diff --git a/.gitignore b/.gitignore index d337924..0132c4d 100644 --- a/.gitignore +++ b/.gitignore @@ -6,5 +6,6 @@ terraform.tfvars .terraform/ .gcp* cluster_bootstrap_state +terraform-aws/cluster_bootstrap_state gcp-account.json *.iml \ No newline at end of file diff --git a/assets/node-init.json b/assets/node-init.json index a5c85cd..a6fc82b 100644 --- a/assets/node-init.json +++ b/assets/node-init.json @@ -5,6 +5,8 @@ "ec2:DescribeInstances", "ec2:DescribeVolumes", "ec2:AttachVolume", + "ec2:AttachNetworkInterface", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeTags", "autoscaling:DescribeAutoScalingGroups" ], diff --git a/assets/scripts/aws/autoattach-network.sh b/assets/scripts/aws/autoattach-network.sh new file mode 100644 index 0000000..5519915 --- /dev/null +++ b/assets/scripts/aws/autoattach-network.sh @@ -0,0 +1,51 @@ +# Required variables +# - aws_region +# - es_cluster +# - elasticsearch_data_dir + +AV_ZONE="$(ec2metadata --availability-zone)" +INSTANCE_ROLE="$(aws ec2 describe-tags --region $aws_region --filters Name=resource-id,Values=$(ec2metadata --instance-id) | jq -r '.Tags[] | select(.Key == "Role") | .Value')" +echo "AV_ZONE: $AV_ZONE" +echo "INSTANCE_ROLE: $INSTANCE_ROLE" + +while true; do + echo "UNATTACHED_ENI_ID: $eni_id" + + aws ec2 attach-network-interface --instance-id=$(ec2metadata --instance-id) --device-index 1 --network-interface-id ${eni_id} --region "$aws_region" + if [ "$?" != "0" ]; then + sleep 10 + continue + fi + + ATTACHMENTS_COUNT="$(aws ec2 describe-network-interfaces --region $aws_region --filters Name=network-interface-id,Values=${eni_id} | jq -r '.NetworkInterfaces[0].Attachment | length')" + if [ "$ATTACHMENTS_COUNT" != "0" ]; then break; fi +done + +echo "Updating network configuration" + +cat </etc/netplan/51-ens6.yaml +network: + version: 2 + renderer: networkd + ethernets: + ens6: + addresses: + - ${eni_ipv4}/20 + dhcp4: no + routes: + - to: 0.0.0.0/0 + via: 172.31.16.1 # Default gateway + table: 1000 + - to: ${eni_ipv4} + via: 0.0.0.0 + scope: link + table: 1000 + routing-policy: + - from: ${eni_ipv4} + table: 1000 +EOF + +sleep 5 + +netplan apply + diff --git a/assets/scripts/singlenode.sh b/assets/scripts/singlenode.sh index 578eefc..eade799 100644 --- a/assets/scripts/singlenode.sh +++ b/assets/scripts/singlenode.sh @@ -1,22 +1,41 @@ #!/bin/bash set +e +echo "Testing AMI Builder if it works properly" + + +echo "Running common env script" . /opt/cloud-deploy-scripts/common/env.sh -. /opt/cloud-deploy-scripts/$cloud_provider/env.sh + +if [ -e /opt/cloud-deploy-scripts/$cloud_provider/env.sh ]; then + echo "Running ${cloud_provider} env script" + . /opt/cloud-deploy-scripts/$cloud_provider/env.sh +fi # It is required to bind to all interfaces for load balancer on GCP to work if [ "$cloud_provider" == "gcp" ]; then export BIND_TO_ALL="true" fi +echo "Running EBS volume autoattach script" /opt/cloud-deploy-scripts/$cloud_provider/autoattach-disk.sh +echo "Running ENI autoattach script" +/opt/cloud-deploy-scripts/$cloud_provider/autoattach-network.sh + +echo "Running config-es script" /opt/cloud-deploy-scripts/common/config-es.sh + +echo "Running config-beats script" /opt/cloud-deploy-scripts/common/config-beats.sh +echo "Running ${cloud_provider}/config-es script" /opt/cloud-deploy-scripts/$cloud_provider/config-es.sh + +echo "Running ${cloud_provider}/config-es-discovery script" /opt/cloud-deploy-scripts/$cloud_provider/config-es-discovery.sh +echo "Creating elasticsearch.yml file" cat <<'EOF' >>/etc/elasticsearch/elasticsearch.yml node.master: true node.data: true @@ -24,18 +43,34 @@ node.ingest: true discovery.type: single-node EOF +echo "Running config/clients script" + /opt/cloud-deploy-scripts/common/config-clients.sh # add bootstrap.password to the keystore, so that config-cluster scripts can run # only done on bootstrap and singlenode nodes, before starting ES if [ "${security_enabled}" == "true" ]; then + echo "Configuring elasticsearch keystore" echo "${client_pwd}" | /usr/share/elasticsearch/bin/elasticsearch-keystore add --stdin bootstrap.password fi +#Fix IP Address +echo "Rewriting ENI IP Address in elasticsearch.yml" +sed -i -re "s/_ec2:privateIpv4_/${eni_ipv4}/ig" /etc/elasticsearch/elasticsearch.yml + # Start Elasticsearch +echo "Starting elasticsearch service" + systemctl daemon-reload systemctl enable elasticsearch.service systemctl start elasticsearch.service +echo "Running config-cluster script" /opt/cloud-deploy-scripts/common/config-cluster.sh -/opt/cloud-deploy-scripts/$cloud_provider/config-cluster.sh \ No newline at end of file + + +echo "Running ${cloud_provider}/config-cluster script" +/opt/cloud-deploy-scripts/$cloud_provider/config-cluster.sh + + + diff --git a/templates/aws_user_data.sh b/templates/aws_user_data.sh index a32b06e..d85f239 100644 --- a/templates/aws_user_data.sh +++ b/templates/aws_user_data.sh @@ -30,5 +30,7 @@ export bootstrap_node="${bootstrap_node}" export ca_cert="${ca_cert}" export node_cert="${node_cert}" export node_key="${node_key}" +export eni_id="${eni_id}" +export eni_ipv4="${eni_ipv4}" /opt/cloud-deploy-scripts/${startup_script} \ No newline at end of file diff --git a/terraform-aws/alb.tf b/terraform-aws/alb.tf index eefa73e..4978992 100644 --- a/terraform-aws/alb.tf +++ b/terraform-aws/alb.tf @@ -1,5 +1,5 @@ resource "aws_security_group" "elasticsearch-alb-sg" { - name = "${var.es_cluster}-alb-sg" + name = "${var.environment}-${var.es_cluster}-alb-sg" description = "ElasticSearch Ports for ALB Access" vpc_id = var.vpc_id @@ -47,7 +47,9 @@ resource "aws_security_group" "elasticsearch-alb-sg" { #----------------------------------------------------- resource "aws_lb_target_group" "esearch-p9200-tg" { - name = "${var.es_cluster}-p9200-tg" + count = local.singlenode_mode ? 0 : 1 + + name = "${var.environment}-${var.es_cluster}-p9200-tg" port = 9200 protocol = "HTTP" vpc_id = var.vpc_id @@ -64,7 +66,9 @@ resource "aws_lb_target_group" "esearch-p9200-tg" { } resource "aws_lb_target_group" "kibana-p5601-tg" { - name = "${var.es_cluster}-p5601-tg" + count = local.singlenode_mode ? 0 : 1 + + name = "${var.environment}-${var.es_cluster}-p5601-tg" port = 5601 protocol = "HTTP" vpc_id = var.vpc_id @@ -81,7 +85,9 @@ resource "aws_lb_target_group" "kibana-p5601-tg" { } resource "aws_lb_target_group" "grafana-p3000-tg" { - name = "${var.es_cluster}-p3000-tg" + count = local.singlenode_mode ? 0 : 1 + + name = "${var.environment}-${var.es_cluster}-p3000-tg" port = 3000 protocol = "HTTP" vpc_id = var.vpc_id @@ -98,7 +104,9 @@ resource "aws_lb_target_group" "grafana-p3000-tg" { } resource "aws_lb_target_group" "cerebro-p9000-tg" { - name = "${var.es_cluster}-p9000-tg" + count = local.singlenode_mode ? 0 : 1 + + name = "${var.environment}-${var.es_cluster}-p9000-tg" port = 9000 protocol = "HTTP" vpc_id = var.vpc_id @@ -115,7 +123,9 @@ resource "aws_lb_target_group" "cerebro-p9000-tg" { } resource "aws_lb" "elasticsearch-alb" { - name = "${var.es_cluster}-alb" + count = local.singlenode_mode ? 0 : 1 + + name = "${var.environment}-${var.es_cluster}-alb" internal = ! var.public_facing load_balancer_type = "application" security_groups = [aws_security_group.elasticsearch-alb-sg.id] @@ -130,46 +140,54 @@ resource "aws_lb" "elasticsearch-alb" { #----------------------------------------------------- resource "aws_lb_listener" "esearch" { - load_balancer_arn = aws_lb.elasticsearch-alb.arn + count = local.singlenode_mode ? 0 : 1 + + load_balancer_arn = aws_lb.elasticsearch-alb[0].arn port = "9200" protocol = "HTTP" default_action { type = "forward" - target_group_arn = aws_lb_target_group.esearch-p9200-tg.arn + target_group_arn = aws_lb_target_group.esearch-p9200-tg[0].arn } } resource "aws_lb_listener" "kibana" { - load_balancer_arn = aws_lb.elasticsearch-alb.arn + count = local.singlenode_mode ? 0 : 1 + + load_balancer_arn = aws_lb.elasticsearch-alb[0].arn port = "5601" protocol = "HTTP" default_action { type = "forward" - target_group_arn = aws_lb_target_group.kibana-p5601-tg.arn + target_group_arn = aws_lb_target_group.kibana-p5601-tg[0].arn } } resource "aws_lb_listener" "grafana" { - load_balancer_arn = aws_lb.elasticsearch-alb.arn + count = local.singlenode_mode ? 0 : 1 + + load_balancer_arn = aws_lb.elasticsearch-alb[0].arn port = "3000" protocol = "HTTP" default_action { type = "forward" - target_group_arn = aws_lb_target_group.grafana-p3000-tg.arn + target_group_arn = aws_lb_target_group.grafana-p3000-tg[0].arn } } resource "aws_lb_listener" "cerebro" { - load_balancer_arn = aws_lb.elasticsearch-alb.arn + count = local.singlenode_mode ? 0 : 1 + + load_balancer_arn = aws_lb.elasticsearch-alb[0].arn port = "9000" protocol = "HTTP" default_action { type = "forward" - target_group_arn = aws_lb_target_group.cerebro-p9000-tg.arn + target_group_arn = aws_lb_target_group.cerebro-p9000-tg[0].arn } } diff --git a/terraform-aws/client.tf b/terraform-aws/client.tf index b9ca8af..e58a708 100644 --- a/terraform-aws/client.tf +++ b/terraform-aws/client.tf @@ -7,7 +7,7 @@ data "template_file" "client_userdata_script" { } resource "aws_launch_template" "client" { - name_prefix = "elasticsearch-${var.es_cluster}-client-nodes" + name_prefix = "elasticsearch-${var.environment}-${var.es_cluster}-client-nodes" image_id = data.aws_ami.kibana_client.id instance_type = var.master_instance_type user_data = base64encode(data.template_file.client_userdata_script.rendered) @@ -35,7 +35,7 @@ resource "aws_launch_template" "client" { resource "aws_autoscaling_group" "client_nodes" { count = length(keys(var.clients_count)) - name = "elasticsearch-${var.es_cluster}-client-nodes-${keys(var.clients_count)[count.index]}" + name = "elasticsearch-${var.environment}-${var.es_cluster}-client-nodes-${keys(var.clients_count)[count.index]}" max_size = var.clients_count[keys(var.clients_count)[count.index]] min_size = var.clients_count[keys(var.clients_count)[count.index]] desired_capacity = var.clients_count[keys(var.clients_count)[count.index]] @@ -45,10 +45,10 @@ resource "aws_autoscaling_group" "client_nodes" { vpc_zone_identifier = local.clients_subnet_ids[keys(var.clients_count)[count.index]] target_group_arns = [ - aws_lb_target_group.esearch-p9200-tg.arn, - aws_lb_target_group.kibana-p5601-tg.arn, - aws_lb_target_group.grafana-p3000-tg.arn, - aws_lb_target_group.cerebro-p9000-tg.arn, + aws_lb_target_group.esearch-p9200-tg[0].arn, + aws_lb_target_group.kibana-p5601-tg[0].arn, + aws_lb_target_group.grafana-p3000-tg[0].arn, + aws_lb_target_group.cerebro-p9000-tg[0].arn, ] launch_template { diff --git a/terraform-aws/cluster_bootstrap_state b/terraform-aws/cluster_bootstrap_state deleted file mode 100644 index c227083..0000000 --- a/terraform-aws/cluster_bootstrap_state +++ /dev/null @@ -1 +0,0 @@ -0 \ No newline at end of file diff --git a/terraform-aws/datas.tf b/terraform-aws/datas.tf index bf80f8f..65b90de 100644 --- a/terraform-aws/datas.tf +++ b/terraform-aws/datas.tf @@ -7,7 +7,7 @@ data "template_file" "data_userdata_script" { } resource "aws_launch_template" "data" { - name_prefix = "elasticsearch-${var.es_cluster}-data-nodes" + name_prefix = "elasticsearch-${var.environment}-${var.es_cluster}-data-nodes" image_id = data.aws_ami.elasticsearch.id instance_type = var.data_instance_type user_data = base64encode(data.template_file.data_userdata_script.rendered) @@ -36,7 +36,7 @@ resource "aws_launch_template" "data" { resource "aws_autoscaling_group" "data_nodes" { count = length(keys(var.datas_count)) - name = "elasticsearch-${var.es_cluster}-data-nodes-${keys(var.datas_count)[count.index]}" + name = "elasticsearch-${var.environment}-${var.es_cluster}-data-nodes-${keys(var.datas_count)[count.index]}" max_size = var.datas_count[keys(var.datas_count)[count.index]] min_size = var.datas_count[keys(var.datas_count)[count.index]] desired_capacity = var.datas_count[keys(var.datas_count)[count.index]] @@ -51,7 +51,7 @@ resource "aws_autoscaling_group" "data_nodes" { ] target_group_arns = [ - aws_lb_target_group.esearch-p9200-tg.arn, + aws_lb_target_group.esearch-p9200-tg[0].arn, ] launch_template { diff --git a/terraform-aws/disks.tf b/terraform-aws/disks.tf index c278e95..0e764e1 100644 --- a/terraform-aws/disks.tf +++ b/terraform-aws/disks.tf @@ -21,7 +21,7 @@ resource "aws_ebs_volume" "master" { encrypted = var.volume_encryption tags = { - Name = "elasticsearch-${var.es_cluster}-master-${jsondecode(each.value)["name"]}" + Name = "elasticsearch-${var.environment}-${var.es_cluster}-master-${jsondecode(each.value)["name"]}" ClusterName = "${var.es_cluster}" VolumeIndex = jsondecode(each.value)["index"] AutoAttachGroup = "master" @@ -37,7 +37,7 @@ resource "aws_ebs_volume" "data" { encrypted = var.volume_encryption tags = { - Name = "elasticsearch-${var.es_cluster}-data-${jsondecode(each.value)["name"]}" + Name = "elasticsearch-${var.environment}-${var.es_cluster}-data-${jsondecode(each.value)["name"]}" ClusterName = "${var.es_cluster}" VolumeIndex = jsondecode(each.value)["index"] AutoAttachGroup = "data" @@ -53,7 +53,7 @@ resource "aws_ebs_volume" "singlenode" { encrypted = var.volume_encryption tags = { - Name = "elasticsearch-${var.es_cluster}-singlenode" + Name = "elasticsearch-${var.environment}-${var.es_cluster}-singlenode" ClusterName = "${var.es_cluster}" VolumeIndex = "0" AutoAttachGroup = "singlenode" diff --git a/terraform-aws/iam.tf b/terraform-aws/iam.tf index 1137d6a..549430e 100644 --- a/terraform-aws/iam.tf +++ b/terraform-aws/iam.tf @@ -7,12 +7,12 @@ data "template_file" "data_s3_backup" { } resource "aws_iam_role" "elasticsearch" { - name = "${var.es_cluster}-elasticsearch-discovery-role" + name = "${var.environment}-${var.es_cluster}-elasticsearch-discovery-role" assume_role_policy = file("${path.module}/../assets/ec2-role-trust-policy.json") } resource "aws_iam_role_policy" "elasticsearch" { - name = "${var.es_cluster}-elasticsearch-node-init-policy" + name = "${var.environment}-${var.es_cluster}-elasticsearch-node-init-policy" policy = file( "${path.module}/../assets/node-init.json", ) @@ -21,13 +21,13 @@ resource "aws_iam_role_policy" "elasticsearch" { resource "aws_iam_role_policy" "s3_backup" { count = var.s3_backup_bucket != "" ? 1 : 0 - name = "${var.es_cluster}-elasticsearch-backup-policy" + name = "${var.environment}-${var.es_cluster}-elasticsearch-backup-policy" policy = data.template_file.data_s3_backup.rendered role = aws_iam_role.elasticsearch.id } resource "aws_iam_instance_profile" "elasticsearch" { - name = "${var.es_cluster}-elasticsearch-discovery-profile" + name = "${var.environment}-${var.es_cluster}-elasticsearch-discovery-profile" path = "/" role = aws_iam_role.elasticsearch.name } diff --git a/terraform-aws/main.tf b/terraform-aws/main.tf index 4d540b8..7a65954 100644 --- a/terraform-aws/main.tf +++ b/terraform-aws/main.tf @@ -55,12 +55,15 @@ locals { master = false data = false bootstrap_node = false + eni_id = "" + eni_ipv4 = "" ca_cert = var.security_enabled ? join("", tls_self_signed_cert.ca[*].cert_pem) : "" node_cert = var.security_enabled ? join("", tls_locally_signed_cert.node[*].cert_pem) : "" node_key = var.security_enabled ? join("", tls_private_key.node[*].private_key_pem) : "" DEV_MODE_scripts_s3_bucket = var.DEV_MODE_scripts_s3_bucket + } } @@ -69,12 +72,12 @@ locals { ############################################################################## resource "aws_security_group" "elasticsearch_security_group" { - name = "elasticsearch-${var.es_cluster}-security-group" + name = "elasticsearch-${var.environment}-${var.es_cluster}-security-group" description = "Elasticsearch ports with ssh" vpc_id = var.vpc_id tags = { - Name = "${var.es_cluster}-elasticsearch" + Name = "${var.environment}-${var.es_cluster}-elasticsearch" cluster = var.es_cluster } @@ -119,12 +122,12 @@ resource "aws_security_group" "elasticsearch_security_group" { } resource "aws_security_group" "elasticsearch_clients_security_group" { - name = "elasticsearch-${var.es_cluster}-clients-security-group" + name = "elasticsearch-${var.environment}-${var.es_cluster}-clients-security-group" description = "Kibana HTTP access from outside" vpc_id = var.vpc_id tags = { - Name = "${var.es_cluster}-kibana" + Name = "${var.environment}-${var.es_cluster}-kibana" cluster = var.es_cluster } diff --git a/terraform-aws/masters.tf b/terraform-aws/masters.tf index c5a163b..b1b165f 100644 --- a/terraform-aws/masters.tf +++ b/terraform-aws/masters.tf @@ -19,7 +19,7 @@ data "template_file" "bootstrap_userdata_script" { } resource "aws_launch_template" "master" { - name_prefix = "elasticsearch-${var.es_cluster}-master-nodes" + name_prefix = "elasticsearch-${var.environment}-${var.es_cluster}-master-nodes" image_id = data.aws_ami.elasticsearch.id instance_type = var.master_instance_type user_data = base64encode(data.template_file.master_userdata_script.rendered) @@ -46,7 +46,7 @@ resource "aws_launch_template" "master" { resource "aws_autoscaling_group" "master_nodes" { count = length(keys(var.masters_count)) - name = "elasticsearch-${var.es_cluster}-master-nodes-${keys(var.masters_count)[count.index]}" + name = "elasticsearch-${var.environment}-${var.es_cluster}-master-nodes-${keys(var.masters_count)[count.index]}" max_size = var.masters_count[keys(var.masters_count)[count.index]] min_size = var.masters_count[keys(var.masters_count)[count.index]] desired_capacity = var.masters_count[keys(var.masters_count)[count.index]] @@ -110,7 +110,7 @@ resource "aws_instance" "bootstrap_node" { associate_public_ip_address = false tags = { - Name = "${var.es_cluster}-bootstrap-node" + Name = "${var.environment}-${var.es_cluster}-bootstrap-node" Environment = var.environment Cluster = "${var.environment}-${var.es_cluster}" Role = "bootstrap" diff --git a/terraform-aws/outputs.tf b/terraform-aws/outputs.tf index 08e9444..c4ecb94 100644 --- a/terraform-aws/outputs.tf +++ b/terraform-aws/outputs.tf @@ -2,6 +2,25 @@ output "clients_dns" { value = aws_lb.elasticsearch-alb.*.dns_name } +output "singlenode_ip" { + value = local.singlenode_mode ? aws_network_interface.single_node.private_ip : "" + +} + +// Security group that has access to elasticsearch port 9200 +// Used in single node mode where no load balancer has been configured +output "singlenode_es_access_sg" { + value = aws_security_group.elasticsearch-alb-sg.id +} + output "vm_password" { value = random_string.vm-login-password.result +} + +output "singlenode_az" { + value = local.singlenode_subnet_id +} + +output "cluster_subnet_ids" { + value = jsonencode(local.cluster_subnet_ids) } \ No newline at end of file diff --git a/terraform-aws/singlenode.tf b/terraform-aws/singlenode.tf index 314f474..03dba44 100644 --- a/terraform-aws/singlenode.tf +++ b/terraform-aws/singlenode.tf @@ -1,13 +1,29 @@ data "template_file" "singlenode_userdata_script" { template = file("${path.module}/../templates/aws_user_data.sh") - vars = merge(local.user_data_common, { + vars = merge(local.user_data_common, { startup_script = "singlenode.sh", - heap_size = var.master_heap_size + heap_size = var.master_heap_size, + eni_id = aws_network_interface.single_node.id, + eni_ipv4 = aws_network_interface.single_node.private_ip }) } +resource "aws_network_interface" "single_node" { + security_groups = [ + aws_security_group.elasticsearch_security_group.id, + aws_security_group.elasticsearch_clients_security_group.id + ] + subnet_id = local.singlenode_subnet_id + tags = { + "Name": format("%s-elasticsearch", var.es_cluster), + "Environment": var.environment, + "Cluster":"${var.environment}-${var.es_cluster}", + "Role":"singlenode" + } +} + resource "aws_launch_template" "single_node" { - name_prefix = "elasticsearch-${var.es_cluster}-single-node" + name_prefix = "elasticsearch-${var.environment}-${var.es_cluster}-single-node" image_id = data.aws_ami.kibana_client.id instance_type = var.data_instance_type user_data = base64encode(data.template_file.singlenode_userdata_script.rendered) @@ -33,7 +49,7 @@ resource "aws_launch_template" "single_node" { resource "aws_autoscaling_group" "singlenode" { count = local.singlenode_mode ? 1 : 0 - name = "elasticsearch-${var.es_cluster}-singlenode" + name = "elasticsearch-${var.environment}-${var.es_cluster}-singlenode" min_size = 1 max_size = 1 desired_capacity = 1 @@ -42,13 +58,6 @@ resource "aws_autoscaling_group" "singlenode" { vpc_zone_identifier = [local.singlenode_subnet_id] - target_group_arns = [ - aws_lb_target_group.esearch-p9200-tg.arn, - aws_lb_target_group.kibana-p5601-tg.arn, - aws_lb_target_group.grafana-p3000-tg.arn, - aws_lb_target_group.cerebro-p9000-tg.arn, - ] - launch_template { id = aws_launch_template.single_node.id version = "$Latest" @@ -79,5 +88,5 @@ resource "aws_autoscaling_group" "singlenode" { create_before_destroy = true } - depends_on = [aws_ebs_volume.singlenode] + depends_on = [aws_ebs_volume.singlenode, aws_network_interface.single_node] } diff --git a/terraform-aws/vpc.tf b/terraform-aws/vpc.tf index 13dfa57..115f074 100644 --- a/terraform-aws/vpc.tf +++ b/terraform-aws/vpc.tf @@ -73,4 +73,4 @@ resource "aws_vpc_endpoint" "s3" { service_name = "com.amazonaws.${var.aws_region}.s3" vpc_endpoint_type = "Gateway" route_table_ids = data.aws_route_tables.vpc_route_tables.ids -} \ No newline at end of file +}