{"id":6153,"date":"2022-08-22T14:41:41","date_gmt":"2022-08-22T05:41:41","guid":{"rendered":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=6153"},"modified":"2022-08-22T16:36:03","modified_gmt":"2022-08-22T07:36:03","slug":"consul-cluster-%ea%b5%ac%ec%84%b1%ed%95%98%ea%b8%b0-2","status":"publish","type":"post","link":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=6153","title":{"rendered":"Consul cluster \uad6c\uc131\ud558\uae30"},"content":{"rendered":"

Consul cluster \uad6c\uc131\ud558\uae30<\/h1>\n

\ud3f4\ub354 \uc0dd\uc131<\/h2>\n
mkdir consul_server_cluster\ncd consul_server_cluster<\/code><\/pre>\n
AMI \uc544\uc774\ub514 \ucc3e\uae30<\/h2>\n
AMI \uc544\uc774\ub514\ub294 \uc544\ub798\ucc98\ub7fc \ucc3e\uc744 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n
\"\"<\/a><\/p>\n
\ubcc0\uc218\uc124\uc815 \ubc0f \uc11c\ubc84 \uc2e4\ud589<\/h2>\n
vi variables.tf\n-----------------------------\nvariable "stack_name" {\n  description = "The name to prefix onto resources."\n  type        = string\n  default     = "my"\n}\n\nvariable "owner_name" {\n  description = "Your name so resources can be easily assigned."\n  type        = string\n  default     = "skyer9"\n}\n\nvariable "owner_email" {\n  description = "Your email so you can be contacted about resources."\n  type        = string\n  default     = "skyer9@gmail.com"\n}\n\nvariable "region" {\n  description = "The AWS region to deploy into."\n  type        = string\n  default     = "ap-northeast-2"\n}\n\nvariable "availability_zones" {\n  description = "The AWS region AZs to deploy into."\n  type        = list(string)\n  default     = ["ap-northeast-2a", "ap-northeast-2b", "ap-northeast-2c"]\n}\n\nvariable "ami" {\n  description = "The AMI to use, preferably built by the supplied Packer scripts."\n  type        = string\n  default     = "ami-0ea5eb4b05645aa8a"\n}\n\nvariable "consul_server_instance_type" {\n  description = "The EC2 instance type to launch for Consul servers."\n  type        = string\n  default     = "t3a.micro"\n}\n\nvariable "server_instance_type" {\n  description = "The EC2 instance type to launch for Nomad servers."\n  type        = string\n  default     = "t3a.micro"\n}\n\nvariable "client_instance_type" {\n  description = "The EC2 instance type to launch for Nomad clients."\n  type        = string\n  default     = "t3a.small"\n}\n\nvariable "consul_server_count" {\n  description = "The number of Consul servers to run."\n  type        = number\n  default     = 1\n}\n\nvariable "server_count" {\n  description = "The number of Nomad servers to run."\n  type        = number\n  default     = 1\n}\n\nvariable "client_count" {\n  description = "The number of Nomad clients to run."\n  type        = number\n  default     = 1\n}\n\nvariable "root_block_device_size" {\n  description = "The number of GB to assign as a block device on instances."\n  type        = number\n  default     = 8\n}\n\nvariable "retry_join" {\n  description = "The retry join configuration to use."\n  type        = string\n  default     = "provider=aws tag_key=ConsulAutoJoin tag_value=auto-join"\n}\n\nvariable "allowlist_ip" {\n  description = "A list of IP address to grant access via the LBs."\n  type        = list(string)\n  default     = ["0.0.0.0\/0"]\n}\n\nvariable "access_key" {\n  description = "AWS_ACCESS_KEY_ID"\n  type        = string\n  default     = "XXXXXXXXXXXXXXX"\n}\n\nvariable "secret_access_key" {\n  description = "AWS_SECRET_ACCESS_KEY"\n  type        = string\n  default     = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\n}\n-----------------------------<\/code><\/pre>\n
vi main.tf\n-----------------------------\nprovider "aws" {\n  region  = var.region\n}\n\nresource "aws_instance" "consul_server" {\n  ami                    = var.ami\n  instance_type          = var.consul_server_instance_type\n  \/\/ key_name               = var.key_name\n  \/\/ vpc_security_group_ids = [aws_security_group.consul_lb.id]\n  count                  = var.consul_server_count\n  \/\/ iam_instance_profile   = aws_iam_instance_profile.consul_server.name\n\n  tags = {\n    Name           = "${var.stack_name}-consul_server-${count.index + 1}"\n    ConsulAutoJoin = "auto-join"\n    OwnerName      = var.owner_name\n    OwnerEmail     = var.owner_email\n  }\n\n  root_block_device {\n    volume_type           = "gp2"\n    volume_size           = var.root_block_device_size\n    delete_on_termination = "true"\n  }\n\n  \/\/ user_data            = data.template_file.user_data_consul_server.rendered\n}\n-----------------------------<\/code><\/pre>\n
terraform init\nterraform validate\nterraform plan<\/code><\/pre>\n
\ud14c\uc2a4\ud2b8\ub85c \uc778\uc2a4\ud134\uc2a4\ub97c \uc0dd\uc131\ud574 \ubd05\ub2c8\ub2e4.
\n\ud604\uc7ac\uc0c1\ud0dc\uc5d0\uc11c\ub294 \uc544\ubb34\ub7f0 \uae30\ub2a5\ub3c4 \uc5c6\uace0,
\n\ub2e8\uc9c0 EC2 \uc778\uc2a4\ud134\uc2a4\ub97c \uc0dd\uc131\ud574 \ubcf4\uace0 \uc0ad\uc81c\ud569\ub2c8\ub2e4.<\/p>\n
terraform apply\nterraform show\nterraform destroy<\/code><\/pre>\n
\uad8c\ud55c\uc124\uc815<\/h2>\n
vi private.tf\n-----------------------------\nvariable "key_name" {\n  description = "The EC2 key pair to use for EC2 instance SSH access."\n  type        = string\n  default     = "aws_key"                   # \ub0b4 \ud0a4\ud398\uc5b4\n}\n\nvariable "my_ip" {\n  description = "A list of IP address to grant access via the LBs."\n  type        = list(string)\n  default     = ["183.101.XXX.XXX\/32"]      # \ub0b4 \uc544\uc774\ud53c\n}\n-----------------------------<\/code><\/pre>\n
vi sg.tf\n-----------------------------\ndata "aws_vpc" "default" {\n  default = true\n}\n\nresource "aws_security_group" "consul_lb" {\n  name   = "${var.stack_name}-consul-lb"\n  vpc_id = data.aws_vpc.default.id\n\n  # Consul HTTP API & UI.\n  ingress {\n    from_port   = 8300\n    to_port     = 8600\n    protocol    = "tcp"\n    cidr_blocks = var.my_ip\n  }\n\n  ingress {\n    from_port   = 22\n    to_port     = 22\n    protocol    = "tcp"\n    cidr_blocks = var.my_ip\n  }\n\n  egress {\n    from_port   = 0\n    to_port     = 0\n    protocol    = "-1"\n    cidr_blocks = ["0.0.0.0\/0"]\n  }\n}\n\nresource "aws_security_group_rule" "consul_to_consul_ingress" {\n  type        = "ingress"\n  from_port   = 1\n  to_port     = 65535\n  protocol    = "tcp"\n  security_group_id = aws_security_group.consul_lb.id\n  source_security_group_id = aws_security_group.consul_lb.id\n}\n-----------------------------<\/code><\/pre>\n
vi iam.tf\n-----------------------------\nresource "aws_iam_instance_profile" "consul_server" {\n  name_prefix = var.stack_name\n  role        = aws_iam_role.consul_server.name\n}\n\nresource "aws_iam_role" "consul_server" {\n  name_prefix        = var.stack_name\n  assume_role_policy = data.aws_iam_policy_document.consul_server_assume.json\n}\n\nresource "aws_iam_role_policy" "consul_server" {\n  name   = "nomad-server"\n  role   = aws_iam_role.consul_server.id\n  policy = data.aws_iam_policy_document.consul_server.json\n}\n\ndata "aws_iam_policy_document" "consul_server_assume" {\n  statement {\n    effect  = "Allow"\n    actions = ["sts:AssumeRole"]\n\n    principals {\n      type        = "Service"\n      identifiers = ["ec2.amazonaws.com"]\n    }\n  }\n}\n\ndata "aws_iam_policy_document" "consul_server" {\n  statement {\n    effect = "Allow"\n\n    actions = [\n      "ec2:DescribeInstances",\n      "ec2:DescribeTags",\n    ]\n\n    resources = ["*"]\n  }\n}\n-----------------------------<\/code><\/pre>\n
vi main.tf\n-----------------------------\nresource "aws_instance" "consul_server" {\n  \/\/ ......\n  key_name               = var.key_name\n  vpc_security_group_ids = [aws_security_group.consul_lb.id]\n  iam_instance_profile   = aws_iam_instance_profile.consul_server.name\n  \/\/ ......\n-----------------------------<\/code><\/pre>\n
\ub2e4\uc2dc \uc778\uc2a4\ud134\uc2a4\ub97c \uc0dd\uc131\ud574 \ubd05\ub2c8\ub2e4.
\n\ud558\uc9c0\ub9cc \uc544\uc9c1 Consul \uc11c\ubc84\ub85c\uc11c \uae30\ub2a5\ud558\uc9c0\ub294 \uc54a\uc2b5\ub2c8\ub2e4.<\/p>\n
terraform validate\nterraform plan\n\nterraform apply\nterraform show\nterraform destroy<\/code><\/pre>\n
Consul server \uc124\uc815<\/h2>\n
mkdir files\n\nvi files\/user-data-consul-server.sh\n-----------------------------\n#!\/bin\/bash\n\nset -e\n\nsudo mkdir -p \/ops\ncd \/ops\/\n\nsudo wget https:\/\/github.com\/skyer9\/TerraformOnAws\/raw\/main\/files\/setup.sh\nsudo wget https:\/\/github.com\/skyer9\/TerraformOnAws\/raw\/main\/files\/net.sh\nsudo wget https:\/\/github.com\/skyer9\/TerraformOnAws\/raw\/main\/files\/consul-server.sh\nsudo wget https:\/\/github.com\/skyer9\/TerraformOnAws\/raw\/main\/files\/consul-server.hcl\nsudo wget https:\/\/github.com\/skyer9\/TerraformOnAws\/raw\/main\/files\/consul.service\n\nsudo chmod +x \/ops\/setup.sh\nsudo chmod +x \/ops\/net.sh\nsudo chmod +x \/ops\/consul-server.sh\n\nsudo bash -c "\/ops\/consul-server.sh \\"${server_count}\\" \\"${retry_join}\\""\n# rm -rf \/ops\/\n-----------------------------<\/code><\/pre>\n
vi templates.tf\n-----------------------------\ndata "template_file" "user_data_consul_server" {\n  template = file("${path.module}\/files\/user-data-consul-server.sh")\n\n  vars = {\n    server_count  = var.consul_server_count\n    region        = var.region\n    retry_join    = var.retry_join\n  }\n}\n-----------------------------<\/code><\/pre>\n
vi main.tf\n-----------------------------\nresource "aws_instance" "consul_server" {\n  \/\/ ......\n  user_data            = data.template_file.user_data_consul_server.rendered\n}\n-----------------------------<\/code><\/pre>\n
terraform init -upgrade\n\nterraform apply\nterraform show\nterraform destroy<\/code><\/pre>\n
http:\/\/<\uc11c\ubc84 \uc544\uc774\ud53c>:8500\/ \uc5d0 \uc811\uc18d\ud558\uc5ec \ud655\uc778\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n","protected":false},"excerpt":{"rendered":"
Consul cluster \uad6c\uc131\ud558\uae30 \ud3f4\ub354 \uc0dd\uc131 mkdir consul_server_cluster cd consul_server_cluster AMI \uc544\uc774\ub514 \ucc3e\uae30 AMI \uc544\uc774\ub514\ub294 \uc544\ub798\ucc98\ub7fc \ucc3e\uc744 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \ubcc0\uc218\uc124\uc815 \ubc0f \uc11c\ubc84 \uc2e4\ud589 vi variables.tf —————————– variable "stack_name" { description = "The name to prefix onto resources." type = string default = "my" } variable "owner_name" { description = "Your name so resources can be easily\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-6153","post","type-post","status-publish","format-standard","hentry","category-devops"],"_links":{"self":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6153","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6153"}],"version-history":[{"count":3,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6153\/revisions"}],"predecessor-version":[{"id":6166,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6153\/revisions\/6166"}],"wp:attachment":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6153"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6153"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6153"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}