Skip to content

Instantly share code, notes, and snippets.

@jeffwecan

jeffwecan/teamcity_server.nomad

Created February 22, 2021 20:26
Show Gist options
  • Save jeffwecan/0acb18310858b94e26e3c0a4adaadc4f to your computer and use it in GitHub Desktop.
Save jeffwecan/0acb18310858b94e26e3c0a4adaadc4f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
teamcity_server.nomad
variable "allowlist_excluded_ips" {
type = list(string)
default = [
"127.0.0.1/32",
"192.168.240.0/23",
]
}
variable "allowlist_source_range" {
type = list(string)
description = "List of CIDR blocks allowed ingress via traefik."
default = [
"0.0.0.0/0",
]
}
variable "domain_name" {
type = string
default = "teamcity.devhashi.app"
}
variable "image_tag" {
type = string
default = "2020.2.2"
}
locals {
ipwhitelist_sourcerange = join(",", concat(var.allowlist_source_range, var.allowlist_excluded_ips))
ipwhitelist_excludedips = join(",", var.allowlist_excluded_ips)
}
job "teamcity-server" {
type = "service"
datacenters = [
"us-west-2",
# TODO: drop the dev-/prod- prefixed DC names once the non-env-specific "us-west-2" string is available
"dev-us-west-2",
"prod-us-west-2",
]
update {
max_parallel = 1
health_check = "checks"
min_healthy_time = "10s"
healthy_deadline = "30m"
progress_deadline = "60m"
auto_revert = false
auto_promote = false
canary = 0
stagger = "2m"
}
migrate {
max_parallel = 1
health_check = "checks"
min_healthy_time = "2m"
healthy_deadline = "10m"
}
group "teamcity" {
count = 1
shutdown_delay = "1m"
restart {
interval = "10m"
attempts = 3
delay = "3m"
mode = "delay"
}
reschedule {
attempts = 0
unlimited = false
}
# volume "teamcity-server" {
# type = "csi"
# read_only = false
# source = "teamcity-efs"
# }
network {
port "server" {
to = 8111
}
}
service {
name = "teamcity-server"
port = "server"
address_mode = "host"
tags = [
"traefik.enable=true",
"traefik.http.middlewares.teamcity-ipallowlist-$${NOMAD_ALLOC_ID}.ipwhitelist.sourcerange=${local.ipwhitelist_sourcerange}",
"traefik.http.middlewares.teamcity-ipallowlist-$${NOMAD_ALLOC_ID}.ipwhitelist.ipstrategy.excludedips=${local.ipwhitelist_excludedips}",
"traefik.http.routers.teamcity-$${NOMAD_ALLOC_ID}.tls=true",
"traefik.http.routers.teamcity-$${NOMAD_ALLOC_ID}.rule=Host(`${var.domain_name}`)",
"traefik.http.routers.teamcity-$${NOMAD_ALLOC_ID}.middlewares=teamcity-ipallowlist-$${NOMAD_ALLOC_ID}@consulcatalog",
]
# TODO: not sure if an appropriate HTTP-based healthcheck endpoint is availale.
# So just using a simple TCP check at the moment.
# check {
# type = "http"
# port = "server"
# path = "/"
# interval = "10s"
# timeout = "2s"
# }
check {
type = "tcp"
port = "server"
interval = "10s"
timeout = "2s"
}
}
task "server" {
driver = "docker"
kill_timeout = "60m"
# volume_mount {
# volume = "teamcity-server"
# destination = "/data/teamcity_server/datadir"
# read_only = false
# }
scaling "cpu" {
policy {
check "90pct" {
strategy "app-sizing-percentile" {
percentile = "98"
}
}
}
}
scaling "mem" {
policy {
check "max" {
strategy "app-sizing-max" {}
}
}
}
resources {
cpu = 4000
memory = 3000
}
config {
image = "jetbrains/teamcity-server:${var.image_tag}"
ports = [
"server",
]
}
env {
TEAMCITY_LOGS = "local/"
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment