diff --git a/.gitignore b/.gitignore
index 46ab8a011f7afe328452bc4f49a077f2cb5a23a5..316a81632967b08383fe27f5bc18ffba117d3add 100644
--- a/.gitignore
+++ b/.gitignore
@@ -139,3 +139,5 @@ common/go/src/asapo_common/version/version_lib.go
!sphinx/*
+.terraform
+terraform.tfstate*
diff --git a/deploy/docker/cluster/Dockerfile b/deploy/docker/cluster/Dockerfile
index 1b8cdcd67100876ad4b81ccb1fca2d0c8987e4f1..94c777c5b3cb777a88d8728793f5dc3dc09f6c1b 100644
--- a/deploy/docker/cluster/Dockerfile
+++ b/deploy/docker/cluster/Dockerfile
@@ -4,6 +4,7 @@ MAINTAINER DESY IT
ENV CONSUL_VERSION=1.6.0
ENV NOMAD_VERSION=0.9.5
+ENV TERRAFORM_VERSION=0.12.7
ENV HASHICORP_RELEASES=https://releases.hashicorp.com
@@ -30,6 +31,8 @@ RUN set -eux && \
unzip -d /bin consul_${CONSUL_VERSION}_linux_amd64.zip && \
wget ${HASHICORP_RELEASES}/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip && \
unzip -d /bin nomad_${NOMAD_VERSION}_linux_amd64.zip && \
+ wget ${HASHICORP_RELEASES}/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \
+ unzip -d /bin terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \
cd /tmp && \
rm -rf /tmp/build && \
# tiny smoke test to ensure the binary we downloaded runs
diff --git a/deploy/docker/cluster/jobs/asapo-nginx.nmd b/deploy/docker/cluster/jobs/asapo-nginx.nmd.tpl
similarity index 96%
rename from deploy/docker/cluster/jobs/asapo-nginx.nmd
rename to deploy/docker/cluster/jobs/asapo-nginx.nmd.tpl
index 3e17c3739b910c1937545c727465e100b2aa4c64..79c972024b87e8750dc3cf9df0cbdff45a575f57 100644
--- a/deploy/docker/cluster/jobs/asapo-nginx.nmd
+++ b/deploy/docker/cluster/jobs/asapo-nginx.nmd.tpl
@@ -25,7 +25,7 @@ job "asapo-nginx" {
config {
network_mode = "host"
- image = "nginx:1.14"
+ image = "nginx:${nginx_version}"
volumes = ["local/nginx.conf:/etc/nginx/nginx.conf"]
}
diff --git a/deploy/docker/cluster/jobs/asapo-services.nmd b/deploy/docker/cluster/jobs/asapo-services.nmd.tpl
similarity index 85%
rename from deploy/docker/cluster/jobs/asapo-services.nmd
rename to deploy/docker/cluster/jobs/asapo-services.nmd.tpl
index 483adb57f025433e7afe63a8706dfd4a8e86ada9..38056a13e1eccffd63b1bcf5c5039de2bfc7d9ca 100644
--- a/deploy/docker/cluster/jobs/asapo-services.nmd
+++ b/deploy/docker/cluster/jobs/asapo-services.nmd.tpl
@@ -12,11 +12,10 @@ job "asapo-services" {
config {
network_mode = "host"
dns_servers = ["127.0.0.1"]
- image = "yakser/asapo-authorizer-dev:feature_virtualized-deployment.latest"
- force_pull = true
- volumes = ["local/config.json:/var/lib/authorizer/config.json",
- "/bldocuments/support/asapo/beamtime_beamline_mapping.txt:/var/lib/authorizer/beamtime_beamline_mapping.txt",
- "/bldocuments/support/asapo/ip_beamtime_mapping:/var/lib/authorizer/ip_beamtime_mapping"]
+ image = "yakser/asapo-authorizer${image_suffix}"
+ force_pull = true
+ volumes = ["local/config.json:/var/lib/authorizer/config.json"]
+ %{ if fluentd_logs }
logging {
type = "fluentd"
config {
@@ -25,6 +24,7 @@ job "asapo-services" {
tag = "asapo.docker"
}
}
+ %{endif}
}
resources {
@@ -62,7 +62,7 @@ job "asapo-services" {
}
template {
source = "/usr/local/nomad_jobs/auth_secret.key"
- destination = "secrets/secret.key"
+ destination = "local/secret.key"
change_mode = "restart"
}
}
@@ -76,7 +76,7 @@ job "asapo-services" {
config {
network_mode = "host"
dns_servers = ["127.0.0.1"]
- image = "yakser/asapo-discovery-dev:feature_virtualized-deployment.latest"
+ image = "yakser/asapo-discovery${image_suffix}"
force_pull = true
volumes = ["local/config.json:/var/lib/discovery/config.json"]
logging {
diff --git a/deploy/docker/cluster/jobs/asapo.auto.tfvars b/deploy/docker/cluster/jobs/asapo.auto.tfvars
new file mode 100644
index 0000000000000000000000000000000000000000..060182276b0fa01388486482fb1d6cbe50e9bf63
--- /dev/null
+++ b/deploy/docker/cluster/jobs/asapo.auto.tfvars
@@ -0,0 +1,6 @@
+nginx_version = "1.14"
+asapo_imagename_suffix="-dev"
+asapo_image_tag = "feature_virtualized-deployment.latest"
+
+
+
diff --git a/deploy/docker/cluster/jobs/asapo.tf b/deploy/docker/cluster/jobs/asapo.tf
new file mode 100644
index 0000000000000000000000000000000000000000..8e0496b35fafc85ba6a2ef6f53d8e1ca01bc632a
--- /dev/null
+++ b/deploy/docker/cluster/jobs/asapo.tf
@@ -0,0 +1,50 @@
+provider "nomad" {
+ address = "http://localhost:4646"
+}
+
+variable "fluentd_logs" {
+ default = true
+}
+
+variable "nginx_version" {
+ default = "latest"
+}
+
+variable "asapo_imagename_suffix" {
+ default = ""
+}
+
+variable "asapo_image_tag" {
+ default = "latest"
+}
+
+variable "shared_dir" {
+ default = "/tmp"
+}
+
+data "template_file" "nginx" {
+ template = "${file("./asapo-nginx.nmd.tpl")}"
+ vars = {
+ nginx_version = "${var.nginx_version}"
+ }
+}
+
+data "template_file" "asapo_services" {
+ template = "${file("./asapo-services.nmd.tpl")}"
+ vars = {
+ image_suffix = "${var.asapo_imagename_suffix}:${var.asapo_image_tag}"
+ shared_dir = "${var.shared_dir}"
+ fluentd_logs = "${var.fluentd_logs}"
+ }
+}
+
+resource "nomad_job" "asapo-nginx" {
+ jobspec = "${data.template_file.nginx.rendered}"
+}
+
+resource "nomad_job" "asapo-services" {
+ jobspec = "${data.template_file.asapo_services.rendered}"
+}
+
+
+
diff --git a/deploy/docker/cluster/jobs/auth_secret.key b/deploy/docker/cluster/jobs/auth_secret.key
new file mode 100644
index 0000000000000000000000000000000000000000..a953ac63b05cfa6a16e0fadda59d6622fc3b4920
--- /dev/null
+++ b/deploy/docker/cluster/jobs/auth_secret.key
@@ -0,0 +1 @@
+sadhfi334yxan
\ No newline at end of file
diff --git a/deploy/docker/cluster/jobs/authorizer.json.tpl b/deploy/docker/cluster/jobs/authorizer.json.tpl
index 8386279631d044daf468d5cac95d449bc2010730..69628bf8155a037023d775784e5d2cb10995bc46 100644
--- a/deploy/docker/cluster/jobs/authorizer.json.tpl
+++ b/deploy/docker/cluster/jobs/authorizer.json.tpl
@@ -4,9 +4,7 @@
"AlwaysAllowedBeamtimes":[{"BeamtimeId":"asapo_test","Beamline":"test"},
{"BeamtimeId":"asapo_test1","Beamline":"test1"},
{"BeamtimeId":"asapo_test2","Beamline":"test2"}],
- "BeamtimeBeamlineMappingFile":"//var//lib//authorizer//beamtime_beamline_mapping.txt",
- "IpBeamlineMappingFolder":"//var//lib//authorizer//ip_beamtime_mapping",
- "SecretFile":"/secrets/secret.key"
+ "SecretFile":"/local/secret.key"
}
diff --git a/deploy/docker/cluster/run.sh b/deploy/docker/cluster/run.sh
index a704681f70035a58b6bb9f41cff028e1d355d6b2..64d07fb89e7e246442247da03f347f689d780d1b 100755
--- a/deploy/docker/cluster/run.sh
+++ b/deploy/docker/cluster/run.sh
@@ -1 +1,2 @@
docker run --privileged --rm -v /var/run/docker.sock:/var/run/docker.sock -v `pwd`/jobs:/usr/local/nomad_jobs --name asapo --net=host -v /tmp/nomad:/tmp/nomad -v /var/lib/docker:/var/lib/docker -d yakser/asapo-cluster
+
diff --git a/deploy/docker/cluster/supervisord.conf b/deploy/docker/cluster/supervisord.conf
index cabe55263167ab9600b5cb6dcd642a41e790fd65..0c5c6c7ba41a58b7ca3d4629f64d3f17490904e6 100644
--- a/deploy/docker/cluster/supervisord.conf
+++ b/deploy/docker/cluster/supervisord.conf
@@ -8,7 +8,7 @@ childlogdir=/var/log/supervisord/ ; where child log files will liv
use=root
[program:consul]
-command=/bin/consul agent -dev -client 0.0.0.0
+command=/bin/consul agent -dev -client 0.0.0.0 -domain asapo -recursor=8.8.8.8
#-config-dir=/etc/consul.d
[program:nomad]