xdr-terraform-modules/submodules/splunk/splunk_indexer_asg/main.tf

locals {
  ami_selection = "minion" # master, minion, ...
}

data "aws_kms_key" "ebs-key" {
  key_id = "alias/ebs_root_encrypt_decrypt"
}

# Placement groups are a good idea if we get bigger. This code works, but disabling for now because
# t3* instance types don't support them.
#resource "aws_placement_group" "cluster-placement" {
#  name     = "splunk-indexer-cluster-placement-${var.asg_number}"
#  # Cluster placement is an interesting question for us.
#  # Since we're multisite, we're going to make each site use a 'cluster' strategy to keep indexers
#  # close together.
#  #
#  # 'spread' would be more appropriate if we were worried about individual site
#  # failures.
#  #
#  # And it doesn't really matter atm since all of ours are count=1
#  strategy = "cluster"
#}

#better solutions are to upgrade to TF .12 or maybe this...
#https://github.com/mavin/terraform-aws-tags-to-asg-tags/blob/master/vars.tf
#https://github.com/cloudposse/terraform-aws-ec2-autoscale-group/blob/0.11/master/main.tf

#TF verison 11 does not support conditional operations with the values as lists.
#the /dev/xvdf device is not needed in Prod, just Test.  

resource "aws_launch_template" "splunk_indexer" {
    name                        = var.launch_conf_name
    instance_type               = var.idx_instance_type
    image_id                    = local.ami_map[local.ami_selection]
    user_data                   = var.user_data
    ebs_optimized               = true
    tags                        = var.tags

    network_interfaces {
        associate_public_ip_address = false
        delete_on_termination       = true
        security_groups             = var.indexer_security_group_ids
        }
    key_name                    = var.key_name
    iam_instance_profile {
      name = var.iam_instance_profile
    }

    # Unlike for instances, you _must_ specify the volume size for a launch template
    block_device_mappings {
      device_name = "/dev/sda1"

      ebs {
        volume_type = "gp2"
        volume_size = var.volume_sizes["/"]
        delete_on_termination = true
        encrypted = true
        kms_key_id = data.aws_kms_key.ebs-key.arn
      }
    }

    block_device_mappings {
      device_name = "/dev/xvdf"

      ebs {
        volume_type = "gp2"
        volume_size = var.volume_sizes["/opt/splunk"]
        delete_on_termination = true
        encrypted = true
        kms_key_id = data.aws_kms_key.ebs-key.arn
      }
    }

    block_device_mappings {
      # swap
      device_name = "/dev/xvdm"

      ebs {
        volume_size = var.volume_sizes["swap"]
        delete_on_termination = true
        encrypted = true
        kms_key_id = data.aws_kms_key.ebs-key.arn
        # Snapshot IDs need to be grabbed from the ami, or it will replace every time. It's ugly.
        # This may prompt replacement when the AMI is updated.
        # See:
        #   https://github.com/hashicorp/terraform/issues/19958
        #   https://github.com/terraform-providers/terraform-provider-aws/issues/13118
        #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdm"].ebs.snapshot_id
      }
    }
    block_device_mappings {
      # /home
      device_name = "/dev/xvdn"

      ebs {
        volume_size = var.volume_sizes["/home"]
        delete_on_termination = true
        encrypted = true
        kms_key_id = data.aws_kms_key.ebs-key.arn
        #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdn"].ebs.snapshot_id
      }
    }  
    block_device_mappings {
      # /var
      device_name = "/dev/xvdo"

      ebs {
        volume_size = var.volume_sizes["/var"]
        delete_on_termination = true
        encrypted = true
        kms_key_id = data.aws_kms_key.ebs-key.arn
        #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdo"].ebs.snapshot_id
      }
    }
    block_device_mappings {
      # /var/tmp
      device_name = "/dev/xvdp"

      ebs {
        volume_size = var.volume_sizes["/var/tmp"]
        delete_on_termination = true
        encrypted = true
        kms_key_id = data.aws_kms_key.ebs-key.arn
        #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdp"].ebs.snapshot_id
      }
    }
    block_device_mappings {
      # /var/log
      device_name = "/dev/xvdq"

      ebs {
        volume_size = var.volume_sizes["/var/log"]
        delete_on_termination = true
        encrypted = true
        kms_key_id = data.aws_kms_key.ebs-key.arn
        #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdq"].ebs.snapshot_id
      }
    }
    block_device_mappings {
      # /var/log/audit
      device_name = "/dev/xvdr"

      ebs {
        volume_size = var.volume_sizes["/var/log/audit"]
        delete_on_termination = true
        encrypted = true
        kms_key_id = data.aws_kms_key.ebs-key.arn
        #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvdr"].ebs.snapshot_id
      }
    }
    block_device_mappings {
      # /tmp
      device_name = "/dev/xvds"

      ebs {
        volume_size = var.volume_sizes["/tmp"]
        delete_on_termination = true
        encrypted = true
        kms_key_id = data.aws_kms_key.ebs-key.arn
        #snapshot_id = local.block_device_mappings[local.ami_selection]["/dev/xvds"].ebs.snapshot_id
      }
    }

    tag_specifications {
      resource_type = "instance"
      tags = merge(var.tags, { "Name": "${var.name}-splunk-idx" }) # This may have no effect?
    }

    tag_specifications {
      resource_type = "volume"
      tags = merge(var.tags, { "Name": "${var.name}-splunk-idx" }) # This may have no effect
    }

    lifecycle {
        create_before_destroy = true
    }
}

resource "aws_autoscaling_group" "splunk_indexer_asg" {
    name                 = var.asg_name
    launch_template {
        id      = aws_launch_template.splunk_indexer.id
        version = "$Latest"
    }
    # Placement groups are a good idea if we get bigger. This code works, but disabling for now because
    # t3* instance types don't support them.
    #placement_group      = aws_placement_group.cluster-placement.id
    vpc_zone_identifier  = var.vpc_zone_identifier
    min_size             = var.min_size
    max_size             = var.max_size
    tag {
        key = "Name"
        value = "${ var.name }-splunk-indexer-${ var.asg_number }"
        propagate_at_launch = true
    }

    # Must ignore changes to attachments, or tf will flip flop
    lifecycle {
      ignore_changes = [ load_balancers, target_group_arns ]
    }

    # how long to wait for a healthy instance. Default is 10m, which sucks when troubleshooting, but larger instances need it
    #wait_for_capacity_timeout = "1m"
}