├── scripts ├── cleanup.sh ├── install-docker.sh ├── dependencies.sh ├── install-jdk.sh ├── install-nomad.sh ├── install-consul.sh └── install-vault.sh ├── .gitignore ├── ci ├── hashgen.sh └── provision.sh ├── Vagrantfile ├── examples ├── nomad-consul-separate-cluster │ ├── consul-server.yaml │ ├── nomad-server.yaml │ ├── nomad-client.yaml │ └── README.md └── nomad-consul-colocated-cluster │ ├── nomad-server.yaml │ ├── nomad-client.yaml │ └── README.md ├── LICENSE ├── packer ├── provisioners.json ├── rpi-ubuntu-armhf.json └── rpi-ubuntu-arm64.json ├── .travis.yml └── README.md /scripts/cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | rm -rf /tmp/keyring -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | output-arm-image 3 | dist 4 | packer_cache 5 | *.log -------------------------------------------------------------------------------- /ci/hashgen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | for f in *.xz; do shasum -a 256 $f > $f.sha256; done -------------------------------------------------------------------------------- /scripts/install-docker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | apt-get install -y docker.io 5 | -------------------------------------------------------------------------------- /scripts/dependencies.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | apt-get -y update 5 | apt-get -y install -y curl unzip 6 | 7 | mkdir /tmp/keyring 8 | chmod 700 /tmp/keyring 9 | 10 | curl -s https://keybase.io/hashicorp/pgp_keys.asc | gpg --import --homedir /tmp/keyring -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | Vagrant.configure("2") do |config| 5 | 6 | config.vm.box = "ubuntu/focal64" 7 | 8 | config.vm.boot_timeout = 600 9 | 10 | config.vm.provider "virtualbox" do |vb| 11 | vb.customize [ "modifyvm", :id, "--uartmode1", "disconnected" ] 12 | end 13 | 14 | config.vm.provision "build-env", type: "shell", :path => "ci/provision.sh", privileged: false 15 | 16 | end 17 | -------------------------------------------------------------------------------- /examples/nomad-consul-separate-cluster/consul-server.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | # vim: syntax=yaml 3 | # 4 | 5 | hostname: consul-svr 6 | 7 | manage_etc_hosts: true 8 | package_update: false 9 | package_upgrade: false 10 | 11 | write_files: 12 | - path: /etc/consul.d/consul.hcl 13 | owner: consul:consul 14 | content: | 15 | advertise_addr = "{{ GetPrivateInterfaces | include \"type\" \"IP\" | attr \"address\" }}" 16 | client_addr = "0.0.0.0" 17 | data_dir = "/opt/consul" 18 | bootstrap_expect = 3 19 | retry_join = [ "consul-svr-1.local", "consul-svr-2.local", "consul-svr-3.local" ] 20 | server = true 21 | ui = true 22 | 23 | runcmd: 24 | - [ raspi-config, nonint, do_ssh, '0' ] -------------------------------------------------------------------------------- /ci/provision.sh: -------------------------------------------------------------------------------- 1 | sudo apt-get update -qq 2 | 3 | # Install required packages 4 | sudo apt-get install -y \ 5 | kpartx \ 6 | qemu-user-static \ 7 | wget \ 8 | curl \ 9 | zip \ 10 | unzip \ 11 | xz-utils \ 12 | jq 13 | 14 | # Download and install packer 15 | [[ -e /tmp/packer ]] && rm -rf /tmp/packer* 16 | wget https://releases.hashicorp.com/packer/1.6.0/packer_1.6.0_linux_amd64.zip -q -O /tmp/packer_1.6.0_linux_amd64.zip 17 | pushd /tmp 18 | unzip -u packer_1.6.0_linux_amd64.zip 19 | sudo cp packer /usr/local/bin 20 | rm -rf /tmp/packer* 21 | popd 22 | 23 | sudo wget https://github.com/solo-io/packer-builder-arm-image/releases/download/v0.1.6/packer-builder-arm-image -q -O /usr/local/bin/packer-builder-arm-image 24 | sudo chmod 755 /usr/local/bin/packer-builder-arm-image -------------------------------------------------------------------------------- /examples/nomad-consul-colocated-cluster/nomad-server.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | # vim: syntax=yaml 3 | # 4 | 5 | hostname: nomad-svr 6 | 7 | manage_etc_hosts: true 8 | package_update: false 9 | package_upgrade: false 10 | 11 | write_files: 12 | - path: /etc/consul.d/consul.hcl 13 | owner: consul:consul 14 | content: | 15 | advertise_addr = "{{ GetPrivateInterfaces | include \"type\" \"IP\" | attr \"address\" }}" 16 | client_addr = "0.0.0.0" 17 | data_dir = "/opt/consul" 18 | bootstrap_expect = 3 19 | retry_join = [ "nomad-svr-1.local", "nomad-svr-2.local", "nomad-svr-3.local" ] 20 | server = true 21 | ui = true 22 | - path: /etc/nomad.d/nomad.hcl 23 | content: | 24 | bind_addr = "0.0.0.0" 25 | data_dir = "/opt/nomad" 26 | 27 | server { 28 | enabled = true 29 | bootstrap_expect = 3 30 | } -------------------------------------------------------------------------------- /examples/nomad-consul-separate-cluster/nomad-server.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | # vim: syntax=yaml 3 | # 4 | 5 | hostname: nomad-svr 6 | 7 | manage_etc_hosts: true 8 | package_update: false 9 | package_upgrade: false 10 | 11 | write_files: 12 | - path: /etc/consul.d/consul.hcl 13 | owner: consul:consul 14 | content: | 15 | advertise_addr = "{{ GetPrivateInterfaces | include \"type\" \"IP\" | attr \"address\" }}" 16 | client_addr = "0.0.0.0" 17 | data_dir = "/opt/consul" 18 | retry_join = [ "consul-svr-1.local", "consul-svr-2.local", "consul-svr-3.local" ] 19 | server = false 20 | ui = false 21 | - path: /etc/nomad.d/nomad.hcl 22 | content: | 23 | bind_addr = "0.0.0.0" 24 | data_dir = "/opt/nomad" 25 | 26 | server { 27 | enabled = true 28 | bootstrap_expect = 3 29 | } 30 | 31 | runcmd: 32 | - [ raspi-config, nonint, do_ssh, '0' ] -------------------------------------------------------------------------------- /examples/nomad-consul-colocated-cluster/nomad-client.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | # vim: syntax=yaml 3 | # 4 | 5 | hostname: nomad-clt 6 | 7 | manage_etc_hosts: true 8 | package_update: false 9 | package_upgrade: false 10 | 11 | write_files: 12 | - path: /etc/consul.d/consul.hcl 13 | owner: consul:consul 14 | content: | 15 | advertise_addr = "{{ GetPrivateInterfaces | include \"type\" \"IP\" | attr \"address\" }}" 16 | client_addr = "0.0.0.0" 17 | data_dir = "/opt/consul" 18 | retry_join = [ "nomad-svr-1.local", "nomad-svr-2.local", "nomad-svr-3.local" ] 19 | server = false 20 | ui = false 21 | - path: /etc/nomad.d/nomad.hcl 22 | content: | 23 | bind_addr = "0.0.0.0" 24 | data_dir = "/opt/nomad" 25 | 26 | client { 27 | enabled = true 28 | options { 29 | "driver.raw_exec.enable" = "1" 30 | } 31 | } -------------------------------------------------------------------------------- /examples/nomad-consul-separate-cluster/nomad-client.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | # vim: syntax=yaml 3 | # 4 | 5 | hostname: nomad-clt 6 | 7 | manage_etc_hosts: true 8 | package_update: false 9 | package_upgrade: false 10 | 11 | write_files: 12 | - path: /etc/consul.d/consul.hcl 13 | owner: consul:consul 14 | content: | 15 | advertise_addr = "{{ GetPrivateInterfaces | include \"type\" \"IP\" | attr \"address\" }}" 16 | client_addr = "0.0.0.0" 17 | data_dir = "/opt/consul" 18 | retry_join = [ "consul-svr-1.local", "consul-svr-2.local", "consul-svr-3.local" ] 19 | server = false 20 | ui = false 21 | - path: /etc/nomad.d/nomad.hcl 22 | content: | 23 | bind_addr = "0.0.0.0" 24 | data_dir = "/opt/nomad" 25 | 26 | client { 27 | enabled = true 28 | options { 29 | "driver.raw_exec.enable" = "1" 30 | } 31 | } 32 | 33 | runcmd: 34 | - [ raspi-config, nonint, do_ssh, '0' ] -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Johan Siebens 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /scripts/install-jdk.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | 4 | ARCH=$(uname -m) 5 | case $ARCH in 6 | amd64) 7 | SUFFIX=amd64 8 | CHECKSUM="2caa61620df32b4a2ef7f7a86a11a512056c1ab6" 9 | ;; 10 | x86_64) 11 | SUFFIX=amd64 12 | CHECKSUM="2caa61620df32b4a2ef7f7a86a11a512056c1ab6" 13 | ;; 14 | arm64) 15 | SUFFIX=aarch64 16 | CHECKSUM="c09ca894b6d2a9633234d767908a1374adfd5831" 17 | ;; 18 | aarch64) 19 | SUFFIX=aarch64 20 | CHECKSUM="c09ca894b6d2a9633234d767908a1374adfd5831" 21 | ;; 22 | arm*) 23 | SUFFIX=arm32-vfp-hflt 24 | CHECKSUM="830f69924fcb8f58b7054d3da47ebff3ab5c79ad" 25 | ;; 26 | *) 27 | echo "Unsupported architecture $ARCH" 28 | exit 1 29 | esac 30 | 31 | URL="https://download.bell-sw.com/java/11.0.8+10/bellsoft-jdk11.0.8+10-linux-${SUFFIX}-lite.deb" 32 | 33 | echo "Fetching Bellsoft JDK 11 ..." 34 | curl -s -L -o /tmp/bellsoft.deb ${URL} 35 | 36 | echo "Verifiying Bellsoft JDK 11 download ..." 37 | echo "${CHECKSUM} /tmp/bellsoft.deb" | sha1sum --check 38 | 39 | echo "Installing Bellsoft JDK 11 ..." 40 | apt-get install /tmp/bellsoft.deb -y 41 | rm /tmp/bellsoft.deb 42 | -------------------------------------------------------------------------------- /packer/provisioners.json: -------------------------------------------------------------------------------- 1 | { 2 | "variables": { 3 | "consul_version": "1.8.0", 4 | "nomad_version": "0.12.1", 5 | "vault_version": "1.5.0" 6 | }, 7 | "provisioners": [ 8 | { 9 | "type": "shell", 10 | "scripts": [ "scripts/dependencies.sh" ] 11 | }, 12 | { 13 | "type": "shell", 14 | "environment_vars": [ 15 | "CONSUL_VERSION={{user `consul_version`}}" 16 | ], 17 | "scripts": [ "scripts/install-consul.sh" ] 18 | }, 19 | { 20 | "type": "shell", 21 | "environment_vars": [ 22 | "NOMAD_VERSION={{user `nomad_version`}}" 23 | ], 24 | "scripts": [ "scripts/install-nomad.sh" ], 25 | "only": [ "nomad", "nomad-client", "hashi-stack", "hashi-stack-extra" ] 26 | }, 27 | { 28 | "type": "shell", 29 | "environment_vars": [ 30 | "VAULT_VERSION={{user `vault_version`}}" 31 | ], 32 | "scripts": [ "scripts/install-vault.sh" ], 33 | "only": [ "vault", "hashi-stack" ] 34 | }, 35 | { 36 | "type": "shell", 37 | "scripts": [ "scripts/install-docker.sh", "scripts/install-jdk.sh" ], 38 | "only": [ "nomad-client", "hashi-stack-extra" ] 39 | }, 40 | { 41 | "type": "shell", 42 | "scripts": [ "scripts/cleanup.sh" ] 43 | } 44 | ] 45 | } -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: minimal 2 | dist: focal 3 | 4 | env: 5 | - BASE=ubuntu-armhf TARGET=consul 6 | - BASE=ubuntu-armhf TARGET=nomad 7 | - BASE=ubuntu-armhf TARGET=nomad-client 8 | - BASE=ubuntu-armhf TARGET=vault 9 | - BASE=ubuntu-armhf TARGET=hashi-stack 10 | - BASE=ubuntu-armhf TARGET=hashi-stack-extra 11 | - BASE=ubuntu-arm64 TARGET=consul 12 | - BASE=ubuntu-arm64 TARGET=nomad 13 | - BASE=ubuntu-arm64 TARGET=nomad-client 14 | - BASE=ubuntu-arm64 TARGET=vault 15 | - BASE=ubuntu-arm64 TARGET=hashi-stack 16 | - BASE=ubuntu-arm64 TARGET=hashi-stack-extra 17 | 18 | before_install: 19 | - sudo unlink /usr/local/bin/packer 20 | - ci/provision.sh 21 | 22 | script: 23 | # Output something every 10 minutes or Travis kills the job 24 | - while sleep 9m; do echo "=====[ $SECONDS seconds still running ]====="; done & 25 | - sudo ./build.sh $BASE $TARGET 26 | # Killing background sleep loop 27 | - kill %1 28 | - ls -lh dist 29 | 30 | before_deploy: 31 | - cd dist && sudo ../ci/hashgen.sh && cd .. 32 | 33 | deploy: 34 | provider: releases 35 | api_key: 36 | secure: eQjdLmRkVDA51X21KeJX+19OkmTvSf0hq8WSHpbN+qG1pphDpy+1NZEGCxYMEIgVxXgHNI0giDx2XyvLzD710RZOAS5n8YmbYbfWcnwsH+RR8N5nKLG5PcSHww7Vp1QrcH6AzgPrbPdqnqWT1XAC4pDUsWfgscBE8zbAX3l+59dXhuvBEQ3ok9FI/Yy6BAqW9ZzrGlCiYs1MgXuqpoOIlH/rpBYvwDkI/MKdPBEjB/VhLCANJBbXcp4mUa2QOvJYRU8nCXW3VNZkU7+pHNPXmGrZ5jHiS9uIeTZpIG5TUmYdikNGAs2JbIkOAmBfGJs5JhqNPVUC8eC15f6bIT4Vc6O5ordL9v1n5Kz8qqwhponfStfeZoZOC/CYD8lJdmE1PLPsSTGUYVOs2WRJ9cct9bqmsX6qoyFNQ9HGolDLREAuo0jnwdBhnREjh3EFeU8VMZCms2JqOZrNrk4TuBLvNRkuOwPUQpRp6gQdMr8sJjSkuV/aj3gAWaGHnKJAQkF10jOs1/ISoDdhoY9lTokZ+GXu6c0n5NRh28hjGdo0rPv4vyWwT6TctfhCh/jCpfAstpsvWOlqmOK0prf0VmpsVhFTQncYjupFqKDLDd2BvWUz7EZ8dHuSqozv1a9x9RIhYiCTVfQc72mVz9JnZQQXgagL+NCT45DQQq6DiniRabM= 37 | file_glob: true 38 | file: 39 | - dist/*.xz 40 | - dist/*.xz.sha256 41 | skip_cleanup: true 42 | on: 43 | tags: true -------------------------------------------------------------------------------- /examples/nomad-consul-colocated-cluster/README.md: -------------------------------------------------------------------------------- 1 | # Nomad and Consul co-located Cluster 2 | 3 | This tutorial explains how the build a Nomad cluster co-located with a Consul cluster on Raspberry Pi devices. 4 | The Nomad cluster consists of two groups: one with 3 instances running the Nomad service nodes, and a second one with a number of Nomad client nodes, which are used to run jobs. The cluster consists of groups: one with 3 instances of Nomad and Consul server nodes, and one with 3 Nomad and Consul client nodes, which are used to run jobs: 5 | 6 | ## Prerequisites 7 | 8 | - the pre-built images 9 | - 6 Raspberry Pi devices 10 | - 6 SD cards 11 | - [flash](https://github.com/hypriot/flash) utility 12 | 13 | > This tutorial relies heavily on the usage of _flash_, because it allows you to write the images to an SD card and customize it's user-data and a hostname with a single command. If you rather use a different tool, make sure you write the correct user-data and hostname on each SD card. 14 | 15 | ## Quickstart 16 | 17 | 1. `git clone` this repository 18 | 19 | 2. download or build the images 20 | 21 | 3. review the user-data examples and adjust if required 22 | 23 | 4. write the images to SD cards and customize the user-data 24 | 25 | _Nomad and Consul servers_ 26 | 27 | ``` 28 | flash --hostname nomad-svr-1 --user-data examples/nomad-consul-colocated-cluster/nomad-server.yaml dist/rpi-nomad.img 29 | flash --hostname nomad-svr-2 --user-data examples/nomad-consul-colocated-cluster/nomad-server.yaml dist/rpi-nomad.img 30 | flash --hostname nomad-svr-3 --user-data examples/nomad-consul-colocated-cluster/nomad-server.yaml dist/rpi-nomad.img 31 | ``` 32 | 33 | _Nomad clients_ 34 | 35 | ``` 36 | flash --hostname nomad-clt-1 --user-data examples/nomad-consul-colocated-cluster/nomad-client.yaml dist/rpi-nomad-client.img 37 | flash --hostname nomad-clt-2 --user-data examples/nomad-consul-colocated-cluster/nomad-client.yaml dist/rpi-nomad-client.img 38 | flash --hostname nomad-clt-3 --user-data examples/nomad-consul-colocated-cluster/nomad-client.yaml dist/rpi-nomad-client.img 39 | ``` 40 | 41 | 5. put the SD cards in the Raspberry Pi devices 42 | 43 | 6. connect all devices to the same network and power up! 44 | 45 | -------------------------------------------------------------------------------- /examples/nomad-consul-separate-cluster/README.md: -------------------------------------------------------------------------------- 1 | # Nomad and Consul separated Cluster 2 | 3 | This tutorial explains how the build a Nomad cluster that connects to a separate Consul cluster on Raspberry Pi devices. 4 | The Nomad cluster consists of two groups: one with 3 instances running the Nomad service nodes, and a second one with a number of Nomad client nodes, which are used to run jobs. 5 | 6 | ## Prerequisites 7 | 8 | - the pre-built images 9 | - 9 Raspberry Pi devices 10 | - 9 SD cards 11 | - [flash](https://github.com/hypriot/flash) utility 12 | 13 | > This tutorial relies heavily on the usage of _flash_, because it allows you to write the images to an SD card and customize it's user-data and a hostname with a single command. If you rather use a different tool, make sure you write the correct user-data and hostname on each SD card. 14 | 15 | 16 | ## Quickstart 17 | 18 | 1. `git clone` this repository 19 | 20 | 2. download or build the images 21 | 22 | 3. review the user-data examples and adjust if required 23 | 24 | 4. write the images to SD cards and customize the user-data 25 | 26 | _Consul servers_ 27 | 28 | ``` 29 | flash --hostname consul-svr-1 --user-data examples/nomad-consul-separated-cluster/consul-server.yaml dist/rpi-consul.img 30 | flash --hostname consul-svr-2 --user-data examples/nomad-consul-separated-cluster/consul-server.yaml dist/rpi-consul.img 31 | flash --hostname consul-svr-3 --user-data examples/nomad-consul-separated-cluster/consul-server.yaml dist/rpi-consul.img 32 | ``` 33 | 34 | _Nomad servers_ 35 | 36 | ``` 37 | flash --hostname nomad-svr-1 --user-data examples/nomad-consul-separated-cluster/nomad-server.yaml dist/rpi-nomad.img 38 | flash --hostname nomad-svr-2 --user-data examples/nomad-consul-separated-cluster/nomad-server.yaml dist/rpi-nomad.img 39 | flash --hostname nomad-svr-3 --user-data examples/nomad-consul-separated-cluster/nomad-server.yaml dist/rpi-nomad.img 40 | ``` 41 | 42 | _Nomad clients_ 43 | 44 | ``` 45 | flash --hostname nomad-clt-1 --user-data examples/nomad-consul-separated-cluster/nomad-client.yaml dist/rpi-nomad-client.img 46 | flash --hostname nomad-clt-2 --user-data examples/nomad-consul-separated-cluster/nomad-client.yaml dist/rpi-nomad-client.img 47 | flash --hostname nomad-clt-3 --user-data examples/nomad-consul-separated-cluster/nomad-client.yaml dist/rpi-nomad-client.img 48 | ``` 49 | 50 | 5. put the SD cards in the Raspberry Pi devices 51 | 52 | 6. connect all devices to the same network and power up! 53 | -------------------------------------------------------------------------------- /scripts/install-nomad.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | ARCH=$(uname -m) 5 | case $ARCH in 6 | amd64) 7 | SUFFIX=amd64 8 | ;; 9 | x86_64) 10 | SUFFIX=amd64 11 | ;; 12 | arm64) 13 | SUFFIX=arm64 14 | ;; 15 | aarch64) 16 | SUFFIX=arm64 17 | ;; 18 | arm*) 19 | SUFFIX=arm 20 | ;; 21 | *) 22 | echo "Unsupported architecture $ARCH" 23 | exit 1 24 | esac 25 | 26 | echo "Fetching Nomad... ${NOMAD_VERSION}" 27 | mkdir /tmp/nomad 28 | pushd /tmp/nomad 29 | 30 | curl -Os https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_${SUFFIX}.zip 31 | curl -Os https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS 32 | curl -Os https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig 33 | 34 | # Verify the signature file is untampered. 35 | gpg --homedir /tmp/keyring --verify nomad_${NOMAD_VERSION}_SHA256SUMS.sig nomad_${NOMAD_VERSION}_SHA256SUMS 36 | 37 | # Verify the SHASUM matches the archive. 38 | shasum -a 256 -c nomad_${NOMAD_VERSION}_SHA256SUMS --ignore-missing 39 | 40 | echo "Installing Nomad..." 41 | unzip nomad_${NOMAD_VERSION}_linux_${SUFFIX}.zip >/dev/null 42 | mv nomad /usr/local/bin/ 43 | 44 | mkdir --parents /opt/nomad 45 | mkdir --parents /etc/nomad.d 46 | chmod 700 /etc/nomad.d 47 | 48 | cat - > /etc/nomad.d/nomad.hcl <<'EOF' 49 | bind_addr = "0.0.0.0" 50 | data_dir = "/opt/nomad" 51 | 52 | server { 53 | enabled = true 54 | bootstrap_expect = 1 55 | } 56 | client { 57 | enabled = true 58 | } 59 | EOF 60 | 61 | chmod 640 /etc/nomad.d/nomad.hcl 62 | 63 | echo "Installing Nomad as a Service..." 64 | cat - > /etc/systemd/system/nomad.service <<'EOF' 65 | [Unit] 66 | Description=Nomad 67 | Documentation=https://nomadproject.io/docs/ 68 | Wants=network-online.target 69 | After=network-online.target 70 | 71 | [Service] 72 | ExecReload=/bin/kill -HUP $MAINPID 73 | ExecStart=/usr/local/bin/nomad agent -config /etc/nomad.d 74 | KillMode=process 75 | KillSignal=SIGINT 76 | LimitNOFILE=infinity 77 | LimitNPROC=infinity 78 | Restart=on-failure 79 | RestartSec=2 80 | StartLimitBurst=3 81 | StartLimitIntervalSec=10 82 | TasksMax=infinity 83 | 84 | [Install] 85 | WantedBy=multi-user.target 86 | EOF 87 | chmod 0600 /etc/systemd/system/nomad.service 88 | 89 | systemctl enable nomad.service 90 | 91 | popd 92 | rm -rf /tmp/nomad 93 | 94 | echo "Nomad installation finished." -------------------------------------------------------------------------------- /scripts/install-consul.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | ARCH=$(uname -m) 5 | case $ARCH in 6 | amd64) 7 | SUFFIX=amd64 8 | ;; 9 | x86_64) 10 | SUFFIX=amd64 11 | ;; 12 | arm64) 13 | SUFFIX=arm64 14 | ;; 15 | aarch64) 16 | SUFFIX=arm64 17 | ;; 18 | arm*) 19 | SUFFIX=armhfv6 20 | ;; 21 | *) 22 | echo "Unsupported architecture $ARCH" 23 | exit 1 24 | esac 25 | 26 | echo "Fetching Consul... ${CONSUL_VERSION}" 27 | mkdir -p /tmp/consul 28 | pushd /tmp/consul 29 | 30 | curl -Os https://releases.hashicorp.com/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_linux_${SUFFIX}.zip 31 | curl -Os https://releases.hashicorp.com/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_SHA256SUMS 32 | curl -Os https://releases.hashicorp.com/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_SHA256SUMS.sig 33 | 34 | # Verify the signature file is untampered. 35 | gpg --homedir /tmp/keyring --verify consul_${CONSUL_VERSION}_SHA256SUMS.sig consul_${CONSUL_VERSION}_SHA256SUMS 36 | 37 | # Verify the SHASUM matches the archive. 38 | shasum -a 256 -c consul_${CONSUL_VERSION}_SHA256SUMS --ignore-missing 39 | 40 | echo "Installing Consul..." 41 | unzip consul_${CONSUL_VERSION}_linux_${SUFFIX}.zip >/dev/null 42 | mv consul /usr/local/bin/ 43 | 44 | useradd --system --home /etc/consul.d --shell /bin/false consul 45 | 46 | mkdir --parents /opt/consul 47 | mkdir --parents /etc/consul.d 48 | 49 | cat - > /etc/consul.d/consul.hcl <<'EOF' 50 | advertise_addr = "{{ GetPrivateInterfaces | include \"type\" \"IP\" | attr \"address\" }}" 51 | client_addr = "0.0.0.0" 52 | data_dir = "/opt/consul" 53 | bootstrap_expect = 1 54 | retry_join = [ "127.0.0.1" ] 55 | server = true 56 | ui = true 57 | EOF 58 | 59 | chmod 640 /etc/consul.d/consul.hcl 60 | chown --recursive consul:consul /opt/consul 61 | chown --recursive consul:consul /etc/consul.d 62 | 63 | echo "Installing Consul as a Service..." 64 | cat - > /etc/systemd/system/consul.service <<'EOF' 65 | [Unit] 66 | Description="HashiCorp Consul - A service mesh solution" 67 | Documentation=https://www.consul.io/ 68 | Requires=network-online.target 69 | After=network-online.target 70 | ConditionFileNotEmpty=/etc/consul.d/consul.hcl 71 | 72 | [Service] 73 | Type=notify 74 | User=consul 75 | Group=consul 76 | ExecStart=/usr/local/bin/consul agent -config-dir=/etc/consul.d/ 77 | ExecReload=/usr/local/bin/consul reload 78 | ExecStop=/usr/local/bin/consul leave 79 | KillMode=process 80 | Restart=on-failure 81 | LimitNOFILE=65536 82 | 83 | [Install] 84 | WantedBy=multi-user.target 85 | EOF 86 | chmod 0600 /etc/systemd/system/consul.service 87 | 88 | systemctl enable consul.service 89 | 90 | popd 91 | rm -rf /tmp/consul 92 | 93 | echo "Consul installation finished." -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # HashiStack on a Raspberry Pi 2 | 3 | [![Build Status](https://travis-ci.org/jsiebens/rpi-hashistack.svg?branch=master)](https://travis-ci.org/jsiebens/rpi-hashistack) 4 | 5 | This repository contains Packer templates and scripts to build [Ubuntu Pi](https://ubuntu.com/download/raspberry-pi) images with different HashiCorp tools like Consul, Nomad or Vault pre-installed. 6 | 7 | >[Consul](https://www.consul.io/) is a distributed, highly-available tool that you can use for service discovery and key/value storage. A Consul cluster typically includes a small number of server nodes, and a larger number of client nodes, which you typically run alongside your apps. 8 | 9 | >[Nomad](https://www.nomadproject.io/) is a distributed, highly-available data-center aware scheduler. A Nomad cluster typically includes a small number of server nodes, and a larger number of client nodes, which are used for running jobs. 10 | 11 | >[Vault](https://www.vaultproject.io/) is an open source tool for managing secrets and protecting sensitive data. 12 | 13 | Ubuntu for Raspberry Pi has built-in support for [cloud-init](https://cloudinit.readthedocs.io/en/18.3/) to initialize and configure your system. With cloud-init you can customize e.g. hostname, authorized ssh keys, a static ip, Consul or Nomad configuration, ... 14 | 15 | This setup includes the following images: 16 | 17 | - __rpi-consul.img__: an image with Consul installed as a systemd service 18 | 19 | - __rpi-vault.img__: an image with Consul and Vault installed as systemd services 20 | 21 | - __rpi-nomad.img__: an image with Consul and Nomad installed as a systemd service 22 | 23 | - __rpi-nomad-client.img__: same as previous image, but with extra software like Docker and a JDK 24 | 25 | - __rpi-hashi-stack.img__: an image with Consul, Vault and Nomad installed as systemd services 26 | 27 | - __rpi-hashi-stack-extra.img__: same as previous image, but with extra software like Docker and a JDK 28 | 29 | ## How to use these images 30 | 31 | With the included images, all building blocks to deploy many different architecture are available: 32 | 33 | - [Nomad cluster co-located with a Consul cluster](./examples/nomad-consul-colocated-cluster) 34 | 35 | - [Nomad cluster with a separate Consul cluster](./examples/nomad-consul-separate-cluster) 36 | 37 | ## Building the images 38 | 39 | This project includes a Vagrant file and some scripts to build the images in an isolated environment. 40 | 41 | To use the Vagrant environment, start by cloning this repository: 42 | 43 | ``` 44 | git clone https://github.com/jsiebens/rpi-hashistack 45 | ``` 46 | 47 | Next, start the Vagrant box and ssh into it: 48 | 49 | ``` 50 | vagrant up 51 | vagrant ssh 52 | ``` 53 | 54 | When connected with the Vagrant box, run the build script in the `/vagrant` directory: 55 | 56 | ``` 57 | cd /vagrant 58 | ./build.sh 59 | ``` 60 | -------------------------------------------------------------------------------- /scripts/install-vault.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | ARCH=$(uname -m) 5 | case $ARCH in 6 | amd64) 7 | SUFFIX=amd64 8 | ;; 9 | x86_64) 10 | SUFFIX=amd64 11 | ;; 12 | arm64) 13 | SUFFIX=arm64 14 | ;; 15 | aarch64) 16 | SUFFIX=arm64 17 | ;; 18 | arm*) 19 | SUFFIX=arm 20 | ;; 21 | *) 22 | echo "Unsupported architecture $ARCH" 23 | exit 1 24 | esac 25 | 26 | echo "Fetching Vault... ${VAULT_VERSION}" 27 | mkdir -p /tmp/vault 28 | pushd /tmp/vault 29 | 30 | curl -Os https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_${SUFFIX}.zip 31 | curl -Os https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_SHA256SUMS 32 | curl -Os https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_SHA256SUMS.sig 33 | 34 | # Verify the signature file is untampered. 35 | gpg --homedir /tmp/keyring --verify vault_${VAULT_VERSION}_SHA256SUMS.sig vault_${VAULT_VERSION}_SHA256SUMS 36 | 37 | # Verify the SHASUM matches the archive. 38 | shasum -a 256 -c vault_${VAULT_VERSION}_SHA256SUMS --ignore-missing 39 | 40 | echo "Installing Vault..." 41 | unzip vault_${VAULT_VERSION}_linux_${SUFFIX}.zip >/dev/null 42 | mv vault /usr/local/bin/ 43 | setcap cap_ipc_lock=+ep /usr/local/bin/vault 44 | 45 | useradd --system --home /etc/vault.d --shell /bin/false vault 46 | 47 | mkdir --parents /etc/vault.d 48 | 49 | cat - > /etc/vault.d/vault.hcl <<'EOF' 50 | ui = true 51 | 52 | storage "consul" { 53 | address = "127.0.0.1:8500" 54 | path = "vault" 55 | } 56 | 57 | listener "tcp" { 58 | address = "0.0.0.0:8200" 59 | tls_disable = 1 60 | } 61 | EOF 62 | 63 | chmod 640 /etc/vault.d/vault.hcl 64 | chown --recursive vault:vault /etc/vault.d 65 | 66 | echo "Installing Vault as a Service..." 67 | cat - > /etc/systemd/system/vault.service <<'EOF' 68 | [Unit] 69 | Description="HashiCorp Vault - A tool for managing secrets" 70 | Documentation=https://www.vaultproject.io/docs/ 71 | Requires=network-online.target 72 | After=network-online.target 73 | ConditionFileNotEmpty=/etc/vault.d/vault.hcl 74 | StartLimitIntervalSec=60 75 | StartLimitBurst=3 76 | 77 | [Service] 78 | User=vault 79 | Group=vault 80 | ProtectSystem=full 81 | ProtectHome=read-only 82 | PrivateTmp=yes 83 | PrivateDevices=yes 84 | SecureBits=keep-caps 85 | AmbientCapabilities=CAP_IPC_LOCK 86 | Capabilities=CAP_IPC_LOCK+ep 87 | CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK 88 | NoNewPrivileges=yes 89 | ExecStart=/usr/local/bin/vault server -config=/etc/vault.d/vault.hcl 90 | ExecReload=/bin/kill --signal HUP $MAINPID 91 | KillMode=process 92 | KillSignal=SIGINT 93 | Restart=on-failure 94 | RestartSec=5 95 | TimeoutStopSec=30 96 | StartLimitInterval=60 97 | StartLimitIntervalSec=60 98 | StartLimitBurst=3 99 | LimitNOFILE=65536 100 | LimitMEMLOCK=infinity 101 | 102 | [Install] 103 | WantedBy=multi-user.target 104 | EOF 105 | chmod 0600 /etc/systemd/system/vault.service 106 | 107 | systemctl enable vault.service 108 | 109 | popd 110 | rm -rf /tmp/vault 111 | 112 | echo "Vault installation finished." -------------------------------------------------------------------------------- /packer/rpi-ubuntu-armhf.json: -------------------------------------------------------------------------------- 1 | { 2 | "builders": [ 3 | { 4 | "name": "consul", 5 | "type": "arm-image", 6 | "image_type": "raspberrypi", 7 | "output_filename": "images/rpi-consul.img", 8 | "iso_url": "http://cdimage.ubuntu.com/releases/20.04/release/ubuntu-20.04-preinstalled-server-armhf+raspi.img.xz", 9 | "iso_checksum_type": "sha256", 10 | "iso_checksum": "e86a9043d5394c4ae3d22d3ba62cd07d400156ec2319270d1e238ba5a0d17d9b", 11 | "image_mounts": [ 12 | "/boot/firmware", 13 | "/" 14 | ], 15 | "additional_chroot_mounts": [ 16 | [ 17 | "bind", 18 | "/run/systemd", 19 | "/run/systemd" 20 | ] 21 | ] 22 | }, 23 | { 24 | "name": "nomad", 25 | "type": "arm-image", 26 | "image_type": "raspberrypi", 27 | "output_filename": "images/rpi-nomad.img", 28 | "iso_url": "http://cdimage.ubuntu.com/releases/20.04/release/ubuntu-20.04-preinstalled-server-armhf+raspi.img.xz", 29 | "iso_checksum_type": "sha256", 30 | "iso_checksum": "e86a9043d5394c4ae3d22d3ba62cd07d400156ec2319270d1e238ba5a0d17d9b", 31 | "image_mounts": [ 32 | "/boot/firmware", 33 | "/" 34 | ], 35 | "additional_chroot_mounts": [ 36 | [ 37 | "bind", 38 | "/run/systemd", 39 | "/run/systemd" 40 | ] 41 | ] 42 | }, 43 | { 44 | "name": "nomad-client", 45 | "type": "arm-image", 46 | "image_type": "raspberrypi", 47 | "output_filename": "images/rpi-nomad-client.img", 48 | "iso_url": "http://cdimage.ubuntu.com/releases/20.04/release/ubuntu-20.04-preinstalled-server-armhf+raspi.img.xz", 49 | "iso_checksum_type": "sha256", 50 | "iso_checksum": "e86a9043d5394c4ae3d22d3ba62cd07d400156ec2319270d1e238ba5a0d17d9b", 51 | "image_mounts": [ 52 | "/boot/firmware", 53 | "/" 54 | ], 55 | "additional_chroot_mounts": [ 56 | [ 57 | "bind", 58 | "/run/systemd", 59 | "/run/systemd" 60 | ] 61 | ], 62 | "last_partition_extra_size": 256000000 63 | }, 64 | { 65 | "name": "vault", 66 | "type": "arm-image", 67 | "image_type": "raspberrypi", 68 | "output_filename": "images/rpi-vault.img", 69 | "iso_url": "http://cdimage.ubuntu.com/releases/20.04/release/ubuntu-20.04-preinstalled-server-armhf+raspi.img.xz", 70 | "iso_checksum_type": "sha256", 71 | "iso_checksum": "e86a9043d5394c4ae3d22d3ba62cd07d400156ec2319270d1e238ba5a0d17d9b", 72 | "image_mounts": [ 73 | "/boot/firmware", 74 | "/" 75 | ], 76 | "additional_chroot_mounts": [ 77 | [ 78 | "bind", 79 | "/run/systemd", 80 | "/run/systemd" 81 | ] 82 | ] 83 | }, 84 | { 85 | "name": "hashi-stack", 86 | "type": "arm-image", 87 | "image_type": "raspberrypi", 88 | "output_filename": "images/rpi-hashi-stack.img", 89 | "iso_url": "http://cdimage.ubuntu.com/releases/20.04/release/ubuntu-20.04-preinstalled-server-armhf+raspi.img.xz", 90 | "iso_checksum_type": "sha256", 91 | "iso_checksum": "e86a9043d5394c4ae3d22d3ba62cd07d400156ec2319270d1e238ba5a0d17d9b", 92 | "image_mounts": [ 93 | "/boot/firmware", 94 | "/" 95 | ], 96 | "additional_chroot_mounts": [ 97 | [ 98 | "bind", 99 | "/run/systemd", 100 | "/run/systemd" 101 | ] 102 | ] 103 | }, 104 | { 105 | "name": "hashi-stack-extra", 106 | "type": "arm-image", 107 | "image_type": "raspberrypi", 108 | "output_filename": "images/rpi-hashi-stack-extra.img", 109 | "iso_url": "http://cdimage.ubuntu.com/releases/20.04/release/ubuntu-20.04-preinstalled-server-armhf+raspi.img.xz", 110 | "iso_checksum_type": "sha256", 111 | "iso_checksum": "e86a9043d5394c4ae3d22d3ba62cd07d400156ec2319270d1e238ba5a0d17d9b", 112 | "image_mounts": [ 113 | "/boot/firmware", 114 | "/" 115 | ], 116 | "additional_chroot_mounts": [ 117 | [ 118 | "bind", 119 | "/run/systemd", 120 | "/run/systemd" 121 | ] 122 | ], 123 | "last_partition_extra_size": 256000000 124 | } 125 | ], 126 | "post-processors": [ 127 | { 128 | "type": "compress", 129 | "output": "dist/rpi-{{.BuildName}}-ubuntu-armhf.img.xz" 130 | } 131 | ] 132 | } -------------------------------------------------------------------------------- /packer/rpi-ubuntu-arm64.json: -------------------------------------------------------------------------------- 1 | { 2 | "builders": [ 3 | { 4 | "name": "consul", 5 | "type": "arm-image", 6 | "image_type": "raspberrypi", 7 | "output_filename": "images/rpi-consul.img", 8 | "iso_url": "http://cdimage.ubuntu.com/releases/20.04/release/ubuntu-20.04-preinstalled-server-arm64+raspi.img.xz", 9 | "iso_checksum_type": "sha256", 10 | "iso_checksum": "48167067d65c5192ffe041c9cc4958cb7fcdfd74fa15e1937a47430ed7b9de99", 11 | "qemu_binary": "qemu-aarch64-static", 12 | "image_mounts": [ 13 | "/boot/firmware", 14 | "/" 15 | ], 16 | "additional_chroot_mounts": [ 17 | [ 18 | "bind", 19 | "/run/systemd", 20 | "/run/systemd" 21 | ] 22 | ] 23 | }, 24 | { 25 | "name": "nomad", 26 | "type": "arm-image", 27 | "image_type": "raspberrypi", 28 | "output_filename": "images/rpi-nomad.img", 29 | "iso_url": "http://cdimage.ubuntu.com/releases/20.04/release/ubuntu-20.04-preinstalled-server-arm64+raspi.img.xz", 30 | "iso_checksum_type": "sha256", 31 | "iso_checksum": "48167067d65c5192ffe041c9cc4958cb7fcdfd74fa15e1937a47430ed7b9de99", 32 | "qemu_binary": "qemu-aarch64-static", 33 | "image_mounts": [ 34 | "/boot/firmware", 35 | "/" 36 | ], 37 | "additional_chroot_mounts": [ 38 | [ 39 | "bind", 40 | "/run/systemd", 41 | "/run/systemd" 42 | ] 43 | ] 44 | }, 45 | { 46 | "name": "nomad-client", 47 | "type": "arm-image", 48 | "image_type": "raspberrypi", 49 | "output_filename": "images/rpi-nomad-client.img", 50 | "iso_url": "http://cdimage.ubuntu.com/releases/20.04/release/ubuntu-20.04-preinstalled-server-arm64+raspi.img.xz", 51 | "iso_checksum_type": "sha256", 52 | "iso_checksum": "48167067d65c5192ffe041c9cc4958cb7fcdfd74fa15e1937a47430ed7b9de99", 53 | "qemu_binary": "qemu-aarch64-static", 54 | "image_mounts": [ 55 | "/boot/firmware", 56 | "/" 57 | ], 58 | "additional_chroot_mounts": [ 59 | [ 60 | "bind", 61 | "/run/systemd", 62 | "/run/systemd" 63 | ] 64 | ], 65 | "last_partition_extra_size": 256000000 66 | }, 67 | { 68 | "name": "vault", 69 | "type": "arm-image", 70 | "image_type": "raspberrypi", 71 | "output_filename": "images/rpi-vault.img", 72 | "iso_url": "http://cdimage.ubuntu.com/releases/20.04/release/ubuntu-20.04-preinstalled-server-arm64+raspi.img.xz", 73 | "iso_checksum_type": "sha256", 74 | "iso_checksum": "48167067d65c5192ffe041c9cc4958cb7fcdfd74fa15e1937a47430ed7b9de99", 75 | "qemu_binary": "qemu-aarch64-static", 76 | "image_mounts": [ 77 | "/boot/firmware", 78 | "/" 79 | ], 80 | "additional_chroot_mounts": [ 81 | [ 82 | "bind", 83 | "/run/systemd", 84 | "/run/systemd" 85 | ] 86 | ] 87 | }, 88 | { 89 | "name": "hashi-stack", 90 | "type": "arm-image", 91 | "image_type": "raspberrypi", 92 | "output_filename": "images/rpi-hashi-stack.img", 93 | "iso_url": "http://cdimage.ubuntu.com/releases/20.04/release/ubuntu-20.04-preinstalled-server-arm64+raspi.img.xz", 94 | "iso_checksum_type": "sha256", 95 | "iso_checksum": "48167067d65c5192ffe041c9cc4958cb7fcdfd74fa15e1937a47430ed7b9de99", 96 | "qemu_binary": "qemu-aarch64-static", 97 | "image_mounts": [ 98 | "/boot/firmware", 99 | "/" 100 | ], 101 | "additional_chroot_mounts": [ 102 | [ 103 | "bind", 104 | "/run/systemd", 105 | "/run/systemd" 106 | ] 107 | ] 108 | }, 109 | { 110 | "name": "hashi-stack-extra", 111 | "type": "arm-image", 112 | "image_type": "raspberrypi", 113 | "output_filename": "images/rpi-hashi-stack-extra.img", 114 | "iso_url": "http://cdimage.ubuntu.com/releases/20.04/release/ubuntu-20.04-preinstalled-server-arm64+raspi.img.xz", 115 | "iso_checksum_type": "sha256", 116 | "iso_checksum": "48167067d65c5192ffe041c9cc4958cb7fcdfd74fa15e1937a47430ed7b9de99", 117 | "qemu_binary": "qemu-aarch64-static", 118 | "image_mounts": [ 119 | "/boot/firmware", 120 | "/" 121 | ], 122 | "additional_chroot_mounts": [ 123 | [ 124 | "bind", 125 | "/run/systemd", 126 | "/run/systemd" 127 | ] 128 | ], 129 | "last_partition_extra_size": 256000000 130 | } 131 | ], 132 | "post-processors": [ 133 | { 134 | "type": "compress", 135 | "output": "dist/rpi-{{.BuildName}}-ubuntu-arm64.img.xz" 136 | } 137 | ] 138 | } --------------------------------------------------------------------------------