diff --git a/.gitignore b/.gitignore index c336bb3..08fa2c0 100755 --- a/.gitignore +++ b/.gitignore @@ -14,4 +14,6 @@ packer-manifest.json *pkrvars.hcl hosts.ini -all \ No newline at end of file +all + +ignored \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..b1b8de6 --- /dev/null +++ b/LICENSE @@ -0,0 +1,35 @@ +Copyright (c) 2019, 2021 Oracle and/or its affiliates. + +The Universal Permissive License (UPL), Version 1.0 + +Subject to the condition set forth below, permission is hereby granted to any +person obtaining a copy of this software, associated documentation and/or data +(collectively the "Software"), free of charge and under any and all copyright +rights in the Software, and any and all patent rights owned or freely +licensable by each licensor hereunder covering either (i) the unmodified +Software as contributed to or provided by such licensor, or (ii) the Larger +Works (as defined below), to deal in both + +(a) the Software, and +(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if +one is included with the Software (each a "Larger Work" to which the Software +is contributed by such licensors), + +without restriction, including without limitation the rights to copy, create +derivative works of, display, perform, and distribute the Software and make, +use, sell, offer for sale, import, export, have made, and have sold the +Software and the Larger Work(s), and to sublicense the foregoing rights on +either these or other terms. + +This license is subject to the following condition: +The above copyright notice and either this complete permission notice or at +a minimum a reference to the UPL must be included in all copies or +substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/README.md b/README.md index 2aceb4a..5353702 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,12 @@ -# IACBOX +# HashiStack on OCI + +## Build, Provision and Run a 3-nodes Nomad cluster on OCI "Always-Free" Tier + +[![release](https://img.shields.io/github/v/release/kral2/hashistack_on_oci?colorB=2067b8)](https://github.com/kral2/hashistack_on_oci) +[![hcl](https://img.shields.io/badge/language-hcl-89e051.svg?style=flat-square)](https://github.com/kral2/hashistack_on_oci) +[![bash](https://img.shields.io/badge/language-bash-89e051.svg?style=flat-square)](https://github.com/kral2/hashistack_on_oci) +[![bash](https://img.shields.io/badge/language-ansible-89e051.svg?style=flat-square)](https://github.com/kral2/hashistack_on_oci) +[![license](https://img.shields.io/github/license/kral2/hashistack_on_oci?colorB=2067b8)](https://github.com/kral2/hashistack_on_oci) ## Table of Contents @@ -10,7 +18,13 @@ ## About -This module build an HashiStack demo on OCI. +This module build an HashiStack demo on OCI. It is a 3-step workflow: + +1. BUILD, using Packer, Ansible, Bash scripts. The output is a Custom Image ready to deploy Nomad nodes on Linux/aarch +2. PROVISION using Terraform Registry, Terraform Cloud, OCI. The output is an OCI Networking structure and security rules, together with 3 Computes Instances and a bastion host +3. RUN : Nomad on a 3-nodes cluster, with some example jobs to come + +![diagram](https://github.com/kral2/hashistack_on_oci/blob/main/_files/3-Steps_workflow.png?raw=true&sanitize=true) diff --git a/_files/3-Steps_workflow.png b/_files/3-Steps_workflow.png new file mode 100644 index 0000000..3197c4e Binary files /dev/null and b/_files/3-Steps_workflow.png differ diff --git a/_files/download_hashistack.sh b/_files/download_hashistack.sh new file mode 100644 index 0000000..2ea653f --- /dev/null +++ b/_files/download_hashistack.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +# Getting latest HashiStack components + +# This is a small helper script that calls hashistack-installer to Install Nomad, Consul and Vault. +# At the moment, only Nomad is used. But that's so simple and low cost to retrieve the other runtimes, so why not :-) +# If/when https://iac.sh evovles to support the installation of HashiCorp products other than Terraform and Packer, +# we may switch to it instead of my current installer. + +curl -LO https://raw.github.com/kral2/hashistack-installer/main/hashistack-install.sh +chmod +x hashistack-install.sh +./hashistack-install.sh consul vault nomad \ No newline at end of file diff --git a/files/install_docker_ol7.sh b/_files/install_docker_ol7.sh similarity index 83% rename from files/install_docker_ol7.sh rename to _files/install_docker_ol7.sh index 9494d0c..037c1ca 100644 --- a/files/install_docker_ol7.sh +++ b/_files/install_docker_ol7.sh @@ -4,6 +4,10 @@ # Author: cetin.ardal@oracle.com # Description: Install Docker Engine and cli on an Oracle Linux 7 instance running on OCI. +# OL7 repos contains old Docker version (19.xx), so we retrieve the packages from CentOS yum repo. +# OL8 have dropped support for Docker Engine and moved to Podman. +# As Nomad's Podman driver gains maturity, we may consider switching to OL8 with Podman as the container engine. + # Get OS Release number OS_RELEASE=$(rpm -q --qf "%{VERSION}" $(rpm -q --whatprovides redhat-release)) OS_RELEASE_MAJOR=$(echo $OS_RELEASE | cut -d. -f1) diff --git a/files/client.hcl b/_files/nomad_config/client.hcl similarity index 57% rename from files/client.hcl rename to _files/nomad_config/client.hcl index cae8986..1e62f9f 100644 --- a/files/client.hcl +++ b/_files/nomad_config/client.hcl @@ -1,3 +1,5 @@ +# Nomad config file + client { enabled = true } diff --git a/files/nomad.hcl b/_files/nomad_config/nomad.hcl similarity index 66% rename from files/nomad.hcl rename to _files/nomad_config/nomad.hcl index 7b81cf6..3b8c7b0 100644 --- a/files/nomad.hcl +++ b/_files/nomad_config/nomad.hcl @@ -1,2 +1,4 @@ +# Nomad config file + datacenter = "fra" data_dir = "/opt/nomad" \ No newline at end of file diff --git a/files/nomad.service b/_files/nomad_config/nomad.service similarity index 100% rename from files/nomad.service rename to _files/nomad_config/nomad.service diff --git a/files/server.hcl b/_files/nomad_config/server.hcl similarity index 90% rename from files/server.hcl rename to _files/nomad_config/server.hcl index a2279a0..6401411 100644 --- a/files/server.hcl +++ b/_files/nomad_config/server.hcl @@ -1,3 +1,5 @@ +# Nomad config file + server { enabled = true bootstrap_expect = 3 diff --git a/build/ansible/nomad_2_install.yaml b/build/ansible/nomad_2_install.yaml index 9bc4abc..b45b0fb 100755 --- a/build/ansible/nomad_2_install.yaml +++ b/build/ansible/nomad_2_install.yaml @@ -7,35 +7,44 @@ become_user: root tasks: - - name: Create Nomad directories if they do not exist + - name: Ensure Nomad directories are present ansible.builtin.file: path: "{{ item }}" state: directory - mode: '0740' + mode: '0755' with_items: - /opt/nomad - /etc/nomad.d tags: global - - name: Nomad service + - name: Ebsure Nomad service unit file is present ansible.builtin.copy: - src: ../../files/nomad.service + src: ../../_files/nomad_config/nomad.service dest: /etc/systemd/system/nomad.service owner: root group: root - mode: '0660' + mode: '0665' - - name: Configuration files + - name: Ensure Nomad Configuration files are present ansible.builtin.copy: src: "{{ item }}" dest: /etc/nomad.d/ - mode: '700' + mode: '744' with_items: - - ../../files/nomad.hcl - - ../../files/server.hcl - - ../../files/client.hcl + - ../../_files/nomad_config/nomad.hcl + - ../../_files/nomad_config/server.hcl + - ../../_files/nomad_config/client.hcl - - name: Configure firewalld | allow 4647/tcp inbound + - name: Ensure Nomad Demo files are present + ansible.builtin.copy: + src: "{{ item }}" + dest: /home/opc + mode: '744' + with_items: + - ../../run/bff_nomad_consul.sh + - ../../run/nginx-consul.nomad + + - name: Configure firewalld | Nomad RPC (Client) firewalld: port: 4647/tcp permanent: yes @@ -43,7 +52,7 @@ state: enabled become: yes become_user: root - - name: Configure firewalld | allow 4648/tcp inbound + - name: Configure firewalld | Nomad GOSSIP /tcp (Server) firewalld: port: 4648/tcp permanent: yes @@ -51,7 +60,7 @@ state: enabled become: yes become_user: root - - name: Configure firewalld | allow 4648/udp inbound + - name: Configure firewalld | Nomad GOSSIP /udp (Server) firewalld: port: 4648/udp permanent: yes @@ -59,5 +68,12 @@ state: enabled become: yes become_user: root - + - name: Configure firewalld | Consul UI + firewalld: + port: 8500/tcp + permanent: yes + immediate: yes + state: enabled + become: yes + become_user: root ... \ No newline at end of file diff --git a/build/nomad.pkr.hcl b/build/nomad.pkr.hcl index 16d169b..6e206d6 100644 --- a/build/nomad.pkr.hcl +++ b/build/nomad.pkr.hcl @@ -49,7 +49,7 @@ build { sources = ["source.oracle-oci.custom_image"] provisioner "shell" { - scripts = ["../files/download_hashistack.sh"] + scripts = ["../_files/download_hashistack.sh"] } provisioner "ansible" { @@ -58,7 +58,7 @@ build { } provisioner "shell" { - scripts = ["../files/install_docker_ol7.sh"] + scripts = ["../_files/install_docker_ol7.sh"] } post-processor "manifest" { diff --git a/files/download_hashistack.sh b/files/download_hashistack.sh deleted file mode 100644 index 8c3d733..0000000 --- a/files/download_hashistack.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -# getting latest HashiStack components (Consul, Vault, Nomad) -curl -LO https://raw.github.com/kral2/hashistack-installer/main/hashistack-install.sh -chmod +x hashistack-install.sh -./hashistack-install.sh consul vault nomad \ No newline at end of file