intial commit

Author: Scott Winkler

.gitignore

@@ -0,0 +1,11 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+terraform
+.DS_Store

README.md

@@ -0,0 +1,3 @@
+# terraform-aws-nomad
+
+a Terraform module to deploy a Nomad + Consul cluster on AWS

main.tf

@@ -0,0 +1,81 @@
+module "resourcegroup" {
+  source = "./modules/resourcegroup"
+
+  namespace = var.namespace
+}
+
+module "networking" {
+  source    = "./modules/networking"
+  namespace = module.resourcegroup.namespace
+}
+
+module "loadbalancing" {
+  source = "./modules/loadbalancing"
+
+  namespace = module.resourcegroup.namespace
+  sg        = module.networking.sg
+  vpc       = module.networking.vpc
+}
+
+module "consul_servers" {
+  source               = "./modules/cluster"
+  associate_public_ips = var.associate_public_ips
+  ssh_keypair          = var.ssh_keypair
+  instance_count       = var.consul.servers_count
+  instance_type        = var.consul.server_instance_type
+  datacenter           = var.datacenter
+  join_wan             = var.join_wan
+  consul = {
+    version = var.consul.version
+    mode    = "server"
+  }
+
+  namespace         = module.resourcegroup.namespace
+  vpc               = module.networking.vpc
+  security_group_id = module.networking.sg.consul_server
+  target_group_arns = module.loadbalancing.target_group_arns.consul
+}
+
+module "nomad_servers" {
+  source               = "./modules/cluster"
+  associate_public_ips = var.associate_public_ips
+  ssh_keypair          = var.ssh_keypair
+  instance_count       = var.nomad.servers_count
+  instance_type        = var.nomad.server_instance_type
+  datacenter           = var.datacenter
+  nomad = {
+    version = var.nomad.version
+    mode    = "server"
+  }
+  consul = {
+    version = var.consul.version
+    mode    = "client"
+  }
+
+  namespace         = module.resourcegroup.namespace
+  vpc               = module.networking.vpc
+  security_group_id = module.networking.sg.nomad_server
+  target_group_arns = module.loadbalancing.target_group_arns.nomad
+}
+
+module "nomad_clients" {
+  source               = "./modules/cluster"
+  associate_public_ips = var.associate_public_ips
+  ssh_keypair          = var.ssh_keypair
+  instance_count       = var.nomad.clients_count
+  instance_type        = var.nomad.client_instance_type
+  datacenter           = var.datacenter
+  nomad = {
+    version = var.nomad.version
+    mode    = "client"
+  }
+  consul = {
+    version = var.consul.version
+    mode    = "client"
+  }
+
+  namespace         = module.resourcegroup.namespace
+  security_group_id = module.networking.sg.nomad_client
+  vpc               = module.networking.vpc
+  target_group_arns = module.loadbalancing.target_group_arns.fabio
+}

modules/cluster/main.tf

@@ -0,0 +1,97 @@
+
+module "iam_instance_profile" {
+  source  = "scottwinkler/iip/aws"
+  actions = ["logs:*", "ec2:DescribeInstances"]
+}
+
+data "aws_region" "current" {}
+
+locals {
+  consul_config = var.consul.mode != "disabled" ? templatefile("${path.module}/templates/consul_${var.consul.mode}.json", {
+    instance_count = var.instance_count,
+    namespace      = var.namespace,
+    datacenter     = var.datacenter,
+    join_wan       = join(",",[for s in var.join_wan: join("",["\"",s,"\""])]),
+  }) : ""
+  nomad_config = var.nomad.mode != "disabled" ? templatefile("${path.module}/templates/nomad_${var.nomad.mode}.hcl", {
+    instance_count = var.instance_count
+    datacenter     = var.datacenter
+    region         = data.aws_region.current.name
+  }) : ""
+  startup = templatefile("${path.module}/templates/startup.sh", {
+    consul_version = var.consul.version,
+    consul_config  = local.consul_config,
+    consul_mode    = var.consul.mode
+    nomad_version  = var.nomad.version,
+    nomad_config   = local.nomad_config,
+    nomad_mode     = var.nomad.mode,
+  })
+  namespace = "${var.namespace}_N${var.nomad.mode}_C${var.consul.mode}"
+}
+
+data "aws_ami" "ubuntu" {
+  most_recent = true
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"]
+  }
+  owners = ["099720109477"]
+}
+
+resource "aws_launch_template" "server" {
+  name_prefix   = local.namespace
+  image_id      = data.aws_ami.ubuntu.id
+  instance_type = var.instance_type
+  user_data     = base64encode(local.startup)
+  key_name      = var.ssh_keypair
+  iam_instance_profile {
+    name = module.iam_instance_profile.name
+  }
+  network_interfaces {
+    associate_public_ip_address = var.associate_public_ips
+    security_groups = [var.security_group_id]
+    delete_on_termination = true
+  }
+
+  tags = {
+    ResourceGroup = var.namespace
+  }
+}
+
+resource "aws_autoscaling_group" "server" {
+  name                      = local.namespace
+  health_check_grace_period = 300
+  health_check_type         = "ELB"
+  target_group_arns         = var.target_group_arns
+  default_cooldown          = 3600
+  min_size                  = var.instance_count
+  max_size                  = var.instance_count
+  vpc_zone_identifier       = var.associate_public_ips ? var.vpc.public_subnets : var.vpc.private_subnets
+  launch_template {
+    id      = aws_launch_template.server.id
+    version = aws_launch_template.server.latest_version
+  }
+  tags = [
+    {
+      key                 = "ResourceGroup"
+      value               = var.namespace
+      propagate_at_launch = true
+    },
+    {
+      key                 = "Name"
+      value               = local.namespace
+      propagate_at_launch = true
+    }
+  ]
+}
+
+data "aws_instances" "instances" {
+  depends_on = [aws_autoscaling_group.server]
+  count = var.associate_public_ips ? 1 : 0
+  instance_tags = {
+    ResourceGroup = var.namespace
+    Name = local.namespace
+  }
+
+  instance_state_names = ["running", "pending"]
+}

modules/cluster/outputs.tf

@@ -0,0 +1,3 @@
+output "public_ips" {
+    value = var.associate_public_ips&&length(data.aws_instances.instances)>=1 ? data.aws_instances.instances[0].public_ips : []
+}

modules/cluster/templates/consul_client.json

@@ -0,0 +1,14 @@
+{
+  "datacenter":"${datacenter}",
+  "bind_addr": "0.0.0.0",
+  "advertise_addr": "$PUBLIC_IP",
+  "addresses": {
+    "http": "0.0.0.0"
+  },
+  "data_dir": "/mnt/consul",
+  "disable_remote_exec": true,
+  "disable_update_check": true,
+  "leave_on_terminate": true,
+  "retry_join": [ "provider=aws tag_key=ResourceGroup tag_value=${namespace}" ],
+  "server": false
+}

modules/cluster/templates/consul_server.json

@@ -0,0 +1,28 @@
+{
+  "datacenter":"${datacenter}",
+  "bind_addr": "$PRIVATE_IP",
+  "advertise_addr": "$PRIVATE_IP",
+  "advertise_addr_wan": "$PUBLIC_IP",
+  "translate_wan_addrs": true,
+  "data_dir": "/mnt/consul",
+  "disable_remote_exec": true,
+  "disable_update_check": true,
+  "bootstrap_expect": ${instance_count},
+  "leave_on_terminate": true,
+  "retry_join": [ "provider=aws tag_key=ResourceGroup tag_value=${namespace}" ],
+  "retry_join_wan" : [ ${join_wan}],
+  "server": true,
+  "raft_protocol": 3,
+  "ui": true,
+  "autopilot": {
+    "cleanup_dead_servers": true,
+    "last_contact_threshold": "200ms",
+    "max_trailing_logs": 250,
+    "server_stabilization_time": "10s"
+  },
+  "addresses": {
+    "http": "0.0.0.0"
+  },
+  "log_level" : "DEBUG",
+  "enable_syslog" : true
+}

modules/cluster/templates/nomad_client.hcl

@@ -0,0 +1,7 @@
+data_dir   = "/mnt/nomad"
+datacenter = "${datacenter}"
+region = "${region}"
+bind_addr = "0.0.0.0"
+client {
+  enabled = true
+}

modules/cluster/templates/nomad_server.hcl

@@ -0,0 +1,20 @@
+data_dir   = "/mnt/nomad"
+datacenter = "${datacenter}"
+region = "${region}"
+bind_addr = "0.0.0.0"
+advertise {
+  http = "$PUBLIC_IP"
+  rpc = "$PUBLIC_IP"
+  serf = "$PUBLIC_IP"
+}
+server {
+    enabled = true
+    bootstrap_expect = ${instance_count}
+}
+
+telemetry {
+  publish_allocation_metrics = true
+  publish_node_metrics       = true
+}
+enable_syslog = true
+log_level = "DEBUG"