From 115c739ee9c9ed7b917d50772563bd91750ffa9e Mon Sep 17 00:00:00 2001 From: lens0021 Date: Sun, 28 Jul 2024 16:45:46 +0900 Subject: [PATCH] Revert "Get rid of Consul and Nomad Connect" This reverts commit 1e79b4531992acf16faf86580a1f857f0a5b1a98. --- consul/consul.hcl | 19 ++++++++++ jobs/backupbot.nomad | 5 +++ jobs/development/fastcgi.nomad | 43 +++++++++++++++++++---- jobs/development/http.nomad | 43 ++++++++++++++++++++--- jobs/development/memcached.nomad | 18 ++++++++-- jobs/development/mysql.nomad | 18 ++++++++++ jobs/fastcgi.nomad | 60 +++++++++++++++++++++++++++----- jobs/http.nomad | 39 ++++++++++++++++++++- jobs/memcached.nomad | 25 +++++++++++-- jobs/mysql.nomad | 19 ++++++++++ systemd/consul.service | 25 +++++++++++++ up | 13 ++++++- 12 files changed, 300 insertions(+), 27 deletions(-) create mode 100644 consul/consul.hcl create mode 100644 systemd/consul.service diff --git a/consul/consul.hcl b/consul/consul.hcl new file mode 100644 index 00000000..7b8ad60c --- /dev/null +++ b/consul/consul.hcl @@ -0,0 +1,19 @@ +datacenter = "dc1" +data_dir = "/opt/consul" + +server = true +node_name = "femiwiki" +bind_addr = "{{GetInterfaceIP \"eth0\"}}" +bootstrap = true +bootstrap_expect = 1 +# Cloud Auto-join, but disabled because we have only one node now. +# https://www.consul.io/docs/install/cloud-auto-join#amazon-ec2 +# retry_join = ["provider=aws tag_key=Name tag_value=femiwiki"] + +ports { + grpc = 8502 +} + +connect { + enabled = true +} diff --git a/jobs/backupbot.nomad b/jobs/backupbot.nomad index f68ef107..f9660a5c 100644 --- a/jobs/backupbot.nomad +++ b/jobs/backupbot.nomad @@ -27,6 +27,11 @@ job "backupbot" { } } + network { + # todo change to host or add an upstream to connect to database + mode = "bridge" + } + reschedule { attempts = 1 interval = "24h" diff --git a/jobs/development/fastcgi.nomad b/jobs/development/fastcgi.nomad index 259dd5f2..b248b60b 100644 --- a/jobs/development/fastcgi.nomad +++ b/jobs/development/fastcgi.nomad @@ -74,8 +74,6 @@ job "fastcgi" { ] cpu_hard_limit = true - - network_mode = "host" } resources { @@ -85,15 +83,46 @@ job "fastcgi" { } env { - NOMAD_UPSTREAM_ADDR_http = "127.0.0.1:8080" - NOMAD_UPSTREAM_ADDR_mysql = "127.0.0.1:3306" - NOMAD_UPSTREAM_ADDR_memcached = "127.0.0.1:11211" - MEDIAWIKI_DEBUG_MODE = "1" - MEDIAWIKI_SERVER = "http://localhost:8080" + MEDIAWIKI_DEBUG_MODE = "1" + MEDIAWIKI_SERVER = "http://localhost:8080" # MEDIAWIKI_SKIP_INSTALL = "1" # MEDIAWIKI_SKIP_IMPORT_SITES = "1" # MEDIAWIKI_SKIP_UPDATE = "1" } } + + network { + mode = "bridge" + } + + service { + name = "fastcgi" + port = "9000" + + connect { + sidecar_service { + proxy { + upstreams { + destination_name = "mysql" + local_bind_port = 3306 + } + + upstreams { + destination_name = "memcached" + local_bind_port = 11211 + } + } + } + + sidecar_task { + config { + memory_hard_limit = 300 + } + resources { + memory = 32 + } + } + } + } } } diff --git a/jobs/development/http.nomad b/jobs/development/http.nomad index 5716f82b..9d14d268 100644 --- a/jobs/development/http.nomad +++ b/jobs/development/http.nomad @@ -6,9 +6,9 @@ variable "caddyfile_for_dev" { auto_https off order mwcache before rewrite } -http://127.0.0.1:8080 http://localhost:8080 +http://127.0.0.1:{$NOMAD_HOST_PORT_http} http://localhost:{$NOMAD_HOST_PORT_http} root * /srv/femiwiki.com -php_fastcgi 127.0.0.1:9000 +php_fastcgi {$NOMAD_UPSTREAM_ADDR_fastcgi} file_server encode gzip mwcache { @@ -58,8 +58,6 @@ job "http" { command = "caddy" args = ["run"] - network_mode = "host" - volumes = [ # Overwrite production Caddyfile "local/Caddyfile:/srv/femiwiki.com/Caddyfile" @@ -94,5 +92,42 @@ job "http" { memory_max = 400 } } + + network { + mode = "bridge" + + port "http" { + static = 80 + } + + port "https" { + static = 443 + } + } + + service { + name = "http" + port = "80" + + connect { + sidecar_service { + proxy { + upstreams { + destination_name = "fastcgi" + local_bind_port = 9000 + } + } + } + + sidecar_task { + config { + memory_hard_limit = 500 + } + resources { + memory = 300 + } + } + } + } } } diff --git a/jobs/development/memcached.nomad b/jobs/development/memcached.nomad index e412f6da..3be5bd1f 100644 --- a/jobs/development/memcached.nomad +++ b/jobs/development/memcached.nomad @@ -16,9 +16,23 @@ job "memcached" { network { mode = "bridge" + } + + service { + name = "memcached" + port = "11211" + + connect { + sidecar_service {} - port "memcached" { - static = 11211 + sidecar_task { + config { + memory_hard_limit = 300 + } + resources { + memory = 30 + } + } } } } diff --git a/jobs/development/mysql.nomad b/jobs/development/mysql.nomad index 6418afd4..5af8d906 100644 --- a/jobs/development/mysql.nomad +++ b/jobs/development/mysql.nomad @@ -63,5 +63,23 @@ EOF static = 3306 } } + + service { + name = "mysql" + port = "3306" + + connect { + sidecar_service {} + + sidecar_task { + config { + memory_hard_limit = 300 + } + resources { + memory = 30 + } + } + } + } } } diff --git a/jobs/fastcgi.nomad b/jobs/fastcgi.nomad index 5e9c5d4a..50b2f5dc 100644 --- a/jobs/fastcgi.nomad +++ b/jobs/fastcgi.nomad @@ -16,8 +16,8 @@ job "fastcgi" { args = [ "-c", join(";", [ - "while ! ncat --send-only 127.0.0.1 3306 < /dev/null; do sleep 1; done", - "while ! ncat --send-only 127.0.0.1 11211 < /dev/null; do sleep 1; done" + "while ! ncat --send-only ${NOMAD_UPSTREAM_IP_mysql} ${NOMAD_UPSTREAM_PORT_mysql} < /dev/null; do sleep 1; done", + "while ! ncat --send-only ${NOMAD_UPSTREAM_IP_memcached} ${NOMAD_UPSTREAM_PORT_memcached} < /dev/null; do sleep 1; done" ]) ] } @@ -116,10 +116,16 @@ job "fastcgi" { readonly = false }, ] +<<<<<<< HEAD cpu_hard_limit = true network_mode = "host" +||||||| parent of 381fc14 (Revert "Get rid of Consul and Nomad Connect") + + network_mode = "host" +======= +>>>>>>> 381fc14 (Revert "Get rid of Consul and Nomad Connect") } resources { @@ -129,11 +135,43 @@ job "fastcgi" { } env { - NOMAD_UPSTREAM_ADDR_http = "127.0.0.1:80" - NOMAD_UPSTREAM_ADDR_memcached = "127.0.0.1:11211" - MEDIAWIKI_SKIP_INSTALL = "1" - MEDIAWIKI_SKIP_IMPORT_SITES = "1" - MEDIAWIKI_SKIP_UPDATE = "1" + MEDIAWIKI_SKIP_INSTALL = "1" + MEDIAWIKI_SKIP_IMPORT_SITES = "1" + MEDIAWIKI_SKIP_UPDATE = "1" + } + } + + network { + mode = "bridge" + } + + service { + name = "fastcgi" + port = "9000" + + connect { + sidecar_service { + proxy { + upstreams { + destination_name = "mysql" + local_bind_port = 3306 + } + + upstreams { + destination_name = "memcached" + local_bind_port = 11211 + } + } + } + + sidecar_task { + config { + memory_hard_limit = 300 + } + resources { + memory = 20 + } + } } } } @@ -146,7 +184,12 @@ job "fastcgi" { } update { - auto_revert = true + max_parallel = 1 + health_check = "checks" + auto_revert = true + auto_promote = true + # canary count equal to the desired count allows a Nomad job to model blue/green deployments + canary = 1 } } @@ -194,4 +237,3 @@ set -euo pipefail; IFS=$'\n\t' EOF } - diff --git a/jobs/http.nomad b/jobs/http.nomad index 2168ebea..731668fd 100644 --- a/jobs/http.nomad +++ b/jobs/http.nomad @@ -68,7 +68,44 @@ job "http" { env { CADDYPATH = "/etc/caddycerts" - FASTCGI_ADDR = "127.0.0.1:9000" + FASTCGI_ADDR = NOMAD_UPSTREAM_ADDR_fastcgi + } + } + + network { + mode = "bridge" + + port "http" { + static = 80 + } + + port "https" { + static = 443 + } + } + + service { + name = "http" + port = "80" + + connect { + sidecar_service { + proxy { + upstreams { + destination_name = "fastcgi" + local_bind_port = 9000 + } + } + } + + sidecar_task { + config { + memory_hard_limit = 500 + } + resources { + memory = 20 + } + } } } diff --git a/jobs/memcached.nomad b/jobs/memcached.nomad index 9cfe4616..a8a19a87 100644 --- a/jobs/memcached.nomad +++ b/jobs/memcached.nomad @@ -16,9 +16,23 @@ job "memcached" { network { mode = "bridge" + } + + service { + name = "memcached" + port = "11211" + + connect { + sidecar_service {} - port "memcached" { - static = 11211 + sidecar_task { + config { + memory_hard_limit = 300 + } + resources { + memory = 20 + } + } } } } @@ -31,6 +45,11 @@ job "memcached" { } update { - auto_revert = true + max_parallel = 1 + health_check = "checks" + auto_revert = true + auto_promote = true + # canary count equal to the desired count allows a Nomad job to model blue/green deployments + canary = 1 } } diff --git a/jobs/mysql.nomad b/jobs/mysql.nomad index ae056d38..2551ce8c 100644 --- a/jobs/mysql.nomad +++ b/jobs/mysql.nomad @@ -45,10 +45,29 @@ job "mysql" { network { mode = "bridge" + # Accessed by Backupbot port "mysql" { static = 3306 } } + + service { + name = "mysql" + port = "3306" + + connect { + sidecar_service {} + + sidecar_task { + config { + memory_hard_limit = 300 + } + resources { + memory = 20 + } + } + } + } } reschedule { diff --git a/systemd/consul.service b/systemd/consul.service new file mode 100644 index 00000000..bf25b8dd --- /dev/null +++ b/systemd/consul.service @@ -0,0 +1,25 @@ +# https://learn.hashicorp.com/tutorials/consul/deployment-guide#configure-systemd +# https://github.com/hashicorp/terraform-aws-consul/blob/master/modules/run-consul/run-consul +[Unit] +Description="HashiCorp Consul - A service mesh solution" +Documentation=https://www.consul.io/ +Requires=network-online.target +After=network-online.target +ConditionFileNotEmpty=/etc/consul.d/consul.hcl + +[Service] +# Only one Consul server is deployed. We should set type to exec +# See https://learn.hashicorp.com/tutorials/consul/deployment-guide#configure-systemd +Type=exec +User=consul +Group=consul +ExecStart=/usr/local/bin/consul agent -config-dir=/etc/consul.d/ +ExecReload=/usr/local/bin/consul reload +ExecStop=/usr/local/bin/consul leave +KillMode=process +Restart=on-failure +TimeoutSec=300s +LimitNOFILE=65536 + +[Install] +WantedBy=multi-user.target diff --git a/up b/up index 9388f60d..4e1a9c2c 100755 --- a/up +++ b/up @@ -6,16 +6,27 @@ set -x GIT_REPO=$(dirname "$0") +# Configure Consul +# Reference: https://learn.hashicorp.com/tutorials/consul/deployment-guide +mkdir -p /etc/consul.d /opt/consul +chown -R consul:consul /etc/consul.d /opt/consul +cp "${GIT_REPO}/consul/consul.hcl" /etc/consul.d/consul.hcl +sudo -u consul consul validate /etc/consul.d/consul.hcl + # Configure Nomad +# Reference: https://learn.hashicorp.com/tutorials/nomad/production-deployment-guide-vm-with-consul mkdir -p /opt/nomad /etc/nomad.d cp "${GIT_REPO}/nomad/production.hcl" /etc/nomad.d/default.hcl # Configure systemd +cp "${GIT_REPO}/systemd/consul.service" /etc/systemd/system/consul.service cp "${GIT_REPO}/systemd/nomad.service" /etc/systemd/system/nomad.service -# Start Nomad +# Start Consul and Nomad # # Reference: +# - https://github.com/hashicorp/terraform-aws-consul/blob/master/modules/run-consul/run-consul # - https://github.com/hashicorp/terraform-aws-nomad/blob/master/modules/run-nomad/run-nomad systemctl daemon-reload systemctl enable --now nomad.service +systemctl enable --now consul.service