hashistack-digitalocean
hashistack-digitalocean copied to clipboard
Terraform to setup a consul cluster interacting with a nomad cluster
Hashistack Digitalocean
Terraform to setup a consul and nomad cluster by building the number of servers and clients specified. It wraps them around a firewall that can only be accesses via a bastion host (ssh) and a load balancer (http) Uses digital ocean as a provider to create the droplets needed. Sets up Vault to store secrets
Now also uses Consul Connect as a sidecar allocation to interact with other services
It starts nomad and consul as a service and automatically connects all nodes in the cluster
Environment variables
-
do_token
- api token for digital ocean which can be found in your DigitalOcean Account under "API" -
ssh_fingerprint
- the ssh fingerprint to use to connect to your newly created droplets -
bastion_host_id
- the droplet id of the bastion host server -
server_count
- number of server droplets to create -
client_count
- number of client droplets to create
Modules
server-droplet
- Create servers and sets up nomad and consul in server mode
-
server_count
- number of server droplets to create
client-droplet
- Create clients and sets up nomad and consul in client mode
-
client_count
- number of client droplets to create -
consul_server_ip
- a consul server ip
load-balancer
- Create a public load balancer to connect to all servers
-
all_server_ids
- ids of all servers (droplets)
firewall
- Create a firewall around the server and client droplets
-
all_server_ids
- ids of all servers (droplets) -
load_balancer_id
- the id of the digital ocean load balancer -
bastion_id
- the droplet id of the bastion host
Scripts
Scripts for installing required software in newly created droplets
consul
install_consul.sh client|server ${self.ipv4_address_private} ${var.consul_server_ip}
- Installs required software - unzip and docker
- Sets up iptables to allow access to localhost from docker
- Downloads consul and copies the binary to the /user/bin directory
- Starts consul as a service in either server or client mode
- If in client mode, it joins the client to the cluster
nomad
install_nomad.sh client|server
- Downloads nomad and copies the binary to the /user/bin directory
- Starts nomad as a service in either server or client mode
vault
install_vault.sh server
- Downloads vault and copies the binary to the /user/bin directory
- Starts vault as a service in server mode
- Initializes Vault
- Unseals vaults to make it ready for use
- Exports the vault token for nomad to use
How to run
-
eval `ssh-agent -s`
-
ssh-add ~/.ssh/id_rsa
(add your private key to the ssh agent which corresponds to the ssh_fingerprint) -
terraform init
-
terraform plan
-
terraform apply