github.com/bigcommerce/nomad@v0.9.3-bc/terraform/aws/modules/hashistack/hashistack.tf

github.com/bigcommerce/nomad@v0.9.3-bc/terraform/aws/modules/hashistack/hashistack.tf (about)

     1  variable "name" {}
     2  variable "region" {}
     3  variable "ami" {}
     4  variable "server_instance_type" {}
     5  variable "client_instance_type" {}
     6  variable "key_name" {}
     7  variable "server_count" {}
     8  variable "client_count" {}
     9  variable "nomad_binary" {}
    10  variable "root_block_device_size" {}
    11  variable "whitelist_ip" {}
    12  
    13  variable "retry_join" {
    14    type = "map"
    15  
    16    default = {
    17      provider  = "aws"
    18      tag_key   = "ConsulAutoJoin"
    19      tag_value = "auto-join"
    20    }
    21  }
    22  
    23  data "aws_vpc" "default" {
    24    default = true
    25  }
    26  
    27  resource "aws_security_group" "server_lb" {
    28    name   = "${var.name}-server-lb"
    29    vpc_id = "${data.aws_vpc.default.id}"
    30  
    31    # Nomad
    32    ingress {
    33      from_port   = 4646
    34      to_port     = 4646
    35      protocol    = "tcp"
    36      cidr_blocks = ["${var.whitelist_ip}"]
    37    }
    38  
    39    # Consul
    40    ingress {
    41      from_port   = 8500
    42      to_port     = 8500
    43      protocol    = "tcp"
    44      cidr_blocks = ["${var.whitelist_ip}"]
    45    }
    46  
    47  
    48    egress {
    49      from_port   = 0
    50      to_port     = 0
    51      protocol    = "-1"
    52      cidr_blocks = ["0.0.0.0/0"]
    53    }
    54  }
    55  
    56  resource "aws_security_group" "primary" {
    57    name   = "${var.name}"
    58    vpc_id = "${data.aws_vpc.default.id}"
    59  
    60    ingress {
    61      from_port   = 22
    62      to_port     = 22
    63      protocol    = "tcp"
    64      cidr_blocks = ["${var.whitelist_ip}"]
    65    }
    66  
    67    # Nomad
    68    ingress {
    69      from_port   = 4646
    70      to_port     = 4646
    71      protocol    = "tcp"
    72      cidr_blocks = ["${var.whitelist_ip}"]
    73      security_groups = ["${aws_security_group.server_lb.id}"]
    74    }
    75  
    76    # Fabio 
    77    ingress {
    78      from_port   = 9998
    79      to_port     = 9999
    80      protocol    = "tcp"
    81      cidr_blocks = ["${var.whitelist_ip}"]
    82    }
    83  
    84    # Consul
    85    ingress {
    86      from_port   = 8500
    87      to_port     = 8500
    88      protocol    = "tcp"
    89      cidr_blocks = ["${var.whitelist_ip}"]
    90      security_groups = ["${aws_security_group.server_lb.id}"]
    91    }
    92  
    93    # HDFS NameNode UI
    94    ingress {
    95      from_port   = 50070
    96      to_port     = 50070
    97      protocol    = "tcp"
    98      cidr_blocks = ["${var.whitelist_ip}"]
    99    }
   100  
   101    # HDFS DataNode UI
   102    ingress {
   103      from_port   = 50075
   104      to_port     = 50075
   105      protocol    = "tcp"
   106      cidr_blocks = ["${var.whitelist_ip}"]
   107    }
   108  
   109    # Spark history server UI
   110    ingress {
   111      from_port   = 18080
   112      to_port     = 18080
   113      protocol    = "tcp"
   114      cidr_blocks = ["${var.whitelist_ip}"]
   115    }
   116  
   117    # Jupyter
   118    ingress {
   119      from_port   = 8888
   120      to_port     = 8888
   121      protocol    = "tcp"
   122      cidr_blocks = ["${var.whitelist_ip}"]
   123    }
   124  
   125  
   126    ingress {
   127      from_port = 0
   128      to_port   = 0
   129      protocol  = "-1"
   130      self      = true
   131    }
   132  
   133    egress {
   134      from_port   = 0
   135      to_port     = 0
   136      protocol    = "-1"
   137      cidr_blocks = ["0.0.0.0/0"]
   138    }
   139  }
   140  
   141  data "template_file" "user_data_server" {
   142    template = "${file("${path.root}/user-data-server.sh")}"
   143  
   144    vars {
   145      server_count = "${var.server_count}"
   146      region       = "${var.region}"
   147      retry_join   = "${chomp(join(" ", formatlist("%s=%s", keys(var.retry_join), values(var.retry_join))))}"
   148      nomad_binary = "${var.nomad_binary}"
   149    }
   150  }
   151  
   152  data "template_file" "user_data_client" {
   153    template = "${file("${path.root}/user-data-client.sh")}"
   154  
   155    vars {
   156      region       = "${var.region}"
   157      retry_join   = "${chomp(join(" ", formatlist("%s=%s ", keys(var.retry_join), values(var.retry_join))))}"
   158      nomad_binary = "${var.nomad_binary}"
   159    }
   160  }
   161  
   162  resource "aws_instance" "server" {
   163    ami                    = "${var.ami}"
   164    instance_type          = "${var.server_instance_type}"
   165    key_name               = "${var.key_name}"
   166    vpc_security_group_ids = ["${aws_security_group.primary.id}"]
   167    count                  = "${var.server_count}"
   168  
   169    # instance tags
   170    tags = "${merge(
   171      map("Name", "${var.name}-server-${count.index}"),
   172      map(lookup(var.retry_join, "tag_key"), lookup(var.retry_join, "tag_value"))
   173    )}"
   174  
   175    root_block_device {
   176      volume_type           = "gp2"
   177      volume_size           = "${var.root_block_device_size}"
   178      delete_on_termination = "true"
   179    }
   180  
   181    user_data            = "${data.template_file.user_data_server.rendered}"
   182    iam_instance_profile = "${aws_iam_instance_profile.instance_profile.name}"
   183  }
   184  
   185  resource "aws_instance" "client" {
   186    ami                    = "${var.ami}"
   187    instance_type          = "${var.client_instance_type}"
   188    key_name               = "${var.key_name}"
   189    vpc_security_group_ids = ["${aws_security_group.primary.id}"]
   190    count                  = "${var.client_count}"
   191    depends_on             = ["aws_instance.server"]
   192  
   193    # instance tags
   194    tags = "${merge(
   195      map("Name", "${var.name}-client-${count.index}"),
   196      map(lookup(var.retry_join, "tag_key"), lookup(var.retry_join, "tag_value"))
   197    )}"
   198  
   199    root_block_device {
   200      volume_type           = "gp2"
   201      volume_size           = "${var.root_block_device_size}"
   202      delete_on_termination = "true"
   203    }
   204  
   205    ebs_block_device = {
   206      device_name           = "/dev/xvdd"
   207      volume_type           = "gp2"
   208      volume_size           = "50"
   209      delete_on_termination = "true"
   210    }
   211  
   212    user_data            = "${data.template_file.user_data_client.rendered}"
   213    iam_instance_profile = "${aws_iam_instance_profile.instance_profile.name}"
   214  }
   215  
   216  resource "aws_iam_instance_profile" "instance_profile" {
   217    name_prefix = "${var.name}"
   218    role        = "${aws_iam_role.instance_role.name}"
   219  }
   220  
   221  resource "aws_iam_role" "instance_role" {
   222    name_prefix        = "${var.name}"
   223    assume_role_policy = "${data.aws_iam_policy_document.instance_role.json}"
   224  }
   225  
   226  data "aws_iam_policy_document" "instance_role" {
   227    statement {
   228      effect  = "Allow"
   229      actions = ["sts:AssumeRole"]
   230  
   231      principals {
   232        type        = "Service"
   233        identifiers = ["ec2.amazonaws.com"]
   234      }
   235    }
   236  }
   237  
   238  resource "aws_iam_role_policy" "auto_discover_cluster" {
   239    name   = "auto-discover-cluster"
   240    role   = "${aws_iam_role.instance_role.id}"
   241    policy = "${data.aws_iam_policy_document.auto_discover_cluster.json}"
   242  }
   243  
   244  data "aws_iam_policy_document" "auto_discover_cluster" {
   245    statement {
   246      effect = "Allow"
   247  
   248      actions = [
   249        "ec2:DescribeInstances",
   250        "ec2:DescribeTags",
   251        "autoscaling:DescribeAutoScalingGroups",
   252      ]
   253  
   254      resources = ["*"]
   255    }
   256  }
   257  
   258  resource "aws_elb" "server_lb" {
   259    name               = "${var.name}-server-lb"
   260    availability_zones = ["${distinct(aws_instance.server.*.availability_zone)}"]
   261    internal           = false
   262    instances = ["${aws_instance.server.*.id}"]
   263    listener {
   264      instance_port     = 4646
   265      instance_protocol = "http"
   266      lb_port           = 4646
   267      lb_protocol       = "http"
   268    }
   269    listener {
   270      instance_port     = 8500
   271      instance_protocol = "http"
   272      lb_port           = 8500
   273      lb_protocol       = "http"
   274    }
   275    security_groups = ["${aws_security_group.server_lb.id}"]
   276  }
   277  
   278  output "server_public_ips" {
   279    value = ["${aws_instance.server.*.public_ip}"]
   280  }
   281  
   282  output "client_public_ips" {
   283    value = ["${aws_instance.client.*.public_ip}"]
   284  }
   285  
   286  output "server_lb_ip" {
   287    value = "${aws_elb.server_lb.dns_name}"
   288  }