fdio.infra.terraform/1n_nmd/main.tf

   1 # For convenience in simple configurations, a child module automatically
   2 # inherits default (un-aliased) provider configurations from its parent.
   3 # This means that explicit provider blocks appear only in the root module,
   4 # and downstream modules can simply declare resources for that provider
   5 # and have them automatically associated with the root provider
   6 # configurations.
   7 module "grafana" {
   8   source = "./grafana"
   9   providers = {
  10     nomad = nomad.yul1
  11   }
  12
  13   # nomad
  14   nomad_datacenters = ["yul1"]
  15
  16   # grafana
  17   grafana_job_name    = "prod-grafana"
  18   grafana_use_canary  = true
  19   grafana_group_count = 1
  20   grafana_vault_secret = {
  21     use_vault_provider        = false,
  22     vault_kv_policy_name      = "kv-secret",
  23     vault_kv_path             = "secret/data/grafana",
  24     vault_kv_field_access_key = "access_key",
  25     vault_kv_field_secret_key = "secret_key"
  26   }
  27   grafana_container_image = "grafana/grafana:7.3.7"
  28   grafana_cpu             = 1000
  29   grafana_mem             = 2048
  30   grafana_port            = 3000
  31 }
  32
  33 #module "minio" {
  34 #  source = "./minio"
  35 #  providers = {
  36 #    nomad = nomad.yul1
  37 #  }
  38 #
  39 #  # nomad
  40 #  nomad_datacenters = ["yul1"]
  41 #  nomad_host_volume = "prod-volume-data1-1"
  42 #
  43 #  # minio
  44 #  minio_job_name        = "prod-minio"
  45 #  minio_group_count     = 4
  46 #  minio_service_name    = "storage"
  47 #  minio_host            = "http://10.32.8.1{4...7}"
  48 #  minio_port            = 9000
  49 #  minio_container_image = "minio/minio:RELEASE.2021-07-27T02-40-15Z"
  50 #  minio_vault_secret = {
  51 #    use_vault_provider        = false,
  52 #    vault_kv_policy_name      = "kv-secret",
  53 #    vault_kv_path             = "secret/data/minio",
  54 #    vault_kv_field_access_key = "access_key",
  55 #    vault_kv_field_secret_key = "secret_key"
  56 #  }
  57 #  minio_data_dir        = "/data/"
  58 #  minio_use_host_volume = true
  59 #  minio_use_canary      = true
  60 #  minio_envs            = ["MINIO_BROWSER=\"off\""]
  61 #
  62 #  minio_buckets = ["logs.fd.io"]
  63 #}
  64
  65 data "vault_generic_secret" "minio_creds" {
  66   path = "kv/secret/data/minio"
  67 }
  68
  69 module "minio_s3_gateway" {
  70   source = "./minio_s3_gateway"
  71   providers = {
  72     nomad = nomad.yul1
  73   }
  74
  75   # nomad
  76   datacenters   = ["yul1"]
  77   volume_source = "prod-volume-data1-1"
  78
  79   # minio
  80   job_name           = "minio-s3-gateway"
  81   group_count        = 4
  82   service_name       = "minio"
  83   mode               = "gateway"
  84   port_base          = 9001
  85   port_console       = 9002
  86   image              = "minio/minio:latest"
  87   access_key         = data.vault_generic_secret.minio_creds.data["access_key"]
  88   secret_key         = data.vault_generic_secret.minio_creds.data["secret_key"]
  89   volume_destination = "/data/"
  90   use_host_volume    = true
  91   use_canary         = true
  92   envs = [
  93     "MINIO_BROWSER=\"off\"",
  94     "MINIO_CACHE=\"on\"",
  95     "MINIO_CACHE_DRIVES=\"/data/s3_cache1\"",
  96     "MINIO_CACHE_EXCLUDE=\"\"",
  97     "MINIO_CACHE_QUOTA=80",
  98     "MINIO_CACHE_AFTER=1",
  99     "MINIO_CACHE_WATERMARK_LOW=70",
 100     "MINIO_CACHE_WATERMARK_HIGH=90"
 101   ]
 102 }
 103
 104 #module "nginx" {
 105 #  source = "./nginx"
 106 #  providers = {
 107 #    nomad = nomad.yul1
 108 #  }
 109 #
 110 #  # nomad
 111 #  nomad_datacenters = ["yul1"]
 112 #  nomad_host_volume = "prod-volume-data1-1"
 113 #
 114 #  # nginx
 115 #  nginx_job_name        = "prod-nginx"
 116 #  nginx_use_host_volume = true
 117 #}
 118
 119 module "prometheus" {
 120   source = "./prometheus"
 121   providers = {
 122     nomad = nomad.yul1
 123   }
 124
 125   # nomad
 126   nomad_datacenters = ["yul1"]
 127   nomad_host_volume = "prod-volume-data1-1"
 128
 129   # prometheus
 130   prometheus_job_name    = "prod-prometheus"
 131   prometheus_use_canary  = true
 132   prometheus_group_count = 4
 133   prometheus_vault_secret = {
 134     use_vault_provider        = false,
 135     vault_kv_policy_name      = "kv-secret",
 136     vault_kv_path             = "secret/data/prometheus",
 137     vault_kv_field_access_key = "access_key",
 138     vault_kv_field_secret_key = "secret_key"
 139   }
 140   prometheus_data_dir        = "/data/"
 141   prometheus_use_host_volume = true
 142   prometheus_version         = "2.28.1"
 143   prometheus_cpu             = 2000
 144   prometheus_mem             = 8192
 145   prometheus_port            = 9090
 146 }
 147
 148 module "vpp_device" {
 149   source = "./vpp_device"
 150   providers = {
 151     nomad = nomad.yul1
 152   }
 153
 154   # nomad
 155   nomad_datacenters = ["yul1"]
 156
 157   # csit_shim
 158   csit_shim_job_name      = "prod-device-csit-shim"
 159   csit_shim_group_count   = "1"
 160   csit_shim_cpu           = "1500"
 161   csit_shim_mem           = "4096"
 162   csit_shim_image_aarch64 = "fdiotools/csit_shim-ubuntu2004:2021_03_02_143938_UTC-aarch64"
 163   csit_shim_image_x86_64  = "fdiotools/csit_shim-ubuntu2004:2021_03_04_142103_UTC-x86_64"
 164 }