Skip to content

Latest commit

 

History

History
109 lines (76 loc) · 4.33 KB

ENT_README.md

File metadata and controls

109 lines (76 loc) · 4.33 KB
Raw

Overview

This contains HashiCorp code to do the following:

  1. Packer template to build an Ubuntu 18.04 image consisting of 'HashiStack', which is Consul, Nomad and Vault
  2. Terraform code to provision the HashiStack in 2-3 separate AWS regions with peering
  3. Automated cluster formation of Consul and Nomad in each region
  4. Automated cluster formation of Vault in each region
  5. Automated WAN joining of Consul and Nomad
  6. Automated replication configuration of Vault clusters in each region

Assumptions

  • Packer and Terraform are available on local machine
  • Vault Enterprise linux binary available locally (Consul Enterprise and Nomad Enterpise are optional)
  • User possesses AWS account and credentials

Enterprise Demo Setup

Step 1: Use Packer to build AMIs

This is most likely optional as Terraform will automatically pull the latest hashi-stack AMIs from our account.

  1. change to the packer directory packer/
  2. Download Consul, Nomad, and Vault binaries locally (Vault enterprise required, Consul and Nomad Enterprise )
  3. Copy packer/vars.json.example to packer/vars.json
  4. Configure variables local path to those binaries in packer/vars.json
  5. Ensure AWS credentials are exposed as environment variables
  6. Expose AWS environment variables to avoid AMI copy timeouts. export AWS_MAX_ATTEMPTS=60 && export AWS_POLL_DELAY_SECONDS=60
  7. Execute Packer build
cd packer
# Download enterprise binaries and add variables to vars.json (copied from vars.json.example)
# CentOS 7(default)
packer build -var-file=vars.json -only=amazon-ebs-centos-7 packer.json   
# RHEL 7.5 - Additional licensing costs
packer build -var-file=vars.json -only=amazon-ebs-rhel-7.5-systemd packer.json

Step 2: Terraform Enterprise

TFE URL. This setup assumes you have a TFE SaaS account and a VCS connection setup. You could also push the code up via the enhanced remote backend, TFE-CLI, or API.

  1. Create a workspace in TFE for musical-spork. I'm calling it the "Hashi-Stack" here for demo purposes. (Note the workspace settings from the below image)

  1. Configure variables for the workspace. I'm doing it via the GUI here. Note: add the CONFIRM_DESTROY = 1 environment variable as well so you can destroy the workspace.

  1. (Optional, but highly recommended) Add some Sentinel Policies to your TFE workspace. Examples

  1. Queue a terraform plan. Show plan and policy check results. The demo is around 140 resources at the time of writing. Your policy checks will most likely differ :).

  1. Run Apply

Step 3: Business Value Demos

TODO LINK. You will use the terraform output from this workspace for your demos.

Step 4: Auto Shutdown, TFE Workspace Reaper

Finally, automate the automatic deltion of your demo environment via Adam's TFE Workspace Reaper.

  1. Fork the above repo
  2. Create a workspace in TFE linked to said repo
  3. Populate proper envionment variables (Use TFE Team or proper User API Token)

  1. For the TFE workspaces you want reaped, set "WORKSPACE_TTL" environment variable to an integer (in minutes) time to live.

Terraform OSS usage (Use TFE if possible)

Configure Terraform variables

cp terraform.tfvars.example terraform.tfvars
# edit terraform.tfvars

Initialize Terraform

cd terraform
terraform init

Terraform plan execution with summary of changes

terraform plan

Terraform apply to create infrastructure

terraform apply 

# apply execution without prompt
# terraform apply -auto-approve

Tear down infrastructure using Terraform destroy

terraform destroy -force