From fd907cf621162e6dc66ff0b29c60d59f3cbd6451 Mon Sep 17 00:00:00 2001
From: Sergey Yakubov <sergey.yakubov@desy.de>
Date: Wed, 4 Sep 2019 14:12:25 +0200
Subject: [PATCH] add terraform scripts
---
.gitignore | 2 +
deploy/docker/cluster/Dockerfile | 3 ++
.../{asapo-nginx.nmd => asapo-nginx.nmd.tpl} | 2 +-
...po-services.nmd => asapo-services.nmd.tpl} | 14 +++---
deploy/docker/cluster/jobs/asapo.auto.tfvars | 6 +++
deploy/docker/cluster/jobs/asapo.tf | 50 +++++++++++++++++++
deploy/docker/cluster/jobs/auth_secret.key | 1 +
.../docker/cluster/jobs/authorizer.json.tpl | 4 +-
deploy/docker/cluster/run.sh | 1 +
deploy/docker/cluster/supervisord.conf | 2 +-
10 files changed, 73 insertions(+), 12 deletions(-)
rename deploy/docker/cluster/jobs/{asapo-nginx.nmd => asapo-nginx.nmd.tpl} (96%)
rename deploy/docker/cluster/jobs/{asapo-services.nmd => asapo-services.nmd.tpl} (85%)
create mode 100644 deploy/docker/cluster/jobs/asapo.auto.tfvars
create mode 100644 deploy/docker/cluster/jobs/asapo.tf
create mode 100644 deploy/docker/cluster/jobs/auth_secret.key
diff --git a/.gitignore b/.gitignore
index 46ab8a011..316a81632 100644
--- a/.gitignore
+++ b/.gitignore
@@ -139,3 +139,5 @@ common/go/src/asapo_common/version/version_lib.go
!sphinx/*
+.terraform
+terraform.tfstate*
diff --git a/deploy/docker/cluster/Dockerfile b/deploy/docker/cluster/Dockerfile
index 1b8cdcd67..94c777c5b 100644
--- a/deploy/docker/cluster/Dockerfile
+++ b/deploy/docker/cluster/Dockerfile
@@ -4,6 +4,7 @@ MAINTAINER DESY IT
ENV CONSUL_VERSION=1.6.0
ENV NOMAD_VERSION=0.9.5
+ENV TERRAFORM_VERSION=0.12.7
ENV HASHICORP_RELEASES=https://releases.hashicorp.com
@@ -30,6 +31,8 @@ RUN set -eux && \
unzip -d /bin consul_${CONSUL_VERSION}_linux_amd64.zip && \
wget ${HASHICORP_RELEASES}/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip && \
unzip -d /bin nomad_${NOMAD_VERSION}_linux_amd64.zip && \
+ wget ${HASHICORP_RELEASES}/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \
+ unzip -d /bin terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \
cd /tmp && \
rm -rf /tmp/build && \
# tiny smoke test to ensure the binary we downloaded runs
diff --git a/deploy/docker/cluster/jobs/asapo-nginx.nmd b/deploy/docker/cluster/jobs/asapo-nginx.nmd.tpl
similarity index 96%
rename from deploy/docker/cluster/jobs/asapo-nginx.nmd
rename to deploy/docker/cluster/jobs/asapo-nginx.nmd.tpl
index 3e17c3739..79c972024 100644
--- a/deploy/docker/cluster/jobs/asapo-nginx.nmd
+++ b/deploy/docker/cluster/jobs/asapo-nginx.nmd.tpl
@@ -25,7 +25,7 @@ job "asapo-nginx" {
config {
network_mode = "host"
- image = "nginx:1.14"
+ image = "nginx:${nginx_version}"
volumes = ["local/nginx.conf:/etc/nginx/nginx.conf"]
}
diff --git a/deploy/docker/cluster/jobs/asapo-services.nmd b/deploy/docker/cluster/jobs/asapo-services.nmd.tpl
similarity index 85%
rename from deploy/docker/cluster/jobs/asapo-services.nmd
rename to deploy/docker/cluster/jobs/asapo-services.nmd.tpl
index 483adb57f..38056a13e 100644
--- a/deploy/docker/cluster/jobs/asapo-services.nmd
+++ b/deploy/docker/cluster/jobs/asapo-services.nmd.tpl
@@ -12,11 +12,10 @@ job "asapo-services" {
config {
network_mode = "host"
dns_servers = ["127.0.0.1"]
- image = "yakser/asapo-authorizer-dev:feature_virtualized-deployment.latest"
- force_pull = true
- volumes = ["local/config.json:/var/lib/authorizer/config.json",
- "/bldocuments/support/asapo/beamtime_beamline_mapping.txt:/var/lib/authorizer/beamtime_beamline_mapping.txt",
- "/bldocuments/support/asapo/ip_beamtime_mapping:/var/lib/authorizer/ip_beamtime_mapping"]
+ image = "yakser/asapo-authorizer${image_suffix}"
+ force_pull = true
+ volumes = ["local/config.json:/var/lib/authorizer/config.json"]
+ %{ if fluentd_logs }
logging {
type = "fluentd"
config {
@@ -25,6 +24,7 @@ job "asapo-services" {
tag = "asapo.docker"
}
}
+ %{endif}
}
resources {
@@ -62,7 +62,7 @@ job "asapo-services" {
}
template {
source = "/usr/local/nomad_jobs/auth_secret.key"
- destination = "secrets/secret.key"
+ destination = "local/secret.key"
change_mode = "restart"
}
}
@@ -76,7 +76,7 @@ job "asapo-services" {
config {
network_mode = "host"
dns_servers = ["127.0.0.1"]
- image = "yakser/asapo-discovery-dev:feature_virtualized-deployment.latest"
+ image = "yakser/asapo-discovery${image_suffix}"
force_pull = true
volumes = ["local/config.json:/var/lib/discovery/config.json"]
logging {
diff --git a/deploy/docker/cluster/jobs/asapo.auto.tfvars b/deploy/docker/cluster/jobs/asapo.auto.tfvars
new file mode 100644
index 000000000..060182276
--- /dev/null
+++ b/deploy/docker/cluster/jobs/asapo.auto.tfvars
@@ -0,0 +1,6 @@
+nginx_version = "1.14"
+asapo_imagename_suffix="-dev"
+asapo_image_tag = "feature_virtualized-deployment.latest"
+
+
+
diff --git a/deploy/docker/cluster/jobs/asapo.tf b/deploy/docker/cluster/jobs/asapo.tf
new file mode 100644
index 000000000..8e0496b35
--- /dev/null
+++ b/deploy/docker/cluster/jobs/asapo.tf
@@ -0,0 +1,50 @@
+provider "nomad" {
+ address = "http://localhost:4646"
+}
+
+variable "fluentd_logs" {
+ default = true
+}
+
+variable "nginx_version" {
+ default = "latest"
+}
+
+variable "asapo_imagename_suffix" {
+ default = ""
+}
+
+variable "asapo_image_tag" {
+ default = "latest"
+}
+
+variable "shared_dir" {
+ default = "/tmp"
+}
+
+data "template_file" "nginx" {
+ template = "${file("./asapo-nginx.nmd.tpl")}"
+ vars = {
+ nginx_version = "${var.nginx_version}"
+ }
+}
+
+data "template_file" "asapo_services" {
+ template = "${file("./asapo-services.nmd.tpl")}"
+ vars = {
+ image_suffix = "${var.asapo_imagename_suffix}:${var.asapo_image_tag}"
+ shared_dir = "${var.shared_dir}"
+ fluentd_logs = "${var.fluentd_logs}"
+ }
+}
+
+resource "nomad_job" "asapo-nginx" {
+ jobspec = "${data.template_file.nginx.rendered}"
+}
+
+resource "nomad_job" "asapo-services" {
+ jobspec = "${data.template_file.asapo_services.rendered}"
+}
+
+
+
diff --git a/deploy/docker/cluster/jobs/auth_secret.key b/deploy/docker/cluster/jobs/auth_secret.key
new file mode 100644
index 000000000..a953ac63b
--- /dev/null
+++ b/deploy/docker/cluster/jobs/auth_secret.key
@@ -0,0 +1 @@
+sadhfi334yxan
\ No newline at end of file
diff --git a/deploy/docker/cluster/jobs/authorizer.json.tpl b/deploy/docker/cluster/jobs/authorizer.json.tpl
index 838627963..69628bf81 100644
--- a/deploy/docker/cluster/jobs/authorizer.json.tpl
+++ b/deploy/docker/cluster/jobs/authorizer.json.tpl
@@ -4,9 +4,7 @@
"AlwaysAllowedBeamtimes":[{"BeamtimeId":"asapo_test","Beamline":"test"},
{"BeamtimeId":"asapo_test1","Beamline":"test1"},
{"BeamtimeId":"asapo_test2","Beamline":"test2"}],
- "BeamtimeBeamlineMappingFile":"//var//lib//authorizer//beamtime_beamline_mapping.txt",
- "IpBeamlineMappingFolder":"//var//lib//authorizer//ip_beamtime_mapping",
- "SecretFile":"/secrets/secret.key"
+ "SecretFile":"/local/secret.key"
}
diff --git a/deploy/docker/cluster/run.sh b/deploy/docker/cluster/run.sh
index a704681f7..64d07fb89 100755
--- a/deploy/docker/cluster/run.sh
+++ b/deploy/docker/cluster/run.sh
@@ -1 +1,2 @@
docker run --privileged --rm -v /var/run/docker.sock:/var/run/docker.sock -v `pwd`/jobs:/usr/local/nomad_jobs --name asapo --net=host -v /tmp/nomad:/tmp/nomad -v /var/lib/docker:/var/lib/docker -d yakser/asapo-cluster
+
diff --git a/deploy/docker/cluster/supervisord.conf b/deploy/docker/cluster/supervisord.conf
index cabe55263..0c5c6c7ba 100644
--- a/deploy/docker/cluster/supervisord.conf
+++ b/deploy/docker/cluster/supervisord.conf
@@ -8,7 +8,7 @@ childlogdir=/var/log/supervisord/ ; where child log files will liv
use=root
[program:consul]
-command=/bin/consul agent -dev -client 0.0.0.0
+command=/bin/consul agent -dev -client 0.0.0.0 -domain asapo -recursor=8.8.8.8
#-config-dir=/etc/consul.d
[program:nomad]
--
GitLab