Add Terraform deployment scripts for GCE. (heroiclabs#33)

Author: novabyte

.gitignore

@@ -8,6 +8,7 @@ data/*
 .idea
 *.iml
 install/cloud/**/*.json
+install/cloud/**/*.tfvars
 
 ### Go ###
 # Compiled Object files, Static and Dynamic libs (Shared Objects)

install/cloud/gce/README.md

@@ -0,0 +1,54 @@
+## Run Nakama with Google Compute Engine
+
+These instructions show how to deploy Nakama and CockroachDB in Compute Engine on Google Cloud. The provisioner scripts are written in [Terraform](https://www.terraform.io) and automate the setup and deployment of the server resources.
+
+The scripts define variables which must be configured for your deployment. These variables should be configured in a file you'd create called `myproject.tfvars`:
+
+```
+gce_project_name = "myproject"
+gce_region = "us-east1"
+gce_region_zone = "us-east1-b"
+gce_ssh_user = "root"
+gce_ssh_public_key_file = "your/id_rsa.pub"
+gce_ssh_private_key_file = "your/id_rsa"
+app_nakama_version = "0.11.2"
+app_cockroachdb_version = "beta-20170209"
+app_machine_type = "g1-small"
+```
+
+You'll also need an `account.json` used to describe your account credentials downloaded from Google Cloud Console. Have a look at the [configuration reference](https://www.terraform.io/docs/providers/google/index.html#configuration-reference) in Terraform's provider docs for more info.
+
+If you need any help or have any questions join our [community channel](https://gitter.im/heroiclabs/nakama) and speak to an engineer or [open an issue](https://github.com/heroiclabs/nakama).
+
+### Full workflow
+
+To provision and deploy a minimal cluster:
+
+1. Create a file named `myproject.tfvars` with the content above.
+
+   Update `"gce_project_name"`, `"gce_ssh_public_key_file"`, and `"gce_ssh_private_key_file"` with your settings.
+
+2. Set the rest of the variables to the values you'd like to use to provision resources in Google Cloud. For example you might want to use an "n1-standard-1" instance rather than "g1-small".
+
+3. You can inspect the resources which will be provisioned:
+
+   ```
+   terraform plan --var-file myproject.tfvars
+   ```
+
+4. You can apply the resources which will be provisioned:
+
+   ```
+   terraform apply --var-file myproject.tfvars
+   ```
+
+5. When complete it will include output which shows the public IP of your provisioned Nakama and CockroachDB instance:
+
+   ```
+   Outputs:
+
+   instance_ips = 10.100.40.100
+   public_ip = 10.100.39.110
+   ```
+
+6. The `instance_ips` contain the list of IP addresses which can be reached via a [Nakama client](https://heroiclabs.com/docs/clients/).

install/cloud/gce/main.tf

@@ -0,0 +1,137 @@
+/*
+ * Copyright 2017 The Nakama Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">= 0.8, < 0.9"
+}
+
+provider "google" {
+  project     = "${var.gce_project_name}"
+  region      = "${var.gce_region}"
+  credentials = "${file("account.json")}"
+}
+
+resource "google_compute_address" "api" {
+  name = "api-address"
+}
+
+resource "google_compute_target_pool" "api" {
+  name          = "api-target-pool"
+  instances     = ["${google_compute_instance.api.*.self_link}"]
+  health_checks = ["${google_compute_http_health_check.healthcheck.name}"]
+}
+
+resource "google_compute_http_health_check" "healthcheck" {
+  name                = "api-healthcheck"
+  port                = 8081
+  request_path        = "/v0/health"
+  check_interval_sec  = 5
+  healthy_threshold   = 1
+  unhealthy_threshold = 3
+  timeout_sec         = 2
+}
+
+resource "google_compute_firewall" "api" {
+  name    = "api-firewall"
+  network = "default"
+
+  allow {
+    protocol = "icmp"
+  }
+
+  allow {
+    protocol = "tcp"
+    ports    = ["22", "80", "443"]
+  }
+
+  source_ranges = ["0.0.0.0/0"]
+  target_tags   = ["api-node"]
+}
+
+resource "google_compute_disk" "default" {
+  name = "api-disk"
+  type = "pd-ssd"
+  zone = "${var.gce_region_zone}"
+  size = 10
+}
+
+resource "google_compute_instance" "api" {
+  count        = 1
+  name         = "api-node-${count.index}"
+  machine_type = "${var.app_machine_type}"
+  zone         = "${var.gce_region_zone}"
+  tags         = ["api-node"]
+
+  disk {
+    image = "ubuntu-os-cloud/ubuntu-1604-lts"
+  }
+
+  disk {
+    disk = "${google_compute_disk.default.name}"
+  }
+
+  network_interface {
+    network = "default"
+    access_config {} # Ephemeral
+  }
+
+  service_account {
+    scopes = ["userinfo-email", "compute-ro", "storage-ro"]
+  }
+
+  metadata {
+    ssh-keys = "${var.gce_ssh_user}:${file(var.gce_ssh_public_key_file)}"
+  }
+
+  provisioner "file" {
+    connection {
+      user        = "${var.gce_ssh_user}"
+      private_key = "${file(var.gce_ssh_private_key_file)}"
+      agent       = false
+      timeout     = "30s"
+    }
+    source      = "systemd/"
+    destination = "/etc/systemd/system"
+  }
+
+  provisioner "remote-exec" {
+    connection {
+      user        = "${var.gce_ssh_user}"
+      private_key = "${file(var.gce_ssh_private_key_file)}"
+      agent       = false
+      timeout     = "30s"
+    }
+    inline = [
+      "cd /home/ubuntu",
+
+      # Setup cockroachdb
+      "wget --no-verbose https://binaries.cockroachdb.com/cockroach-${var.app_cockroachdb_version}.linux-amd64.tgz",
+      "tar zxvf cockroach-${var.app_cockroachdb_version}.linux-amd64.tgz",
+      "chmod +x ./cockroach-${var.app_cockroachdb_version}.linux-amd64/cockroach",
+      "ln -s ./cockroach-${var.app_cockroachdb_version}.linux-amd64/cockroach /home/ubuntu/cockroach",
+      "systemctl start cockroach",
+
+      # Setup nakama
+      "wget --no-verbose https://github.com/heroiclabs/nakama/releases/download/v${var.app_nakama_version}/nakama-${var.app_nakama_version}-linux-amd64.tar.gz",
+      "mkdir -p nakama-${var.app_nakama_version}-linux-amd64",
+      "tar zxvf nakama-${var.app_nakama_version}-linux-amd64.tar.gz -C nakama-${var.app_nakama_version}-linux-amd64",
+      "chmod +x ./nakama-${var.app_nakama_version}-linux-amd64/nakama",
+      "ln -s ./nakama-${var.app_nakama_version}-linux-amd64/nakama",
+      "./nakama migrate up --db root@127.0.0.1:26257",
+      "systemctl start nakama"
+    ]
+  }
+}

install/cloud/gce/output.tf

@@ -0,0 +1,23 @@
+/*
+ * Copyright 2017 The Nakama Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "public_ip" {
+  value = "${google_compute_address.api.address}"
+}
+
+output "instance_ips" {
+  value = "${join(" ", google_compute_instance.api.*.network_interface.0.access_config.0.assigned_nat_ip)}"
+}

install/cloud/gce/systemd/cockroach.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=CockroachDB server
+ConditionPathExists=/home/ubuntu/cockroach
+Wants=network.target
+After=network.target
+
+[Service]
+ExecStart=/home/ubuntu/cockroach start --insecure --store=attrs=ssd,path=/home/ubuntu/cockroach-store
+Restart=always
+RestartSec=3
+TimeoutSec=6
+LimitNOFILE=1048576:1048576
+LimitNPROC=1048576:1048576
+
+[Install]
+WantedBy=multi-user.target

install/cloud/gce/systemd/cockroach.service.d/30-envvars.conf

@@ -0,0 +1,3 @@
+[Service]
+# Needed to workaround issue - cockroachdb/cockroach#12675
+Environment="COCKROACH_METRICS_SAMPLE_INTERVAL=1000h"

install/cloud/gce/systemd/nakama.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=Nakama server
+ConditionPathExists=/home/ubuntu/nakama
+Requires=cockroach.service
+Wants=network.target
+After=network.target
+
+[Service]
+ExecStart=/home/ubuntu/nakama --port 80 --ops-port 8081 --db root@127.0.0.1:26257 --data-dir /home/ubuntu/nakama-data
+Restart=always
+RestartSec=3
+TimeoutSec=6
+LimitNOFILE=1048576:1048576
+LimitNPROC=1048576:1048576
+
+[Install]
+WantedBy=multi-user.target

install/cloud/gce/variables.tf

@@ -0,0 +1,51 @@
+/*
+ * Copyright 2017 The Nakama Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+# The name of the project in GCP.
+variable "gce_project_name" {
+}
+
+# The region in GCP to provision resources.
+variable "gce_region" {
+}
+
+# The region zone in GCP to provision resources in.
+variable "gce_region_zone" {
+}
+
+# The SSH user configuration to access compute instances.
+variable "gce_ssh_user" {
+}
+
+# The SSH public key file to access compute instances.
+variable "gce_ssh_public_key_file" {
+}
+
+# The SSH private key file to access the compute instances.
+variable "gce_ssh_private_key_file" {
+}
+
+# The version of Nakama which will be deployed.
+variable "app_nakama_version" {
+}
+
+# The version of CockroachDB which will be deployed.
+variable "app_cockroachdb_version" {
+}
+
+# The machine type to provision in GCP.
+variable "app_machine_type" {
+}