~damien/infrastructure

55daf2162d0dc2c7aec7500b41883cce074dac0d — Damien Radtke 2 years ago 1d0df1f
I think I finally got it running on v2
M ca/consul-agent-ca.srl => ca/consul-agent-ca.srl +1 -1
@@ 1,1 1,1 @@
2E741F16F5701C92061B3669C7546E4A1AA2C8BB
2E741F16F5701C92061B3669C7546E4A1AA2C8BF

M ca/nomad-agent-ca.srl => ca/nomad-agent-ca.srl +1 -1
@@ 1,1 1,1 @@
3A95C8A7EE198C7858E58366940C5F25842606AE
3A95C8A7EE198C7858E58366940C5F25842606B6

M ca/vault-server-ca.srl => ca/vault-server-ca.srl +1 -1
@@ 1,1 1,1 @@
73BA2463646820941EB0EC0FDCDC6DE86EE14266
73BA2463646820941EB0EC0FDCDC6DE86EE1426A

A packer/base.pkr.hcl => packer/base.pkr.hcl +39 -0
@@ 0,0 1,39 @@
// TODO: move resources required by packer into this folder?
packer {
  required_plugins {
    linode = {
      version = ">= 0.0.1"
      source  = "github.com/hashicorp/linode"
    }
  }
}

variable "linode_token" {
  type    = string
}

variable "opensuse_version" {
  type    = string
  default = "15.3"
}

locals {
  timestamp = regex_replace(timestamp(), "[- TZ:]", "")
}

source "linode" "cluster-image" {
  image             = "linode/opensuse${var.opensuse_version}"
  image_label       = "testing-cluster-image-${local.timestamp}"
  instance_label    = "cluster-imaging-${local.timestamp}"
  instance_type     = "g6-nanode-1"
  linode_token      = "${var.linode_token}"
  region            = "ca-central"
  ssh_username      = "root"
  swap_size         = 256
}

build {
  sources = ["source.linode.cluster-image"]
}

// vim: set expandtab tabstop=2 shiftwidth=2 autoindent:

A terraform.tfstate.d/staging/terraform.tfstate => terraform.tfstate.d/staging/terraform.tfstate +8 -0
@@ 0,0 1,8 @@
{
  "version": 4,
  "terraform_version": "1.0.1",
  "serial": 1,
  "lineage": "6c363c03-bd1a-c1ac-6d73-764ccae30450",
  "outputs": {},
  "resources": []
}

M terraform/README.md => terraform/README.md +3 -1
@@ 61,7 61,9 @@ $ consul join <existing_leader>
# ...this step might not be necessary? It was once
$ sudo service nomad restart  # to pick up the existing cluster

# TODO: probably something for Vault, too, to unseal it
# On each new Vault server
$ vault operator unseal  # enough times to unseal
$ sudo service vault restart
```

Once all servers are part of the cluster, old and new, run these commands on the old nodes:

M terraform/main.tf => terraform/main.tf +2 -2
@@ 73,7 73,7 @@ module "nomad-client" {
  consul_server_ips = module.consul-server.instances[*].ip

  datacenter       = local.datacenter
  image            = local.image
  image            = "private/15446344"
  instance_type    = local.instance_type
  authorized_users = local.authorized_users
}


@@ 91,7 91,7 @@ module "nomad-client-ingress" {
  consul_server_ips = module.consul-server.instances[*].ip

  datacenter       = local.datacenter
  image            = local.image
  image            = "private/15446344"
  instance_type    = local.instance_type
  authorized_users = local.authorized_users
}

M terraform/nomad-client/main.tf => terraform/nomad-client/main.tf +19 -2
@@ 28,12 28,29 @@ resource "linode_instance" "clients" {
  count            = var.clients
  label            = "nomad-client-${random_id.clients[count.index].keepers.datacenter}-${random_id.clients[count.index].hex}"
  region           = random_id.clients[count.index].keepers.datacenter
  image            = random_id.clients[count.index].keepers.image
  //image            = random_id.clients[count.index].keepers.image
  type             = random_id.clients[count.index].keepers.instance_type
  authorized_users = var.authorized_users
  //authorized_users = var.authorized_users
  group            = terraform.workspace
  tags            = [terraform.workspace]

  disk {
    label = "boot"
    size = 20480 // 20G
    image = random_id.clients[count.index].keepers.image
    authorized_users = var.authorized_users
  }

  config {
    label = "boot_config"
    kernel = "linode/grub2"
    devices {
      sda {
        disk_label = "boot"
      }
    }
  }

  provisioner "remote-exec" {
    connection { host = split("/", self.ipv6)[0] }
    inline = ["echo SSH is up"]

M terraform/nomad-server/main.tf => terraform/nomad-server/main.tf +0 -3
@@ 73,9 73,6 @@ resource "linode_instance" "servers" {
    content     = <<-EOT
      vault {
        token = "${var.vault_token}"
        ca_file = "/etc/ssl/vault-server/ca.crt"
        cert_file = "/etc/ssl/nomad-agent/vault.crt"
        key_file = "/etc/ssl/nomad-agent/vault.key"
      }
    EOT
  }