Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
小 白蛋
Nomad
Commits
30cccbfb
Unverified
Commit
30cccbfb
authored
5 years ago
by
Danielle Lancashire
Browse files
Options
Download
Email Patches
Plain Diff
wip
parent
242dda11
Branches unavailable
No related merge requests found
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
e2e/terraform/compute.tf
+82
-11
e2e/terraform/compute.tf
e2e/terraform/main.tf
+13
-8
e2e/terraform/main.tf
e2e/terraform/packer-windows.json
+7
-0
e2e/terraform/packer-windows.json
e2e/terraform/windows/bootstrap/fix-tls.ps1
+1
-1
e2e/terraform/windows/bootstrap/fix-tls.ps1
with
103 additions
and
20 deletions
+103
-20
e2e/terraform/compute.tf
+
82
-
11
View file @
30cccbfb
...
...
@@ -8,7 +8,7 @@ data "template_file" "user_data_server" {
}
}
data
"template_file"
"user_data_client"
{
data
"template_file"
"user_data_client
_linux
"
{
template
=
"
${
file
(
"
${
path
.
root
}
/user-data-client.sh"
)
}
"
count
=
"
${
var
.
client_count
}
"
...
...
@@ -61,7 +61,7 @@ resource "aws_instance" "server" {
"sudo chmod 0755 /usr/local/bin/nomad"
,
"sudo chown root:root /usr/local/bin/nomad"
,
"sudo systemctl enable nomad.service"
,
"sudo systemctl start nomad.service"
"sudo systemctl start nomad.service"
,
]
connection
{
...
...
@@ -71,7 +71,7 @@ resource "aws_instance" "server" {
}
}
resource
"aws_instance"
"client"
{
resource
"aws_instance"
"client
_linux
"
{
ami
=
"
${data
.
aws_ami
.
main
.
image_id
}
"
instance_type
=
"
${
var
.
instance_type
}
"
key_name
=
"
${module
.
keys
.
key_name
}
"
...
...
@@ -85,14 +85,14 @@ resource "aws_instance" "client" {
ConsulAutoJoin
=
"auto-join"
}
ebs_block_device
=
{
device_name
=
"/dev/xvdd"
volume_type
=
"gp2"
volume_size
=
"50"
delete_on_termination
=
"true"
ebs_block_device
=
{
device_name
=
"/dev/xvdd"
volume_type
=
"gp2"
volume_size
=
"50"
delete_on_termination
=
"true"
}
user_data
=
"
${
element
(
data
.
template_file
.
user_data_client
.
*
.
rendered
,
count
.
index
)
}
"
user_data
=
"
${
element
(
data
.
template_file
.
user_data_client
_linux
.
*
.
rendered
,
count
.
index
)
}
"
iam_instance_profile
=
"
${
aws_iam_instance_profile
.
instance_profile
.
name
}
"
provisioner
"file"
{
...
...
@@ -113,8 +113,8 @@ resource "aws_instance" "client" {
"sudo cp /tmp/client.hcl /etc/nomad.d/nomad.hcl"
,
"sudo chmod 0755 /usr/local/bin/nomad"
,
"sudo chown root:root /usr/local/bin/nomad"
,
"sudo systemctl enable nomad.service"
,
"sudo systemctl start nomad.service"
"sudo systemctl enable nomad.service"
,
"sudo systemctl start nomad.service"
,
]
connection
{
...
...
@@ -124,3 +124,74 @@ resource "aws_instance" "client" {
}
}
resource
"random_string"
"windows_admin_password"
{
length
=
16
special
=
true
}
resource
"aws_instance"
"client_windows"
{
ami
=
"
${data
.
aws_ami
.
windows
.
image_id
}
"
instance_type
=
"
${
var
.
instance_type
}
"
key_name
=
"
${module
.
keys
.
key_name
}
"
vpc_security_group_ids
=
[
"
${
aws_security_group
.
primary
.
id
}
"
]
count
=
"
${
var
.
windows_client_count
}
"
depends_on
=
[
"aws_instance.server"
]
# Instance tags
tags
{
Name
=
"
${
local
.
random_name
}
-client-windows-
${
count
.
index
}
"
ConsulAutoJoin
=
"auto-join"
}
ebs_block_device
=
{
device_name
=
"xvdd"
volume_type
=
"gp2"
volume_size
=
"50"
delete_on_termination
=
"true"
}
user_data
=
<<
EOF
<powershell>
# Bring ebs volume online with read-write access
Get-Disk | Where-Object IsOffline -Eq $True | Set-Disk -IsOffline $False
Get-Disk | Where-Object isReadOnly -Eq $True | Set-Disk -IsReadOnly $False
# Set Administrator password
$admin = [adsi]("WinNT://./administrator, user")
$admin.psbase.invoke("SetPassword", "${random_string.windows_admin_password}")
# Run Consul
$ipaddr = Test-Connection $env:COMPUTERNAME -Count 1 | Select IPV4Address
cat C:\ops\shared\consul\consul.json | \
%{$_ -replace "IP_ADDRESS","$ipaddr"} | \
%{$_ -replace "RETRY_JOIN","${var.retry_join} > C:\ops\consul.d\config.json
sc.exe create "Consul" binPath= "C:\ops\bin\consul.exe" agent -config-dir C:\ops\consul.d" start= auto
sc.exe start "Consul"
</powershell>
EOF
iam_instance_profile
=
"
${
aws_iam_instance_profile
.
instance_profile
.
name
}
"
provisioner
"file"
{
content
=
"
${
file
(
"
${
path
.
root
}
/configs/
${
var
.
indexed
==
false
?
"client.hcl"
:
"indexed/client-
${
count
.
index
}
.hcl"
}
"
)
}
"
destination
=
"C:
\\
ops
\\
nomad.d
\\
client.hcl"
connection
{
user
=
"Administrator"
private_key
=
"
${module
.
keys
.
private_key_pem
}
"
}
}
provisioner
"remote-exec"
{
inline
=
[
"aws s3 cp s3://nomad-team-test-binary/builds-oss/
${
var
.
nomad_sha
}
.tar.gz nomad.tar.gz"
,
"Expand-7Zip .
\n
omad.tar.gz -C C:
\\
ops
\\
bin"
,
]
connection
{
user
=
"Administrator"
private_key
=
"
${module
.
keys
.
private_key_pem
}
"
}
}
}
This diff is collapsed.
Click to expand it.
e2e/terraform/main.tf
+
13
-
8
View file @
30cccbfb
...
...
@@ -28,6 +28,11 @@ variable "client_count" {
default
=
"4"
}
variable
"windows_client_count"
{
description
=
"The number of windows clients to provision."
default
=
"1"
}
variable
"retry_join"
{
description
=
"Used by Consul to automatically form a cluster."
default
=
"provider=aws tag_key=ConsulAutoJoin tag_value=auto-join"
...
...
@@ -49,9 +54,9 @@ locals {
# Generates keys to use for provisioning and access
module
"keys"
{
name
=
"
${
local
.
random_name
}
"
path
=
"
${
path
.
root
}
/keys"
source
=
"mitchellh/dynamic-keys/aws"
name
=
"
${
local
.
random_name
}
"
path
=
"
${
path
.
root
}
/keys"
source
=
"mitchellh/dynamic-keys/aws"
version
=
"v1.0.0"
}
...
...
@@ -69,8 +74,8 @@ output "servers" {
value
=
"
${
aws_instance
.
server
.
*
.
public_ip
}
"
}
output
"clients"
{
value
=
"
${
aws_instance
.
client
.
*
.
public_ip
}
"
output
"
linux_
clients"
{
value
=
"
${
aws_instance
.
client
_linux
.
*
.
public_ip
}
"
}
output
"message"
{
...
...
@@ -79,8 +84,8 @@ Your cluster has been provisioned! - To prepare your environment, run the
following:
```
export NOMAD_ADDR=http://${aws_instance.client.0.public_ip}:4646
export CONSUL_HTTP_ADDR=http://${aws_instance.client.0.public_ip}:8500
export NOMAD_ADDR=http://${aws_instance.client
_linux
.0.public_ip}:4646
export CONSUL_HTTP_ADDR=http://${aws_instance.client
_linux
.0.public_ip}:8500
export NOMAD_E2E=1
```
...
...
@@ -92,7 +97,7 @@ go test -v ./e2e
ssh into nodes with:
```
ssh -i keys/${local.random_name}.pem ubuntu@${aws_instance.client.0.public_ip}
ssh -i keys/${local.random_name}.pem ubuntu@${aws_instance.client
_linux
.0.public_ip}
```
EOM
}
This diff is collapsed.
Click to expand it.
e2e/terraform/packer-windows.json
+
7
-
0
View file @
30cccbfb
...
...
@@ -34,6 +34,13 @@
"Set-PSRepository -InstallationPolicy Untrusted -Name PSGallery"
]
},
{
"type"
:
"powershell"
,
"inline"
:
[
"Set-PSRepository -InstallationPolicy Trusted -Name PSGallery"
,
"Install-Package -Force 7Zip4PowerShell"
,
"Set-PSRepository -InstallationPolicy Untrusted -Name PSGallery"
}
,
{
"type"
:
"powershell"
,
"scripts"
:
[
...
...
This diff is collapsed.
Click to expand it.
e2e/terraform/windows/bootstrap/fix-tls.ps1
+
1
-
1
View file @
30cccbfb
# This script hardens TLS configuration by disabling weak and broken protocols
# and enabling useful protocols like TLS 1.1 and 1.
1
.
# and enabling useful protocols like TLS 1.1 and 1.
2
.
$RunningAsAdmin
=
([
Security.Principal.WindowsPrincipal
]
[
Security.Principal.WindowsIdentity
]::
GetCurrent
())
.
IsInRole
([
Security.Principal.WindowsBuiltInRole
]
"Administrator"
)
if
(
!
$RunningAsAdmin
)
{
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
Menu
Projects
Groups
Snippets
Help