github.com/Ilhicas/nomad@v1.0.4-0.20210304152020-e86851182bc3/terraform/gcp/modules/hashistack/hashistack.tf

github.com/Ilhicas/nomad@v1.0.4-0.20210304152020-e86851182bc3/terraform/gcp/modules/hashistack/hashistack.tf (about)

     1  variable "project" {
     2    type        = string
     3    description = "The Google Cloud Platform project to deploy the Nomad cluster in."
     4  }
     5  
     6  variable "credentials" {
     7    type        = string
     8    description = "The path to the Google Cloud Platform credentials file (in JSON format) to use."
     9  }
    10  
    11  variable "name" {
    12      type        = string
    13      default     = "hashistack"
    14      description = "The default name to use for resources."
    15  }
    16  
    17  variable "region" {
    18      type        = string
    19      default     = "us-east1"
    20      description = "The GCP region to deploy resources in."
    21  }
    22  
    23  variable "zone" {
    24    type        = string
    25    default     = "c"
    26    description = "The GCP zone to deploy resources in."
    27  }
    28  
    29  variable "cidr_range" {
    30    type        = string
    31    default     = "192.168.1.0/24"
    32    description = "The IP CIDR range to use for the cluster's VPC subnetwork."
    33  }
    34  
    35  variable "router_asn" {
    36    type    = string
    37    default = "64514"
    38  }
    39  
    40  variable "image" {
    41      type        = string
    42      default     = "hashistack"
    43      description = "The GCP image name (built with Packer)."
    44  }
    45  
    46  variable "enable_preemptible" {
    47      type        = bool 
    48      default     = false 
    49      description = "Use preemptible VM instances, which will be cheaper to run." 
    50  }
    51  
    52  variable "server_count" {
    53      type        = number
    54      default     = 3
    55      description = "The number of server instances to deploy (always use odd number)." 
    56  }
    57  
    58  variable "client_count" {
    59      type        = number
    60      default     = 5
    61      description = "The number of client instances to deploy." 
    62  }
    63  
    64  variable "server_machine_type" {
    65    type        = string
    66    default     = "n1-standard-2"
    67    description = "The compute engine machine type to use for server instances."
    68  }
    69  
    70  variable "client_machine_type" {
    71    type        = string
    72    default     = "n1-standard-2"
    73    description = "The compute engine machine type to use for client instances."
    74  }
    75  
    76  variable "server_disk_size_gb" {
    77    type        = string
    78    default     = "50"
    79    description = "The compute engine disk size in GB to use for server instances."
    80  }
    81  
    82  variable "client_disk_size_gb" {
    83    type        = string
    84    default     = "50"
    85    description = "The compute engine disk size in GB to use for client instances."
    86  }
    87  
    88  resource "google_compute_network" "hashistack" {
    89    name                    = var.name 
    90    auto_create_subnetworks = false
    91  }
    92  
    93  resource "google_compute_subnetwork" "hashistack" {
    94    network       = google_compute_network.hashistack.name
    95    name          = var.name
    96    region        = var.region
    97    ip_cidr_range = var.cidr_range
    98  }
    99  
   100  resource "google_compute_router" "hashistack" {
   101    name    = "${var.name}-router"
   102    region  = var.region
   103    network = google_compute_network.hashistack.name
   104    bgp {
   105      asn = var.router_asn
   106    }
   107  }
   108  
   109  resource "google_compute_router_nat" "hashistack" {
   110    name                               = var.name
   111    region                             = google_compute_router.hashistack.region
   112    router                             = google_compute_router.hashistack.name
   113    nat_ip_allocate_option             = "AUTO_ONLY"
   114    source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
   115  
   116    log_config {
   117      enable = true
   118      filter = "ERRORS_ONLY"
   119    }
   120  }
   121  
   122  resource "google_compute_firewall" "allow-ssh" {
   123    name          = "${var.name}-allow-ssh"
   124    network       = google_compute_network.hashistack.name
   125  
   126    allow {
   127      protocol = "tcp"
   128      ports    = [22]
   129    }
   130  }
   131  
   132  resource "google_compute_firewall" "allow-http-external" {
   133    name          = "${var.name}-allow-http-external"
   134    network       = google_compute_network.hashistack.name
   135    target_tags   = ["server"]
   136  
   137    allow {
   138      protocol = "tcp"
   139      ports    = [4646, 8200, 8500]
   140    }
   141  }
   142  
   143  resource "google_compute_firewall" "allow-all-internal" {
   144    name        = "${var.name}-allow-all-internal"
   145    network     = google_compute_network.hashistack.name
   146    source_tags = ["auto-join"]
   147  
   148    allow {
   149      protocol = "icmp"
   150    }
   151  
   152    allow {
   153      protocol = "tcp"
   154      ports    = ["0-65535"]
   155    }
   156    
   157    allow {
   158      protocol = "udp"
   159      ports    = ["0-65535"]
   160    }
   161  }
   162  
   163  locals {
   164    retry_join = "provider=gce project_name=${var.project} tag_value=auto-join"
   165  }
   166  
   167  locals {
   168     server_metadata_startup_script = <<EOF
   169  sudo bash /ops/shared/scripts/server.sh "gce" "${var.server_count}" "${local.retry_join}"
   170     EOF
   171     
   172     client_metadata_startup_script = <<EOF
   173  sudo bash /ops/shared/scripts/client.sh "gce" "${local.retry_join}"
   174     EOF
   175  }
   176  
   177  resource "google_compute_instance" "server" {
   178    count        = var.server_count
   179    name         = "${var.name}-server-${count.index}"
   180    machine_type = var.server_machine_type
   181    zone         = "${var.region}-${var.zone}"
   182    tags         = ["server", "auto-join"]
   183  
   184    allow_stopping_for_update = true
   185  
   186    boot_disk {
   187      initialize_params {
   188        image = var.image
   189        size  = var.server_disk_size_gb
   190      }
   191    }
   192  
   193    network_interface {
   194      subnetwork = google_compute_subnetwork.hashistack.name
   195    }
   196  
   197    lifecycle {
   198      create_before_destroy = "true"
   199    }
   200  
   201    scheduling {
   202      preemptible       = var.enable_preemptible
   203      # scheduling must have automatic_restart be false when preemptible is true.
   204      automatic_restart = ! var.enable_preemptible
   205    }
   206  
   207    service_account {
   208      # https://developers.google.com/identity/protocols/googlescopes
   209      scopes = [
   210        "https://www.googleapis.com/auth/compute.readonly",
   211      ]
   212    }
   213  
   214    metadata = {
   215      enable-oslogin = true
   216    }
   217  
   218    metadata_startup_script = local.server_metadata_startup_script
   219  }
   220  
   221  resource "google_compute_instance" "client" {
   222    count        = var.client_count
   223    name         = "${var.name}-client-${count.index}"
   224    machine_type = var.client_machine_type
   225    zone         = "${var.region}-${var.zone}"
   226    tags         = ["client", "auto-join"]
   227  
   228    allow_stopping_for_update = true
   229  
   230    boot_disk {
   231      initialize_params {
   232        image = var.image
   233        size  = var.client_disk_size_gb
   234      }
   235    }
   236  
   237    network_interface {
   238      subnetwork = google_compute_subnetwork.hashistack.name
   239    }
   240  
   241    lifecycle {
   242      create_before_destroy = "true"
   243    }
   244  
   245    scheduling {
   246      preemptible       = var.enable_preemptible
   247      # scheduling must have automatic_restart be false when preemptible is true.
   248      automatic_restart = ! var.enable_preemptible
   249    }
   250  
   251    service_account {
   252      # https://developers.google.com/identity/protocols/googlescopes
   253      scopes = [
   254        "https://www.googleapis.com/auth/compute.readonly",
   255      ]
   256    }
   257  
   258    metadata = {
   259      enable-oslogin = true
   260    }
   261  
   262    metadata_startup_script = local.client_metadata_startup_script
   263  }