github.com/iqoqo/nomad@v0.11.3-0.20200911112621-d7021c74d101/terraform/aws/modules/hashistack/hashistack.tf

github.com/iqoqo/nomad@v0.11.3-0.20200911112621-d7021c74d101/terraform/aws/modules/hashistack/hashistack.tf (about)

     1  variable "name" {
     2  }
     3  
     4  variable "region" {
     5  }
     6  
     7  variable "ami" {
     8  }
     9  
    10  variable "server_instance_type" {
    11  }
    12  
    13  variable "client_instance_type" {
    14  }
    15  
    16  variable "key_name" {
    17  }
    18  
    19  variable "server_count" {
    20  }
    21  
    22  variable "client_count" {
    23  }
    24  
    25  variable "nomad_binary" {
    26  }
    27  
    28  variable "root_block_device_size" {
    29  }
    30  
    31  variable "whitelist_ip" {
    32  }
    33  
    34  variable "retry_join" {
    35    type = map(string)
    36  
    37    default = {
    38      provider  = "aws"
    39      tag_key   = "ConsulAutoJoin"
    40      tag_value = "auto-join"
    41    }
    42  }
    43  
    44  data "aws_vpc" "default" {
    45    default = true
    46  }
    47  
    48  resource "aws_security_group" "server_lb" {
    49    name   = "${var.name}-server-lb"
    50    vpc_id = data.aws_vpc.default.id
    51  
    52    # Nomad
    53    ingress {
    54      from_port   = 4646
    55      to_port     = 4646
    56      protocol    = "tcp"
    57      cidr_blocks = [var.whitelist_ip]
    58    }
    59  
    60    # Consul
    61    ingress {
    62      from_port   = 8500
    63      to_port     = 8500
    64      protocol    = "tcp"
    65      cidr_blocks = [var.whitelist_ip]
    66    }
    67  
    68    egress {
    69      from_port   = 0
    70      to_port     = 0
    71      protocol    = "-1"
    72      cidr_blocks = ["0.0.0.0/0"]
    73    }
    74  }
    75  
    76  resource "aws_security_group" "primary" {
    77    name   = var.name
    78    vpc_id = data.aws_vpc.default.id
    79  
    80    ingress {
    81      from_port   = 22
    82      to_port     = 22
    83      protocol    = "tcp"
    84      cidr_blocks = [var.whitelist_ip]
    85    }
    86  
    87    # Nomad
    88    ingress {
    89      from_port       = 4646
    90      to_port         = 4646
    91      protocol        = "tcp"
    92      cidr_blocks     = [var.whitelist_ip]
    93      security_groups = [aws_security_group.server_lb.id]
    94    }
    95  
    96    # Fabio 
    97    ingress {
    98      from_port   = 9998
    99      to_port     = 9999
   100      protocol    = "tcp"
   101      cidr_blocks = [var.whitelist_ip]
   102    }
   103  
   104    # Consul
   105    ingress {
   106      from_port       = 8500
   107      to_port         = 8500
   108      protocol        = "tcp"
   109      cidr_blocks     = [var.whitelist_ip]
   110      security_groups = [aws_security_group.server_lb.id]
   111    }
   112  
   113    # HDFS NameNode UI
   114    ingress {
   115      from_port   = 50070
   116      to_port     = 50070
   117      protocol    = "tcp"
   118      cidr_blocks = [var.whitelist_ip]
   119    }
   120  
   121    # HDFS DataNode UI
   122    ingress {
   123      from_port   = 50075
   124      to_port     = 50075
   125      protocol    = "tcp"
   126      cidr_blocks = [var.whitelist_ip]
   127    }
   128  
   129    # Spark history server UI
   130    ingress {
   131      from_port   = 18080
   132      to_port     = 18080
   133      protocol    = "tcp"
   134      cidr_blocks = [var.whitelist_ip]
   135    }
   136  
   137    # Jupyter
   138    ingress {
   139      from_port   = 8888
   140      to_port     = 8888
   141      protocol    = "tcp"
   142      cidr_blocks = [var.whitelist_ip]
   143    }
   144  
   145    ingress {
   146      from_port = 0
   147      to_port   = 0
   148      protocol  = "-1"
   149      self      = true
   150    }
   151  
   152    egress {
   153      from_port   = 0
   154      to_port     = 0
   155      protocol    = "-1"
   156      cidr_blocks = ["0.0.0.0/0"]
   157    }
   158  }
   159  
   160  data "template_file" "user_data_server" {
   161    template = file("${path.root}/user-data-server.sh")
   162  
   163    vars = {
   164      server_count = var.server_count
   165      region       = var.region
   166      retry_join = chomp(
   167        join(
   168          " ",
   169          formatlist("%s=%s", keys(var.retry_join), values(var.retry_join)),
   170        ),
   171      )
   172      nomad_binary = var.nomad_binary
   173    }
   174  }
   175  
   176  data "template_file" "user_data_client" {
   177    template = file("${path.root}/user-data-client.sh")
   178  
   179    vars = {
   180      region = var.region
   181      retry_join = chomp(
   182        join(
   183          " ",
   184          formatlist("%s=%s ", keys(var.retry_join), values(var.retry_join)),
   185        ),
   186      )
   187      nomad_binary = var.nomad_binary
   188    }
   189  }
   190  
   191  resource "aws_instance" "server" {
   192    ami                    = var.ami
   193    instance_type          = var.server_instance_type
   194    key_name               = var.key_name
   195    vpc_security_group_ids = [aws_security_group.primary.id]
   196    count                  = var.server_count
   197  
   198    # instance tags
   199    tags = merge(
   200      {
   201        "Name" = "${var.name}-server-${count.index}"
   202      },
   203      {
   204        "${var.retry_join.tag_key}" = "${var.retry_join.tag_value}"
   205      },
   206    )
   207  
   208    root_block_device {
   209      volume_type           = "gp2"
   210      volume_size           = var.root_block_device_size
   211      delete_on_termination = "true"
   212    }
   213  
   214    user_data            = data.template_file.user_data_server.rendered
   215    iam_instance_profile = aws_iam_instance_profile.instance_profile.name
   216  }
   217  
   218  resource "aws_instance" "client" {
   219    ami                    = var.ami
   220    instance_type          = var.client_instance_type
   221    key_name               = var.key_name
   222    vpc_security_group_ids = [aws_security_group.primary.id]
   223    count                  = var.client_count
   224    depends_on             = [aws_instance.server]
   225  
   226    # instance tags
   227    tags = merge(
   228      {
   229        "Name" = "${var.name}-client-${count.index}"
   230      },
   231      {
   232        "${var.retry_join.tag_key}" = "${var.retry_join.tag_value}"
   233      },
   234    )
   235  
   236    root_block_device {
   237      volume_type           = "gp2"
   238      volume_size           = var.root_block_device_size
   239      delete_on_termination = "true"
   240    }
   241  
   242    ebs_block_device {
   243      device_name           = "/dev/xvdd"
   244      volume_type           = "gp2"
   245      volume_size           = "50"
   246      delete_on_termination = "true"
   247    }
   248  
   249    user_data            = data.template_file.user_data_client.rendered
   250    iam_instance_profile = aws_iam_instance_profile.instance_profile.name
   251  }
   252  
   253  resource "aws_iam_instance_profile" "instance_profile" {
   254    name_prefix = var.name
   255    role        = aws_iam_role.instance_role.name
   256  }
   257  
   258  resource "aws_iam_role" "instance_role" {
   259    name_prefix        = var.name
   260    assume_role_policy = data.aws_iam_policy_document.instance_role.json
   261  }
   262  
   263  data "aws_iam_policy_document" "instance_role" {
   264    statement {
   265      effect  = "Allow"
   266      actions = ["sts:AssumeRole"]
   267  
   268      principals {
   269        type        = "Service"
   270        identifiers = ["ec2.amazonaws.com"]
   271      }
   272    }
   273  }
   274  
   275  resource "aws_iam_role_policy" "auto_discover_cluster" {
   276    name   = "auto-discover-cluster"
   277    role   = aws_iam_role.instance_role.id
   278    policy = data.aws_iam_policy_document.auto_discover_cluster.json
   279  }
   280  
   281  data "aws_iam_policy_document" "auto_discover_cluster" {
   282    statement {
   283      effect = "Allow"
   284  
   285      actions = [
   286        "ec2:DescribeInstances",
   287        "ec2:DescribeTags",
   288        "autoscaling:DescribeAutoScalingGroups",
   289      ]
   290  
   291      resources = ["*"]
   292    }
   293  }
   294  
   295  resource "aws_elb" "server_lb" {
   296    name               = "${var.name}-server-lb"
   297    availability_zones = distinct(aws_instance.server.*.availability_zone)
   298    internal           = false
   299    instances          = aws_instance.server.*.id
   300    listener {
   301      instance_port     = 4646
   302      instance_protocol = "http"
   303      lb_port           = 4646
   304      lb_protocol       = "http"
   305    }
   306    listener {
   307      instance_port     = 8500
   308      instance_protocol = "http"
   309      lb_port           = 8500
   310      lb_protocol       = "http"
   311    }
   312    security_groups = [aws_security_group.server_lb.id]
   313  }
   314  
   315  output "server_public_ips" {
   316     value = aws_instance.server[*].public_ip
   317  }
   318  
   319  output "client_public_ips" {
   320     value = aws_instance.client[*].public_ip
   321  }
   322  
   323  output "server_lb_ip" {
   324    value = aws_elb.server_lb.dns_name
   325  }
   326