If you have already finished the Google Cloud Platform (GCP) tutorial and are looking for a more programmatic deployment process, this guide will show you how to use Terraform to deploy the Econia DSS via declarative configurations.
This guide is for a specific use case, the Econia testnet trading competition leaderboard backend, but you can adapt as needed for your particular use case.
Install (if you don't already have):
Clone the Econia repository and navigate to the
git clone https://github.com/econia-labs/econia.git
git submodule update --init --recursive
gcloud projects create $PROJECT_ID \
--name $PROJECT_NAME \
gcloud alpha billing projects link $PROJECT_ID \
gcloud config set project $PROJECT_ID
Pick a database root password:
Avoid using the special characters
:, which are used in connection strings.
Store your public IP address:
MY_IP=$(curl --silent http://checkip.amazonaws.com)
Generate keys for a service account:
gcloud iam service-accounts create terraform
gcloud iam service-accounts keys create gcp-key.json \
Generate SSH keys:
rm -rf ssh
ssh-keygen -t rsa -f ssh/gcp -C bootstrapper -b 2048 -q -N ""
Store variables in a Terraform variable file, then format and initialize the directory:
echo "project = \"$PROJECT_ID\"" > terraform.tfvars
echo "db_admin_public_ip = \"$MY_IP\"" >> terraform.tfvars
echo "db_root_password = \"$DB_ROOT_PASSWORD\"" >> terraform.tfvars
echo "\n\nContents of terraform.tfvars:\n\n"
Don't worry about
postgres_connection_string, this will be automatically handled later.
/src/rust/dbv2per the README.
Apply the configuration:
terraform apply --parallelism 20
Set up load balancing with a custom domain, then update your DNS records for the custom domain.
gcloud beta run integrations create \
--parameters set-mapping=$CUSTOM_DOMAIN:postgrest \
gcloud beta run integrations describe custom-domainstip
Compared with the more complex generic load balancing setup process, this streamlined process is a GCP Cloud Run beta feature that is not yet supported by Terraform.
If you want to instead use the generic public
run.appURL, then before you run
terraform applyremove the following line from the
main.tf, then skip this and all remaining steps:
ingress = "INGRESS_TRAFFIC_INTERNAL_ONLY"
Create a security policy for the load balancer:
gcloud compute backend-services list
gcloud compute backend-services update $BACKEND_SERVICE \
Take down infrastructure
Destroy project resources:
This might not destroy quite everything, since GCP has a Cloud SQL deletion waiting period that blocks the deletion of private service networking. This issue was supposed to be resolved as of the Google Provider 5.0.0 release for Terraform, but it appears not to be resolved per https://github.com/hashicorp/terraform-provider-google/issues/16275.
terraform destroygets stuck on deleting the network connection, you can manually delete the network connection in the GCP console then run
Or you can simply delete the project even if Terraform has not destroyed all resources.
Delete GCP project:
gcloud projects delete $PROJECT_ID
Deploy second parallel project
rm -rf .terraform
If you delete
*tfstate*files, then you will lose configuration state and will only be able to modify the primary project via
If you want to be able to do more than just delete the primary project once you've started a parallel one, keep backups of your
After creating a new project, use a different credentials filename and add your
credentials_file = gcp-key-2.json).tip
.gitignoreignores any files of pattern
Use the same SSH keys as the main deployment (no need to recreate).
Connect to PostgreSQL
psql $(terraform output -raw db_conn_str_admin)
Target a specific resource
terraform apply -target <RESOURCE_NAME>
terraform destroy -target <RESOURCE_NAME>
Generate a dependency graph
Check that you have
terraform graph | dot -Tsvg > graph.svg