first push

Author: richcoder221

README.md

@@ -1,2 +1,9 @@
 # questdb-devops
 Quick Deployment of QuestDB with Envoy on the Cloud using Terraform and Docker
+
+
+
+1. install terraform and gcloud cli
+2. setup gcloud cli login
+3. in terraform folder run terraform apply
+4. run setup.sh script make sure the persistent volume on linux mahcine is mounted to /dev/sdb before use chmod +x to enable permission to run

questdb/docker-compose.yaml

@@ -0,0 +1,40 @@
+services:
+  questdb:
+    image: questdb/questdb:latest
+    container_name: questdb
+    restart: always
+    volumes:
+      - /questdb_zfs:/var/lib/questdb
+    networks:
+      - my_private
+    environment:
+      - QDB_LINE_DEFAULT_PARTITION_BY=YEAR
+      - QDB_CAIRO_WAL_WRITER_DATA_APPEND_PAGE_SIZE=128K
+      - QDB_CAIRO_WRITER_DATA_APPEND_PAGE_SIZE=128K
+      - QDB_CAIRO_O3_COLUMN_MEMORY_SIZE=128K
+      - QDB_CAIRO_WRITER_DATA_INDEX_KEY_APPEND_PAGE_SIZE=128K
+      - QDB_CAIRO_WRITER_DATA_INDEX_VALUE_APPEND_PAGE_SIZE=128K
+
+  envoy:
+    image: envoyproxy/envoy-contrib:v1.32-latest
+    container_name: envoy
+    volumes:
+      - ./envoy.yaml:/etc/envoy/envoy.yaml:ro
+      - ./certs:/etc/envoy/certs:ro
+    ports:
+      - "9000:9000"
+      - "8812:8812"
+      - "9901:9901"
+    networks:
+      - my_private
+    depends_on:
+      - questdb
+    user: "101:101"
+    security_opt:
+      - no-new-privileges:true
+
+
+networks:
+  my_private:
+    driver: bridge
+

questdb/envoy.yaml

@@ -0,0 +1,97 @@
+static_resources:
+  listeners:
+  - name: https_listener
+    address:
+      socket_address:
+        address: 0.0.0.0
+        port_value: 9000
+    filter_chains:
+    - filters:
+      - name: envoy.filters.network.http_connection_manager
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+          stat_prefix: questdb_https
+          codec_type: AUTO
+          route_config:
+            name: questdb_routes
+            virtual_hosts:
+            - name: questdb_service
+              domains: ["*"]
+              routes:
+              - match:
+                  prefix: "/"
+                route:
+                  cluster: questdb_cluster
+                  timeout: 0s
+          http_filters:
+          - name: envoy.filters.http.router
+            typed_config:
+              "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+      transport_socket:
+        name: envoy.transport_sockets.tls
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
+          common_tls_context:
+            tls_certificates:
+            - certificate_chain:
+                filename: "/etc/envoy/certs/cert.pem"
+              private_key:
+                filename: "/etc/envoy/certs/key.pem"
+
+  - name: postgres_listener
+    address:
+      socket_address:
+        address: 0.0.0.0
+        port_value: 8812
+    filter_chains:
+    - filters:
+      - name: envoy.filters.network.postgres_proxy
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.network.postgres_proxy.v3alpha.PostgresProxy
+          stat_prefix: postgres_stats
+          terminate_ssl: true
+      - name: envoy.filters.network.tcp_proxy
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
+          stat_prefix: postgres_tcp
+          cluster: questdb_postgres
+      transport_socket:
+        name: envoy.transport_sockets.starttls
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.transport_sockets.starttls.v3.StartTlsConfig
+          tls_socket_config:
+            common_tls_context:
+              tls_certificates:
+              - certificate_chain:
+                  filename: "/etc/envoy/certs/cert.pem"
+                private_key:
+                  filename: "/etc/envoy/certs/key.pem"
+
+  clusters:
+  - name: questdb_cluster
+    connect_timeout: 30s
+    type: STRICT_DNS
+    lb_policy: ROUND_ROBIN
+    load_assignment:
+      cluster_name: questdb_cluster
+      endpoints:
+      - lb_endpoints:
+        - endpoint:
+            address:
+              socket_address:
+                address: questdb
+                port_value: 9000
+
+  - name: questdb_postgres
+    connect_timeout: 30s
+    type: STRICT_DNS
+    lb_policy: ROUND_ROBIN
+    load_assignment:
+      cluster_name: questdb_postgres
+      endpoints:
+      - lb_endpoints:
+        - endpoint:
+            address:
+              socket_address:
+                address: questdb
+                port_value: 8812

setup.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+
+# Docker installation
+sudo apt-get update
+sudo apt-get install -y ca-certificates curl
+sudo install -m 0755 -d /etc/apt/keyrings
+sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+sudo chmod a+r /etc/apt/keyrings/docker.asc
+
+
+echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
+  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+sudo apt-get update
+
+sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+
+
+if ! getent group docker > /dev/null 2>&1; then
+    sudo groupadd docker
+fi
+
+
+if ! groups $USER | grep -q docker; then
+    sudo usermod -aG docker $USER
+    echo "User added to docker group. Please log out and log back in for changes to take effect."
+fi
+
+
+
+# Add Ubuntu repository
+sudo sh -c 'echo "deb http://archive.ubuntu.com/ubuntu jammy main universe" > /etc/apt/sources.list'
+
+# Update and install ZFS utils
+sudo apt-get update
+sudo apt-get install -y zfsutils-linux
+
+# Check if /dev/sdb exists
+if [ ! -e /dev/sdb ]; then
+    echo "Error: /dev/sdb does not exist"
+    exit 1
+fi
+
+# Create GPT label
+echo "mklabel gpt" | sudo parted /dev/sdb
+
+# Create ZFS pool and dataset
+sudo zpool create -o ashift=12 -O atime=off -O canmount=off -O compression=lz4 data_pool /dev/sdb
+if [ $? -eq 0 ]; then
+    sudo zfs create -o mountpoint=/questdb_zfs data_pool/primary
+else
+    echo "Error: Failed to create ZFS pool"
+    exit 1
+fi

terraform/main.tf

@@ -0,0 +1,105 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "6.8.0"
+    }
+  }
+}
+
+provider "google" {
+  #credentials = file(var.credentials_file)
+  project = var.project
+  region  = var.region
+}
+
+
+resource "google_compute_network" "qdb-vpc" {
+  name                                      = "qdb-vpc"
+  routing_mode                              = "REGIONAL"
+  auto_create_subnetworks                   = false
+  network_firewall_policy_enforcement_order = "AFTER_CLASSIC_FIREWALL"
+}
+
+resource "google_compute_subnetwork" "qdb-subnet-with-logging" {
+  name          = "qdb-subnet-with-logging"
+  ip_cidr_range = "10.2.0.0/16"
+  region        = var.region
+  network       = google_compute_network.qdb-vpc.id
+  stack_type    = "IPV4_ONLY"
+
+  log_config {
+    aggregation_interval = "INTERVAL_10_MIN"
+    flow_sampling        = 0.5
+    metadata             = "INCLUDE_ALL_METADATA"
+  }
+}
+
+resource "google_compute_route" "qdb-public-route" {
+  name             = "qdb-public-route"
+  network          = google_compute_network.qdb-vpc.id
+  dest_range       = "0.0.0.0/0" # Destination IP range
+  priority         = 1000
+  next_hop_gateway = "default-internet-gateway" # Specify the next hop
+}
+
+
+resource "google_compute_firewall" "qdb-firewall" {
+  name        = "qdb-firewall"
+  description = "Creates firewall rule targeting tagged instances"
+  network     = google_compute_network.qdb-vpc.id
+
+  allow {
+    protocol = "all"
+  }
+
+  source_ranges = [var.my_ip]
+
+  target_tags = ["qdb"]
+}
+
+
+resource "google_compute_instance" "qdb-ubuntu" {
+  name         = "qdb-ubuntu"
+  machine_type = "n2d-standard-2"
+  zone         = "australia-southeast1-a"
+
+  tags = ["qdb"]
+
+  boot_disk {
+    initialize_params {
+      image = "ubuntu-2410-oracular-amd64-v20241021"
+      size  = 10
+      type  = "pd-balanced"
+    }
+    auto_delete = true
+  }
+
+  attached_disk {
+    source      = google_compute_disk.persistent-data.id
+    device_name = google_compute_disk.persistent-data.name
+  }
+
+
+  network_interface {
+    network    = google_compute_network.qdb-vpc.id
+    subnetwork = google_compute_subnetwork.qdb-subnet-with-logging.id
+    access_config {
+      network_tier = "STANDARD"
+    }
+
+  }
+}
+
+output "public-ipv4" {
+  value = google_compute_instance.qdb-ubuntu.network_interface.0.access_config.0.nat_ip
+}
+
+
+resource "google_compute_disk" "persistent-data" {
+  name = "persistent-data"
+  type = "pd-balanced"
+  zone = "australia-southeast1-a"
+  size = "20"
+}
+

terraform/terraform.tfvars

@@ -0,0 +1,3 @@
+project          = "your-project-id"
+credentials_file = "<FILE>"
+my_ip = "0.0.0.0/0"

terraform/variables.tf

@@ -0,0 +1,15 @@
+variable "project" {}
+
+variable "credentials_file" {}
+
+variable "my_ip" {}
+
+
+variable "region" {
+  default = "australia-southeast1"
+}
+
+variable "zone" {
+  default = "australia-southeast1"
+}
+