Merge pull request #4 from mutablelogic/dev

Merge OpenLDAP switch to a different container
mutablelogic · Feb 11, 2024 · af5f0d7 · af5f0d7
2 parents dfbe5ac + aacddef
commit af5f0d7
Showing 38 changed files with 770 additions and 168 deletions.
diff --git a/README.md b/README.md
@@ -4,15 +4,6 @@ Terraform modules for nomad clusters. In order to use these modules, please use
 the following provider block:
 
 ```hcl
-terraform {
-  required_providers {
-    nomad = {
-      source  = "hashicorp/nomad"
-      version = "~> 2.0.0"
-    }
-  }
-}
-
 provider "nomad" {
   address   = env.NOMAD_ADDR
   region    = env.NOMAD_REGION
@@ -56,6 +47,18 @@ Time-series database, which can be placed on several nodes
 TODO:
   * [ ] Add TLS support
 
+
+## mongodb
+
+Document database, which can be replicated on several nodes
+
+   * [Documentation](https://www.mongodb.com/docs/manual/)
+   * [Terraform Example](_examples/mongodb.tf)
+   * [Nomad Job](mongodb/nomad/mongodb.hcl)
+
+TODO:
+  * [ ] Add TLS support
+
 ## mosquitto
 
 MQTT broker, which can be placed on several nodes

diff --git a/_examples/coredns.tf b/_examples/coredns.tf
@@ -9,9 +9,11 @@ module "coredns" {
   nomad_token = local.nomad_token // Token for the Nomad server
 
   // Optional parameters
-  enabled   = true
-  hosts     = ["cm3"] // Host constraint for the job
-  port      = 53      // Port to expose for plaintext connections
-  cache_ttl = 30      // Cache TTL in seconds
-  dns_zone  = "nomad" // DNS zone to serve
+  service_type = "system"              // System or service
+  service_dns  = [ "dns1", "dns2" ]    // Upstream DNS
+  enabled      = true
+  hosts        = ["server1"]           // Host constraint for the job
+  port         = 53                    // Port to expose for plaintext connections
+  cache_ttl    = 30                    // Cache TTL in seconds
+  dns_zone     = "nomad"               // DNS zone to serve
 }
diff --git a/_examples/grafana.tf b/_examples/grafana.tf
@@ -13,7 +13,10 @@ module "grafana" {
   hosts       = ["server1"]          // Host constraint for the job. If not specified, the job will be deployed to one node
   docker_tag  = "latest"             // Pull the latest version of the docker image every job restart
   port        = 3000                 // Port to expose
-  data        = "/var/lib/influxdb"  // Data persistence directory. If not set, then data is not persisted
   admin_email = "admin@mutablelogic" // Email address for the admin user
   anonymous   = false                // When true, allow anonymous access as a viewer
+
+  // Data persistence directory. If not set, then data is not persisted. When persistence is enabled,
+  // set user/group to 472 for the container to have write access to the data directory
+  data        = "/var/lib/grafana"   
 }
diff --git a/_examples/mongodb.tf b/_examples/mongodb.tf
@@ -0,0 +1,18 @@
+
+// Example mongodb document database
+module "mongodb" {
+  source = "github.com/mutablelogic/tf-nomad//mongodb"
+
+  // Required parameters
+  dc             = "datacenter"                 // Nomad datacenter for the cluster
+  hosts          = ["server1", "server2"]       // Host constraint for the job
+  admin_password = local.MONGODB_ADMIN_PASSWORD // Password for the 'admin' user
+
+  // Optional parameters
+  enabled         = true               // If false, no-op
+  namespace       = "default"          // Nomad namespace for the cluster
+  docker_tag      = "4.4.13"           // Pull version 4.4.13 of the docker image
+  port            = 27017              // Port to expose
+  data            = "/var/lib/mongodb" // Data persistence directory
+  replicaset_name = "rs0"              // Replica set name
+}
diff --git a/_examples/openldap.tf b/_examples/openldap.tf
@@ -4,15 +4,18 @@ module "openldap" {
   source = "github.com/mutablelogic/tf-nomad//openldap"
 
   // Required parameters
-  dc             = "datacenter"              // Nomad datacenter for the cluster
-  hosts          = ["server1", "server2"]    // Host constraint for the job
-  basedn         = "dc=mutablelogic,dc=com"  // Distinquished name for the LDAP server
-  admin_password = local.LDAP_ADMIN_PASSWORD // Password for the LDAP 'admin' user
-  data           = "/var/lib/ldap"           // Data persistence directory
+  dc              = "datacenter"              // Nomad datacenter for the cluster
+  hosts           = ["server1", "server2"]    // Host constraint for the job
+  organization    = "My Organization"         // Distinquished name for the LDAP server
+  domain          = "example.com"             // Domain for the LDAP server
+  admin_password  = local.LDAP_ADMIN_PASSWORD // Password for the LDAP 'admin' user
+  config_password = local.LDAP_ADMIN_PASSWORD // Password for the LDAP 'config' user
 
   // Optional parameters
-  enabled    = true      // If false, no-op
-  namespace  = "default" // Nomad namespace for the nomad job
-  docker_tag = "latest"  // Pull the latest version of the docker image every job restart
-  port       = 389       // plaintext port to expose
+  enabled           = true                                           // If false, no-op
+  namespace         = "default"                                      // Nomad namespace for the nomad job
+  docker_tag        = "latest"                                       // Pull the latest version of the docker image every job restart
+  port              = 389                                            // plaintext port to expose
+  replication_hosts = ["ldap://server1:389/", "ldap://server2:389/"] // LDAP urls for replication
+  data              = "/var/lib/ldap"                                // Directory for data persistence
 }
diff --git a/coredns/input.tf b/coredns/input.tf
@@ -40,6 +40,12 @@ variable "service_dns" {
   default     = []
 }
 
+variable "service_type" {
+  description = "Run as a service or system"
+  type        = string
+  default     = "service"
+}
+
 variable "hosts" {
   type        = list(string)
   description = "List of hosts to deploy on. If empty, one allocation will be created"
@@ -61,6 +67,7 @@ variable "nomad_token" {
   description = "Nomad authentication token"
   type        = string
   default     = ""
+  sensitive   = true
 }
 
 variable "cache_ttl" {

diff --git a/coredns/main.tf b/coredns/main.tf
@@ -8,12 +8,14 @@ resource "nomad_job" "coredns" {
     vars = {
       dc                 = jsonencode([var.dc])
       namespace          = var.namespace
+      hosts              = jsonencode(var.hosts)      
       docker_image       = local.docker_image
       docker_always_pull = jsonencode(local.docker_always_pull)
       service_provider   = var.service_provider
       service_name       = var.service_name
       service_dns        = jsonencode(var.service_dns)
-      hosts              = jsonencode(var.hosts)
+      service_type       = var.service_type
+
       port               = var.port
       corefile           = file("${path.module}/config/Corefile")
       nomad_addr         = var.nomad_addr

diff --git a/coredns/nomad/coredns.hcl b/coredns/nomad/coredns.hcl
@@ -1,6 +1,6 @@
 
 // coredns for service discovery
-// Docker Image: https://hub.docker.com/r/coredns/coredns/
+// Docker Image: ghcr.io/mutablelogic/coredns-nomad
 
 ///////////////////////////////////////////////////////////////////////////////
 // VARIABLES
@@ -40,10 +40,10 @@ variable "service_dns" {
   default     = []
 }
 
-variable "dns_servers" {
-  description = "Task DNS servers"
-  type        = list(string)
-  default     = []
+variable "service_type" {
+  description = "Run as a service or system"
+  type        = string
+  default     = "service"
 }
 
 variable "docker_image" {
@@ -57,6 +57,8 @@ variable "docker_always_pull" {
   default     = false
 }
 
+///////////////////////////////////////////////////////////////////////////////
+
 variable "port" {
   description = "Port for plaintext connections"
   type        = number
@@ -102,7 +104,7 @@ locals {
 // JOB
 
 job "coredns" {
-  type        = "service"
+  type        = var.service_type
   datacenters = var.dc
   namespace   = var.namespace
 
@@ -115,7 +117,7 @@ job "coredns" {
   /////////////////////////////////////////////////////////////////////////////////
 
   group "coredns" {
-    count = length(var.hosts) == 0 ? 1 : length(var.hosts)
+    count = (length(var.hosts) == 0 || var.service_type == "system") ? 1 : length(var.hosts)
 
     dynamic "constraint" {
       for_each = length(var.hosts) == 0 ? [] : [join(",", var.hosts)]
@@ -134,7 +136,7 @@ job "coredns" {
     }
 
     service {
-      tags     = ["dns"]
+      tags     = ["coredns", "dns"]
       name     = var.service_name
       port     = "dns"
       provider = var.service_provider
@@ -163,8 +165,8 @@ job "coredns" {
         image       = var.docker_image
         force_pull  = var.docker_always_pull
         ports       = ["dns"]
-        args        = ["coredns", "-conf", local.core_file]
         dns_servers = var.service_dns
+        args        = ["coredns", "-conf", local.core_file]
       }
 
     } // task "daemon"

diff --git a/coredns/providers.tf b/coredns/providers.tf
@@ -0,0 +1,9 @@
+
+terraform {
+  required_providers {
+    nomad = {
+      source  = "hashicorp/nomad"
+      version = "~> 2.0.0"
+    }
+  }
+}
diff --git a/grafana/input.tf b/grafana/input.tf
@@ -22,9 +22,34 @@ variable "docker_tag" {
   default     = "latest"
 }
 
+variable "service_provider" {
+  description = "Service provider, either consul or nomad"
+  type        = string
+  default     = "nomad"
+}
+
+variable "service_name" {
+  description = "Service name"
+  type        = string
+  default     = "openldap-ldap"
+}
+
+variable "service_dns" {
+  description = "Service discovery DNS"
+  type        = list(string)
+  default     = []
+}
+
+variable "service_type" {
+  description = "Run as a service or system"
+  type        = string
+  default     = "service"
+}
+
 variable "hosts" {
   type        = list(string)
-  description = "List of hosts to deploy on (required)"
+  description = "List of hosts to deploy on. If empty, one allocation will be created"
+  default     = []
 }
 
 variable "port" {

diff --git a/grafana/main.tf b/grafana/main.tf
@@ -8,16 +8,21 @@ resource "nomad_job" "grafana" {
     vars = {
       dc                 = jsonencode([var.dc])
       namespace          = var.namespace
+      hosts              = jsonencode(var.hosts)
       docker_image       = local.docker_image
       docker_always_pull = jsonencode(local.docker_always_pull)
-      hosts              = jsonencode(var.hosts)
-      port               = var.port
-      data               = var.data
-      admin_password     = var.admin_password
-      admin_email        = var.admin_email
-      anonymous_enabled  = var.anonymous
-      anonymous_org      = ""
-      anonymous_role     = "Viewer"
+      service_provider   = var.service_provider
+      service_name       = var.service_name
+      service_dns        = jsonencode(var.service_dns)
+      service_type       = var.service_type
+
+      port              = var.port
+      data              = var.data
+      admin_password    = var.admin_password
+      admin_email       = var.admin_email
+      anonymous_enabled = var.anonymous
+      anonymous_org     = ""
+      anonymous_role    = "Viewer"
     }
   }
 }