Table of Contents
Nomad server 구성
파일 복사
mkdir ../nomad_server_cluster
cd ../nomad_server_cluster/
cp ../consul_server_cluster/variables.tf ./
cp ../consul_server_cluster/private.tf ./
파일생성
vi templates.tf
-----------------------------
data "template_file" "user_data_nomad_server" {
// template = file("${path.module}/files/user-data-nomad-server.sh")
vars = {
server_count = var.server_count
region = var.region
retry_join = var.retry_join
}
}
data "aws_security_group" "consul_lb" {
name = "${var.stack_name}-consul-lb"
}
-----------------------------
vi sg.tf
-----------------------------
data "aws_vpc" "default" {
default = true
}
resource "aws_security_group_rule" "server_to_consul_ingress" {
type = "ingress"
from_port = 1
to_port = 65535
protocol = "tcp"
security_group_id = data.aws_security_group.consul_lb.id
source_security_group_id = aws_security_group.server_lb.id
}
resource "aws_security_group" "server_lb" {
name = "${var.stack_name}-server-lb"
vpc_id = data.aws_vpc.default.id
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = var.my_ip
}
# Nomad HTTP API & UI.
ingress {
from_port = 4646
to_port = 4648
protocol = "tcp"
cidr_blocks = var.my_ip
}
# Consul HTTP API & UI.
ingress {
from_port = 8300
to_port = 8600
protocol = "tcp"
cidr_blocks = var.my_ip
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group_rule" "consul_to_server_ingress" {
type = "ingress"
from_port = 1
to_port = 65535
protocol = "tcp"
security_group_id = aws_security_group.server_lb.id
source_security_group_id = data.aws_security_group.consul_lb.id
}
resource "aws_security_group_rule" "server_to_server_ingress" {
type = "ingress"
from_port = 1
to_port = 65535
protocol = "tcp"
security_group_id = aws_security_group.server_lb.id
source_security_group_id = aws_security_group.server_lb.id
}
-----------------------------
vi main.tf
-----------------------------
provider "aws" {
region = var.region
}
resource "aws_instance" "nomad_server" {
ami = var.ami
instance_type = var.server_instance_type
key_name = var.key_name
vpc_security_group_ids = [aws_security_group.server_lb.id]
count = var.server_count
// iam_instance_profile = aws_iam_instance_profile.nomad_server.name
tags = {
Name = "${var.stack_name}-nomad_server-${count.index + 1}"
ConsulAutoJoin = "auto-join"
OwnerName = var.owner_name
OwnerEmail = var.owner_email
}
root_block_device {
volume_type = "gp2"
volume_size = var.root_block_device_size
delete_on_termination = "true"
}
// user_data = data.template_file.user_data_nomad_server.rendered
}
-----------------------------
서버 인스턴스가 생성됩니다.
아직은 Nomad server 는 작동하지 않습니다.
terraform init
terraform validate
terraform plan
terraform apply
terraform show
terraform destroy
Nomad server 설정
mkdir files
vi files/user-data-nomad-server.sh
-----------------------------
#!/bin/bash
set -e
sudo mkdir -p /ops
cd /ops/
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/setup.sh
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/net.sh
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/consul-client.hcl
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/consul.service
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/nomad-server.sh
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/nomad-server.hcl
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/nomad-server.service
sudo chmod +x /ops/setup.sh
sudo chmod +x /ops/net.sh
sudo chmod +x /ops/nomad-server.sh
sudo bash -c "/ops/nomad-server.sh \"${server_count}\" \"${retry_join}\""
# rm -rf /ops/
-----------------------------
vi iam.tf
-----------------------------
resource "aws_iam_instance_profile" "nomad_server" {
name_prefix = var.stack_name
role = aws_iam_role.nomad_server.name
}
resource "aws_iam_role" "nomad_server" {
name_prefix = var.stack_name
assume_role_policy = data.aws_iam_policy_document.nomad_server_assume.json
}
resource "aws_iam_role_policy" "nomad_server" {
name = "nomad-server"
role = aws_iam_role.nomad_server.id
policy = data.aws_iam_policy_document.nomad_server.json
}
data "aws_iam_policy_document" "nomad_server_assume" {
statement {
effect = "Allow"
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
}
}
data "aws_iam_policy_document" "nomad_server" {
statement {
effect = "Allow"
actions = [
"ec2:DescribeInstances",
"ec2:DescribeTags",
"autoscaling:DescribeAutoScalingGroups",
]
resources = ["*"]
}
}
-----------------------------
vi templates.tf
-----------------------------
data "template_file" "user_data_nomad_server" {
template = file("${path.module}/files/user-data-nomad-server.sh")
// ......
}
-----------------------------
vi main.tf
-----------------------------
provider "aws" {
region = var.region
}
resource "aws_instance" "nomad_server" {
iam_instance_profile = aws_iam_instance_profile.nomad_server.name
user_data = data.template_file.user_data_nomad_server.rendered
// ......
}
-----------------------------
terraform validate
terraform plan
terraform apply
terraform show
terraform destroy
http://<서버 아이피>:4646/ 에 접속하여 확인할 수 있습니다.