Table of Contents
Nomad client 구성
파일복사
mkdir ../nomad_client_cluster
cd ../nomad_client_cluster/
cp ../consul_server_cluster/variables.tf ./
cp ../consul_server_cluster/private.tf ./파일생성
vi templates.tf
-----------------------------
data "template_file" "user_data_nomad_client" {
// template = file("${path.module}/files/user-data-nomad-client.sh")
vars = {
server_count = var.client_count
retry_join = var.retry_join
access_key = var.access_key
secret_access_key = var.secret_access_key
region = var.region
}
}
data "aws_security_group" "consul_lb" {
name = "${var.stack_name}-consul-lb"
}
data "aws_security_group" "server_lb" {
name = "${var.stack_name}-server-lb"
}
-----------------------------vi sg.tf
-----------------------------
data "aws_vpc" "default" {
default = true
}
resource "aws_security_group_rule" "client_to_consul_ingress" {
type = "ingress"
from_port = 1
to_port = 65535
protocol = "tcp"
security_group_id = data.aws_security_group.consul_lb.id
source_security_group_id = aws_security_group.client_lb.id
}
resource "aws_security_group_rule" "client_to_server_ingress" {
type = "ingress"
from_port = 1
to_port = 65535
protocol = "tcp"
security_group_id = data.aws_security_group.server_lb.id
source_security_group_id = aws_security_group.client_lb.id
}
resource "aws_security_group" "client_lb" {
name = "${var.stack_name}-client-lb"
vpc_id = data.aws_vpc.default.id
ingress {
from_port = 1
to_port = 65535
protocol = "tcp"
cidr_blocks = var.my_ip
}
# Webapp HTTP.
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = var.allowlist_ip
}
# github webhook
ingress {
from_port = 8000
to_port = 8000
protocol = "tcp"
cidr_blocks = ["192.30.252.0/22"]
}
# github webhook
ingress {
from_port = 8000
to_port = 8000
protocol = "tcp"
cidr_blocks = ["185.199.108.0/22"]
}
# github webhook
ingress {
from_port = 8000
to_port = 8000
protocol = "tcp"
cidr_blocks = ["140.82.112.0/20"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group_rule" "consul_to_client_ingress" {
type = "ingress"
from_port = 1
to_port = 65535
protocol = "tcp"
security_group_id = aws_security_group.client_lb.id
source_security_group_id = data.aws_security_group.consul_lb.id
}
resource "aws_security_group_rule" "server_to_client_ingress" {
type = "ingress"
from_port = 1
to_port = 65535
protocol = "tcp"
security_group_id = aws_security_group.client_lb.id
source_security_group_id = data.aws_security_group.server_lb.id
}
resource "aws_security_group_rule" "client_to_client_ingress" {
type = "ingress"
from_port = 1
to_port = 65535
protocol = "tcp"
security_group_id = aws_security_group.client_lb.id
source_security_group_id = aws_security_group.client_lb.id
}
-----------------------------vi main.tf
-----------------------------
provider "aws" {
region = var.region
}
resource "aws_instance" "nomad_client" {
ami = var.ami
instance_type = var.client_instance_type
key_name = var.key_name
vpc_security_group_ids = [aws_security_group.client_lb.id]
count = var.client_count
// iam_instance_profile = aws_iam_instance_profile.nomad_client.name
tags = {
Name = "${var.stack_name}-nomad_client-${count.index + 1}"
ConsulAutoJoin = "auto-join"
OwnerName = var.owner_name
OwnerEmail = var.owner_email
}
root_block_device {
volume_type = "gp2"
volume_size = var.root_block_device_size
delete_on_termination = "true"
}
// user_data = data.template_file.user_data_nomad_client.rendered
}
-----------------------------중간 테스트
클라이언트 인스턴스가 생성됩니다.
아직은 Nomad client 는 작동하지 않습니다.
terraform init
terraform validate
terraform plan
terraform apply
terraform show
terraform destroy파일 추가 생성
mkdir files
vi files/user-data-nomad-client.sh
-----------------------------
#!/bin/bash
set -e
sudo mkdir -p /ops
cd /ops/
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/setup.sh
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/net.sh
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/consul-client.hcl
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/consul.service
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/nomad-client.sh
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/nomad-client.hcl
sudo wget https://github.com/skyer9/TerraformOnAws/raw/main/files/nomad-client.service
sudo chmod +x /ops/setup.sh
sudo chmod +x /ops/net.sh
sudo chmod +x /ops/nomad-client.sh
sudo bash -c "/ops/nomad-client.sh \"${server_count}\" \"${retry_join}\" \"${access_key}\" \"${secret_access_key}\""
# rm -rf /ops/
-----------------------------vi iam.tf
-----------------------------
resource "aws_iam_instance_profile" "nomad_client" {
name_prefix = var.stack_name
role = aws_iam_role.nomad_client.name
}
resource "aws_iam_role" "nomad_client" {
name_prefix = var.stack_name
assume_role_policy = data.aws_iam_policy_document.nomad_client_assume.json
}
resource "aws_iam_role_policy" "nomad_client" {
name = "noamd-client"
role = aws_iam_role.nomad_client.id
policy = data.aws_iam_policy_document.nomad_client.json
}
data "aws_iam_policy_document" "nomad_client_assume" {
statement {
effect = "Allow"
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
}
}
data "aws_iam_policy_document" "nomad_client" {
statement {
effect = "Allow"
actions = [
"autoscaling:CreateOrUpdateTags",
"autoscaling:DescribeScalingActivities",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"ec2:DescribeInstances",
]
resources = ["*"]
}
}
-----------------------------vi templates.tf
-----------------------------
data "template_file" "user_data_nomad_client" {
template = file("${path.module}/files/user-data-nomad-client.sh")
vars = {
access_key = var.access_key
secret_access_key = var.secret_access_key
// ......
}
}
-----------------------------vi main.tf
-----------------------------
resource "aws_instance" "nomad_client" {
iam_instance_profile = aws_iam_instance_profile.nomad_client.name
user_data = data.template_file.user_data_nomad_client.rendered
// ......
}
-----------------------------terraform init
terraform validate
terraform plan
terraform apply
terraform show
terraform destroyhttp://<서버 아이피>:4646/ 에 접속하여
클라이언트가 접속된 것을 확인할 수 있습니다.