├── .gitignore ├── jobs ├── README.md ├── pytechco-redis.nomad.hcl ├── pytechco-setup.nomad.hcl ├── pytechco-web.nomad.hcl └── pytechco-employee.nomad.hcl ├── README.md ├── aws ├── terraform.tfvars.example ├── outputs.tf ├── variables.tf └── main.tf ├── gcp ├── terraform.tfvars.example ├── outputs.tf ├── variables.tf └── main.tf ├── shared ├── config │ ├── nomad.service │ ├── nomad.hcl │ └── nomad_client.hcl └── data-scripts │ ├── user-data-server.sh │ └── user-data-client.sh ├── azure ├── terraform.tfvars.example ├── outputs.tf ├── variables.tf └── main.tf └── LICENSE /.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant/ 2 | aws.env/us-east/.terraform/ 3 | .terraform* 4 | examples/ 5 | *.tfstate 6 | *.tfstate.backup 7 | .terraform.lock.hcl 8 | terraform.tfvars 9 | variables.hcl 10 | Vagrantfile 11 | ignore* 12 | *.token 13 | *.pem -------------------------------------------------------------------------------- /jobs/README.md: -------------------------------------------------------------------------------- 1 | # Example application 2 | 3 | These jobspec files make up the example application used in the [Deploy and Update a Job tutorial](https://developer.hashicorp.com/nomad/tutorials/get-started/gs-deploy-job). 4 | 5 | The application simulates employees working at a technology company. They come online, complete their tasks, and then log off. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Getting started with Nomad 2 | 3 | Get up and running with Nomad by learning about scheduling, setting up a cluster, and deploying an example application. 4 | 5 | This repo is a companion to the [Get Started](https://developer.hashicorp.com/nomad/tutorials/get-started) collection of tutorials, containing configuration files to create a Nomad cluster with Terraform on the major cloud providers and jobspecs for an example application. -------------------------------------------------------------------------------- /aws/terraform.tfvars.example: -------------------------------------------------------------------------------- 1 | region = "AWS_REGION" 2 | 3 | # These variables will default to the values shown 4 | # and do not need to be updated unless you want to 5 | # change them 6 | # allowlist_ip = "0.0.0.0/0" 7 | # name = "nomad" 8 | # server_instance_type = "t2.micro" 9 | # server_count = "3" 10 | # client_instance_type = "t2.micro" 11 | # client_count = "2" 12 | # nomad_version = "1.5.0" -------------------------------------------------------------------------------- /gcp/terraform.tfvars.example: -------------------------------------------------------------------------------- 1 | region = "GCP_REGION" 2 | zone = "GCP_ZONE" 3 | project = "PROJECT_ID" 4 | 5 | # These variables will default to the values shown 6 | # and do not need to be updated unless you want to 7 | # change them 8 | # allowlist_ip = "0.0.0.0/0" 9 | # name = "nomad" 10 | # server_instance_type = "e2-medium" 11 | # server_count = "3" 12 | # client_instance_type = "e2-medium" 13 | # client_count = "2" 14 | # nomad_version = "1.5.0" -------------------------------------------------------------------------------- /jobs/pytechco-redis.nomad.hcl: -------------------------------------------------------------------------------- 1 | job "pytechco-redis" { 2 | type = "service" 3 | 4 | group "ptc-redis" { 5 | count = 1 6 | network { 7 | port "redis" { 8 | to = 6379 9 | } 10 | } 11 | 12 | service { 13 | name = "redis-svc" 14 | port = "redis" 15 | provider = "nomad" 16 | } 17 | 18 | task "redis-task" { 19 | driver = "docker" 20 | 21 | config { 22 | image = "redis:7.0.7-alpine" 23 | ports = ["redis"] 24 | } 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /shared/config/nomad.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Nomad 3 | Documentation=https://nomadproject.io/docs/ 4 | Wants=network-online.target 5 | After=network-online.target 6 | StartLimitIntervalSec=10 7 | StartLimitBurst=3 8 | 9 | [Service] 10 | ExecReload=/bin/kill -HUP $MAINPID 11 | ExecStart=/usr/local/bin/nomad agent -config /etc/nomad.d 12 | KillMode=process 13 | KillSignal=SIGINT 14 | LimitNOFILE=infinity 15 | LimitNPROC=infinity 16 | Restart=on-failure 17 | RestartSec=2 18 | TasksMax=infinity 19 | 20 | [Install] 21 | WantedBy=multi-user.target 22 | -------------------------------------------------------------------------------- /shared/config/nomad.hcl: -------------------------------------------------------------------------------- 1 | # Values for server_count, retry_join, and ip_address are 2 | # placed here during Terraform setup and come from the 3 | # ../shared/data-scripts/user-data-server.sh script 4 | 5 | data_dir = "/opt/nomad/data" 6 | bind_addr = "0.0.0.0" 7 | datacenter = "dc1" 8 | 9 | advertise { 10 | http = "IP_ADDRESS" 11 | rpc = "IP_ADDRESS" 12 | serf = "IP_ADDRESS" 13 | } 14 | 15 | acl { 16 | enabled = true 17 | } 18 | 19 | server { 20 | enabled = true 21 | bootstrap_expect = SERVER_COUNT 22 | 23 | server_join { 24 | retry_join = ["RETRY_JOIN"] 25 | } 26 | } -------------------------------------------------------------------------------- /azure/terraform.tfvars.example: -------------------------------------------------------------------------------- 1 | location = "LOCATION" 2 | subscription_id = "SUBSCRIPTION_ID" 3 | tenant_id = "TENANT_ID" 4 | client_id = "CLIENT_ID" 5 | client_secret = "CLIENT_SECRET" 6 | 7 | # These variables will default to the values shown 8 | # and do not need to be updated unless you want to 9 | # change them 10 | # allowlist_ip = "0.0.0.0/0" 11 | # name = "nomad" 12 | # server_instance_type = "Standard_B2s" 13 | # server_count = "3" 14 | # client_instance_type = "Standard_B2s" 15 | # client_count = "2" 16 | # nomad_version = "1.5.0" -------------------------------------------------------------------------------- /shared/config/nomad_client.hcl: -------------------------------------------------------------------------------- 1 | # Values for retry_join, and ip_address are 2 | # placed here during Terraform setup and come from the 3 | # ../shared/data-scripts/user-data-client.sh script 4 | 5 | data_dir = "/opt/nomad/data" 6 | bind_addr = "0.0.0.0" 7 | datacenter = "dc1" 8 | 9 | advertise { 10 | http = "IP_ADDRESS" 11 | rpc = "IP_ADDRESS" 12 | serf = "IP_ADDRESS" 13 | } 14 | 15 | acl { 16 | enabled = true 17 | } 18 | 19 | client { 20 | enabled = true 21 | options { 22 | "driver.raw_exec.enable" = "1" 23 | "docker.privileged.enabled" = "true" 24 | } 25 | server_join { 26 | retry_join = ["RETRY_JOIN"] 27 | } 28 | } -------------------------------------------------------------------------------- /jobs/pytechco-setup.nomad.hcl: -------------------------------------------------------------------------------- 1 | job "pytechco-setup" { 2 | type = "batch" 3 | 4 | parameterized { 5 | meta_required = ["budget"] 6 | } 7 | 8 | group "ptc-setup" { 9 | count = 1 10 | 11 | task "ptc-setup-task" { 12 | 13 | template { 14 | data = < >(sudo tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 6 | 7 | ACL_DIRECTORY="/ops/shared/config" 8 | NOMAD_BOOTSTRAP_TOKEN="/tmp/nomad_bootstrap" 9 | NOMAD_USER_TOKEN="/tmp/nomad_user_token" 10 | CONFIGDIR="/ops/shared/config" 11 | NOMADVERSION=${nomad_version} 12 | NOMADDOWNLOAD=https://releases.hashicorp.com/nomad/$${NOMADVERSION}/nomad_$${NOMADVERSION}_linux_amd64.zip 13 | NOMADCONFIGDIR="/etc/nomad.d" 14 | NOMADDIR="/opt/nomad" 15 | HOME_DIR="ubuntu" 16 | CLOUD_ENV=${cloud_env} 17 | 18 | # Install phase begin --------------------------------------- 19 | 20 | # Install dependencies 21 | case $CLOUD_ENV in 22 | aws) 23 | echo "CLOUD_ENV: aws" 24 | sudo apt-get update && sudo apt-get install -y software-properties-common 25 | TOKEN=$(curl -X PUT "http://instance-data/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600") 26 | 27 | IP_ADDRESS=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" http://instance-data/latest/meta-data/local-ipv4) 28 | PUBLIC_IP=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" http://instance-data/latest/meta-data/public-ipv4) 29 | ;; 30 | 31 | gce) 32 | echo "CLOUD_ENV: gce" 33 | sudo apt-get update && sudo apt-get install -y software-properties-common 34 | IP_ADDRESS=$(curl -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/network-interfaces/0/ip) 35 | ;; 36 | 37 | azure) 38 | echo "CLOUD_ENV: azure" 39 | sudo apt-get update && sudo apt-get install -y software-properties-common jq 40 | IP_ADDRESS=$(curl -s -H Metadata:true --noproxy "*" http://169.254.169.254/metadata/instance/network/interface/0/ipv4/ipAddress/0?api-version=2021-12-13 | jq -r '.["privateIpAddress"]') 41 | ;; 42 | 43 | *) 44 | exit "CLOUD_ENV not set to one of aws, gce, or azure - exiting." 45 | ;; 46 | esac 47 | 48 | sudo apt-get update 49 | sudo apt-get install -y unzip tree redis-tools jq curl tmux 50 | sudo apt-get clean 51 | 52 | 53 | # Disable the firewall 54 | 55 | sudo ufw disable || echo "ufw not installed" 56 | 57 | # Download and install Nomad 58 | curl -L $NOMADDOWNLOAD > nomad.zip 59 | 60 | sudo unzip nomad.zip -d /usr/local/bin 61 | sudo chmod 0755 /usr/local/bin/nomad 62 | sudo chown root:root /usr/local/bin/nomad 63 | 64 | sudo mkdir -p $NOMADCONFIGDIR 65 | sudo chmod 755 $NOMADCONFIGDIR 66 | sudo mkdir -p $NOMADDIR 67 | sudo chmod 755 $NOMADDIR 68 | 69 | # Docker 70 | distro=$(lsb_release -si | tr '[:upper:]' '[:lower:]') 71 | sudo apt-get install -y apt-transport-https ca-certificates gnupg2 72 | curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - 73 | sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/$${distro} $(lsb_release -cs) stable" 74 | sudo apt-get update 75 | sudo apt-get install -y docker-ce 76 | 77 | # Java 78 | sudo add-apt-repository -y ppa:openjdk-r/ppa 79 | sudo apt-get update 80 | sudo apt-get install -y openjdk-8-jdk 81 | JAVA_HOME=$(readlink -f /usr/bin/java | sed "s:bin/java::") 82 | 83 | # Install phase finish --------------------------------------- 84 | 85 | echo "Install complete" 86 | 87 | # Server setup phase begin ----------------------------------- 88 | SERVER_COUNT=${server_count} 89 | RETRY_JOIN="${retry_join}" 90 | 91 | sed -i "s/SERVER_COUNT/$SERVER_COUNT/g" $CONFIGDIR/nomad.hcl 92 | sed -i "s/RETRY_JOIN/$RETRY_JOIN/g" $CONFIGDIR/nomad.hcl 93 | sed -i "s/IP_ADDRESS/$IP_ADDRESS/g" $CONFIGDIR/nomad.hcl 94 | sudo cp $CONFIGDIR/nomad.hcl $NOMADCONFIGDIR 95 | sudo cp $CONFIGDIR/nomad.service /etc/systemd/system/nomad.service 96 | 97 | sudo systemctl enable nomad.service 98 | sudo systemctl start nomad.service 99 | 100 | # Wait for Nomad to restart 101 | for i in {1..9}; do 102 | # capture stdout and stderr 103 | set +e 104 | sleep 1 105 | OUTPUT=$(nomad -v 2>&1) 106 | if [ $? -ne 0 ]; then 107 | continue 108 | else 109 | exit 0 110 | fi 111 | done 112 | 113 | export NOMAD_ADDR=http://$IP_ADDRESS:4646 114 | 115 | # Add hostname to /etc/hosts 116 | 117 | echo "127.0.0.1 $(hostname)" | sudo tee --append /etc/hosts 118 | 119 | # Add Docker bridge network IP to /etc/resolv.conf (at the top) 120 | 121 | echo "nameserver $DOCKER_BRIDGE_IP_ADDRESS" | sudo tee /etc/resolv.conf.new 122 | cat /etc/resolv.conf | sudo tee --append /etc/resolv.conf.new 123 | sudo mv /etc/resolv.conf.new /etc/resolv.conf 124 | 125 | # Set env vars 126 | echo "export NOMAD_ADDR=http://$IP_ADDRESS:4646" | sudo tee --append /home/$HOME_DIR/.bashrc 127 | echo "export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre" | sudo tee --append /home/$HOME_DIR/.bashrc 128 | 129 | # Server setup phase finish ----------------------------------- -------------------------------------------------------------------------------- /shared/data-scripts/user-data-client.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | exec > >(sudo tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 6 | 7 | ACL_DIRECTORY="/ops/shared/config" 8 | NOMAD_BOOTSTRAP_TOKEN="/tmp/nomad_bootstrap" 9 | NOMAD_USER_TOKEN="/tmp/nomad_user_token" 10 | CONFIGDIR="/ops/shared/config" 11 | NOMADVERSION=${nomad_version} 12 | NOMADDOWNLOAD=https://releases.hashicorp.com/nomad/$${NOMADVERSION}/nomad_$${NOMADVERSION}_linux_amd64.zip 13 | NOMADCONFIGDIR="/etc/nomad.d" 14 | NOMADDIR="/opt/nomad" 15 | HOME_DIR="ubuntu" 16 | CLOUD_ENV=${cloud_env} 17 | 18 | # Install phase begin --------------------------------------- 19 | 20 | # Install dependencies 21 | case $CLOUD_ENV in 22 | aws) 23 | echo "CLOUD_ENV: aws" 24 | sudo apt-get update && sudo apt-get install -y software-properties-common 25 | TOKEN=$(curl -X PUT "http://instance-data/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600") 26 | 27 | IP_ADDRESS=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" http://instance-data/latest/meta-data/local-ipv4) 28 | PUBLIC_IP=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" http://instance-data/latest/meta-data/public-ipv4) 29 | ;; 30 | 31 | gce) 32 | echo "CLOUD_ENV: gce" 33 | sudo apt-get update && sudo apt-get install -y software-properties-common 34 | IP_ADDRESS=$(curl -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/network-interfaces/0/ip) 35 | ;; 36 | 37 | azure) 38 | echo "CLOUD_ENV: azure" 39 | sudo apt-get update && sudo apt-get install -y software-properties-common jq 40 | IP_ADDRESS=$(curl -s -H Metadata:true --noproxy "*" http://169.254.169.254/metadata/instance/network/interface/0/ipv4/ipAddress/0?api-version=2021-12-13 | jq -r '.["privateIpAddress"]') 41 | ;; 42 | 43 | *) 44 | exit "CLOUD_ENV not set to one of aws, gce, or azure - exiting." 45 | ;; 46 | esac 47 | 48 | sudo apt-get update 49 | sudo apt-get install -y unzip tree redis-tools jq curl tmux 50 | sudo apt-get clean 51 | 52 | 53 | # Disable the firewall 54 | 55 | sudo ufw disable || echo "ufw not installed" 56 | 57 | # Download and install Nomad 58 | curl -L $NOMADDOWNLOAD > nomad.zip 59 | 60 | sudo unzip nomad.zip -d /usr/local/bin 61 | sudo chmod 0755 /usr/local/bin/nomad 62 | sudo chown root:root /usr/local/bin/nomad 63 | 64 | sudo mkdir -p $NOMADCONFIGDIR 65 | sudo chmod 755 $NOMADCONFIGDIR 66 | sudo mkdir -p $NOMADDIR 67 | sudo chmod 755 $NOMADDIR 68 | 69 | # Docker 70 | distro=$(lsb_release -si | tr '[:upper:]' '[:lower:]') 71 | sudo apt-get install -y apt-transport-https ca-certificates gnupg2 72 | curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - 73 | sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/$${distro} $(lsb_release -cs) stable" 74 | sudo apt-get update 75 | sudo apt-get install -y docker-ce 76 | 77 | # Java 78 | sudo add-apt-repository -y ppa:openjdk-r/ppa 79 | sudo apt-get update 80 | sudo apt-get install -y openjdk-8-jdk 81 | JAVA_HOME=$(readlink -f /usr/bin/java | sed "s:bin/java::") 82 | 83 | # CNI plugins 84 | curl -L -o cni-plugins.tgz "https://github.com/containernetworking/plugins/releases/download/v1.0.0/cni-plugins-linux-$( [ $(uname -m) = aarch64 ] && echo arm64 || echo amd64)"-v1.0.0.tgz 85 | sudo mkdir -p /opt/cni/bin 86 | sudo tar -C /opt/cni/bin -xzf cni-plugins.tgz 87 | 88 | echo 1 | sudo tee /proc/sys/net/bridge/bridge-nf-call-arptables 89 | echo 1 | sudo tee /proc/sys/net/bridge/bridge-nf-call-ip6tables 90 | echo 1 | sudo tee /proc/sys/net/bridge/bridge-nf-call-iptables 91 | 92 | # Install phase finish --------------------------------------- 93 | 94 | RETRY_JOIN="${retry_join}" 95 | DOCKER_BRIDGE_IP_ADDRESS=(`ifconfig docker0 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://'`) 96 | 97 | sed -i "s/IP_ADDRESS/$IP_ADDRESS/g" $CONFIGDIR/nomad_client.hcl 98 | sed -i "s/RETRY_JOIN/$RETRY_JOIN/g" $CONFIGDIR/nomad_client.hcl 99 | sudo cp $CONFIGDIR/nomad_client.hcl $NOMADCONFIGDIR/nomad.hcl 100 | sudo cp $CONFIGDIR/nomad.service /etc/systemd/system/nomad.service 101 | 102 | sudo systemctl enable nomad.service 103 | sudo systemctl start nomad.service 104 | 105 | # Wait for Nomad to restart 106 | for i in {1..9}; do 107 | # capture stdout and stderr 108 | set +e 109 | sleep 1 110 | OUTPUT=$(nomad -v 2>&1) 111 | if [ $? -ne 0 ]; then 112 | continue 113 | else 114 | exit 0 115 | fi 116 | done 117 | 118 | export NOMAD_ADDR=http://$IP_ADDRESS:4646 119 | 120 | # Add hostname to /etc/hosts 121 | 122 | echo "127.0.0.1 $(hostname)" | sudo tee --append /etc/hosts 123 | 124 | # Add Docker bridge network IP to /etc/resolv.conf (at the top) 125 | 126 | echo "nameserver $DOCKER_BRIDGE_IP_ADDRESS" | sudo tee /etc/resolv.conf.new 127 | cat /etc/resolv.conf | sudo tee --append /etc/resolv.conf.new 128 | sudo mv /etc/resolv.conf.new /etc/resolv.conf 129 | 130 | # Set env vars 131 | echo "export NOMAD_ADDR=http://$IP_ADDRESS:4646" | sudo tee --append /home/$HOME_DIR/.bashrc 132 | echo "export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre" | sudo tee --append /home/$HOME_DIR/.bashrc 133 | 134 | # Server setup phase finish ----------------------------------- -------------------------------------------------------------------------------- /gcp/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.12" 3 | } 4 | 5 | locals { 6 | retry_join = "provider=gce project_name=${var.project} tag_value=auto-join" 7 | } 8 | 9 | provider "google" { 10 | project = var.project 11 | region = var.region 12 | zone = var.zone 13 | } 14 | 15 | resource "google_compute_network" "hashistack" { 16 | name = "hashistack-${var.name}" 17 | } 18 | 19 | resource "google_compute_firewall" "nomad_ui_ingress" { 20 | name = "${var.name}-ui-ingress" 21 | network = google_compute_network.hashistack.name 22 | source_ranges = [var.allowlist_ip] 23 | 24 | # Nomad 25 | allow { 26 | protocol = "tcp" 27 | ports = [4646] 28 | } 29 | } 30 | 31 | resource "google_compute_firewall" "ssh_ingress" { 32 | name = "${var.name}-ssh-ingress" 33 | network = google_compute_network.hashistack.name 34 | source_ranges = [var.allowlist_ip] 35 | 36 | # SSH 37 | allow { 38 | protocol = "tcp" 39 | ports = [22] 40 | } 41 | } 42 | 43 | resource "google_compute_firewall" "allow_all_internal" { 44 | name = "${var.name}-allow-all-internal" 45 | network = google_compute_network.hashistack.name 46 | source_tags = ["auto-join"] 47 | 48 | allow { 49 | protocol = "icmp" 50 | } 51 | 52 | allow { 53 | protocol = "tcp" 54 | ports = ["0-65535"] 55 | } 56 | 57 | allow { 58 | protocol = "udp" 59 | ports = ["0-65535"] 60 | } 61 | } 62 | 63 | resource "google_compute_firewall" "clients_ingress" { 64 | name = "${var.name}-clients-ingress" 65 | network = google_compute_network.hashistack.name 66 | source_ranges = [var.allowlist_ip] 67 | target_tags = ["nomad-clients"] 68 | 69 | # Add application ingress rules here 70 | # These rules are applied only to the client nodes 71 | 72 | # example app on port 5000, replace with your application port 73 | allow { 74 | protocol = "tcp" 75 | ports = [5000] 76 | } 77 | } 78 | 79 | data "google_compute_image" "ubuntu-1604" { 80 | family = "ubuntu-pro-1604-lts" 81 | project = "ubuntu-os-pro-cloud" 82 | } 83 | 84 | resource "tls_private_key" "private_key" { 85 | algorithm = "RSA" 86 | rsa_bits = 4096 87 | } 88 | 89 | # Uncomment the private key resource below if you want to SSH to any of the instances 90 | # Run init and apply again after uncommenting: 91 | # terraform init && terraform apply 92 | # Then SSH with the tf-key.pem file: 93 | # ssh -i tf-key.pem ubuntu@INSTANCE_PUBLIC_IP 94 | 95 | # resource "local_file" "tf_pem" { 96 | # filename = "${path.module}/tf-key.pem" 97 | # content = tls_private_key.private_key.private_key_pem 98 | # file_permission = "0400" 99 | # } 100 | 101 | resource "google_compute_instance" "server" { 102 | count = var.server_count 103 | name = "${var.name}-server-${count.index}" 104 | machine_type = var.server_instance_type 105 | zone = var.zone 106 | tags = ["auto-join"] 107 | 108 | connection { 109 | type = "ssh" 110 | user = "ubuntu" 111 | private_key = tls_private_key.private_key.private_key_pem 112 | host = self.network_interface.0.access_config.0.nat_ip 113 | } 114 | 115 | allow_stopping_for_update = true 116 | 117 | boot_disk { 118 | initialize_params { 119 | image = data.google_compute_image.ubuntu-1604.self_link 120 | size = var.root_block_device_size 121 | } 122 | } 123 | 124 | network_interface { 125 | network = google_compute_network.hashistack.name 126 | access_config { 127 | // Leave empty to get an ephemeral public IP 128 | } 129 | } 130 | 131 | service_account { 132 | # https://developers.google.com/identity/protocols/googlescopes 133 | scopes = [ 134 | "https://www.googleapis.com/auth/compute.readonly", 135 | "https://www.googleapis.com/auth/logging.write", 136 | ] 137 | } 138 | 139 | metadata = { 140 | ssh-keys = "ubuntu:${tls_private_key.private_key.public_key_openssh}" 141 | } 142 | 143 | provisioner "remote-exec" { 144 | inline = ["sudo mkdir -p /ops", "sudo chmod 777 -R /ops"] 145 | } 146 | 147 | provisioner "file" { 148 | source = "../shared" 149 | destination = "/ops" 150 | } 151 | 152 | metadata_startup_script = templatefile("../shared/data-scripts/user-data-server.sh", { 153 | server_count = var.server_count 154 | region = var.region 155 | cloud_env = "gce" 156 | retry_join = local.retry_join 157 | nomad_version = var.nomad_version 158 | }) 159 | } 160 | 161 | resource "google_compute_instance" "client" { 162 | count = var.client_count 163 | name = "${var.name}-client-${count.index}" 164 | machine_type = var.client_instance_type 165 | zone = var.zone 166 | tags = ["auto-join", "nomad-clients"] 167 | 168 | connection { 169 | type = "ssh" 170 | user = "ubuntu" 171 | private_key = tls_private_key.private_key.private_key_pem 172 | host = self.network_interface.0.access_config.0.nat_ip 173 | } 174 | 175 | allow_stopping_for_update = true 176 | 177 | boot_disk { 178 | initialize_params { 179 | image = data.google_compute_image.ubuntu-1604.self_link 180 | size = var.root_block_device_size 181 | } 182 | } 183 | 184 | network_interface { 185 | network = google_compute_network.hashistack.name 186 | access_config { 187 | // Leave empty to get an ephemeral public IP 188 | } 189 | } 190 | 191 | service_account { 192 | # https://developers.google.com/identity/protocols/googlescopes 193 | scopes = [ 194 | "https://www.googleapis.com/auth/compute.readonly", 195 | "https://www.googleapis.com/auth/logging.write", 196 | ] 197 | } 198 | 199 | metadata = { 200 | ssh-keys = "ubuntu:${tls_private_key.private_key.public_key_openssh}" 201 | } 202 | 203 | provisioner "remote-exec" { 204 | inline = ["sudo mkdir -p /ops", "sudo chmod 777 -R /ops"] 205 | } 206 | 207 | provisioner "file" { 208 | source = "../shared" 209 | destination = "/ops" 210 | } 211 | 212 | metadata_startup_script = templatefile("../shared/data-scripts/user-data-client.sh", { 213 | region = var.region 214 | cloud_env = "gce" 215 | retry_join = local.retry_join 216 | nomad_version = var.nomad_version 217 | }) 218 | } -------------------------------------------------------------------------------- /aws/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.12" 3 | } 4 | 5 | provider "aws" { 6 | region = var.region 7 | } 8 | 9 | data "aws_vpc" "default" { 10 | default = true 11 | } 12 | 13 | locals { 14 | retry_join = "provider=aws tag_key=NomadJoinTag tag_value=auto-join" 15 | } 16 | 17 | resource "aws_security_group" "nomad_ui_ingress" { 18 | name = "${var.name}-ui-ingress" 19 | vpc_id = data.aws_vpc.default.id 20 | 21 | # Nomad 22 | ingress { 23 | from_port = 4646 24 | to_port = 4646 25 | protocol = "tcp" 26 | cidr_blocks = [var.allowlist_ip] 27 | } 28 | 29 | ingress { 30 | from_port = 0 31 | to_port = 0 32 | protocol = "-1" 33 | self = true 34 | } 35 | 36 | egress { 37 | from_port = 0 38 | to_port = 0 39 | protocol = "-1" 40 | cidr_blocks = ["0.0.0.0/0"] 41 | } 42 | } 43 | 44 | resource "aws_security_group" "ssh_ingress" { 45 | name = "${var.name}-ssh-ingress" 46 | vpc_id = data.aws_vpc.default.id 47 | 48 | # SSH 49 | ingress { 50 | from_port = 22 51 | to_port = 22 52 | protocol = "tcp" 53 | cidr_blocks = [var.allowlist_ip] 54 | } 55 | 56 | ingress { 57 | from_port = 0 58 | to_port = 0 59 | protocol = "-1" 60 | self = true 61 | } 62 | 63 | egress { 64 | from_port = 0 65 | to_port = 0 66 | protocol = "-1" 67 | cidr_blocks = ["0.0.0.0/0"] 68 | } 69 | } 70 | 71 | resource "aws_security_group" "allow_all_internal" { 72 | name = "${var.name}-allow-all-internal" 73 | vpc_id = data.aws_vpc.default.id 74 | 75 | ingress { 76 | from_port = 0 77 | to_port = 0 78 | protocol = "-1" 79 | self = true 80 | } 81 | 82 | egress { 83 | from_port = 0 84 | to_port = 0 85 | protocol = "-1" 86 | self = true 87 | } 88 | } 89 | 90 | resource "aws_security_group" "clients_ingress" { 91 | name = "${var.name}-clients-ingress" 92 | vpc_id = data.aws_vpc.default.id 93 | 94 | ingress { 95 | from_port = 0 96 | to_port = 0 97 | protocol = "-1" 98 | self = true 99 | } 100 | 101 | egress { 102 | from_port = 0 103 | to_port = 0 104 | protocol = "-1" 105 | cidr_blocks = ["0.0.0.0/0"] 106 | } 107 | 108 | # Add application ingress rules here 109 | # These rules are applied only to the client nodes 110 | 111 | # nginx example 112 | # ingress { 113 | # from_port = 80 114 | # to_port = 80 115 | # protocol = "tcp" 116 | # cidr_blocks = ["0.0.0.0/0"] 117 | # } 118 | ingress { 119 | from_port = 5000 120 | to_port = 5000 121 | protocol = "tcp" 122 | cidr_blocks = ["0.0.0.0/0"] 123 | } 124 | } 125 | 126 | 127 | data "aws_ami" "ubuntu" { 128 | most_recent = true 129 | owners = ["099720109477"] 130 | 131 | filter { 132 | name = "name" 133 | values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"] 134 | } 135 | 136 | filter { 137 | name = "root-device-type" 138 | values = ["ebs"] 139 | } 140 | 141 | filter { 142 | name = "virtualization-type" 143 | values = ["hvm"] 144 | } 145 | 146 | filter { 147 | name = "architecture" 148 | values = ["x86_64"] 149 | } 150 | } 151 | 152 | resource "tls_private_key" "private_key" { 153 | algorithm = "RSA" 154 | rsa_bits = 4096 155 | } 156 | 157 | resource "aws_key_pair" "generated_key" { 158 | key_name = "tf-key" 159 | public_key = tls_private_key.private_key.public_key_openssh 160 | } 161 | 162 | # Uncomment the private key resource below if you want to SSH to any of the instances 163 | # Run init and apply again after uncommenting: 164 | # terraform init && terraform apply 165 | # Then SSH with the tf-key.pem file: 166 | # ssh -i tf-key.pem ubuntu@INSTANCE_PUBLIC_IP 167 | 168 | # resource "local_file" "tf_pem" { 169 | # filename = "${path.module}/tf-key.pem" 170 | # content = tls_private_key.private_key.private_key_pem 171 | # file_permission = "0400" 172 | # } 173 | 174 | resource "aws_instance" "server" { 175 | ami = data.aws_ami.ubuntu.id 176 | instance_type = var.server_instance_type 177 | key_name = aws_key_pair.generated_key.key_name 178 | vpc_security_group_ids = [aws_security_group.nomad_ui_ingress.id, aws_security_group.ssh_ingress.id, aws_security_group.allow_all_internal.id] 179 | count = var.server_count 180 | 181 | connection { 182 | type = "ssh" 183 | user = "ubuntu" 184 | private_key = tls_private_key.private_key.private_key_pem 185 | host = self.public_ip 186 | } 187 | 188 | # NomadJoinTag is necessary for nodes to automatically join the cluster 189 | tags = merge( 190 | { 191 | "Name" = "${var.name}-server-${count.index}" 192 | }, 193 | { 194 | "NomadJoinTag" = "auto-join" 195 | }, 196 | { 197 | "NomadType" = "server" 198 | } 199 | ) 200 | 201 | root_block_device { 202 | volume_type = "gp2" 203 | volume_size = var.root_block_device_size 204 | delete_on_termination = "true" 205 | } 206 | 207 | provisioner "remote-exec" { 208 | inline = ["sudo mkdir -p /ops", "sudo chmod 777 -R /ops"] 209 | } 210 | 211 | provisioner "file" { 212 | source = "../shared" 213 | destination = "/ops" 214 | } 215 | 216 | user_data = templatefile("../shared/data-scripts/user-data-server.sh", { 217 | server_count = var.server_count 218 | region = var.region 219 | cloud_env = "aws" 220 | retry_join = local.retry_join 221 | nomad_version = var.nomad_version 222 | }) 223 | iam_instance_profile = aws_iam_instance_profile.instance_profile.name 224 | 225 | metadata_options { 226 | http_endpoint = "enabled" 227 | instance_metadata_tags = "enabled" 228 | } 229 | } 230 | 231 | resource "aws_instance" "client" { 232 | ami = data.aws_ami.ubuntu.id 233 | instance_type = var.client_instance_type 234 | key_name = aws_key_pair.generated_key.key_name 235 | vpc_security_group_ids = [aws_security_group.nomad_ui_ingress.id, aws_security_group.ssh_ingress.id, aws_security_group.clients_ingress.id, aws_security_group.allow_all_internal.id] 236 | count = var.client_count 237 | 238 | connection { 239 | type = "ssh" 240 | user = "ubuntu" 241 | private_key = tls_private_key.private_key.private_key_pem 242 | host = self.public_ip 243 | } 244 | 245 | # NomadJoinTag is necessary for nodes to automatically join the cluster 246 | tags = merge( 247 | { 248 | "Name" = "${var.name}-client-${count.index}" 249 | }, 250 | { 251 | "NomadJoinTag" = "auto-join" 252 | }, 253 | { 254 | "NomadType" = "client" 255 | } 256 | ) 257 | 258 | root_block_device { 259 | volume_type = "gp2" 260 | volume_size = var.root_block_device_size 261 | delete_on_termination = "true" 262 | } 263 | 264 | ebs_block_device { 265 | device_name = "/dev/xvdd" 266 | volume_type = "gp2" 267 | volume_size = "50" 268 | delete_on_termination = "true" 269 | } 270 | 271 | provisioner "remote-exec" { 272 | inline = ["sudo mkdir -p /ops", "sudo chmod 777 -R /ops"] 273 | } 274 | 275 | provisioner "file" { 276 | source = "../shared" 277 | destination = "/ops" 278 | } 279 | 280 | user_data = templatefile("../shared/data-scripts/user-data-client.sh", { 281 | region = var.region 282 | cloud_env = "aws" 283 | retry_join = local.retry_join 284 | nomad_version = var.nomad_version 285 | }) 286 | iam_instance_profile = aws_iam_instance_profile.instance_profile.name 287 | 288 | metadata_options { 289 | http_endpoint = "enabled" 290 | instance_metadata_tags = "enabled" 291 | } 292 | } 293 | 294 | resource "aws_iam_instance_profile" "instance_profile" { 295 | name_prefix = var.name 296 | role = aws_iam_role.instance_role.name 297 | } 298 | 299 | resource "aws_iam_role" "instance_role" { 300 | name_prefix = var.name 301 | assume_role_policy = data.aws_iam_policy_document.instance_role.json 302 | } 303 | 304 | data "aws_iam_policy_document" "instance_role" { 305 | statement { 306 | effect = "Allow" 307 | actions = ["sts:AssumeRole"] 308 | 309 | principals { 310 | type = "Service" 311 | identifiers = ["ec2.amazonaws.com"] 312 | } 313 | } 314 | } 315 | 316 | resource "aws_iam_role_policy" "auto_discover_cluster" { 317 | name = "${var.name}-auto-discover-cluster" 318 | role = aws_iam_role.instance_role.id 319 | policy = data.aws_iam_policy_document.auto_discover_cluster.json 320 | } 321 | 322 | data "aws_iam_policy_document" "auto_discover_cluster" { 323 | statement { 324 | effect = "Allow" 325 | 326 | actions = [ 327 | "ec2:DescribeInstances", 328 | "ec2:DescribeTags", 329 | "autoscaling:DescribeAutoScalingGroups", 330 | ] 331 | 332 | resources = ["*"] 333 | } 334 | } 335 | -------------------------------------------------------------------------------- /azure/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.12" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "=3.0.0" 7 | } 8 | } 9 | } 10 | 11 | locals { 12 | retry_join = "provider=azure tag_name=NomadJoinTag tag_value=auto-join subscription_id=${var.subscription_id} tenant_id=${var.tenant_id} client_id=${var.client_id} secret_access_key=${var.client_secret}" 13 | } 14 | 15 | provider "azurerm" { 16 | features {} 17 | 18 | subscription_id = var.subscription_id 19 | client_id = var.client_id 20 | client_secret = var.client_secret 21 | tenant_id = var.tenant_id 22 | } 23 | 24 | resource "tls_private_key" "private_key" { 25 | algorithm = "RSA" 26 | rsa_bits = 4096 27 | } 28 | 29 | # Uncomment the private key resource below if you want to SSH to any of the instances 30 | # Run init and apply again after uncommenting: 31 | # terraform init && terraform apply 32 | # Then SSH with the tf-key.pem file: 33 | # ssh -i tf-key.pem ubuntu@INSTANCE_PUBLIC_IP 34 | 35 | # resource "local_file" "tf_pem" { 36 | # filename = "${path.module}/tf-key.pem" 37 | # content = tls_private_key.private_key.private_key_pem 38 | # file_permission = "0400" 39 | # } 40 | 41 | resource "azurerm_resource_group" "hashistack" { 42 | name = "hashistack" 43 | location = var.location 44 | } 45 | 46 | resource "azurerm_virtual_network" "hashistack-vn" { 47 | name = "hashistack-vn" 48 | address_space = ["10.0.0.0/16"] 49 | location = "${var.location}" 50 | resource_group_name = "${azurerm_resource_group.hashistack.name}" 51 | } 52 | 53 | resource "azurerm_subnet" "hashistack-sn" { 54 | name = "hashistack-sn" 55 | resource_group_name = "${azurerm_resource_group.hashistack.name}" 56 | virtual_network_name = "${azurerm_virtual_network.hashistack-vn.name}" 57 | address_prefixes = ["10.0.2.0/24"] 58 | } 59 | 60 | resource "azurerm_network_security_group" "hashistack-sg" { 61 | name = "hashistack-sg" 62 | location = "${var.location}" 63 | resource_group_name = "${azurerm_resource_group.hashistack.name}" 64 | } 65 | 66 | resource "azurerm_subnet_network_security_group_association" "hashistack-sg-association" { 67 | subnet_id = azurerm_subnet.hashistack-sn.id 68 | network_security_group_id = azurerm_network_security_group.hashistack-sg.id 69 | } 70 | 71 | resource "azurerm_network_security_rule" "nomad_ui_ingress" { 72 | name = "${var.name}-nomad-ui-ingress" 73 | resource_group_name = "${azurerm_resource_group.hashistack.name}" 74 | network_security_group_name = "${azurerm_network_security_group.hashistack-sg.name}" 75 | 76 | priority = 101 77 | direction = "Inbound" 78 | access = "Allow" 79 | protocol = "Tcp" 80 | 81 | source_address_prefix = var.allowlist_ip 82 | source_port_range = "*" 83 | destination_port_range = "4646" 84 | destination_address_prefix = "*" 85 | } 86 | 87 | resource "azurerm_network_security_rule" "ssh_ingress" { 88 | name = "${var.name}-ssh-ingress" 89 | resource_group_name = "${azurerm_resource_group.hashistack.name}" 90 | network_security_group_name = "${azurerm_network_security_group.hashistack-sg.name}" 91 | 92 | priority = 100 93 | direction = "Inbound" 94 | access = "Allow" 95 | protocol = "Tcp" 96 | 97 | source_address_prefix = var.allowlist_ip 98 | source_port_range = "*" 99 | destination_port_range = "22" 100 | destination_address_prefix = "*" 101 | } 102 | 103 | resource "azurerm_network_security_rule" "allow_all_internal" { 104 | name = "${var.name}-allow-all-internal" 105 | resource_group_name = "${azurerm_resource_group.hashistack.name}" 106 | network_security_group_name = "${azurerm_network_security_group.hashistack-sg.name}" 107 | 108 | priority = 103 109 | direction = "Inbound" 110 | access = "Allow" 111 | protocol = "Tcp" 112 | 113 | source_address_prefix = azurerm_subnet.hashistack-sn.address_prefixes[0] 114 | source_port_range = "*" 115 | destination_port_range = "*" 116 | destination_address_prefix = azurerm_subnet.hashistack-sn.address_prefixes[0] 117 | } 118 | 119 | resource "azurerm_network_security_rule" "clients_ingress" { 120 | name = "${var.name}-clients-ingress" 121 | resource_group_name = "${azurerm_resource_group.hashistack.name}" 122 | network_security_group_name = "${azurerm_network_security_group.hashistack-sg.name}" 123 | 124 | priority = 110 125 | direction = "Inbound" 126 | access = "Allow" 127 | protocol = "Tcp" 128 | 129 | # Add application ingress rules here 130 | # These rules are applied only to the client nodes 131 | 132 | # example; replace with your application port 133 | source_address_prefix = var.allowlist_ip 134 | source_port_range = "*" 135 | destination_port_range = "5000" 136 | destination_address_prefixes = azurerm_linux_virtual_machine.client[*].private_ip_address 137 | } 138 | 139 | resource "azurerm_public_ip" "hashistack-server-public-ip" { 140 | count = "${var.server_count}" 141 | name = "hashistack-server-ip-${count.index}" 142 | location = "${var.location}" 143 | resource_group_name = "${azurerm_resource_group.hashistack.name}" 144 | allocation_method = "Static" 145 | } 146 | 147 | resource "azurerm_network_interface" "hashistack-server-ni" { 148 | count = "${var.server_count}" 149 | name = "hashistack-server-ni-${count.index}" 150 | location = "${var.location}" 151 | resource_group_name = "${azurerm_resource_group.hashistack.name}" 152 | 153 | ip_configuration { 154 | name = "hashistack-ipc" 155 | subnet_id = "${azurerm_subnet.hashistack-sn.id}" 156 | private_ip_address_allocation = "Dynamic" 157 | public_ip_address_id = "${element(azurerm_public_ip.hashistack-server-public-ip.*.id, count.index)}" 158 | } 159 | 160 | tags = {"NomadJoinTag" = "auto-join"} 161 | } 162 | 163 | resource "azurerm_linux_virtual_machine" "server" { 164 | name = "hashistack-server-${count.index}" 165 | location = "${var.location}" 166 | resource_group_name = "${azurerm_resource_group.hashistack.name}" 167 | network_interface_ids = ["${element(azurerm_network_interface.hashistack-server-ni.*.id, count.index)}"] 168 | size = "${var.server_instance_type}" 169 | count = "${var.server_count}" 170 | 171 | source_image_reference { 172 | publisher = "Canonical" 173 | offer = "UbuntuServer" 174 | sku = "16.04-LTS" 175 | version = "latest" 176 | } 177 | 178 | os_disk { 179 | name = "hashistack-server-osdisk-${count.index}" 180 | caching = "ReadWrite" 181 | storage_account_type = "Standard_LRS" 182 | } 183 | 184 | admin_ssh_key { 185 | username = "ubuntu" 186 | public_key = tls_private_key.private_key.public_key_openssh 187 | } 188 | 189 | connection { 190 | type = "ssh" 191 | user = "ubuntu" 192 | private_key = tls_private_key.private_key.private_key_pem 193 | host = self.public_ip_address 194 | } 195 | 196 | provisioner "remote-exec" { 197 | inline = ["sudo mkdir -p /ops", "sudo chmod 777 -R /ops"] 198 | } 199 | 200 | provisioner "file" { 201 | source = "../shared" 202 | destination = "/ops" 203 | } 204 | 205 | computer_name = "hashistack-server-${count.index}" 206 | admin_username = "ubuntu" 207 | custom_data = "${base64encode(templatefile("../shared/data-scripts/user-data-server.sh", { 208 | region = var.location 209 | cloud_env = "azure" 210 | server_count = "${var.server_count}" 211 | retry_join = local.retry_join 212 | nomad_version = var.nomad_version 213 | }))}" 214 | } 215 | 216 | resource "azurerm_public_ip" "hashistack-client-public-ip" { 217 | count = "${var.client_count}" 218 | name = "hashistack-client-ip-${count.index}" 219 | location = "${var.location}" 220 | resource_group_name = "${azurerm_resource_group.hashistack.name}" 221 | allocation_method = "Static" 222 | } 223 | 224 | resource "azurerm_network_interface" "hashistack-client-ni" { 225 | count = "${var.client_count}" 226 | name = "hashistack-client-ni-${count.index}" 227 | location = "${var.location}" 228 | resource_group_name = "${azurerm_resource_group.hashistack.name}" 229 | 230 | ip_configuration { 231 | name = "hashistack-ipc" 232 | subnet_id = "${azurerm_subnet.hashistack-sn.id}" 233 | private_ip_address_allocation = "Dynamic" 234 | public_ip_address_id = "${element(azurerm_public_ip.hashistack-client-public-ip.*.id, count.index)}" 235 | } 236 | 237 | tags = {"NomadJoinTag" = "auto-join"} 238 | } 239 | 240 | resource "azurerm_linux_virtual_machine" "client" { 241 | name = "hashistack-client-${count.index}" 242 | location = "${var.location}" 243 | resource_group_name = "${azurerm_resource_group.hashistack.name}" 244 | network_interface_ids = ["${element(azurerm_network_interface.hashistack-client-ni.*.id, count.index)}"] 245 | size = "${var.client_instance_type}" 246 | count = "${var.client_count}" 247 | 248 | source_image_reference { 249 | publisher = "Canonical" 250 | offer = "UbuntuServer" 251 | sku = "16.04-LTS" 252 | version = "latest" 253 | } 254 | 255 | os_disk { 256 | name = "hashistack-client-osdisk-${count.index}" 257 | caching = "ReadWrite" 258 | storage_account_type = "Standard_LRS" 259 | } 260 | 261 | admin_ssh_key { 262 | username = "ubuntu" 263 | public_key = tls_private_key.private_key.public_key_openssh 264 | } 265 | 266 | connection { 267 | type = "ssh" 268 | user = "ubuntu" 269 | private_key = tls_private_key.private_key.private_key_pem 270 | host = self.public_ip_address 271 | } 272 | 273 | provisioner "remote-exec" { 274 | inline = ["sudo mkdir -p /ops", "sudo chmod 777 -R /ops"] 275 | } 276 | 277 | provisioner "file" { 278 | source = "../shared" 279 | destination = "/ops" 280 | } 281 | 282 | computer_name = "hashistack-client-${count.index}" 283 | admin_username = "ubuntu" 284 | custom_data = "${base64encode(templatefile("../shared/data-scripts/user-data-client.sh", { 285 | region = var.location 286 | cloud_env = "azure" 287 | retry_join = local.retry_join 288 | nomad_version = var.nomad_version 289 | }))}" 290 | } -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2022 HashiCorp, Inc. 2 | 3 | Mozilla Public License Version 2.0 4 | ================================== 5 | 6 | 1. Definitions 7 | -------------- 8 | 9 | 1.1. "Contributor" 10 | means each individual or legal entity that creates, contributes to 11 | the creation of, or owns Covered Software. 12 | 13 | 1.2. "Contributor Version" 14 | means the combination of the Contributions of others (if any) used 15 | by a Contributor and that particular Contributor's Contribution. 16 | 17 | 1.3. "Contribution" 18 | means Covered Software of a particular Contributor. 19 | 20 | 1.4. "Covered Software" 21 | means Source Code Form to which the initial Contributor has attached 22 | the notice in Exhibit A, the Executable Form of such Source Code 23 | Form, and Modifications of such Source Code Form, in each case 24 | including portions thereof. 25 | 26 | 1.5. "Incompatible With Secondary Licenses" 27 | means 28 | 29 | (a) that the initial Contributor has attached the notice described 30 | in Exhibit B to the Covered Software; or 31 | 32 | (b) that the Covered Software was made available under the terms of 33 | version 1.1 or earlier of the License, but not also under the 34 | terms of a Secondary License. 35 | 36 | 1.6. "Executable Form" 37 | means any form of the work other than Source Code Form. 38 | 39 | 1.7. "Larger Work" 40 | means a work that combines Covered Software with other material, in 41 | a separate file or files, that is not Covered Software. 42 | 43 | 1.8. "License" 44 | means this document. 45 | 46 | 1.9. "Licensable" 47 | means having the right to grant, to the maximum extent possible, 48 | whether at the time of the initial grant or subsequently, any and 49 | all of the rights conveyed by this License. 50 | 51 | 1.10. "Modifications" 52 | means any of the following: 53 | 54 | (a) any file in Source Code Form that results from an addition to, 55 | deletion from, or modification of the contents of Covered 56 | Software; or 57 | 58 | (b) any new file in Source Code Form that contains any Covered 59 | Software. 60 | 61 | 1.11. "Patent Claims" of a Contributor 62 | means any patent claim(s), including without limitation, method, 63 | process, and apparatus claims, in any patent Licensable by such 64 | Contributor that would be infringed, but for the grant of the 65 | License, by the making, using, selling, offering for sale, having 66 | made, import, or transfer of either its Contributions or its 67 | Contributor Version. 68 | 69 | 1.12. "Secondary License" 70 | means either the GNU General Public License, Version 2.0, the GNU 71 | Lesser General Public License, Version 2.1, the GNU Affero General 72 | Public License, Version 3.0, or any later versions of those 73 | licenses. 74 | 75 | 1.13. "Source Code Form" 76 | means the form of the work preferred for making modifications. 77 | 78 | 1.14. "You" (or "Your") 79 | means an individual or a legal entity exercising rights under this 80 | License. For legal entities, "You" includes any entity that 81 | controls, is controlled by, or is under common control with You. For 82 | purposes of this definition, "control" means (a) the power, direct 83 | or indirect, to cause the direction or management of such entity, 84 | whether by contract or otherwise, or (b) ownership of more than 85 | fifty percent (50%) of the outstanding shares or beneficial 86 | ownership of such entity. 87 | 88 | 2. License Grants and Conditions 89 | -------------------------------- 90 | 91 | 2.1. Grants 92 | 93 | Each Contributor hereby grants You a world-wide, royalty-free, 94 | non-exclusive license: 95 | 96 | (a) under intellectual property rights (other than patent or trademark) 97 | Licensable by such Contributor to use, reproduce, make available, 98 | modify, display, perform, distribute, and otherwise exploit its 99 | Contributions, either on an unmodified basis, with Modifications, or 100 | as part of a Larger Work; and 101 | 102 | (b) under Patent Claims of such Contributor to make, use, sell, offer 103 | for sale, have made, import, and otherwise transfer either its 104 | Contributions or its Contributor Version. 105 | 106 | 2.2. Effective Date 107 | 108 | The licenses granted in Section 2.1 with respect to any Contribution 109 | become effective for each Contribution on the date the Contributor first 110 | distributes such Contribution. 111 | 112 | 2.3. Limitations on Grant Scope 113 | 114 | The licenses granted in this Section 2 are the only rights granted under 115 | this License. No additional rights or licenses will be implied from the 116 | distribution or licensing of Covered Software under this License. 117 | Notwithstanding Section 2.1(b) above, no patent license is granted by a 118 | Contributor: 119 | 120 | (a) for any code that a Contributor has removed from Covered Software; 121 | or 122 | 123 | (b) for infringements caused by: (i) Your and any other third party's 124 | modifications of Covered Software, or (ii) the combination of its 125 | Contributions with other software (except as part of its Contributor 126 | Version); or 127 | 128 | (c) under Patent Claims infringed by Covered Software in the absence of 129 | its Contributions. 130 | 131 | This License does not grant any rights in the trademarks, service marks, 132 | or logos of any Contributor (except as may be necessary to comply with 133 | the notice requirements in Section 3.4). 134 | 135 | 2.4. Subsequent Licenses 136 | 137 | No Contributor makes additional grants as a result of Your choice to 138 | distribute the Covered Software under a subsequent version of this 139 | License (see Section 10.2) or under the terms of a Secondary License (if 140 | permitted under the terms of Section 3.3). 141 | 142 | 2.5. Representation 143 | 144 | Each Contributor represents that the Contributor believes its 145 | Contributions are its original creation(s) or it has sufficient rights 146 | to grant the rights to its Contributions conveyed by this License. 147 | 148 | 2.6. Fair Use 149 | 150 | This License is not intended to limit any rights You have under 151 | applicable copyright doctrines of fair use, fair dealing, or other 152 | equivalents. 153 | 154 | 2.7. Conditions 155 | 156 | Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted 157 | in Section 2.1. 158 | 159 | 3. Responsibilities 160 | ------------------- 161 | 162 | 3.1. Distribution of Source Form 163 | 164 | All distribution of Covered Software in Source Code Form, including any 165 | Modifications that You create or to which You contribute, must be under 166 | the terms of this License. You must inform recipients that the Source 167 | Code Form of the Covered Software is governed by the terms of this 168 | License, and how they can obtain a copy of this License. You may not 169 | attempt to alter or restrict the recipients' rights in the Source Code 170 | Form. 171 | 172 | 3.2. Distribution of Executable Form 173 | 174 | If You distribute Covered Software in Executable Form then: 175 | 176 | (a) such Covered Software must also be made available in Source Code 177 | Form, as described in Section 3.1, and You must inform recipients of 178 | the Executable Form how they can obtain a copy of such Source Code 179 | Form by reasonable means in a timely manner, at a charge no more 180 | than the cost of distribution to the recipient; and 181 | 182 | (b) You may distribute such Executable Form under the terms of this 183 | License, or sublicense it under different terms, provided that the 184 | license for the Executable Form does not attempt to limit or alter 185 | the recipients' rights in the Source Code Form under this License. 186 | 187 | 3.3. Distribution of a Larger Work 188 | 189 | You may create and distribute a Larger Work under terms of Your choice, 190 | provided that You also comply with the requirements of this License for 191 | the Covered Software. If the Larger Work is a combination of Covered 192 | Software with a work governed by one or more Secondary Licenses, and the 193 | Covered Software is not Incompatible With Secondary Licenses, this 194 | License permits You to additionally distribute such Covered Software 195 | under the terms of such Secondary License(s), so that the recipient of 196 | the Larger Work may, at their option, further distribute the Covered 197 | Software under the terms of either this License or such Secondary 198 | License(s). 199 | 200 | 3.4. Notices 201 | 202 | You may not remove or alter the substance of any license notices 203 | (including copyright notices, patent notices, disclaimers of warranty, 204 | or limitations of liability) contained within the Source Code Form of 205 | the Covered Software, except that You may alter any license notices to 206 | the extent required to remedy known factual inaccuracies. 207 | 208 | 3.5. Application of Additional Terms 209 | 210 | You may choose to offer, and to charge a fee for, warranty, support, 211 | indemnity or liability obligations to one or more recipients of Covered 212 | Software. However, You may do so only on Your own behalf, and not on 213 | behalf of any Contributor. You must make it absolutely clear that any 214 | such warranty, support, indemnity, or liability obligation is offered by 215 | You alone, and You hereby agree to indemnify every Contributor for any 216 | liability incurred by such Contributor as a result of warranty, support, 217 | indemnity or liability terms You offer. You may include additional 218 | disclaimers of warranty and limitations of liability specific to any 219 | jurisdiction. 220 | 221 | 4. Inability to Comply Due to Statute or Regulation 222 | --------------------------------------------------- 223 | 224 | If it is impossible for You to comply with any of the terms of this 225 | License with respect to some or all of the Covered Software due to 226 | statute, judicial order, or regulation then You must: (a) comply with 227 | the terms of this License to the maximum extent possible; and (b) 228 | describe the limitations and the code they affect. Such description must 229 | be placed in a text file included with all distributions of the Covered 230 | Software under this License. Except to the extent prohibited by statute 231 | or regulation, such description must be sufficiently detailed for a 232 | recipient of ordinary skill to be able to understand it. 233 | 234 | 5. Termination 235 | -------------- 236 | 237 | 5.1. The rights granted under this License will terminate automatically 238 | if You fail to comply with any of its terms. However, if You become 239 | compliant, then the rights granted under this License from a particular 240 | Contributor are reinstated (a) provisionally, unless and until such 241 | Contributor explicitly and finally terminates Your grants, and (b) on an 242 | ongoing basis, if such Contributor fails to notify You of the 243 | non-compliance by some reasonable means prior to 60 days after You have 244 | come back into compliance. Moreover, Your grants from a particular 245 | Contributor are reinstated on an ongoing basis if such Contributor 246 | notifies You of the non-compliance by some reasonable means, this is the 247 | first time You have received notice of non-compliance with this License 248 | from such Contributor, and You become compliant prior to 30 days after 249 | Your receipt of the notice. 250 | 251 | 5.2. If You initiate litigation against any entity by asserting a patent 252 | infringement claim (excluding declaratory judgment actions, 253 | counter-claims, and cross-claims) alleging that a Contributor Version 254 | directly or indirectly infringes any patent, then the rights granted to 255 | You by any and all Contributors for the Covered Software under Section 256 | 2.1 of this License shall terminate. 257 | 258 | 5.3. In the event of termination under Sections 5.1 or 5.2 above, all 259 | end user license agreements (excluding distributors and resellers) which 260 | have been validly granted by You or Your distributors under this License 261 | prior to termination shall survive termination. 262 | 263 | ************************************************************************ 264 | * * 265 | * 6. Disclaimer of Warranty * 266 | * ------------------------- * 267 | * * 268 | * Covered Software is provided under this License on an "as is" * 269 | * basis, without warranty of any kind, either expressed, implied, or * 270 | * statutory, including, without limitation, warranties that the * 271 | * Covered Software is free of defects, merchantable, fit for a * 272 | * particular purpose or non-infringing. The entire risk as to the * 273 | * quality and performance of the Covered Software is with You. * 274 | * Should any Covered Software prove defective in any respect, You * 275 | * (not any Contributor) assume the cost of any necessary servicing, * 276 | * repair, or correction. This disclaimer of warranty constitutes an * 277 | * essential part of this License. No use of any Covered Software is * 278 | * authorized under this License except under this disclaimer. * 279 | * * 280 | ************************************************************************ 281 | 282 | ************************************************************************ 283 | * * 284 | * 7. Limitation of Liability * 285 | * -------------------------- * 286 | * * 287 | * Under no circumstances and under no legal theory, whether tort * 288 | * (including negligence), contract, or otherwise, shall any * 289 | * Contributor, or anyone who distributes Covered Software as * 290 | * permitted above, be liable to You for any direct, indirect, * 291 | * special, incidental, or consequential damages of any character * 292 | * including, without limitation, damages for lost profits, loss of * 293 | * goodwill, work stoppage, computer failure or malfunction, or any * 294 | * and all other commercial damages or losses, even if such party * 295 | * shall have been informed of the possibility of such damages. This * 296 | * limitation of liability shall not apply to liability for death or * 297 | * personal injury resulting from such party's negligence to the * 298 | * extent applicable law prohibits such limitation. Some * 299 | * jurisdictions do not allow the exclusion or limitation of * 300 | * incidental or consequential damages, so this exclusion and * 301 | * limitation may not apply to You. * 302 | * * 303 | ************************************************************************ 304 | 305 | 8. Litigation 306 | ------------- 307 | 308 | Any litigation relating to this License may be brought only in the 309 | courts of a jurisdiction where the defendant maintains its principal 310 | place of business and such litigation shall be governed by laws of that 311 | jurisdiction, without reference to its conflict-of-law provisions. 312 | Nothing in this Section shall prevent a party's ability to bring 313 | cross-claims or counter-claims. 314 | 315 | 9. Miscellaneous 316 | ---------------- 317 | 318 | This License represents the complete agreement concerning the subject 319 | matter hereof. If any provision of this License is held to be 320 | unenforceable, such provision shall be reformed only to the extent 321 | necessary to make it enforceable. Any law or regulation which provides 322 | that the language of a contract shall be construed against the drafter 323 | shall not be used to construe this License against a Contributor. 324 | 325 | 10. Versions of the License 326 | --------------------------- 327 | 328 | 10.1. New Versions 329 | 330 | Mozilla Foundation is the license steward. Except as provided in Section 331 | 10.3, no one other than the license steward has the right to modify or 332 | publish new versions of this License. Each version will be given a 333 | distinguishing version number. 334 | 335 | 10.2. Effect of New Versions 336 | 337 | You may distribute the Covered Software under the terms of the version 338 | of the License under which You originally received the Covered Software, 339 | or under the terms of any subsequent version published by the license 340 | steward. 341 | 342 | 10.3. Modified Versions 343 | 344 | If you create software not governed by this License, and you want to 345 | create a new license for such software, you may create and use a 346 | modified version of this License if you rename the license and remove 347 | any references to the name of the license steward (except to note that 348 | such modified license differs from this License). 349 | 350 | 10.4. Distributing Source Code Form that is Incompatible With Secondary 351 | Licenses 352 | 353 | If You choose to distribute Source Code Form that is Incompatible With 354 | Secondary Licenses under the terms of this version of the License, the 355 | notice described in Exhibit B of this License must be attached. 356 | 357 | Exhibit A - Source Code Form License Notice 358 | ------------------------------------------- 359 | 360 | This Source Code Form is subject to the terms of the Mozilla Public 361 | License, v. 2.0. If a copy of the MPL was not distributed with this 362 | file, You can obtain one at http://mozilla.org/MPL/2.0/. 363 | 364 | If it is not possible or desirable to put the notice in a particular 365 | file, then You may include the notice in a location (such as a LICENSE 366 | file in a relevant directory) where a recipient would be likely to look 367 | for such a notice. 368 | 369 | You may add additional accurate notices of copyright ownership. 370 | 371 | Exhibit B - "Incompatible With Secondary Licenses" Notice 372 | --------------------------------------------------------- 373 | 374 | This Source Code Form is "Incompatible With Secondary Licenses", as 375 | defined by the Mozilla Public License, v. 2.0. --------------------------------------------------------------------------------