/ssv-node-deployment

IAC (Infrastructure as Code) for deploying an SSV node on GCP using Terraform and Ansible.

Primary LanguageHCLMIT LicenseMIT

SSV Node Terraform Deployment

This Terraform project provisions and configures an SSV (Secret Shared Validator) node on Google Cloud Platform (GCP). It sets up the necessary infrastructure, including a virtual machine, subnet, firewall rules, and secret management.

Prerequisites

  • GCP account with appropriate permissions
  • Terraform >= 1.4.4 installed
  • Ansible (compatible version)

Usage

  1. Clone the repository:
git clone https://github.com/your-username/your-repo.git
  1. Set the required variables in variables.tf.

  2. Initialize the Terraform working directory:

terraform init
  1. Preview the changes:
terraform plan
  1. Apply the changes:
terraform apply

Configuration

The following variables can be configured:

  • gcp_project_id: The GCP project ID.
  • gcp_region: The GCP region.
  • gcp_zone: The GCP zone.
  • vm_name: The name of the VM.
  • vm_machine_type: The machine type for the VM.
  • vm_image: The OS image for the VM.
  • network_subnet_cidr_range: The IP CIDR range for the subnet.

For a complete list of configurable variables, please refer to the variables.tf file.

Requirements

Name Version
terraform >= 1.4.4
google ~> 4.0
null ~> 3.0

Modules

Name Source
subnet_1 ./modules/subnet
vm ./modules/vm

Resources

Name Type
google_compute_firewall.fw_de_allow_2 resource
google_compute_firewall.fw_de_allow_7 resource
google_secret_manager_secret.encrypted_key resource
google_secret_manager_secret.password resource
google_secret_manager_secret_iam_member.encrypted_key_read resource
google_secret_manager_secret_iam_member.encrypted_key_write resource
google_secret_manager_secret_iam_member.password_read resource
google_secret_manager_secret_iam_member.password_write resource
google_service_account.vm_service_account resource
google_storage_bucket_iam_member.terraform_state_iam resource
null_resource.ansible_vm_app_ssv_bootstrap resource
null_resource.ansible_vm_app_ssv_deployment resource
null_resource.ansible_vm_resize_boot_disk resource
null_resource.ansible_vm_resize_data_disk resource
null_resource.ansible_vm_server_bootstrap resource

Inputs

Name Description Type Default Required
firewall_priority The priority for the firewall rules number 1000 no
firewall_source_tags List of source tags for the 'fw_de_allow_7' firewall rule list(string) [] no
gcp_network_name The name of the GCP network string "default" no
gcp_project_id The GCP project ID string "your-project-id" no
gcp_region The GCP region string "us-central1" no
gcp_zone The GCP zone string "us-central1-a" no
network_subnet_cidr_range The IP CIDR range for the subnet string "10.100.105.0/24" no
network_tier The network tier for the subnet string "PREMIUM" no
ssh SSH configuration for accessing the VM. Specify the SSH user and the path to the private key file
object({
type = string
user = string
private_key = string
})
{
"private_key": "~/.ssh/private_key",
"type": "ssh",
"user": "username"
}
no
ssv_consensus_client_endpoint The consensus client endpoint of Ethereum node string "http://localhost:5052" no
ssv_data_dir The data directory for the SSV node. This directory path is appended to the value of 'vm_data_disk_mount_point' to form the full path for storing SSV node's data string "/ssv" no
ssv_docker_image_tag The tag for the SSV Docker image string "latest" no
ssv_encrypted_key_secret_id The ID of the secret containing the encrypted operator key string "sc-ssv-encrypted-key" no
ssv_execution_client_websocket_endpoint The execution client websocket endpoint of Ethereum node string "http://localhost:8546" no
ssv_metrics_api_port The Metrics API port for monitoring the SSV node number 15000 no
ssv_network The Ethereum network for the SSV node to connect with string "mainnet" no
ssv_password_secret_id The ID of the secret containing the password string "sc-ssv-password" no
ssv_tcp_port The TCP port for the SSV node number 13000 no
ssv_udp_port The UDP port for the SSV node number 12000 no
vm_boot_disk_size The size of the boot disk in GB number 10 no
vm_boot_disk_type The type of the boot disk string "pd-ssd" no
vm_data_disk_disk_type The type of the data disk string "pd-ssd" no
vm_data_disk_mount_point The mount point for the data disk on the VM string "/data" no
vm_data_disk_size The size of the data disk in GB number 10 no
vm_image The OS image for the VM string "https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/images/ubuntu-minimal-2204-jammy-v20230726" no
vm_machine_type The machine type for the VM. See: https://cloud.google.com/compute/docs/machine-types string "n1-standard-2" no
vm_name The name of the VM string "ssv-node" no

Outputs

Name Description
ssv_encrypted_key_secret_id The ID of the secret containing the encrypted operator key
ssv_password_secret_id The ID of the secret containing the password
subnet_gateway_address The gateway address of the subnet
subnet_ip_cidr_range The IP CIDR range of the subnet
subnet_name The name of the subnet
subnet_self_link The self link of the subnet
vm_name The name of the VM

Contributing

Contributions are welcome! If you find any issues or have suggestions for improvements, please open an issue or submit a pull request. Make sure to follow the existing code style and provide clear descriptions of your changes.

License

This project is licensed under the MIT License.