initial implementation

Makefile

@@ -33,8 +33,12 @@ else
 endif
 
 # clean commands
-destroy-box:
+# clean commands
+destroy:
 	vagrant destroy -f
+	rm terraform.tfstate || true
+	rm terraform.tfstate.backup || true
+	rm example/terraform.tfstate || true
 
 remove-tmp:
 	rm -rf ./tmp

README.md

@@ -1,90 +1,2 @@
-# Starter template for `fredrikhgrelland/hashistack`
+# Terraform-nomad-presto
 
-This repository can be used as a base for developing services on the hashistack.
-On github, you may use the ["Use this template"](https://github.com/fredrikhgrelland/vagrant-hashistack-template/generate) button to generate a new repository from this template.
-
-If you found this in `fredrikhgrelland/vagrant-hashistack`, you may be interested in this separate repository [vagrant-hashistack-template](https://github.com/fredrikhgrelland/vagrant-hashistack-template/generate) button to start a new repository from this repo
-.
-
-Documentation on [parent repository](https://github.com/fredrikhgrelland/vagrant-hashistack#usage).
-
-## Customizing and using the vagrant box
-
-### Building and testing docker image
-See docker [README.md](docker/README.md).
-
-### Starting a box
-The vagrant box ships with a default startup scheme. `make` from this directory will start the box, and it will run all books in [dev/ansible](dev/ansible) in lexical order (NB: `playbook.yml` is run first, but is only used to run all other playbooks) after the bootstrap-process for the hashistack is done. In the [example](test_example/dev/ansible/playbook.yml) we use it to start terraform which then starts a nomad-job.
-
-### Pre and post hashistack procedure
-You may change the hashistack configuration or add aditional pre and post steps to the startup procedure to match your needs.
-Detailed documentation in [dev/vagrant/conf/README.md](dev/vagrant/conf/README.md)
-
-### Pre packaged configuration switches
-
-The box comes standard with a set of environment switches to simplify testing of different scenarios and enable staged development efforts.
-
-NB: All lowercase variables will automatically get a corresponding TF_VAR_ prepended variant for use directly in terraform.
-To change from the default value, you may add the environment variable to [.env](dev/.env)
-
-#### Enterprise vs Open Source Software (OSS)
-As long as Enterprise is not set to `true` the box will utilise OSS version of the binaries.
-
-#### Nomad
-
-| default   | environment variable  |  value  |
-|:---------:|:----------------------|:-------:|
-|           | nomad_enterprise      |  true   |
-|     x     | nomad_enterprise      |  false  |
-|           | nomad_acl             |  true   |
-|     x     | nomad_acl             |  false  |
-
-When ACLs in Nomad are enabled the bootstrap token will be available in vault under `secret/nomad/management-token` with the two key-value pairs `accessor-id` and `secret-id`. `secret-id` is the token itself. These can be accessed in several ways:
-- From inside the vagrant box with `vault kv get secret/nomad-bootstrap-token`
-- From local machine with `vagrant ssh -c vault kv get secret/nomad-bootstrap-token"`
-- By going to vault's UI on `localhost:8200`, and signing in with the root token.
-
-#### Consul
-
-| default   | environment variable             |  value  |
-|:---------:|:---------------------------------|:-------:|
-|           | consul_enterprise                |  true   |
-|     x     | consul_enterprise                |  false  |
-|     x     | consul_acl                       |  true   |
-|           | consul_acl                       |  false  |
-|     x     | consul_acl_default_policy        |  allow  |
-|           | consul_acl_default_policy        |  deny   |
-
-#### Vault
-
-| default   | environment variable             |  value  |
-|:---------:|:---------------------------------|:-------:|
-|           | vault_enterprise                 |  true   |
-|     x     | vault_enterprise                 |  false  |
-
-##### Consul secrets engine
-
-If `consul_acl_default_policy` has value `deny`, it will also enable [consul secrets engine](https://www.vaultproject.io/docs/secrets/consul) in vault.  
-Ansible will provision additional custom roles (admin-team, dev-team), [policies](../ansible/templates/consul-policies) and tokens for test purpose with different access level.
-
-How to generate token:
-```text
-# generate token for dev team member
-vagrant ssh -c 'vault read consul/creds/dev-team'
-
-# generate token for admin team member
-vagrant ssh -c 'vault read consul/creds/admin-team'
-```
-
-*Tokens can be used to access UI (different access level depends on role)
-
-## Vagrant box life-cycle
-1. `/home/vagrant/.env_default` - _preloaded_ - default variables
-1. `vagrant/.env` - _user provided_ - variables override
-1. `vagrant/.env_override` - _system provided_ - variables are overridden for test purposes
-1. `vagrant/dev/vagrant/conf/pre_ansible.sh` - _user provided_ - script running before ansible bootstrap procedure
-1. `vagrant/dev/vagrant/conf/pre_bootstrap/*.yml` - _user provided_ - pre bootstrap tasks, running before hashistack software runs and ready
-1. `/etc/ansible/bootstrap.yml` - _preloaded_ - verify ansible variables and software configuration, run hashistack software & verify that it started correctly
-1. `vagrant/conf/post_bootstrap/*.yml` - _user provided_ - poststart scripts, running after hasistack software runs and ready
-1. `vagrant/dev/conf/pre_ansible.sh` - _user provided_ - script running after ansible bootstrap procedure
-1. `vagrant/ansible/*.yml` - _user provided_ - ansible tasks included in playbook

Vagrantfile

@@ -3,10 +3,11 @@ Vagrant.configure("2") do |config|
     config.vm.box_version = ">= 0.3, < 0.4"
     config.vm.provider "virtualbox" do |vb|
         vb.linked_clone = true
-        vb.memory = 2048
+        vb.cpus = 3
+        vb.memory = 8192
+    end
+    config.vm.provision "ansible_local" do |ansible|
+        ansible.provisioning_path = "/vagrant/dev/ansible"
+        ansible.playbook = "playbook.yml" # Note this playbook is, in this context, /ansible/playbook.yml
     end
-        config.vm.provision "ansible_local" do |ansible|
-            ansible.provisioning_path = "/vagrant/dev/ansible"
-            ansible.playbook = "playbook.yml" # Note this playbook is, in this context, /ansible/playbook.yml
-        end
 end

conf/nomad/presto.hcl

@@ -0,0 +1,172 @@
+job "presto" {
+  type = "service"
+  datacenters = ["dc1"]
+
+  update {
+    max_parallel      = 1
+    health_check      = "checks"
+    min_healthy_time  = "10s"
+    healthy_deadline  = "12m"
+    progress_deadline = "15m"
+    auto_revert       = true
+    auto_promote      = true
+    canary            = 1
+    stagger           = "30s"
+  }
+  group "standalone" {
+    count = 1
+
+    network {
+      mode = "bridge"
+    }
+
+    service {
+      name = "presto"
+      port = 8080
+      connect {
+        sidecar_service {
+          proxy {
+            upstreams {
+              destination_name = "hive-metastore"
+              local_bind_port  = 9083
+            }
+            upstreams {
+              destination_name = "minio"
+              local_bind_port  = 9000
+            }
+          }
+        }
+      }
+//      check {
+//        task     = "server"
+//        name     = "presto-hive-availability"
+//        type     = "script"
+//        command  = "presto"
+//        args     = ["--execute", "SHOW TABLES IN hive.default"]
+//        interval = "30s"
+//        timeout  = "15s"
+//      }
+      check {
+        expose   = true
+        name     = "presto-info"
+        type     = "http"
+        path     = "/v1/info"
+        interval = "10s"
+        timeout  = "2s"
+      }
+      check {
+        expose   = true
+        name     = "presto-node"
+        type     = "http"
+        path     = "/v1/node"
+        interval = "10s"
+        timeout  = "2s"
+      }
+    }
+
+    task "waitfor-hive-metastore" {
+      restart {
+        attempts = 100
+        delay    = "5s"
+      }
+      lifecycle {
+        hook = "prestart"
+      }
+      driver = "docker"
+      resources {
+        memory = 32
+      }
+      config {
+        image = "consul:latest"
+        entrypoint = ["/bin/sh"]
+        args = ["-c", "jq </local/service.json -e '.[].Status|select(. == \"passing\")'"]
+        volumes = ["tmp/service.json:/local/service.json" ]
+      }
+      template {
+        destination = "tmp/service.json"
+        data = <<EOH
+          {{- service "hive-metastore" | toJSON -}}
+        EOH
+      }
+    }
+
+    task "waitfor-minio" {
+      restart {
+        attempts = 100
+        delay    = "5s"
+      }
+      lifecycle {
+        hook = "prestart"
+      }
+      driver = "docker"
+      resources {
+        memory = 32
+      }
+      config {
+        image = "consul:latest"
+        entrypoint = ["/bin/sh"]
+        args = ["-c", "jq </local/service.json -e '.[].Status|select(. == \"passing\")'"]
+        volumes = ["tmp/service.json:/local/service.json" ]
+      }
+      template {
+        destination = "tmp/service.json"
+        data = <<EOH
+          {{- service "minio" | toJSON -}}
+        EOH
+      }
+    }
+
+    task "server" {
+      driver = "docker"
+
+      config {
+        image = "prestosql/presto:333"
+        volumes = [
+          "local/presto/config.properties:/lib/presto/default/etc/config.properties",
+          "local/presto/catalog/hive.properties:/lib/presto/default/etc/catalog/hive.properties",
+        ]
+      }
+      template {
+        data = <<EOH
+          MINIO_ACCESS_KEY = "minio"
+          MINIO_SECRET_KEY = "minio123"
+          EOH
+        destination = "secrets/.env"
+        env         = true
+      }
+      // NB! If credentials set as env variable, during spin up of this container it could be sort of race condition and query `SELECT * FROM hive.default.iris;`
+      //     could end up with exception: The AWS Access Key Id you provided does not exist in our records.
+      //     Looks like, slow render of env variables (when one template depends on other template). Maybe because, all runs on local machine
+      template {
+        destination = "/local/presto/catalog/hive.properties"
+        data = <<EOH
+connector.name=hive-hadoop2
+hive.metastore.uri=thrift://{{ env "NOMAD_UPSTREAM_ADDR_hive-metastore" }}
+hive.metastore-timeout=1m
+hive.s3.aws-access-key=minio
+hive.s3.aws-secret-key=minio123
+#hive.s3.aws-access-key={{ env "MINIO_ACCESS_KEY" }}
+#hive.s3.aws-secret-key={{ env "MINIO_SECRET_KEY" }}
+#hive.s3.aws-access-key=$$MINIO_ACCESS_KEY
+#hive.s3.aws-secret-key=$$MINIO_SECRET_KEY
+hive.s3.endpoint=http://{{ env "NOMAD_UPSTREAM_ADDR_minio" }}
+hive.s3.path-style-access=true
+hive.s3.ssl.enabled=false
+hive.s3.socket-timeout=15m
+EOH
+      }
+      template {
+        destination   = "local/presto/config.properties"
+        data = <<EOH
+node-scheduler.include-coordinator=true
+http-server.http.port=8080
+discovery-server.enabled=true
+discovery.uri=http://127.0.0.1:8080
+EOH
+      }
+      resources {
+        memory = 2048
+      }
+    }
+  }
+}

dev/ansible/02_run_terraform.yml

@@ -0,0 +1,10 @@
+- name: Terraform
+  terraform:
+    project_path: ../../example
+    force_init: true
+    state: present
+  register: terraform
+
+- name: Terraform stdout
+  debug:
+    msg: "{{terraform.stdout}}"