefik.tcp.routers.buildfarm-server.rule", value = "Host(`buildfarm-server.vpn.trygvis.io`)" }, + + dynamic "labels" { + for_each = [ + { label = "traefik.enable", value = "true" }, + { label = "traefik.docker.network", value = data.docker_network.traefik.name }, + { label = "traefik.tcp.routers.buildfarm-server.rule", value = "HostSNI(`*`)" }, + { label = "traefik.tcp.routers.buildfarm-server.entrypoints", value = "buildfarm" }, + { label = "traefik.tcp.routers.buildfarm-server.service", value = "buildfarm-server" }, + { label = "traefik.tcp.services.buildfarm-server.loadbalancer.server.port", value = "8980" }, + ] + content { + label = labels.value["label"] + value = labels.value["value"] + } + } + + env = [ + "REDIS_URI=redis://${docker_container.redis.name}:6379", + ] +} diff --git a/terraform/buildfarm/buildfarm-worker01.tf b/terraform/buildfarm/buildfarm-worker01.tf new file mode 100644 index 0000000..e5da9e2 --- /dev/null +++ b/terraform/buildfarm/buildfarm-worker01.tf @@ -0,0 +1,50 @@ +locals { + worker01_name = "buildfarm-worker01" +} + +resource "docker_volume" "worker01" { + name = local.worker01_name + + driver_opts = { + type = "none" + device = "/pool1/buildfarm-worker01" + o = "bind" + } +} + +resource "docker_container" "worker01" { + image = docker_image.worker.image_id + name = local.worker01_name + must_run = true + + networks_advanced { + name = docker_network.buildfarm.name + } + + # dynamic "labels" { + # for_each = [ + # { label = "traefik.enable", value = "true" }, + # { label = "traefik.docker.network", value = data.docker_network.traefik.name }, + # { label = "traefik.http.routers.buildfarm-worker01.rule", value = "Host(`buildfarm-worker01.vpn.trygvis.io`)" }, + # { label = "traefik.http.routers.buildfarm-worker01.entrypoints", value = "websecure" }, + # { label = "traefik.http.routers.buildfarm-worker01.tls.certresolver", value = "linode" }, + # ] + # content { + # label = labels.value["label"] + # value = labels.value["value"] + # } + # } + + command = [ + "--public_name=${local.worker01_name}:8981" + ] + + env = [ + "REDIS_URI=redis://${docker_container.redis.name}:6379", + ] + + volumes { + volume_name = docker_volume.worker01.name + container_path = "/tmp/worker" + } +} diff --git a/terraform/buildfarm/main.tf b/terraform/buildfarm/main.tf new file mode 100644 index 0000000..d135adf --- /dev/null +++ b/terraform/buildfarm/main.tf @@ -0,0 +1,38 @@ +terraform { + required_version = "~> 1.3.5" + + required_providers { + docker = { + source = "kreuzwerker/docker" + version = "2.24.0" + } + sops = { + source = "lokkersp/sops" + version = "0.6.10" + } + } +} + +provider "docker" { + host = "ssh://conflatorio.vpn.trygvis.io" +} + +resource "docker_image" "redis" { + name = "redis:5.0.9" +} + +resource "docker_image" "server" { + name = "bazelbuild/buildfarm-server:v2.6.1" +} + +resource "docker_image" "worker" { + name = "bazelbuild/buildfarm-worker:v2.6.1" +} + +resource "docker_network" "buildfarm" { + name = "buildfarm" +} + +data "docker_network" "traefik" { + name = "traefik" +} diff --git a/terraform/buildfarm/terragrunt.hcl b/terraform/buildfarm/terragrunt.hcl new file mode 100644 index 0000000..e147285 --- /dev/null +++ b/terraform/buildfarm/terragrunt.hcl @@ -0,0 +1,3 @@ +include "root" { + path = find_in_parent_folders() +} diff --git a/terraform/conflatorio-docker/traefik.tf b/terraform/conflatorio-docker/traefik.tf index 8613394..d15ac5c 100644 --- a/terraform/conflatorio-docker/traefik.tf +++ b/terraform/conflatorio-docker/traefik.tf @@ -32,6 +32,13 @@ resource "docker_container" "traefik" { ip = "fdf3:aad9:a885:77dd::2" } + # for buildfarm-server + ports { + internal = 8980 + external = 8980 + ip = "fdf3:aad9:a885:77dd::2" + } + command = [ "--log.level=DEBUG", "--api=true", @@ -44,6 +51,7 @@ resource "docker_container" "traefik" { "--entrypoints.web.address=:80", "--entrypoints.web.http.redirections.entrypoint.to=websecure", "--entrypoints.web.http.redirections.entrypoint.scheme=https", + "--entrypoints.buildfarm.address=:8980", "--certificatesresolvers.linode.acme.dnschallenge.provider=linode", "--certificatesresolvers.linode.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53", "--certificatesresolvers.linode.acme.email=root@trygvis.io", diff --git a/terraform/dns/vpn-cname.tf b/terraform/dns/vpn-cname.tf index 1fcf29d..629d295 100644 --- a/terraform/dns/vpn-cname.tf +++ b/terraform/dns/vpn-cname.tf @@ -18,3 +18,17 @@ resource "linode_domain_record" "vpn-grafana" { record_type = "CNAME" target = "${linode_domain_record.vpn-conflatorio.name}.trygvis.io" } + +resource "linode_domain_record" "vpn-influxdb" { + domain_id = linode_domain.root.id + name = "influxdb.vpn" + record_type = "CNAME" + target = "${linode_domain_record.vpn-conflatorio.name}.trygvis.io" +} + +resource "linode_domain_record" "vpn-buildfarm-server" { + domain_id = linode_domain.root.id + name = "buildfarm-server.vpn" + record_type = "CNAME" + target = "${linode_domain_record.vpn-conflatorio.name}.trygvis.io" +} -- cgit v1.2.3