~damien/infrastructure

de8ff3eb4d7573fe55b33e84cf0e2fe063bf681a — Damien Radtke 2 years ago 1c77706
Make bootstrapping configurable
M ca/consul-agent-ca.srl => ca/consul-agent-ca.srl +1 -1
@@ 1,1 1,1 @@
2E741F16F5701C92061B3669C7546E4A1AA2C853
2E741F16F5701C92061B3669C7546E4A1AA2C85E

M ca/nomad-agent-ca.srl => ca/nomad-agent-ca.srl +1 -1
@@ 1,1 1,1 @@
3A95C8A7EE198C7858E58366940C5F2584260632
3A95C8A7EE198C7858E58366940C5F258426063B

M ca/vault-server-ca.srl => ca/vault-server-ca.srl +1 -1
@@ 1,1 1,1 @@
73BA2463646820941EB0EC0FDCDC6DE86EE1420D
73BA2463646820941EB0EC0FDCDC6DE86EE14211

M terraform/README.md => terraform/README.md +9 -1
@@ 1,9 1,17 @@
## Applying

Make sure that the Linode token is defined in `secrets.auto.tfvars`, and then simply run:

```bash
$ terraform apply -var-file secrets.tfvars && post-apply
$ terraform apply
```

TODO: run post-apply?

### Bootstrapping

If creating a fresh cluster, you will want to add `-var bootstrap=true` so that the Consul, Nomad, and Vault servers are provisioned with the `bootstrap_expect` config.

## Debugging

Log level and log path can be set using the `TF_LOG` and `TF_LOG_PATH` environment variables. See https://www.terraform.io/docs/internals/debugging.html

M terraform/cluster/consul-server/main.tf => terraform/cluster/consul-server/main.tf +1 -1
@@ 47,7 47,7 @@ resource "linode_instance" "servers" {
      node_name        = "${self.label}"
      datacenter       = "${var.datacenter}"
      server           = true
      bootstrap_expect = ${var.servers}
      %{if var.bootstrap}bootstrap_expect = ${var.servers}%{endif}
    EOT
  }


M terraform/cluster/consul-server/variables.tf => terraform/cluster/consul-server/variables.tf +4 -0
@@ 4,5 4,9 @@ variable datacenter { type = string }
variable image { type = string }
variable instance_type { type = string }
variable authorized_users { type = list(string) }
variable bootstrap {
  type = bool
  default = false
}

// vim: set expandtab shiftwidth=2 tabstop=2:

M terraform/cluster/nomad-server/main.tf => terraform/cluster/nomad-server/main.tf +5 -1
@@ 50,6 50,10 @@ resource "linode_instance" "servers" {
    command = "../ca/provision-cert --addr ${self.ip_address} --ca nomad-agent --hostname server.${self.region}.nomad --owner nomad:nomad --outdir /etc/ssl/nomad-agent --basename nomad"
  }

  provisioner "local-exec" {
    command = "../ca/provision-cert --addr ${self.ip_address} --ca nomad-agent --owner damien:nobody --outdir /etc/ssl/nomad-agent --basename cli"
  }

  provisioner "file" {
    connection { host = split("/", self.ipv6)[0] }
    destination = "/etc/nomad.d/server.hcl"


@@ 57,7 61,7 @@ resource "linode_instance" "servers" {
      datacenter       = "${var.datacenter}"
      server {
        enabled          = true
        bootstrap_expect = ${var.servers}
        %{if var.bootstrap}bootstrap_expect = ${var.servers}%{endif}
      }
    EOT
  }

M terraform/cluster/nomad-server/variables.tf => terraform/cluster/nomad-server/variables.tf +4 -0
@@ 6,5 6,9 @@ variable instance_type { type = string }
variable authorized_users { type = list(string) }
variable vault_token { type = string }
variable consul_server_ips { type = list(string) }
variable bootstrap {
  type = bool
  default = false
}

// vim: set expandtab shiftwidth=2 tabstop=2:

M terraform/cluster/vault-server/main.tf => terraform/cluster/vault-server/main.tf +1 -1
@@ 61,7 61,7 @@ resource "linode_instance" "servers" {
      datacenter       = "${var.datacenter}"
      server {
        enabled          = true
        bootstrap_expect = ${var.servers}
        %{if var.bootstrap}bootstrap_expect = ${var.servers}%{endif}
      }
    EOT
  }

M terraform/cluster/vault-server/variables.tf => terraform/cluster/vault-server/variables.tf +4 -0
@@ 5,5 5,9 @@ variable image { type = string }
variable instance_type { type = string }
variable authorized_users { type = list(string) }
variable consul_server_ips { type = list(string) }
variable bootstrap {
  type = bool
  default = false
}

// vim: set expandtab shiftwidth=2 tabstop=2: