The Consul project is designed to be deployed into a standard Nubis Account. It takes advantage of the standard deployment found here. For further specifics about Consul consult the documentation here.
NOTE: The line colors are representative and are for readability only. They are not intended to indicate any underlying protocol or specific communication details.
The Nubis Consul deployment consists of:
Details for the deployment including; naming conventions, relationships, permissions, etcetera, can be found in the Terraform template used for deployment. Links to specific resources can be found in the following table.
Resource Type | Resource Title | Code Location |
---|---|---|
aws_launch_configuration | consul | nubis/terraform/main.tf#L8 |
aws_autoscaling_group | consul | nubis/terraform/main.tf#L36 |
aws_security_group | consul | nubis/terraform/main.tf#L73 |
aws_elb | consul | nubis/terraform/main.tf#L130 |
aws_elb | consul-public | nubis/terraform/main.tf#L169 |
aws_security_group | elb | nubis/terraform/main.tf#L199 |
aws_security_group | elb-public | nubis/terraform/main.tf#L228 |
aws_route53_record | ui | nubis/terraform/main.tf#L250 |
aws_route53_record | public | nubis/terraform/main.tf#L258 |
aws_s3_bucket | consul_backups | nubis/terraform/main.tf#L266 |
aws_iam_instance_profile | consul | nubis/terraform/main.tf#L280 |
aws_iam_role | consul | nubis/terraform/main.tf#L285 |
aws_iam_role_policy | consul | nubis/terraform/main.tf#L306 |
aws_iam_role_policy | consul_backups | nubis/terraform/main.tf#L343 |
aws_iam_role_policy | credstash | nubis/terraform/main.tf#L372 |
tls_private_key | consul_web | nubis/terraform/main.tf#L461 |
tls_self_signed_cert | consul_web_public | nubis/terraform/main.tf#L465 |
tls_self_signed_cert | consul_web_ui | nubis/terraform/main.tf#L489 |
aws_iam_server_certificate | consul_web_public | nubis/terraform/main.tf#L519 |
aws_iam_server_certificate | consul_web_ui | nubis/terraform/main.tf#L530 |
null_resource | credstash-public | nubis/terraform/main.tf#L546 |
null_resource | credstash | nubis/terraform/main.tf#L563 |
You need credstash locally installed (in your PATH) to be able to deploy Consul
Mozilla Nubis Consul
You need to run
$> nubis/bin/makecert
Before deploying, to generate the SSL key and cert
This assumes you are in the project directory
Build AMI and make note of AMI ID
nubis-builder build
Generate certificate
cd nubis/terraform
../bin/makecert
Configure tfvars file
cd nubis/terraform
cp terraform.tfvars-dist terraform.tfvars
<edit tfvar files with appropriate info>
Check if terraform plan gives you the right info (for sanity sake)
cd nubis/terraform
terraform plan
Verify if output looks sane and then deploy
terraform apply
???
Profit