locals { ami_selection = "minion" # master, minion, ... } data "aws_kms_key" "ebs-key" { key_id = "alias/ebs_root_encrypt_decrypt" } # Placement groups are a good idea if we get bigger. This code works, but disabling for now because # t3* instance types don't support them. #resource "aws_placement_group" "cluster-placement" { # name = "splunk-indexer-cluster-placement-${var.asg_number}" # # Cluster placement is an interesting question for us. # # Since we're multisite, we're going to make each site use a 'cluster' strategy to keep indexers # # close together. # # # # 'spread' would be more appropriate if we were worried about individual site # # failures. # # # # And it doesn't really matter atm since all of ours are count=1 # strategy = "cluster" #} #better solutions are to upgrade to TF .12 or maybe this... #https://github.com/mavin/terraform-aws-tags-to-asg-tags/blob/master/vars.tf #https://github.com/cloudposse/terraform-aws-ec2-autoscale-group/blob/0.11/master/main.tf #TF verison 11 does not support conditional operations with the values as lists. #the /dev/xvdf device is not needed in Prod, just Test. resource "aws_launch_template" "splunk_indexer" { name = var.launch_conf_name instance_type = var.idx_instance_type image_id = local.ami_map[local.ami_selection] user_data = var.user_data ebs_optimized = true tags = var.tags network_interfaces { associate_public_ip_address = false delete_on_termination = true security_groups = var.indexer_security_group_ids } key_name = var.key_name iam_instance_profile { name = var.iam_instance_profile } # Unlike for instances, you _must_ specify the volume size for a launch template block_device_mappings { device_name = "/dev/sda1" ebs { volume_type = "gp2" volume_size = var.volume_sizes["/"] delete_on_termination = true encrypted = true kms_key_id = data.aws_kms_key.ebs-key.arn } } block_device_mappings { device_name = "/dev/xvdf" ebs { volume_type = "gp2" volume_size = var.volume_sizes["/opt/splunk"] delete_on_termination = true encrypted = true kms_key_id = data.aws_kms_key.ebs-key.arn } } block_device_mappings { # swap device_name = "/dev/xvdm" ebs { volume_size = var.volume_sizes["swap"] delete_on_termination = true encrypted = true kms_key_id = data.aws_kms_key.ebs-key.arn # Snapshot IDs need to be grabbed from the ami, or it will replace every time. It's ugly. # This may prompt replacement when the AMI is updated. # See: # https://github.com/hashicorp/terraform/issues/19958 # https://github.com/terraform-providers/terraform-provider-aws/issues/13118 #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdm"].ebs.snapshot_id } } block_device_mappings { # /home device_name = "/dev/xvdn" ebs { volume_size = var.volume_sizes["/home"] delete_on_termination = true encrypted = true kms_key_id = data.aws_kms_key.ebs-key.arn #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdn"].ebs.snapshot_id } } block_device_mappings { # /var device_name = "/dev/xvdo" ebs { volume_size = var.volume_sizes["/var"] delete_on_termination = true encrypted = true kms_key_id = data.aws_kms_key.ebs-key.arn #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdo"].ebs.snapshot_id } } block_device_mappings { # /var/tmp device_name = "/dev/xvdp" ebs { volume_size = var.volume_sizes["/var/tmp"] delete_on_termination = true encrypted = true kms_key_id = data.aws_kms_key.ebs-key.arn #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdp"].ebs.snapshot_id } } block_device_mappings { # /var/log device_name = "/dev/xvdq" ebs { volume_size = var.volume_sizes["/var/log"] delete_on_termination = true encrypted = true kms_key_id = data.aws_kms_key.ebs-key.arn #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdq"].ebs.snapshot_id } } block_device_mappings { # /var/log/audit device_name = "/dev/xvdr" ebs { volume_size = var.volume_sizes["/var/log/audit"] delete_on_termination = true encrypted = true kms_key_id = data.aws_kms_key.ebs-key.arn #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdr"].ebs.snapshot_id } } block_device_mappings { # /tmp device_name = "/dev/xvds" ebs { volume_size = var.volume_sizes["/tmp"] delete_on_termination = true encrypted = true kms_key_id = data.aws_kms_key.ebs-key.arn #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvds"].ebs.snapshot_id } } tag_specifications { resource_type = "instance" tags = merge(var.tags, { "Name": "${var.name}-splunk-idx" }) # This may have no effect? } tag_specifications { resource_type = "volume" tags = merge(var.tags, { "Name": "${var.name}-splunk-idx" }) # This may have no effect } lifecycle { create_before_destroy = true } } resource "aws_autoscaling_group" "splunk_indexer_asg" { name = var.asg_name launch_template { id = aws_launch_template.splunk_indexer.id version = "$Latest" } # Placement groups are a good idea if we get bigger. This code works, but disabling for now because # t3* instance types don't support them. #placement_group = aws_placement_group.cluster-placement.id vpc_zone_identifier = var.vpc_zone_identifier min_size = var.min_size max_size = var.max_size tag { key = "Name" value = "${ var.name }-splunk-indexer-${ var.asg_number }" propagate_at_launch = true } # Must ignore changes to attachments, or tf will flip flop lifecycle { ignore_changes = [ load_balancers, target_group_arns ] } # how long to wait for a healthy instance. Default is 10m, which sucks when troubleshooting, but larger instances need it #wait_for_capacity_timeout = "1m" }