# Fill out prompts for your root certificate and a vault certificate
./gen_secrets.sh
# This also copies tfvars files from our templates and generates secrets for consul. Once the tfvars files are created, you can modify them directly if needed to customize your deployment
Name them gce-credentials.json and put them in this folder
export GCE_PROJECT_ID=YOUR_GOOGLE_PROJECT_ID
export GCE_DEFAULT_ZONE=us-central1-b
export GCE_SOURCE_IMAGE=ubuntu-1404-trusty-v20160114e
packer build packer/gce_consul_server.json
packer build packer/gce_vault_server.json
packer build packer/gce_nomad_server.json
packer build packer/gce_nomad_client.json
packer build packer/gce_utility.json
You'll need to swap the version numbers in your terraform/_env/gce/terraform.tfvars to match those built by packer for your project.
cd terraform/_env/gce; terraform apply
cd vault;
## Initialize vault
VAULT_SERVER=ip.ad.dr.ess ./init.sh # This stores your keys in credentials/vault.keys file. Separate them and be careful with them.
## Unseal all your vaults
VAULT_SERVER=ip.ad.dr.ess ./unseal.sh
VAULT_SERVER=ip.ad.dr.ess2 ./unseal.sh
## Setup PKI with the vault CA, generated by gen_secrets.sh (earlier)
VAULT_SERVER=ip.ad.dr.ess DOMAIN="example.com" ./setup_pki.sh
cd nomad; NOMAD_SERVER=ip.ad.dr.ess ./run_job.sh helloworld.nomad
Open a tunnel:
ssh -i id_rsa -L 7777:spark-master.service.consul:8080 ubuntu@ip.ad.dr.ess -N
Hit your local endpoint
curl localhost:7777