luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-nomad/e2e/terraform/provision-nomad/install-linux.tf
Tim Gross c4d92205b4
E2E: provide options for reverse proxy for web UI (#12671) 
Our E2E test environment is deployed with mTLS, but it's impractical
for us to use mTLS in headless browsers for automated testing (or even
in manual testing). Provide certificates for proxying the web UI via
Nginx. This proxy uses client certs for proxying to the HTTP endpoint
and a self-signed cert for the browser-facing endpoint. We can accept
certificate errors in the automated tests we'll be adding in the next
step of this work.
2022-04-19 16:55:05 -04:00

134 lines
4.1 KiB
HCL
Raw Blame History

resource "local_sensitive_file" "nomad_systemd_unit_file" {
content = templatefile("etc/nomad.d/nomad-${var.role}.service", {})
filename = "${local.upload_dir}/nomad.d/nomad.service"
file_permission = "0600"
}
resource "null_resource" "install_nomad_binary_linux" {
count = var.platform == "linux" ? 1 : 0
triggers = { nomad_binary_sha = filemd5(var.nomad_local_binary) }
connection {
type = "ssh"
user = var.connection.user
host = var.instance.public_ip
port = var.connection.port
private_key = file(var.connection.private_key)
timeout = "5m"
}
provisioner "file" {
source = var.nomad_local_binary
destination = "/tmp/nomad"
}
provisioner "remote-exec" {
inline = [
"sudo mv /tmp/nomad /usr/local/bin/nomad",
"sudo chmod +x /usr/local/bin/nomad",
]
}
}
resource "null_resource" "install_consul_configs_linux" {
count = var.platform == "linux" ? 1 : 0
depends_on = [
null_resource.upload_consul_configs,
]
connection {
type = "ssh"
user = var.connection.user
host = var.instance.public_ip
port = var.connection.port
private_key = file(var.connection.private_key)
timeout = "5m"
}
provisioner "remote-exec" {
inline = [
"mkdir -p /etc/consul.d",
"sudo rm -rf /etc/consul.d/*",
"sudo mv /tmp/consul_ca.pem /etc/consul.d/ca.pem",
"sudo mv /tmp/consul_client_acl.json /etc/consul.d/acl.json",
"sudo mv /tmp/consul_client.json /etc/consul.d/consul_client.json",
"sudo mv /tmp/consul_client_base.json /etc/consul.d/consul_client_base.json",
"sudo mv /tmp/consul.service /etc/systemd/system/consul.service",
]
}
}
resource "null_resource" "install_nomad_configs_linux" {
count = var.platform == "linux" ? 1 : 0
depends_on = [
null_resource.upload_nomad_configs,
]
connection {
type = "ssh"
user = var.connection.user
host = var.instance.public_ip
port = var.connection.port
private_key = file(var.connection.private_key)
timeout = "5m"
}
provisioner "remote-exec" {
inline = [
"mkdir -p /etc/nomad.d",
"mkdir -p /opt/nomad/data",
"sudo rm -rf /etc/nomad.d/*",
"sudo mv /tmp/consul.hcl /etc/nomad.d/consul.hcl",
"sudo mv /tmp/vault.hcl /etc/nomad.d/vault.hcl",
"sudo mv /tmp/base.hcl /etc/nomad.d/base.hcl",
"sudo mv /tmp/${var.role}-${var.platform}.hcl /etc/nomad.d/${var.role}-${var.platform}.hcl",
"sudo mv /tmp/${var.role}-${var.platform}-${var.index}.hcl /etc/nomad.d/${var.role}-${var.platform}-${var.index}.hcl",
"sudo mv /tmp/.environment /etc/nomad.d/.environment",
# TLS
"sudo mkdir /etc/nomad.d/tls",
"sudo mv /tmp/tls.hcl /etc/nomad.d/tls.hcl",
"sudo mv /tmp/agent-${var.instance.public_ip}.key /etc/nomad.d/tls/agent.key",
"sudo mv /tmp/agent-${var.instance.public_ip}.crt /etc/nomad.d/tls/agent.crt",
"sudo mv /tmp/tls_proxy.key /etc/nomad.d/tls/tls_proxy.key",
"sudo mv /tmp/tls_proxy.crt /etc/nomad.d/tls/tls_proxy.crt",
"sudo mv /tmp/self_signed.key /etc/nomad.d/tls/self_signed.key",
"sudo mv /tmp/self_signed.crt /etc/nomad.d/tls/self_signed.crt",
"sudo mv /tmp/ca.crt /etc/nomad.d/tls/ca.crt",
"sudo mv /tmp/nomad.service /etc/systemd/system/nomad.service",
]
}
}
resource "null_resource" "restart_linux_services" {
count = var.platform == "linux" ? 1 : 0
depends_on = [
null_resource.install_nomad_binary_linux,
null_resource.install_consul_configs_linux,
null_resource.install_nomad_configs_linux,
]
connection {
type = "ssh"
user = var.connection.user
host = var.instance.public_ip
port = var.connection.port
private_key = file(var.connection.private_key)
timeout = "5m"
}
provisioner "remote-exec" {
inline = [
"sudo systemctl daemon-reload",
"sudo systemctl enable consul",
"sudo systemctl restart consul",
"sudo systemctl enable nomad",
"sudo systemctl restart nomad",
]
}
}
Reference in a new issue View git blame Copy permalink