{"id":6162,"date":"2022-08-22T15:03:47","date_gmt":"2022-08-22T06:03:47","guid":{"rendered":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=6162"},"modified":"2022-08-22T15:15:10","modified_gmt":"2022-08-22T06:15:10","slug":"nomad-client-%ea%b5%ac%ec%84%b1","status":"publish","type":"post","link":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=6162","title":{"rendered":"Nomad client \uad6c\uc131"},"content":{"rendered":"

Nomad client \uad6c\uc131<\/h1>\n

\ud30c\uc77c\ubcf5\uc0ac<\/h2>\n
mkdir ..\/nomad_client_cluster\ncd ..\/nomad_client_cluster\/\n\ncp ..\/consul_server_cluster\/variables.tf .\/\ncp ..\/consul_server_cluster\/private.tf .\/<\/code><\/pre>\n
\ud30c\uc77c\uc0dd\uc131<\/h2>\n
vi templates.tf\n-----------------------------\ndata "template_file" "user_data_nomad_client" {\n  \/\/ template = file("${path.module}\/files\/user-data-nomad-client.sh")\n\n  vars = {\n    server_count      = var.client_count\n    retry_join        = var.retry_join\n    access_key        = var.access_key\n    secret_access_key = var.secret_access_key\n    region            = var.region\n  }\n}\n\ndata "aws_security_group" "consul_lb" {\n  name = "${var.stack_name}-consul-lb"\n}\n\ndata "aws_security_group" "server_lb" {\n  name = "${var.stack_name}-server-lb"\n}\n-----------------------------<\/code><\/pre>\n
vi sg.tf\n-----------------------------\ndata "aws_vpc" "default" {\n  default = true\n}\n\nresource "aws_security_group_rule" "client_to_consul_ingress" {\n  type        = "ingress"\n  from_port   = 1\n  to_port     = 65535\n  protocol    = "tcp"\n  security_group_id = data.aws_security_group.consul_lb.id\n  source_security_group_id = aws_security_group.client_lb.id\n}\n\nresource "aws_security_group_rule" "client_to_server_ingress" {\n  type        = "ingress"\n  from_port   = 1\n  to_port     = 65535\n  protocol    = "tcp"\n  security_group_id = data.aws_security_group.server_lb.id\n  source_security_group_id = aws_security_group.client_lb.id\n}\n\nresource "aws_security_group" "client_lb" {\n  name   = "${var.stack_name}-client-lb"\n  vpc_id = data.aws_vpc.default.id\n\n  ingress {\n    from_port   = 1\n    to_port     = 65535\n    protocol    = "tcp"\n    cidr_blocks = var.my_ip\n  }\n\n  # Webapp HTTP.\n  ingress {\n    from_port   = 80\n    to_port     = 80\n    protocol    = "tcp"\n    cidr_blocks = var.allowlist_ip\n  }\n\n  # github webhook\n  ingress {\n    from_port   = 8000\n    to_port     = 8000\n    protocol    = "tcp"\n    cidr_blocks = ["192.30.252.0\/22"]\n  }\n\n  # github webhook\n  ingress {\n    from_port   = 8000\n    to_port     = 8000\n    protocol    = "tcp"\n    cidr_blocks = ["185.199.108.0\/22"]\n  }\n\n  # github webhook\n  ingress {\n    from_port   = 8000\n    to_port     = 8000\n    protocol    = "tcp"\n    cidr_blocks = ["140.82.112.0\/20"]\n  }\n\n  egress {\n    from_port   = 0\n    to_port     = 0\n    protocol    = "-1"\n    cidr_blocks = ["0.0.0.0\/0"]\n  }\n}\n\nresource "aws_security_group_rule" "consul_to_client_ingress" {\n  type        = "ingress"\n  from_port   = 1\n  to_port     = 65535\n  protocol    = "tcp"\n  security_group_id = aws_security_group.client_lb.id\n  source_security_group_id = data.aws_security_group.consul_lb.id\n}\n\nresource "aws_security_group_rule" "server_to_client_ingress" {\n  type        = "ingress"\n  from_port   = 1\n  to_port     = 65535\n  protocol    = "tcp"\n  security_group_id = aws_security_group.client_lb.id\n  source_security_group_id = data.aws_security_group.server_lb.id\n}\n\nresource "aws_security_group_rule" "client_to_client_ingress" {\n  type        = "ingress"\n  from_port   = 1\n  to_port     = 65535\n  protocol    = "tcp"\n  security_group_id = aws_security_group.client_lb.id\n  source_security_group_id = aws_security_group.client_lb.id\n}\n-----------------------------<\/code><\/pre>\n
vi main.tf\n-----------------------------\nprovider "aws" {\n  region  = var.region\n}\n\nresource "aws_instance" "nomad_client" {\n  ami                    = var.ami\n  instance_type          = var.client_instance_type\n  key_name               = var.key_name\n  vpc_security_group_ids = [aws_security_group.client_lb.id]\n  count                  = var.client_count\n  \/\/ iam_instance_profile   = aws_iam_instance_profile.nomad_client.name\n\n  tags = {\n    Name           = "${var.stack_name}-nomad_client-${count.index + 1}"\n    ConsulAutoJoin = "auto-join"\n    OwnerName      = var.owner_name\n    OwnerEmail     = var.owner_email\n  }\n\n  root_block_device {\n    volume_type           = "gp2"\n    volume_size           = var.root_block_device_size\n    delete_on_termination = "true"\n  }\n\n  \/\/ user_data            = data.template_file.user_data_nomad_client.rendered\n}\n-----------------------------<\/code><\/pre>\n
\uc911\uac04 \ud14c\uc2a4\ud2b8<\/h2>\n
\ud074\ub77c\uc774\uc5b8\ud2b8 \uc778\uc2a4\ud134\uc2a4\uac00 \uc0dd\uc131\ub429\ub2c8\ub2e4.
\n\uc544\uc9c1\uc740 Nomad client \ub294 \uc791\ub3d9\ud558\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4.<\/p>\n
terraform init\nterraform validate\nterraform plan\n\nterraform apply\nterraform show\nterraform destroy<\/code><\/pre>\n
\ud30c\uc77c \ucd94\uac00 \uc0dd\uc131<\/h2>\n
mkdir files\nvi files\/user-data-nomad-client.sh\n-----------------------------\n#!\/bin\/bash\n\nset -e\n\nsudo mkdir -p \/ops\ncd \/ops\/\n\nsudo wget https:\/\/github.com\/skyer9\/TerraformOnAws\/raw\/main\/files\/setup.sh\nsudo wget https:\/\/github.com\/skyer9\/TerraformOnAws\/raw\/main\/files\/net.sh\nsudo wget https:\/\/github.com\/skyer9\/TerraformOnAws\/raw\/main\/files\/consul-client.hcl\nsudo wget https:\/\/github.com\/skyer9\/TerraformOnAws\/raw\/main\/files\/consul.service\nsudo wget https:\/\/github.com\/skyer9\/TerraformOnAws\/raw\/main\/files\/nomad-client.sh\nsudo wget https:\/\/github.com\/skyer9\/TerraformOnAws\/raw\/main\/files\/nomad-client.hcl\nsudo wget https:\/\/github.com\/skyer9\/TerraformOnAws\/raw\/main\/files\/nomad-client.service\n\nsudo chmod +x \/ops\/setup.sh\nsudo chmod +x \/ops\/net.sh\nsudo chmod +x \/ops\/nomad-client.sh\n\nsudo bash -c "\/ops\/nomad-client.sh \\"${server_count}\\" \\"${retry_join}\\" \\"${access_key}\\" \\"${secret_access_key}\\""\n# rm -rf \/ops\/\n-----------------------------<\/code><\/pre>\n
vi iam.tf\n-----------------------------\nresource "aws_iam_instance_profile" "nomad_client" {\n  name_prefix = var.stack_name\n  role        = aws_iam_role.nomad_client.name\n}\n\nresource "aws_iam_role" "nomad_client" {\n  name_prefix        = var.stack_name\n  assume_role_policy = data.aws_iam_policy_document.nomad_client_assume.json\n}\n\nresource "aws_iam_role_policy" "nomad_client" {\n  name   = "noamd-client"\n  role   = aws_iam_role.nomad_client.id\n  policy = data.aws_iam_policy_document.nomad_client.json\n}\n\ndata "aws_iam_policy_document" "nomad_client_assume" {\n  statement {\n    effect  = "Allow"\n    actions = ["sts:AssumeRole"]\n\n    principals {\n      type        = "Service"\n      identifiers = ["ec2.amazonaws.com"]\n    }\n  }\n}\n\ndata "aws_iam_policy_document" "nomad_client" {\n  statement {\n    effect = "Allow"\n\n    actions = [\n      "autoscaling:CreateOrUpdateTags",\n      "autoscaling:DescribeScalingActivities",\n      "autoscaling:DescribeAutoScalingGroups",\n      "autoscaling:UpdateAutoScalingGroup",\n      "autoscaling:TerminateInstanceInAutoScalingGroup",\n      "ec2:DescribeInstances",\n    ]\n\n    resources = ["*"]\n  }\n}\n-----------------------------<\/code><\/pre>\n
vi templates.tf\n-----------------------------\ndata "template_file" "user_data_nomad_client" {\n  template = file("${path.module}\/files\/user-data-nomad-client.sh")\n\n  vars = {\n    access_key        = var.access_key\n    secret_access_key = var.secret_access_key\n    \/\/ ......\n  }\n}\n-----------------------------<\/code><\/pre>\n
vi main.tf\n-----------------------------\nresource "aws_instance" "nomad_client" {\n  iam_instance_profile   = aws_iam_instance_profile.nomad_client.name\n  user_data            = data.template_file.user_data_nomad_client.rendered\n  \/\/ ......\n}\n-----------------------------<\/code><\/pre>\n
terraform init\nterraform validate\nterraform plan\n\nterraform apply\nterraform show\nterraform destroy<\/code><\/pre>\n
http:\/\/<\uc11c\ubc84 \uc544\uc774\ud53c>:4646\/ \uc5d0 \uc811\uc18d\ud558\uc5ec
\n\ud074\ub77c\uc774\uc5b8\ud2b8\uac00 \uc811\uc18d\ub41c \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n","protected":false},"excerpt":{"rendered":"
Nomad client \uad6c\uc131 \ud30c\uc77c\ubcf5\uc0ac mkdir ..\/nomad_client_cluster cd ..\/nomad_client_cluster\/ cp ..\/consul_server_cluster\/variables.tf .\/ cp ..\/consul_server_cluster\/private.tf .\/ \ud30c\uc77c\uc0dd\uc131 vi templates.tf —————————– data "template_file" "user_data_nomad_client" { \/\/ template = file("${path.module}\/files\/user-data-nomad-client.sh") vars = { server_count = var.client_count retry_join = var.retry_join access_key = var.access_key secret_access_key = var.secret_access_key region = var.region } } data "aws_security_group" "consul_lb" { name = "${var.stack_name}-consul-lb" } data\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[31],"tags":[],"class_list":["post-6162","post","type-post","status-publish","format-standard","hentry","category-nomad"],"_links":{"self":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6162","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6162"}],"version-history":[{"count":2,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6162\/revisions"}],"predecessor-version":[{"id":6165,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6162\/revisions\/6165"}],"wp:attachment":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6162"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6162"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6162"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}