Move NPM CouchDB setup and configuration into Terraform
Problem
The replica NPM registries were spun up manually in order to validate that it was a viable solution to an issue we were having with feeder and job timeouts. The issue is that recreating the replicas by hand would time-consuming and error-prone.
Solution
Move provisioning of replica NPM registries and their associated infrastructure into Terraform. We also need to enable logs for CouchDB firewall rules.
Implementation Plan
We can use our personal GCP project in order to build the terraform manifests. Once we have it working on our personal GCP project we can do the same for dev. During that phase no new resources should be planed for provisioning if everything looks correct.
-
Perform the following command on dev
to generate terraform resources
cloud beta resource-config bulk-export \
--path=./ \
--project=ext-license-db-dev-d6ba6f35 \
--resource-format=terraform
-
For each resource do the following: - Add the terraform code in the Deployment project
- Execute the terraform import command for that resource. The import command can be found in the generated terraform files from step 1.
- Perform terraform plan and ensure that no new resources are being planed for creation. You might need to find the right order to create these resources. Please add these resources in the relevant module. We might also need to create a new module for the NPM CouchDB instance:
-
google_compute_disk: disk used for the VM -
google_compute_global_address: Public IP for the VM. -
google_compute_backend_service -
google_compute_firewall(couchdb_npm_mirror_ssh): ssh firewall rule -
google_compute_firewall(couchdb_npm_mirror_tcp_5984): Tcp firewall rule -
google_compute_global_forwarding_rule(couchdb_npm_mirror_http): Forwarding rule (I guess for the load balancer) -
google_compute_global_forwarding_rule(couchdb_npm_mirror_https) -
google_compute_health_check: VM health check -
google_compute_image: Image for the VM -
google_compute_instance: Actual VM (contains ssh key which should be stored in a secret) -
google_compute_instance_group -
google_compute_ssl_certificate: Contains SSL certificate. We need to store the certificate in a secret. -
google_compute_target_http_proxy -
google_compute_target_https_proxy -
google_compute_url_map -
google_dns_managed_zone: DNS for NPM CouchDB -
google_service_account: SA for NPM CouchDB. This is a default created SA. We can create one with a better name.
-
If we have been able to import all these resources then we should do the same for dev and ensure that no new resources are needed -
Same for prod
Edited by Nick Ilieskou