open-nomad/terraform/aws/modules/hashistack/hashistack.tf
2023-04-10 15:36:59 +00:00

322 lines
6.4 KiB
HCL

# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
variable "name" {
}
variable "region" {
}
variable "ami" {
}
variable "server_instance_type" {
}
variable "client_instance_type" {
}
variable "key_name" {
}
variable "server_count" {
}
variable "client_count" {
}
variable "nomad_binary" {
}
variable "root_block_device_size" {
}
variable "whitelist_ip" {
}
variable "retry_join" {
type = map(string)
default = {
provider = "aws"
tag_key = "ConsulAutoJoin"
tag_value = "auto-join"
}
}
data "aws_vpc" "default" {
default = true
}
resource "aws_security_group" "server_lb" {
name = "${var.name}-server-lb"
vpc_id = data.aws_vpc.default.id
# Nomad
ingress {
from_port = 4646
to_port = 4646
protocol = "tcp"
cidr_blocks = [var.whitelist_ip]
}
# Consul
ingress {
from_port = 8500
to_port = 8500
protocol = "tcp"
cidr_blocks = [var.whitelist_ip]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group" "primary" {
name = var.name
vpc_id = data.aws_vpc.default.id
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [var.whitelist_ip]
}
# Nomad
ingress {
from_port = 4646
to_port = 4646
protocol = "tcp"
cidr_blocks = [var.whitelist_ip]
security_groups = [aws_security_group.server_lb.id]
}
# Fabio
ingress {
from_port = 9998
to_port = 9999
protocol = "tcp"
cidr_blocks = [var.whitelist_ip]
}
# Consul
ingress {
from_port = 8500
to_port = 8500
protocol = "tcp"
cidr_blocks = [var.whitelist_ip]
security_groups = [aws_security_group.server_lb.id]
}
# HDFS NameNode UI
ingress {
from_port = 50070
to_port = 50070
protocol = "tcp"
cidr_blocks = [var.whitelist_ip]
}
# HDFS DataNode UI
ingress {
from_port = 50075
to_port = 50075
protocol = "tcp"
cidr_blocks = [var.whitelist_ip]
}
# Spark history server UI
ingress {
from_port = 18080
to_port = 18080
protocol = "tcp"
cidr_blocks = [var.whitelist_ip]
}
# Jupyter
ingress {
from_port = 8888
to_port = 8888
protocol = "tcp"
cidr_blocks = [var.whitelist_ip]
}
ingress {
from_port = 0
to_port = 0
protocol = "-1"
self = true
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_instance" "server" {
ami = var.ami
instance_type = var.server_instance_type
key_name = var.key_name
vpc_security_group_ids = [aws_security_group.primary.id]
count = var.server_count
# instance tags
tags = merge(
{
"Name" = "${var.name}-server-${count.index}"
},
{
"${var.retry_join.tag_key}" = "${var.retry_join.tag_value}"
},
)
root_block_device {
volume_type = "gp2"
volume_size = var.root_block_device_size
delete_on_termination = "true"
}
user_data = templatefile("${path.root}/user-data-server.sh",
{
server_count = var.server_count
region = var.region
retry_join = chomp(
join(
" ",
formatlist("%s=%s", keys(var.retry_join), values(var.retry_join)),
),
)
nomad_binary = var.nomad_binary
}
)
iam_instance_profile = aws_iam_instance_profile.instance_profile.name
}
resource "aws_instance" "client" {
ami = var.ami
instance_type = var.client_instance_type
key_name = var.key_name
vpc_security_group_ids = [aws_security_group.primary.id]
count = var.client_count
depends_on = [aws_instance.server]
# instance tags
tags = merge(
{
"Name" = "${var.name}-client-${count.index}"
},
{
"${var.retry_join.tag_key}" = "${var.retry_join.tag_value}"
},
)
root_block_device {
volume_type = "gp2"
volume_size = var.root_block_device_size
delete_on_termination = "true"
}
ebs_block_device {
device_name = "/dev/xvdd"
volume_type = "gp2"
volume_size = "50"
delete_on_termination = "true"
}
user_data = templatefile("${path.root}/user-data-client.sh",
{
region = var.region
retry_join = chomp(
join(
" ",
formatlist("%s=%s ", keys(var.retry_join), values(var.retry_join)),
),
)
nomad_binary = var.nomad_binary
}
)
iam_instance_profile = aws_iam_instance_profile.instance_profile.name
}
resource "aws_iam_instance_profile" "instance_profile" {
name_prefix = var.name
role = aws_iam_role.instance_role.name
}
resource "aws_iam_role" "instance_role" {
name_prefix = var.name
assume_role_policy = data.aws_iam_policy_document.instance_role.json
}
data "aws_iam_policy_document" "instance_role" {
statement {
effect = "Allow"
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
}
}
resource "aws_iam_role_policy" "auto_discover_cluster" {
name = "auto-discover-cluster"
role = aws_iam_role.instance_role.id
policy = data.aws_iam_policy_document.auto_discover_cluster.json
}
data "aws_iam_policy_document" "auto_discover_cluster" {
statement {
effect = "Allow"
actions = [
"ec2:DescribeInstances",
"ec2:DescribeTags",
"autoscaling:DescribeAutoScalingGroups",
]
resources = ["*"]
}
}
resource "aws_elb" "server_lb" {
name = "${var.name}-server-lb"
availability_zones = distinct(aws_instance.server.*.availability_zone)
internal = false
instances = aws_instance.server.*.id
listener {
instance_port = 4646
instance_protocol = "http"
lb_port = 4646
lb_protocol = "http"
}
listener {
instance_port = 8500
instance_protocol = "http"
lb_port = 8500
lb_protocol = "http"
}
security_groups = [aws_security_group.server_lb.id]
}
output "server_public_ips" {
value = aws_instance.server[*].public_ip
}
output "client_public_ips" {
value = aws_instance.client[*].public_ip
}
output "server_lb_ip" {
value = aws_elb.server_lb.dns_name
}