Nomad client 구성

By | 2022년 8월 22일
Table of Contents

Nomad client 구성

파일복사

mkdir ../nomad_client_cluster
cd ../nomad_client_cluster/

cp ../consul_server_cluster/variables.tf ./
cp ../consul_server_cluster/private.tf ./

파일생성

vi templates.tf
-----------------------------
data "template_file" "user_data_nomad_client" {
  // template = file("${path.module}/files/user-data-nomad-client.sh")

  vars = {
    server_count      = var.client_count
    retry_join        = var.retry_join
    access_key        = var.access_key
    secret_access_key = var.secret_access_key
    region            = var.region
  }
}

data "aws_security_group" "consul_lb" {
  name = "${var.stack_name}-consul-lb"
}

data "aws_security_group" "server_lb" {
  name = "${var.stack_name}-server-lb"
}
-----------------------------
vi sg.tf
-----------------------------
data "aws_vpc" "default" {
  default = true
}

resource "aws_security_group_rule" "client_to_consul_ingress" {
  type        = "ingress"
  from_port   = 1
  to_port     = 65535
  protocol    = "tcp"
  security_group_id = data.aws_security_group.consul_lb.id
  source_security_group_id = aws_security_group.client_lb.id
}

resource "aws_security_group_rule" "client_to_server_ingress" {
  type        = "ingress"
  from_port   = 1
  to_port     = 65535
  protocol    = "tcp"
  security_group_id = data.aws_security_group.server_lb.id
  source_security_group_id = aws_security_group.client_lb.id
}

resource "aws_security_group" "client_lb" {
  name   = "${var.stack_name}-client-lb"
  vpc_id = data.aws_vpc.default.id

  ingress {
    from_port   = 1
    to_port     = 65535
    protocol    = "tcp"
    cidr_blocks = var.my_ip
  }

  # Webapp HTTP.
  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = var.allowlist_ip
  }

  # github webhook
  ingress {
    from_port   = 8000
    to_port     = 8000
    protocol    = "tcp"
    cidr_blocks = ["192.30.252.0/22"]
  }

  # github webhook
  ingress {
    from_port   = 8000
    to_port     = 8000
    protocol    = "tcp"
    cidr_blocks = ["185.199.108.0/22"]
  }

  # github webhook
  ingress {
    from_port   = 8000
    to_port     = 8000
    protocol    = "tcp"
    cidr_blocks = ["140.82.112.0/20"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_security_group_rule" "consul_to_client_ingress" {
  type        = "ingress"
  from_port   = 1
  to_port     = 65535
  protocol    = "tcp"
  security_group_id = aws_security_group.client_lb.id
  source_security_group_id = data.aws_security_group.consul_lb.id
}

resource "aws_security_group_rule" "server_to_client_ingress" {
  type        = "ingress"
  from_port   = 1
  to_port     = 65535
  protocol    = "tcp"
  security_group_id = aws_security_group.client_lb.id
  source_security_group_id = data.aws_security_group.server_lb.id
}

resource "aws_security_group_rule" "client_to_client_ingress" {
  type        = "ingress"
  from_port   = 1
  to_port     = 65535
  protocol    = "tcp"
  security_group_id = aws_security_group.client_lb.id
  source_security_group_id = aws_security_group.client_lb.id
}
-----------------------------
vi main.tf
-----------------------------
provider "aws" {
  region  = var.region
}

resource "aws_instance" "nomad_client" {
  ami                    = var.ami
  instance_type          = var.client_instance_type
  key_name               = var.key_name
  vpc_security_group_ids = [aws_security_group.client_lb.id]
  count                  = var.client_count
  // iam_instance_profile   = aws_iam_instance_profile.nomad_client.name

  tags = {
    Name           = "${var.stack_name}-nomad_client-${count.index + 1}"
    ConsulAutoJoin = "auto-join"
    OwnerName      = var.owner_name
    OwnerEmail     = var.owner_email
  }

  root_block_device {
    volume_type           = "gp2"
    volume_size           = var.root_block_device_size
    delete_on_termination = "true"
  }

  // user_data            = data.template_file.user_data_nomad_client.rendered
}
-----------------------------

중간 테스트

클라이언트 인스턴스가 생성됩니다.
아직은 Nomad client 는 작동하지 않습니다.

terraform init
terraform validate
terraform plan

terraform apply
terraform show
terraform destroy

파일 추가 생성

mkdir files
vi files/user-data-nomad-client.sh
-----------------------------
#!/bin/bash

set -e

sudo mkdir -p /ops
cd /ops/

sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/setup.sh
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/net.sh
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/consul-client.hcl
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/consul.service
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/nomad-client.sh
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/nomad-client.hcl
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/nomad-client.service

sudo chmod +x /ops/setup.sh
sudo chmod +x /ops/net.sh
sudo chmod +x /ops/nomad-client.sh

sudo bash -c "/ops/nomad-client.sh \"${server_count}\" \"${retry_join}\" \"${access_key}\" \"${secret_access_key}\""
# rm -rf /ops/
-----------------------------
vi iam.tf
-----------------------------
resource "aws_iam_instance_profile" "nomad_client" {
  name_prefix = var.stack_name
  role        = aws_iam_role.nomad_client.name
}

resource "aws_iam_role" "nomad_client" {
  name_prefix        = var.stack_name
  assume_role_policy = data.aws_iam_policy_document.nomad_client_assume.json
}

resource "aws_iam_role_policy" "nomad_client" {
  name   = "noamd-client"
  role   = aws_iam_role.nomad_client.id
  policy = data.aws_iam_policy_document.nomad_client.json
}

data "aws_iam_policy_document" "nomad_client_assume" {
  statement {
    effect  = "Allow"
    actions = ["sts:AssumeRole"]

    principals {
      type        = "Service"
      identifiers = ["ec2.amazonaws.com"]
    }
  }
}

data "aws_iam_policy_document" "nomad_client" {
  statement {
    effect = "Allow"

    actions = [
      "autoscaling:CreateOrUpdateTags",
      "autoscaling:DescribeScalingActivities",
      "autoscaling:DescribeAutoScalingGroups",
      "autoscaling:UpdateAutoScalingGroup",
      "autoscaling:TerminateInstanceInAutoScalingGroup",
      "ec2:DescribeInstances",
    ]

    resources = ["*"]
  }
}
-----------------------------
vi templates.tf
-----------------------------
data "template_file" "user_data_nomad_client" {
  template = file("${path.module}/files/user-data-nomad-client.sh")

  vars = {
    access_key        = var.access_key
    secret_access_key = var.secret_access_key
    // ......
  }
}
-----------------------------
vi main.tf
-----------------------------
resource "aws_instance" "nomad_client" {
  iam_instance_profile   = aws_iam_instance_profile.nomad_client.name
  user_data            = data.template_file.user_data_nomad_client.rendered
  // ......
}
-----------------------------
terraform init
terraform validate
terraform plan

terraform apply
terraform show
terraform destroy

http://<서버 아이피>:4646/ 에 접속하여
클라이언트가 접속된 것을 확인할 수 있습니다.

답글 남기기