~damien/infrastructure

9b835daa4bb0eda4b93f096ff0971f51ec36d855 — Damien Radtke 2 years ago de8ff3e
Have some code
M ca/consul-agent-ca.srl => ca/consul-agent-ca.srl +1 -1
@@ 1,1 1,1 @@
2E741F16F5701C92061B3669C7546E4A1AA2C85E
2E741F16F5701C92061B3669C7546E4A1AA2C87C

M ca/nomad-agent-ca.srl => ca/nomad-agent-ca.srl +1 -1
@@ 1,1 1,1 @@
3A95C8A7EE198C7858E58366940C5F258426063B
3A95C8A7EE198C7858E58366940C5F258426065A

M ca/vault-server-ca.srl => ca/vault-server-ca.srl +1 -1
@@ 1,1 1,1 @@
73BA2463646820941EB0EC0FDCDC6DE86EE14211
73BA2463646820941EB0EC0FDCDC6DE86EE14227

M packer/README.md => packer/README.md +5 -4
@@ 1,4 1,5 @@
Packer is currently not used; when you deploy a new Linode from an image,
it fails to configure its network correctly, meaning that connectivity is
initially broken until you manually specify the correct IP and gateway in
/etc/sysconfig/network/{routes,ifcfg-eth0}.
## Building

```sh
$ packer build image.pkr.hcl
```

M packer/image.pkr.hcl => packer/image.pkr.hcl +1 -1
@@ 25,7 25,7 @@ variable "consul_version" {

variable "nomad_version" {
  type    = string
  default = "1.1.2"
  default = "1.1.6"
}

variable "vault_version" {

M terraform/cluster/consul-server/variables.tf => terraform/cluster/consul-server/variables.tf +1 -4
@@ 4,9 4,6 @@ variable datacenter { type = string }
variable image { type = string }
variable instance_type { type = string }
variable authorized_users { type = list(string) }
variable bootstrap {
  type = bool
  default = false
}
variable bootstrap { type = bool }

// vim: set expandtab shiftwidth=2 tabstop=2:

M terraform/cluster/main.tf => terraform/cluster/main.tf +5 -0
@@ 6,6 6,8 @@ variable image { type = string }
variable instance_type { type = string }
variable authorized_users { type = list(string) }

variable bootstrap { type = bool }

module "consul-server" {
  source = "./consul-server"



@@ 15,6 17,7 @@ module "consul-server" {
  image            = var.image
  instance_type    = var.instance_type
  authorized_users = var.authorized_users
  bootstrap        = var.bootstrap
}

module "nomad-server" {


@@ 28,6 31,7 @@ module "nomad-server" {
  instance_type    = var.instance_type
  authorized_users = var.authorized_users
  vault_token      = var.vault_token
  bootstrap        = var.bootstrap
}

module "nomad-client" {


@@ 65,4 69,5 @@ module "vault-server" {
  image            = var.image
  instance_type    = var.instance_type
  authorized_users = var.authorized_users
  bootstrap        = var.bootstrap
}

M terraform/cluster/nomad-client/main.tf => terraform/cluster/nomad-client/main.tf +11 -3
@@ 64,7 64,15 @@ resource "linode_instance" "clients" {
  }

  provisioner "local-exec" {
    command = "../ca/provision-cert --addr ${self.ip_address} --ca nomad-agent --hostname client.${self.region}.nomad --owner nomad:nomad --outdir /etc/ssl/nomad-agent --basename nomad"
    command = "../ca/provision-cert --addr ${self.ip_address} --ca nomad-agent --hostname client.global.nomad --owner nomad:nomad --outdir /etc/ssl/nomad-agent --basename nomad"
  }

  provisioner "local-exec" {
    command = "../ca/provision-cert --addr ${self.ip_address} --ca nomad-agent --owner damien:nobody --outdir /etc/ssl/nomad-agent --basename cli"
  }

  provisioner "local-exec" {
    command = "../ca/provision-cert --addr ${self.ip_address} --ca vault-server --hostname client.global.nomad --owner nomad:nomad --outdir /etc/ssl/nomad-agent --basename vault"
  }

  provisioner "file" {


@@ 72,8 80,8 @@ resource "linode_instance" "clients" {
    destination = "/etc/nomad.d/client.hcl"
    content     = <<-EOT
      datacenter       = "${var.datacenter}"
      server {
        enabled          = false
      client {
        enabled = true
      }
    EOT
  }

M terraform/cluster/nomad-server/main.tf => terraform/cluster/nomad-server/main.tf +20 -1
@@ 36,6 36,10 @@ resource "linode_instance" "servers" {
    command = "../ca/provision-cert --addr ${self.ip_address} --ca consul-agent --hostname client.${self.region}.consul --owner consul:consul --outdir /etc/ssl/consul-agent --basename consul"
  }

  provisioner "local-exec" {
    command = "../ca/provision-cert --addr ${self.ip_address} --ca vault-server --hostname server.global.nomad --owner nomad:nomad --outdir /etc/ssl/nomad-agent --basename vault"
  }

  provisioner "file" {
    connection { host = split("/", self.ipv6)[0] }
    destination = "/etc/consul.d/client.hcl"


@@ 47,7 51,7 @@ resource "linode_instance" "servers" {
  }

  provisioner "local-exec" {
    command = "../ca/provision-cert --addr ${self.ip_address} --ca nomad-agent --hostname server.${self.region}.nomad --owner nomad:nomad --outdir /etc/ssl/nomad-agent --basename nomad"
    command = "../ca/provision-cert --addr ${self.ip_address} --ca nomad-agent --hostname server.global.nomad --owner nomad:nomad --outdir /etc/ssl/nomad-agent --basename nomad"
  }

  provisioner "local-exec" {


@@ 66,6 70,21 @@ resource "linode_instance" "servers" {
    EOT
  }

  provisioner "file" {
    connection { host = split("/", self.ipv6)[0] }
    destination = "/etc/nomad.d/vault.hcl"
    content     = <<-EOT
      vault {
        token = "TODO"
      }
    EOT
  }

  provisioner "remote-exec" {
    connection { host = split("/", self.ipv6)[0] }
    inline = ["chmod 0600 /etc/nomad.d/vault.hcl"]
  }

  // start services
  provisioner "remote-exec" {
    connection { host = split("/", self.ipv6)[0] }

M terraform/cluster/nomad-server/variables.tf => terraform/cluster/nomad-server/variables.tf +1 -4
@@ 6,9 6,6 @@ variable instance_type { type = string }
variable authorized_users { type = list(string) }
variable vault_token { type = string }
variable consul_server_ips { type = list(string) }
variable bootstrap {
  type = bool
  default = false
}
variable bootstrap { type = bool }

// vim: set expandtab shiftwidth=2 tabstop=2:

M terraform/cluster/vault-server/variables.tf => terraform/cluster/vault-server/variables.tf +1 -4
@@ 5,9 5,6 @@ variable image { type = string }
variable instance_type { type = string }
variable authorized_users { type = list(string) }
variable consul_server_ips { type = list(string) }
variable bootstrap {
  type = bool
  default = false
}
variable bootstrap { type = bool }

// vim: set expandtab shiftwidth=2 tabstop=2:

M terraform/main.tf => terraform/main.tf +6 -0
@@ 8,6 8,10 @@ terraform {
}

variable "linode_token" { type = string }
variable "bootstrap" {
  type = string
  default = false
}

provider "linode" {
  token = var.linode_token


@@ 19,9 23,11 @@ module "cluster" {
  source           = "./cluster"
  datacenter       = "ca-central"
  image            = "private/13315378"
  // image            = "private/14625896"
  authorized_users = [data.linode_profile.me.username]
  instance_type    = "g6-nanode-1"
  vault_token      = "root_token"
  bootstrap        = var.bootstrap
}

output "consul-servers" {