Skip to content

Commit

Permalink
Addressed issues related to single node deployment
Browse files Browse the repository at this point in the history
* Removed unused resource
* Fixed graphdb.properties values for single node deployment
* Removed calculation of `lb_tls_enabled` in the LB module as it is calculated in the main.tf
* Replaced `monitoring_route53_healtcheck_fqdn_url` with `graphdb_external_address` as it is the same URL.
* Removed `monitoring_route53_healtcheck_fqdn_url` variable
* Introduced new variable `graphdb_external_address`
* Moved proxy config file to be created only when node count > 1
* Removed port from graphdb.external-
  • Loading branch information
viktor-ribchev committed Jul 16, 2024
1 parent 7fa5bc9 commit 9611139
Show file tree
Hide file tree
Showing 10 changed files with 59 additions and 28 deletions.
2 changes: 2 additions & 0 deletions .terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 9 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,14 @@
# GraphDB AWS Terraform Module Changelog

# 1.2.3

* Removed unused resource "aws_ssm_parameter" "graphdb_lb_dns_name"
* Fixed `graphdb.properties` values for single node deployment:
* Changed `graphdb.external-url` to use `LB_DNS_RECORD` when single node is deployed.
* Added `graphdb.external-url.enforce.transactions=true`
* Removed calculation of `lb_tls_enabled` in the LB module as it is calculated in the main.tf
* Removed `monitoring_route53_healtcheck_fqdn_url` in favor of `graphdb_external_dns`.

# 1.2.2

* Fixed issues with variables in the backup user data script
Expand Down
20 changes: 11 additions & 9 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,11 @@ module "backup_replication" {
versioning_enabled = var.s3_versioning_enabled
}

locals {
lb_tls_enabled = var.lb_tls_certificate_arn != "" ? true : false
calculated_protocol = local.lb_tls_enabled == true ? "HTTPS" : "HTTP"
}

module "load_balancer" {
source = "./modules/load_balancer"

Expand All @@ -177,6 +182,7 @@ module "load_balancer" {
lb_health_check_interval = var.lb_health_check_interval
lb_enable_deletion_protection = var.prevent_resource_deletion
lb_tls_certificate_arn = var.lb_tls_certificate_arn
lb_tls_enabled = local.lb_tls_enabled
lb_tls_policy = var.lb_tls_policy
lb_access_logs_bucket_name = var.lb_enable_access_logs && var.deploy_logging_module ? module.logging[0].graphdb_logging_bucket_name : null
lb_enable_access_logs = var.lb_enable_access_logs
Expand All @@ -189,11 +195,6 @@ locals {
)
}

locals {
lb_tls_enabled = var.lb_tls_certificate_arn != null ? true : false
calculated_http_string_type = local.lb_tls_enabled == true ? "HTTPS" : "HTTP"
}

module "monitoring" {
source = "./modules/monitoring"
providers = {
Expand Down Expand Up @@ -221,11 +222,11 @@ module "monitoring" {
cmk_key_alias = var.sns_cmk_key_alias
parameter_store_kms_key_arn = local.calculated_parameter_store_kms_key_arn
cloudwatch_log_group_retention_in_days = var.monitoring_log_group_retention_in_days
route53_availability_request_url = var.monitoring_route53_healtcheck_fqdn_url
route53_availability_request_url = var.graphdb_external_dns
route53_availability_measure_latency = var.monitoring_route53_measure_latency
sns_kms_key_arn = local.calculated_sns_kms_key_arn
graphdb_node_count = var.graphdb_node_count
route53_availability_http_string_type = local.calculated_http_string_type
route53_availability_http_string_type = local.calculated_protocol
lb_tls_certificate_arn = var.lb_tls_certificate_arn
lb_dns_name = module.load_balancer.lb_dns_name != "" ? module.load_balancer.lb_dns_name : null
}
Expand All @@ -248,7 +249,7 @@ module "graphdb" {
# Network Load Balancer
lb_enable_private_access = var.lb_internal ? var.lb_enable_private_access : false
lb_subnets = local.lb_subnets
graphdb_lb_dns_name = module.load_balancer.lb_dns_name
graphdb_lb_dns_name = var.graphdb_external_dns != "" ? var.graphdb_external_dns : module.load_balancer.lb_dns_name

# GraphDB Configurations

Expand Down Expand Up @@ -309,7 +310,8 @@ module "graphdb" {

# User data scripts

deploy_monitoring = var.deploy_monitoring
deploy_monitoring = var.deploy_monitoring
external_address_http_string_type = local.calculated_protocol

# S3 Replication Logging Bucket Policy

Expand Down
7 changes: 0 additions & 7 deletions modules/graphdb/config.tf
Original file line number Diff line number Diff line change
Expand Up @@ -39,13 +39,6 @@ resource "aws_ssm_parameter" "graphdb_license" {
key_id = var.parameter_store_key_arn
}

resource "aws_ssm_parameter" "graphdb_lb_dns_name" {
name = "/${var.resource_name_prefix}/graphdb/lb_dns_name"
description = "The DNS name of the load balancer for the GraphDB nodes."
type = "String"
value = var.graphdb_lb_dns_name
}

resource "aws_ssm_parameter" "graphdb_properties" {
count = var.graphdb_properties_path != null ? 1 : 0

Expand Down
20 changes: 16 additions & 4 deletions modules/graphdb/templates/04_gdb_conf_overrides.sh.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ echo "#######################################"

LB_DNS_RECORD=${graphdb_lb_dns_name}
NODE_DNS_RECORD=$(cat /var/opt/graphdb/node_dns)

PROTOCOL=$(echo "${external_address_http_string_type}" | awk '{print tolower($0)}')
# Get and store the GraphDB license
aws --cli-connect-timeout 300 ssm get-parameter --region ${region} --name "/${name}/graphdb/license" --with-decryption | \
jq -r .Parameter.Value | \
Expand All @@ -32,22 +32,34 @@ aws --cli-connect-timeout 300 ssm get-parameter --region ${region} --name "/${na
GRAPHDB_CLUSTER_TOKEN="$(aws --cli-connect-timeout 300 ssm get-parameter --region ${region} --name "/${name}/graphdb/cluster_token" --with-decryption | jq -r .Parameter.Value | base64 -d)"
# Get the NODE_DNS_RECORD value from the previous script
SSM_PARAMETERS=$(aws ssm describe-parameters --cli-connect-timeout 300 --region ${region} --query "Parameters[?starts_with(Name, '/${name}/graphdb/')].Name" --output text)
NODE_COUNT=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names ${name} --query "AutoScalingGroups[0].DesiredCapacity" --output text)


cat << EOF > /etc/graphdb/graphdb.properties
# graphdb.external-url.enforce.transactions: determines whether it is necessary to rewrite the Location header when no proxy is configured.
# This is required because when working with the GDB transaction endpoint it returns an erroneous URL with HTTP protocol instead of HTTPS
if [ "$NODE_COUNT" -eq 1 ]; then
cat << EOF > /etc/graphdb/graphdb.properties
graphdb.connector.port=7201
graphdb.external-url=$${PROTOCOL}://$${LB_DNS_RECORD}
graphdb.external-url.enforce.transactions=true
EOF
else
cat << EOF > /etc/graphdb/graphdb.properties
graphdb.auth.token.secret=$GRAPHDB_CLUSTER_TOKEN
graphdb.connector.port=7201
graphdb.external-url=http://$${NODE_DNS_RECORD}:7201
graphdb.external-url=$${PROTOCOL}://$${NODE_DNS_RECORD}:7201
graphdb.rpc.address=$${NODE_DNS_RECORD}:7301
EOF

cat << EOF > /etc/graphdb-cluster-proxy/graphdb.properties
cat << EOF > /etc/graphdb-cluster-proxy/graphdb.properties
graphdb.auth.token.secret=$GRAPHDB_CLUSTER_TOKEN
graphdb.connector.port=7200
graphdb.external-url=http://$${LB_DNS_RECORD}
graphdb.vhosts=http://$${LB_DNS_RECORD},http://$${NODE_DNS_RECORD}:7200
graphdb.rpc.address=$${NODE_DNS_RECORD}:7300
graphdb.proxy.hosts=$${NODE_DNS_RECORD}:7301
EOF
fi

mkdir -p /etc/systemd/system/graphdb.service.d/

Expand Down
1 change: 1 addition & 0 deletions modules/graphdb/user_data.tf
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ data "cloudinit_config" "graphdb_user_data" {
content = templatefile("${path.module}/templates/04_gdb_conf_overrides.sh.tpl", {
name : var.resource_name_prefix
region : var.aws_region
external_address_http_string_type : var.external_address_http_string_type
graphdb_lb_dns_name : var.graphdb_lb_dns_name
})
}
Expand Down
7 changes: 7 additions & 0 deletions modules/graphdb/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,13 @@ variable "route53_zone_dns_name" {
type = string
}

# User Data Parameters

variable "external_address_http_string_type" {
description = "External address HTTP string type"
type = string
}

# Optional Parameters

variable "backup_retention_count" {
Expand Down
5 changes: 2 additions & 3 deletions modules/load_balancer/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ resource "random_id" "tg_name_suffix" {
locals {
lb_name = var.resource_name_prefix
target_group_name = "${var.resource_name_prefix}-tg-${random_id.tg_name_suffix.hex}"
lb_tls_enabled = var.lb_tls_certificate_arn != null ? true : false
}

resource "aws_lb" "graphdb_lb" {
Expand Down Expand Up @@ -55,7 +54,7 @@ resource "aws_lb_target_group" "graphdb_lb_target_group" {
}

resource "aws_lb_listener" "graphdb_listener" {
count = local.lb_tls_enabled ? 0 : 1
count = var.lb_tls_enabled ? 0 : 1

load_balancer_arn = aws_lb.graphdb_lb.id
port = 80
Expand All @@ -68,7 +67,7 @@ resource "aws_lb_listener" "graphdb_listener" {
}

resource "aws_lb_listener" "graphdb_tls" {
count = local.lb_tls_enabled ? 1 : 0
count = var.lb_tls_enabled ? 1 : 0

load_balancer_arn = aws_lb.graphdb_lb.id
port = 443
Expand Down
5 changes: 5 additions & 0 deletions modules/load_balancer/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -89,3 +89,8 @@ variable "graphdb_node_count" {
description = "Number of GraphDB nodes to deploy in ASG"
type = number
}

variable "lb_tls_enabled" {
description = "Is TLS enabled for the LB"
type = bool
}
11 changes: 6 additions & 5 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -306,6 +306,12 @@ variable "route53_zone_dns_name" {
}
}

variable "graphdb_external_dns" {
description = "External address where GraphDB will be accessed"
type = string
default = ""
}

# Monitoring

variable "deploy_monitoring" {
Expand Down Expand Up @@ -374,11 +380,6 @@ variable "monitoring_route53_availability_https_port" {
default = 443
}

variable "monitoring_route53_healtcheck_fqdn_url" {
description = "Define custom domain name for the Route53 Health check"
type = string
}

# GraphDB overrides

variable "graphdb_properties_path" {
Expand Down

0 comments on commit 9611139

Please sign in to comment.