# Nomad 多数据中心生产环境配置 # 部署架构: CN(dc1) + KR(dc2) + US(dc3) terraform { required_version = ">= 1.0" required_providers { oci = { source = "oracle/oci" version = "~> 5.0" } huaweicloud = { source = "huaweicloud/huaweicloud" version = "~> 1.60" } } } # Oracle Cloud Provider (韩国) provider "oci" { alias = "korea" tenancy_ocid = var.oracle_tenancy_ocid user_ocid = var.oracle_user_ocid fingerprint = var.oracle_fingerprint private_key_path = var.oracle_private_key_path region = "ap-seoul-1" # 韩国首尔 } # 华为云 Provider (美国) provider "huaweicloud" { alias = "us" access_key = var.huawei_access_key secret_key = var.huawei_secret_key region = "us-east-1" # 美国东部 } # 本地变量 locals { project_name = "nomad-multi-dc" environment = "production" common_tags = { Project = local.project_name Environment = local.environment ManagedBy = "opentofu" Owner = "devops-team" } } # 数据源:获取 SSH 公钥 data "local_file" "ssh_public_key" { filename = pathexpand("~/.ssh/id_rsa.pub") } # Oracle Cloud 基础设施 (韩国 - dc2) module "oracle_infrastructure" { source = "../../providers/oracle-cloud" providers = { oci = oci.korea } project_name = local.project_name environment = local.environment vpc_cidr = "10.1.0.0/16" oci_config = { tenancy_ocid = var.oracle_tenancy_ocid user_ocid = var.oracle_user_ocid fingerprint = var.oracle_fingerprint private_key_path = var.oracle_private_key_path region = "ap-seoul-1" } common_tags = local.common_tags } # 华为云基础设施 (美国 - dc3) module "huawei_infrastructure" { source = "../../providers/huawei-cloud" providers = { huaweicloud = huaweicloud.us } project_name = local.project_name environment = local.environment vpc_cidr = "10.2.0.0/16" availability_zones = ["us-east-1a", "us-east-1b"] common_tags = local.common_tags } # Nomad 多数据中心集群 module "nomad_cluster" { source = "../../modules/nomad-cluster" # 部署配置 deploy_korea_node = var.deploy_korea_node deploy_us_node = var.deploy_us_node # Oracle Cloud 配置 oracle_config = { tenancy_ocid = var.oracle_tenancy_ocid user_ocid = var.oracle_user_ocid fingerprint = var.oracle_fingerprint private_key_path = var.oracle_private_key_path region = "ap-seoul-1" } oracle_subnet_id = module.oracle_infrastructure.public_subnet_ids[0] oracle_security_group_id = module.oracle_infrastructure.security_group_id # 华为云配置 huawei_config = { access_key = var.huawei_access_key secret_key = var.huawei_secret_key region = "us-east-1" } huawei_subnet_id = module.huawei_infrastructure.public_subnet_ids[0] huawei_security_group_id = module.huawei_infrastructure.security_group_id # 通用配置 ssh_public_key = data.local_file.ssh_public_key.content common_tags = local.common_tags # Nomad 配置 nomad_version = "1.10.5" nomad_encrypt_key = var.nomad_encrypt_key } # 生成 Ansible inventory resource "local_file" "ansible_inventory" { filename = "${path.module}/generated/nomad-cluster-inventory.yml" content = yamlencode({ all = { children = { nomad_servers = { hosts = module.nomad_cluster.ansible_inventory.all.children.nomad_servers.hosts } } vars = { ansible_user = "ubuntu" ansible_ssh_private_key_file = "~/.ssh/id_rsa" ansible_ssh_common_args = "-o StrictHostKeyChecking=no" } } }) } # 生成部署后配置脚本 resource "local_file" "post_deploy_script" { filename = "${path.module}/generated/post-deploy.sh" content = templatefile("${path.module}/templates/post-deploy.sh", { cluster_overview = module.nomad_cluster.cluster_overview endpoints = module.nomad_cluster.cluster_endpoints }) file_permission = "0755" } # 生成跨数据中心测试任务 resource "local_file" "cross_dc_test_job" { filename = "${path.module}/generated/cross-dc-test.nomad" content = templatefile("${path.module}/templates/cross-dc-test.nomad", { datacenters = ["dc1", "dc2", "dc3"] }) }