| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200 |
- locals {
- ami_selection = "minion" # master, minion, ...
- }
- data "aws_kms_key" "ebs-key" {
- key_id = "alias/ebs_root_encrypt_decrypt"
- }
- resource "aws_placement_group" "cluster-placement" {
- name = "splunk-indexer-cluster-placement-${var.asg_number}"
- # Cluster placement is an interesting question for us.
- # Since we're multisite, we're going to make each site use a 'cluster' strategy to keep indexers
- # close together.
- #
- # 'spread' would be more appropriate if we were worried about individual site
- # failures.
- #
- # And it doesn't really matter atm since all of ours are count=1
- strategy = "cluster"
- }
- #better solutions are to upgrade to TF .12 or maybe this...
- #https://github.com/mavin/terraform-aws-tags-to-asg-tags/blob/master/vars.tf
- #https://github.com/cloudposse/terraform-aws-ec2-autoscale-group/blob/0.11/master/main.tf
- #TF verison 11 does not support conditional operations with the values as lists.
- #the /dev/xvdf device is not needed in Prod, just Test.
- resource "aws_launch_template" "splunk_indexer" {
- name = var.launch_conf_name
- instance_type = var.idx_instance_type
- image_id = local.ami_map[local.ami_selection]
- user_data = var.user_data
- ebs_optimized = true
- tags = var.tags
- network_interfaces {
- associate_public_ip_address = false
- delete_on_termination = true
- security_groups = var.indexer_security_group_ids
- }
- key_name = var.key_name
- iam_instance_profile {
- name = var.iam_instance_profile
- }
- # Unlike for instances, you _must_ specify the volume size for a launch template
- block_device_mappings {
- device_name = "/dev/sda1"
- ebs {
- volume_type = "gp2"
- volume_size = var.volume_sizes["/"]
- delete_on_termination = true
- encrypted = true
- kms_key_id = data.aws_kms_key.ebs-key.arn
- }
- }
- block_device_mappings {
- device_name = "/dev/xvdf"
- ebs {
- volume_type = "gp2"
- volume_size = var.volume_sizes["/opt/splunk"]
- delete_on_termination = true
- encrypted = true
- kms_key_id = data.aws_kms_key.ebs-key.arn
- }
- }
- block_device_mappings {
- # swap
- device_name = "/dev/xvdm"
- ebs {
- volume_size = var.volume_sizes["swap"]
- delete_on_termination = true
- encrypted = true
- kms_key_id = data.aws_kms_key.ebs-key.arn
- # Snapshot IDs need to be grabbed from the ami, or it will replace every time. It's ugly.
- # This may prompt replacement when the AMI is updated.
- # See:
- # https://github.com/hashicorp/terraform/issues/19958
- # https://github.com/terraform-providers/terraform-provider-aws/issues/13118
- #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdm"].ebs.snapshot_id
- }
- }
- block_device_mappings {
- # /home
- device_name = "/dev/xvdn"
- ebs {
- volume_size = var.volume_sizes["/home"]
- delete_on_termination = true
- encrypted = true
- kms_key_id = data.aws_kms_key.ebs-key.arn
- #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdn"].ebs.snapshot_id
- }
- }
- block_device_mappings {
- # /var
- device_name = "/dev/xvdo"
- ebs {
- volume_size = var.volume_sizes["/var"]
- delete_on_termination = true
- encrypted = true
- kms_key_id = data.aws_kms_key.ebs-key.arn
- #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdo"].ebs.snapshot_id
- }
- }
- block_device_mappings {
- # /var/tmp
- device_name = "/dev/xvdp"
- ebs {
- volume_size = var.volume_sizes["/var/tmp"]
- delete_on_termination = true
- encrypted = true
- kms_key_id = data.aws_kms_key.ebs-key.arn
- #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdp"].ebs.snapshot_id
- }
- }
- block_device_mappings {
- # /var/log
- device_name = "/dev/xvdq"
- ebs {
- volume_size = var.volume_sizes["/var/log"]
- delete_on_termination = true
- encrypted = true
- kms_key_id = data.aws_kms_key.ebs-key.arn
- #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdq"].ebs.snapshot_id
- }
- }
- block_device_mappings {
- # /var/log/audit
- device_name = "/dev/xvdr"
- ebs {
- volume_size = var.volume_sizes["/var/log/audit"]
- delete_on_termination = true
- encrypted = true
- kms_key_id = data.aws_kms_key.ebs-key.arn
- #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdr"].ebs.snapshot_id
- }
- }
- block_device_mappings {
- # /tmp
- device_name = "/dev/xvds"
- ebs {
- volume_size = var.volume_sizes["/tmp"]
- delete_on_termination = true
- encrypted = true
- kms_key_id = data.aws_kms_key.ebs-key.arn
- #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvds"].ebs.snapshot_id
- }
- }
- tag_specifications {
- resource_type = "instance"
- tags = merge(var.tags, { "Name": "${var.name}-splunk-idx" }) # This may have no effect?
- }
- tag_specifications {
- resource_type = "volume"
- tags = merge(var.tags, { "Name": "${var.name}-splunk-idx" }) # This may have no effect
- }
- lifecycle {
- create_before_destroy = true
- }
- }
- resource "aws_autoscaling_group" "splunk_indexer_asg" {
- name = var.asg_name
- launch_template {
- id = aws_launch_template.splunk_indexer.id
- version = "$Latest"
- }
- placement_group = aws_placement_group.cluster-placement.id
- vpc_zone_identifier = var.vpc_zone_identifier
- min_size = var.min_size
- max_size = var.max_size
- tag {
- key = "Name"
- value = "${ var.name }-splunk-indexer-${ var.asg_number }"
- propagate_at_launch = true
- }
- # Must ignore changes to attachments, or tf will flip flop
- lifecycle {
- ignore_changes = [ load_balancers, target_group_arns ]
- }
- # how long to wait for a healthy instance. Default is 10m, which sucks when troubleshooting, but larger instances need it
- #wait_for_capacity_timeout = "1m"
- }
|
