open-nomad/terraform/README.md

# Provision a Nomad cluster in the cloud

Use this repo to easily provision a Nomad sandbox environment on AWS, Azure, or GCP with 
[Packer](https://packer.io) and [Terraform](https://terraform.io). 
[Consul](https://www.consul.io/intro/index.html) and 
[Vault](https://www.vaultproject.io/intro/index.html) are also installed 
(colocated for convenience). The intention is to allow easy exploration of 
Nomad and its integrations with the HashiCorp stack. This is *not* meant to be
a production ready environment. 

## Setup

Clone the repo and optionally use [Vagrant](https://www.vagrantup.com/intro) 
to bootstrap a local staging environment:

```bash
$ git clone git@github.com:hashicorp/nomad.git
$ cd nomad/terraform
$ vagrant up && vagrant ssh
```

The Vagrant staging environment pre-installs Packer, Terraform, Docker and the 
Azure CLI.

## Provision a cluster

- Follow the steps [here](aws/README.md) to provision a cluster on AWS.
- Follow the steps [here](azure/README.md) to provision a cluster on Azure.
- Follow the steps [here](gcp/README.md) to provision a cluster on GCP.

Continue with the steps below after a cluster has been provisioned.

## Test

Run a few basic status commands to verify that Consul and Nomad are up and running 
properly:

```bash
$ consul members
$ nomad server members
$ nomad node status
```

## Unseal the Vault cluster (optional)

To initialize and unseal Vault, run:

```bash
$ vault operator init -key-shares=1 -key-threshold=1
$ vault operator unseal
$ export VAULT_TOKEN=[INITIAL_ROOT_TOKEN]
```

The `vault init` command above creates a single 
[Vault unseal key](https://www.vaultproject.io/docs/concepts/seal.html) for 
convenience. For a production environment, it is recommended that you create at 
least five unseal key shares and securely distribute them to independent 
operators. The `vault init` command defaults to five key shares and a key 
threshold of three. If you provisioned more than one server, the others will 
become standby nodes but should still be unsealed. You can query the active 
and standby nodes independently:

```bash
$ dig active.vault.service.consul
$ dig active.vault.service.consul SRV
$ dig standby.vault.service.consul
```

See the [Getting Started guide](https://www.vaultproject.io/intro/getting-started/first-secret.html) 
for an introduction to Vault.

## Getting started with Nomad & the HashiCorp stack

Use the following links to get started with Nomad and its HashiCorp integrations:

* [Getting Started with Nomad](https://www.nomadproject.io/intro/getting-started/jobs.html)
* [Consul integration](https://www.nomadproject.io/docs/service-discovery/index.html)
* [Vault integration](https://www.nomadproject.io/docs/vault-integration/index.html)
* [consul-template integration](https://www.nomadproject.io/docs/job-specification/template.html)
Updating versions and removing deprecated items (#8750) * Removed deprecated Spark pieces. * Bumped HashiCorp stack versions to current as of commit date * Bumped versions of HashiCorp stack tools * Bumped versions, added VAULT_ADDR in GCP, removed refs to Spark in shared README 2020-09-02 17:14:47 +00:00			`# Provision a Nomad cluster in the cloud`
update READMEs 2017-06-15 22:49:02 +00:00
Update terraform/README.md 2020-07-16 19:58:42 +00:00			`Use this repo to easily provision a Nomad sandbox environment on AWS, Azure, or GCP with`
README formatting 2017-06-25 17:45:30 +00:00			`[Packer](https://packer.io) and [Terraform](https://terraform.io).`
			`[Consul](https://www.consul.io/intro/index.html) and`
			`[Vault](https://www.vaultproject.io/intro/index.html) are also installed`
			`(colocated for convenience). The intention is to allow easy exploration of`
Minor doc updates Oxford comma, links to spark fork, etc 2017-06-26 17:51:59 +00:00			`Nomad and its integrations with the HashiCorp stack. This is not meant to be`
Updating versions and removing deprecated items (#8750) * Removed deprecated Spark pieces. * Bumped HashiCorp stack versions to current as of commit date * Bumped versions of HashiCorp stack tools * Bumped versions, added VAULT_ADDR in GCP, removed refs to Spark in shared README 2020-09-02 17:14:47 +00:00			`a production ready environment.`
update READMEs 2017-06-15 22:49:02 +00:00
			`## Setup`

Fix Vagrant link in README (#8839) 2020-09-08 13:45:46 +00:00			`Clone the repo and optionally use [Vagrant](https://www.vagrantup.com/intro)`
README formatting 2017-06-25 17:45:30 +00:00			`to bootstrap a local staging environment:`
update READMEs 2017-06-15 22:49:02 +00:00
			```bash
			`$ git clone git@github.com:hashicorp/nomad.git`
Update README.md git-clone'ing doesn't automatically jump you into the dir, so this doc update fixes a missing step 2018-06-05 15:29:57 +00:00			`$ cd nomad/terraform`
update READMEs 2017-06-15 22:49:02 +00:00			`$ vagrant up && vagrant ssh`
			```

restructure README files; add Azure README 2017-11-15 19:40:34 +00:00			`The Vagrant staging environment pre-installs Packer, Terraform, Docker and the`
			`Azure CLI.`
update READMEs 2017-06-15 22:49:02 +00:00
update READMEs 2017-06-24 23:50:11 +00:00			`## Provision a cluster`
update READMEs 2017-06-15 22:49:02 +00:00
Update README.md 2017-11-15 22:18:49 +00:00			`- Follow the steps [here](aws/README.md) to provision a cluster on AWS.`
			`- Follow the steps [here](azure/README.md) to provision a cluster on Azure.`
Update terraform/README.md 2020-07-16 19:58:42 +00:00			`- Follow the steps [here](gcp/README.md) to provision a cluster on GCP.`
update READMEs 2017-06-15 22:49:02 +00:00
restructure README files; add Azure README 2017-11-15 19:40:34 +00:00			`Continue with the steps below after a cluster has been provisioned.`
update READMEs 2017-06-15 22:49:02 +00:00
restructure README files; add Azure README 2017-11-15 19:40:34 +00:00			`## Test`
update READMEs 2017-06-15 22:49:02 +00:00
restructure README files; add Azure README 2017-11-15 19:40:34 +00:00			`Run a few basic status commands to verify that Consul and Nomad are up and running`
README formatting 2017-06-25 17:45:30 +00:00			`properly:`
update READMEs 2017-06-15 22:49:02 +00:00
			```bash
			`$ consul members`
README: use newer command Got: ``` WARNING! The "nomad server-members" command is deprecated. Please use "nomad server members" instead. This command will be removed in Nomad 0.10 (or later). ``` 2018-06-05 16:35:03 +00:00			`$ nomad server members`
AWS sandbox environment upgrade (#4873) * upgrade Nomad from 0.8.4 to 0.8.6 * update deprecated nomad and vault commands * update AMI ID * add ingress rule for default fabio port and fabio UI * upgrade Consul and Vault versions * update AMI ID in README.md and terraform.tfvars 2018-11-14 04:21:01 +00:00			`$ nomad node status`
update READMEs 2017-06-15 22:49:02 +00:00			```

restructure README files; add Azure README 2017-11-15 19:40:34 +00:00			`## Unseal the Vault cluster (optional)`

			`To initialize and unseal Vault, run:`
update READMEs 2017-06-15 22:49:02 +00:00
			```bash
README: newer Vault init command Got a warning message: ``` WARNING! The "vault init" command is deprecated. Please use "vault operator init" instead. This command will be removed in Vault 0.11 (or later). ``` 2018-06-05 16:37:06 +00:00			`$ vault operator init -key-shares=1 -key-threshold=1`
AWS sandbox environment upgrade (#4873) * upgrade Nomad from 0.8.4 to 0.8.6 * update deprecated nomad and vault commands * update AMI ID * add ingress rule for default fabio port and fabio UI * upgrade Consul and Vault versions * update AMI ID in README.md and terraform.tfvars 2018-11-14 04:21:01 +00:00			`$ vault operator unseal`
update READMEs 2017-06-15 22:49:02 +00:00			`$ export VAULT_TOKEN=[INITIAL_ROOT_TOKEN]`
			```

README formatting 2017-06-25 17:45:30 +00:00			The `vault init` command above creates a single
			`[Vault unseal key](https://www.vaultproject.io/docs/concepts/seal.html) for`
			`convenience. For a production environment, it is recommended that you create at`
			`least five unseal key shares and securely distribute them to independent`
			operators. The `vault init` command defaults to five key shares and a key
			`threshold of three. If you provisioned more than one server, the others will`
restructure README files; add Azure README 2017-11-15 19:40:34 +00:00			`become standby nodes but should still be unsealed. You can query the active`
README formatting 2017-06-25 17:45:30 +00:00			`and standby nodes independently:`
update READMEs 2017-06-25 17:09:28 +00:00
			```bash
			`$ dig active.vault.service.consul`
			`$ dig active.vault.service.consul SRV`
			`$ dig standby.vault.service.consul`
restructure README files; add Azure README 2017-11-15 19:40:34 +00:00			```

			`See the [Getting Started guide](https://www.vaultproject.io/intro/getting-started/first-secret.html)`
			`for an introduction to Vault.`
update READMEs 2017-06-15 22:49:02 +00:00
			`## Getting started with Nomad & the HashiCorp stack`

restructure README files; add Azure README 2017-11-15 19:40:34 +00:00			`Use the following links to get started with Nomad and its HashiCorp integrations:`
update READMEs 2017-06-15 22:49:02 +00:00
tweak top level README 2017-06-16 21:46:51 +00:00			`* [Getting Started with Nomad](https://www.nomadproject.io/intro/getting-started/jobs.html)`
			`* [Consul integration](https://www.nomadproject.io/docs/service-discovery/index.html)`
			`* [Vault integration](https://www.nomadproject.io/docs/vault-integration/index.html)`
restructure README files; add Azure README 2017-11-15 19:40:34 +00:00			`* [consul-template integration](https://www.nomadproject.io/docs/job-specification/template.html)`
update READMEs 2017-06-15 22:49:02 +00:00