Merge pull request #40 from isovalent/change-ami-to-amazon-linux

AMI: change to Amazon Linux 2

README.md

@@ -16,7 +16,6 @@ Deploys an etcd cluster in AWS on Flatcar Linux. Outputs node information and AL
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0.0 |
-| <a name="provider_ct"></a> [ct](#provider\_ct) | 0.10.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | n/a |
 | <a name="provider_tls"></a> [tls](#provider\_tls) | n/a |
 
@@ -41,21 +40,22 @@ No modules.
 | [random_id.index](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
 | [random_string.random_prefix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
 | [tls_private_key.ssh_key_etcd](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
-| [aws_ami.flatcar_stable_latest](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
+| [aws_ami.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
 | [aws_subnets.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
 | [aws_subnets.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
-| [ct_config.etcd-ignitions](https://registry.terraform.io/providers/poseidon/ct/0.10.0/docs/data-sources/config) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_ami_architecture"></a> [ami\_architecture](#input\_ami\_architecture) | The architecture of the AMI to use for the etcd cluster. | `string` | `"x86_64"` | no |
+| <a name="input_ami_name_filter"></a> [ami\_name\_filter](#input\_ami\_name\_filter) | The name of the AMI to use for the etcd cluster. | `string` | `"amzn2-ami-hvm*"` | no |
+| <a name="input_ami_owner_id"></a> [ami\_owner\_id](#input\_ami\_owner\_id) | The AMI ID to use for the etcd cluster. | `string` | `"amazon"` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the etcd cluster. | `string` | n/a | yes |
 | <a name="input_disk_iops"></a> [disk\_iops](#input\_disk\_iops) | IOPS of the EBS volume (e.g. 3000) | `number` | `3000` | no |
 | <a name="input_disk_size"></a> [disk\_size](#input\_disk\_size) | Size of the EBS volume in GB | `number` | `30` | no |
 | <a name="input_disk_type"></a> [disk\_type](#input\_disk\_type) | Type of the EBS volume (e.g. standard, gp2, gp3, io1) | `string` | `"gp3"` | no |
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | The domain to use for etcd DNS. | `string` | `"etcd.local"` | no |
-| <a name="input_etcd_snippets"></a> [etcd\_snippets](#input\_etcd\_snippets) | Etcd Container Linux Config snippets | `list(string)` | `[]` | no |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | EC2 Instance Type | `string` | `"t3.small"` | no |
 | <a name="input_node_count"></a> [node\_count](#input\_node\_count) | The number of nodes in the cluster. | `number` | `3` | no |
 | <a name="input_region"></a> [region](#input\_region) | The region in which to create the cluster. | `string` | `"us-east-1"` | no |
@@ -66,7 +66,6 @@ No modules.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_ct_configs"></a> [ct\_configs](#output\_ct\_configs) | ETCD Ignition configs |
 | <a name="output_etcd-endpoint"></a> [etcd-endpoint](#output\_etcd-endpoint) | ALB endpoint |
 | <a name="output_etcd_security_group_id"></a> [etcd\_security\_group\_id](#output\_etcd\_security\_group\_id) | The security group for etcd nodes |
 | <a name="output_etcd_ssh_private_key"></a> [etcd\_ssh\_private\_key](#output\_etcd\_ssh\_private\_key) | n/a |

ec2.tf

@@ -8,13 +8,17 @@ resource "aws_key_pair" "ssh_access_etcd" {
   public_key = tls_private_key.ssh_key_etcd.public_key_openssh
 }
 
-data "aws_ami" "flatcar_stable_latest" {
+data "aws_ami" "main" {
   most_recent = true
-  owners      = ["aws-marketplace"]
+  owners = [
+    var.ami_owner_id
+  ]
 
   filter {
-    name   = "architecture"
-    values = ["x86_64"]
+    name = "name"
+    values = [
+      var.ami_name_filter,
+    ]
   }
 
   filter {
@@ -23,8 +27,10 @@ data "aws_ami" "flatcar_stable_latest" {
   }
 
   filter {
-    name   = "name"
-    values = ["Flatcar-stable-*"]
+    name = "architecture"
+    values = [
+      var.ami_architecture
+    ]
   }
 }
 
@@ -73,9 +79,15 @@ locals {
 // Create etcd instances
 resource "aws_instance" "etcds" {
   count         = var.node_count
-  ami           = data.aws_ami.flatcar_stable_latest.image_id
+  ami           = data.aws_ami.main.id
   instance_type = var.instance_type
-  user_data     = data.ct_config.etcd-ignitions.*.rendered[count.index]
+  user_data = templatefile("${path.module}/etcd.sh.tpl", {
+    etcd_name            = "etcd${count.index}",
+    etcd_domain          = "${var.cluster_name}-etcd${count.index}.${var.domain_name}",
+    etcd_initial_cluster = join(",", [for i in range(var.node_count) : "etcd${i}=http://${var.cluster_name}-etcd${i}.${var.domain_name}:2380"]),
+    ssh_authorized_key   = tls_private_key.ssh_key_etcd.public_key_openssh,
+    etcd_peer_url        = "http://${var.cluster_name}-etcd${count.index}.${var.domain_name}:2380"
+  })
 
   # storage
   root_block_device {
@@ -103,22 +115,4 @@ resource "aws_instance" "etcds" {
   tags = merge(var.tags, {
     Name = "${var.cluster_name}-${count.index}"
   })
-}
-
-# etcd Ignition configs
-data "ct_config" "etcd-ignitions" {
-  count = var.node_count
-  content = <<EOF
-${templatefile("${abspath(path.module)}/etcd.yaml", {
-  etcd_name            = "etcd${count.index}"
-  etcd_domain          = "${var.cluster_name}-etcd${count.index}.${var.domain_name}"
-  etcd_initial_cluster = <<EOL
-%{for index in range(var.node_count)}etcd${index}=http://${var.cluster_name}-etcd${index}.${var.domain_name}:2380%{if index != (var.node_count - 1)},%{endif}%{endfor}
-EOL
-  ssh_authorized_key   = tls_private_key.ssh_key_etcd.public_key_openssh
-  etcd_peer_url        = "http://${var.cluster_name}-etcd${count.index}.${var.domain_name}:2380"
-})}
-  EOF
-strict   = true
-snippets = var.etcd_snippets
 }

etcd.sh.tpl

@@ -0,0 +1,85 @@
+#!/bin/bash
+
+# Install necessary packages
+sudo yum install -y docker
+sudo yum install -y bind-utils
+
+
+# Ensure Docker is installed and running
+sudo systemctl enable docker.service
+sudo systemctl start docker.service
+
+# Mask locksmithd.service (not applicable in all environments, adjust as needed)
+sudo systemctl mask locksmithd.service
+
+# Create necessary directories with permissions
+mkdir -p /etc/ssl/etcd /var/lib/etcd /opt/bootstrap /etc/etcd
+chmod 700 /var/lib/etcd
+chmod 500 /etc/ssl/etcd
+chown 232:232 /var/lib/etcd
+
+
+# Create necessary files with contents
+echo -e "#!/bin/bash -e\nmkdir -p /etc/ssl/etcd\nmkdir -p /var/lib/etcd\nchown -R etcd:etcd /etc/ssl/etcd\nchmod -R 500 /etc/ssl/etcd\nchmod -R 700 /var/lib/etcd" > /opt/bootstrap/layout
+chmod 0544 /opt/bootstrap/layout
+
+echo "fs.inotify.max_user_watches=16184" > /etc/sysctl.d/max-user-watches.conf
+sysctl --system
+
+
+# etcd environment configuration
+cat << EOF > /etc/etcd/etcd.env
+ETCD_NAME=${etcd_name}
+ETCD_DATA_DIR=/var/lib/etcd
+ETCD_ADVERTISE_CLIENT_URLS=http://${etcd_domain}:2379
+ETCD_INITIAL_ADVERTISE_PEER_URLS=${etcd_peer_url}
+ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379
+ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380
+ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}
+EOF
+
+# Systemd service for etcd
+cat << EOF > /etc/systemd/system/etcd-member.service
+[Unit]
+Description=etcd (System Container)
+Documentation=https://github.com/etcd-io/etcd
+Requires=docker.service
+After=docker.service
+[Service]
+ExecStartPre=/usr/bin/docker run -d \\
+  --name etcd \\
+  --network host \\
+  --env-file /etc/etcd/etcd.env \\
+  --user 232:232 \\
+  --volume /etc/ssl/etcd:/etc/ssl/certs:ro \\
+  --volume /var/lib/etcd:/var/lib/etcd:rw \\
+  gcr.io/etcd-development/etcd:v3.5.4
+ExecStart=/usr/bin/docker exec etcd etcd
+ExecStop=/usr/bin/docker stop etcd
+ExecStopPost=/usr/bin/docker rm etcd
+Restart=always
+RestartSec=10s
+TimeoutStartSec=0
+LimitNOFILE=40000
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# Enable and start etcd-member.service
+sudo systemctl daemon-reload
+sudo systemctl enable etcd-member.service
+sudo systemctl start etcd-member.service
+
+# Wait for DNS service script
+cat << EOF > /opt/wait-for-dns.sh
+#!/bin/bash
+while ! /usr/bin/grep '^[^#[:space:]]' /etc/resolv.conf > /dev/null; do sleep 1; done
+EOF
+chmod +x /opt/wait-for-dns.sh
+/opt/wait-for-dns.sh
+
+# Bootstrap service script
+if [ ! -f /opt/bootstrap/bootstrap.done ]; then
+  /opt/bootstrap/layout
+  touch /opt/bootstrap/bootstrap.done
+fi

outputs.tf

@@ -24,9 +24,4 @@ output "etcd_security_group_id" {
 output "etcd_ssh_private_key" {
   value     = tls_private_key.ssh_key_etcd.private_key_pem
   sensitive = true
-}
-
-output "ct_configs" {
-  value       = data.ct_config.etcd-ignitions[*]
-  description = "ETCD Ignition configs"
 }

variables.tf

@@ -1,3 +1,21 @@
+variable "ami_owner_id" {
+  description = "The AMI ID to use for the etcd cluster."
+  type        = string
+  default     = "amazon"
+}
+
+variable "ami_name_filter" {
+  description = "The name of the AMI to use for the etcd cluster."
+  type        = string
+  default     = "amzn2-ami-hvm*"
+}
+
+variable "ami_architecture" {
+  description = "The architecture of the AMI to use for the etcd cluster."
+  type        = string
+  default     = "x86_64"
+}
+
 variable "cluster_name" {
   description = "The name of the etcd cluster."
   type        = string
@@ -53,10 +71,4 @@ variable "disk_iops" {
   type        = number
   description = "IOPS of the EBS volume (e.g. 3000)"
   default     = 3000
-}
-
-variable "etcd_snippets" {
-  type        = list(string)
-  description = "Etcd Container Linux Config snippets"
-  default     = []
 }