I just wanted to introduce part of the work that Insight is contributing as part of our P-Rep application. We are building a modular terraform deployment deployed through terragrunt. If you aren’t familiar with terraform, it is the leading infrastructure provisioning tooling around today allowing users to script the state of a cluster on any cloud. If you aren’t familiar with terragrunt, it is a wrapper around terraform that makes it easier to use and manage in complex, multi-environment deployments.
Here is a link to the repo I am working out of right now.
Will update README with current state but briefly, nodes need configuration via SSH. IAM permissions are being locked down now and working into a multi-account security pattern where all IAM roles are stored in single account (more on this later). Security groups can easily be statically locked down to the IP whitelist but looking for input on best way to automatically respond to changes to IP whitelist. Multi-host configurations not started yet (ie multi-p-rep-multi-citizen). Ansible configuration and security hardening step to be included soon.
I am hoping that over time, this style of deployment will:
- Facilitate the deployment of both P-Rep and citizen nodes
- Enable P-Rep node operators to test different node configurations on TestNet
- Support a variety of different firewalls giving the network a decentralized grid of security features
I take copious notes and will have documentation to support much of what I do up later this week (another post on that coming shortly). In the mean time, if you have any comments / suggestions, please hit me up or lay them out in this thread. Looking for any insights into what people think would have the most impact soonest. If anybody has experience with terraform and is running a p-rep, please hit me up.
Right now only supporting AWS. GCP will be next. Also developing in parallel a supporting services / logging cluster. Will start separate thread on what is needed there soon.
Please don’t hesitate to ask questions. Looking for as much community involvement / use as possible.
Hope this helps!