Skip to content
This repository was archived by the owner on Jan 25, 2023. It is now read-only.

Feature/launch template #97

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Feature/launch template #97

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
ef23524
First pass at using launch_template as an alternative to launch_confi…
jcejohnson Aug 24, 2018
72aee03
WIP experiment but failed due to: https://github.com/terraform-provid…
efx-jjohnson Aug 24, 2018
0ee25b9
Set the cluster name tag (etc) after cluster_extra_tags (etc) so that…
efx-jjohnson Aug 28, 2018
055132e
It's not pretty but it works. Though I think we should wait for https…
efx-jjohnson Aug 28, 2018
af10a1f
Working launch_template without any hacks.
efx-jjohnson Oct 1, 2018
cbd44e2
Fix default vaule and explain the choices
efx-jjohnson Oct 4, 2018
ed5cebe
Wrong dependency for launch_configuration based autoscaling group
jcejohnson Oct 6, 2018
bb7a7a6
Cleaner approach for setting the cluster_size output value
jcejohnson Oct 6, 2018
234f63b
launch_configuration can also request volume encryption
jcejohnson Oct 6, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
WIP experiment but failed due to: hashicorp/terraform-provider-aws#4553
  • Loading branch information
@efx-jjohnson
efx-jjohnson committed Aug 24, 2018
commit 72aee0343fc697b282f70aecca5a512fa040542d
50 changes: 25 additions & 25 deletions modules/vault-cluster/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,22 +13,21 @@ terraform {
resource "aws_autoscaling_group" "autoscaling_group" {
name_prefix = "${var.cluster_name}"

launch_configuration = "${var.use_launch_template ? 0 : aws_launch_configuration.launch_configuration.*.name[0]}"
launch_template = "${var.use_launch_template ? aws_launch_template.launch_template.*.name[0] : 0}"
# launch_configuration = "${aws_launch_configuration.launch_configuration.name}"

launch_template {
id = "${aws_launch_template.launch_template.id}"
}
availability_zones = ["${var.availability_zones}"]
vpc_zone_identifier = ["${var.subnet_ids}"]

# Use a fixed-size cluster
min_size = "${var.cluster_size}"
max_size = "${var.cluster_size}"
desired_capacity = "${var.cluster_size}"
termination_policies = ["${var.termination_policies}"]

min_size = "${var.cluster_size}"
max_size = "${var.cluster_size}"
desired_capacity = "${var.cluster_size}"
termination_policies = ["${var.termination_policies}"]
health_check_type = "${var.health_check_type}"
health_check_grace_period = "${var.health_check_grace_period}"
wait_for_capacity_timeout = "${var.wait_for_capacity_timeout}"

tags = ["${concat(
list(
map("key", var.cluster_tag_key, "value", var.cluster_name, "propagate_at_launch", true)
Expand All @@ -38,11 +37,10 @@ resource "aws_autoscaling_group" "autoscaling_group" {
}

# ---------------------------------------------------------------------------------------------------------------------
# CREATE LAUNCH CONFIGURATION TO DEFINE WHAT RUNS ON EACH INSTANCE IN THE ASG
# CREATE LAUNCH TEMPLATE TO DEFINE WHAT RUNS ON EACH INSTANCE IN THE ASG
# ---------------------------------------------------------------------------------------------------------------------

resource "aws_launch_configuration" "launch_configuration" {
count = "${var.use_launch_template ? 0 : 1}"
name_prefix = "${var.cluster_name}-"
image_id = "${var.ami_id}"
instance_type = "${var.instance_type}"
Expand Down Expand Up @@ -82,11 +80,10 @@ data "aws_ami" "ami" {
}

resource "aws_launch_template" "launch_template" {
count = "${var.use_launch_template ? 1 : 0}"
name_prefix = "${var.cluster_name}-"
image_id = "${var.ami_id}"
instance_type = "${var.instance_type}"
user_data = "${var.user_data}"
user_data = "${base64encode(var.user_data)}"

iam_instance_profile {
name = "${aws_iam_instance_profile.instance_profile.name}"
Expand All @@ -99,29 +96,32 @@ resource "aws_launch_template" "launch_template" {
tenancy = "${var.tenancy}"
}

network_interfaces {
associate_public_ip_address = "${var.associate_public_ip_address}"
}
# network_interfaces {
# associate_public_ip_address = "${var.associate_public_ip_address}"
# security_groups = ["${concat(list(aws_security_group.lc_security_group.id), var.additional_security_group_ids)}"]
# }

ebs_optimized = "${var.root_volume_ebs_optimized}"

block_device {
device_name = "${data.aws_ami.ami.root_device_name}"
volume_type = "${var.root_volume_type}"
volume_size = "${var.root_volume_size}"
delete_on_termination = "${var.root_volume_delete_on_termination}"
block_device_mappings {
device_name = "${data.aws_ami.ami.root_device_name}"

ebs {
encrypted = "${var.ebs_encryption}"
volume_type = "${var.root_volume_type}"
volume_size = "${var.root_volume_size}"
delete_on_termination = "${var.root_volume_delete_on_termination}"
}
}

tags = "${var.launch_template_tags}"
tag_specifications {
# Instanc tags are already handled by the autoscaling group
# Instance tags are already handled by the autoscaling group
resource_type = "volume"
Copy link
Collaborator

@brikis98 brikis98 Oct 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I must admit that this is a lot of extra code to maintain just to be able to tag EBS volumes. Is there no other way to do it?

Copy link
Contributor Author

@jcejohnson jcejohnson Oct 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree. My hope is that others will find other reasons why launch_template is a better alternative for their usecases and can expand on what I've started here.

The reason for the long delay between my initial submission & issue and this PR was due to the aws provider issue mentioned elsewhere. In the meantime, I was able to find a workaround via user-data script which inspects the instance & applies its tags to the instance volume. Of course, that requires that the instance be able to query its own tags and apply tags to its instance.

So, yes, there is another way to do it but it's a hack. And, from what I gather, launch templates are the new hot thing and presumably the preferred option going forward.


tags = "${merge(
map("key", var.cluster_tag_key, "value", var.cluster_name),
var.volume_extra_tags)
}"
}

# Important note: whenever using a launch configuration with an auto scaling group, you must set
Copy link
Collaborator

@brikis98 brikis98 Oct 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this true with a launch template too?

Copy link
Contributor Author

@jcejohnson jcejohnson Oct 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be honest, I'm not entirely sure that it is (still?) true for launch_configuration. My code is uses the vault-cluster default (true) and I haven't made any special configuration for the other resources.

# create_before_destroy = true. However, as soon as you set create_before_destroy = true in one resource, you must
# also set it in every resource that it depends on, or you'll get an error about cyclic dependencies (especially when
Expand Down
6 changes: 1 addition & 5 deletions modules/vault-cluster/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,8 @@ output "cluster_size" {
value = "${aws_autoscaling_group.autoscaling_group.desired_capacity}"
}

output "launch_config_name" {
value = "${var.use_launch_template ? "" : aws_launch_configuration.launch_configuration.*.name[0]}"
}

output "launch_template_name" {
value = "${var.use_launch_template ? aws_launch_template.launch_template.*.name[0] : ""}"
value = "${aws_launch_template.launch_template.name}"
}

output "iam_role_arn" {
Expand Down
20 changes: 8 additions & 12 deletions modules/vault-cluster/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,49 +5,40 @@

variable "cluster_name" {
description = "The name of the Vault cluster (e.g. vault-stage). This variable is used to namespace all resources created by this module."
default = "fred"
}

variable "ami_id" {
description = "The ID of the AMI to run in this cluster. Should be an AMI that had Vault installed and configured by the install-vault module."
default = "123"
}

variable "instance_type" {
description = "The type of EC2 Instances to run for each node in the cluster (e.g. t2.micro)."
default = "t2.micro"
}

variable "vpc_id" {
description = "The ID of the VPC in which to deploy the cluster"
default = "123"
}

variable "allowed_inbound_cidr_blocks" {
description = "A list of CIDR-formatted IP address ranges from which the EC2 Instances will allow connections to Vault"
type = "list"
default = []
}

variable "allowed_inbound_security_group_ids" {
description = "A list of security group IDs that will be allowed to connect to Vault"
type = "list"
default = []
}

variable "allowed_inbound_security_group_count" {
description = "The number of entries in var.allowed_inbound_security_group_ids. Ideally, this value could be computed dynamically, but we pass this variable to a Terraform resource's 'count' property and Terraform requires that 'count' be computed with literals or data sources only."
default = 0
}

variable "user_data" {
description = "A User Data script to execute while the server is booting. We recommend passing in a bash script that executes the run-vault script, which should have been installed in the AMI by the install-vault module."
default = "#!/bin/bash"
}

variable "cluster_size" {
description = "The number of nodes to have in the cluster. We strongly recommend setting this to 3 or 5."
default = 1
}

# ---------------------------------------------------------------------------------------------------------------------
Expand Down Expand Up @@ -207,9 +198,10 @@ variable "force_destroy_s3_bucket" {
default = false
}

variable "use_launch_template" {
description = "Use aws_launch_template resource instead of aws_launch_configuration. Enables volume_extra_tags."
default = false
variable "launch_template_tags" {
description = "A list of tags to add to the launch template."
type = "map"
default = {}
}

variable "volume_extra_tags" {
Expand All @@ -218,3 +210,7 @@ variable "volume_extra_tags" {
default = {}
}

variable "ebs_encryption" {
description = "Value of 'encrypted' attribute on the launch template's block device definition."
default = false
}