This is a small project that consist of several infrastructure-as-code tools. Packer for machine images as code, Terraform for infrastructure-as-code, and Nomad for containerized jobs as code.
I am working towards make this fully portable to anyone else with an AWS account, but for now, it makes some assumptions, like assuming a Route53 hosted zone exists, and there are a few hard coded values that have yet to be converted to variables.
There are also some additional AWS glue scripts that I have yet to find a "best" place for.
There are three main folders:
/packer- For infrequently updating an AWS AMI/terraform- For quick spin up and tear down of and EC2 instance, mostly to avoid wasted money./nomad- For quick iteration and running of Nomad jobs, assuming a Nomad instance is ready.
packerCLIterraformCLInomadCLIawsCLI- AWS Credentials; used by
packerandterraformandaws - A
./nomad/acme.jsonfile, for TLS support[!WARNING]
Annecdotally, this file poses a bit of a 🐔/🥚 scenario. I'm not sure if nomad
templatereferences to the file will break if the file doesn't exist yet, so those might have to be commented out if so.Traefik will bootstrap this file on container start. You can
docker exec -it $TRAEFIK_CONTAINER /bin/shinto the container and find theacme.jsonfile, and copy-paste it into your local machine. A persist file will make sure Traefik doesn't run into Let's Encrypt rate limits, especialyl it it needs to restart often.
Build a Amazon machine image
packer/build.shStart an EC2 instance with nomad running.
terraform -chdir ./terraform applyWarning
This will create a permissive security group. I need to look into reducing access.
nomad run ./nomad/traefik.nomadnomad run ./nomad/prometheus.nomadnomad run ./nomad/grafana.nomadNote
admin user is not created on start up. grafana/grafana#12638
nomad run -var hostname=postgres.thekevinwang.com ./nomad/postgres.nomad
# or
export NOMAD_VAR_hostname="postgres.thekevinwang.com"
nomad run ./nomad/postgres.nomadaws/route53.sh