Unverified Commit 30cccbfb authored by Danielle Lancashire's avatar Danielle Lancashire
Browse files

wip

parent 242dda11
Branches unavailable
No related merge requests found
Showing with 103 additions and 20 deletions
+103 -20
......@@ -8,7 +8,7 @@ data "template_file" "user_data_server" {
}
}
data "template_file" "user_data_client" {
data "template_file" "user_data_client_linux" {
template = "${file("${path.root}/user-data-client.sh")}"
count = "${var.client_count}"
......@@ -61,7 +61,7 @@ resource "aws_instance" "server" {
"sudo chmod 0755 /usr/local/bin/nomad",
"sudo chown root:root /usr/local/bin/nomad",
"sudo systemctl enable nomad.service",
"sudo systemctl start nomad.service"
"sudo systemctl start nomad.service",
]
connection {
......@@ -71,7 +71,7 @@ resource "aws_instance" "server" {
}
}
resource "aws_instance" "client" {
resource "aws_instance" "client_linux" {
ami = "${data.aws_ami.main.image_id}"
instance_type = "${var.instance_type}"
key_name = "${module.keys.key_name}"
......@@ -85,14 +85,14 @@ resource "aws_instance" "client" {
ConsulAutoJoin = "auto-join"
}
ebs_block_device = {
device_name = "/dev/xvdd"
volume_type = "gp2"
volume_size = "50"
delete_on_termination = "true"
ebs_block_device = {
device_name = "/dev/xvdd"
volume_type = "gp2"
volume_size = "50"
delete_on_termination = "true"
}
user_data = "${element(data.template_file.user_data_client.*.rendered, count.index)}"
user_data = "${element(data.template_file.user_data_client_linux.*.rendered, count.index)}"
iam_instance_profile = "${aws_iam_instance_profile.instance_profile.name}"
provisioner "file" {
......@@ -113,8 +113,8 @@ resource "aws_instance" "client" {
"sudo cp /tmp/client.hcl /etc/nomad.d/nomad.hcl",
"sudo chmod 0755 /usr/local/bin/nomad",
"sudo chown root:root /usr/local/bin/nomad",
"sudo systemctl enable nomad.service",
"sudo systemctl start nomad.service"
"sudo systemctl enable nomad.service",
"sudo systemctl start nomad.service",
]
connection {
......@@ -124,3 +124,74 @@ resource "aws_instance" "client" {
}
}
resource "random_string" "windows_admin_password" {
length = 16
special = true
}
resource "aws_instance" "client_windows" {
ami = "${data.aws_ami.windows.image_id}"
instance_type = "${var.instance_type}"
key_name = "${module.keys.key_name}"
vpc_security_group_ids = ["${aws_security_group.primary.id}"]
count = "${var.windows_client_count}"
depends_on = ["aws_instance.server"]
# Instance tags
tags {
Name = "${local.random_name}-client-windows-${count.index}"
ConsulAutoJoin = "auto-join"
}
ebs_block_device = {
device_name = "xvdd"
volume_type = "gp2"
volume_size = "50"
delete_on_termination = "true"
}
user_data = <<EOF
<powershell>
# Bring ebs volume online with read-write access
Get-Disk | Where-Object IsOffline -Eq $True | Set-Disk -IsOffline $False
Get-Disk | Where-Object isReadOnly -Eq $True | Set-Disk -IsReadOnly $False
# Set Administrator password
$admin = [adsi]("WinNT://./administrator, user")
$admin.psbase.invoke("SetPassword", "${random_string.windows_admin_password}")
# Run Consul
$ipaddr = Test-Connection $env:COMPUTERNAME -Count 1 | Select IPV4Address
cat C:\ops\shared\consul\consul.json | \
%{$_ -replace "IP_ADDRESS","$ipaddr"} | \
%{$_ -replace "RETRY_JOIN","${var.retry_join} > C:\ops\consul.d\config.json
sc.exe create "Consul" binPath= "C:\ops\bin\consul.exe" agent -config-dir C:\ops\consul.d" start= auto
sc.exe start "Consul"
</powershell>
EOF
iam_instance_profile = "${aws_iam_instance_profile.instance_profile.name}"
provisioner "file" {
content = "${file("${path.root}/configs/${var.indexed == false ? "client.hcl" : "indexed/client-${count.index}.hcl"}")}"
destination = "C:\\ops\\nomad.d\\client.hcl"
connection {
user = "Administrator"
private_key = "${module.keys.private_key_pem}"
}
}
provisioner "remote-exec" {
inline = [
"aws s3 cp s3://nomad-team-test-binary/builds-oss/${var.nomad_sha}.tar.gz nomad.tar.gz",
"Expand-7Zip .\nomad.tar.gz -C C:\\ops\\bin",
]
connection {
user = "Administrator"
private_key = "${module.keys.private_key_pem}"
}
}
}
......@@ -28,6 +28,11 @@ variable "client_count" {
default = "4"
}
variable "windows_client_count" {
description = "The number of windows clients to provision."
default = "1"
}
variable "retry_join" {
description = "Used by Consul to automatically form a cluster."
default = "provider=aws tag_key=ConsulAutoJoin tag_value=auto-join"
......@@ -49,9 +54,9 @@ locals {
# Generates keys to use for provisioning and access
module "keys" {
name = "${local.random_name}"
path = "${path.root}/keys"
source = "mitchellh/dynamic-keys/aws"
name = "${local.random_name}"
path = "${path.root}/keys"
source = "mitchellh/dynamic-keys/aws"
version = "v1.0.0"
}
......@@ -69,8 +74,8 @@ output "servers" {
value = "${aws_instance.server.*.public_ip}"
}
output "clients" {
value = "${aws_instance.client.*.public_ip}"
output "linux_clients" {
value = "${aws_instance.client_linux.*.public_ip}"
}
output "message" {
......@@ -79,8 +84,8 @@ Your cluster has been provisioned! - To prepare your environment, run the
following:
```
export NOMAD_ADDR=http://${aws_instance.client.0.public_ip}:4646
export CONSUL_HTTP_ADDR=http://${aws_instance.client.0.public_ip}:8500
export NOMAD_ADDR=http://${aws_instance.client_linux.0.public_ip}:4646
export CONSUL_HTTP_ADDR=http://${aws_instance.client_linux.0.public_ip}:8500
export NOMAD_E2E=1
```
......@@ -92,7 +97,7 @@ go test -v ./e2e
ssh into nodes with:
```
ssh -i keys/${local.random_name}.pem ubuntu@${aws_instance.client.0.public_ip}
ssh -i keys/${local.random_name}.pem ubuntu@${aws_instance.client_linux.0.public_ip}
```
EOM
}
......@@ -34,6 +34,13 @@
"Set-PSRepository -InstallationPolicy Untrusted -Name PSGallery"
]
},
{
"type": "powershell",
"inline": [
"Set-PSRepository -InstallationPolicy Trusted -Name PSGallery",
"Install-Package -Force 7Zip4PowerShell",
"Set-PSRepository -InstallationPolicy Untrusted -Name PSGallery"
},
{
"type": "powershell",
"scripts": [
......
# This script hardens TLS configuration by disabling weak and broken protocols
# and enabling useful protocols like TLS 1.1 and 1.1.
# and enabling useful protocols like TLS 1.1 and 1.2.
$RunningAsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
if (!$RunningAsAdmin) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment