luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-nomad/terraform/aws/modules/hashistack/hashistack.tf
Chris Baker c135bad029 terraform: work on terraform setup 
* support for 0.9.0
* ELB for servers
* better output
* customizable security groups
* nvidia-docker support
* different server/client instance types
2019-04-11 13:00:20 +00:00

289 lines
6.6 KiB
HCL
Raw Blame History

variable "name" {}
variable "region" {}
variable "ami" {}
variable "server_instance_type" {}
variable "client_instance_type" {}
variable "key_name" {}
variable "server_count" {}
variable "client_count" {}
variable "nomad_binary" {}
variable "root_block_device_size" {}
variable "whitelist_ip" {}
variable "retry_join" {
type = "map"
default = {
provider = "aws"
tag_key = "ConsulAutoJoin"
tag_value = "auto-join"
}
}
data "aws_vpc" "default" {
default = true
}
resource "aws_security_group" "server_lb" {
name = "${var.name}-server-lb"
vpc_id = "${data.aws_vpc.default.id}"
# Nomad
ingress {
from_port = 4646
to_port = 4646
protocol = "tcp"
cidr_blocks = ["${var.whitelist_ip}"]
}
# Consul
ingress {
from_port = 8500
to_port = 8500
protocol = "tcp"
cidr_blocks = ["${var.whitelist_ip}"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group" "primary" {
name = "${var.name}"
vpc_id = "${data.aws_vpc.default.id}"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["${var.whitelist_ip}"]
}
# Nomad
ingress {
from_port = 4646
to_port = 4646
protocol = "tcp"
cidr_blocks = ["${var.whitelist_ip}"]
security_groups = ["${aws_security_group.server_lb.id}"]
}
# Fabio
ingress {
from_port = 9998
to_port = 9999
protocol = "tcp"
cidr_blocks = ["${var.whitelist_ip}"]
}
# Consul
ingress {
from_port = 8500
to_port = 8500
protocol = "tcp"
cidr_blocks = ["${var.whitelist_ip}"]
security_groups = ["${aws_security_group.server_lb.id}"]
}
# HDFS NameNode UI
ingress {
from_port = 50070
to_port = 50070
protocol = "tcp"
cidr_blocks = ["${var.whitelist_ip}"]
}
# HDFS DataNode UI
ingress {
from_port = 50075
to_port = 50075
protocol = "tcp"
cidr_blocks = ["${var.whitelist_ip}"]
}
# Spark history server UI
ingress {
from_port = 18080
to_port = 18080
protocol = "tcp"
cidr_blocks = ["${var.whitelist_ip}"]
}
# Jupyter
ingress {
from_port = 8888
to_port = 8888
protocol = "tcp"
cidr_blocks = ["${var.whitelist_ip}"]
}
ingress {
from_port = 0
to_port = 0
protocol = "-1"
self = true
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
data "template_file" "user_data_server" {
template = "${file("${path.root}/user-data-server.sh")}"
vars {
server_count = "${var.server_count}"
region = "${var.region}"
retry_join = "${chomp(join(" ", formatlist("%s=%s", keys(var.retry_join), values(var.retry_join))))}"
nomad_binary = "${var.nomad_binary}"
}
}
data "template_file" "user_data_client" {
template = "${file("${path.root}/user-data-client.sh")}"
vars {
region = "${var.region}"
retry_join = "${chomp(join(" ", formatlist("%s=%s ", keys(var.retry_join), values(var.retry_join))))}"
nomad_binary = "${var.nomad_binary}"
}
}
resource "aws_instance" "server" {
ami = "${var.ami}"
instance_type = "${var.server_instance_type}"
key_name = "${var.key_name}"
vpc_security_group_ids = ["${aws_security_group.primary.id}"]
count = "${var.server_count}"
# instance tags
tags = "${merge(
map("Name", "${var.name}-server-${count.index}"),
map(lookup(var.retry_join, "tag_key"), lookup(var.retry_join, "tag_value"))
)}"
root_block_device {
volume_type = "gp2"
volume_size = "${var.root_block_device_size}"
delete_on_termination = "true"
}
user_data = "${data.template_file.user_data_server.rendered}"
iam_instance_profile = "${aws_iam_instance_profile.instance_profile.name}"
}
resource "aws_instance" "client" {
ami = "${var.ami}"
instance_type = "${var.client_instance_type}"
key_name = "${var.key_name}"
vpc_security_group_ids = ["${aws_security_group.primary.id}"]
count = "${var.client_count}"
depends_on = ["aws_instance.server"]
# instance tags
tags = "${merge(
map("Name", "${var.name}-client-${count.index}"),
map(lookup(var.retry_join, "tag_key"), lookup(var.retry_join, "tag_value"))
)}"
root_block_device {
volume_type = "gp2"
volume_size = "${var.root_block_device_size}"
delete_on_termination = "true"
}
ebs_block_device = {
device_name = "/dev/xvdd"
volume_type = "gp2"
volume_size = "50"
delete_on_termination = "true"
}
user_data = "${data.template_file.user_data_client.rendered}"
iam_instance_profile = "${aws_iam_instance_profile.instance_profile.name}"
}
resource "aws_iam_instance_profile" "instance_profile" {
name_prefix = "${var.name}"
role = "${aws_iam_role.instance_role.name}"
}
resource "aws_iam_role" "instance_role" {
name_prefix = "${var.name}"
assume_role_policy = "${data.aws_iam_policy_document.instance_role.json}"
}
data "aws_iam_policy_document" "instance_role" {
statement {
effect = "Allow"
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
}
}
resource "aws_iam_role_policy" "auto_discover_cluster" {
name = "auto-discover-cluster"
role = "${aws_iam_role.instance_role.id}"
policy = "${data.aws_iam_policy_document.auto_discover_cluster.json}"
}
data "aws_iam_policy_document" "auto_discover_cluster" {
statement {
effect = "Allow"
actions = [
"ec2:DescribeInstances",
"ec2:DescribeTags",
"autoscaling:DescribeAutoScalingGroups",
]
resources = ["*"]
}
}
resource "aws_elb" "server_lb" {
name = "${var.name}-server-lb"
availability_zones = ["${distinct(aws_instance.server.*.availability_zone)}"]
internal = false
instances = ["${aws_instance.server.*.id}"]
listener {
instance_port = 4646
instance_protocol = "http"
lb_port = 4646
lb_protocol = "http"
}
listener {
instance_port = 8500
instance_protocol = "http"
lb_port = 8500
lb_protocol = "http"
}
security_groups = ["${aws_security_group.server_lb.id}"]
}
output "server_public_ips" {
value = ["${aws_instance.server.*.public_ip}"]
}
output "client_public_ips" {
value = ["${aws_instance.client.*.public_ip}"]
}
output "server_lb_ip" {
value = "${aws_elb.server_lb.dns_name}"
}
Reference in a new issue View git blame Copy permalink