This repository has been archived by the owner on Mar 15, 2024. It is now read-only.
forked from maxschommer/terraform-aws-influx
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
233 lines (188 loc) · 9.59 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
# ---------------------------------------------------------------------------------------------------------------------
# DEPLOY A SINGLE INFLUXDB ENTERPRISE CLUSTER
# This is an example of how to deploy an InfluxDB Enterprise cluster on a single server with load
# balancer in front of the data nodes to handle providing the public interface into the cluster.
# ---------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# REQUIRE A SPECIFIC TERRAFORM VERSION OR HIGHER
# This module has been updated with 0.12 syntax, which means it is no longer compatible with any versions below 0.12.
# ----------------------------------------------------------------------------------------------------------------------
terraform {
# This module is now only being tested with Terraform 0.13.x. However, to make upgrading easier, we are setting
# 0.12.26 as the minimum version, as that version added support for required_providers with source URLs, making it
# forwards compatible with 0.13.x code.
required_version = ">= 0.12.26"
}
# ------------------------------------------------------------------------------
# CONFIGURE OUR AWS CONNECTION
# ------------------------------------------------------------------------------
provider "aws" {
# The AWS region in which all resources will be created
region = var.aws_region
}
# ---------------------------------------------------------------------------------------------------------------------
# USE THE PUBLIC EXAMPLE AMIS IF VAR.AMI_ID IS NOT SPECIFIED
# We have published some example AMIs publicly that will be used if var.ami_id is not specified. This makes it easier
# to try these examples out, but we recommend you build your own AMIs for production use.
# ---------------------------------------------------------------------------------------------------------------------
data "aws_ami" "influxdb_ubuntu_example" {
most_recent = true
owners = ["562637147889"] # Gruntwork
filter {
name = "virtualization-type"
values = ["hvm"]
}
filter {
name = "architecture"
values = ["x86_64"]
}
filter {
name = "image-type"
values = ["machine"]
}
filter {
name = "name"
values = ["*influxdb-ubuntu-example*"]
}
}
locals {
ami_id = var.ami_id == null ? data.aws_ami.influxdb_ubuntu_example.id : var.ami_id
}
module "influxdb" {
# When using these modules in your own code, you will need to use a Git URL with a ref attribute that pins you
# to a specific version of the modules, such as the following example:
# source = "git::[email protected]:gruntwork-io/terraform-aws-influx.git//modules/influxdb-cluster?ref=v0.0.1"
source = "./modules/influxdb-cluster"
cluster_name = var.influxdb_cluster_name
min_size = 3
max_size = 3
# We use small instance types to keep these examples cheap to run. In a production setting, you'll probably want
# R4 or M4 instances.
instance_type = "t2.micro"
ami_id = local.ami_id
user_data = data.template_file.user_data_influxdb.rendered
vpc_id = data.aws_vpc.default.id
subnet_ids = data.aws_subnet_ids.default.ids
ebs_block_devices = [
{
device_name = var.volume_device_name
volume_type = "gp2"
volume_size = 50
},
]
# To make testing easier, we allow SSH requests from any IP address here. In a production deployment, we strongly
# recommend you limit this to the IP address ranges of known, trusted servers inside your VPC.
allowed_ssh_cidr_blocks = ["0.0.0.0/0"]
ssh_key_name = var.ssh_key_name
# To make it easy to test this example from your computer, we allow the InfluxDB servers to have public IPs. In a
# production deployment, you'll probably want to keep all the servers in private subnets with only private IPs.
associate_public_ip_address = true
# An example of custom tags
tags = [
{
key = "Environment"
value = "development"
propagate_at_launch = true
},
{
key = "NodeType"
value = "both"
propagate_at_launch = true
},
]
}
# ---------------------------------------------------------------------------------------------------------------------
# CREATE USER DATA SCRIPTS THAT WILL RUN ON EACH INSTANCE IN THE VARIOUS CLUSTERS ON BOOT
# ---------------------------------------------------------------------------------------------------------------------
data "template_file" "user_data_influxdb" {
template = file(
"${path.module}/examples/influxdb-cluster-simple/user-data/user-data.sh",
)
vars = {
cluster_asg_name = var.influxdb_cluster_name
aws_region = var.aws_region
license_key = var.license_key
shared_secret = var.shared_secret
# Pass in the data about the EBS volumes so they can be mounted
volume_device_name = var.volume_device_name
volume_mount_point = var.volume_mount_point
volume_owner = var.volume_owner
}
}
# ---------------------------------------------------------------------------------------------------------------------
# CONFIGURE THE SECURITY GROUP RULES FOR INFLUXDB
# This controls which ports are exposed and who can connect to them
# ---------------------------------------------------------------------------------------------------------------------
module "influxdb_security_group_rules" {
# When using these modules in your own code, you will need to use a Git URL with a ref attribute that pins you
# to a specific version of the modules, such as the following example:
# source = "git::[email protected]:gruntwork-io/terraform-aws-influx.git//modules/influxdb-security-group-rules?ref=v0.0.1"
source = "./modules/influxdb-security-group-rules"
security_group_id = module.influxdb.security_group_id
raft_port = 8089
rest_port = 8091
tcp_port = 8088
api_port = 8086
# To keep this example simple, we allow these ports to be accessed from any IP. In a production
# deployment, you may want to lock these down just to trusted servers.
raft_port_cidr_blocks = ["0.0.0.0/0"]
rest_port_cidr_blocks = ["0.0.0.0/0"]
tcp_port_cidr_blocks = ["0.0.0.0/0"]
api_port_cidr_blocks = ["0.0.0.0/0"]
}
# ---------------------------------------------------------------------------------------------------------------------
# ATTACH IAM POLICIES TO EACH CLUSTER
# These policies allow the clusters to automatically bootstrap themselves
# ---------------------------------------------------------------------------------------------------------------------
module "influxdb_iam_policies" {
# When using these modules in your own code, you will need to use a Git URL with a ref attribute that pins you
# to a specific version of the modules, such as the following example:
# source = "git::[email protected]:gruntwork-io/terraform-aws-influx.git//modules/influxdb-iam-policies?ref=v0.0.1"
source = "./modules/influxdb-iam-policies"
iam_role_id = module.influxdb.iam_role_id
}
# ---------------------------------------------------------------------------------------------------------------------
# DEPLOY A LOAD BALANCER FOR THE CLUSTERS
# ---------------------------------------------------------------------------------------------------------------------
module "load_balancer" {
# When using these modules in your own code, you will need to use a Git URL with a ref attribute that pins you
# to a specific version of the modules, such as the following example:
# source = "git::[email protected]:gruntwork-io/terraform-aws-influx.git//modules/load-balancer?ref=v0.0.1"
source = "./modules/load-balancer"
name = "${var.influxdb_cluster_name}-lb"
vpc_id = data.aws_vpc.default.id
subnet_ids = data.aws_subnet_ids.default.ids
http_listener_ports = [8086]
# To make testing easier, we allow inbound connections from any IP. In production usage, you may want to only allow
# connectsion from certain trusted servers, or even use an internal load balancer, so it's only accessible from
# within the VPC
allow_inbound_from_cidr_blocks = ["0.0.0.0/0"]
idle_timeout = 3600
}
module "influxdb_target_group" {
# When using these modules in your own code, you will need to use a Git URL with a ref attribute that pins you
# to a specific version of the modules, such as the following example:
# source = "git::[email protected]:gruntwork-io/terraform-aws-influx.git//modules/load-balancer-target-group?ref=v0.0.1"
source = "./modules/load-balancer-target-group"
target_group_name = "${var.influxdb_cluster_name}-tg"
asg_name = module.influxdb.asg_name
port = module.influxdb_security_group_rules.api_port
health_check_path = "/ping"
health_check_matcher = "204"
vpc_id = data.aws_vpc.default.id
listener_arns = [module.load_balancer.http_listener_arns[8086]]
listener_arns_num = 1
listener_rule_starting_priority = 100
}
# ---------------------------------------------------------------------------------------------------------------------
# DEPLOY INFLUXDB IN THE DEFAULT VPC AND SUBNETS
# Using the default VPC and subnets makes this example easy to run and test, but it means InfluxDB is accessible from
# the public Internet. For a production deployment, we strongly recommend deploying into a custom VPC with private
# subnets.
# ---------------------------------------------------------------------------------------------------------------------
data "aws_vpc" "default" {
default = true
}
data "aws_subnet_ids" "default" {
vpc_id = data.aws_vpc.default.id
}