Skip to content

eschudt/hashistack-digitalocean

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

82 Commits
modules
modules
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

Hashistack Digitalocean

Terraform to setup a consul and nomad cluster by building the number of servers and clients specified. It wraps them around a firewall that can only be accesses via a bastion host (ssh) and a load balancer (http) Uses digital ocean as a provider to create the droplets needed. Sets up Vault to store secrets

Now also uses Consul Connect as a sidecar allocation to interact with other services

It starts nomad and consul as a service and automatically connects all nodes in the cluster

Environment variables

  • do_token - api token for digital ocean which can be found in your DigitalOcean Account under "API"
  • ssh_fingerprint - the ssh fingerprint to use to connect to your newly created droplets
  • bastion_host_id - the droplet id of the bastion host server
  • server_count - number of server droplets to create
  • client_count - number of client droplets to create

Modules

server-droplet

  • Create servers and sets up nomad and consul in server mode
  • server_count - number of server droplets to create

client-droplet

  • Create clients and sets up nomad and consul in client mode
  • client_count - number of client droplets to create
  • consul_server_ip - a consul server ip

load-balancer

  • Create a public load balancer to connect to all servers
  • all_server_ids - ids of all servers (droplets)

firewall

  • Create a firewall around the server and client droplets
  • all_server_ids - ids of all servers (droplets)
  • load_balancer_id - the id of the digital ocean load balancer
  • bastion_id - the droplet id of the bastion host

Scripts

Scripts for installing required software in newly created droplets

consul

install_consul.sh client|server ${self.ipv4_address_private} ${var.consul_server_ip}

  • Installs required software - unzip and docker
  • Sets up iptables to allow access to localhost from docker
  • Downloads consul and copies the binary to the /user/bin directory
  • Starts consul as a service in either server or client mode
  • If in client mode, it joins the client to the cluster

nomad

install_nomad.sh client|server

  • Downloads nomad and copies the binary to the /user/bin directory
  • Starts nomad as a service in either server or client mode

vault

install_vault.sh server

  • Downloads vault and copies the binary to the /user/bin directory
  • Starts vault as a service in server mode
  • Initializes Vault
  • Unseals vaults to make it ready for use
  • Exports the vault token for nomad to use

How to run

  • eval `ssh-agent -s`
  • ssh-add ~/.ssh/id_rsa (add your private key to the ssh agent which corresponds to the ssh_fingerprint)
  • terraform init
  • terraform plan
  • terraform apply

About

Terraform to setup a consul cluster interacting with a nomad cluster

Topics

digitalocean consul vault terraform nomad fabio hacktoberfest

Resources

Readme
Activity

Stars

47 stars

Watchers

2 watching

Forks

12 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages