M terraform/README.md => terraform/README.md +7 -1
@@ 4,4 4,10 @@ Log level and log path can be set using the `TF_LOG` and `TF_LOG_PATH` environme
## TODO
-Looks like the CA key is persisted in the Terraform state. :gulp: Need to figure out how to not do that.
+- Looks like the CA key is persisted in the Terraform state. :gulp: Need to
+ figure out how to not do that. Will probably require storing it somewhere
+ other than git.
+- It would be nice to have all nodes in their own module, i.e.
+ `module.nodes.consul-servers` rather than `module.consul-servers`. This would
+ make it easier to apply only node changes, which may be necessary to do
+ before applying DNS record changes.
M terraform/consul-server/main.tf => terraform/consul-server/main.tf +7 -1
@@ 13,6 13,10 @@ resource "linode_instance" "servers" {
consul_version = random_id.servers[count.index].keepers.consul_version
}
+ lifecycle {
+ create_before_destroy = true
+ }
+
// wait for stackscript to complete
provisioner "remote-exec" {
connection { host = split("/", self.ipv6)[0] }
@@ 46,7 50,7 @@ resource "linode_instance" "servers" {
connection { host = split("/", self.ipv6)[0] }
destination = "/etc/consul.d/server.hcl"
content = <<-EOT
- datacenter = "${var.datacenter}"
+ datacenter = "${var.datacenter}"
server = true
bootstrap_expect = ${var.servers}
EOT
@@ 155,3 159,5 @@ data "template_file" "cfssl_config" {
ca_key = var.ca_key
}
}
+
+// vim: set expandtab shiftwidth=2 tabstop=2:
M terraform/consul-server/outputs.tf => terraform/consul-server/outputs.tf +2 -0
@@ 2,3 2,5 @@ output "instances" {
description = "Consul server instances"
value = linode_instance.servers
}
+
+// vim: set expandtab shiftwidth=2 tabstop=2:
M terraform/consul-server/variables.tf => terraform/consul-server/variables.tf +2 -0
@@ 10,3 10,5 @@ variable ca_host { type = string }
variable ca_key { type = string }
variable consul_version { type = string }
+
+// vim: set expandtab shiftwidth=2 tabstop=2:
M terraform/domain-address/main.tf => terraform/domain-address/main.tf +2 -0
@@ 19,3 19,5 @@ resource "linode_domain_record" "aaaa" {
record_type = "AAAA"
target = each.value
}
+
+// vim: set expandtab shiftwidth=2 tabstop=2:
M terraform/domain-address/variables.tf => terraform/domain-address/variables.tf +2 -0
@@ 13,3 13,5 @@ variable instances {
ipv6 = string
}))
}
+
+// vim: set expandtab shiftwidth=2 tabstop=2:
M terraform/main.tf => terraform/main.tf +1 -1
@@ 29,7 29,7 @@ module "consul-server" {
consul_version = "1.7.2"
datacenter = local.region
- image = "linode/opensuse15.2"
+ image = lookup(local.image, terraform.workspace, local.image["default"])
instance_type = local.instance_type
stackscript_id = local.stackscript_id
authorized_users = local.authorized_users
M terraform/nomad-client/main.tf => terraform/nomad-client/main.tf +6 -0
@@ 31,6 31,10 @@ resource "linode_instance" "clients" {
nomad_version = random_id.clients[count.index].keepers.nomad_version
}
+ lifecycle {
+ create_before_destroy = true
+ }
+
// wait for stackscript to complete
provisioner "remote-exec" {
connection { host = split("/", self.ipv6)[0] }
@@ 275,3 279,5 @@ data "template_file" "cfssl_config" {
ca_key = var.ca_key
}
}
+
+// vim: set expandtab shiftwidth=2 tabstop=2:
M terraform/nomad-client/outputs.tf => terraform/nomad-client/outputs.tf +2 -0
@@ 2,3 2,5 @@ output "instances" {
description = "Nomad client IP addresses"
value = linode_instance.clients
}
+
+// vim: set expandtab shiftwidth=2 tabstop=2:
M terraform/nomad-client/variables.tf => terraform/nomad-client/variables.tf +2 -0
@@ 22,3 22,5 @@ variable node_class {
type = string
default = ""
}
+
+// vim: set expandtab shiftwidth=2 tabstop=2:
M terraform/nomad-server/main.tf => terraform/nomad-server/main.tf +19 -13
@@ 14,6 14,10 @@ resource "linode_instance" "servers" {
nomad_version = random_id.servers[count.index].keepers.nomad_version
}
+ lifecycle {
+ create_before_destroy = true
+ }
+
// wait for stackscript to complete
provisioner "remote-exec" {
connection { host = split("/", self.ipv6)[0] }
@@ 68,12 72,12 @@ resource "linode_instance" "servers" {
connection { host = split("/", self.ipv6)[0] }
destination = "/etc/nomad.d/server.hcl"
content = <<-EOT
- datacenter = "${var.datacenter}"
+ datacenter = "${var.datacenter}"
server {
- enabled = true
- bootstrap_expect = ${var.servers}
- }
+ enabled = true
+ bootstrap_expect = ${var.servers}
+ }
EOT
}
@@ 125,10 129,10 @@ resource "linode_instance" "servers" {
destination = "/etc/profile.local"
content = <<-EOT
export CONSUL_HTTP_ADDR=unix:///var/run/consul/consul_https.sock
- export NOMAD_ADDR=https://localhost:4646
- export NOMAD_CACERT=/etc/ssl/nomad/ca.pem
- export NOMAD_CLIENT_CERT=/etc/ssl/nomad/cli.pem
- export NOMAD_CLIENT_KEY=/etc/ssl/nomad/cli-key.pem
+ export NOMAD_ADDR=https://localhost:4646
+ export NOMAD_CACERT=/etc/ssl/nomad/ca.pem
+ export NOMAD_CLIENT_CERT=/etc/ssl/nomad/cli.pem
+ export NOMAD_CLIENT_KEY=/etc/ssl/nomad/cli-key.pem
EOT
}
@@ 143,11 147,11 @@ resource "linode_instance" "servers" {
connection { host = split("/", self.ipv6)[0] }
inline = [
<<-EOC
- SYSTEMD_EDITOR=tee systemctl edit nomad <<EOF
- [Service]
- Environment=VAULT_TOKEN=${var.vault_token}
- EOF
- EOC
+ SYSTEMD_EDITOR=tee systemctl edit nomad <<EOF
+ [Service]
+ Environment=VAULT_TOKEN=${var.vault_token}
+ EOF
+ EOC
,
"chmod 0400 /etc/systemd/system/nomad.service.d/override.conf"
]
@@ 231,3 235,5 @@ data "template_file" "cfssl_config" {
ca_key = var.ca_key
}
}
+
+// vim: set expandtab shiftwidth=2 tabstop=2:
M terraform/nomad-server/outputs.tf => terraform/nomad-server/outputs.tf +2 -0
@@ 2,3 2,5 @@ output "instances" {
description = "Nomad server instances"
value = linode_instance.servers
}
+
+// vim: set expandtab shiftwidth=2 tabstop=2:
M terraform/nomad-server/variables.tf => terraform/nomad-server/variables.tf +2 -0
@@ 13,3 13,5 @@ variable vault_token { type = string }
variable consul_version { type = string }
variable nomad_version { type = string }
variable consul_server_ips { type = list(string) }
+
+// vim: set expandtab shiftwidth=2 tabstop=2:
M terraform/vault-server/main.tf => terraform/vault-server/main.tf +14 -8
@@ 14,6 14,10 @@ resource "linode_instance" "servers" {
vault_version = random_id.servers[count.index].keepers.vault_version
}
+ lifecycle {
+ create_before_destroy = true
+ }
+
// wait for stackscript to complete
provisioner "remote-exec" {
connection { host = split("/", self.ipv6)[0] }
@@ 68,12 72,12 @@ resource "linode_instance" "servers" {
connection { host = split("/", self.ipv6)[0] }
destination = "/etc/vault.d/server.hcl"
content = <<-EOT
- datacenter = "${var.datacenter}"
+ datacenter = "${var.datacenter}"
server {
- enabled = true
- bootstrap_expect = ${var.servers}
- }
+ enabled = true
+ bootstrap_expect = ${var.servers}
+ }
EOT
}
@@ 118,10 122,10 @@ resource "linode_instance" "servers" {
destination = "/etc/profile.local"
content = <<-EOT
export CONSUL_HTTP_ADDR=unix:///var/run/consul/consul_https.sock
- export VAULT_ADDR=https://localhost:8200
- export VAULT_CACERT=/etc/ssl/vault/ca.pem
- export VAULT_CLIENT_CERT=/etc/ssl/vault/cli.pem
- export VAULT_CLIENT_KEY=/etc/ssl/vault/cli-key.pem
+ export VAULT_ADDR=https://localhost:8200
+ export VAULT_CACERT=/etc/ssl/vault/ca.pem
+ export VAULT_CLIENT_CERT=/etc/ssl/vault/cli.pem
+ export VAULT_CLIENT_KEY=/etc/ssl/vault/cli-key.pem
EOT
}
@@ 208,3 212,5 @@ data "template_file" "cfssl_config" {
ca_key = var.ca_key
}
}
+
+// vim: set expandtab shiftwidth=2 tabstop=2:
M terraform/vault-server/outputs.tf => terraform/vault-server/outputs.tf +2 -0
@@ 2,3 2,5 @@ output "instances" {
description = "Vault server instances"
value = linode_instance.servers
}
+
+// vim: set expandtab shiftwidth=2 tabstop=2:
M terraform/vault-server/variables.tf => terraform/vault-server/variables.tf +2 -0
@@ 12,3 12,5 @@ variable ca_key { type = string }
variable consul_version { type = string }
variable vault_version { type = string }
variable consul_server_ips { type = list(string) }
+
+// vim: set expandtab shiftwidth=2 tabstop=2: