Skip to content

Latest commit

 

History

History

nomad_servers

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

Nomad servers AMI

AMI with Nomad and Consul binaries installed. DNSmasq is also configured to use the local Consul agent as its DNS server.

This is based on this example.

Pre-requisites

In addition to Ansible and Packer, you will need to install the following on your machine:

Configuration Options

See this page for more information.

  • ami_base_name: Base name for the AMI image. The timestamp will be appended
  • aws_region: AWS Region
  • subnet_id: ID of subnet to run the builder instance in
  • temporary_security_group_source_cidr: Temporary CIDR to allow SSH access from
  • associate_public_ip_address: Associate to true if the machine provisioned is to be connected via the internet
  • ssh_interface: One of public_ip, private_ip, public_dns or private_dns. If set, either the public IP address, private IP address, public DNS name or private DNS name will used as the host for SSH. The default behaviour if inside a VPC is to use the public IP address if available, otherwise the private IP address will be used. If not in a VPC the public DNS name will be used.
  • nomad_version: Version of Nomad to install
  • consul_module_version: Version of the Terraform Consul repository to use
  • nomad_module_version: Version of the Nomad Module to use.
  • consul_version: Version of Consul to install
  • vault_version: Version of Vault to install
  • vault_module_version: Version of the Vault Module to use.
  • td_agent_config_file: Path to td-agent config file to template copy from. Install td-agent if path is non-empty.
  • td_agent_config_vars_file: Path to variables file to include for value interpolation for td-agent config file. Only included if the value is not empty. include_vars includes the variables into config_vars variable, i.e. if xxx value is defined in the variables file, you will need to do {{ config_vars.xxx }} to get the interpolation working.
  • ca_certificate: Path to the CA certificate you have generated to install on the machine. Set to empty to not install anything.
  • extra_vars: Additional variables to pass to Ansible via the -e flag. This is useful for additional variables that are available in the Ansible playbooks used to provision the packer images.

Post Bootstrap Configuration

After the initial bootstrap, if you have applied one of the following post bootstrap modules, you should set the following options to install whatever pre-requisite is required in the AMI:

  • Vault PKI

The following options are common to all of the integrations:

  • consul_host: The host for which Consul is accessible. Defaults to empty. If set to empty, all post bootstrap integration will be disabled.
  • consul_port: Port where Consul is accessible. Defaults to 443
  • consul_scheme: Scheme to access Consul. Defaults to "https"
  • consul_token: ACL token to access Consul
  • consul_integration_prefix: Prefix to look for Consul integration values. Do not change this unless you have also modified the values in the appropriate modules. Defaults to "terraform/"

Building Image

If you have a vars.json variables file containing changes to the above variables, you may run:

packer build \
    -var-file=vars.json \
    packer.json

Otherwise if you wish to use the default variable values, simply run:

packer build packer.json

If you have enabled the post-bootstrap integration, you can use terraform output to get the URL of your Consul servers. In this way, you can use the same command for pre and post bootstrap builds of your AMI.

packer build \
    -var-file=vars.json \
    -var consul_host="$(terraform output consul_api_address || echo -n '')" \
    packer.json

Components Installed

This Packer image will the following:

  • Consul: /opt/consul
  • Nomad: /opt/nomad
  • Vault: /opt/vault
  • td-agent: As a Debian package
  • telegraf As a Debian package
  • consul-template: /opt/consul-template

You can use consul-template to template files using data from Consul and Vault. Simply define the template using a new configuration file (in HCL, with the template stanza) and write the configuration file to /opt/consul-template/config. You can send the SIGHUP signal using systemctl kill -s signal SIGHUP consul-template to ask consul-template to reload its configuration.