google · gdbelvin · Aug 1, 2017 · May 22, 2017 · Jun 8, 2017 · Jun 13, 2017
@@ -14,3 +14,5 @@
 *.swp
 *~
 default.etcd
+*.tfstate
+*.tfstate.backup
@@ -95,8 +95,10 @@ You can then set up the [expected tables](storage/mysql/storage.sql) in a
 
 ```bash
 ./scripts/resetdb.sh
-Completely wipe and reset database 'test'.
+Warning: about to destroy and reset database 'test'
 Are you sure? y
+> Resetting DB...
+> Reset Complete
 ```
 
 ### Integration Tests

@@ -0,0 +1,65 @@
+Deploying Trillian
+==================
+
+Want to deploy/use the Trillian General Transparency project in the cloud?  Here are some common ways of getting off the ground with Docker.
+
+## Setup
+
+**Clone Source**
+
+Both build and example deployment files are stored within this repo.  For any of the below deployment methods, start here:
+
+```shell
+git clone https://github.com/google/trillian.git/
+cd trillian
+```
+
+## Local Deployments
+
+**Run With Docker Compose**
+
+For simple deployments, running in a container is an easy way to get up and running with a local database.  To use Docker to run and interact with Trillian, start here:
+
+Set a random password and bring up the services defined in the provided compose file.  This includes a local MySQL database, a one-shot container to create the schema and the trillian server:
+
+```shell
+# Set a random password
+export DB_PASSWORD="$(openssl rand -hex 16)"
+
+# Bring up services defined in this compose file.  This includes:
+# - local MySQL database
+# - container to initialize the database
+# - the trillian server
+docker-compose -f examples/deployment/docker-compose.yml up
+```
+
+Verify that your local installation is working by checking the metrics endpoint:
+
+```shell
+curl localhost:8091/metrics
+```
+
+## Cloud Deployments
+
+For better persistence and performance you may want to run in your datacenter or a cloud.  Here are some simple cloud deployment templates:
+
+### Run in GCP
+
+TODO
+
+### Run in AWS
+
+With a pair of AWS keys [accessible to Terraform](https://www.terraform.io/docs/providers/aws/), this template deploys a simple Trillian setup in AWS using EC2 and RDS MySQL.
+
+```shell
+cd examples/deployment/aws/
+
+# Set a random password
+export TF_VAR_DB_PASSWORD="$(openssl rand -hex 16)"
+# Substitute this variable with a block you'll be accessing from
+export TF_VAR_WHITELIST_CIDR="0.0.0.0/0"
+
+# Review and Create Resources
+terraform plan
+terraform apply
+```
@@ -0,0 +1,155 @@
+variable "WHITELIST_CIDR" {
+  description="Your IP block to whitelist access from"
+}
+variable "DB_PASSWORD" { }
+
+provider "aws" {
+  region     = "us-west-2"
+}
+
+/* The Database */
+
+resource "aws_rds_cluster" "trillian" {
+  cluster_identifier      = "trillian"
+  database_name           = "test"
+  master_username         = "root"
+  master_password         = "${var.DB_PASSWORD}"
+  skip_final_snapshot     = true
+  port                    = 3306
+  vpc_security_group_ids  = ["${aws_security_group.trillian_db.id}"]
+  availability_zones      = ["us-west-2a", "us-west-2b", "us-west-2c"]
+  storage_encrypted       = true
+  apply_immediately       = true
+
+}
+
+resource "aws_rds_cluster_instance" "cluster_instances" {
+  count               = 2
+  identifier          = "trillian-${count.index}"
+  cluster_identifier  = "${aws_rds_cluster.trillian.id}"
+  instance_class      = "db.r3.large"
+  publicly_accessible = true
+  apply_immediately   = true
+}
+
+resource "aws_security_group" "trillian_db" {
+  name        = "trillian-db"
+  description = "Allow MySQL from Trillian and Development CIDR"
+
+  ingress {
+    from_port   = 3306
+    to_port     = 3306
+    protocol    = "tcp"
+    cidr_blocks = ["${var.WHITELIST_CIDR}"]
+  }
+
+  ingress {
+    from_port   = 3306
+    to_port     = 3306
+    protocol    = "tcp"
+    security_groups = ["${aws_security_group.trillian.id}"]
+  }
+
+  egress {
+    from_port       = 0
+    to_port         = 0
+    protocol        = "-1"
+    cidr_blocks     = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_rds_cluster_parameter_group" "trillian" {
+  name        = "trillian-pg"
+  family      = "aurora5.6"
+
+  # Whether InnoDB returns errors rather than warnings for exceptional conditions.
+  # replaces: `sql_mode = STRICT_ALL_TABLES`
+  parameter {
+    name  = "innodb_strict_mode"
+    value = "1"
+  }
+}
+
+/* The Instance */
+
+/* select the latest official hvm amazon linux release */
+data "aws_ami" "trillian" {
+  most_recent      = true
+  executable_users = ["all"]
+
+  name_regex = "^amzn-ami-hvm"
+  owners     = ["amazon"]
+}
+
+resource "aws_security_group" "trillian" {
+  name        = "trillian"
+  description = "Expose Rest, TPC and SSH endpoint to local cidr"
+
+  ingress {
+    from_port   = 8090
+    to_port     = 8091
+    protocol    = "tcp"
+    cidr_blocks = ["${var.WHITELIST_CIDR}"]
+  }
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["${var.WHITELIST_CIDR}"]
+  }
+
+  egress {
+    from_port       = 0
+    to_port         = 0
+    protocol        = "-1"
+    cidr_blocks     = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_instance" "trillian" {
+  ami                         = "${data.aws_ami.trillian.id}"
+  instance_type               = "t2.medium"
+  vpc_security_group_ids      = ["${aws_security_group.trillian.id}"]
+  associate_public_ip_address = true
+
+  tags {
+    Name = "trillian"
+  }
+
+  user_data =  <<EOF
+#!/bin/bash
+
+set -e
+
+yum update -y
+yum install -y git mysql
+
+# install golang
+curl -o /tmp/go.tar.gz https://storage.googleapis.com/golang/go1.8.3.linux-amd64.tar.gz
+tar -C /usr/local -xzf /tmp/go.tar.gz
+export PATH=$PATH:/usr/local/go/bin
+mkdir -p /go
+export GOPATH=/go
+
+# Install Trillian
+go get github.com/google/trillian/server/trillian_log_server
+
+# Setup the DB
+cd /go/src/github.com/google/trillian
+export DB_USER=root
+export DB_PASSWORD=${var.DB_PASSWORD}
+export DB_HOST=${aws_rds_cluster.trillian.endpoint}
+export DB_DATABASE=test
+./scripts/resetdb.sh --verbose --force -h $DB_HOST
+
+# Startup the Server
+RPC_PORT=8090
+HTTP_PORT=8091
+/go/bin/trillian_log_server \
+	--mysql_uri="${DB_USER}:${DB_PASSWORD}@tcp(${DB_HOST})/${DB_DATABASE}" \
+	--rpc_endpoint="$HOST:$RPC_PORT" \
+	--http_endpoint="$HOST:$HTTP_PORT" \
+	--alsologtostderr
+EOF
+
+}
@@ -0,0 +1,28 @@
+version: '3'
+services:
+  mysql:
+    image: mysql:8
+    environment:
+      - MYSQL_ROOT_PASSWORD=$DB_PASSWORD
+  trillian-db-seed:
+    build:
+      context: ../..
+      dockerfile: ./examples/deployment/docker/db_client/Dockerfile
+    environment:
+      - DB_USER=root
+      - DB_PASSWORD=$DB_PASSWORD
+    command: ./wait-for-it.sh -t 0 mysql:3306 -- ./scripts/resetdb.sh --verbose --force -h mysql
+  trillian-server:
+    build:
+      context: ../..
+      dockerfile: examples/deployment/docker/log_server/Dockerfile
+    restart: always # retry while mysql is starting up
+    ports:
+      - "8090:8090"
+      - "8091:8091"
+    depends_on:
+      - mysql
+    environment:
+      - DB_USER=root
+      - DB_PASSWORD=$DB_PASSWORD
+      - DB_HOST=mysql:3306
@@ -0,0 +1,17 @@
+FROM golang:1.8
+
+RUN apt-get update && \
+    apt-get install -y mysql-client
+
+ADD . /go/src/github.com/google/trillian
+WORKDIR /go/src/github.com/google/trillian
+
+ENV DB_USER=test \
+    DB_PASSWORD=zaphod \
+    DB_DATABASE=test
+
+# This is used to wait for new MySQL deployments to become ready e.g.
+#  ./wait-for-it.sh localhost:3306 -- mysql
+RUN ./examples/deployment/scripts/download-wait-for-it.sh
+
+CMD [ 'mysql' ]
@@ -0,0 +1,30 @@
+FROM golang:1.8
+
+ENV DB_USER=test \
+    DB_PASSWORD=zaphod \
+    DB_DATABASE=test \
+    DB_HOST=127.0.0.0:3306
+
+ENV HOST=0.0.0.0 \
+    RPC_PORT=8090 \
+    HTTP_PORT=8091
+
+ENV DUMP_METRICS 0s
+
+ADD . /go/src/github.com/google/trillian
+WORKDIR /go/src/github.com/google/trillian
+
+RUN apt-get update && apt-get install -y libtool libltdl-dev
+RUN go get -v ./server/trillian_log_server
+
+ENTRYPOINT /go/bin/trillian_log_server \
+	--mysql_uri="${DB_USER}:${DB_PASSWORD}@tcp(${DB_HOST})/${DB_DATABASE}" \
+	--rpc_endpoint="$HOST:$RPC_PORT" \
+	--http_endpoint="$HOST:$HTTP_PORT" \
+	--alsologtostderr 
+
+EXPOSE $RPC_PORT
+EXPOSE $HTTP_PORT
+
+HEALTHCHECK --interval=5m --timeout=3s \
+  CMD curl -f http://localhost:$HTTP_PORT/debug/vars || exit 1
@@ -0,0 +1,38 @@
+FROM golang:1.8
+
+ENV DB_USER=test \
+    DB_PASSWORD=zaphod \
+    DB_DATABASE=test \
+    DB_HOST=127.0.0.0:3306
+
+ENV HOST=0.0.0.0 \
+    HTTP_PORT=8091
+
+ENV SEQUENCER_GUARD_WINDOW=0s \
+    FORCE_MASTER=true \
+    SEQUENCER_INTERVAL=10s \
+    NUM_SEQ_FLAG=10 \
+    BATCH_SIZE=50
+
+
+ADD . /go/src/github.com/google/trillian
+WORKDIR /go/src/github.com/google/trillian
+
+RUN apt-get update && apt-get install -y libtool libltdl-dev
+RUN go get ./server/trillian_log_signer
+
+# Run the outyet command by default when the container starts.
+ENTRYPOINT /go/bin/trillian_log_signer \
+	--mysql_uri="${DB_USER}:${DB_PASSWORD}@tcp(${DB_HOST})/${DB_DATABASE}" \
+	--http_endpoint="$HOST:$HTTP_PORT" \
+	--sequencer_guard_window="$SEQUENCER_GUARD_WINDOW" \
+	--sequencer_interval="$SEQUENCER_INTERVAL" \
+	--num_sequencers="$NUM_SEQ_FLAG" \
+	--batch_size="$BATCH_SIZE" \
+	--force_master="$FORCE_MASTER" \
+	--alsologtostderr
+
+EXPOSE $HTTP_PORT
+
+HEALTHCHECK --interval=5m --timeout=3s \
+  CMD curl -f http://localhost:$HTTP_PORT/debug/vars || exit 1
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -e
+
+download() {
+  COMMIT=8f52a814ef0cc70820b87fbf888273f3aa7f5a9b
+  URL=https://raw.githubusercontent.com/vishnubob/wait-for-it/${COMMIT}/wait-for-it.sh
+  curl -sO $URL
+  chmod a+x wait-for-it.sh
+}
+
+download
+sha256sum --check <( echo "c238c56e2a81b3c97375571eb4f58a0e75cdb4cd957f5802f733ac50621e776a wait-for-it.sh" )