open-nomad/terraform
Seth Hoenig f7c0e078a9 build: update golang version to 1.18.2
This PR update to Go 1.18.2. Also update the versions of hclfmt
and go-hclogfmt which includes newer dependencies necessary for dealing
with go1.18.

The hcl v2 branch is now 'nomad-v2.9.1+tweaks2', to include a fix for
newer macOS versions: 8927e75e82
2022-05-25 10:04:04 -05:00
..
aws scripts: fix interpreter for bash (#12549) 2022-04-12 10:08:21 -04:00
azure scripts: fix interpreter for bash (#12549) 2022-04-12 10:08:21 -04:00
examples Remove example associated with deprecated nomad-spark (#11441) 2021-11-03 16:44:26 -07:00
gcp build: update golang version to 1.18.2 2022-05-25 10:04:04 -05:00
shared [terraform/aws] Fix NVidia GPG key error (#12985) 2022-05-16 06:49:01 -04:00
README.md
Vagrantfile terraform: update installed version used to 1.0.11. 2021-11-19 09:33:11 +01:00

Provision a Nomad cluster in the cloud

Use this repo to easily provision a Nomad sandbox environment on AWS, Azure, or GCP with Packer and Terraform. Consul and Vault are also installed (colocated for convenience). The intention is to allow easy exploration of Nomad and its integrations with the HashiCorp stack. This is not meant to be a production ready environment.

Setup

Clone the repo and optionally use Vagrant to bootstrap a local staging environment:

$ git clone git@github.com:hashicorp/nomad.git
$ cd nomad/terraform
$ vagrant up && vagrant ssh

The Vagrant staging environment pre-installs Packer, Terraform, Docker and the Azure CLI.

Provision a cluster

  • Follow the steps here to provision a cluster on AWS.
  • Follow the steps here to provision a cluster on Azure.
  • Follow the steps here to provision a cluster on GCP.

Continue with the steps below after a cluster has been provisioned.

Test

Run a few basic status commands to verify that Consul and Nomad are up and running properly:

$ consul members
$ nomad server members
$ nomad node status

Unseal the Vault cluster (optional)

To initialize and unseal Vault, run:

$ vault operator init -key-shares=1 -key-threshold=1
$ vault operator unseal
$ export VAULT_TOKEN=[INITIAL_ROOT_TOKEN]

The vault init command above creates a single Vault unseal key for convenience. For a production environment, it is recommended that you create at least five unseal key shares and securely distribute them to independent operators. The vault init command defaults to five key shares and a key threshold of three. If you provisioned more than one server, the others will become standby nodes but should still be unsealed. You can query the active and standby nodes independently:

$ dig active.vault.service.consul
$ dig active.vault.service.consul SRV
$ dig standby.vault.service.consul

See the Getting Started guide for an introduction to Vault.

Getting started with Nomad & the HashiCorp stack

Use the following links to get started with Nomad and its HashiCorp integrations: