Merge pull request #1 from mutablelogic/dev

Release will openldap fixed and coredns added

Author: djthorpe

README.md

@@ -20,6 +20,20 @@ provider "nomad" {
 }
 ```
 
+
+## coredns
+
+DNS server which could be used to resolve nomad services into dns records
+
+   * [Documentation](https://coredns.io/)
+   * [Terraform Example](examples/coredns.tf)
+   * [Nomad Job](coredns/nomad/coredns.hcl)
+
+TODO:
+  * [ ] In progress
+  * [ ] Add nomad plugin
+  * [ ] All nomad jobs will need to use the coredns service as a dns_server option
+
 ## nginx
 
 Web server and reverse proxy, which can be placed on several nodes

_examples/coredns.tf

@@ -0,0 +1,13 @@
+
+module "coredns" {
+  source = "github.com/mutablelogic/tf-nomad//coredns"
+
+  // Required parameters
+  dc        = local.datacenter // Nomad datacenter for the cluster
+  namespace = local.namespace  // Nomad namespace for the cluster
+
+  // Optional parameters
+  enabled = true
+  hosts   = ["cm3"] // Host constraint for the job
+  port    = 53      // Port to expose for plaintext connections
+}

examples/grafana.tf renamed to _examples/grafana.tf

@@ -1,7 +1,7 @@
 
 // Example grafana dashboard example
 module "grafana" {
-  source = "github.com/mutablelogic/tf-nomad/grafana"
+  source = "github.com/mutablelogic/tf-nomad//grafana"
 
   // Required parameters  
   dc             = local.datacenter             // Nomad datacenter for the cluster

examples/influxdb.tf renamed to _examples/influxdb.tf

@@ -0,0 +1,5 @@
+.:53 {
+    forward . 8.8.8.8 9.9.9.9
+    log
+    errors
+}

examples/mosquitto.tf renamed to _examples/mosquitto.tf

@@ -0,0 +1,35 @@
+
+variable "dc" {
+  type        = string
+  description = "Data center name"
+}
+
+variable "namespace" {
+  type        = string
+  description = "Nomad namespace"
+  default     = "default"
+}
+
+variable "enabled" {
+  type        = bool
+  description = "If false, then no job is deployed"
+  default     = true
+}
+
+variable "docker_tag" {
+  type        = string
+  description = "Version of the docker image to use, defaults to latest"
+  default     = "latest"
+}
+
+variable "hosts" {
+  type        = list(string)
+  description = "List of hosts to deploy on. If empty, one allocation will be created"
+  default     = []
+}
+
+variable "port" {
+  type        = number
+  description = "Port to expose plaintext service"
+  default     = 53
+}

examples/nginx-default.conf renamed to _examples/nginx-default.conf

@@ -0,0 +1,5 @@
+
+locals {
+    docker_image = "coredns/coredns:${var.docker_tag}"
+    docker_always_pull = var.docker_tag == "latest" ? true : false
+}

examples/nginx.tf renamed to _examples/nginx.tf

@@ -0,0 +1,18 @@
+
+resource "nomad_job" "coredns" {
+  count   = var.enabled ? 1 : 0
+  jobspec = file("${path.module}/nomad/coredns.hcl")
+
+  hcl2 {
+    allow_fs = true
+    vars = {
+      dc                 = jsonencode([var.dc])
+      namespace          = var.namespace
+      docker_image       = local.docker_image
+      docker_always_pull = jsonencode(local.docker_always_pull)
+      hosts              = jsonencode(var.hosts)
+      port               = var.port
+      corefile           = file("${path.module}/config/Corefile")
+    }
+  }
+}

examples/openldap.tf renamed to _examples/openldap.tf

@@ -0,0 +1,123 @@
+
+// coredns for service discovery
+// Docker Image: https://hub.docker.com/r/coredns/coredns/
+
+///////////////////////////////////////////////////////////////////////////////
+// VARIABLES
+
+variable "dc" {
+  description = "data centers that the job is eligible to run in"
+  type        = list(string)
+}
+
+variable "namespace" {
+  description = "namespace that the job runs in"
+  type        = string
+  default     = "default"
+}
+
+variable "hosts" {
+  description = "host constraint for the job, defaults to one host"
+  type        = list(string)
+  default     = []
+}
+
+variable "service_provider" {
+  description = "Service provider, either consul or nomad"
+  type        = string
+  default     = "nomad"
+}
+
+variable "docker_image" {
+  description = "Docker image"
+  type        = string
+}
+
+variable "docker_always_pull" {
+  description = "Pull docker image on every job restart"
+  type        = bool
+  default     = false
+}
+
+variable "port" {
+  description = "Port for plaintext connections"
+  type        = number
+  default     = 53
+}
+
+variable "corefile" {
+  description = "Configuration file for coredns"
+  type        = string
+}
+
+///////////////////////////////////////////////////////////////////////////////
+// LOCALS
+
+locals {
+  core_file = format("%s/data/Corefile", NOMAD_ALLOC_DIR)
+}
+
+///////////////////////////////////////////////////////////////////////////////
+// JOB
+
+job "coredns" {
+  type        = "service"
+  datacenters = var.dc
+  namespace   = var.namespace
+
+  update {
+    min_healthy_time = "10s"
+    healthy_deadline = "5m"
+    health_check     = "task_states"
+  }
+
+  /////////////////////////////////////////////////////////////////////////////////
+
+  group "coredns" {
+    count = length(var.hosts) == 0 ? 1 : length(var.hosts)
+
+    dynamic "constraint" {
+      for_each = length(var.hosts) == 0 ? [] : [join(",", var.hosts)]
+      content {
+        attribute = node.unique.name
+        operator  = "set_contains_any"
+        value     = constraint.value
+      }
+    }
+
+    network {
+      port "dns" {
+        static = var.port
+        to     = 53
+      }
+    }
+
+    service {
+      tags     = ["dns"]
+      name     = "coredns-dns"
+      port     = "dns"
+      provider = var.service_provider
+    }
+
+    ephemeral_disk {
+      migrate = true
+    }
+
+    task "daemon" {
+      driver = "docker"
+
+      template {
+        destination = local.core_file
+        data        = var.corefile
+      }
+
+      config {
+        image      = var.docker_image
+        force_pull = var.docker_always_pull
+        ports      = ["dns"]
+        args       = ["-conf", local.core_file]
+      }
+
+    } // task "daemon"
+  }   // group "coredns"
+}     // job "coredns"

examples/postgresql.tf renamed to _examples/postgresql.tf

@@ -36,17 +36,8 @@ variable "port" {
 
 variable "data" {
   type        = string
-  description = "Directory for data persistence, required"
-}
-
-variable "ldif" {
-  type        = string
-  description = "Directory for additional ldif files, optional"
-}
-
-variable "schema" {
-  type        = string
-  description = "Directory for additional schema files, optional"
+  description = "Directory for data persistence"
+  default = ""
 }
 
 variable "admin_password" {
@@ -59,3 +50,8 @@ variable "basedn" {
   description = "LDAP distinguished name (required)"
   type        = string
 }
+
+variable "organization" {
+  description = "Organization name (required)"
+  type        = string
+}

examples/seaweedfs.tf renamed to _examples/seaweedfs.tf

@@ -0,0 +1,8 @@
+dn: cn={{ env "NOMAD_META_group" }},ou={{ env "NOMAD_META_groups" }},{{ env "NOMAD_META_basedn" }}
+cn: {{ env "NOMAD_META_group" }}
+gidNumber: {{ env "NOMAD_META_gid" }}
+objectClass: posixGroup
+objectClass: groupOfMembers
+objectClass: top
+description: {{ env "NOMAD_META_description" }}
+

examples/telegraf.tf renamed to _examples/telegraf.tf

@@ -0,0 +1,22 @@
+
+# Root
+dn: {{ env "NOMAD_META_basedn" }}
+objectClass: top
+objectClass: domain
+dc: {{ env "NOMAD_META_organization" }}
+description: Organization
+
+# Groups
+dn: ou={{ env "NOMAD_META_groups" }},{{ env "NOMAD_META_basedn" }}
+ou: {{ env "NOMAD_META_groups" }}
+objectClass: top
+objectClass: organizationalUnit
+description: User groups
+
+# Users
+dn: ou={{ env "NOMAD_META_users" }},{{ env "NOMAD_META_basedn" }}
+ou: {{ env "NOMAD_META_users" }}
+objectClass: top
+objectClass: organizationalUnit
+description: Users
+

coredns/config/Corefile

@@ -13,10 +13,17 @@ resource "nomad_job" "ldap" {
       hosts              = jsonencode(var.hosts)
       port               = var.port
       data               = var.data
-      ldif               = var.ldif
-      schema             = var.schema
       admin_password     = var.admin_password
       basedn             = var.basedn
+      organization       = var.organization
+
+      # LDIF templates which are only applied when the data directory is empty (first run)
+      ldif = jsonencode({
+        "root" = file("${path.module}/ldif/root.ldif")
+      })
+      schema = jsonencode({
+        "rfc2307bis" = file("${path.module}/schema/rfc2307bis.ldif")
+      })
     }
   }
 }