xdr-terraform-modules/submodules/splunk/splunk_indexer_asg/main.tf

locals {
  ami_selection = "minion" # master, minion, ...
}

data "aws_kms_key" "ebs-key" {
  key_id = "alias/ebs_root_encrypt_decrypt"
}

# Placement groups are a good idea if we get bigger. This code works, but disabling for now because
# t3* instance types don't support them.
#resource "aws_placement_group" "cluster-placement" {
#  name     = "splunk-indexer-cluster-placement-${var.asg_number}"
#  # Cluster placement is an interesting question for us.
#  # Since we're multisite, we're going to make each site use a 'cluster' strategy to keep indexers
#  # close together.
#  #
#  # 'spread' would be more appropriate if we were worried about individual site
#  # failures.
#  #
#  # And it doesn't really matter atm since all of ours are count=1
#  strategy = "cluster"
#}

#better solutions are to upgrade to TF .12 or maybe this...
#https://github.com/mavin/terraform-aws-tags-to-asg-tags/blob/master/vars.tf
#https://github.com/cloudposse/terraform-aws-ec2-autoscale-group/blob/0.11/master/main.tf

#TF verison 11 does not support conditional operations with the values as lists.
#the /dev/xvdf device is not needed in Prod, just Test.  

resource "aws_launch_template" "splunk_indexer" {
  name          = var.launch_conf_name
  instance_type = var.idx_instance_type
  image_id      = local.ami_map[local.ami_selection]
  user_data     = var.user_data
  ebs_optimized = true
  tags          = var.tags

  metadata_options {
    http_endpoint = "enabled"
    http_tokens   = "optional" # tfsec:ignore:aws-autoscaling-enforce-http-token-imds Smartstore needs to be configured to use imdsv2, MSOCI-2150
  }

  network_interfaces {
    associate_public_ip_address = false
    delete_on_termination       = true
    security_groups             = var.indexer_security_group_ids
  }
  key_name = var.key_name
  iam_instance_profile {
    name = var.iam_instance_profile
  }

  # Unlike for instances, you _must_ specify the volume size for a launch template
  block_device_mappings {
    device_name = "/dev/sda1"

    ebs {
      volume_type           = "gp2"
      volume_size           = var.volume_sizes["/"]
      delete_on_termination = true
      encrypted             = true
      kms_key_id            = data.aws_kms_key.ebs-key.arn
    }
  }

  block_device_mappings {
    device_name = "/dev/xvdf"

    ebs {
      volume_type           = "gp2"
      volume_size           = var.volume_sizes["/opt/splunk"]
      delete_on_termination = true
      encrypted             = true
      kms_key_id            = data.aws_kms_key.ebs-key.arn
    }
  }

  block_device_mappings {
    # swap
    device_name = "/dev/xvdm"

    ebs {
      volume_size           = var.volume_sizes["swap"]
      delete_on_termination = true
      encrypted             = true
      kms_key_id            = data.aws_kms_key.ebs-key.arn
      # Snapshot IDs need to be grabbed from the ami, or it will replace every time. It's ugly.
      # This may prompt replacement when the AMI is updated.
      # See:
      #   https://github.com/hashicorp/terraform/issues/19958
      #   https://github.com/terraform-providers/terraform-provider-aws/issues/13118
      #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdm"].ebs.snapshot_id
    }
  }
  block_device_mappings {
    # /home
    device_name = "/dev/xvdn"

    ebs {
      volume_size           = var.volume_sizes["/home"]
      delete_on_termination = true
      encrypted             = true
      kms_key_id            = data.aws_kms_key.ebs-key.arn
      #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdn"].ebs.snapshot_id
    }
  }
  block_device_mappings {
    # /var
    device_name = "/dev/xvdo"

    ebs {
      volume_size           = var.volume_sizes["/var"]
      delete_on_termination = true
      encrypted             = true
      kms_key_id            = data.aws_kms_key.ebs-key.arn
      #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdo"].ebs.snapshot_id
    }
  }
  block_device_mappings {
    # /var/tmp
    device_name = "/dev/xvdp"

    ebs {
      volume_size           = var.volume_sizes["/var/tmp"]
      delete_on_termination = true
      encrypted             = true
      kms_key_id            = data.aws_kms_key.ebs-key.arn
      #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdp"].ebs.snapshot_id
    }
  }
  block_device_mappings {
    # /var/log
    device_name = "/dev/xvdq"

    ebs {
      volume_size           = var.volume_sizes["/var/log"]
      delete_on_termination = true
      encrypted             = true
      kms_key_id            = data.aws_kms_key.ebs-key.arn
      #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdq"].ebs.snapshot_id
    }
  }
  block_device_mappings {
    # /var/log/audit
    device_name = "/dev/xvdr"

    ebs {
      volume_size           = var.volume_sizes["/var/log/audit"]
      delete_on_termination = true
      encrypted             = true
      kms_key_id            = data.aws_kms_key.ebs-key.arn
      #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdr"].ebs.snapshot_id
    }
  }
  block_device_mappings {
    # /tmp
    device_name = "/dev/xvds"

    ebs {
      volume_size           = var.volume_sizes["/tmp"]
      delete_on_termination = true
      encrypted             = true
      kms_key_id            = data.aws_kms_key.ebs-key.arn
      #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvds"].ebs.snapshot_id
    }
  }

  tag_specifications {
    resource_type = "instance"
    tags          = merge(var.tags, { "Name" : "${var.name}-splunk-idx" }) # This may have no effect?
  }

  tag_specifications {
    resource_type = "volume"
    tags          = merge(var.tags, { "Name" : "${var.name}-splunk-idx" }) # This may have no effect
  }

  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_autoscaling_group" "splunk_indexer_asg" {
  name = var.asg_name
  launch_template {
    id      = aws_launch_template.splunk_indexer.id
    version = "$Latest"
  }
  # Placement groups are a good idea if we get bigger. This code works, but disabling for now because
  # t3* instance types don't support them.
  #placement_group      = aws_placement_group.cluster-placement.id
  vpc_zone_identifier = var.vpc_zone_identifier
  min_size            = var.min_size
  max_size            = var.max_size
  tag {
    key                 = "Name"
    value               = "${var.name}-splunk-indexer-${var.asg_number}"
    propagate_at_launch = true
  }

  # Must ignore changes to attachments, or tf will flip flop
  lifecycle {
    ignore_changes = [load_balancers, target_group_arns]
  }

  # how long to wait for a healthy instance. Default is 10m, which sucks when troubleshooting, but larger instances need it
  #wait_for_capacity_timeout = "1m"

  # Default metrics for ASG
  enabled_metrics = [
    "GroupAndWarmPoolDesiredCapacity",
    "GroupAndWarmPoolTotalCapacity",
    "GroupDesiredCapacity",
    "GroupInServiceCapacity",
    "GroupInServiceInstances",
    "GroupMaxSize",
    "GroupMinSize",
    "GroupPendingCapacity",
    "GroupPendingInstances",
    "GroupStandbyCapacity",
    "GroupStandbyInstances",
    "GroupTerminatingCapacity",
    "GroupTerminatingInstances",
    "GroupTotalCapacity",
    "GroupTotalInstances",
    "WarmPoolDesiredCapacity",
    "WarmPoolMinSize",
    "WarmPoolPendingCapacity",
    "WarmPoolTerminatingCapacity",
    "WarmPoolTotalCapacity",
    "WarmPoolWarmedCapacity",
  ]

  suspended_processes = var.suspended_processes
}