diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index e887c57..5e3291b 100755 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -2,42 +2,42 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/cloudflare/cloudflare" { - version = "2.14.0" - constraints = "2.14.0" + version = "2.18.0" + constraints = "2.18.0" hashes = [ - "h1:cUJO7MT2DtUMjK2FtXwEcjqg6kv1TIqEs1gNXqdP4LE=", - "zh:061d269ab25d0a9b0bc72f7833c72f71facd467e3c3e40c8ab6e2de9fa6b6818", - "zh:299299f7881097367cc619b30ea9e1cdc3f575da2513b155897ed5339ee606d3", - "zh:52f9c07667cd6f67ee0f80725fc45b067ecfbba08f0af66f808b06b0ccc88c20", - "zh:54fbbf932c6ab5681ad96bd5d2111642c65379e2fe5239aa717a47a07831bee7", - "zh:6edd716fde5dea1a1eed955c9d87893871462716d8069e5960072536e343fa57", - "zh:6fc6bfc4ef7a8a105f1b1722442413efed7a496eaef768328e362f412a832ad9", - "zh:8473d2db5cc55859facc6ef00c3757d19d88ea49e9144f8f7997030fccbcfe02", - "zh:91a2b18020939457d62b4596193474c096fc86f64f9990261389b0e7ef01819e", - "zh:afe1708986117da60e1790ec274083e7c3921ee20f9389eca1e34b4aeee7f7b9", - "zh:f7a54f5c3ddc212a56f43669a754d0c3552e76a6154cdf747bdbdeae80338796", - "zh:f8ec3bebbbc52caca49030a65c2ffa79cea046516035832181388037065ff5e7", + "h1:eh776Jlk6M4CIH5Z9bA+knSN3iAhim1NtPXzSdbjdKo=", + "zh:4121da1ad26081552e3a648e94c89df96e246d50c6e307fe5eba586664691de0", + "zh:4212865eeb42f491d3409f1b9edbb508dbc781a12144c4cb157a8057965144fb", + "zh:4965fad90d5caf7917e0f7617d76a5d3419ca3f003e408f6e58af5e53f20b1ba", + "zh:59d5dedb2b9c9b0a3fc5ad07fce4b1aefeaef5229dbe510e7f0f9f99bbb448aa", + "zh:6746bfa2cfe6005b64286ccf9fcc5b25d1dc29d1448fe9b4f9acf7d3f7f05f79", + "zh:78dd4811b35ea04f0ab11a0c7c600e8fe7f30e7645d8fc60d1d02272fa85568b", + "zh:c7a7adf710bbf686d879825428f9ba92ec35fcb44742ffac5ea9b9538c43a19a", + "zh:cd8827681b957a9a28cb8139414fd8430f228ff736be251c32ae26d8b146bfad", + "zh:cf398859858618b5569b2ad3e84ee5550836b70083b1e7bcf3ba8398ff06e247", + "zh:eb11da2096aea02c792dfe1a5e3605e711102401d03a722b8ae16223245e7f70", + "zh:fc8d289e98dfa3e846b2c737cfdd821a6e1836a062e5453265d1dbb1e35433f1", ] } provider "registry.terraform.io/digitalocean/digitalocean" { - version = "2.3.0" - constraints = "2.3.0" + version = "2.5.1" + constraints = "2.5.1" hashes = [ - "h1:Kmcj3ajzt/lSQkbQwcjzUNK2RXXcHNDCs44LfDhZnaM=", - "zh:1c0f68715cf0b84ab40ab08aa59232037325cffc2896ba109cae73c81ab021e9", - "zh:306599aec6637c92349abb069d8fea3ebac58f52f61707956320a405f57e4a84", - "zh:31db532f05e55cb52d61c12c10197dca48dc8809a4f9cc4a935d3161546968ca", - "zh:3dba438c0167e5dcf09115f8d2c33c0a821e6b27e83ec6ccaac5fcb557a50bbb", - "zh:770c906ab3eeb5c24c5b8bbcca3b18f137d5ac817bd73fa5c9146eb4a9d891d6", - "zh:9221f2d275c776382234882d534a1147db04a8be490c023eb08c9a1e579db021", - "zh:a4e25e5dd2ad06de6c7148a270b1178b6298846405ce66b9b4ca51ea35b66907", - "zh:b3c5555e0c55efaa91de245e6d69e7140665554d2365db2f664802a36b59e0a8", - "zh:c510655b6c5de0227babba5a8bb66a8c3d92af94e080ec1c39bde9509a2aa1a6", - "zh:d04a135d9bf32c1a55abaaeb719903f4f67797434dd6d9f3219245f62a9a66be", - "zh:dd5b99bec9425eb670be5d19b17336d0fa9b894649dac77eac532e4c626616f5", - "zh:e57614fb9f3fbf774a9258a197840f40d0f343e8183eef7a842286a87cfc48d7", - "zh:fee52e736edc5ef4088cedae6507790f35e4ee8a078bff1ef894a51dd65d058d", + "h1:UMxJ1MfOdamlVx4AGInfiZu5mCJyi5PW+8ct03kEQZs=", + "zh:057b8fa0f95213e7d856208d456175335fb673cfef14abf41193f0a2d76e1210", + "zh:0daee13dd46de95ce2550459942c1433290798bfb5faac12781f81799dd6b05c", + "zh:13778c00db5c43b2ed5781e2de32d73f34b391c865a52ad3380714bf86251785", + "zh:2b2bbb1b057c8bf15804a9fd47c30f30b39bcd7ed478bfcad11e221c654f5d02", + "zh:43284d2b1a356f541723a46219812590d24742558ef4111eda545212fd60f011", + "zh:6a6e13b55f9aa889e3162d75cb3e585116e8a0d12084629af38f68cdac6aa777", + "zh:6fa3dbbad99a075768e9449fc6082769da1b76ae31a8e296ae50899835e859a1", + "zh:79336598d190f511cf3d3323b49081474669d0daa9c1c0d3b21475110ad97bd9", + "zh:84c4c8d29820229bd94f7d3c5310f1f7208b97e7d4efca2c8e24ae0c0e032267", + "zh:86926853140d9072986d2cb8ff4693784abd5f5d241b8cec402dfad77d8060ed", + "zh:95a896f51656b51519b10edf38f11eb766de60297b8551dc0d14a4041dd16d6f", + "zh:d163da24466cd60eed4749fef56c6593cc6e33be2e210e1b57edfd1c968aa742", + "zh:e830649afac9e505603002f8a76b2441a0a41c96c6516609e2c07ce0c45f9dc3", ] } @@ -59,3 +59,4 @@ provider "registry.terraform.io/louy/uptimerobot" { "zh:de555bac4bd86d17e7b5592ec22a6db8d1496470d3dab4fa286a86e44bdad991", ] } + diff --git a/terraform/ftl-orchestrator.tf b/terraform/ftl-orchestrator.tf new file mode 100644 index 0000000..835239a --- /dev/null +++ b/terraform/ftl-orchestrator.tf @@ -0,0 +1,36 @@ + +# Orchestrator +resource "digitalocean_droplet" "ftl_orchestrator" { + image = "ubuntu-20-04-x64" + name = var.ftl_orchestrator_hostname + region = "nyc3" + size = "c-4" + private_networking = true + tags = [digitalocean_tag.ftl.id] + + ssh_keys = var.digitalocean_live_ssh_keys + + connection { + host = self.ipv4_address + user = "root" + type = "ssh" + private_key = file(var.digitalocean_priv_key_path) + timeout = "2m" + } +} +resource "uptimerobot_monitor" "ftl_orchestrator_monitor" { + friendly_name = var.ftl_orchestrator_hostname + url = digitalocean_droplet.ftl_orchestrator.ipv4_address + type = "port" + sub_type = "custom" + port = "8085" +} + +resource "cloudflare_record" "ftl_orchestrator_lb_record" { + zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") + type = "A" + name = var.ftl_orchestrator_hostname + value = digitalocean_droplet.ftl_orchestrator.ipv4_address + proxied = false +} + diff --git a/terraform/ftl-region/module.tf b/terraform/ftl-region/module.tf new file mode 100644 index 0000000..9f18ed0 --- /dev/null +++ b/terraform/ftl-region/module.tf @@ -0,0 +1,137 @@ + +terraform { + required_providers { + cloudflare = { + source = "cloudflare/cloudflare" + version = "2.18.0" + } + digitalocean = { + source = "digitalocean/digitalocean" + version = "2.5.1" + } + uptimerobot = { + source = "louy/uptimerobot" + version = "0.5.1" + } + } +} + +data "cloudflare_zones" "glimesh_domain_zones" { + filter { + name = var.cloudflare_domain + status = "active" + } +} + +resource "digitalocean_tag" "ftl" { + name = "ftl" +} + +resource "digitalocean_tag" "ftl_edge" { + name = "ftl-edge" +} + +resource "digitalocean_tag" "ftl_ingest" { + name = "ftl-ingest" +} + + +# Ingest +resource "digitalocean_droplet" "ftl_ingest" { + count = var.ingest_count + image = "ubuntu-20-04-x64" + name = format("do-%s-ingest%d.%s.live.glimesh.tv", var.do_region, count.index + 1, var.region) + region = var.do_region + size = var.ingest_size + private_networking = true + tags = [digitalocean_tag.ftl.id, digitalocean_tag.ftl_ingest.id] + + ssh_keys = var.ssh_keys + + connection { + host = self.ipv4_address + user = "root" + type = "ssh" + private_key = file(var.digitalocean_priv_key_path) + timeout = "2m" + } +} + +resource "uptimerobot_monitor" "ftl_ingest_monitor" { + count = var.ingest_count + friendly_name = element(digitalocean_droplet.ftl_ingest.*.name, count.index) + url = element(digitalocean_droplet.ftl_ingest.*.ipv4_address, count.index) + type = "port" + sub_type = "custom" + port = "8084" +} + +resource "cloudflare_record" "ftl_ingest_record" { + count = var.ingest_count + zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") + type = "A" + name = element(digitalocean_droplet.ftl_ingest.*.name, count.index) + value = element(digitalocean_droplet.ftl_ingest.*.ipv4_address, count.index) + proxied = false +} + +resource "cloudflare_record" "ftl_ingest_lb_record" { + count = var.ingest_count + zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") + type = "A" + name = "ingest.${var.region}.live.glimesh.tv" + value = element(digitalocean_droplet.ftl_ingest.*.ipv4_address, count.index) + proxied = false +} + + +# Edge +resource "digitalocean_droplet" "ftl_edge" { + count = var.edge_count + image = "ubuntu-20-04-x64" + name = format("do-%s-edge%d.%s.live.glimesh.tv", var.do_region, count.index + 1, var.region) + region = var.do_region + size = var.edge_size + private_networking = true + tags = [digitalocean_tag.ftl.id, digitalocean_tag.ftl_edge.id] + + ssh_keys = var.ssh_keys + + connection { + host = self.ipv4_address + user = "root" + type = "ssh" + private_key = file(var.digitalocean_priv_key_path) + timeout = "2m" + } +} + +resource "uptimerobot_monitor" "ftl_edge_monitor" { + count = var.edge_count + friendly_name = element(digitalocean_droplet.ftl_edge.*.name, count.index) + url = element(digitalocean_droplet.ftl_edge.*.ipv4_address, count.index) + type = "port" + sub_type = "custom" + port = "8084" +} + +resource "cloudflare_record" "ftl_edge_record" { + count = var.edge_count + zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") + type = "A" + name = element(digitalocean_droplet.ftl_edge.*.name, count.index) + value = element(digitalocean_droplet.ftl_edge.*.ipv4_address, count.index) + proxied = false +} + +resource "cloudflare_record" "ftl_edge_lb_record" { + count = var.edge_count + zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") + type = "A" + name = "edge.${var.region}.live.glimesh.tv" + value = element(digitalocean_droplet.ftl_edge.*.ipv4_address, count.index) + proxied = false +} + + + diff --git a/terraform/ftl-region/variables.tf b/terraform/ftl-region/variables.tf new file mode 100644 index 0000000..a949570 --- /dev/null +++ b/terraform/ftl-region/variables.tf @@ -0,0 +1,25 @@ +variable "region" {} +variable "do_region" {} + +variable "cloudflare_domain" { + type = string +} + +variable "ingest_size" { + type = string +} +variable "ingest_count" { + type = number +} + +variable "edge_size" { + type = string +} +variable "edge_count" { + type = number +} + +variable "ssh_keys" { + type = list(string) +} + diff --git a/terraform/ftl-unprovisioned.tf b/terraform/ftl-unprovisioned.tf index 1722778..4cdf406 100644 --- a/terraform/ftl-unprovisioned.tf +++ b/terraform/ftl-unprovisioned.tf @@ -20,45 +20,100 @@ resource "cloudflare_record" "ftl_region_record" { proxied = false } -resource "cloudflare_record" "ftl_region_edge_lb_record" { - for_each = toset([ - "edge.kord.live.glimesh.tv", - "edge.ksfo.live.glimesh.tv", - "edge.eham.live.glimesh.tv", - "edge.wsss.live.glimesh.tv", - "edge.egll.live.glimesh.tv", - "edge.eddf.live.glimesh.tv", - "edge.cyyz.live.glimesh.tv", - "edge.vobl.live.glimesh.tv" - ]) +# resource "cloudflare_record" "ftl_region_edge_lb_record" { +# for_each = toset([ +# "edge.kord.live.glimesh.tv", +# # "edge.ksfo.live.glimesh.tv", +# # "edge.eham.live.glimesh.tv", +# # "edge.wsss.live.glimesh.tv", +# # "edge.egll.live.glimesh.tv", +# # "edge.eddf.live.glimesh.tv", +# # "edge.cyyz.live.glimesh.tv", +# # "edge.vobl.live.glimesh.tv" +# ]) + +# zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") +# type = "CNAME" +# name = each.value +# value = "edge.kjfk.live.glimesh.tv" +# proxied = false +# } +# vobl points to wsss +resource "cloudflare_record" "ftl_region_edge_proxy_vobl_wsss" { zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") type = "CNAME" - name = each.value + name = "edge.vobl.live.glimesh.tv" + value = "edge.wsss.live.glimesh.tv" + proxied = false +} + +# cyyz points to kjfk +resource "cloudflare_record" "ftl_region_edge_proxy_cyzz_kjfk" { + zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") + type = "CNAME" + name = "edge.cyyz.live.glimesh.tv" value = "edge.kjfk.live.glimesh.tv" proxied = false } +# cyyz points to kjfk +resource "cloudflare_record" "ftl_region_edge_proxy_kord_kjfk" { + zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") + type = "CNAME" + name = "edge.kord.live.glimesh.tv" + value = "edge.kjfk.live.glimesh.tv" + proxied = false +} -resource "cloudflare_record" "ftl_region_ingest_lb_record" { - for_each = toset([ - "ingest.kord.live.glimesh.tv", - "ingest.ksfo.live.glimesh.tv", - "ingest.eham.live.glimesh.tv", - "ingest.wsss.live.glimesh.tv", - "ingest.egll.live.glimesh.tv", - "ingest.eddf.live.glimesh.tv", - "ingest.cyyz.live.glimesh.tv", - "ingest.vobl.live.glimesh.tv" - ]) +# vobl points to wsss +resource "cloudflare_record" "ftl_region_ingest_proxy_vobl_wsss" { zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") type = "CNAME" - name = each.value + name = "ingest.vobl.live.glimesh.tv" + value = "ingest.wsss.live.glimesh.tv" + proxied = false +} + +# cyyz points to kjfk +resource "cloudflare_record" "ftl_region_ingest_proxy_cyyz_kjfk" { + zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") + type = "CNAME" + name = "ingest.cyyz.live.glimesh.tv" value = "ingest.kjfk.live.glimesh.tv" proxied = false } +# cyyz points to kjfk +resource "cloudflare_record" "ftl_region_ingest_proxy_kord_kjfk" { + zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") + type = "CNAME" + name = "ingest.kord.live.glimesh.tv" + value = "ingest.kjfk.live.glimesh.tv" + proxied = false +} + + +# resource "cloudflare_record" "ftl_region_ingest_lb_record" { +# for_each = toset([ +# "ingest.kord.live.glimesh.tv", +# "ingest.ksfo.live.glimesh.tv", +# "ingest.eham.live.glimesh.tv", +# "ingest.wsss.live.glimesh.tv", +# "ingest.egll.live.glimesh.tv", +# "ingest.eddf.live.glimesh.tv", +# "ingest.cyyz.live.glimesh.tv", +# "ingest.vobl.live.glimesh.tv" +# ]) + +# zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") +# type = "CNAME" +# name = each.value +# value = "ingest.kjfk.live.glimesh.tv" +# proxied = false +# } + # Monitor these since they are hardcoded inside the OBS client resource "uptimerobot_monitor" "ftl_region_ingest_lb_monitor" { for_each = toset([ @@ -79,3 +134,4 @@ resource "uptimerobot_monitor" "ftl_region_ingest_lb_monitor" { sub_type = "custom" port = "8084" } + diff --git a/terraform/ftl.tf b/terraform/ftl.tf index 1da455d..ceb7c06 100644 --- a/terraform/ftl.tf +++ b/terraform/ftl.tf @@ -1,141 +1,100 @@ -data "digitalocean_ssh_key" "terraform" { - name = var.digitalocean_key_name -} +# Computer Name Human Name DigitalOcean DC’s Notes +# kjfk.live.glimesh.tv North America - New York NYC1, NYC2, NYC3 +# kord.live.glimesh.tv North America - Chicago n/a Points to KJFK +# ksfo.live.glimesh.tv North America - San Francisco SFO1, SFO2, SFO3 Points to KJFK +# eham.live.glimesh.tv Europe - Amsterdam, Netherlands AMS1, AMS2 Points to KJFK +# wsss.live.glimesh.tv Asia - Singapore SGP1 Points to KJFK +# egll.live.glimesh.tv Europe - London, United Kingdom LON1 Points to KJFK +# eddf.live.glimesh.tv Europe - Frankfurt, Germany FRA1 Points to KJFK +# cyyz.live.glimesh.tv North America - Toronto, Canada TOR1 Points to KJFK +# vobl.live.glimesh.tv Asia - Bangalore, India BLR1 Points to KJFK resource "digitalocean_tag" "ftl" { name = "ftl" } -# Orchestrator -resource "digitalocean_droplet" "ftl_orchestrator" { - image = "ubuntu-20-04-x64" - name = var.ftl_orchestrator_hostname - region = "nyc3" - size = "c-4" - private_networking = true - tags = [digitalocean_tag.ftl.id] - - ssh_keys = var.digitalocean_live_ssh_keys - - connection { - host = self.ipv4_address - user = "root" - type = "ssh" - private_key = file(var.digitalocean_priv_key_path) - timeout = "2m" - } -} -resource "uptimerobot_monitor" "ftl_orchestrator_monitor" { - friendly_name = var.ftl_orchestrator_hostname - url = digitalocean_droplet.ftl_orchestrator.ipv4_address - type = "port" - sub_type = "custom" - port = "8085" -} - -resource "cloudflare_record" "ftl_orchestrator_lb_record" { - zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") - type = "A" - name = var.ftl_orchestrator_hostname - value = digitalocean_droplet.ftl_orchestrator.ipv4_address - proxied = false +data "digitalocean_ssh_key" "terraform" { + name = var.digitalocean_key_name } -# Ingest -resource "digitalocean_droplet" "ftl_ingest" { - count = var.ftl_ingest_count - image = "ubuntu-20-04-x64" - name = "do-nyc3-ingest${count.index + 1}.kjfk.live.glimesh.tv" - region = "nyc3" - size = "c-2" - private_networking = true - tags = [digitalocean_tag.ftl.id] - - ssh_keys = var.digitalocean_live_ssh_keys - connection { - host = self.ipv4_address - user = "root" - type = "ssh" - private_key = file(var.digitalocean_priv_key_path) - timeout = "2m" +locals { + regions = { + eddf = { + region = "eddf", + do_region = "fra1", + ingest_count = 1, + edge_count = 1, + edge_size = "s-2vcpu-4gb" + }, + egll = { + region = "egll", + do_region = "lon1", + ingest_count = 1, + edge_count = 2, + edge_size = "s-2vcpu-4gb" + }, + eham = { + region = "eham", + do_region = "ams3", + ingest_count = 1, + edge_count = 1, + edge_size = "c-2" + }, + kjfk = { + region = "kjfk", + do_region = "nyc3", + ingest_count = 2, + edge_count = 6, + edge_size = "s-2vcpu-4gb" + }, + ksfo = { + region = "ksfo", + do_region = "sfo3", + ingest_count = 1, + edge_count = 1, + edge_size = "s-2vcpu-4gb" + }, + wsss = { + region = "wsss", + do_region = "sgp1", + ingest_count = 1, + edge_count = 1, + edge_size = "s-2vcpu-4gb" + }, + # vobl points to wsss + vobl = { + region = "vobl", + do_region = "blr1", + ingest_count = 0, + edge_count = 0, + edge_size = "c-2" + }, + # cyyz points to kjfk + cyyz = { + region = "cyyz", + do_region = "tor1", + ingest_count = 0, + edge_count = 0, + edge_size = "c-2" + }, } } -resource "uptimerobot_monitor" "ftl_ingest_monitor" { - count = var.ftl_ingest_count - friendly_name = element(digitalocean_droplet.ftl_ingest.*.name, count.index) - url = element(digitalocean_droplet.ftl_ingest.*.ipv4_address, count.index) - type = "port" - sub_type = "custom" - port = "8084" -} -resource "cloudflare_record" "ftl_ingest_record" { - count = var.ftl_ingest_count - zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") - type = "A" - name = element(digitalocean_droplet.ftl_ingest.*.name, count.index) - value = element(digitalocean_droplet.ftl_ingest.*.ipv4_address, count.index) - proxied = false -} - -resource "cloudflare_record" "ftl_ingest_lb_record" { - count = var.ftl_ingest_count - zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") - type = "A" - name = "ingest.kjfk.live.glimesh.tv" - value = element(digitalocean_droplet.ftl_ingest.*.ipv4_address, count.index) - proxied = false -} - - -# Edge -resource "digitalocean_droplet" "ftl_edge" { - count = var.ftl_edge_count - image = "ubuntu-20-04-x64" - name = "do-nyc3-edge${count.index + 1}.kjfk.live.glimesh.tv" - region = "nyc3" - size = "c-8" - private_networking = true - tags = [digitalocean_tag.ftl.id] - - ssh_keys = var.digitalocean_live_ssh_keys +module "ftl-region" { + source = "./ftl-region" + for_each = local.regions - connection { - host = self.ipv4_address - user = "root" - type = "ssh" - private_key = file(var.digitalocean_priv_key_path) - timeout = "2m" - } -} - -resource "uptimerobot_monitor" "ftl_edge_monitor" { - count = var.ftl_edge_count - friendly_name = element(digitalocean_droplet.ftl_edge.*.name, count.index) - url = element(digitalocean_droplet.ftl_edge.*.ipv4_address, count.index) - type = "port" - sub_type = "custom" - port = "8084" -} + region = each.value.region + do_region = each.value.do_region -resource "cloudflare_record" "ftl_edge_record" { - count = var.ftl_edge_count - zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") - type = "A" - name = element(digitalocean_droplet.ftl_edge.*.name, count.index) - value = element(digitalocean_droplet.ftl_edge.*.ipv4_address, count.index) - proxied = false -} + ingest_count = each.value.ingest_count + ingest_size = "c-4" + edge_count = each.value.edge_count + edge_size = each.value.edge_size -resource "cloudflare_record" "ftl_edge_lb_record" { - count = var.ftl_edge_count - zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") - type = "A" - name = "edge.kjfk.live.glimesh.tv" - value = element(digitalocean_droplet.ftl_edge.*.ipv4_address, count.index) - proxied = false + ssh_keys = var.digitalocean_live_ssh_keys + cloudflare_domain = var.cloudflare_domain } - diff --git a/terraform/provider.tf b/terraform/provider.tf index 959d315..227b57d 100644 --- a/terraform/provider.tf +++ b/terraform/provider.tf @@ -2,11 +2,11 @@ terraform { required_providers { cloudflare = { source = "cloudflare/cloudflare" - version = "2.14.0" + version = "2.18.0" } digitalocean = { source = "digitalocean/digitalocean" - version = "2.3.0" + version = "2.5.1" } uptimerobot = { source = "louy/uptimerobot" @@ -15,6 +15,7 @@ terraform { } } +# # Default Region is NYC3 for us provider "digitalocean" { token = var.digitalocean_token } @@ -26,3 +27,4 @@ provider "cloudflare" { provider "uptimerobot" { api_key = var.uptimerobot_api_key } + diff --git a/terraform/variables.tf b/terraform/variables.tf index 4aa71f5..bb03c74 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -1,10 +1,3 @@ -variable "ftl_ingest_count" { - type = number -} - -variable "ftl_edge_count" { - type = number -} variable "ftl_orchestrator_hostname" { type = string @@ -53,3 +46,4 @@ variable "cloudflare_domain" { variable "uptimerobot_api_key" { type = string } + diff --git a/terraform/web.tf b/terraform/web.tf index c931a67..826fc29 100644 --- a/terraform/web.tf +++ b/terraform/web.tf @@ -13,7 +13,7 @@ resource "digitalocean_database_cluster" "glimesh_primary_database" { engine = "pg" version = "12" private_network_uuid = digitalocean_vpc.glimesh_public_vpc.id - size = "db-s-2vcpu-4gb" + size = "db-s-6vcpu-16gb" region = "nyc3" node_count = 1 tags = [digitalocean_tag.web.id] @@ -31,10 +31,6 @@ resource "digitalocean_database_firewall" "glimesh_primary_database_whitelist" { type = "ip_addr" value = each.value } -} - -resource "digitalocean_database_firewall" "glimesh_primary_database_firewall" { - cluster_id = digitalocean_database_cluster.glimesh_primary_database.id rule { type = "tag" @@ -42,6 +38,15 @@ resource "digitalocean_database_firewall" "glimesh_primary_database_firewall" { } } +# resource "digitalocean_database_firewall" "glimesh_primary_database_firewall" { +# cluster_id = digitalocean_database_cluster.glimesh_primary_database.id + +# rule { +# type = "tag" +# value = digitalocean_tag.web.id +# } +# } + resource "digitalocean_database_user" "glimesh_db_user" { cluster_id = digitalocean_database_cluster.glimesh_primary_database.id name = "glimesh" @@ -53,7 +58,7 @@ resource "digitalocean_database_db" "glimesh_db" { } resource "digitalocean_droplet" "web" { - count = 2 + count = 3 image = "ubuntu-20-04-x64" name = "do-nyc3-web${count.index + 1}.us-east.web.glimesh.tv" region = "nyc3" @@ -66,7 +71,7 @@ resource "digitalocean_droplet" "web" { } resource "cloudflare_record" "web_direct_record" { - count = 2 + count = 3 zone_id = lookup(data.cloudflare_zones.glimesh_domain_zones.zones[0], "id") type = "A" name = element(digitalocean_droplet.web.*.name, count.index) @@ -76,15 +81,16 @@ resource "cloudflare_record" "web_direct_record" { resource "digitalocean_loadbalancer" "glimesh_public_web_lb" { - name = "glimesh-public-web-lb" + name = "glimesh-public-web-lb-hg" region = "nyc3" vpc_uuid = digitalocean_vpc.glimesh_public_vpc.id enable_backend_keepalive = true + size = "lb-large" sticky_sessions { type = "cookies" - cookie_name = "_glimesh_lb" - cookie_ttl_seconds = 3600 + cookie_name = "_glimesh_lb_hg" + cookie_ttl_seconds = 300 } forwarding_rule { @@ -112,3 +118,54 @@ resource "cloudflare_record" "web_record" { value = digitalocean_loadbalancer.glimesh_public_web_lb.ip proxied = true } + +resource "digitalocean_firewall" "web_lb_only_traffic" { + name = "web-lb-only-traffic" + + tags = [digitalocean_tag.web.id] + + # Droplet to Droplet + inbound_rule { + protocol = "tcp" + port_range = "all" + source_tags = [digitalocean_tag.web.id] + } + inbound_rule { + protocol = "udp" + port_range = "all" + source_tags = [digitalocean_tag.web.id] + } + + # From Load Balancer + inbound_rule { + protocol = "tcp" + port_range = "8080" + source_load_balancer_uids = [digitalocean_loadbalancer.glimesh_public_web_lb.id] + } + + # Home + inbound_rule { + protocol = "tcp" + port_range = "all" + source_addresses = var.whitelisted_ips + } + + # Outbound General + outbound_rule { + protocol = "tcp" + port_range = "all" + destination_addresses = ["0.0.0.0/0", "::/0"] + } + + outbound_rule { + protocol = "udp" + port_range = "all" + destination_addresses = ["0.0.0.0/0", "::/0"] + } + + outbound_rule { + protocol = "icmp" + destination_addresses = ["0.0.0.0/0", "::/0"] + } +} +