Run a Dijets Node with Google Cloud Services
Google's Cloud Platform (GCP) is a scalable, trusted and reliable hosting
platform. Google operates a significant amount of it's own global networking
infrastructure. It's fiber
network
is huge and it can provide highly stable and consistent global connectivity.
In this article we will utilise GCP to deploy a Dijets Node using terraform.
Leveraging terraform
may seem like overkill, but GCP can facilitate developers with greater flexibility and provide the
basis on which further automations can be built with ease.
Conventions#
Items
highlighted in this manner are GCP parlance and can be searched for further reference in the Google documentation for their cloud products.
Important Notes#
- The machine type used in this documentation is for reference only and the actual sizing you use will depend entirely upon the amount that is staked and delegated to the node.
Architectural Description#
This section aims to describe the architecture of the system that the steps in the Setup Instructions section deploy when enacted. This is done so that the executor can not only deploy the reference architecture, but also understand and potentially optimise it for their needs.
Project#
We will create and utilise a single GCP Project
for deployment of all resources.
Service Enablement
Within our GCP project we will need to enable the following Cloud Services:
Compute Engine
IAP
Networking#
Compute Network
We will deploy a single Compute Network
object. This unit is where we will
deploy all subsequent networking objects. It provides a logical boundary and
securitization context should you wish to deploy other chain stacks or other
infrastructure in GCP.
Public IP
Dijets requires that a validator communicate outbound on the same public IP
address that it advertises for other peers to connect to it on. Within GCP this
precludes the possibility of us using a Cloud NAT Router for the outbound
communications and requires us to bind the public IP that we provision to the
interface of the machine. We will provision a single EXTERNAL
static IPv4
Compute Address
.
Subnetworks
For the purposes of this documentation we will deploy a single Compute Subnetwork
in the US-EAST1 Region
with a 24 address range giving us 254 IP
addresses.
Disk
We will provision a single 400GB PD-SSD
disk that will be attached to our VM.
Instance
We will deploy a single Compute Instance
of size e2-standard-8
. Observations
of operations using this machine specification suggest it is memory over
provisioned and could be brought down to 16GB using custom machine
specification; but please review and adjust as needed (the beauty of compute
virtualization!!).
Zone
We will deploy our instance into the US-EAST1-B
Zone
Firewall
We will provision the following Compute Firewall
rules:
- IAP INGRESS for SSH (TCP 22) - this only allows GCP IAP sources inbound on SSH.
- P2P INGRESS for DJT Peers (TCP 9651)
These are obviously just default ports and can be tailored to your needs as you see fit.
Setup Instructions#
GCP Account#
- If you don't already have a GCP account go create one here
You will get some free credit to run a trial, the trial is feature complete but your usage will start to deplete your free trial credit so turn off anything you don't need and/or add a credit card to your account if you intend to run things long term to avoid service shutdowns.
Project#
Login to the GCP Cloud Console
and create a new Project
in your
organization. Let's use the name my-dijets-nodes
for the sake of this setup.
Terraform State#
Terraform uses state files to compose a differential between current infrastructure configuration and the proposed plan. You can store this state in a variety of different places, but using GCP storage is a reasonable approach given where we are deploying so we will stick with that.
Authentication to GCP from terraform has a few different options which are laid out here. Please chose the option that aligns with your context and ensure those steps are completed before continuing.
Clone GitHub Repository#
We have provided a rudimentary terraform construct to provision a node on which to run Dijets which can be found here. Documentation below assumes you are using this repository but if you have another terraform skeleton similar steps will apply.
Terraform Configuration#
- If running terraform locally, please install it.
- In this repository, navigate to the
terraform
directory. - Under the
projects
directory, rename themy-dijets-project
directory to match your GCP project name that you created (not required, but nice to be consistent) - Under the folder you just renamed locate the
terraform.tfvars
file. - Edit this file and populate it with the values which make sense for your context and save it.
- Locate the
backend.tf
file in the same directory. - Edit this file ensuring to replace the
bucket
property with the GCS bucket name that you created earlier.
If you do not wish to use cloud storage to persist terraform state then simply
switch the backend
to some other desirable provider.
Terraform Execution#
Terraform enables us to see what it would do if we were to run it without
actually applying any changes... this is called a plan
operation. This plan is
then enacted (optionally) by an apply
.
Plan
- In a terminal which is able to execute the
tf
binary,cd
to the ~my-dijets-project
directory that you renamed in step 3 ofTerraform Configuration
. - Execute the command
tf plan
- You should see a JSON output to the stdout of the terminal which lays out the operations that terraform will execute to apply the intended state.
Apply
- In a terminal which is able to execute the
tf
binary,cd
to the ~my-dijets-project
directory that you renamed in step 3 ofTerraform Configuration
. - Execute the command
tf apply
If you want to ensure that terraform does exactly what you saw in the
apply
output, you can optionally request for the plan
output to be saved
to a file to feed to apply
. This is generally considered best practice in
highly fluid environments where rapid change is occurring from multiple sources.
Conclusion#
Establishing CI/CD practices using tools such as GitHub and Terraform to manage your infrastructure assets is a great way to ensure base disaster recovery capabilities and to ensure you have a place to embed any ~tweaks you have to make operationally removing the potential to miss them when you have to scale from 1 node to 10.