Support multiple data volumes in single-node-asg module.

Tested in examples/single-node-asg-tester

The change in all three modules is compatible with old code that defines just one data volume.

Author: Magicloud

examples/single-node-asg-tester/main.tf

@@ -0,0 +1,49 @@
+provider "aws" {
+  region = "ap-northeast-1"
+}
+
+data "aws_availability_zones" "azs" {}
+
+module "vpc" {
+  source               = "fpco/foundation/aws//modules/vpc-scenario-2"
+  cidr                 = "192.168.0.0/16"
+  public_subnet_cidrs  = ["192.168.0.0/24", "192.168.1.0/24"]
+  private_subnet_cidrs = ["192.168.100.0/24", "192.168.101.0/24"]
+  azs                  = data.aws_availability_zones.azs.names
+  name_prefix          = "ebs-test"
+  region               = "ap-northeast-1"
+}
+
+module "ubuntu" {
+  source = "fpco/foundation/aws//modules/ami-ubuntu"
+}
+
+resource "aws_security_group" "ssh" {
+  vpc_id = module.vpc.vpc_id
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+module "tester" {
+  source             = "../../modules/single-node-asg"
+  name_prefix        = "ebs"
+  name_suffix        = "test"
+  key_name           = "tokyo"
+  ami                = module.ubuntu.id
+  instance_type      = "t2.micro"
+  subnet_id          = module.vpc.public_subnet_ids[0]
+  security_group_ids = [aws_security_group.ssh.id]
+  region             = "ap-northeast-1"
+  compatible_with_single_volume = false
+  data_volumes       = [{ name = "a", device = "/dev/xvdm", size = 50 }, { name = "b", device = "/dev/xvdn" }]
+}

modules/init-snippet-attach-ebs-volume/instance_id.tpl

@@ -0,0 +1,10 @@
+if which wget; then
+  INSTANCE_ID="$(wget -O- http://169.254.169.254/latest/meta-data/instance-id)"
+elif which curl; then
+  INSTANCE_ID="$(curl http://169.254.169.254/latest/meta-data/instance-id)"
+fi
+
+if [ "x$${INSTANCE_ID}" == "x" ]; then
+  echo 'There is no wget or curl tool installed. Hence bootstrap cannot get instance ID.'
+  exit 1
+fi

modules/init-snippet-attach-ebs-volume/main.tf

@@ -9,70 +9,37 @@
  *
  */
 
-# variables used by this snippet of init shellcode
-variable "device_path" {
-  default     = "/dev/xvdf"
-  description = "path, to the device's path in /dev/"
-  type = string
-}
-
-variable "init_prefix" {
-  default     = ""
-  description = "initial init (shellcode) to prefix this snippet with"
-  type = string
-}
-
-variable "init_suffix" {
-  default     = ""
-  description = "init (shellcode) to append to the end of this snippet"
-  type = string
-}
-
-variable "log_level" {
-  default     = "info"
-  description = "default log level verbosity for apps that support it"
-  type = string
-}
-
-variable "log_prefix" {
-  default     = "OPS: "
-  description = "string to prefix log messages with"
-  type = string
-}
-
-variable "region" {
-  description = "AWS region the volume is in"
-  type = string
-}
-
-variable "wait_interval" {
-  default     = "5"
-  description = "time (in seconds) to wait when looping to find the device"
-  type = number
-}
-
-variable "volume_id" {
-  description = "ID of the EBS volume to attach"
-  type = string
+locals {
+  device_paths = var.compatible_with_single_volume ? [var.device_path] : var.device_paths
+  volume_ids   = var.compatible_with_single_volume ? [var.volume_id] : var.volume_ids
 }
 
 # render init script for a cluster using our generic template
 data "template_file" "init_snippet" {
+  count = length(local.volume_ids)
+
   template = file("${path.module}/snippet.tpl")
 
   vars = {
-    device_path   = var.device_path
-    init_prefix   = var.init_prefix
-    init_suffix   = var.init_suffix
+    device_path   = local.device_paths[count.index]
     log_prefix    = var.log_prefix
     log_level     = var.log_level
     region        = var.region
-    volume_id     = var.volume_id
+    volume_id     = local.volume_ids[count.index]
     wait_interval = var.wait_interval
   }
 }
 
+data "template_file" "instance_id" {
+  template = file("${path.module}/instance_id.tpl")
+}
+
 output "init_snippet" {
-  value = data.template_file.init_snippet.rendered
+  value = <<EOF
+${var.init_prefix}
+${data.template_file.instance_id.rendered}
+${join("\n", data.template_file.init_snippet.*.rendered)}
+${var.init_suffix}
+EOF
 }
 

modules/init-snippet-attach-ebs-volume/snippet.tpl

@@ -1,34 +1,19 @@
-# start snippet - attach EBS volume
-${init_prefix}
 export AWS_DEFAULT_REGION=${region}
 VOLUME_ID=${volume_id}
-if which wget; then
-  INSTANCE_ID="$(wget -O- http://169.254.169.254/latest/meta-data/instance-id)"
-elif which curl; then
-  INSTANCE_ID="$(curl http://169.254.169.254/latest/meta-data/instance-id)"
-fi
+echo "${log_prefix} will attach $${VOLUME_ID} via the AWS API in ${region}"
+while ! aws ec2 attach-volume                     \
+        --volume-id "$${VOLUME_ID}"     \
+        --instance-id "$${INSTANCE_ID}" \
+        --device '${device_path}'; do
+  echo "Attaching command failed to run. Retrying."
+  sleep '${wait_interval}'
+done
+echo "${log_prefix} $${VOLUME_ID} attached."
+sleep '${wait_interval}' # Wait for device up
 
-if [ "x$${INSTANCE_ID}" == "x" ]; then
-  echo 'OS not functioning'
-else
-  echo "${log_prefix} will attach $${VOLUME_ID} via the AWS API in ${region}"
-  while ! aws ec2 attach-volume                     \
-          --volume-id "$${VOLUME_ID}"     \
-          --instance-id "$${INSTANCE_ID}" \
-          --device '${device_path}'; do
-    echo "Attaching command failed to run. Retrying."
-    sleep '${wait_interval}'
-  done
-  echo "${log_prefix} $${VOLUME_ID} attached."
-  
+if [ ! -e ${device_path} ]; then
   vol_id="$(echo "$${VOLUME_ID}" | tr -d '-')"
-  while [ ! -e /dev/disk/by-id/*-Amazon_Elastic_Block_Store_$${vol_id} ]; do
-    sleep '${wait_interval}' 
-  done
-  
   dev_id="$(ls /dev/disk/by-id/*-Amazon_Elastic_Block_Store_$${vol_id} | head -1)"
   dev_name="/dev/$(readlink "$${dev_id}" | tr / '\n' | tail -1)"
   [ "$${dev_name}" == "${device_path}" ] || ln -s "$${dev_name}" "${device_path}"
 fi
-
-${init_suffix}

modules/init-snippet-attach-ebs-volume/variables.tf

@@ -0,0 +1,63 @@
+variable "device_path" {
+  default     = "/dev/xvdf"
+  description = "path, to the device's path in /dev/"
+  type        = string
+}
+
+variable "device_paths" {
+  type        = list(string)
+  description = "paths, to the device's path in /dev/"
+  default     = []
+}
+
+variable "init_prefix" {
+  default     = ""
+  description = "initial init (shellcode) to prefix this snippet with"
+  type        = string
+}
+
+variable "init_suffix" {
+  default     = ""
+  description = "init (shellcode) to append to the end of this snippet"
+  type        = string
+}
+
+variable "log_level" {
+  default     = "info"
+  description = "default log level verbosity for apps that support it"
+  type        = string
+}
+
+variable "log_prefix" {
+  default     = "OPS: "
+  description = "string to prefix log messages with"
+  type        = string
+}
+
+variable "region" {
+  description = "AWS region the volume is in"
+  type        = string
+}
+
+variable "wait_interval" {
+  default     = "5"
+  description = "time (in seconds) to wait when looping to find the device"
+  type        = number
+}
+
+variable "volume_id" {
+  description = "ID of the EBS volume to attach"
+  type        = string
+  default     = ""
+}
+
+variable "volume_ids" {
+  description = "IDs of the EBS volumes to attach"
+  type        = list(string)
+  default     = []
+}
+
+variable "compatible_with_single_volume" {
+  default = true
+  description = "Using variables for single volumes or not."
+}

modules/persistent-ebs/data.tf

@@ -14,9 +14,7 @@ data "aws_iam_policy_document" "attach_ebs_policy_doc" {
       "ec2:DetachVolume",
     ]
 
-    resources = [
-      "arn:${data.aws_partition.current.partition}:ec2:${var.region}:${data.aws_caller_identity.current.account_id}:volume/${aws_ebs_volume.main.id}",
-      "arn:${data.aws_partition.current.partition}:ec2:${var.region}:${data.aws_caller_identity.current.account_id}:instance/*",
-    ]
+    resources = concat(["arn:${data.aws_partition.current.partition}:ec2:${var.region}:${data.aws_caller_identity.current.account_id}:instance/*"],
+    [for x in aws_ebs_volume.main.*.id : "arn:${data.aws_partition.current.partition}:ec2:${var.region}:${data.aws_caller_identity.current.account_id}:volume/${x}"])
   }
 }

modules/persistent-ebs/locals.tf

@@ -0,0 +1,20 @@
+locals {
+  volume_default = {
+    type        = "gp2"
+    iops        = 0
+    size        = 15
+    encrypted   = true
+    kms_key_id  = ""
+    snapshot_id = ""
+  }
+  volumes_default_no_comp = [for x in var.volumes : merge(local.volume_default, x)]
+  volumes_default = var.compatible_with_single_volume ? [{
+    type        = var.volume_type,
+    iops        = var.iops,
+    size        = var.size,
+    encrypted   = var.encrypted,
+    kms_key_id  = var.kms_key_id,
+    snapshot_id = var.snapshot_id,
+    name        = "default"
+  }] : local.volumes_default_no_comp
+}

modules/persistent-ebs/main.tf

@@ -9,25 +9,27 @@
  */
 
 resource "aws_ebs_volume" "main" {
+  count = length(local.volumes_default)
+
   availability_zone = var.az
-  size              = var.size
-  type              = var.volume_type
-  encrypted         = var.encrypted
-  kms_key_id        = var.kms_key_id
-  snapshot_id       = var.snapshot_id
+  size              = local.volumes_default[count.index].size
+  type              = local.volumes_default[count.index].type
+  encrypted         = local.volumes_default[count.index].encrypted
+  kms_key_id        = local.volumes_default[count.index].kms_key_id
+  snapshot_id       = local.volumes_default[count.index].snapshot_id
 
   # merge Name w/ extra_tags
   tags = merge(
     {
-      "Name" = "${var.name_prefix}-${var.az}"
+      "Name" = "${var.name_prefix}-${var.az}-${local.volumes_default[count.index].name}"
     },
     var.extra_tags,
   )
 }
 
 # IAM policy that allows attaching this EBS volume to an EC2 instance
 resource "aws_iam_policy" "attach_ebs" {
-  name   = "${var.name_prefix}-attach-ebs-${aws_ebs_volume.main.id}"
+  name   = "${var.name_prefix}-attach-ebs"
   policy = data.aws_iam_policy_document.attach_ebs_policy_doc.json
 }
 

modules/persistent-ebs/outputs.tf

@@ -1,5 +1,5 @@
-output "volume_id" {
-  value       = aws_ebs_volume.main.id
+output "volume_ids" {
+  value       = aws_ebs_volume.main.*.id
   description = "`id` exported from the `aws_ebs_volume`"
 }
 

modules/persistent-ebs/variables.tf

@@ -60,3 +60,22 @@ variable "iam_instance_profile_role_name" {
   description = "The role to attach policy needed by this module."
   type        = string
 }
+
+variable "volumes" {
+  type = list(map(any))
+### Note: what should be contained.
+#    type        = string,
+#    iops        = number,
+#    size        = number,
+#    encrypted   = bool,
+#    kms_key_id  = string,
+#    snapshot_id = string,
+#    name        = string
+  description = "Definition of volumes. `name` is required."
+  default     = []
+}
+
+variable "compatible_with_single_volume" {
+  default = true
+  description = "Using variables for single volumes or not."
+}