diff options
author | pmikus <pmikus@cisco.com> | 2020-12-09 20:11:42 +0000 |
---|---|---|
committer | Peter Mikus <pmikus@cisco.com> | 2020-12-12 07:59:30 +0000 |
commit | fd4d85865e145f12330a4266be48fbdd6e919cf4 (patch) | |
tree | a94252782163c250a29a0551ba48df2e023d0692 /resources/tools/terraform/1n_nmd/prod_storage/prod-nginx.nomad | |
parent | 688a68a8f6d8a69a85cb76421a16dff9c4105c52 (diff) |
Refactor storage solution
+ Minio terraform module
+ XL mode enabled with erasure code
+ Upload script as a sample
+ Nginx terraform module
+ Updating ansible to reflect changes
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: Ia8c439b749aa0de82bd6f1d0cfbecce4d7000a8f
Diffstat (limited to 'resources/tools/terraform/1n_nmd/prod_storage/prod-nginx.nomad')
-rw-r--r-- | resources/tools/terraform/1n_nmd/prod_storage/prod-nginx.nomad | 270 |
1 files changed, 0 insertions, 270 deletions
diff --git a/resources/tools/terraform/1n_nmd/prod_storage/prod-nginx.nomad b/resources/tools/terraform/1n_nmd/prod_storage/prod-nginx.nomad deleted file mode 100644 index 2af62a06c3..0000000000 --- a/resources/tools/terraform/1n_nmd/prod_storage/prod-nginx.nomad +++ /dev/null @@ -1,270 +0,0 @@ -job "prod-nginx" { - # The "region" parameter specifies the region in which to execute the job. - # If omitted, this inherits the default region name of "global". - # region = "global" - # - # The "datacenters" parameter specifies the list of datacenters which should - # be considered when placing this task. This must be provided. - datacenters = [ "yul1" ] - - # The "type" parameter controls the type of job, which impacts the scheduler's - # decision on placement. This configuration is optional and defaults to - # "service". For a full list of job types and their differences, please see - # the online documentation. - # - # For more information, please see the online documentation at: - # - # https://www.nomadproject.io/docs/jobspec/schedulers.html - # - type = "service" - - update { - # The "max_parallel" parameter specifies the maximum number of updates to - # perform in parallel. In this case, this specifies to update a single task - # at a time. - max_parallel = 0 - - # The "min_healthy_time" parameter specifies the minimum time the allocation - # must be in the healthy state before it is marked as healthy and unblocks - # further allocations from being updated. - min_healthy_time = "10s" - - # The "healthy_deadline" parameter specifies the deadline in which the - # allocation must be marked as healthy after which the allocation is - # automatically transitioned to unhealthy. Transitioning to unhealthy will - # fail the deployment and potentially roll back the job if "auto_revert" is - # set to true. - healthy_deadline = "3m" - - # The "progress_deadline" parameter specifies the deadline in which an - # allocation must be marked as healthy. The deadline begins when the first - # allocation for the deployment is created and is reset whenever an allocation - # as part of the deployment transitions to a healthy state. If no allocation - # transitions to the healthy state before the progress deadline, the - # deployment is marked as failed. - progress_deadline = "10m" - - # The "auto_revert" parameter specifies if the job should auto-revert to the - # last stable job on deployment failure. A job is marked as stable if all the - # allocations as part of its deployment were marked healthy. - auto_revert = false - - # The "canary" parameter specifies that changes to the job that would result - # in destructive updates should create the specified number of canaries - # without stopping any previous allocations. Once the operator determines the - # canaries are healthy, they can be promoted which unblocks a rolling update - # of the remaining allocations at a rate of "max_parallel". - # - # Further, setting "canary" equal to the count of the task group allows - # blue/green deployments. When the job is updated, a full set of the new - # version is deployed and upon promotion the old version is stopped. - canary = 0 - } - - # The reschedule stanza specifies the group's rescheduling strategy. If - # specified at the job level, the configuration will apply to all groups - # within the job. If the reschedule stanza is present on both the job and the - # group, they are merged with the group stanza taking the highest precedence - # and then the job. - reschedule { - delay = "30s" - delay_function = "constant" - unlimited = true - } - - - # The "group" stanza defines a series of tasks that should be co-located on - # the same Nomad client. Any task within a group will be placed on the same - # client. - # - # For more information and examples on the "group" stanza, please see - # the online documentation at: - # - # https://www.nomadproject.io/docs/job-specification/group.html - # - group "prod-group1-nginx" { - # The "count" parameter specifies the number of the task groups that should - # be running under this group. This value must be non-negative and defaults - # to 1. - count = 1 - - # The restart stanza configures a tasks's behavior on task failure. Restarts - # happen on the client that is running the task. - restart { - interval = "10m" - attempts = 2 - delay = "15s" - mode = "fail" - } - - # All groups in this job should be scheduled on different hosts. - constraint { - operator = "distinct_hosts" - value = "false" - } - - # Prioritize one node. - affinity { - attribute = "${attr.unique.hostname}" - value = "s46-nomad" - weight = 100 - } - - # The volume stanza allows the group to specify that it requires a given - # volume from the cluster. - # - # For more information and examples on the "volume" stanza, please see - # the online documentation at: - # - # https://www.nomadproject.io/docs/job-specification/volume - volume "prod-volume1-storage" { - type = "host" - read_only = false - source = "prod-volume-data1-1" - } - - # The "task" stanza creates an individual unit of work, such as a Docker - # container, web application, or batch processing. - # - # For more information and examples on the "task" stanza, please see - # the online documentation at: - # - # https://www.nomadproject.io/docs/job-specification/task.html - # - task "prod-task1-nginx" { - # The "driver" parameter specifies the task driver that should be used to - # run the task. - driver = "docker" - - volume_mount { - volume = "prod-volume1-storage" - destination = "/data/" - read_only = true - } - - # The "config" stanza specifies the driver configuration, which is passed - # directly to the driver to start the task. The details of configurations - # are specific to each driver, so please see specific driver - # documentation for more information. - config { - image = "nginx:stable" - dns_servers = [ "${attr.unique.network.ip-address}" ] - port_map { - https = 443 - } - privileged = false - volumes = [ - "/etc/consul.d/ssl/consul.pem:/etc/ssl/certs/nginx-cert.pem", - "/etc/consul.d/ssl/consul-key.pem:/etc/ssl/private/nginx-key.pem", - "custom/logs.conf:/etc/nginx/conf.d/logs.conf", - "custom/docs.conf:/etc/nginx/conf.d/docs.conf" - ] - } - - # The "template" stanza instructs Nomad to manage a template, such as - # a configuration file or script. This template can optionally pull data - # from Consul or Vault to populate runtime configuration data. - # - # For more information and examples on the "template" stanza, please see - # the online documentation at: - # - # https://www.nomadproject.io/docs/job-specification/template.html - # - template { - data = <<EOH - server { - listen 443 ssl default_server; - server_name logs.nginx.service.consul; - keepalive_timeout 70; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 10m; - ssl_protocols TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384"; - ssl_certificate /etc/ssl/certs/nginx-cert.pem; - ssl_certificate_key /etc/ssl/private/nginx-key.pem; - location / { - root /data/logs.fd.io; - index _; - autoindex on; - autoindex_exact_size on; - autoindex_format html; - autoindex_localtime off; - } - location ~ \.(html.gz)$ { - root /data/logs.fd.io; - add_header Content-Encoding gzip; - add_header Content-Type text/html; - } - location ~ \.(txt.gz|log.gz)$ { - root /data/logs.fd.io; - add_header Content-Encoding gzip; - add_header Content-Type text/plain; - } - location ~ \.(xml.gz)$ { - root /data/logs.fd.io; - add_header Content-Encoding gzip; - add_header Content-Type application/xml; - } - } - EOH - destination = "custom/logs.conf" - } - template { - data = <<EOH - server { - listen 443 ssl; - server_name docs.nginx.service.consul; - keepalive_timeout 70; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 10m; - ssl_protocols TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384"; - ssl_certificate /etc/ssl/certs/nginx-cert.pem; - ssl_certificate_key /etc/ssl/private/nginx-key.pem; - location / { - root /data/docs.fd.io; - index index.html index.htm; - } - } - EOH - destination = "custom/docs.conf" - } - - # The service stanza instructs Nomad to register a service with Consul. - # - # For more information and examples on the "task" stanza, please see - # the online documentation at: - # - # https://www.nomadproject.io/docs/job-specification/service.html - # - service { - name = "nginx" - port = "https" - tags = [ "docs", "logs" ] - } - - # The "resources" stanza describes the requirements a task needs to - # execute. Resource requirements include memory, network, cpu, and more. - # This ensures the task will execute on a machine that contains enough - # resource capacity. - # - # For more information and examples on the "resources" stanza, please see - # the online documentation at: - # - # https://www.nomadproject.io/docs/job-specification/resources.html - # - resources { - cpu = 1000 - memory = 1024 - network { - mode = "bridge" - port "https" { - static = 443 - } - } - } - } - } -}
\ No newline at end of file |