Merge pull request #248 from mdr-engineering/feature/ftd_MSOCI-1458_and_1694_SharedSearch_and_MC

Creates Searchheads in Test for splunk-mc and fm-shared-search

prod/aws-us-gov/mdr-prod-c2/account.hcl

@@ -58,17 +58,18 @@ locals {
       "/tmp": 4,  # minimum: 4
       "/opt/splunk": 30, # No minimum; not in base image
     },
-    "qcompliance" = {
-      "swap": 8,  # minimum: 8
-      "/": 10,    # minimum: 10
-      "/home": 4, # minimum: 4
-      "/var": 15, # minimum: 15
-      "/var/tmp": 4, # minimum: 4
-      "/var/log": 8, # minimum: 8
-      "/var/log/audit": 8, # minimum: 8
-      "/tmp": 4,  # minimum: 4
-      "/opt/splunk": 30, # No minimum; not in base image
-    },
+# qcompliance, fm-shared-search, and the monitoring console are all searchheads
+#    "qcompliance" = {
+#      "swap": 8,  # minimum: 8
+#      "/": 10,    # minimum: 10
+#      "/home": 4, # minimum: 4
+#      "/var": 15, # minimum: 15
+#      "/var/tmp": 4, # minimum: 4
+#      "/var/log": 8, # minimum: 8
+#      "/var/log/audit": 8, # minimum: 8
+#      "/tmp": 4,  # minimum: 4
+#      "/opt/splunk": 30, # No minimum; not in base image
+#    },
     "heavy_forwarder" = {
       "swap": 8,  # minimum: 8
       "/": 10,    # minimum: 10
@@ -141,6 +142,7 @@ locals {
   instance_types = {
     #"alsi-master"    = "t3a.small",
     #"alsi-worker"    = "t3a.small",
+    "fm-shared-search" = "m5a.large", # Legacy: t2.small,  prod m4.large
     "github"         = "c5.4xlarge", # legacy: c4.4xlarge in prod, c5.2xlarge in test
     "github-backup"  = "t3a.medium", # legacy: t2.medium
     "jira-rds"       = "db.t3.medium",
@@ -150,8 +152,9 @@ locals {
     "phantom"        = "m5a.4xlarge", # legacy test: t2.medium, legacy prod: m4.4xlarge
     "qcompliance"    = "c5a.8xlarge", # legacy: c4.8xlarge
     "splunk-cm"      = "m5a.xlarge",
-    "splunk-indexer" = "i3en.3xlarge",
     "splunk-hf"      = "m5a.xlarge",
+    "splunk-indexer" = "i3en.3xlarge",
+    "splunk-mc"      = "m5a.large", # Legacy: t2.small, prod m4.large
     "splunk-sh"      = "m5a.4xlarge",
   }
 

test/aws-us-gov/mdr-test-c2/190-splunk-fm-shared-search/.tfswitch.toml

@@ -0,0 +1 @@
+../../../../.tfswitch.toml

test/aws-us-gov/mdr-test-c2/190-splunk-fm-shared-search/terragrunt.hcl

@@ -0,0 +1,45 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/searchhead?ref=v1.23.3"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-private-services" # FM-shared-search is used by non-engineers
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "FM Shared Search"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  prefix = "fm"
+  instance_name = "fm-shared-search-0"
+  alb_name      = "fm-shared-search"
+  instance_type = local.account_vars.locals.instance_types["fm-shared-search"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  subnets = dependency.vpc.outputs.private_subnets
+}

test/aws-us-gov/mdr-test-c2/190-splunk-mc/.tfswitch.toml

@@ -0,0 +1 @@
+../../../../.tfswitch.toml

test/aws-us-gov/mdr-test-c2/190-splunk-mc/terragrunt.hcl

@@ -0,0 +1,45 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/searchhead?ref=v1.23.3"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-splunk"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Splunk Monitoring Console"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  prefix = "mc"
+  instance_name = "splunk-mc-0"
+  alb_name      = "splunk-mc"
+  instance_type = local.account_vars.locals.instance_types["splunk-mc"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  subnets = dependency.vpc.outputs.private_subnets
+}

test/aws-us-gov/mdr-test-c2/190-splunk-qcompliance-searchhead/.tfswitch.toml

@@ -1 +0,0 @@
-version = "0.13.5"

test/aws-us-gov/mdr-test-c2/190-splunk-qcompliance-searchhead/.tfswitch.toml

@@ -0,0 +1 @@
+../../../../.tfswitch.toml

test/aws-us-gov/mdr-test-c2/account.hcl

@@ -57,17 +57,18 @@ locals {
       "/tmp": 4,  # minimum: 4
       "/opt/splunk": 30, # No minimum; not in base image
     },
-    "qcompliance" = {
-      "swap": 8,  # minimum: 8
-      "/": 10,    # minimum: 10
-      "/home": 4, # minimum: 4
-      "/var": 15, # minimum: 15
-      "/var/tmp": 4, # minimum: 4
-      "/var/log": 8, # minimum: 8
-      "/var/log/audit": 8, # minimum: 8
-      "/tmp": 4,  # minimum: 4
-      "/opt/splunk": 30, # No minimum; not in base image
-    },
+# Qcompliance, fm-shared-search, and the mc are all searchheads
+#    "qcompliance" = {
+#      "swap": 8,  # minimum: 8
+#      "/": 10,    # minimum: 10
+#      "/home": 4, # minimum: 4
+#      "/var": 15, # minimum: 15
+#      "/var/tmp": 4, # minimum: 4
+#      "/var/log": 8, # minimum: 8
+#      "/var/log/audit": 8, # minimum: 8
+#      "/tmp": 4,  # minimum: 4
+#      "/opt/splunk": 30, # No minimum; not in base image
+#    },
     "heavy_forwarder" = {
       "swap": 8,  # minimum: 8
       "/": 10,    # minimum: 10
@@ -142,6 +143,7 @@ locals {
   instance_types = {
     "alsi-master"    = "t3a.small",
     "alsi-worker"    = "t3a.small",
+    "fm-shared-search" = "t3a.small", # Legacy: t2.small,  prod m4.large
     "github"         = "c5.2xlarge", # legacy: c4.4xlarge in prod, c5.2xlarge in test
     "github-backup"  = "t3a.medium", # legacy: t2.micro
     "jira-rds"       = "db.t3.medium",
@@ -156,6 +158,7 @@ locals {
     #"splunk-indexer" = "i3en.large", # legacy: t2.small, but whats the point if we don't have instance storage.
     #"splunk-indexer" = "m5d.large", # these are 1/2 the price of i3en.larges. 8GB RAM, 75GB storage
     "splunk-indexer" = "m5d.xlarge", # 16GB RAM, 150GB SSD
+    "splunk-mc"      = "t3a.small", # Legacy: t2.small, prod m4.large
     "splunk-sh"      = "t3a.small", # legacy: ? not sure
   }