feat: IAC for a prototype devnet

[PhilWindle]

This PR contains some CI and Terraform work to deploy an initial devnet.

Checklist:

Remove the checklist to signal you've completed it. Enable auto-merge if the PR is ready to merge.

• If the pull request requires a cryptography review (e.g. cryptographic algorithm implementations) I have added the 'crypto' tag.
• I have reviewed my diff in github, line by line and removed unexpected formatting changes, testing logs, or commented-out code.
• Every change is related to the PR description.
• I have linked this pull request to relevant issues (if any exist).

[ludamad]

This should now be built by yarn-project I think. You would be able to grab the build from there

[PhilWindle]

Doesn't yarn-project just produce a single image yarn-project with all of the built code? And if we want an actual deployable package image we need to have a Dockerfile which extracts the relevant built code for that package?

[AztecBot]

Benchmark results

All benchmarks are run on txs on the Benchmarking contract on the repository. Each tx consists of a batch call to create_note and increment_balance, which guarantees that each tx has a private call, a nested private call, a public call, and a nested public call, as well as an emitted private note, an unencrypted log, and public storage read and write.

L2 block published to L1

Each column represents the number of txs on an L2 block published to L1.

Metric	8 txs	32 txs	128 txs
l1_rollup_calldata_size_in_bytes	45444	179588	716132
l1_rollup_calldata_gas	222984	868088	3449540
l1_rollup_execution_gas	842071	3595196	22204909
l2_block_processing_time_in_ms	1020	3886	15513
note_successful_decrypting_time_in_ms	323	984	3685
note_trial_decrypting_time_in_ms	25	93	137
l2_block_building_time_in_ms	8930	35802	149559
l2_block_rollup_simulation_time_in_ms	6639	26685	105585
l2_block_public_tx_process_time_in_ms	2249	8994	43505

L2 chain processing

Each column represents the number of blocks on the L2 chain where each block has 16 txs.

Metric	10 blocks	20 blocks	30 blocks
node_history_sync_time_in_ms	32517	77865	139171
note_history_successful_decrypting_time_in_ms	4813	13438	20554
note_history_trial_decrypting_time_in_ms	146	256	256
node_database_size_in_bytes	1198920	1900704	2754791
pxe_database_size_in_bytes	54187	108338	162578

Circuits stats

Stats on running time and I/O sizes collected for every circuit run across all benchmarks.

Circuit	circuit_simulation_time_in_ms	circuit_input_size_in_bytes	circuit_output_size_in_bytes
private-kernel-init	56.97852760736196	56577	14745
private-kernel-ordering	30.23542944785276	20137	8089
base-rollup	872	631604	810
root-rollup	38.02439024390244	4072	1097
private-kernel-inner	52.46604938271605	72288	14745
public-kernel-private-input	51.76543209876543	37359	14745
public-kernel-non-first-iteration	31.281635802469136	37401	14745
merge-rollup	0.9767441860465116	2592	873

[spalladino]

LGTM, but I'm curious as to why put the p2p ports behind the load balancer. I'd've expected to see just the node API behind the lb, so requests would be routed to whatever node was available, but letting the nodes p2p ports and the p2p bootstrap node be directly reachable from the internet without having to go through the lb. Or is it meant to test a NAT-like setup?

[PhilWindle]

LGTM, but I'm curious as to why put the p2p ports behind the load balancer. I'd've expected to see just the node API behind the lb, so requests would be routed to whatever node was available, but letting the nodes p2p ports and the p2p bootstrap node be directly reachable from the internet without having to go through the lb. Or is it meant to test a NAT-like setup?

Yes, it's testing a NAT setup. The services are in a private subnet with the lb performing port-forwarding. Note, we actually have 2 load balancers in the system. There is an Application Load Balancer that isn't defined here. It's part of the aztec2 iac and the aztec-nodes each add a route for their JSON RPC calls. Then I have setup a Network Load Balancer which we require to route the p2p traffic through to the private subnet. Unfortunately ALB's can't route raw TCP/UDP only HTTP.

As we build databases and stuff out, having everything in a private subnet makes sense I feel and I also wanted to verify libp2p's announcing mechanism.