-
Notifications
You must be signed in to change notification settings - Fork 360
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
388 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
# ALB Security Group: Edit to restrict access to the application | ||
resource "aws_security_group" "aws-lb" { | ||
name = "benchmark-load-balancer" | ||
description = "Controls access to the ALB" | ||
vpc_id = aws_security_group.benchmark_sg.vpc_id | ||
|
||
ingress { | ||
protocol = "tcp" | ||
from_port = 8000 | ||
to_port = 8000 | ||
cidr_blocks = [for s in data.aws_subnet.all : s.cidr_block] | ||
} | ||
|
||
egress { | ||
protocol = "-1" | ||
from_port = 0 | ||
to_port = 0 | ||
cidr_blocks = ["0.0.0.0/0"] | ||
} | ||
tags = { | ||
Name = "benchmark-load-balancer" | ||
} | ||
} | ||
|
||
resource "aws_alb" "main" { | ||
name = "benchmark-load-balancer" | ||
subnets = [for s in data.aws_subnet.all : s.id] | ||
security_groups = [aws_security_group.aws-lb.id] | ||
internal = true | ||
tags = { | ||
Name = "benchmark-alb" | ||
} | ||
} | ||
|
||
resource "aws_alb_target_group" "benchmark" { | ||
name = "benchmark-target-group" | ||
port = 8000 | ||
protocol = "HTTP" | ||
vpc_id = aws_security_group.benchmark_sg.vpc_id | ||
target_type = "ip" | ||
tags = { | ||
Name = "benchmark-alb-target-group" | ||
} | ||
} | ||
|
||
# Redirect all traffic from the ALB to the target group | ||
resource "aws_alb_listener" "benchmark" { | ||
load_balancer_arn = aws_alb.main.id | ||
port = 8000 | ||
protocol = "HTTP" | ||
default_action { | ||
target_group_arn = aws_alb_target_group.benchmark.id | ||
type = "forward" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,232 @@ | ||
variable "password" { | ||
type = string | ||
description = "The password to the postgres DB." | ||
} | ||
|
||
variable "dockerReg" { | ||
type = string | ||
description = "docker registry to pull the image from" | ||
} | ||
|
||
variable "tag" { | ||
type = string | ||
description = "lakeFS docker image tag" | ||
} | ||
|
||
provider "aws" { | ||
region = "us-east-1" | ||
} | ||
|
||
//############################################################## | ||
//# Data sources to get VPC, subnets and security group details | ||
//############################################################## | ||
data "aws_subnet_ids" "all" { | ||
vpc_id = "vpc-04b176d1264698ffc" | ||
tags = {"Type":"private"} | ||
} | ||
|
||
data "aws_subnet" "all" { | ||
for_each = data.aws_subnet_ids.all.ids | ||
id = each.value | ||
} | ||
|
||
data "aws_ami" "ubuntu" { | ||
most_recent = true | ||
|
||
filter { | ||
name = "name" | ||
values = ["ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"] | ||
} | ||
|
||
filter { | ||
name = "virtualization-type" | ||
values = ["hvm"] | ||
} | ||
|
||
owners = ["099720109477"] # Canonical | ||
} | ||
|
||
data "aws_arn" "BENCHMARK_VM" { | ||
arn = "arn:aws:iam::977611293394:role/BENCHMARK_VM" | ||
} | ||
|
||
//############################################################## | ||
//# Resources to create sg, postgres db, and Fargate service | ||
//############################################################## | ||
resource "aws_security_group" "benchmark_sg" { | ||
name = "benchmark_sg" | ||
description = "Allow benchmark traffic" | ||
vpc_id = "vpc-04b176d1264698ffc" | ||
|
||
ingress { | ||
description = "postgres" | ||
from_port = 5432 | ||
to_port = 5432 | ||
protocol = "tcp" | ||
cidr_blocks = [for s in data.aws_subnet.all : s.cidr_block] | ||
} | ||
|
||
ingress { | ||
description = "lakeFS" | ||
from_port = 8000 | ||
to_port = 8000 | ||
protocol = "tcp" | ||
cidr_blocks = [for s in data.aws_subnet.all : s.cidr_block] | ||
} | ||
|
||
egress { | ||
from_port = 0 | ||
to_port = 0 | ||
protocol = "-1" | ||
cidr_blocks = ["0.0.0.0/0"] | ||
} | ||
|
||
tags = { | ||
Name = "allow_benchmark" | ||
} | ||
} | ||
|
||
##### | ||
# DB | ||
##### | ||
module "db" { | ||
source = "github.com/terraform-aws-modules/terraform-aws-rds" | ||
|
||
identifier = "benchmarks-postgres" | ||
|
||
engine = "postgres" | ||
engine_version = "11" | ||
instance_class = "db.t2.medium" | ||
allocated_storage = 5 | ||
storage_encrypted = false | ||
|
||
# kms_key_id = "arm:aws:kms:<region>:<account id>:key/<kms key id>" | ||
name = "BenchmarksDB" | ||
|
||
# Do NOT use 'user' as the value for 'username' as it throws: | ||
# "Error creating DB Instance: InvalidParameterValue: MasterUsername | ||
# user cannot be used as it is a reserved word used by the engine" | ||
username = "benchmarks" | ||
|
||
password = var.password | ||
port = "5432" | ||
|
||
vpc_security_group_ids = [aws_security_group.benchmark_sg.id] | ||
|
||
maintenance_window = "Mon:00:00-Mon:03:00" | ||
backup_window = "03:00-06:00" | ||
|
||
# disable backups to create DB faster | ||
backup_retention_period = 0 | ||
|
||
enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"] | ||
|
||
# DB subnet group | ||
subnet_ids = data.aws_subnet_ids.all.ids | ||
|
||
# DB parameter group | ||
family = "postgres11" | ||
|
||
# DB option group | ||
major_engine_version = "11" | ||
|
||
# Snapshot name upon DB deletion | ||
final_snapshot_identifier = "demodb" | ||
|
||
# Database Deletion Protection | ||
deletion_protection = false | ||
} | ||
|
||
resource "aws_launch_configuration" "benchmark" { | ||
name = "benchmark-launch" | ||
image_id = data.aws_ami.ubuntu.id | ||
instance_type = "t2.micro" | ||
} | ||
|
||
resource "aws_autoscaling_group" "benchmark" { | ||
vpc_zone_identifier = [for s in data.aws_subnet.all : s.id] | ||
min_size = 1 | ||
max_size = 1 | ||
launch_configuration = aws_launch_configuration.benchmark.id | ||
|
||
tag { | ||
key = "AmazonECSManaged" | ||
value = "true" | ||
propagate_at_launch = true | ||
} | ||
} | ||
|
||
resource "aws_ecs_capacity_provider" "benchmark" { | ||
name = "benchmark-${var.tag}" | ||
|
||
auto_scaling_group_provider { | ||
auto_scaling_group_arn = aws_autoscaling_group.benchmark.arn | ||
managed_termination_protection = "DISABLED" | ||
|
||
managed_scaling { | ||
status = "DISABLED" | ||
} | ||
} | ||
} | ||
|
||
resource "aws_ecs_cluster" "benchmark" { | ||
name = "benchmark-${var.tag}" | ||
capacity_providers = [aws_ecs_capacity_provider.benchmark.name] | ||
} | ||
|
||
resource "aws_ecs_task_definition" "benchmark" { | ||
family = "benchmark-${var.tag}" | ||
requires_compatibilities = ["FARGATE"] | ||
cpu = "2048" | ||
memory = "8192" | ||
network_mode = "awsvpc" | ||
execution_role_arn = data.aws_arn.BENCHMARK_VM.arn | ||
task_role_arn = data.aws_arn.BENCHMARK_VM.arn | ||
|
||
container_definitions = <<TASK_DEFINITION | ||
[ | ||
{ | ||
"name": "lakeFS", | ||
"image": "${var.dockerReg}/lakefs:${var.tag}", | ||
"entryPoint": ["/app/lakefs", "run"], | ||
"environment": [ | ||
{"name": "LAKEFS_AUTH_ENCRYPT_SECRET_KEY", "value": "some random secret string"}, | ||
{"name": "LAKEFS_DATABASE_CONNECTION_STRING", "value": "postgres://benchmarks:${var.password}@${module.db.this_db_instance_endpoint}/postgres?sslmode=disable"}, | ||
{"name": "LAKEFS_BLOCKSTORE_TYPE", "value": "s3"}, | ||
{"name": "LAKEFS_LOGGING_LEVEL", "value": "DEBUG"} | ||
], | ||
"essential": true, | ||
"cpu": 2048, | ||
"memory": 8192, | ||
"portMappings": [ | ||
{ | ||
"containerPort": 8000, | ||
"hostPort": 8000 | ||
} | ||
] | ||
} | ||
] | ||
TASK_DEFINITION | ||
} | ||
|
||
resource "aws_ecs_service" "lakefs" { | ||
name = "lakeFS" | ||
cluster = aws_ecs_cluster.benchmark.id | ||
task_definition = aws_ecs_task_definition.benchmark.id | ||
desired_count = 1 | ||
launch_type = "FARGATE" | ||
|
||
network_configuration { | ||
subnets = [for s in data.aws_subnet.all : s.id] | ||
assign_public_ip = false | ||
security_groups = [ aws_security_group.benchmark_sg.id ] | ||
} | ||
|
||
load_balancer { | ||
target_group_arn = aws_alb_target_group.benchmark.id | ||
container_name = "lakeFS" | ||
container_port = 8000 | ||
} | ||
depends_on = [aws_alb_listener.benchmark] | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
output "this_db_instance_address" { | ||
description = "The address of the RDS instance" | ||
value = "${module.db.this_db_instance_address}" | ||
} | ||
|
||
output "this_db_instance_arn" { | ||
description = "The ARN of the RDS instance" | ||
value = "${module.db.this_db_instance_arn}" | ||
} | ||
|
||
output "this_db_instance_availability_zone" { | ||
description = "The availability zone of the RDS instance" | ||
value = "${module.db.this_db_instance_availability_zone}" | ||
} | ||
|
||
output "this_db_instance_endpoint" { | ||
description = "The connection endpoint" | ||
value = "${module.db.this_db_instance_endpoint}" | ||
} | ||
|
||
output "this_db_instance_hosted_zone_id" { | ||
description = "The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record)" | ||
value = "${module.db.this_db_instance_hosted_zone_id}" | ||
} | ||
|
||
output "this_db_instance_id" { | ||
description = "The RDS instance ID" | ||
value = "${module.db.this_db_instance_id}" | ||
} | ||
|
||
output "this_db_instance_resource_id" { | ||
description = "The RDS Resource ID of this instance" | ||
value = "${module.db.this_db_instance_resource_id}" | ||
} | ||
|
||
output "this_db_instance_status" { | ||
description = "The RDS instance status" | ||
value = "${module.db.this_db_instance_status}" | ||
} | ||
|
||
output "this_db_instance_name" { | ||
description = "The database name" | ||
value = "${module.db.this_db_instance_name}" | ||
} | ||
|
||
output "this_db_instance_username" { | ||
description = "The master username for the database" | ||
value = "${module.db.this_db_instance_username}" | ||
} | ||
|
||
output "this_db_instance_password" { | ||
description = "The database password (this password may be old, because Terraform doesn't track it after initial creation)" | ||
value = "${module.db.this_db_instance_password}" | ||
} | ||
|
||
output "this_db_instance_port" { | ||
description = "The database port" | ||
value = "${module.db.this_db_instance_port}" | ||
} | ||
|
||
output "this_db_subnet_group_id" { | ||
description = "The db subnet group name" | ||
value = "${module.db.this_db_subnet_group_id}" | ||
} | ||
|
||
output "this_db_subnet_group_arn" { | ||
description = "The ARN of the db subnet group" | ||
value = "${module.db.this_db_subnet_group_arn}" | ||
} | ||
|
||
output "this_db_parameter_group_id" { | ||
description = "The db parameter group id" | ||
value = "${module.db.this_db_parameter_group_id}" | ||
} | ||
|
||
output "this_db_parameter_group_arn" { | ||
description = "The ARN of the db parameter group" | ||
value = "${module.db.this_db_parameter_group_arn}" | ||
} | ||
|
||
output "dns_lb" { | ||
description = "DNS load balancer" | ||
value = aws_alb.main.dns_name | ||
} |