Last active
September 6, 2021 22:03
-
-
Save Munkkeli/7fbcd7acea8e0ddfd70b2484a310affa to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CONSUL_VERSION="1.6.0" | |
NOMAD_VERSION="0.9.5" | |
SERVER_IP=$(hostname -I | awk '{print $1}') | |
sudo apt-get update | |
sleep 2 | |
sudo apt-get install -y unzip apt-transport-https ca-certificates curl software-properties-common | |
sleep 2 | |
# Download Consul binary | |
curl --silent --remote-name https://releases.hashicorp.com/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_linux_amd64.zip | |
# Install Consul | |
unzip consul_${CONSUL_VERSION}_linux_amd64.zip | |
sudo chown root:root consul | |
sudo mv consul /usr/local/bin/ | |
rm consul_${CONSUL_VERSION}_linux_amd64.zip | |
consul -autocomplete-install | |
complete -C /usr/local/bin/consul consul | |
sudo useradd --system --home /etc/consul.d --shell /bin/false consul | |
sudo mkdir --parents /opt/consul | |
sudo chown --recursive consul:consul /opt/consul | |
sudo tee -a /etc/systemd/system/consul.service > /dev/null <<EOT | |
[Unit] | |
Description="HashiCorp Consul - A service mesh solution" | |
Documentation=https://www.consul.io/ | |
Requires=network-online.target | |
After=network-online.target | |
ConditionFileNotEmpty=/etc/consul.d/consul.hcl | |
[Service] | |
User=consul | |
Group=consul | |
ExecStart=/usr/local/bin/consul agent -config-dir=/etc/consul.d/ | |
ExecReload=/usr/local/bin/consul reload | |
KillMode=process | |
Restart=on-failure | |
LimitNOFILE=65536 | |
[Install] | |
WantedBy=multi-user.target | |
EOT | |
sudo mkdir --parents /etc/consul.d | |
sudo tee -a /etc/consul.d/consul.hcl > /dev/null <<EOT | |
datacenter = "dc1" | |
data_dir = "/opt/consul" | |
encrypt = "Luj2FZWwlt8475wD1WtwUQ==" | |
EOT | |
sudo chown --recursive consul:consul /etc/consul.d | |
sudo chmod 640 /etc/consul.d/consul.hcl | |
sudo mkdir --parents /etc/consul.d | |
sudo tee -a /etc/consul.d/server.hcl > /dev/null <<EOT | |
server = true | |
bootstrap_expect = 1 | |
ui = true | |
client_addr = "0.0.0.0" | |
EOT | |
sudo chown --recursive consul:consul /etc/consul.d | |
sudo chmod 640 /etc/consul.d/server.hcl | |
sudo systemctl enable consul | |
sleep 2 | |
sudo systemctl start consul | |
sleep 2 | |
# Download Nomad binary | |
curl --silent --remote-name https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip | |
# Install Nomad | |
unzip nomad_${NOMAD_VERSION}_linux_amd64.zip | |
sudo chown root:root nomad | |
sudo mv nomad /usr/local/bin/ | |
rm nomad_${NOMAD_VERSION}_linux_amd64.zip | |
nomad -autocomplete-install | |
complete -C /usr/local/bin/nomad nomad | |
sudo mkdir --parents /opt/nomad | |
sudo tee -a /etc/systemd/system/nomad.service > /dev/null <<EOT | |
[Unit] | |
Description=Nomad | |
Documentation=https://nomadproject.io/docs/ | |
Wants=network-online.target | |
After=network-online.target | |
[Service] | |
ExecReload=/bin/kill -HUP $MAINPID | |
ExecStart=/usr/local/bin/nomad agent -config /etc/nomad.d -bind=$SERVER_IP | |
KillMode=process | |
KillSignal=SIGINT | |
LimitNOFILE=infinity | |
LimitNPROC=infinity | |
Restart=on-failure | |
RestartSec=2 | |
StartLimitBurst=3 | |
StartLimitIntervalSec=10 | |
TasksMax=infinity | |
[Install] | |
WantedBy=multi-user.target | |
EOT | |
sudo mkdir --parents /etc/nomad.d | |
sudo chmod 700 /etc/nomad.d | |
sudo tee -a /etc/nomad.d/nomad.hcl > /dev/null <<EOT | |
datacenter = "dc1" | |
data_dir = "/opt/nomad" | |
EOT | |
sudo tee -a /etc/nomad.d/server.hcl > /dev/null <<EOT | |
server { | |
enabled = true | |
bootstrap_expect = 1 | |
} | |
EOT | |
sudo tee -a /etc/nomad.d/server.hcl > /dev/null <<EOT | |
client { | |
enabled = true | |
options { | |
"docker.privileged.enabled" = "true" | |
} | |
} | |
EOT | |
sudo systemctl enable nomad | |
sleep 2 | |
sudo systemctl start nomad | |
sleep 2 | |
# Install Docker | |
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - | |
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable" | |
sleep 2 | |
sudo apt update | |
sleep 2 | |
sudo apt install -y docker-ce | |
sleep 2 | |
sudo usermod -aG docker ${USER} | |
# Download Traefik binary | |
curl -L --silent --remote-name https://github.com/containous/traefik/releases/download/v1.7.14/traefik_linux-amd64 | |
# Install Traefik | |
sudo chown root:root traefik_linux-amd64 | |
sudo chmod +x traefik_linux-amd64 | |
sudo mv traefik_linux-amd64 /usr/local/bin/traefik | |
sudo mkdir --parents /etc/traefik.d | |
sudo chmod 700 /etc/traefik.d | |
sudo tee -a /etc/traefik.d/traefik.toml > /dev/null <<EOT | |
defaultEntryPoints = ["http", "https"] | |
logLevel = "DEBUG" | |
[entryPoints.minecraft] | |
address = ":25565" | |
[api] | |
dashboard = true | |
[consulCatalog] | |
endpoint = "127.0.0.1:8500" | |
exposedByDefault = false | |
stale = false | |
strictChecks = true | |
prefix = "traefik" | |
domain = "localhost" | |
frontEndRule = "" | |
EOT | |
sudo tee -a /etc/systemd/system/traefik.service > /dev/null <<EOT | |
[Unit] | |
Description=Traefik | |
Documentation=https://docs.traefik.io/ | |
Wants=network-online.target | |
After=network-online.target | |
[Service] | |
ExecReload=/bin/kill -HUP $MAINPID | |
ExecStart=/usr/local/bin/traefik -c /etc/traefik.d/traefik.toml | |
KillMode=process | |
KillSignal=SIGINT | |
LimitNOFILE=infinity | |
LimitNPROC=infinity | |
Restart=on-failure | |
RestartSec=2 | |
StartLimitBurst=3 | |
StartLimitIntervalSec=10 | |
TasksMax=infinity | |
[Install] | |
WantedBy=multi-user.target | |
EOT | |
sudo systemctl enable traefik | |
sleep 2 | |
sudo systemctl start traefik | |
sleep 2 | |
# Install Portworx | |
sudo tee -a /tmp/portworx.nomad > /dev/null <<EOT | |
[Unit] | |
job "portworx" { | |
type = "service" | |
datacenters = ["dc1"] | |
group "portworx" { | |
count = 3 | |
constraint { | |
operator = "distinct_hosts" | |
value = "true" | |
} | |
# restart policy for failed portworx tasks | |
restart { | |
attempts = 3 | |
delay = "30s" | |
interval = "5m" | |
mode = "fail" | |
} | |
# how to handle upgrades of portworx instances | |
update { | |
max_parallel = 1 | |
health_check = "checks" | |
min_healthy_time = "10s" | |
healthy_deadline = "5m" | |
auto_revert = true | |
canary = 0 | |
stagger = "30s" | |
} | |
task "px-node" { | |
driver = "docker" | |
kill_timeout = "120s" # allow portworx 2 min to gracefully shut down | |
kill_signal = "SIGTERM" # use SIGTERM to shut down the nodes | |
# consul service check for portworx instances | |
service { | |
name = "portworx" | |
check { | |
port = "portworx" | |
type = "http" | |
path = "/health" | |
interval = "10s" | |
timeout = "2s" | |
} | |
} | |
# setup environment variables for px-nodes | |
env { | |
"AUTO_NODE_RECOVERY_TIMEOUT_IN_SECS" = "1500" | |
"PX_TEMPLATE_VERSION" = "V4" | |
} | |
# container config | |
config { | |
image = "portworx/oci-monitor:2.1.1" | |
network_mode = "host" | |
ipc_mode = "host" | |
privileged = true | |
# configure your parameters below | |
# do not remove the last parameter (needed for health check) | |
args = [ | |
"-c", "px-cluster-nomadv8", | |
"-a", | |
"-k", "consul://127.0.0.1:8500", | |
"--endpoint", "0.0.0.0:9015" | |
] | |
volumes = [ | |
"/var/cores:/var/cores", | |
"/var/run/docker.sock:/var/run/docker.sock", | |
"/run/containerd:/run/containerd", | |
"/etc/pwx:/etc/pwx", | |
"/opt/pwx:/opt/pwx", | |
"/proc:/host_proc", | |
"/etc/systemd/system:/etc/systemd/system", | |
"/var/run/log:/var/run/log", | |
"/var/log:/var/log", | |
"/var/run/dbus:/var/run/dbus" | |
] | |
} | |
# resource config | |
resources { | |
cpu = 1024 | |
memory = 2048 | |
network { | |
mbits = 100 | |
port "portworx" { | |
static = "9015" | |
} | |
} | |
} | |
} | |
} | |
} | |
EOT | |
# Print status of all services | |
sudo systemctl status consul --lines=0 | |
sudo systemctl status nomad --lines=0 | |
sudo systemctl status docker --lines=0 | |
sudo systemctl status traefik --lines=0 | |
echo "" | |
echo "Consul: http://${SERVER_IP}:8500/ui" | |
echo "Nomad: http://${SERVER_IP}:4646/ui" | |
echo "Traefik: http://${SERVER_IP}:8080/" | |
echo "" | |
echo "Run \"su - ${USER}\" to enable docker without sudo" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment