add terraform deployment

README.md

@@ -52,7 +52,8 @@ Starlight is compatible with Kubernetes and can replace the default `overlayfs`
 We could use helm to deploy Starlight on a Kubernetes cluster.
 
 - [I am familiar with **K8s** & Helm. **TL;DR**](https://github.com/mc256/starlight/blob/master/docs/helm.md)
-- [I have 2 **Virtual Machines**, but **TL;DR**](https://github.com/mc256/starlight/blob/master/docs/newbie.md)
+- [I have 2 **Virtual Machines**, but **TL;DR**](https://github.com/mc256/starlight/blob/master/docs/2vm.md)
+- [I know **Terraform** and have an **AWS** account](https://github.com/mc256/starlight/blob/master/docs/terraform.md)
 
 ---
 
@@ -62,7 +63,6 @@ You need to:
 1) Set up a **Starlight proxy**, 
 ideally close to the **registry** server you are using. Configure the proxy server to point to the registry and run it.
 Starlight supports any standard registry. (It can be deployed to k8s using ***Helm***)
-<br>[Find out how to install **Starlight proxy** ➡️](https://github.com/mc256/starlight/blob/master/docs/starlight-proxy.md) 
 
 
 2) Set up the worker to be able to run Starlight. 
@@ -71,7 +71,6 @@ installing **containerd** and the **Starlight snapshotter plugin**,
 configuring containerd to use the plugin, 
 and starting the Starlight snapshotter daemon
 (you also need to tell the snapshotter the address of the proxy server).
-<br>[Find out how to install **containerd** & **Starlight snapshotter plugin** ➡️](https://github.com/mc256/starlight/blob/master/docs/starlight-snapshotter.md)
 
 
 3) Convert the container image to the **Starlight format** container image.
@@ -179,8 +178,9 @@ Starlight is not complete. Our roadmap:
 | [v0.1.3](https://github.com/mc256/starlight/tree/v0.1.3) |              |2022-10-12|
 | [v0.2.7](https://github.com/mc256/starlight/tree/v0.2.7) |              |2022-11-27|
 | [v0.3.2](https://github.com/mc256/starlight/tree/v0.3.2) |              |2023-01-27|
-| [v0.4.7](https://github.com/mc256/starlight/tree/v0.4.7) | stable       |2023-06-05|
-| [v0.5.x](https://github.com/mc256/starlight)             | in progress  |  |
+| [v0.4.7](https://github.com/mc256/starlight/tree/v0.4.7) |              |2023-06-05|
+| [v0.5.x](https://github.com/mc256/starlight/tree/v0.5.8) | stable       |2023-11-26|
+| [v0.6.x](https://github.com/mc256/starlight/)            | in progress  |2024|
 
 Feature List:
 - [x] Scalable database backend (v0.2)
@@ -196,9 +196,9 @@ Feature List:
   - [x] Goharbor support (v0.2)
   - [x] Multiple platforms image support (v0.2) 
   - [x] Jointly optimizing multiple containers deployments (v0.4)
-- [ ] Argo CI/CD support (v0.6)
-  - [ ] Hook/ Scanner for automatic image conversion (v0.5)
-  - [ ] Converting containers that have already been fully retrieved using Starlight to use OverlayFS. (v0.5)
-- [ ] Starlight new features (v0.6)
-  - [ ] Resume interrupted pull connection (v0.5)
-  - [ ] Garbage Collection (v0.5)
+- [ ] Argo CI/CD support (v0.7)
+  - [ ] Hook/ Scanner for automatic image conversion (v0.7)
+  - [ ] Converting containers that have already been fully retrieved using Starlight to use OverlayFS. (v0.7)
+- [ ] Starlight new features (v0.7)
+  - [ ] Resume interrupted pull connection (v0.7)
+  - [ ] Garbage Collection (v0.7)

demo/terraform/main.tf

@@ -118,6 +118,40 @@ resource "aws_vpc_security_group_ingress_rule" "ssh_ingress" {
   description = "Allow inbound traffic for Container Registry"
 }
 
+## Internet Gateway
+resource "aws_internet_gateway" "ec2_igw" {
+  vpc_id = aws_vpc.ec2_vpc.id
+
+  tags = merge(
+    var.default_tags,
+    {
+      Name = "${local.project_name}-ec2-igw"
+    },
+  )
+}
+
+## Route Table
+resource "aws_route_table" "ec2_route_table" {
+  vpc_id = aws_vpc.ec2_vpc.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.ec2_igw.id
+  }
+
+  tags = merge(
+    var.default_tags,
+    {
+      Name = "${local.project_name}-ec2-route-table"
+    },
+  )
+}
+
+resource "aws_route_table_association" "ec2_route_table_association" {
+  subnet_id      = aws_subnet.ec2_subnet_public.id
+  route_table_id = aws_route_table.ec2_route_table.id
+}
+
 
 ## Key Pair
 resource "aws_key_pair" "deployer" {
@@ -130,7 +164,7 @@ resource "aws_key_pair" "deployer" {
 ## EC2 Host
 resource "aws_instance" "starlight_cloud" {
   ami                    = data.aws_ami.ubuntu.id
-  instance_type          = var.instance_type
+  instance_type          = var.cloud_instance_type
   subnet_id              = aws_subnet.ec2_subnet_public.id
   key_name               = var.ssh_public_key == "" ? var.ssh_key_name : aws_key_pair.deployer[0].key_name
   vpc_security_group_ids = [aws_security_group.ec2_security_group.id]
@@ -143,7 +177,7 @@ resource "aws_instance" "starlight_cloud" {
 
   root_block_device {
     volume_type           = "gp3"
-    volume_size           = var.ebs_size_in_gb
+    volume_size           = var.cloud_ebs_size_in_gb
     encrypted             = false
     delete_on_termination = true
   }
@@ -155,13 +189,51 @@ resource "aws_instance" "starlight_cloud" {
       Name = "${local.project_name}-ec2-cloud"
     },
   )
+
+  user_data = <<-EOF
+#!/bin/bash
+echo "cloud" | sudo tee /etc/hostname > /dev/null
+sudo hostname -F /etc/hostname
+echo "10.0.1.21 cloud.cluster.local" | sudo tee -a /etc/hosts > /dev/null
+
+sudo apt update && \
+sudo apt upgrade -y && \
+sudo apt install -y docker-compose git && \
+sudo usermod -aG docker ubuntu && \
+sudo systemctl enable docker && \
+sudo systemctl start docker
+
+cd /home/ubuntu && \
+git clone https://github.com/mc256/starlight.git && \
+cd /home/ubuntu/starlight && \
+git checkout v${var.starlight_version} && \
+cd /home/ubuntu/starlight/demo/compose/ && \
+cp docker-compose-example.yaml docker-compose.yaml && \
+docker-compose up -d
+
+cat <<EOT | sudo tee -a /etc/sysctl.conf > /dev/null
+net.core.wmem_max=125829120
+net.core.rmem_max=125829120
+net.ipv4.tcp_rmem= 10240 87380 125829120
+net.ipv4.tcp_wmem= 10240 87380 125829120
+net.ipv4.tcp_window_scaling = 1
+net.ipv4.tcp_timestamps = 1
+net.ipv4.tcp_sack = 1
+net.ipv4.tcp_no_metrics_save = 1
+net.core.netdev_max_backlog = 10000
+EOT
+sudo sysctl -p
+
+touch /home/ubuntu/.completed
+              EOF
+
 }
 
 
 
 resource "aws_instance" "starlight_edge" {
   ami                    = data.aws_ami.ubuntu.id
-  instance_type          = var.instance_type
+  instance_type          = var.edge_instance_type
   subnet_id              = aws_subnet.ec2_subnet_public.id
   key_name               = var.ssh_public_key == "" ? var.ssh_key_name : aws_key_pair.deployer[0].key_name
   vpc_security_group_ids = [aws_security_group.ec2_security_group.id]
@@ -174,7 +246,7 @@ resource "aws_instance" "starlight_edge" {
 
   root_block_device {
     volume_type           = "gp3"
-    volume_size           = var.ebs_size_in_gb
+    volume_size           = var.edge_ebs_size_in_gb
     encrypted             = false
     delete_on_termination = true
   }
@@ -186,4 +258,66 @@ resource "aws_instance" "starlight_edge" {
       Name = "${local.project_name}-ec2-edge"
     },
   )
+
+  user_data = <<-EOF
+#!/bin/bash
+echo "edge" | sudo tee /etc/hostname > /dev/null
+sudo hostname -F /etc/hostname
+echo "10.0.1.21 cloud.cluster.local cloud" | sudo tee -a /etc/hosts > /dev/null
+
+sudo apt update && sudo apt upgrade -y && \
+sudo apt install -y build-essential containerd
+
+sudo systemctl enable containerd  && \
+sudo systemctl start containerd
+
+wget https://go.dev/dl/go1.20.8.linux-amd64.tar.gz && \
+sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.20.8.linux-amd64.tar.gz
+
+echo "export PATH=$PATH:/usr/local/go/bin" | sudo tee -a /home/ubuntu/.bashrc > /dev/null
+
+export PATH=$PATH:/usr/local/go/bin
+export GOPATH=/home/ubuntu/go
+export HOME=/home/
+source /home/ubuntu/.bashrc
+
+
+cat <<EOT | sudo tee -a /etc/sysctl.conf > /dev/null
+net.core.wmem_max=125829120
+net.core.rmem_max=125829120
+net.ipv4.tcp_rmem= 10240 87380 125829120
+net.ipv4.tcp_wmem= 10240 87380 125829120
+net.ipv4.tcp_window_scaling = 1
+net.ipv4.tcp_timestamps = 1
+net.ipv4.tcp_sack = 1
+net.ipv4.tcp_no_metrics_save = 1
+net.core.netdev_max_backlog = 10000
+EOT
+sudo sysctl -p
+
+
+cd /home/ubuntu && \
+git clone https://github.com/mc256/starlight.git && \
+cd /home/ubuntu/starlight && \
+git checkout v${var.starlight_version} && \
+make starlight-daemon ctr-starlight && \
+sudo make install install-systemd-service 
+
+sudo systemctl enable starlight-daemon
+sudo systemctl start starlight-daemon
+
+sudo ctr-starlight add myproxy http cloud.cluster.local:8090
+
+sudo mkdir /etc/containerd/ && \
+cat <<EOT | sudo tee -a /etc/containerd/config.toml > /dev/null
+  [proxy_plugins]
+    [proxy_plugins.starlight]
+      type = "snapshot"
+      address = "/run/starlight/starlight-snapshotter.sock"
+EOT
+
+sudo systemctl restart containerd
+
+touch /home/ubuntu/.completed
+              EOF
 }

demo/terraform/outputs.tf

@@ -10,6 +10,12 @@ output "cloud-instance-public-ip" {
   sensitive   = false
 }
 
+output "cloud-instance-private-ip" {
+  description = "The ec2 instance private ip"
+  value       = aws_instance.starlight_cloud.private_ip
+  sensitive   = false
+}
+
 output "edge-instance-id" {
   description = "The ec2 instance id"
   value       = aws_instance.starlight_edge.id
@@ -21,3 +27,10 @@ output "edge-instance-public-ip" {
   value       = aws_instance.starlight_edge.public_ip
   sensitive   = false
 }
+
+output "edge-instance-private-ip" {
+  description = "The ec2 instance private ip"
+  value       = aws_instance.starlight_edge.private_ip
+  sensitive   = false
+}
+

demo/terraform/terraform.tfvars

@@ -4,3 +4,18 @@ ssh_key_name = "starlight-key"
 # please replace with your own public key
 # this is the key for accessing the EC2 instances, if empty, we assume the key above is already created
 ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA08XpxYFsakw1hVCcFYTVvXMF+sxyF9PQ16dF+D1xP3Vr5MGq275FIyKQs0oQxKCCBtUGMIgCVrQ+V3CVu9CsfBTHoJlk1nW0dfJcB3j9kG3+3NRIHZ+FTrIO5hvMWJ+SzXTIDYgdcKLJ/YIboqBI4Rm/rNx7fVIib0K+43RcD4YRbwcMXK1lWkZ2czj+ixKmX5P0EeTLNz2J6XEsLT3V39B4QoXLKJM3TTjlRx2w980UI2lUED+3aW8jeW6Y9v9TUW5ZiZHxFLULQGD4UoivxLHUZCVJbnSaBX5r1yiE2jOvlhCXgaEa/EyYt6gBacMMC/qdIIX6nsts5+K4i/+37Jixd1qyJ5tWcxY9tUQZeiD1kuL0qy/mKtR9ONZLOUFvmWXG7t5i9axVaIyjj+Yb/4PXvEVd3jZ0jC8gcPjkkjOV22CLCCLgwtUHcDTE/OM8/oUem4Tnd/9blBjd47RfuHTdyVsujLwue5hpUo64E3JDSdVee0s1Yso1Wx8ZEfhJgqfAc+E5gSprY2pdFZUwffN52I8+72OfNnsmw1h10LqvN5Xpu+12eARr/LQHY/0E45kJRAcFbAgjUwKmKtdf0UAepb/AwLF37I9UT4uLxs56dvw4z1rJQDGQJdm8GVv0CJ8pzjBsYFYzf43Mp4+lYJ+V7BBMMo5YLa6em/bqi5s= mc256"
+
+# recommended to change to machine with more memory
+#
+# Current setting is tide to AWS free tier limit 750hours of t3.micro (1GB memory).
+cloud_instance_type = "t3.micro"
+edge_instance_type  = "t3.micro"
+
+
+# EBS volume size in GB
+# Cloud will need more space for storing the container image and metadata than the edge.
+# Please adjust the size according to your needs.
+#
+# Current setting is tide to AWS EBS free tier limit 30GB
+cloud_ebs_size_in_gb = 20
+edge_ebs_size_in_gb  = 10

demo/terraform/variables.tf

@@ -16,9 +16,15 @@ variable "ssh_public_key" {
   default     = ""
 }
 
-variable "instance_type" {
+variable "cloud_instance_type" {
   type        = string
-  default     = "t3a.nano"
+  default     = "m5a.large"
+  description = "the instance type to use"
+}
+
+variable "edge_instance_type" {
+  type        = string
+  default     = "t2.micro"
   description = "the instance type to use"
 }
 
@@ -28,7 +34,13 @@ variable "project_id" {
   description = "the project name"
 }
 
-variable "ebs_size_in_gb" {
+variable "cloud_ebs_size_in_gb" {
+  type        = number
+  default     = 20
+  description = "the ebs size in gb"
+}
+
+variable "edge_ebs_size_in_gb" {
   type        = number
   default     = 10
   description = "the ebs size in gb"

docs/newbie.md → docs/2vm.md

@@ -5,7 +5,7 @@ One acts as the Cloud, and the other acts as the Edge. You will need to identify
 
 The following instructions have been tested using AWS EC2 t2.micro with Ubuntu 22.04 LTS and `starlight v0.3.2`.
 
-`git checkout v0.3.2`
+`git checkout v0.6.2`
 
 ---
 
@@ -47,8 +47,10 @@ If you are using AWS EC2, please add the following ports to the Security Group w
 
     ```shell
     git clone https://github.com/mc256/starlight.git && \
-    cd starlight/demo/compose/registry+proxy && \
-    git checkout v0.3.1 && \
+    cd starlight && \
+    git checkout v0.6.2 && \
+    cd demo/compose/ && \
+    cp docker-compose-example.yaml docker-compose.yaml && \
     docker-compose up -d
     # Creating network "registryproxy_default" with the default driver
     # Creating registryproxy_db_1       ... done
@@ -124,8 +126,8 @@ sudo systemctl status containerd
 
 Install Go https://go.dev/doc/install ➡️
 ```shell
-wget https://go.dev/dl/go1.18.3.linux-amd64.tar.gz && \
-sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.18.3.linux-amd64.tar.gz
+wget https://go.dev/dl/go1.20.8.linux-amd64.tar.gz && \
+sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.20.8.linux-amd64.tar.gz
 ```
 
 Add Go to the environment variable (You may want to change `.zshrc` or `.bashrc` file to permanently add this folder to the `PATH` environment variable)