luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-nomad/terraform/azure
History
Rob Genova ac325b8dd9
Update README.md
2017-12-03 14:16:45 -08:00
..
env/EastUS update Azure Terraform configs 2017-11-15 19:37:32 +00:00
modules/hashistack update Azure Terraform configs 2017-11-15 19:37:32 +00:00
packer.json update config files to support systemd and Azure; reorganize Packer file hierarchy; update Vagrantfile to use latest tool versions 2017-11-15 19:31:46 +00:00
README.md Update README.md 2017-12-03 14:16:45 -08:00

README.md

Provision a Nomad cluster on Azure

Pre-requisites

To get started, you will need to create an Azure account.

Install the Azure CLI

Run the following commands to install the Azure CLI. Note that you can use the Vagrant included in this repository to bootstrap a staging environment that pre-installs the Azure CLI.

$ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ wheezy main" | /
  sudo tee /etc/apt/sources.list.d/azure-cli.list
$ sudo apt-key adv --keyserver packages.microsoft.com --recv-keys 417A0893
$ sudo apt-get install apt-transport-https
$ sudo apt-get update && sudo apt-get install azure-cli

Login to Azure

Use the az login CLI command to log in to Azure:

$ az login

[
  {
    "cloudName": "AzureCloud",
    "id": "SUBSCRIPTION_ID",
    "isDefault": true,
    "name": "Free Trial",
    "state": "Enabled",
    "tenantId": "TENANT_ID",
    "user": {
      "name": "rob@hashicorp.com",
      "type": "user"
    }
  }
]

After completing the login process, take note of the SUBSCRIPTION_ID and the TENANT_ID that are included in the output above. These will be used to set the ARM_SUBSCRIPTION_ID and ARM_TENANT_ID environment variables for Packer and Terraform.

Create an Application Id and Password

Run the following CLI command to create an application Id and password:

$ az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/${SUBSCRIPTION_ID}"

{
  "appId": "CLIENT_ID",
  "displayName": "azure-cli-...",
  "name": "http://azure-cli-...",
  "password": "CLIENT_SECRET",
  "tenant": "TENANT_ID"
}

appId and password above will be used for the ARM_CLIENT_ID and ARM_CLIENT_SECRET environment variables.

Create an Azure Resource Group

Use the following command to create an Azure resource group for Packer:

$ az group create --name packer --location "East US"

Set the Azure Environment Variables

export ARM_SUBSCRIPTION_ID=[ARM_SUBSCRIPTION_ID]  
export ARM_CLIENT_ID=[ARM_CLIENT_ID]  
export ARM_CLIENT_SECRET=[ARM_CLIENT_SECRET]  
export ARM_TENANT_ID=[ARM_TENANT_ID]  
export AZURE_RESOURCE_GROUP=packer

Build an Azure machine image with Packer

Packer is HashiCorp's open source tool for creating identical machine images for multiple platforms from a single source configuration. The AMI can be customized through modifications to the build configuration script and packer.json.

Use the following command to build the AMI:

$ packer build packer.json

After the Packer build process completes, you can output the image Id using the following CLI command:

$ az image list --query "[?tags.Product=='Hashistack'].id"

[
  "/subscriptions/SUBSCRIPTION_ID/resourceGroups/PACKER/providers/Microsoft.Compute/images/hashistack"
]

The following CLI command will delete the image, if you need to delete and recreate it:

$ az image delete --name hashistack --resource-group packer

Provision a cluster with Terraform

cd to an environment subdirectory:

$ cd env/EastUS

Consul supports a cloud-based auto join feature which includes support for Azure. The feature requires that we create a service principal with the Reader role. Run the following command to create an Azure service principal for Consul auto join:

$ az ad sp create-for-rbac --role="Reader" --scopes="/subscriptions/[SUBSCRIPTION_ID]"

{
  "appId": "CLIENT_ID",
  "displayName": "azure-cli-...",
  "name": "http://azure-cli-...",
  "password": "CLIENT_SECRET",
  "tenant": "TENANT_ID"
}

Update terraform.tfvars with you SUBSCRIPTION_ID, TENANT_ID, CLIENT_ID and CLIENT_SECRET. Use the CLIENT_ID and CLIENT_SECRET created above for the service principal:

location = "East US"
image_id = "/subscriptions/SUBSCRIPTION_ID/resourceGroups/PACKER/providers/Microsoft.Compute/images/hashistack"
vm_size = "Standard_DS1_v2"
server_count = 1
client_count = 4
retry_join = "provider=azure tag_name=ConsulAutoJoin tag_value=auto-join subscription_id=SUBSCRIPTION_ID tenant_id=TENANT_ID client_id=CLIENT_ID secret_access_key=CLIENT_SECRET"

Provision the cluster:

$ terraform init
$ terraform get
$ terraform plan
$ terraform apply

Access the cluster

SSH to one of the servers using its public IP:

$ ssh -i azure-hashistack.pem ubuntu@PUBLIC_IP

azure-hashistack.pem above is auto-created during the provisioning process. The infrastructure that is provisioned for this test environment is configured to allow all traffic over port 22. This is obviously not recommended for production deployments.

Next steps

Click here for next steps.