scripts: add tilt-gcp-up.sh

Change-Id: Ifa4818f437ba00de3f11f5c468d6e7d9b552a24a

DEVELOP.md

@@ -114,9 +114,9 @@ Start a minikube session with recommended parameters:
 You can then run tilt normally (see above).
 
 The easiest way to get access to the Tilt UI is to simply run Tilt on a public port, and use a firewall
-of your choice to control access:
+of your choice to control access. For GCP, we ship a script that automatically runs `tilt up` on the right IP:
 
-    tilt up --host=0.0.0.0 --port=8080
+    scripts/tilt-gcp-up.sh
 
 If something breaks, just run `minikube delete` and start from scratch by running `start-recommended-minikube`.
 

Tiltfile

@@ -29,6 +29,10 @@ config.define_string("namespace", False, "Kubernetes namespace to use")
 config.define_string("gcpProject", False, "GCP project ID for BigTable persistence")
 config.define_string("bigTableKeyPath", False, "Path to BigTable json key file")
 
+# When running Tilt on a server, this can be used to set the public hostname Tilt runs on
+# for service links in the UI to work.
+config.define_string("webHost", False, "Public hostname for port forwards")
+
 # Components
 config.define_bool("pyth", False, "Enable Pyth-to-Wormhole component")
 config.define_bool("explorer", False, "Enable explorer component")
@@ -39,6 +43,7 @@ num_guardians = int(cfg.get("num", "1"))
 namespace = cfg.get("namespace", "wormhole")
 gcpProject = cfg.get("gcpProject", "local-dev")
 bigTableKeyPath = cfg.get("bigTableKeyPath", "./event_database/devnet_key.json")
+webHost = cfg.get("webHost", "localhost")
 ci = cfg.get("ci", False)
 pyth = cfg.get("pyth", ci)
 explorer = cfg.get("explorer", ci)
@@ -126,10 +131,10 @@ def build_node_yaml():
 k8s_yaml_with_ns(build_node_yaml())
 
 k8s_resource("guardian", resource_deps = ["proto-gen", "solana-devnet"], port_forwards = [
-    port_forward(6060, name = "Debug/Status Server [:6060]"),
-    port_forward(7070, name = "Public gRPC [:7070]"),
-    port_forward(7071, name = "Public REST [:7071]"),
-    port_forward(2345, name = "Debugger [:2345]"),
+    port_forward(6060, name = "Debug/Status Server [:6060]", host = webHost),
+    port_forward(7070, name = "Public gRPC [:7070]", host = webHost),
+    port_forward(7071, name = "Public REST [:7071]", host = webHost),
+    port_forward(2345, name = "Debugger [:2345]", host = webHost),
 ])
 
 # solana client cli (used for devnet setup)
@@ -159,9 +164,9 @@ k8s_resource(
     "solana-devnet",
     resource_deps = ["wasm-gen"],
     port_forwards = [
-        port_forward(8899, name = "Solana RPC [:8899]"),
-        port_forward(8900, name = "Solana WS [:8900]"),
-        port_forward(9000, name = "Solana PubSub [:9000]"),
+        port_forward(8899, name = "Solana RPC [:8899]", host = webHost),
+        port_forward(8900, name = "Solana WS [:8900]", host = webHost),
+        port_forward(9000, name = "Solana PubSub [:9000]", host = webHost),
     ],
 )
 
@@ -215,11 +220,11 @@ if pyth:
 k8s_yaml_with_ns("devnet/eth-devnet.yaml")
 
 k8s_resource("eth-devnet", port_forwards = [
-    port_forward(8545, name = "Ganache RPC [:8545]"),
+    port_forward(8545, name = "Ganache RPC [:8545]", host = webHost),
 ])
 
 k8s_resource("eth-devnet2", port_forwards = [
-    port_forward(8546, name = "Ganache RPC [:8546]"),
+    port_forward(8546, name = "Ganache RPC [:8546]", host = webHost),
 ])
 
 if bridge_ui:
@@ -240,7 +245,7 @@ if bridge_ui:
         "bridge-ui",
         resource_deps = ["proto-gen-web", "wasm-gen"],
         port_forwards = [
-            port_forward(3000, name = "Bridge UI [:3000]"),
+            port_forward(3000, name = "Bridge UI [:3000]", host = webHost),
         ],
     )
 
@@ -304,7 +309,7 @@ if explorer:
     k8s_yaml_with_ns("devnet/bigtable.yaml")
 
     k8s_resource("bigtable-emulator",
-        port_forwards = [port_forward(8086, name = "BigTable clients [:8086]")],
+        port_forwards = [port_forward(8086, name = "BigTable clients [:8086]", host = webHost)],
         labels = ["explorer"],
     )
 
@@ -317,7 +322,7 @@ if explorer:
     k8s_resource(
         "bigtable-functions",
         resource_deps = ["proto-gen", "bigtable-emulator"],
-        port_forwards = [port_forward(8090, name = "BigTable Functions [:8090]")],
+        port_forwards = [port_forward(8090, name = "BigTable Functions [:8090]", host = webHost)],
         labels = ["explorer"]
     )
 
@@ -339,7 +344,7 @@ if explorer:
         "explorer",
         resource_deps = ["proto-gen-web"],
         port_forwards = [
-            port_forward(8001, name = "Explorer Web UI [:8001]"),
+            port_forward(8001, name = "Explorer Web UI [:8001]", host = webHost),
         ],
         labels = ["explorer"],
     )
@@ -363,12 +368,12 @@ k8s_yaml_with_ns("devnet/terra-devnet.yaml")
 k8s_resource(
     "terra-terrad",
     port_forwards = [
-        port_forward(26657, name = "Terra RPC [:26657]"),
-        port_forward(1317, name = "Terra LCD [:1317]"),
+        port_forward(26657, name = "Terra RPC [:26657]", host = webHost),
+        port_forward(1317, name = "Terra LCD [:1317]", host = webHost),
     ],
 )
 
 k8s_resource(
     "terra-fcd",
-    port_forwards = [port_forward(3060, name = "Terra FCD [:3060]")],
+    port_forwards = [port_forward(3060, name = "Terra FCD [:3060]", host = webHost)],
 )

scripts/tilt-gcp-up.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+set -euo pipefail
+# Tilt cannot differentiate between the listen and web address, so we need to jerry-rig the
+# external IP onto the external interface and undo the DNAT.
+
+if [[ "$EUID" -eq 0 ]]; then
+  echo "Do not run as root"
+  exit 1
+fi
+
+EXT_IP=$(curl -s -H "Metadata-Flavor: Google" \
+  "http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip")
+
+IFACE=$(ip route | awk '/default/ { print $5 }')
+
+if [[ -z "${IFACE}" ]]; then
+  echo "Could not find interface"
+  exit 1
+fi
+
+if [[ -z "${EXT_IP}" ]]; then
+  echo "Could not find external IP"
+  exit 1
+fi
+
+if ! ip addr show dev $IFACE | grep -q "inet $EXT_IP"; then
+  echo "Adding IP $EXT_IP to $IFACE"
+  sudo ip addr add "$EXT_IP/32" dev $IFACE
+fi
+
+RULE="-i $IFACE -p tcp ! --dport 22 -j DNAT --to-destination $EXT_IP"
+if ! sudo iptables -t nat -C PREROUTING $RULE; then
+  echo "Adding iptables rule $RULE"
+  sudo iptables -t nat -I PREROUTING $RULE
+fi
+
+tilt up --host=$EXT_IP --port=8080 -- "--webHost=$EXT_IP" ${@}