-
Notifications
You must be signed in to change notification settings - Fork 5
/
main.tf
127 lines (110 loc) · 3.01 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
module "network" {
source = "../modules/hcloud-network"
}
module "nomad" {
source = "../modules/hcloud-server"
prefix = "nomad-server"
location = "fsn1"
server_count = 1
user_data = module.server_user_data.data
labels = {
Environment = "demo"
Role = "server"
}
server_type = "cx11"
network_id = module.network.id
}
data "ssh_tunnel" "nomad" {
remote = {
host = module.nomad.private_ips[0]
port = 4646
}
local = {
port = 4646
}
depends_on = [null_resource.nomad]
}
data "ssh_tunnel" "consul" {
remote = {
host = module.nomad.private_ips[0]
port = 8500
}
local = {
port = 8500
}
depends_on = [null_resource.nomad]
}
module "server_user_data" {
source = "../modules/user-data"
input = {
"node_class" = "nomad-server"
"datacenter" = "dc1"
"servers" = []
"interface" = "ens10"
"consul_token" = ""
"nomad_token" = ""
}
}
module "redis_client_user_data" {
source = "../modules/user-data"
input = {
"node_class" = "redis"
"datacenter" = "dc1"
"servers" = module.nomad.private_ips
"interface" = "ens10"
"consul_token" = jsondecode(data.local_sensitive_file.creds.content)["consul"]
"nomad_token" = jsondecode(data.local_sensitive_file.creds.content)["nomad"]
}
}
resource "local_sensitive_file" "ssh" {
content = module.nomad.private_key
filename = "${path.module}/nomad.pem"
file_permission = "0400"
}
resource "null_resource" "nomad" {
triggers = {
servers = join(",", module.nomad.ids)
}
connection {
host = module.nomad.public_ips[0]
user = "root"
private_key = module.nomad.private_key
}
provisioner "file" {
source = "${path.module}/wait.sh"
destination = "/tmp/wait.sh"
}
provisioner "remote-exec" {
inline = [
"chmod +x /tmp/wait.sh",
"/tmp/wait.sh http://${module.nomad.private_ips[0]}:8500/v1/status/leader",
]
}
provisioner "remote-exec" {
inline = [
"chmod +x /tmp/wait.sh",
"/tmp/wait.sh http://${module.nomad.private_ips[0]}:4646/v1/status/leader",
]
}
provisioner "local-exec" {
command = "scp -o \"StrictHostKeyChecking no\" -i ${local_sensitive_file.ssh.filename} root@${module.nomad.public_ips[0]}:/tmp/api-tokens.json ${path.root}/api-tokens.json"
}
}
data "local_sensitive_file" "creds" {
filename = "${path.root}/api-tokens.json"
depends_on = [null_resource.nomad]
}
resource "consul_key_prefix" "secrets" {
path_prefix = "secrets/"
subkeys = {
"nomad/redis/user-data" = base64encode(module.redis_client_user_data.data)
"hcloud/token" = var.hcloud_token
"consul/token" = jsondecode(data.local_sensitive_file.creds.content)["consul"]
"nomad/token" = jsondecode(data.local_sensitive_file.creds.content)["nomad"]
}
}
module "services" {
source = "../modules/nomad-service"
for_each = fileset("${path.module}/jobs", "*.hcl")
path = "${path.module}/jobs/${each.key}"
}