fluence/deployment/job.tf

variable "replicas" {
  description = "replicas to run"
  type        = string
}

variable "nox" {
  description = "nox docker image"
  type        = string
}

resource "consul_keys" "configs" {
  # nox config
  key {
    path   = "configs/fluence/nox/Config.toml"
    value  = file("Config.toml")
    delete = true
  }

  # promtail config
  key {
    path   = "configs/fluence/nox/promtail.yml"
    value  = file("promtail.yml")
    delete = true
  }
}

resource "vault_policy" "nox" {
  name   = "${terraform.workspace}/nox"
  policy = <<-EOT
    path "kv/nox/${terraform.workspace}/*"
    {
      capabilities = ["read"]
    }
  EOT
}

resource "vault_policy" "promtail" {
  name   = "${terraform.workspace}/nox/promtail"
  policy = <<-EOT
    path "kv/loki/basicauth/promtail"
    {
      capabilities = ["read"]
    }
  EOT
}

resource "nomad_csi_volume" "nox" {
  count = var.replicas

  namespace    = "fluence"
  plugin_id    = "do-csi"
  volume_id    = "nox[${count.index}]"
  name         = "${terraform.workspace}-nox-${count.index}"
  capacity_min = "50GiB"
  capacity_max = "50GiB"

  capability {
    access_mode     = "single-node-writer"
    attachment_mode = "file-system"
  }

  mount_options {
    fs_type     = "ext4"
    mount_flags = ["noatime"]
  }
}

resource "nomad_job" "nox" {
  depends_on = [
    nomad_csi_volume.nox,
    vault_policy.nox,
    vault_policy.promtail,
    consul_keys.configs,
  ]

  jobspec          = file("${path.module}/job.nomad.hcl")
  detach           = false
  purge_on_destroy = true

  hcl2 {
    vars = {
      env             = terraform.workspace
      replicas        = var.replicas
      nox-image       = var.nox
      nox-policy      = "${terraform.workspace}/nox"
      promtail-policy = "${terraform.workspace}/nox/promtail"
    }
  }
}

resource "cloudflare_record" "nox" {
  count = var.replicas

  zone_id = data.cloudflare_zone.fluence_dev.zone_id
  name    = "${count.index}-${terraform.workspace}"
  value   = data.terraform_remote_state.state.outputs.ingress_ip4
  type    = "A"
}

resource "cloudflare_record" "nox-legacy" {
  zone_id = data.cloudflare_zone.fluence_dev.zone_id
  name    = terraform.workspace
  value   = data.terraform_remote_state.state.outputs.ingress_ip4
  type    = "A"
}

data "vault_generic_secret" "keys" {
  count = var.replicas
  path  = "kv/nox/${terraform.workspace}/nodes/${count.index}"
}

output "peer_ids" {
  value = [
    for i in range(var.replicas) :
    "/dns4/${i}-${terraform.workspace}.fluence.dev/tcp/9000/wss/p2p/${data.vault_generic_secret.keys.*.data[i].peer_id}"
  ]
  sensitive = true
}
Initial commit 2023-07-11 14:45:36 +03:00			`variable "replicas" {`
			`description = "replicas to run"`
			`type = string`
			`}`

			`variable "nox" {`
			`description = "nox docker image"`
			`type = string`
			`}`

			`resource "consul_keys" "configs" {`
			`# nox config`
			`key {`
			`path = "configs/fluence/nox/Config.toml"`
			`value = file("Config.toml")`
			`delete = true`
			`}`

			`# promtail config`
			`key {`
			`path = "configs/fluence/nox/promtail.yml"`
			`value = file("promtail.yml")`
			`delete = true`
			`}`
			`}`

			`resource "vault_policy" "nox" {`
			`name = "${terraform.workspace}/nox"`
			`policy = <<-EOT`
			`path "kv/nox/${terraform.workspace}/*"`
			`{`
			`capabilities = ["read"]`
			`}`
			`EOT`
			`}`

			`resource "vault_policy" "promtail" {`
			`name = "${terraform.workspace}/nox/promtail"`
			`policy = <<-EOT`
			`path "kv/loki/basicauth/promtail"`
			`{`
			`capabilities = ["read"]`
			`}`
			`EOT`
			`}`

			`resource "nomad_csi_volume" "nox" {`
			`count = var.replicas`

			`namespace = "fluence"`
			`plugin_id = "do-csi"`
			`volume_id = "nox[${count.index}]"`
			`name = "${terraform.workspace}-nox-${count.index}"`
			`capacity_min = "50GiB"`
			`capacity_max = "50GiB"`

			`capability {`
			`access_mode = "single-node-writer"`
			`attachment_mode = "file-system"`
			`}`

			`mount_options {`
			`fs_type = "ext4"`
			`mount_flags = ["noatime"]`
			`}`
			`}`

			`resource "nomad_job" "nox" {`
			`depends_on = [`
			`nomad_csi_volume.nox,`
			`vault_policy.nox,`
			`vault_policy.promtail,`
			`consul_keys.configs,`
			`]`

			`jobspec = file("${path.module}/job.nomad.hcl")`
			`detach = false`
			`purge_on_destroy = true`

			`hcl2 {`
			`vars = {`
			`env = terraform.workspace`
			`replicas = var.replicas`
			`nox-image = var.nox`
			`nox-policy = "${terraform.workspace}/nox"`
			`promtail-policy = "${terraform.workspace}/nox/promtail"`
			`}`
			`}`
			`}`

			`resource "cloudflare_record" "nox" {`
			`count = var.replicas`

			`zone_id = data.cloudflare_zone.fluence_dev.zone_id`
			`name = "${count.index}-${terraform.workspace}"`
			`value = data.terraform_remote_state.state.outputs.ingress_ip4`
			`type = "A"`
			`}`

			`resource "cloudflare_record" "nox-legacy" {`
			`zone_id = data.cloudflare_zone.fluence_dev.zone_id`
			`name = terraform.workspace`
			`value = data.terraform_remote_state.state.outputs.ingress_ip4`
			`type = "A"`
			`}`

			`data "vault_generic_secret" "keys" {`
			`count = var.replicas`
			`path = "kv/nox/${terraform.workspace}/nodes/${count.index}"`
			`}`

			`output "peer_ids" {`
			`value = [`
			`for i in range(var.replicas) :`
			`"/dns4/${i}-${terraform.workspace}.fluence.dev/tcp/9000/wss/p2p/${data.vault_generic_secret.keys.*.data[i].peer_id}"`
			`]`
			`sensitive = true`
			`}`