Deploying a Nomad cluster integrated with Consul and Vault provides a robust and secure platform for orchestrating workloads. This article will guide you through setting up a three-node cluster, ensuring high availability and security for your applications.

Prerequisites

Before you begin, ensure you have:

• Three Linux-based servers (e.g., Ubuntu 20.04) with at least 2 CPUs and 4GB RAM each.
• SSH access to each server.
• Basic understanding of HashiCorp tools: Nomad, Consul, and Vault.

Step 1: Install Nomad, Consul, and Vault

On Each Node

1. Update and Install Dependencies:

   sudo apt-get update
   sudo apt-get install -y wget unzip
   

2. Install Nomad:

   wget https://releases.hashicorp.com/nomad/1.5.6/nomad_1.5.6_linux_amd64.zip
   unzip nomad_1.5.6_linux_amd64.zip
   sudo mv nomad /usr/local/bin/
   

3. Install Consul:

   wget https://releases.hashicorp.com/consul/1.14.5/consul_1.14.5_linux_amd64.zip
   unzip consul_1.14.5_linux_amd64.zip
   sudo mv consul /usr/local/bin/
   

4. Install Vault:

   wget https://releases.hashicorp.com/vault/1.13.0/vault_1.13.0_linux_amd64.zip
   unzip vault_1.13.0_linux_amd64.zip
   sudo mv vault /usr/local/bin/
   

Step 2: Configure Consul

Consul will act as the service discovery and configuration tool for Nomad.

1. Create Consul Configuration Directory:

   sudo mkdir -p /etc/consul.d
   

2. Create Consul Configuration File:

   /etc/consul.d/consul.hcl

   datacenter = "dc1"
   data_dir = "/opt/consul"
   bind_addr = "0.0.0.0"
   client_addr = "0.0.0.0"
   server = true
   bootstrap_expect = 3
   

3. Start Consul:

   consul agent -config-dir=/etc/consul.d &
   

Step 3: Configure Vault

Vault will manage secrets for your applications.

1. Create Vault Configuration Directory:

   sudo mkdir -p /etc/vault.d
   

2. Create Vault Configuration File:

   /etc/vault.d/vault.hcl

   storage "consul" {
     address = "127.0.0.1:8500"
     path    = "vault/"
   }
   
   listener "tcp" {
     address     = "0.0.0.0:8200"
     tls_disable = 1
   }
   
   api_addr = "http://127.0.0.1:8200"
   

3. Start Vault:

   vault server -config=/etc/vault.d/vault.hcl &
   

Step 4: Configure Nomad

Nomad will orchestrate your workloads.

1. Create Nomad Configuration Directory:

   sudo mkdir -p /etc/nomad.d
   

2. Create Nomad Configuration File:

   /etc/nomad.d/nomad.hcl

   data_dir = "/opt/nomad"
   bind_addr = "0.0.0.0"
   
   server {
     enabled = true
     bootstrap_expect = 3
   }
   
   client {
     enabled = true
   }
   
   consul {
     address = "127.0.0.1:8500"
   }
   

3. Start Nomad:

   nomad agent -config=/etc/nomad.d/nomad.hcl &
   

Step 5: Join the Cluster

On Each Node

1. Join Consul Cluster:

   consul join <IP-ADDRESS-OF-OTHER-NODE>
   

2. Join Nomad Cluster:

   nomad server join <IP-ADDRESS-OF-OTHER-NODE>
   

Step 6: Initialize and Unseal Vault

1. Initialize Vault:

   vault operator init
   

   Save the unseal keys and root token securely.

2. Unseal Vault:

   Use the unseal keys to unseal Vault:

   vault operator unseal <UNSEAL-KEY>
   

   Repeat this step until Vault is unsealed.

Conclusion

You now have a three-node Nomad cluster with Consul and Vault integrated. This setup provides a scalable and secure platform for deploying and managing your applications. Remember to secure your setup further by enabling TLS and configuring access controls.

References

• Nomad Documentation
• Consul Documentation
• Vault Documentation

This guide provides a foundational setup. For production environments, consider additional configurations like TLS encryption, access control policies, and monitoring solutions.