Merge pull request #4 from traefik-tech-blog/traefikee

Merge traefikee branch into main

.gitignore

@@ -1,2 +1,4 @@
 .vagrant/
-.DS_Store
+.DS_Store
+bundle.zip
+*.pem

Vagrantfile

@@ -2,20 +2,20 @@
 # vi: set ft=ruby :
 
 $script = <<SCRIPT
-# add HashiCorp GPG key and repo
+echo "Adding HashiCorp GPG key and repo..."
 curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add -
  apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
 apt-get update
 
-# add Docker GPG key and repo
-apt-get install apt-transport-https ca-certificates curl gnupg lsb-release -y
+echo "Adding Docker GPG key and repo..."
+apt-get install apt-transport-https ca-certificates curl jq gnupg lsb-release -y
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
 echo \
 "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
 $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
 apt-get update
 
-# install docker
+echo "Installing Docker..."
 apt-get install docker-ce -y
 
 # restart docker to make sure we get the latest version of the daemon if there is an upgrade
@@ -25,37 +25,16 @@ sudo service docker restart
 sudo usermod -aG docker vagrant
 
 # install cni plugins https://www.nomadproject.io/docs/integrations/consul-connect#cni-plugins
+echo "Installing cni plugins..."
 curl -L -o cni-plugins.tgz "https://github.com/containernetworking/plugins/releases/download/v1.0.0/cni-plugins-linux-$( [ $(uname -m) = aarch64 ] && echo arm64 || echo amd64)"-v1.0.0.tgz
 sudo mkdir -p /opt/cni/bin
 sudo tar -C /opt/cni/bin -xzf cni-plugins.tgz
 
-# install consul
+echo "Installing Consul..."
 apt-get install consul=1.10.1 -y
 
 # config consul
-IP_ADDRESS=$(ifconfig eth1 | grep -E -o "(25[0-4]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-4]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-4]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-4]|2[0-4][0-9]|[01]?[0-9][0-9]?)" | head -n 1)
-
-cat <<EOF >/tmp/consul-config
-# Full configuration options can be found at https://www.consul.io/docs/agent/options.html
-server = true
-bootstrap_expect = 2
-data_dir = "/opt/consul"
-advertise_addr = "$IP_ADDRESS"
-client_addr = "0.0.0.0"
-retry_join = ["192.168.88.4", "192.168.88.5"]
-connect {
-  enabled = true
-}
-ports {
-  grpc = 8502
-  http = 8500
-}
-ui_config {
-  enabled = true
-}
-EOF
-
-mv /tmp/consul-config /etc/consul.d/consul.hcl
+mv /tmp/consul.hcl /etc/consul.d/consul.hcl
 chown --recursive consul:consul /etc/consul.d
 chmod 640 /etc/consul.d/consul.hcl
 
@@ -64,64 +43,77 @@ sudo systemctl enable consul
 sudo systemctl start consul
 sudo systemctl status consul
 
-# install nomad
+echo "Installing Nomad..."
 apt-get install nomad=1.1.3 -y
 
-cat <<EOF >/tmp/nomad-config
-# Full configuration options can be found at https://www.nomadproject.io/docs/configuration
-data_dir = "/opt/nomad"
-leave_on_terminate = true
-advertise {
-  http = "$IP_ADDRESS"
-  rpc  = "$IP_ADDRESS"
-  serf = "$IP_ADDRESS"
-}
-client {
-  enabled           = true
-  network_interface = "eth1"
-}
-server {
-  enabled          = true
-  bootstrap_expect = 2
-}
-EOF
-
-mv /tmp/nomad-config /etc/nomad.d/nomad.hcl
+# config nomad
+mv /tmp/nomad.hcl /etc/nomad.d/nomad.hcl
 chown --recursive nomad:nomad /etc/nomad.d
 chmod 640 /etc/nomad.d/nomad.hcl
 
+# provide vault token to nomad hosts
+sudo tee -a /etc/nomad.d/nomad.env <<EOF
+VAULT_TOKEN=root
+EOF
+
 # start nomad
 sudo systemctl enable nomad
 sudo systemctl start nomad
 sudo systemctl status nomad
-# nomad -autocomplete-install not working
 
-# install vault
+echo "Installing Vault..."
 apt-get install vault=1.8.1 -y
+
+# create traefikee directories
+sudo mkdir -p /opt/traefikee /opt/traefikee-plugins
+
+# configuring environment
+sudo -H -u vagrant nomad -autocomplete-install
+sudo -H -u vagrant consul -autocomplete-install
+sudo -H -u vagrant vault -autocomplete-install
+sudo tee -a /etc/environment <<EOF
+export VAULT_ADDR=http://192.168.88.4:8200
+export VAULT_TOKEN=root
+EOF
+
+source /etc/environment
 SCRIPT
 
 $vault = <<VAULT
+echo "Starting Vault dev server..."
 vault server -dev -dev-listen-address="0.0.0.0:8200" -dev-root-token-id="root" > vault.log 2>&1 &
+sleep 5
+vault status
+
+# enable vault audit logs
+touch /var/log/vault_audit.log
+vault audit enable file file_path=/var/log/vault_audit.log
 VAULT
 
 Vagrant.configure("2") do |config|
   # Start from this base box
   config.vm.box = "hashicorp/bionic64"
 
+  # Copy Consul and Nomad configs to host
+  config.vm.provision "file", source: "config", destination: "/tmp"
+
   # Run the bootstrap script
   config.vm.provision "shell", inline: $script
 
   # Copy Nomad job files to host
   config.vm.provision "file", source: "jobs", destination: "jobs"
 
+  # Copy TraefikEE bundle to host (uncomment the next line once you have a bundle.zip)
+  # config.vm.provision "file", source: "bundle.zip", destination: "bundle.zip"
+
   # Primary specific config
   config.vm.define "primary", primary: true do |primary|
     primary.vm.hostname = "traefik-webinar-1"
     primary.vm.network "private_network", ip: "192.168.88.4"
 
     # Increase memory for Virtualbox
     primary.vm.provider "virtualbox" do |vb|
-      vb.memory = "1536"
+      vb.memory = "2048"
     end
 
     # set up Vault
@@ -139,7 +131,6 @@ Vagrant.configure("2") do |config|
     # Expose the traefik service ports to the host
     primary.vm.network "forwarded_port", guest: 80, host: 8080, auto_correct: true, host_ip: "127.0.0.1"
     primary.vm.network "forwarded_port", guest: 443, host: 8443, auto_correct: true, host_ip: "127.0.0.1"
-    primary.vm.network "forwarded_port", guest: 9002, host: 9002, auto_correct: true, host_ip: "127.0.0.1"
   end
 
   # Secondary specific config

config/consul.hcl

@@ -0,0 +1,22 @@
+# Full configuration options can be found at https://www.consul.io/docs/agent/options.html
+data_dir = "/opt/consul"
+
+server           = true
+bootstrap_expect = 2
+advertise_addr   = "{{ GetInterfaceIP `eth1` }}"
+client_addr      = "0.0.0.0"
+retry_join       = ["192.168.88.4", "192.168.88.5"]
+
+datacenter = "dc1"
+
+connect {
+  enabled = true
+}
+
+ports {
+  grpc = 8502
+}
+
+ui_config {
+  enabled = true
+}

config/nomad.hcl

@@ -0,0 +1,35 @@
+# Full configuration options can be found at https://www.nomadproject.io/docs/configuration
+data_dir = "/opt/nomad"
+
+leave_on_terminate = true
+
+advertise {
+  http = "{{ GetInterfaceIP `eth1` }}"
+  rpc  = "{{ GetInterfaceIP `eth1` }}"
+  serf = "{{ GetInterfaceIP `eth1` }}"
+}
+
+client {
+  enabled           = true
+  network_interface = "eth1"
+
+  host_volume "traefikee-data" {
+    path      = "/opt/traefikee"
+    read_only = false
+  }
+
+  host_volume "traefikee-plugins" {
+    path      = "/opt/traefikee-plugins"
+    read_only = false
+  }
+}
+
+server {
+  enabled          = true
+  bootstrap_expect = 2
+}
+
+vault {
+  enabled = true
+  address = "http://192.168.88.4:8200"
+}

jobs/countdash.nomad

@@ -2,12 +2,6 @@ job "countdash" {
   datacenters = ["dc1"]
 
   group "api" {
-    affinity {
-      attribute = "${node.unique.name}"
-      value     = "traefik-webinar-2"
-      weight    = 100
-    }
-
     network {
       mode = "bridge"
     }
@@ -27,22 +21,20 @@ job "countdash" {
       config {
         image = "hashicorpnomad/counter-api:v3"
       }
+
+      resources {
+        cpu    = 100
+        memory = 128
+      }
     }
   }
 
   group "dashboard" {
-    affinity {
-      attribute = "${node.unique.name}"
-      value     = "traefik-webinar-1"
-      weight    = 100
-    }
-
     network {
       mode = "bridge"
 
       port "http" {
-        static = 9002
-        to     = 9002
+        to = 9002
       }
     }
 
@@ -53,7 +45,7 @@ job "countdash" {
       tags = [
         "traefik.enable=true",
         "traefik.consulcatalog.connect=true",
-        "traefik.http.routers.countdash.rule=Path(`/`)",
+        "traefik.http.routers.countdash.rule=Host(`countdash.localhost`)",
       ]
 
       connect {
@@ -78,6 +70,11 @@ job "countdash" {
       config {
         image = "hashicorpnomad/counter-dashboard:v3"
       }
+
+      resources {
+        cpu    = 100
+        memory = 128
+      }
     }
   }
 }

jobs/traefik.nomad

@@ -1,15 +1,8 @@
 job "traefik" {
   datacenters = ["dc1"]
-
-  affinity {
-    attribute = "${node.unique.name}"
-    value     = "traefik-webinar-1"
-    weight    = 100
-  }
+  type        = "system"
 
   group "traefik" {
-    count = 1
-
     network {
       port "web" {
         static = 80
@@ -18,10 +11,6 @@ job "traefik" {
       port "websecure" {
         static = 443
       }
-
-      port "api" {
-        static = 8081
-      }
     }
 
     service {
@@ -37,24 +26,6 @@ job "traefik" {
       }
     }
 
-    service {
-      name = "traefik-dashboard"
-      port = "api"
-
-      #      tags = [
-      #        "traefik.enable=true",
-      #        "traefik.http.routers.dashboard.rule=Path(`/dashboard`)",
-      #      ]
-
-      check {
-        type     = "http"
-        path     = "/"
-        port     = "api"
-        interval = "10s"
-        timeout  = "2s"
-      }
-    }
-
     task "traefik" {
       driver = "docker"
 
@@ -74,12 +45,6 @@ entryPoints:
     address: ":80"
   websecure:
     address: ":443"
-  traefik:
-    address: ":8081"
-
-api:
-  dashboard: true
-  insecure: true
 
 ping:
   entryPoint: "web"