github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/terraform/aws/modules/hashistack/hashistack.tf

github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/terraform/aws/modules/hashistack/hashistack.tf (about)

     1  variable "name" {
     2  }
     3  
     4  variable "region" {
     5  }
     6  
     7  variable "ami" {
     8  }
     9  
    10  variable "server_instance_type" {
    11  }
    12  
    13  variable "client_instance_type" {
    14  }
    15  
    16  variable "key_name" {
    17  }
    18  
    19  variable "server_count" {
    20  }
    21  
    22  variable "client_count" {
    23  }
    24  
    25  variable "nomad_binary" {
    26  }
    27  
    28  variable "root_block_device_size" {
    29  }
    30  
    31  variable "whitelist_ip" {
    32  }
    33  
    34  variable "retry_join" {
    35    type = map(string)
    36  
    37    default = {
    38      provider  = "aws"
    39      tag_key   = "ConsulAutoJoin"
    40      tag_value = "auto-join"
    41    }
    42  }
    43  
    44  data "aws_vpc" "default" {
    45    default = true
    46  }
    47  
    48  resource "aws_security_group" "server_lb" {
    49    name   = "${var.name}-server-lb"
    50    vpc_id = data.aws_vpc.default.id
    51  
    52    # Nomad
    53    ingress {
    54      from_port   = 4646
    55      to_port     = 4646
    56      protocol    = "tcp"
    57      cidr_blocks = [var.whitelist_ip]
    58    }
    59  
    60    # Consul
    61    ingress {
    62      from_port   = 8500
    63      to_port     = 8500
    64      protocol    = "tcp"
    65      cidr_blocks = [var.whitelist_ip]
    66    }
    67  
    68    egress {
    69      from_port   = 0
    70      to_port     = 0
    71      protocol    = "-1"
    72      cidr_blocks = ["0.0.0.0/0"]
    73    }
    74  }
    75  
    76  resource "aws_security_group" "primary" {
    77    name   = var.name
    78    vpc_id = data.aws_vpc.default.id
    79  
    80    ingress {
    81      from_port   = 22
    82      to_port     = 22
    83      protocol    = "tcp"
    84      cidr_blocks = [var.whitelist_ip]
    85    }
    86  
    87    # Nomad
    88    ingress {
    89      from_port       = 4646
    90      to_port         = 4646
    91      protocol        = "tcp"
    92      cidr_blocks     = [var.whitelist_ip]
    93      security_groups = [aws_security_group.server_lb.id]
    94    }
    95  
    96    # Fabio
    97    ingress {
    98      from_port   = 9998
    99      to_port     = 9999
   100      protocol    = "tcp"
   101      cidr_blocks = [var.whitelist_ip]
   102    }
   103  
   104    # Consul
   105    ingress {
   106      from_port       = 8500
   107      to_port         = 8500
   108      protocol        = "tcp"
   109      cidr_blocks     = [var.whitelist_ip]
   110      security_groups = [aws_security_group.server_lb.id]
   111    }
   112  
   113    # HDFS NameNode UI
   114    ingress {
   115      from_port   = 50070
   116      to_port     = 50070
   117      protocol    = "tcp"
   118      cidr_blocks = [var.whitelist_ip]
   119    }
   120  
   121    # HDFS DataNode UI
   122    ingress {
   123      from_port   = 50075
   124      to_port     = 50075
   125      protocol    = "tcp"
   126      cidr_blocks = [var.whitelist_ip]
   127    }
   128  
   129    # Spark history server UI
   130    ingress {
   131      from_port   = 18080
   132      to_port     = 18080
   133      protocol    = "tcp"
   134      cidr_blocks = [var.whitelist_ip]
   135    }
   136  
   137    # Jupyter
   138    ingress {
   139      from_port   = 8888
   140      to_port     = 8888
   141      protocol    = "tcp"
   142      cidr_blocks = [var.whitelist_ip]
   143    }
   144  
   145    ingress {
   146      from_port = 0
   147      to_port   = 0
   148      protocol  = "-1"
   149      self      = true
   150    }
   151  
   152    egress {
   153      from_port   = 0
   154      to_port     = 0
   155      protocol    = "-1"
   156      cidr_blocks = ["0.0.0.0/0"]
   157    }
   158  }
   159  
   160  resource "aws_instance" "server" {
   161    ami                    = var.ami
   162    instance_type          = var.server_instance_type
   163    key_name               = var.key_name
   164    vpc_security_group_ids = [aws_security_group.primary.id]
   165    count                  = var.server_count
   166  
   167    # instance tags
   168    tags = merge(
   169      {
   170        "Name" = "${var.name}-server-${count.index}"
   171      },
   172      {
   173        "${var.retry_join.tag_key}" = "${var.retry_join.tag_value}"
   174      },
   175    )
   176  
   177    root_block_device {
   178      volume_type           = "gp2"
   179      volume_size           = var.root_block_device_size
   180      delete_on_termination = "true"
   181    }
   182  
   183    user_data = templatefile("${path.root}/user-data-server.sh",
   184      {
   185        server_count = var.server_count
   186        region       = var.region
   187        retry_join = chomp(
   188          join(
   189            " ",
   190            formatlist("%s=%s", keys(var.retry_join), values(var.retry_join)),
   191          ),
   192        )
   193        nomad_binary = var.nomad_binary
   194      }
   195    )
   196    iam_instance_profile = aws_iam_instance_profile.instance_profile.name
   197  }
   198  
   199  resource "aws_instance" "client" {
   200    ami                    = var.ami
   201    instance_type          = var.client_instance_type
   202    key_name               = var.key_name
   203    vpc_security_group_ids = [aws_security_group.primary.id]
   204    count                  = var.client_count
   205    depends_on             = [aws_instance.server]
   206  
   207    # instance tags
   208    tags = merge(
   209      {
   210        "Name" = "${var.name}-client-${count.index}"
   211      },
   212      {
   213        "${var.retry_join.tag_key}" = "${var.retry_join.tag_value}"
   214      },
   215    )
   216  
   217    root_block_device {
   218      volume_type           = "gp2"
   219      volume_size           = var.root_block_device_size
   220      delete_on_termination = "true"
   221    }
   222  
   223    ebs_block_device {
   224      device_name           = "/dev/xvdd"
   225      volume_type           = "gp2"
   226      volume_size           = "50"
   227      delete_on_termination = "true"
   228    }
   229  
   230    user_data = templatefile("${path.root}/user-data-client.sh",
   231      {
   232        region = var.region
   233        retry_join = chomp(
   234          join(
   235            " ",
   236            formatlist("%s=%s ", keys(var.retry_join), values(var.retry_join)),
   237          ),
   238        )
   239        nomad_binary = var.nomad_binary
   240      }
   241    )
   242    iam_instance_profile = aws_iam_instance_profile.instance_profile.name
   243  }
   244  
   245  resource "aws_iam_instance_profile" "instance_profile" {
   246    name_prefix = var.name
   247    role        = aws_iam_role.instance_role.name
   248  }
   249  
   250  resource "aws_iam_role" "instance_role" {
   251    name_prefix        = var.name
   252    assume_role_policy = data.aws_iam_policy_document.instance_role.json
   253  }
   254  
   255  data "aws_iam_policy_document" "instance_role" {
   256    statement {
   257      effect  = "Allow"
   258      actions = ["sts:AssumeRole"]
   259  
   260      principals {
   261        type        = "Service"
   262        identifiers = ["ec2.amazonaws.com"]
   263      }
   264    }
   265  }
   266  
   267  resource "aws_iam_role_policy" "auto_discover_cluster" {
   268    name   = "auto-discover-cluster"
   269    role   = aws_iam_role.instance_role.id
   270    policy = data.aws_iam_policy_document.auto_discover_cluster.json
   271  }
   272  
   273  data "aws_iam_policy_document" "auto_discover_cluster" {
   274    statement {
   275      effect = "Allow"
   276  
   277      actions = [
   278        "ec2:DescribeInstances",
   279        "ec2:DescribeTags",
   280        "autoscaling:DescribeAutoScalingGroups",
   281      ]
   282  
   283      resources = ["*"]
   284    }
   285  }
   286  
   287  resource "aws_elb" "server_lb" {
   288    name               = "${var.name}-server-lb"
   289    availability_zones = distinct(aws_instance.server.*.availability_zone)
   290    internal           = false
   291    instances          = aws_instance.server.*.id
   292    listener {
   293      instance_port     = 4646
   294      instance_protocol = "http"
   295      lb_port           = 4646
   296      lb_protocol       = "http"
   297    }
   298    listener {
   299      instance_port     = 8500
   300      instance_protocol = "http"
   301      lb_port           = 8500
   302      lb_protocol       = "http"
   303    }
   304    security_groups = [aws_security_group.server_lb.id]
   305  }
   306  
   307  output "server_public_ips" {
   308    value = aws_instance.server[*].public_ip
   309  }
   310  
   311  output "client_public_ips" {
   312    value = aws_instance.client[*].public_ip
   313  }
   314  
   315  output "server_lb_ip" {
   316    value = aws_elb.server_lb.dns_name
   317  }
   318