X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=fdio.infra.terraform%2F1n_nmd%2Fmain.tf;h=ed4f2b5ac3f1100da9cb988a3d9636114a8be2ee;hb=885c2e223f18e26fa75ec6c1e4ef468e60cd6afd;hp=d48f12a046d304604f3bf25443a2a00f1066477f;hpb=8843893ca7531cbb2212a5ed79882909c8374381;p=csit.git diff --git a/fdio.infra.terraform/1n_nmd/main.tf b/fdio.infra.terraform/1n_nmd/main.tf index d48f12a046..ed4f2b5ac3 100644 --- a/fdio.infra.terraform/1n_nmd/main.tf +++ b/fdio.infra.terraform/1n_nmd/main.tf @@ -5,24 +5,24 @@ # and have them automatically associated with the root provider # configurations. module "alertmanager" { - source = "./alertmanager" - providers = { + source = "./alertmanager" + providers = { nomad = nomad.yul1 } # nomad - nomad_datacenters = [ "yul1" ] + nomad_datacenters = ["yul1"] # alertmanager - alertmanager_job_name = "prod-alertmanager" - alertmanager_use_canary = true - alertmanager_group_count = 1 - alertmanager_vault_secret = { - use_vault_provider = false, - vault_kv_policy_name = "kv-secret", - vault_kv_path = "secret/data/prometheus", - vault_kv_field_access_key = "access_key", - vault_kv_field_secret_key = "secret_key" + alertmanager_job_name = "prod-alertmanager" + alertmanager_use_canary = true + alertmanager_group_count = 1 + alertmanager_vault_secret = { + use_vault_provider = false, + vault_kv_policy_name = "kv-secret", + vault_kv_path = "secret/data/prometheus", + vault_kv_field_access_key = "access_key", + vault_kv_field_secret_key = "secret_key" } alertmanager_version = "0.21.0" alertmanager_cpu = 1000 @@ -35,131 +35,160 @@ module "alertmanager" { } module "grafana" { - source = "./grafana" - providers = { + source = "./grafana" + providers = { nomad = nomad.yul1 } # nomad - nomad_datacenters = [ "yul1" ] + nomad_datacenters = ["yul1"] # grafana - grafana_job_name = "prod-grafana" - grafana_use_canary = true - grafana_group_count = 1 - grafana_vault_secret = { - use_vault_provider = false, - vault_kv_policy_name = "kv-secret", - vault_kv_path = "secret/data/grafana", - vault_kv_field_access_key = "access_key", - vault_kv_field_secret_key = "secret_key" + grafana_job_name = "prod-grafana" + grafana_use_canary = true + grafana_group_count = 1 + grafana_vault_secret = { + use_vault_provider = false, + vault_kv_policy_name = "kv-secret", + vault_kv_path = "secret/data/grafana", + vault_kv_field_access_key = "access_key", + vault_kv_field_secret_key = "secret_key" } - grafana_container_image = "grafana/grafana:7.3.7" - grafana_cpu = 1000 - grafana_mem = 2048 - grafana_port = 3000 + grafana_container_image = "grafana/grafana:7.3.7" + grafana_cpu = 1000 + grafana_mem = 2048 + grafana_port = 3000 } -module "minio" { - source = "./minio" - providers = { +#module "minio" { +# source = "./minio" +# providers = { +# nomad = nomad.yul1 +# } +# +# # nomad +# nomad_datacenters = ["yul1"] +# nomad_host_volume = "prod-volume-data1-1" +# +# # minio +# minio_job_name = "prod-minio" +# minio_group_count = 4 +# minio_service_name = "storage" +# minio_host = "http://10.32.8.1{4...7}" +# minio_port = 9000 +# minio_container_image = "minio/minio:RELEASE.2021-07-27T02-40-15Z" +# minio_vault_secret = { +# use_vault_provider = false, +# vault_kv_policy_name = "kv-secret", +# vault_kv_path = "secret/data/minio", +# vault_kv_field_access_key = "access_key", +# vault_kv_field_secret_key = "secret_key" +# } +# minio_data_dir = "/data/" +# minio_use_host_volume = true +# minio_use_canary = true +# minio_envs = ["MINIO_BROWSER=\"off\""] +# +# minio_buckets = ["logs.fd.io"] +#} + +data "vault_generic_secret" "minio_creds" { + path = "kv/secret/data/minio" +} + +module "minio_s3_gateway" { + source = "./minio_s3_gateway" + providers = { nomad = nomad.yul1 } # nomad - nomad_datacenters = [ "yul1" ] - nomad_host_volume = "prod-volume-data1-1" + datacenters = ["yul1"] + volume_source = "prod-volume-data1-1" # minio - minio_job_name = "prod-minio" - minio_group_count = 4 - minio_service_name = "storage" - minio_host = "http://10.32.8.1{4...7}" - minio_port = 9000 - minio_container_image = "minio/minio:RELEASE.2021-07-27T02-40-15Z" - minio_vault_secret = { - use_vault_provider = false, - vault_kv_policy_name = "kv-secret", - vault_kv_path = "secret/data/minio", - vault_kv_field_access_key = "access_key", - vault_kv_field_secret_key = "secret_key" - } - minio_data_dir = "/data/" - minio_use_host_volume = true - minio_use_canary = true - minio_envs = [ "MINIO_BROWSER=\"off\"" ] - - # minio client - mc_job_name = "prod-mc" - mc_container_image = "minio/mc:RELEASE.2021-07-27T02-40-15Z" - mc_extra_commands = [ - "mc policy set public LOCALMINIO/logs.fd.io", - "mc policy set public LOCALMINIO/docs.fd.io", - "mc ilm add --expiry-days '180' LOCALMINIO/logs.fd.io", - "mc admin user add LOCALMINIO storage Storage1234", - "mc admin policy set LOCALMINIO writeonly user=storage" + job_name = "minio-s3-gateway" + group_count = 4 + service_name = "minio" + mode = "gateway" + port_base = 9001 + port_console = 9002 + image = "minio/minio:latest" + access_key = data.vault_generic_secret.minio_creds.data["access_key"] + secret_key = data.vault_generic_secret.minio_creds.data["secret_key"] + volume_destination = "/data/" + use_host_volume = true + use_canary = true + envs = [ + "MINIO_BROWSER=\"off\"", + "MINIO_CACHE=\"on\"", + "MINIO_CACHE_DRIVES=\"/data/s3_cache1\"", + "MINIO_CACHE_EXCLUDE=\"\"", + "MINIO_CACHE_QUOTA=80", + "MINIO_CACHE_AFTER=1", + "MINIO_CACHE_WATERMARK_LOW=70", + "MINIO_CACHE_WATERMARK_HIGH=90" ] - minio_buckets = [ "logs.fd.io", "docs.fd.io" ] } -module "nginx" { - source = "./nginx" - providers = { - nomad = nomad.yul1 - } - - # nomad - nomad_datacenters = [ "yul1" ] - nomad_host_volume = "prod-volume-data1-1" - - # nginx - nginx_job_name = "prod-nginx" - nginx_use_host_volume = true -} +#module "nginx" { +# source = "./nginx" +# providers = { +# nomad = nomad.yul1 +# } +# +# # nomad +# nomad_datacenters = ["yul1"] +# nomad_host_volume = "prod-volume-data1-1" +# +# # nginx +# nginx_job_name = "prod-nginx" +# nginx_use_host_volume = true +#} module "prometheus" { - source = "./prometheus" - providers = { + source = "./prometheus" + providers = { nomad = nomad.yul1 } # nomad - nomad_datacenters = [ "yul1" ] - nomad_host_volume = "prod-volume-data1-1" + nomad_datacenters = ["yul1"] + nomad_host_volume = "prod-volume-data1-1" # prometheus - prometheus_job_name = "prod-prometheus" - prometheus_use_canary = true - prometheus_group_count = 4 - prometheus_vault_secret = { - use_vault_provider = false, - vault_kv_policy_name = "kv-secret", - vault_kv_path = "secret/data/prometheus", - vault_kv_field_access_key = "access_key", - vault_kv_field_secret_key = "secret_key" + prometheus_job_name = "prod-prometheus" + prometheus_use_canary = true + prometheus_group_count = 4 + prometheus_vault_secret = { + use_vault_provider = false, + vault_kv_policy_name = "kv-secret", + vault_kv_path = "secret/data/prometheus", + vault_kv_field_access_key = "access_key", + vault_kv_field_secret_key = "secret_key" } - prometheus_data_dir = "/data/" - prometheus_use_host_volume = true - prometheus_version = "2.28.1" - prometheus_cpu = 2000 - prometheus_mem = 8192 - prometheus_port = 9090 + prometheus_data_dir = "/data/" + prometheus_use_host_volume = true + prometheus_version = "2.28.1" + prometheus_cpu = 2000 + prometheus_mem = 8192 + prometheus_port = 9090 } module "vpp_device" { - source = "./vpp_device" - providers = { + source = "./vpp_device" + providers = { nomad = nomad.yul1 } # nomad - nomad_datacenters = [ "yul1" ] + nomad_datacenters = ["yul1"] # csit_shim - csit_shim_job_name = "prod-device-csit-shim" - csit_shim_group_count = "1" - csit_shim_cpu = "1500" - csit_shim_mem = "4096" - csit_shim_image_aarch64 = "fdiotools/csit_shim-ubuntu2004:2021_03_02_143938_UTC-aarch64" - csit_shim_image_x86_64 = "fdiotools/csit_shim-ubuntu2004:2021_03_04_142103_UTC-x86_64" + csit_shim_job_name = "prod-device-csit-shim" + csit_shim_group_count = "1" + csit_shim_cpu = "1500" + csit_shim_mem = "4096" + csit_shim_image_aarch64 = "fdiotools/csit_shim-ubuntu2004:2021_03_02_143938_UTC-aarch64" + csit_shim_image_x86_64 = "fdiotools/csit_shim-ubuntu2004:2021_03_04_142103_UTC-x86_64" }