This repository contains a series of Terraform configurations that can be used to build a "HashiStack" in a single or multiple regions

1. Each "HashiStack" consists of the following:
   • 1 Bastion host
   • 3 Consul servers
   • 3 Vault server
     • Using Integrated Storage (Raft) -or-
     • using the above Consul servers for storage
   • 3 Nomad servers
   • 3 Nomad clients

To use these Terraform configs you will need to setup the following.

1. A GCP project

2. A OAuth2 token to use with Terraform

3. A domain name or subdomain

   Use my Sandbox DNS module to create the domain.

4. A network in your project

   You can use my Sandbox Network module to create the VPC and subnets.

5. Wildcard SSL/TLS certificates for each zone you will be deploying your stack into.

   You can use my Sandbox SSL module to create certificates with Let's Encrypt.

Setup of our sandbox is done in two phases. The first phase is the base network, SSL/TLS certificate, and DNS creation. These components will rarely be changed and are needed by the other modules as inputs. It is recommended to store the state files for all of these in cloud storage (Terraform Cloud, GCP Storage Bucket, etc.), as we use these remote state files as data sources for all our sandbox deployments.

The second phase will be the setup of our various testing environments.

We need to create the VPC and subnets that will be used by all the systems first. The Terraform config for this is in the GCP Sandbox Network repo.

Create subdomain for services. The Terraform config for this is in the GCP Sandbox DNS repo.

Create a wildcard SSL/TLS certificate for each zone you will be deploying services. The Terraform config for this is in the GCP Sandbox SSL repo.

Setup OS Login

Login to OS will be _hashicorp_com (as in your e-mail [email protected])

We use a custom Ubuntu 20.04 image for all the "HashiStack" systems. This image is built with Packer.

Create a packer variables file: packer/local.auto.pkrvars.hcl

project_id      = "awesomeuser-sandbox"
username        = "awesomeuser"
zone            = "us-central1-f"
consul_ent      = true
nomad_ent       = true
vault_ent       = true
consul_lic_file = "/Volumes/GoogleDrive/My Drive/licenses/consul.hclic"
nomad_lic_file  = "/Volumes/GoogleDrive/My Drive/licenses/nomad.hclic"
vault_lic_file  = "/Volumes/GoogleDrive/My Drive/licenses/vault.hclic"

Build image with packer build -force . while in the packer directory.

Single stack example ./examples/1-Stack

Three region stack ./examples/3-Stacks

Three region stack (isolated) ./examples/3-Stacks No Auto

Three region stack with Nomad ACLs ./examples/3-Stacks with ACLs