# VM Deployment Module

This Terraform module deploys Besu nodes on Azure Virtual Machines (VMs) or Virtual Machine Scale Sets (VMSS) with Docker Engine.

## Features

- Deploy validators, sentries, or RPC nodes
- Support for individual VMs or VM Scale Sets
- Multi-region deployment
- Automatic Docker installation
- Automatic Besu configuration
- Cloud-init setup
- Managed Identity for Key Vault access
- Boot diagnostics
- Network security groups

## Usage

### Basic Usage

```hcl
module "besu_validators" {
  source = "./modules/vm-deployment"

  resource_group_name      = "defi-oracle-mainnet-rg"
  location                 = "eastus"
  cluster_name             = "defi-oracle-aks"
  node_type                = "validator"
  node_count               = 4
  vm_size                  = "Standard_D4s_v3"
  ssh_public_key           = file("~/.ssh/id_rsa.pub")
  subnet_id                = azurerm_subnet.validators.id
  storage_account_name     = azurerm_storage_account.vm_storage.primary_blob_endpoint
  key_vault_id             = azurerm_key_vault.main.id
  genesis_file_path        = "https://storageaccount.blob.core.windows.net/genesis/genesis.json"
  network_security_group_id = azurerm_network_security_group.validators.id
}
```

### VM Scale Set

```hcl
module "besu_rpc_vmss" {
  source = "./modules/vm-deployment"

  resource_group_name      = "defi-oracle-mainnet-rg"
  location                 = "eastus"
  cluster_name             = "defi-oracle-aks"
  node_type                = "rpc"
  node_count               = 3
  vm_size                  = "Standard_D8s_v3"
  use_scale_set            = true
  ssh_public_key           = file("~/.ssh/id_rsa.pub")
  subnet_id                = azurerm_subnet.rpc.id
  storage_account_name     = azurerm_storage_account.vm_storage.primary_blob_endpoint
  key_vault_id             = azurerm_key_vault.main.id
  genesis_file_path        = "https://storageaccount.blob.core.windows.net/genesis/genesis.json"
  network_security_group_id = azurerm_network_security_group.rpc.id
}
```

## Variables

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| resource_group_name | Name of the resource group | string | - | yes |
| location | Azure region | string | - | yes |
| cluster_name | Name of the Besu network cluster | string | - | yes |
| node_type | Type of node (validator, sentry, rpc) | string | - | yes |
| node_count | Number of nodes | number | 1 | no |
| vm_size | VM size | string | "Standard_D4s_v3" | no |
| admin_username | Admin username for VMs | string | "besuadmin" | no |
| ssh_public_key | SSH public key for VM access | string | - | yes |
| use_scale_set | Use VM Scale Set instead of individual VMs | bool | false | no |
| subnet_id | Subnet ID for VMs | string | - | yes |
| storage_account_name | Storage account name for boot diagnostics | string | - | yes |
| key_vault_id | Key Vault ID for secrets | string | - | yes |
| genesis_file_path | Path to genesis file in storage | string | - | yes |
| network_security_group_id | Network Security Group ID | string | - | yes |
| tags | Tags for resources | map(string) | {} | no |

## Outputs

| Name | Description |
|------|-------------|
| vm_ids | VM or VMSS IDs |
| vm_private_ips | Private IP addresses of VMs |
| vm_public_ips | Public IP addresses of VMs (sentry and RPC nodes only) |
| vm_names | VM or VMSS names |
| vmss_id | VM Scale Set ID (if using scale set) |

## Requirements

- Terraform >= 1.0
- Azure Provider >= 3.0
- Azure CLI installed and configured
- SSH key pair

## Examples

See `terraform/vm-deployment.tf` for complete examples.

## Notes

- VMs are automatically configured via cloud-init
- Docker is installed automatically
- Besu is started automatically via systemd service
- Validator keys are downloaded from Key Vault using Managed Identity
- Genesis file is downloaded from Azure Storage
- Boot diagnostics are enabled
- Managed Identity is enabled for Key Vault access