From b95bd61aa9b9db7a22700e099b9dafcaebe8c37c Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Thu, 11 Aug 2016 02:16:02 -0700 Subject: [PATCH] instance storage - Updated root device to use gp2 on backends - Added map `instance_store` with reasonable defaults - Now using local node instance storage for backends --- CHANGELOG.md | 9 ++- README.md | 20 ++++++- files/instance_store.bash | 122 ++++++++++++++++++++++++++++++++++++++ main.tf | 14 +++++ terraform.tfvars.example | 38 +++++++----- variables.tf | 17 +++++- 6 files changed, 197 insertions(+), 23 deletions(-) create mode 100644 files/instance_store.bash diff --git a/CHANGELOG.md b/CHANGELOG.md index c9606f1..676067f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,9 +3,16 @@ tf_hachef CHANGELOG This file is used to list changes made in each version of the tf_hachef Terraform plan. +v0.2.6 (2016-08-11) +------------------- +- Updated root device to use gp2 on backends +- Added map `instance_store` with reasonable defaults +- Now using local node instance storage for backends + v0.2.5 (2016-08-10) ------------------- -- Adding `postgresql.md5_auth_cidr_addresses` to `chef-backend.rb` before joining cluster no longer breaks chef-backend +- Adding `postgresql.md5_auth_cidr_addresses` to `chef-backend.rb` before +joining cluster no longer breaks chef-backend - attributes-json.tpl -> backend-attributes-json.tpl for consistency v0.2.4 (2016-08-10) diff --git a/README.md b/README.md index 2a63af8..f257018 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,14 @@ These resources will incur charges on your AWS bill. It is your responsibility to delete the resources. +## Recommendations + +The defaults set forth in the [variables.tf](variables.tf) file have been set +for good reasons. Please note that a good amount of testing went into defining +these defaults and necessary inputs are defined, for your convenience in +[terraform.tfvars.example](terraform.tfvars.example) + + ## Input variables @@ -132,11 +140,11 @@ to delete the resources. * `last_name`: Chef user last name. Default: `User` * `instance`: Map of various AWS instance settings (backend and frontend) * `backend_flavor`: Backend default instance type. Default: `r3.xlarge` - * `backend_iops`: Backend root volume IOPs (when using `io1`). Default: `6000` + * `backend_iops`: Backend root volume IOPs (when using `io1`). Default: `0` * `backend_public`: Backend default association to public ip. Default: `true` - * `backend_size`: Backend root volume size in gigabytes. Default: `200` + * `backend_size`: Backend root volume size in gigabytes. Default: `40` * `backend_term`: Delete root volume on VM termination. Default: `true` - * `backend_type`: Backend root volume type: Default `io1` + * `backend_type`: Backend root volume type: Default `gp2` * `ebs_optimized`: Deploy EBS optimized root volume. Default `true` * `frontend_flavor`: Frontend default instance type. Default: `r3.xlarge` * `frontend_iops`: Frontend root volume IOPs (when using `io1`). Default: `6000` @@ -151,6 +159,12 @@ to delete the resources. * `instance_keys`: Map of SSH key settings to deploy and access AWS instances * `key_name`: The private key pair name on AWS to use (String) * `key_file`: The full path to the private kye matching `instance_keys["key_name"]` public key on AWS +* `instance_store`: If the VM has an instance store device, use it + * `device`: Block device of instance store. Default `xvdb` + * `enabled`: If we want to use the instance store. Default `true` + * `filesystem`: Filesystem to format instance store device with. Default `ext4` + * `mount`: Mount point for instance store devie. Default: `/mnt/xvdb` + * `mount_options`: Options for mount point. Default: `defaults,noatime,errors=remount-ro` * `domain`: Domain name for instances and ELB. Default: `localdomain` * `r53_zones`: AWS Route53 zone settings * `internal`: Route53 internal zone ID diff --git a/files/instance_store.bash b/files/instance_store.bash new file mode 100644 index 0000000..d040028 --- /dev/null +++ b/files/instance_store.bash @@ -0,0 +1,122 @@ +#!/usr/bin/env bash + +# ----------------------------------------------------------------------------- +VERSION=1.0 +AUTHOR="Brian Menges" +AUTHOR_EMAIL="mengesb@gmail.com" +LICENSE="Apache 2.0" +LICENSE_URL="http://www.apache.org/licenses/LICENSE-2.0" +# ----------------------------------------------------------------------------- + +PROTECTED_ROOT=$(mount|grep ' / '|cut -d' ' -f 1|sed 's,/dev/,,') + +# Usage +usage() +{ + cat < + Version: ${VERSION} + +EOF +} + +while getopts ":d:e:f:m:ohv" OPTION; do + case "$OPTION" in + d) + DEV=${OPTARG} + ;; + e) + case ${OPTARG} in + true) + ENABLED=1 + ;; + 1) + ENABLED=1 + ;; + esac + ;; + f) + FS=${OPTARG} + ;; + h) + usage && exit 0 + ;; + m) + MNT=${OPTARG} + ;; + o) + OPT=${OPTARG} + ;; + v) + set -x + VERBOSE=1 + ;; + *) + usage && exit 1 + ;; + ?) + usage && exit 1 + ;; + esac +done + +# Defaults +[[ -z $DEV ]] && DEV=xvdb +[[ -z $FS ]] && FS=ext4 +[[ -z $MNT ]] && MNT=/mnt/$DEV +[[ -z $OPT ]] && OPT='defaults,noatime,errors=remount-ro' + +# Requirements check +[[ -z $ENABLED ]] && echo "The safety is still on" && exit 0 + +[[ $EUID -ne 0 ]] && echo "$0 must be ran as root" && exit 1 + +if [[ ! -b /dev/$DEV ]] +then + echo "ERROR: Device not a block device: /dev/$DEV" && exit 1 +fi + +if [[ $DEV =~ $PROTECTED_ROOT ]] +then + echo "ERROR: Cannot use root device" && exit 1 +fi + +# Main + +# Setup instance store device +mkfs -t $FS /dev/$DEV + +# Mount point setup +mkdir -p ${MNT} /opt /var/opt /var/cache/chef /var/log/chef-backend +mount /dev/${DEV} ${MNT} +mkdir -p /mnt/${DEV}/var/opt /mnt/${DEV}/var/log/chef-backend /mnt/${DEV}/opt /mnt/${DEV}/var/cache/chef +umount /dev/${DEV} + +# Update /etc/fstab +sed -i "/$DEV/d" /etc/fstab +echo " +/dev/${DEV} ${MNT} auto ${OPT} 0 0 +/mnt/${DEV}/opt /opt auto defaults,bind 0 0 +/mnt/${DEV}/var/cache/chef /var/cache/chef auto defaults,bind 0 0 +/mnt/${DEV}/var/log/chef-backend /var/log/chef-backend auto defaults,bind 0 0 +/mnt/${DEV}/var/opt /var/opt auto defaults,bind 0 0 +" | tee -a /etc/fstab + +# Mount +mount -a diff --git a/main.tf b/main.tf index 20e8a63..5c3a553 100644 --- a/main.tf +++ b/main.tf @@ -254,6 +254,20 @@ resource "aws_instance" "chef-backends" { provisioner "remote-exec" { script = "${path.module}/files/disable_firewall.sh" } + # Setup instance storage + provisioner "file" { + source = "${path.module}/files/instance_store.bash" + destination = "/tmp/instance_store.bash" + } + provisioner "remote-exec" { + inline = [ + "#!/usr/bin/env bash", + "sudo chmod a+x /tmp/instance_store.bash", + "sudo cp /etc/fstab /tmp/fstab.before", + "sudo /tmp/instance_store.bash -d ${var.instance_store["device"]} -e ${var.instance_store["enabled"]} -f ${var.instance_store["filesystem"]} -m ${var.instance_store["mount"]} -o '${var.instance_store["mount_options"]}' -v", + "cp /etc/fstab /tmp/fstab.after", + ] + } # Put cookbooks provisioner "remote-exec" { script = "${path.module}/files/chef-cookbooks.sh" diff --git a/terraform.tfvars.example b/terraform.tfvars.example index 819de4f..16de89f 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -44,7 +44,7 @@ provider = { # AWS AMI settings map # #ami = { -# ubuntu14-io1-us-east-1 = "ami-aac24fbd" +# ubuntu12-gp2-us-east-1 = "ami-b74688da" #} #os = "ubuntu14" #ami_user = { @@ -54,21 +54,20 @@ provider = { # AWS EC2 instance settings # #instance = { -# backend_flavor = "r3.xlarge" -# backend_iops = 6000 -# backend_public = true -# backend_size = 200 -# backend_term = true -# backend_type = "io1" -# ebs_optimized = true -# frontend_flavor = "m4.large" -# frontend_iops = 0 -# frontend_public = true -# frontend_size = 40 -# frontend_term = true -# frontend_type = "gp2" -# tags_desc = "Created using Terraform" -# key = "value" +# backend_flavor = "r3.xlarge" +# backend_iops = 0 +# backend_public = true +# backend_size = 40 +# backend_term = true +# backend_type = "gp2" +# ebs_optimized = true +# frontend_flavor = "m4.large" +# frontend_iops = 0 +# frontend_public = true +# frontend_size = 40 +# frontend_term = true +# frontend_type = "gp2" +# tags_desc = "Created using Terraform" #} #instance_hostname = { # backend = "chefbe" @@ -78,6 +77,13 @@ instance_keys = { key_name = "" key_file = "" } +#instance_store = { +# device = "xvdb" +# enabled = true +# filesystem = "ext4" +# mount = "/mnt/xvdb" +# mount_options = "defaults,noatime,errors=remount-ro" +#} domain = "" # # SSL settings diff --git a/variables.tf b/variables.tf index 2895b9a..b9b2c86 100644 --- a/variables.tf +++ b/variables.tf @@ -273,11 +273,11 @@ variable "instance" { description = "" default = { backend_flavor = "r3.xlarge" - backend_iops = 6000 + backend_iops = 0 backend_public = true - backend_size = 200 + backend_size = 40 backend_term = true - backend_type = "io1" + backend_type = "gp2" ebs_optimized = true frontend_flavor = "m4.large" frontend_iops = 0 @@ -304,6 +304,17 @@ variable "instance_keys" { key_file = "" } } +variable "instance_store" { + type = "map" + description = "Instance storage settings" + default = { + device = "xvdb" + enabled = true + filesystem = "ext4" + mount = "/mnt/xvdb" + mount_options = "defaults,noatime,errors=remount-ro" + } +} variable "domain" { description = "Chef server domain name" default = "localdomain"