hashicorp / terraform-aws-nomad-starter Goto Github PK

Terraform Module for Provisioning Nomad on AWS

License: Mozilla Public License 2.0

HCL 69.94% Shell 30.06%

terraform-aws-nomad-starter's Introduction

Nomad AWS Module

This is a Terraform module for provisioning a Nomad Cluster on AWS. This cluster utilizes Consul as recommended by the Nomad Reference Architecture. The default is set to 5 servers and 3 clients.

About This Module

This module implements the Nomad Reference Architecture. It is created and maintained by HashiCorp to exist as a canonical implementation of a Nomad cluster in the Amazon Web Services cloud, and enforces this prescriptive methodology through the use of default values corresponding to the recommendations of our Enterprise Architects.

For more advanced practitioners requiring a wider variety of configurable options, please see Terraform AWS Nomad Module.

How to Use This Module

Create a Terraform configuration (main.tf) that pulls in the module and specifies values of the required variables:

provider "aws" {
  region = "<your AWS region>"
}

module "nomad-oss" {
  source                = "hashicorp/nomad-oss/aws"
  version               = "<module version>"
  allowed_inbound_cidrs = ["<list of inbound CIDRs>"]
  vpc_id                = "<your VPC id>"
  consul_version        = "<consul version (ex: 1.8.3)>"
  nomad_version         = "<nomad version (ex: 0.12.3)>"
  owner                 = "<owner name/tag>"
  name_prefix           = "<name prefix you would like attached to your environment>"
  key_name              = "<your SSH key name>"
  nomad_servers         = 5
  nomad_clients         = 3
}

version: The Nomad AWS module version to pull (e.g. 0.2.1) during the initialization
allowed_inbound_cidrs: Allowed CIDR blocks for SSH and API/UI access
vpc_id: ID of the VPC where cloud resources to be provisioned
consul_version: Desired Consul version to install
nomad_version: Desired Nomad version to install
key_name: The name of the SSH key pairs to use. This must exist in the specified AWS region

Run terraform init and terraform apply to provision a Nomad cluster.

License

This code is released under the MPL 2.0 License. Please see LICENSE for more details.

terraform-aws-nomad-starter's People

Contributors

Stargazers

Watchers

Forkers

jeffwecan davemay99 hashicorp-support isabella232 hyposcaler mtharpe bhanu456 shioju jeckep svenlito afourcat asmtal ecogit-stage j-guillot dustin-sheepfarm shyamchaganti techn0mad

terraform-aws-nomad-starter's Issues

Outputs for the starter module.

It would be nice to have the module output information about how to connect to the created cluster. I created my environment and then had to jump back to the AWS console to try and find an IP to connect with. Since the underlying implementation is using ASGs, this might not be possible though.

feature: vault

can we get a template that also includes vault?

Add support for running separate/existing Consul cluster

Feature Request

Allow for referencing an existing Consul cluster instead of creating one on every run of the module.

Use Case

I want to have a config that I can easily pass to my Nomad module that spins up new clients along with the nomad agents, and connects to the existing cluster
Expose federation options

Non-features

I don't want to set up a separate control plane for Consul if I Have one.

Configure the Nomad dynamic ports range in the security group

Since Nomad schedules work in the 20000-32000 port range for dynamic workloads, and in many cases those workloads will need to talk to one another, should we preconfigure the security group to allow that from between the members of the security group for both inbound and outbound traffic?

Having the server be able to access those ports on the clients helps provide access to the running workloads for test purposes. The security group is pretty aggressively locked down for Nomad's dynamic port use.

Release Module with 0.13/>3.2 AWS provider Support

Feature Request/Bug

When I attempt to run the 0.21 version of this module with Terraform 0.13, I get the following outputs:

Initializing provider plugins...
- Finding hashicorp/template versions matching "2.1.2"...
- Finding hashicorp/helm versions matching "~> 1.2"...
- Finding hashicorp/aws versions matching "~> 3.2.0, 2.70.0, >= 2.68.*, < 4.0.*"...
- Finding hashicorp/tls versions matching "~> 2.2"...
- Finding hashicorp/random versions matching "~> 2.2, 2.3.0"...
- Installing hashicorp/template v2.1.2...
- Installed hashicorp/template v2.1.2 (signed by HashiCorp)
- Installing hashicorp/helm v1.3.2...
- Installed hashicorp/helm v1.3.2 (signed by HashiCorp)
- Installing hashicorp/tls v2.2.0...
- Installed hashicorp/tls v2.2.0 (signed by HashiCorp)
- Installing hashicorp/random v2.3.0...
- Installed hashicorp/random v2.3.0 (signed by HashiCorp)

Error: Failed to query available provider packages

Could not retrieve the list of available versions for provider hashicorp/aws:
no available releases match the given constraints ~> 3.2.0, 2.70.0, >= 2.68.*,
< 4.0.*

This is because the particular version I am using, is pinned to very specific versions.

Providers required by configuration:
.
├── provider[registry.terraform.io/hashicorp/random] ~> 2.2
├── provider[registry.terraform.io/hashicorp/helm] ~> 1.2
├── provider[registry.terraform.io/hashicorp/aws] ~> 3.2.0
├── provider[registry.terraform.io/hashicorp/tls] ~> 2.2
├── module.nomad-oss
│   ├── provider[registry.terraform.io/hashicorp/aws] 2.70.0
│   ├── provider[registry.terraform.io/hashicorp/random] 2.3.0
│   ├── provider[registry.terraform.io/hashicorp/template] 2.1.2
│   └── module.nomad_cluster
│       ├── provider[registry.terraform.io/hashicorp/aws]
│       └── provider[registry.terraform.io/hashicorp/random]
└── module.vpc
    └── provider[registry.terraform.io/hashicorp/aws] >= 2.68.*, < 4.0.*

Providers required by state:

    provider[registry.terraform.io/hashicorp/aws]

My providers.tf

➜  team-da-infra git:(main) ✗ cat providers.tf
terraform {
  required_version = "~> 0.13.0"

  backend "remote" {
    hostname     = "app.terraform.io"
    organization = "hashicorp-team-da-beta"

    workspaces {
      name = "team-da-infra"
    }
  }

  required_providers {
    aws = {
      version = "~> 3.2.0"
    }
    tls = {
      version = "~> 2.2"
      source  = "hashicorp/tls"
    }
    random = {
      version = "~> 2.2"
      source  = "hashicorp/random"
    }
    helm = {
      source  = "hashicorp/helm"
      version = "~> 1.2"
    }
  }
}

Expected Change

Can we add the ~> to the version definitions, and update to terraform-aws-provider > 3.0 for the resources used by this module?