Merge pull request #3 from AndrewChubatiuk/added-firewall

added firewall, placement group support

Author: AndrewChubatiuk

README.md

@@ -1,99 +1,123 @@
-# nomad-hcloud-autoscaler
+# Hetzner Cloud Server Target Plugin
 
-## Demo
-Run `terraform apply` in [demo](demo/setup) folder to create: 
- - nomad server which runs services for:
-    - nomad-autoscaler
-    - prometheus
-    - redis
+The `hcloud-server` target plugin allows for the scaling of the Nomad cluster clients via manipulating [Hetzner Cloud Servers][hcloud_servers].
 
-Autoscaler scales hcloud nodes for redis. After successful run both Nomad and Consul are wide-world open and credentials for both you can find in terraform output
+## Agent Configuration Options
 
+To use the `hcloud-server` target plugin, the agent configuration needs to be populated with the appropriate target block.
 
-## Configuration
-
-`config.hcl`
-```
-template {
-    data = <<-EOF
-    nomad {
-        address = "http://{{env "attr.unique.network.ip-address" }}:4646"
-    }
-
-    telemetry {
-        prometheus_metrics = true
-        disable_hostname   = true
-    }
-
-    apm "prometheus" {
-        driver = "prometheus"
-        config = {
-            address = "http://{{ range service "prometheus" }}{{ .Address }}:{{ .Port }}{{ end }}"
-        }
-    }
-
-    strategy "target-value" {
-        driver = "target-value"
-        
-    }
-
-    target "hcloud-server" {
-        driver = "hcloud-server"
-        config = {
-            hcloud_token = "YOUR_HCLOUD_TOKEN"
-        }
-    }
-    
-    EOF
-
-    destination = "${NOMAD_TASK_DIR}/config.hcl"
-    change_mode = "signal"
-    change_signal = "SIGHUP"
+```hcl
+target "hcloud-server" {
+  driver = "hcloud-server"
+  config = {
+    hcloud_token = "YOUR_HCLOUD_TOKEN"
+  }
 }
 ```
 
-`policy`
+- `hcloud_token` `(string: required)` - The [Hetzner Cloud token][hcloud_token] used to authenticate to connect to and where resources should be managed.
+
+- `hcloud_random_suffix_len` `(string: "10")` - Random Server name suffix length
+
+- `hcloud_retry_interval` `(string: "1m")` - Hetzner Cloud API retry interval
+
+- `hcloud_retry_limit` `(string: "5")` - Hetzner Cloud API retry limit
 
+- `hcloud_items_per_page` `(string: "50")` - Hetzner Cloud API request page size
+
+- `hcloud_group_id_label_selector` `(string: "group-id")` - Server group id label selector
+
+- `hcloud_node_attr_id` `(string: "unique.hostname")` - Nomad Node attribute id
+
+### Nomad ACL
+
+When using a Nomad cluster with ACLs enabled, the plugin will require an ACL token which provides the following permissions:
+
+```hcl
+node {
+  policy = "write"
+}
 ```
-template {
-    data = <<-EOF
-    scaling  "cluster_class-batch" {
-        enabled = true
-        min     = 1
-        max     = 2
-
-        policy {
-        cooldown            = "5m"
-        evaluation_interval = "5m"
-
-        check "test-scale" {
-            source = "prometheus"
-            query  = "YOUR_DESIRED_METRIC"
-
-            strategy "target-value" {
-            target = 2
-            }
-        }
-
-        target "hcloud-server" {
-            // datacenter = "XXX"
-            node_class = "XXX"
-            dry-run             = "false"
-            // node_selector_strategy = "newest_create_index"
-            hcloud_location = "XXX"
-            hcloud_image = "XXX"
-            hcloud_user_data = ""
-            hcloud_ssh_keys = "XXX"
-            hcloud_server_type = "cx11"
-            hcloud_group_id = "XXX"
-            hcloud_labels = "XXX_node=true"
-            hcloud_networks = "XXX"
-        }
-        }
-    }
-    EOF
-    destination = "${NOMAD_TASK_DIR}/policies/hcloud.hcl"
-    change_mode = "signal"
-    change_signal = "SIGHUP"
+
+## Policy Configuration Options
+
+```hcl
+check "hashistack-allocated-cpu" {
+  # ...
+  target "hcloud-server" {
+    datacenter                   = "XXX"
+    node_class                   = "XXX"
+    node_drain_deadline          = "5m"
+    node_purge                   = "true"
+    node_selector_strategy       = "newest_create_index"
+    hcloud_location              = "XXX"
+    hcloud_image                 = "XXX"
+    hcloud_user_data             = "#cloud-config\npackages:\n - jq"
+    hcloud_b64_user_data_encoded = "false"
+    hcloud_ssh_keys              = "XXX"
+    hcloud_server_type           = "cx11"
+    hcloud_group_id              = "XXX"
+    hcloud_labels                = "XXX_node=true"
+    hcloud_networks              = "XXX"
+  }
+  # ...
 }
 ```
+
+- `hcloud_location` `(string: "")` - ID or name of [Location][hcloud_location] to create Server in (must not be used together with `hcloud_datacenter`).
+
+- `hcloud_datacenter` `(string: "")` - ID or name of [Datacenter][hcloud_datacenter] to create Server in (must not be used together with `hcloud_location`).
+
+- `hcloud_firewalls` `(string: "")` - Comma-separated list of [Firewall][hcloud_firewall] IDs
+
+- `hcloud_placement_group` `(string: "")` - [Placement Group][hcloud_placement_group] ID
+
+- `hcloud_image` `(string: required)` - ID or name of the [Image][hcloud_image] the Server is created from.
+
+- `hcloud_group_id` `(string: required)` - Server group name used for filtering targeted HCloud hosts. `group-id` label is attached to a server during creation.
+
+- `hcloud_user_data` `(string: required)` - [Cloud-Init][cloud_init] user data to use during Server creation. This field is limited to 32KiB.
+
+- `hcloud_b64_user_data_encoded` `(string: "false")` - Identifies if `hcloud_user_data` is base64 encoded or not.
+
+- `hcloud_ssh_keys` `(string: required)` - Comma-separated IDs or names of SSH keys which should be injected into the server at creation time.
+
+- `hcloud_labels` `(string: "")` - User-defined labels (key-value pairs) string in a format `key1=value1,key2=value2,...,keyN=valueN`.
+
+- `hcloud_networks` `(string: "")` - [Network][hcloud_networks] IDs which should be attached to the server private network interface at the creation time.
+
+- `datacenter` `(string: "")` - The Nomad client [datacenter][nomad_datacenter] identifier used to group nodes into a pool of resource.
+
+- `node_class` `(string: "")` - The Nomad [client node class][nomad_node_class] identifier used to group nodes into a pool of resource.
+
+- `node_drain_deadline` `(duration: "15m")` The Nomad [drain deadline][nomad_node_drain_deadline] to use when performing node draining actions.
+
+- `node_drain_ignore_system_jobs` `(bool: "false")` A boolean flag used to control if system jobs should be stopped when performing node draining actions.
+
+- `node_purge` `(bool: "false")` A boolean flag to determine whether Nomad clients should be [purged][nomad_node_purge] when performing scale in actions.
+
+- `node_selector_strategy` `(string: "least_busy")` The strategy to use when selecting nodes for termination. Refer to the [node selector strategy][node_selector_strategy] documentation for more information.
+
+[hcloud_servers]: https://docs.hetzner.com/cloud/servers
+[hcloud_datacenter]: https://www.hetzner.com/unternehmen/rechenzentrum
+[hcloud_token]: https://docs.hetzner.com/dns-console/dns/general/api-access-token/
+[hcloud_location]: https://docs.hetzner.com/cloud/general/locations/
+[hcloud_placement_group]: https://docs.hetzner.com/cloud/placement-groups/overview/
+[hcloud_image]: https://docs.hetzner.com/robot/dedicated-server/operating-systems/standard-images/
+[hcloud_networks]: https://docs.hetzner.com/cloud/networks/overview
+[hcloud_firewall]: https://docs.hetzner.com/robot/dedicated-server/firewall/
+[cloud_init]: https://cloudinit.readthedocs.io/en/latest/
+[nomad_datacenter]: /docs/configuration#datacenter
+[nomad_node_class]: /docs/configuration/client#node_class
+[nomad_node_drain_deadline]: /api-docs/nodes#deadline
+[nomad_node_purge]: /api-docs/nodes#purge-node
+[node_selector_strategy]: /tools/autoscaling/internals/node-selector-strategy
+
+## Demo
+Run `terraform apply` in [demo](demo/setup) folder to create: 
+ - nomad server which runs services for:
+    - nomad-autoscaler
+    - prometheus
+    - redis
+
+Autoscaler scales hcloud nodes for redis. After successful run both Nomad and Consul are wide-world open and credentials for both you can find in terraform output

demo/modules/user-data/data/nomad.hcl.tmpl

@@ -1,6 +1,9 @@
 region    = "global"
 log_level = "INFO"
 data_dir  =  "/opt/nomad"
+%{ if datacenter != "" }
+datacenter = "${datacenter}"
+%{ endif }
 bind_addr = "0.0.0.0"
 server = {
   enabled          = %{ if length(servers) == 0 }true%{else}false%{ endif }

demo/setup/jobs/autoscaler.hcl

@@ -14,7 +14,7 @@ job "autoscaler" {
       driver = "docker"
 
       config {
-        image      = "achubatiuk/nomad-autoscaler:fix-scaler"
+        image      = "achubatiuk/nomad-autoscaler:main"
         command    = "nomad-autoscaler"
         args       = ["agent", "-config", "${NOMAD_TASK_DIR}/config.hcl", "-plugin-dir", "/plugins"]
         force_pull = true
@@ -40,12 +40,11 @@ scaling  "cluster_class-batch" {
 
     target "hcloud-server" {
       node_class                   = "redis"
-      hcloud_location              = "fsn1"
-      hcloud_image                 = "ubuntu-20.04"
+      datacenter                   = "dc1"
       hcloud_ssh_keys              = "nomad"
-      hcloud_server_type           = "cx11"
       hcloud_group_id              = "redis"
       hcloud_labels                = "key1=value1"
+      hcloud_location              = "fsn1"
       hcloud_user_data             = "{{ key "secrets/nomad/redis/user-data" }}"
       hcloud_b64_user_data_encoded = "true"
     }

demo/setup/main.tf

@@ -16,6 +16,7 @@ module "server_user_data" {
   source = "../modules/user-data"
   input = {
     "node_class"   = "nomad-server"
+    "datacenter"   = "dc1"
     "servers"      = []
     "interface"    = "eth0"
     "consul_token" = ""
@@ -27,6 +28,7 @@ module "redis_client_user_data" {
   source = "../modules/user-data"
   input = {
     "node_class"   = "redis"
+    "datacenter"   = "dc1"
     "servers"      = module.nomad.ipv4_addresses
     "interface"    = "eth0"
     "consul_token" = jsondecode(data.local_file.creds.content)["consul"]

go.mod

@@ -4,7 +4,11 @@ go 1.16
 
 require (
 	github.com/armon/go-metrics v0.3.10 // indirect
+	github.com/creasty/defaults v1.6.0
 	github.com/fatih/color v1.13.0 // indirect
+	github.com/go-playground/locales v0.14.0
+	github.com/go-playground/universal-translator v0.18.0
+	github.com/go-playground/validator/v10 v10.10.1
 	github.com/google/go-cmp v0.5.7 // indirect
 	github.com/google/uuid v1.3.0
 	github.com/gorilla/websocket v1.5.0 // indirect
@@ -20,12 +24,14 @@ require (
 	github.com/hetznercloud/hcloud-go v1.33.1
 	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/mapstructure v1.4.3
 	github.com/oklog/run v1.1.0 // indirect
 	github.com/prometheus/common v0.33.0 // indirect
 	github.com/stretchr/testify v1.7.1
 	github.com/zclconf/go-cty v1.10.0 // indirect
 	golang.org/x/net v0.0.0-20220412020605-290c469a71a5 // indirect
-	golang.org/x/sys v0.0.0-20220412071739-889880a91fd5 // indirect
+	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect
 	google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac // indirect
-	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 )
+
+replace github.com/hetznercloud/hcloud-go v1.33.1 => github.com/AndrewChubatiuk/hcloud-go v1.33.2