Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[IND-369] TFE FDO on Nomad #168

Merged
merged 8 commits into from
Jul 1, 2024
Merged

[IND-369] TFE FDO on Nomad #168

merged 8 commits into from
Jul 1, 2024

Conversation

kkavish
Copy link
Contributor

@kkavish kkavish commented Jun 24, 2024
edited
Loading

This is a pack to run TFE Flexible Deployment Option on Nomad.

It will take as an input the details of Nomad cluster already running and then try to start Terraform Enterprise container on it.

Please confirm the following if submitting a new pack:

New Pack Checklist

  • The README includes any information necessary to run the application that is not encoded in the pack itself.
  • The pack renders properly with nomad-pack render <NAME>
  • The pack plans properly with nomad-pack plan <NAME>
  • The pack runs properly with nomad-pack runs <NAME>
  • If applicable, a screenshot of the running application is attached to the PR.
  • The default variable values result in a syntactically valid pack.
  • Non-default variables values have been tested. Conditional code paths in the template have been tested, and confirmed to render/plan properly.
  • If applicable, the pack includes constraints necessary to run the pack safely (I.E. a linux-only constraint for applications that require linux).

Some screens:
tfe plan and apply

Screenshot 2024-06-24 at 12 42 44 PM

@kkavish
[IND-369]
854f864 
- pack to run TFE on Nomad.
srahul3
srahul3 reviewed Jun 24, 2024
View reviewed changes
Copy link

@srahul3 srahul3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added few comments for better user experience.

packs/tfe_fdo_nomad/templates/tfe.agent.nomad.tpl Outdated Show resolved Hide resolved
packs/tfe_fdo_nomad/variables.hcl Show resolved Hide resolved
packs/tfe_fdo_nomad/templates/tfe.nomad.tpl Show resolved Hide resolved
@kkavish kkavish requested a review from srahul3 June 25, 2024 05:27
@rashmiachar86
Copy link

This is required for Optum customer who is looking for Nomad support for TFE. Please do the needful !

@kkavish
[IND-369]
bb96c17 
- NITs
sofixa
sofixa reviewed Jun 25, 2024
View reviewed changes
packs/tfe_fdo_nomad/README.md Show resolved Hide resolved
packs/tfe_fdo_nomad/templates/tfe.nomad.tpl Outdated Show resolved Hide resolved
packs/tfe_fdo_nomad/templates/tfe.nomad.tpl Outdated Show resolved Hide resolved
packs/tfe_fdo_nomad/README.md Show resolved Hide resolved
packs/tfe_fdo_nomad/variables.hcl Outdated Show resolved Hide resolved
@kkavish
[IND-369]
3550383 
- resolving comments.
@kkavish kkavish requested a review from sofixa June 25, 2024 09:55
@tgross tgross requested review from tgross and removed request for sofixa and srahul3 June 26, 2024 14:57
tgross
tgross requested changes Jun 26, 2024
View reviewed changes
Copy link
Member

@tgross tgross left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @kkavish! I've left a bunch of comments but the major design issue I see here is the authentication to Nomad. If we're publishing a Pack for a service that talks to Nomad, we absolutely should be using the Task API and appropriate ACLs for it.

packs/tfe_fdo_nomad/README.md Outdated Show resolved Hide resolved
packs/tfe_fdo_nomad/README.md Outdated Show resolved Hide resolved
packs/tfe_fdo_nomad/README.md Outdated Show resolved Hide resolved
packs/tfe_fdo_nomad/README.md Outdated Show resolved Hide resolved
packs/tfe_fdo_nomad/README.md Outdated Show resolved Hide resolved
packs/tfe_fdo_nomad/templates/tfe.nomad.tpl Outdated Show resolved Hide resolved
packs/tfe_fdo_nomad/templates/tfe.nomad.tpl Show resolved Hide resolved
packs/tfe_fdo_nomad/templates/tfe.nomad.tpl Show resolved Hide resolved
packs/tfe_fdo_nomad/templates/tfe.nomad.tpl Outdated Show resolved Hide resolved
packs/tfe_fdo_nomad/README.md Outdated Show resolved Hide resolved
@kkavish
Copy link
Contributor Author

kkavish commented Jun 27, 2024
edited
Loading

Hi @kkavish! I've left a bunch of comments but the major design issue I see here is the authentication to Nomad. If we're publishing a Pack for a service that talks to Nomad, we absolutely should be using the Task API and appropriate ACLs for it.

@tgross We are using the Nomad SDK with appropriate ACLs while interacting with Nomad inside TFE task. For ACLs, please search for identity stanza in packs/tfe_fdo_nomad/templates/tfe.nomad.tpl. We have also provided the sample permissions for users inside Readme.md.

If you meant to update the job definition to use unix.sock we can do a spike on it before GA and update. Note, that this is beta.

srahul3 and others added 2 commits June 27, 2024 13:01
@srahul3
Update README.md
fcb204c
@kkavish
[IND-369]
fdfa330 
- resolving comments.
@kkavish
[IND-369]
bf0df66 
- resolving comments.
@kkavish
[IND-369]
027820c 
- resolving comments.
@kkavish
[IND-369]
307763c 
- resolving comments.
@kkavish kkavish requested a review from tgross July 1, 2024 15:32
@tgross tgross merged commit 43f668c into hashicorp:main Jul 1, 2024
1 check passed
@kkavish
Copy link
Contributor Author

kkavish commented Jul 1, 2024

Thanks @tgross!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tgross tgross tgross approved these changes

@sofixa sofixa Awaiting requested review from sofixa

@srahul3 srahul3 Awaiting requested review from srahul3

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kkavish @rashmiachar86 @tgross @sofixa @srahul3