Created
October 12, 2018 13:36
-
-
Save mkeeler/8d1ce60054e531ca2231e5c3cbb34afe to your computer and use it in GitHub Desktop.
Creates two, three server Consul datacenters with ACLs enabled and puts two client nodes into the secondary datacenter.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
provider "docker" { | |
} | |
variable "primary_srv1_image" { | |
default = "consul-dev" | |
} | |
variable "primary_srv2_image" { | |
default = "consul-dev" | |
} | |
variable "primary_srv3_image" { | |
default = "consul-dev" | |
} | |
variable "secondary_srv1_image" { | |
default = "consul-dev" | |
} | |
variable "secondary_srv2_image" { | |
default = "consul-dev" | |
} | |
variable "secondary_srv3_image" { | |
default = "consul-dev" | |
} | |
variable "secondary_client1_image" { | |
default = "consul-dev" | |
} | |
variable "secondary_client2_image" { | |
default = "consul-dev" | |
} | |
variable "server_labels" { | |
type = "map" | |
default = { | |
"consul.cluster.nodetype" = "server" | |
} | |
} | |
variable "client_labels" { | |
type = "map" | |
default = { | |
"consul.cluster.nodetype" = "client" | |
} | |
} | |
resource "docker_network" "consul-acls-test" { | |
name = "consul-acls-test" | |
check_duplicate = "true" | |
driver = "bridge" | |
options = { | |
"com.docker.network.bridge.enable_icc" = "true" | |
"com.docker.network.bridge.enable_ip_masquerade" = "true" | |
} | |
internal = false | |
} | |
resource "docker_container" "consul-primary-srv1" { | |
privileged = true | |
image = "${var.primary_srv1_image}" | |
name = "consul-primary-srv1" | |
hostname = "consul-primary-srv1" | |
labels = "${var.server_labels}" | |
networks = ["consul-acls-test"] | |
network_mode = "consul-acls-test" | |
command = ["agent", "-datacenter=primary", "-server", "-log-level=DEBUG", "-client=0.0.0.0", "-bootstrap-expect=3", "-retry-join=consul-primary-srv2", "-retry-join=consul-primary-srv3"] | |
env=["CONSUL_BIND_INTERFACE=eth0", "CONSUL_ALLOW_PRIVILEGED_PORTS=yes"] | |
upload { | |
content = "${file("acl.json")}" | |
file = "/consul/config/acl.json" | |
} | |
} | |
resource "docker_container" "consul-primary-srv2" { | |
privileged = true | |
image = "${var.primary_srv2_image}" | |
name = "consul-primary-srv2" | |
hostname = "consul-primary-srv2" | |
labels = "${var.server_labels}" | |
networks = ["consul-acls-test"] | |
network_mode = "consul-acls-test" | |
command = ["agent", "-datacenter=primary", "-server", "-log-level=DEBUG", "-client=0.0.0.0", "-bootstrap-expect=3", "-retry-join=consul-primary-srv1", "-retry-join=consul-primary-srv3"] | |
env=["CONSUL_BIND_INTERFACE=eth0", "CONSUL_ALLOW_PRIVILEGED_PORTS=yes"] | |
upload { | |
content = "${file("acl.json")}" | |
file = "/consul/config/acl.json" | |
} | |
} | |
resource "docker_container" "consul-primary-srv3" { | |
privileged = true | |
image = "${var.primary_srv3_image}" | |
name = "consul-primary-srv3" | |
hostname = "consul-primary-srv3" | |
labels = "${var.server_labels}" | |
networks = ["consul-acls-test"] | |
network_mode = "consul-acls-test" | |
command = ["agent", "-datacenter=primary", "-server", "-log-level=DEBUG", "-client=0.0.0.0", "-bootstrap-expect=3", "-retry-join=consul-primary-srv1", "-retry-join=consul-primary-srv2"] | |
env=["CONSUL_BIND_INTERFACE=eth0", "CONSUL_ALLOW_PRIVILEGED_PORTS=yes"] | |
upload { | |
content = "${file("acl.json")}" | |
file = "/consul/config/acl.json" | |
} | |
} | |
resource "docker_container" "consul-secondary-srv1" { | |
privileged = true | |
image = "${var.secondary_srv1_image}" | |
name = "consul-secondary-srv1" | |
hostname = "consul-secondary-srv1" | |
labels = "${var.server_labels}" | |
networks = ["consul-acls-test"] | |
network_mode = "consul-acls-test" | |
command = ["agent", "-datacenter=secondary", "-server", "-log-level=DEBUG", "-client=0.0.0.0", "-bootstrap-expect=3", "-retry-join=consul-secondary-srv2", "-retry-join=consul-secondary-srv3", "-retry-join-wan=consul-primary-srv1", "-retry-join-wan=consul-primary-srv2", "-retry-join-wan=consul-primary-srv3"] | |
env=["CONSUL_BIND_INTERFACE=eth0", "CONSUL_ALLOW_PRIVILEGED_PORTS=yes"] | |
upload { | |
content = "${file("acl.json")}" | |
file = "/consul/config/acl.json" | |
} | |
} | |
resource "docker_container" "consul-secondary-srv2" { | |
privileged = true | |
image = "${var.secondary_srv2_image}" | |
name = "consul-secondary-srv2" | |
hostname = "consul-secondary-srv2" | |
labels = "${var.server_labels}" | |
networks = ["consul-acls-test"] | |
network_mode = "consul-acls-test" | |
command = ["agent", "-datacenter=secondary", "-server", "-log-level=DEBUG", "-client=0.0.0.0", "-bootstrap-expect=3", "-retry-join=consul-secondary-srv1", "-retry-join=consul-secondary-srv3", "-retry-join-wan=consul-primary-srv1", "-retry-join-wan=consul-primary-srv2", "-retry-join-wan=consul-primary-srv3"] | |
env=["CONSUL_BIND_INTERFACE=eth0", "CONSUL_ALLOW_PRIVILEGED_PORTS=yes"] | |
upload { | |
content = "${file("acl.json")}" | |
file = "/consul/config/acl.json" | |
} | |
} | |
resource "docker_container" "consul-secondary-srv3" { | |
privileged = true | |
image = "${var.secondary_srv3_image}" | |
name = "consul-secondary-srv3" | |
hostname = "consul-secondary-srv3" | |
labels = "${var.server_labels}" | |
networks = ["consul-acls-test"] | |
network_mode = "consul-acls-test" | |
command = ["agent", "-datacenter=secondary", "-server", "-log-level=DEBUG", "-client=0.0.0.0", "-bootstrap-expect=3", "-retry-join=consul-secondary-srv1", "-retry-join=consul-secondary-srv2", "-retry-join-wan=consul-primary-srv1", "-retry-join-wan=consul-primary-srv2", "-retry-join-wan=consul-primary-srv3"] | |
env=["CONSUL_BIND_INTERFACE=eth0", "CONSUL_ALLOW_PRIVILEGED_PORTS=yes"] | |
upload { | |
content = "${file("acl.json")}" | |
file = "/consul/config/acl.json" | |
} | |
} | |
resource "docker_container" "consul-secondary-client1" { | |
privileged = true | |
image = "${var.secondary_client1_image}" | |
name = "consul-secondary-client1" | |
hostname = "consul-secondary-client1" | |
labels = "${var.client_labels}" | |
networks = ["consul-acls-test"] | |
network_mode = "consul-acls-test" | |
command = ["agent", "-datacenter=secondary", "-client=0.0.0.0", "-log-level=DEBUG", "-retry-join=consul-secondary-srv1", "-retry-join=consul-secondary-srv2", "-retry-join=consul-secondary-srv3"] | |
env=["CONSUL_BIND_INTERFACE=eth0", "CONSUL_ALLOW_PRIVILEGED_PORTS=yes"] | |
upload { | |
content = "${file("acl.json")}" | |
file = "/consul/config/acl.json" | |
} | |
} | |
resource "docker_container" "consul-secondary-client2" { | |
privileged = true | |
image = "${var.secondary_client2_image}" | |
name = "consul-secondary-client2" | |
hostname = "consul-secondary-client2" | |
labels = "${var.client_labels}" | |
networks = ["consul-acls-test"] | |
network_mode = "consul-acls-test" | |
command = ["agent", "-datacenter=secondary", "-client=0.0.0.0", "-log-level=DEBUG", "-retry-join=consul-secondary-srv1", "-retry-join=consul-secondary-srv2", "-retry-join=consul-secondary-srv3"] | |
env=["CONSUL_BIND_INTERFACE=eth0", "CONSUL_ALLOW_PRIVILEGED_PORTS=yes"] | |
upload { | |
content = "${file("acl.json")}" | |
file = "/consul/config/acl.json" | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment