fdio.infra.terraform/1n_nmd/main.tf

   1 # For convenience in simple configurations, a child module automatically
   2 # inherits default (un-aliased) provider configurations from its parent.
   3 # This means that explicit provider blocks appear only in the root module,
   4 # and downstream modules can simply declare resources for that provider
   5 # and have them automatically associated with the root provider
   6 # configurations.
   7 module "alertmanager" {
   8   source = "./alertmanager"
   9   providers = {
  10     nomad = nomad.yul1
  11   }
  12
  13   # nomad
  14   nomad_datacenters = ["yul1"]
  15
  16   # alertmanager
  17   alertmanager_job_name    = "prod-alertmanager"
  18   alertmanager_use_canary  = true
  19   alertmanager_group_count = 1
  20   alertmanager_vault_secret = {
  21     use_vault_provider        = false,
  22     vault_kv_policy_name      = "kv-secret",
  23     vault_kv_path             = "secret/data/prometheus",
  24     vault_kv_field_access_key = "access_key",
  25     vault_kv_field_secret_key = "secret_key"
  26   }
  27   alertmanager_version               = "0.21.0"
  28   alertmanager_cpu                   = 1000
  29   alertmanager_mem                   = 1024
  30   alertmanager_port                  = 9093
  31   alertmanager_slack_jenkins_api_key = "TE07RD1V1/B01U1NV9HV3/hKZXJJ74g2JcISq4K3QC1eG9"
  32   alertmanager_slack_jenkins_channel = "fdio-jobs-monitoring"
  33   alertmanager_slack_default_api_key = "TE07RD1V1/B01UUK23B6C/hZTcCu42FUv8d6rtirHtcYIi"
  34   alertmanager_slack_default_channel = "fdio-infra-monitoring"
  35 }
  36
  37 module "grafana" {
  38   source = "./grafana"
  39   providers = {
  40     nomad = nomad.yul1
  41   }
  42
  43   # nomad
  44   nomad_datacenters = ["yul1"]
  45
  46   # grafana
  47   grafana_job_name    = "prod-grafana"
  48   grafana_use_canary  = true
  49   grafana_group_count = 1
  50   grafana_vault_secret = {
  51     use_vault_provider        = false,
  52     vault_kv_policy_name      = "kv-secret",
  53     vault_kv_path             = "secret/data/grafana",
  54     vault_kv_field_access_key = "access_key",
  55     vault_kv_field_secret_key = "secret_key"
  56   }
  57   grafana_container_image = "grafana/grafana:7.3.7"
  58   grafana_cpu             = 1000
  59   grafana_mem             = 2048
  60   grafana_port            = 3000
  61 }
  62
  63 #module "minio" {
  64 #  source = "./minio"
  65 #  providers = {
  66 #    nomad = nomad.yul1
  67 #  }
  68 #
  69 #  # nomad
  70 #  nomad_datacenters = ["yul1"]
  71 #  nomad_host_volume = "prod-volume-data1-1"
  72 #
  73 #  # minio
  74 #  minio_job_name        = "prod-minio"
  75 #  minio_group_count     = 4
  76 #  minio_service_name    = "storage"
  77 #  minio_host            = "http://10.32.8.1{4...7}"
  78 #  minio_port            = 9000
  79 #  minio_container_image = "minio/minio:RELEASE.2021-07-27T02-40-15Z"
  80 #  minio_vault_secret = {
  81 #    use_vault_provider        = false,
  82 #    vault_kv_policy_name      = "kv-secret",
  83 #    vault_kv_path             = "secret/data/minio",
  84 #    vault_kv_field_access_key = "access_key",
  85 #    vault_kv_field_secret_key = "secret_key"
  86 #  }
  87 #  minio_data_dir        = "/data/"
  88 #  minio_use_host_volume = true
  89 #  minio_use_canary      = true
  90 #  minio_envs            = ["MINIO_BROWSER=\"off\""]
  91 #
  92 #  minio_buckets = ["logs.fd.io"]
  93 #}
  94
  95 data "vault_generic_secret" "minio_creds" {
  96   path = "kv/secret/data/minio"
  97 }
  98
  99 module "minio_s3_gateway" {
 100   source = "./minio_s3_gateway"
 101   providers = {
 102     nomad = nomad.yul1
 103   }
 104
 105   # nomad
 106   datacenters   = ["yul1"]
 107   volume_source = "prod-volume-data1-1"
 108
 109   # minio
 110   job_name           = "minio-s3-gateway"
 111   group_count        = 4
 112   service_name       = "minio"
 113   mode               = "gateway"
 114   port_base          = 9001
 115   port_console       = 9002
 116   image              = "minio/minio:latest"
 117   access_key         = data.vault_generic_secret.minio_creds.data["access_key"]
 118   secret_key         = data.vault_generic_secret.minio_creds.data["secret_key"]
 119   volume_destination = "/data/"
 120   use_host_volume    = true
 121   use_canary         = true
 122   envs = [
 123     "MINIO_BROWSER=\"off\"",
 124     "MINIO_CACHE=\"on\"",
 125     "MINIO_CACHE_DRIVES=\"/data/s3_cache1\"",
 126     "MINIO_CACHE_EXCLUDE=\"\"",
 127     "MINIO_CACHE_QUOTA=80",
 128     "MINIO_CACHE_AFTER=1",
 129     "MINIO_CACHE_WATERMARK_LOW=70",
 130     "MINIO_CACHE_WATERMARK_HIGH=90"
 131   ]
 132 }
 133
 134 #module "nginx" {
 135 #  source = "./nginx"
 136 #  providers = {
 137 #    nomad = nomad.yul1
 138 #  }
 139 #
 140 #  # nomad
 141 #  nomad_datacenters = ["yul1"]
 142 #  nomad_host_volume = "prod-volume-data1-1"
 143 #
 144 #  # nginx
 145 #  nginx_job_name        = "prod-nginx"
 146 #  nginx_use_host_volume = true
 147 #}
 148
 149 module "prometheus" {
 150   source = "./prometheus"
 151   providers = {
 152     nomad = nomad.yul1
 153   }
 154
 155   # nomad
 156   nomad_datacenters = ["yul1"]
 157   nomad_host_volume = "prod-volume-data1-1"
 158
 159   # prometheus
 160   prometheus_job_name    = "prod-prometheus"
 161   prometheus_use_canary  = true
 162   prometheus_group_count = 4
 163   prometheus_vault_secret = {
 164     use_vault_provider        = false,
 165     vault_kv_policy_name      = "kv-secret",
 166     vault_kv_path             = "secret/data/prometheus",
 167     vault_kv_field_access_key = "access_key",
 168     vault_kv_field_secret_key = "secret_key"
 169   }
 170   prometheus_data_dir        = "/data/"
 171   prometheus_use_host_volume = true
 172   prometheus_version         = "2.28.1"
 173   prometheus_cpu             = 2000
 174   prometheus_mem             = 8192
 175   prometheus_port            = 9090
 176 }
 177
 178 module "vpp_device" {
 179   source = "./vpp_device"
 180   providers = {
 181     nomad = nomad.yul1
 182   }
 183
 184   # nomad
 185   nomad_datacenters = ["yul1"]
 186
 187   # csit_shim
 188   csit_shim_job_name      = "prod-device-csit-shim"
 189   csit_shim_group_count   = "1"
 190   csit_shim_cpu           = "1500"
 191   csit_shim_mem           = "4096"
 192   csit_shim_image_aarch64 = "fdiotools/csit_shim-ubuntu2004:2021_03_02_143938_UTC-aarch64"
 193   csit_shim_image_x86_64  = "fdiotools/csit_shim-ubuntu2004:2021_03_04_142103_UTC-x86_64"
 194 }