hashistack

Setup

Generate some keys for your deployment

# Fill out prompts for your root certificate and a vault certificate
./gen_secrets.sh
# This also copies tfvars files from our templates and generates secrets for consul. Once the tfvars files are created, you can modify them directly if needed to customize your deployment

Download google cloud credentials

Name them gce-credentials.json and put them in this folder

Build the packer images

export GCE_PROJECT_ID=YOUR_GOOGLE_PROJECT_ID
export GCE_DEFAULT_ZONE=us-central1-b
export GCE_SOURCE_IMAGE=ubuntu-1404-trusty-v20160114e

packer build packer/gce_consul_server.json
packer build packer/gce_vault_server.json
packer build packer/gce_nomad_server.json
packer build packer/gce_nomad_client.json
packer build packer/gce_utility.json

Fill in the version numbers from your build images in your .tfvars file

You'll need to swap the version numbers in your terraform/_env/gce/terraform.tfvars to match those built by packer for your project.

Apply terraform

cd terraform/_env/gce; terraform apply

Initialize Vault

cd vault;
## Initialize vault
VAULT_SERVER=ip.ad.dr.ess ./init.sh # This stores your keys in credentials/vault.keys file. Separate them and be careful with them.
## Unseal all your vaults
VAULT_SERVER=ip.ad.dr.ess ./unseal.sh
VAULT_SERVER=ip.ad.dr.ess2 ./unseal.sh
## Setup PKI with the vault CA, generated by gen_secrets.sh (earlier)
VAULT_SERVER=ip.ad.dr.ess DOMAIN="example.com" ./setup_pki.sh

Launch nomad tasks

cd nomad; NOMAD_SERVER=ip.ad.dr.ess ./run_job.sh helloworld.nomad

Remotely connect to your nomad services

Open a tunnel: ssh -i id_rsa -L 7777:spark-master.service.consul:8080 ubuntu@ip.ad.dr.ess -N

Hit your local endpoint curl localhost:7777