AMI: change to Amazon Linux 2

Flatcar isn't available in all regions and thus the module can fail to create the EC2 instance. It's better to use an AMI that's available in all regions. Signed-off-by: darox <[email protected]>
isovalent · Jun 28, 2024 · 5ca5263 · 5ca5263
1 parent 0ff341d
commit 5ca5263
Show file tree

Hide file tree

Showing 5 changed files with 123 additions and 149 deletions.
diff --git a/ec2.tf b/ec2.tf
@@ -8,13 +8,17 @@ resource "aws_key_pair" "ssh_access_etcd" {
   public_key = tls_private_key.ssh_key_etcd.public_key_openssh
 }
 
-data "aws_ami" "flatcar_stable_latest" {
+data "aws_ami" "main" {
   most_recent = true
-  owners      = ["aws-marketplace"]
+  owners = [
+    var.ami_owner_id
+  ]
 
   filter {
-    name   = "architecture"
-    values = ["x86_64"]
+    name = "name"
+    values = [
+      var.ami_name_filter,
+    ]
   }
 
   filter {
@@ -23,8 +27,10 @@ data "aws_ami" "flatcar_stable_latest" {
   }
 
   filter {
-    name   = "name"
-    values = ["Flatcar-stable-*"]
+    name = "architecture"
+    values = [
+      var.ami_architecture
+    ]
   }
 }
 
@@ -73,9 +79,15 @@ locals {
 // Create etcd instances
 resource "aws_instance" "etcds" {
   count         = var.node_count
-  ami           = data.aws_ami.flatcar_stable_latest.image_id
+  ami           = data.aws_ami.main.id
   instance_type = var.instance_type
-  user_data     = data.ct_config.etcd-ignitions.*.rendered[count.index]
+  user_data = templatefile("${path.module}/etcd.sh.tpl", {
+    etcd_name            = "etcd${count.index}",
+    etcd_domain          = "${var.cluster_name}-etcd${count.index}.${var.domain_name}",
+    etcd_initial_cluster = join(",", [for i in range(var.node_count) : "etcd${i}=http://${var.cluster_name}-etcd${i}.${var.domain_name}:2380"]),
+    ssh_authorized_key   = tls_private_key.ssh_key_etcd.public_key_openssh,
+    etcd_peer_url        = "http://${var.cluster_name}-etcd${count.index}.${var.domain_name}:2380"
+  })
 
   # storage
   root_block_device {
@@ -103,22 +115,4 @@ resource "aws_instance" "etcds" {
   tags = merge(var.tags, {
     Name = "${var.cluster_name}-${count.index}"
   })
-}
-
-# etcd Ignition configs
-data "ct_config" "etcd-ignitions" {
-  count = var.node_count
-  content = <<EOF
-${templatefile("${abspath(path.module)}/etcd.yaml", {
-  etcd_name            = "etcd${count.index}"
-  etcd_domain          = "${var.cluster_name}-etcd${count.index}.${var.domain_name}"
-  etcd_initial_cluster = <<EOL
-%{for index in range(var.node_count)}etcd${index}=http://${var.cluster_name}-etcd${index}.${var.domain_name}:2380%{if index != (var.node_count - 1)},%{endif}%{endfor}
-EOL
-  ssh_authorized_key   = tls_private_key.ssh_key_etcd.public_key_openssh
-  etcd_peer_url        = "http://${var.cluster_name}-etcd${count.index}.${var.domain_name}:2380"
-})}
-  EOF
-strict   = true
-snippets = var.etcd_snippets
 }
diff --git a/etcd.sh.tpl b/etcd.sh.tpl
@@ -0,0 +1,85 @@
+#!/bin/bash
+
+# Install necessary packages
+sudo yum install -y docker
+sudo yum install -y bind-utils
+
+
+# Ensure Docker is installed and running
+sudo systemctl enable docker.service
+sudo systemctl start docker.service
+
+# Mask locksmithd.service (not applicable in all environments, adjust as needed)
+sudo systemctl mask locksmithd.service
+
+# Create necessary directories with permissions
+mkdir -p /etc/ssl/etcd /var/lib/etcd /opt/bootstrap /etc/etcd
+chmod 700 /var/lib/etcd
+chmod 500 /etc/ssl/etcd
+chown 232:232 /var/lib/etcd
+
+
+# Create necessary files with contents
+echo -e "#!/bin/bash -e\nmkdir -p /etc/ssl/etcd\nmkdir -p /var/lib/etcd\nchown -R etcd:etcd /etc/ssl/etcd\nchmod -R 500 /etc/ssl/etcd\nchmod -R 700 /var/lib/etcd" > /opt/bootstrap/layout
+chmod 0544 /opt/bootstrap/layout
+
+echo "fs.inotify.max_user_watches=16184" > /etc/sysctl.d/max-user-watches.conf
+sysctl --system
+
+
+# etcd environment configuration
+cat << EOF > /etc/etcd/etcd.env
+ETCD_NAME=${etcd_name}
+ETCD_DATA_DIR=/var/lib/etcd
+ETCD_ADVERTISE_CLIENT_URLS=http://${etcd_domain}:2379
+ETCD_INITIAL_ADVERTISE_PEER_URLS=${etcd_peer_url}
+ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379
+ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380
+ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}
+EOF
+
+# Systemd service for etcd
+cat << EOF > /etc/systemd/system/etcd-member.service
+[Unit]
+Description=etcd (System Container)
+Documentation=https://github.com/etcd-io/etcd
+Requires=docker.service
+After=docker.service
+[Service]
+ExecStartPre=/usr/bin/docker run -d \\
+  --name etcd \\
+  --network host \\
+  --env-file /etc/etcd/etcd.env \\
+  --user 232:232 \\
+  --volume /etc/ssl/etcd:/etc/ssl/certs:ro \\
+  --volume /var/lib/etcd:/var/lib/etcd:rw \\
+  gcr.io/etcd-development/etcd:v3.5.4
+ExecStart=/usr/bin/docker exec etcd etcd
+ExecStop=/usr/bin/docker stop etcd
+ExecStopPost=/usr/bin/docker rm etcd
+Restart=always
+RestartSec=10s
+TimeoutStartSec=0
+LimitNOFILE=40000
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# Enable and start etcd-member.service
+sudo systemctl daemon-reload
+sudo systemctl enable etcd-member.service
+sudo systemctl start etcd-member.service
+
+# Wait for DNS service script
+cat << EOF > /opt/wait-for-dns.sh
+#!/bin/bash
+while ! /usr/bin/grep '^[^#[:space:]]' /etc/resolv.conf > /dev/null; do sleep 1; done
+EOF
+chmod +x /opt/wait-for-dns.sh
+/opt/wait-for-dns.sh
+
+# Bootstrap service script
+if [ ! -f /opt/bootstrap/bootstrap.done ]; then
+  /opt/bootstrap/layout
+  touch /opt/bootstrap/bootstrap.done
+fi
diff --git a/etcd.yaml b/etcd.yaml
diff --git a/outputs.tf b/outputs.tf
@@ -24,9 +24,4 @@ output "etcd_security_group_id" {
 output "etcd_ssh_private_key" {
   value     = tls_private_key.ssh_key_etcd.private_key_pem
   sensitive = true
-}
-
-output "ct_configs" {
-  value       = data.ct_config.etcd-ignitions[*]
-  description = "ETCD Ignition configs"
 }
diff --git a/variables.tf b/variables.tf
@@ -1,3 +1,21 @@
+variable "ami_owner_id" {
+  description = "The AMI ID to use for the etcd cluster."
+  type        = string
+  default     = "amazon"
+}
+
+variable "ami_name_filter" {
+  description = "The name of the AMI to use for the etcd cluster."
+  type        = string
+  default     = "amzn2-ami-hvm*"
+}
+
+variable "ami_architecture" {
+  description = "The architecture of the AMI to use for the etcd cluster."
+  type        = string
+  default     = "x86_64"
+}
+
 variable "cluster_name" {
   description = "The name of the etcd cluster."
   type        = string
@@ -53,10 +71,4 @@ variable "disk_iops" {
   type        = number
   description = "IOPS of the EBS volume (e.g. 3000)"
   default     = 3000
-}
-
-variable "etcd_snippets" {
-  type        = list(string)
-  description = "Etcd Container Linux Config snippets"
-  default     = []
 }