# Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: MPL-2.0 variable "name" { } variable "region" { } variable "ami" { } variable "server_instance_type" { } variable "client_instance_type" { } variable "key_name" { } variable "server_count" { } variable "client_count" { } variable "nomad_binary" { } variable "root_block_device_size" { } variable "whitelist_ip" { } variable "retry_join" { type = map(string) default = { provider = "aws" tag_key = "ConsulAutoJoin" tag_value = "auto-join" } } data "aws_vpc" "default" { default = true } resource "aws_security_group" "server_lb" { name = "${var.name}-server-lb" vpc_id = data.aws_vpc.default.id # Nomad ingress { from_port = 4646 to_port = 4646 protocol = "tcp" cidr_blocks = [var.whitelist_ip] } # Consul ingress { from_port = 8500 to_port = 8500 protocol = "tcp" cidr_blocks = [var.whitelist_ip] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } } resource "aws_security_group" "primary" { name = var.name vpc_id = data.aws_vpc.default.id ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = [var.whitelist_ip] } # Nomad ingress { from_port = 4646 to_port = 4646 protocol = "tcp" cidr_blocks = [var.whitelist_ip] security_groups = [aws_security_group.server_lb.id] } # Fabio ingress { from_port = 9998 to_port = 9999 protocol = "tcp" cidr_blocks = [var.whitelist_ip] } # Consul ingress { from_port = 8500 to_port = 8500 protocol = "tcp" cidr_blocks = [var.whitelist_ip] security_groups = [aws_security_group.server_lb.id] } # HDFS NameNode UI ingress { from_port = 50070 to_port = 50070 protocol = "tcp" cidr_blocks = [var.whitelist_ip] } # HDFS DataNode UI ingress { from_port = 50075 to_port = 50075 protocol = "tcp" cidr_blocks = [var.whitelist_ip] } # Spark history server UI ingress { from_port = 18080 to_port = 18080 protocol = "tcp" cidr_blocks = [var.whitelist_ip] } # Jupyter ingress { from_port = 8888 to_port = 8888 protocol = "tcp" cidr_blocks = [var.whitelist_ip] } ingress { from_port = 0 to_port = 0 protocol = "-1" self = true } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } } resource "aws_instance" "server" { ami = var.ami instance_type = var.server_instance_type key_name = var.key_name vpc_security_group_ids = [aws_security_group.primary.id] count = var.server_count # instance tags tags = merge( { "Name" = "${var.name}-server-${count.index}" }, { "${var.retry_join.tag_key}" = "${var.retry_join.tag_value}" }, ) root_block_device { volume_type = "gp2" volume_size = var.root_block_device_size delete_on_termination = "true" } user_data = templatefile("${path.root}/user-data-server.sh", { server_count = var.server_count region = var.region retry_join = chomp( join( " ", formatlist("%s=%s", keys(var.retry_join), values(var.retry_join)), ), ) nomad_binary = var.nomad_binary } ) iam_instance_profile = aws_iam_instance_profile.instance_profile.name } resource "aws_instance" "client" { ami = var.ami instance_type = var.client_instance_type key_name = var.key_name vpc_security_group_ids = [aws_security_group.primary.id] count = var.client_count depends_on = [aws_instance.server] # instance tags tags = merge( { "Name" = "${var.name}-client-${count.index}" }, { "${var.retry_join.tag_key}" = "${var.retry_join.tag_value}" }, ) root_block_device { volume_type = "gp2" volume_size = var.root_block_device_size delete_on_termination = "true" } ebs_block_device { device_name = "/dev/xvdd" volume_type = "gp2" volume_size = "50" delete_on_termination = "true" } user_data = templatefile("${path.root}/user-data-client.sh", { region = var.region retry_join = chomp( join( " ", formatlist("%s=%s ", keys(var.retry_join), values(var.retry_join)), ), ) nomad_binary = var.nomad_binary } ) iam_instance_profile = aws_iam_instance_profile.instance_profile.name } resource "aws_iam_instance_profile" "instance_profile" { name_prefix = var.name role = aws_iam_role.instance_role.name } resource "aws_iam_role" "instance_role" { name_prefix = var.name assume_role_policy = data.aws_iam_policy_document.instance_role.json } data "aws_iam_policy_document" "instance_role" { statement { effect = "Allow" actions = ["sts:AssumeRole"] principals { type = "Service" identifiers = ["ec2.amazonaws.com"] } } } resource "aws_iam_role_policy" "auto_discover_cluster" { name = "auto-discover-cluster" role = aws_iam_role.instance_role.id policy = data.aws_iam_policy_document.auto_discover_cluster.json } data "aws_iam_policy_document" "auto_discover_cluster" { statement { effect = "Allow" actions = [ "ec2:DescribeInstances", "ec2:DescribeTags", "autoscaling:DescribeAutoScalingGroups", ] resources = ["*"] } } resource "aws_elb" "server_lb" { name = "${var.name}-server-lb" availability_zones = distinct(aws_instance.server.*.availability_zone) internal = false instances = aws_instance.server.*.id listener { instance_port = 4646 instance_protocol = "http" lb_port = 4646 lb_protocol = "http" } listener { instance_port = 8500 instance_protocol = "http" lb_port = 8500 lb_protocol = "http" } security_groups = [aws_security_group.server_lb.id] } output "server_public_ips" { value = aws_instance.server[*].public_ip } output "client_public_ips" { value = aws_instance.client[*].public_ip } output "server_lb_ip" { value = aws_elb.server_lb.dns_name }