From 87df93093448fc29a1e20f9cd7496b829a62af9b Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Fri, 28 Oct 2016 16:49:23 -0700 Subject: [PATCH 1/3] ETCD improvements - Added ETCD tunable variables and implementation - Update `private_key` for `connection` to use `${file()}` interpolation --- CHANGELOG.md | 5 ++ providers/aws/route53_ssl/README.md | 18 ++++++ .../route53_ssl/files/etcd_template.bash.tpl | 4 ++ providers/aws/route53_ssl/main.tf | 61 ++++++++++++++++--- providers/aws/route53_ssl/variables.tf | 22 +++++++ 5 files changed, 100 insertions(+), 10 deletions(-) create mode 100644 providers/aws/route53_ssl/files/etcd_template.bash.tpl diff --git a/CHANGELOG.md b/CHANGELOG.md index 587aca5..288fb61 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,11 @@ tf_hachef CHANGELOG This file is used to list changes made in each version of the tf_hachef Terraform plan. +v0.2.9 (2016-10-28) +------------------- +- Added ETCD tunable variables and implementation +- Update `private_key` for `connection` to use `${file()}` interpolation + v0.2.8 (2016-10-28) ------------------- - Updated repo structure to prepare for multiple providers and plans per provider feature set. diff --git a/providers/aws/route53_ssl/README.md b/providers/aws/route53_ssl/README.md index 5bfe196..fcd7324 100644 --- a/providers/aws/route53_ssl/README.md +++ b/providers/aws/route53_ssl/README.md @@ -645,6 +645,24 @@ these defaults and necessary inputs are defined, for your convenience in integer 180 + + etcd_path + + Path to configure ETCD settings + `/opt/chef-backend/service/etcd/env` + + + etcd_settings + + Map of settings for ETCD configuration. Key is setting name, value is the value + ETCD_HEARTBEAT_INTERVAL = 600
ETCD_ELECTION_TIMEOUT = 6000
ETCD_SNAPSHOT_COUNT = 5000 + + + etcd_restart_cmd + + Command issued to restart ETCD service + sudo chef-backend-ctl restart etcd + diff --git a/providers/aws/route53_ssl/files/etcd_template.bash.tpl b/providers/aws/route53_ssl/files/etcd_template.bash.tpl new file mode 100644 index 0000000..842cc90 --- /dev/null +++ b/providers/aws/route53_ssl/files/etcd_template.bash.tpl @@ -0,0 +1,4 @@ +#!/usr/bin/env bash + +[[ -f ${path}/${file} ]] && sudo mv ${path}/${file} ${path}/${file}.bak +echo ${input} | sudo tee -a ${path}/${file} diff --git a/providers/aws/route53_ssl/main.tf b/providers/aws/route53_ssl/main.tf index 8e3cabd..2a79ef9 100644 --- a/providers/aws/route53_ssl/main.tf +++ b/providers/aws/route53_ssl/main.tf @@ -248,7 +248,7 @@ resource "aws_instance" "chef-backends" { connection { host = "${self.public_ip}" user = "${var.ami_user[var.os]}" - private_key = "${var.instance_keys["key_file"]}" + private_key = "${file("${var.instance_keys["key_file"]}")}" } # Setup provisioner "remote-exec" { @@ -302,7 +302,7 @@ resource "null_resource" "establish_leader" { connection { host = "${aws_instance.chef-backends.0.public_ip}" user = "${var.ami_user[var.os]}" - private_key = "${var.instance_keys["key_file"]}" + private_key = "${file("${var.instance_keys["key_file"]}")}" } provisioner "remote-exec" { inline = [ @@ -335,7 +335,7 @@ resource "null_resource" "follow_leader" { connection { host = "${element(aws_instance.chef-backends.*.public_ip, count.index + 1)}" user = "${var.ami_user[var.os]}" - private_key = "${var.instance_keys["key_file"]}" + private_key = "${file("${var.instance_keys["key_file"]}")}" } provisioner "file" { source = ".chef/chef-backend-secrets.json" @@ -358,6 +358,47 @@ resource "null_resource" "follow_leader" { command = "rm -f /tmp/configuring.${sha256(element(aws_instance.chef-backends.*.id, count.index + 1))}" } } +data "template_file" "etcd_settings" { + count = "${length(var.etcd_settings)}" + template = "${file("${path.module}/files/etcd_template.bash.tpl")}" + vars { + path = "${var.etcd_path}" + file = "${element(keys(var.etcd_settings), count.index)}" + input = "${element(values(var.etcd_settings), count.index)}" + } +} +resource "null_resource" "etcd_configure" { + depends_on = ["null_resource.establish_leader","null_resource.follow_leader"] + count = "${var.chef_backend["count"] * length(var.etcd_settings)}" + connection { + host = "${element(aws_instance.chef-backends.*.public_ip, count.index % var.chef_backend["count"])}" + user = "${var.ami_user[var.os]}" + private_key = "${file("${var.instance_keys["key_file"]}")}" + } + provisioner "file" { + content = "${element(data.template_file.etcd_settings.*.rendered, (count.index % var.chef_backend["count"]))}" + destination = "/tmp/etcd_settings.${count.index % length(var.etcd_settings)}.bash" + } + provisioner "remote-exec" { + inline = [ + "bash /tmp/etcd_settings.${count.index % length(var.etcd_settings)}.bash", + ] + } +} +resource "null_resource" "etcd_restart" { + depends_on = ["null_resource.etcd_configure"] + count = "${var.chef_backend["count"]}" + connection { + host = "${element(aws_instance.chef-backends.*.public_ip, count.index % var.chef_backend["count"])}" + user = "${var.ami_user[var.os]}" + private_key = "${file("${var.instance_keys["key_file"]}")}" + } + provisioner "remote-exec" { + inline = [ + "${var.etcd_restart_cmd}" + ] + } +} resource "aws_route53_record" "chef-backends-private" { count = "${var.chef_backend["count"]}" zone_id = "${var.r53_zones["internal"]}" @@ -407,7 +448,7 @@ resource "aws_instance" "chef-frontends" { connection { host = "${self.public_ip}" user = "${var.ami_user[var.os]}" - private_key = "${var.instance_keys["key_file"]}" + private_key = "${file("${var.instance_keys["key_file"]}")}" } # Setup provisioner "remote-exec" { @@ -468,7 +509,7 @@ resource "null_resource" "generate_frontend_cfg" { connection { host = "${aws_instance.chef-backends.0.public_ip}" user = "${var.ami_user[var.os]}" - private_key = "${var.instance_keys["key_file"]}" + private_key = "${file("${var.instance_keys["key_file"]}")}" } # Generate chef server configuration provisioner "remote-exec" { @@ -489,7 +530,7 @@ resource "null_resource" "generate_frontend_cfg" { connection { host = "${aws_instance.chef-backends.0.public_ip}" user = "${var.ami_user[var.os]}" - private_key = "${var.instance_keys["key_file"]}" + private_key = "${file("${var.instance_keys["key_file"]}")}" } inline = [ "sudo rm -f /tmp/chef-server.rb.${sha256(element(aws_instance.chef-frontends.*.tags.Name, count.index))}", @@ -500,7 +541,7 @@ resource "null_resource" "generate_frontend_cfg" { connection { host = "${element(aws_instance.chef-frontends.*.public_ip, count.index)}" user = "${var.ami_user[var.os]}" - private_key = "${var.instance_keys["key_file"]}" + private_key = "${file("${var.instance_keys["key_file"]}")}" } source = ".chef/chef-server.rb.${sha256(element(aws_instance.chef-frontends.*.tags.Name, count.index))}" destination = "/tmp/chef-server.rb.${sha256(element(aws_instance.chef-frontends.*.tags.Name, count.index))}" @@ -512,7 +553,7 @@ resource "null_resource" "first_frontend" { connection { host = "${element(aws_instance.chef-frontends.*.public_ip, count.index)}" user = "${var.ami_user[var.os]}" - private_key = "${var.instance_keys["key_file"]}" + private_key = "${file("${var.instance_keys["key_file"]}")}" } provisioner "remote-exec" { inline = [ @@ -538,7 +579,7 @@ resource "null_resource" "other_frontends" { connection { host = "${element(aws_instance.chef-frontends.*.public_ip, count.index + 1)}" user = "${var.ami_user[var.os]}" - private_key = "${var.instance_keys["key_file"]}" + private_key = "${file("${var.instance_keys["key_file"]}")}" } # Put chef-frontend.tgz provisioner "file" { @@ -587,7 +628,7 @@ resource "null_resource" "chef-setup" { connection { host = "${aws_instance.chef-frontends.0.public_ip}" user = "${var.ami_user[var.os]}" - private_key = "${var.instance_keys["key_file"]}" + private_key = "${file("${var.instance_keys["key_file"]}")}" } # TODO: Maybe create parametertized script to run these commands (wrapping chef-server-ctl) provisioner "remote-exec" { diff --git a/providers/aws/route53_ssl/variables.tf b/providers/aws/route53_ssl/variables.tf index b9b2c86..c2785c8 100644 --- a/providers/aws/route53_ssl/variables.tf +++ b/providers/aws/route53_ssl/variables.tf @@ -338,4 +338,26 @@ variable "r53_ttls" { internal = "180" } } +# +# ETCD settings +# +variable "etcd_path" { + type = "string" + description = "Path to configure ETCD settings" + default = "/opt/chef-backend/service/etcd/env" +} +variable "etcd_settings" { + type = "map" + description = "Various ETCD settings" + default = { + ETCD_HEARTBEAT_INTERVAL = 600 + ETCD_ELECTION_TIMEOUT = 6000 + ETCD_SNAPSHOT_COUNT = 5000 + } +} +variable "etcd_restart_cmd" { + type = "string" + description = "Command issued to restart ETCD service" + default = "sudo chef-backend-ctl restart etcd" +} From c1a225297833dcda609e23da71051783ecf012cf Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Sat, 29 Oct 2016 12:53:09 -0700 Subject: [PATCH 2/3] trying file transfer --- .gitignore | 1 + .../aws/route53_ssl/etcd_configs/.gitkeep | 0 providers/aws/route53_ssl/main.tf | 23 ++++++++++++++----- 3 files changed, 18 insertions(+), 6 deletions(-) create mode 100644 providers/aws/route53_ssl/etcd_configs/.gitkeep diff --git a/.gitignore b/.gitignore index 546008c..1887328 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ terraform.tfvars *.swp* .chef logfiles +etcd_configs diff --git a/providers/aws/route53_ssl/etcd_configs/.gitkeep b/providers/aws/route53_ssl/etcd_configs/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/providers/aws/route53_ssl/main.tf b/providers/aws/route53_ssl/main.tf index 2a79ef9..4336812 100644 --- a/providers/aws/route53_ssl/main.tf +++ b/providers/aws/route53_ssl/main.tf @@ -367,21 +367,32 @@ data "template_file" "etcd_settings" { input = "${element(values(var.etcd_settings), count.index)}" } } +resource "null_resource" "etcd_files" { + count = "${length(var.etcd_settings)}" + provisioner "local-exec" { + command = <<-EOC + mkdir -p etcd_configs + tee etcd_configs/etcd_config.${count.index}.bash < Date: Sat, 29 Oct 2016 13:25:27 -0700 Subject: [PATCH 3/3] Correct file collision --- CHANGELOG.md | 2 +- providers/aws/route53_ssl/main.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 288fb61..af9bf52 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ tf_hachef CHANGELOG This file is used to list changes made in each version of the tf_hachef Terraform plan. -v0.2.9 (2016-10-28) +v0.2.9 (2016-10-29) ------------------- - Added ETCD tunable variables and implementation - Update `private_key` for `connection` to use `${file()}` interpolation diff --git a/providers/aws/route53_ssl/main.tf b/providers/aws/route53_ssl/main.tf index 4336812..f0992c6 100644 --- a/providers/aws/route53_ssl/main.tf +++ b/providers/aws/route53_ssl/main.tf @@ -372,6 +372,7 @@ resource "null_resource" "etcd_files" { provisioner "local-exec" { command = <<-EOC mkdir -p etcd_configs + [ -f etcd_configs/etcd_config.${count.index}.bash ] && rm -f etcd_configs/etcd_config.${count.index}.bash tee etcd_configs/etcd_config.${count.index}.bash <