From 4550732565c877132330619ca53b31215b8aa68f Mon Sep 17 00:00:00 2001 From: Viktor Ribchev Date: Tue, 16 Jul 2024 09:39:11 +0300 Subject: [PATCH 1/2] Addressed issues related to single node deployment * Removed unused resource * Fixed graphdb.properties values for single node deployment * Removed calculation of `lb_tls_enabled` in the LB module as it is calculated in the main.tf * Replaced `monitoring_route53_healtcheck_fqdn_url` with `graphdb_external_address` as it is the same URL. * Removed `monitoring_route53_healtcheck_fqdn_url` variable * Introduced new variable `graphdb_external_address` * Moved proxy config file to be created only when node count > 1 * Removed port from graphdb.external- --- .terraform.lock.hcl | 2 ++ CHANGELOG.md | 9 +++++++++ main.tf | 20 ++++++++++--------- modules/graphdb/config.tf | 7 ------- .../templates/04_gdb_conf_overrides.sh.tpl | 20 +++++++++++++++---- modules/graphdb/user_data.tf | 1 + modules/graphdb/variables.tf | 7 +++++++ modules/load_balancer/main.tf | 5 ++--- modules/load_balancer/variables.tf | 5 +++++ variables.tf | 11 +++++----- 10 files changed, 59 insertions(+), 28 deletions(-) diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 73c54f0..f29f71c 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -7,6 +7,7 @@ provider "registry.terraform.io/hashicorp/aws" { hashes = [ "h1:3c0jJCaLRgXrOZoGMAOjH+omtHUo96AkukUF4/h9gaE=", "h1:LRmSNnudFVTkMSnEXJSKCojpknVVYEnls2UTeoxCxtc=", + "h1:jmBhlwcMmbnLpk+2s22uFAxuSXABCOfryxrUzKV38eY=", "zh:0fff674596251d3f46b5a9e242220871d6c634f7cf69f2741d1c3c8f4baa708c", "zh:1495d0f71bbd849ad286e7afa9d531a45217e6af7e3d165a447809dab364bd9b", "zh:3eab136bd5b6c58a99f5cb588220819c70061b48da98f2b40061ebabfcbe1957", @@ -50,6 +51,7 @@ provider "registry.terraform.io/hashicorp/random" { version = "3.6.2" constraints = "~> 3.6.0" hashes = [ + "h1:Gd3WitYIzSYo/Suo+PMxpZpIGpRPrwl0JU0+DhxycFM=", "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=", "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", diff --git a/CHANGELOG.md b/CHANGELOG.md index bbfa9e5..c12fe08 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,14 @@ # GraphDB AWS Terraform Module Changelog +# 1.2.3 + +* Removed unused resource "aws_ssm_parameter" named "graphdb_lb_dns_name" +* Fixed `graphdb.properties` values for single node deployment: + * Changed `graphdb.external-url` to use `LB_DNS_RECORD` when single node is deployed. + * Added `graphdb.external-url.enforce.transactions=true` +* Removed calculation of `lb_tls_enabled` in the LB module as it is calculated in the main.tf +* Removed `monitoring_route53_healtcheck_fqdn_url` in favor of `graphdb_external_dns`. + # 1.2.2 * Fixed issues with variables in the backup user data script diff --git a/main.tf b/main.tf index 0556ca9..5f6f95c 100644 --- a/main.tf +++ b/main.tf @@ -165,6 +165,11 @@ module "backup_replication" { versioning_enabled = var.s3_versioning_enabled } +locals { + lb_tls_enabled = var.lb_tls_certificate_arn != "" ? true : false + calculated_protocol = local.lb_tls_enabled == true ? "https" : "http" +} + module "load_balancer" { source = "./modules/load_balancer" @@ -177,6 +182,7 @@ module "load_balancer" { lb_health_check_interval = var.lb_health_check_interval lb_enable_deletion_protection = var.prevent_resource_deletion lb_tls_certificate_arn = var.lb_tls_certificate_arn + lb_tls_enabled = local.lb_tls_enabled lb_tls_policy = var.lb_tls_policy lb_access_logs_bucket_name = var.lb_enable_access_logs && var.deploy_logging_module ? module.logging[0].graphdb_logging_bucket_name : null lb_enable_access_logs = var.lb_enable_access_logs @@ -189,11 +195,6 @@ locals { ) } -locals { - lb_tls_enabled = var.lb_tls_certificate_arn != null ? true : false - calculated_http_string_type = local.lb_tls_enabled == true ? "HTTPS" : "HTTP" -} - module "monitoring" { source = "./modules/monitoring" providers = { @@ -221,11 +222,11 @@ module "monitoring" { cmk_key_alias = var.sns_cmk_key_alias parameter_store_kms_key_arn = local.calculated_parameter_store_kms_key_arn cloudwatch_log_group_retention_in_days = var.monitoring_log_group_retention_in_days - route53_availability_request_url = var.monitoring_route53_healtcheck_fqdn_url + route53_availability_request_url = var.graphdb_external_dns route53_availability_measure_latency = var.monitoring_route53_measure_latency sns_kms_key_arn = local.calculated_sns_kms_key_arn graphdb_node_count = var.graphdb_node_count - route53_availability_http_string_type = local.calculated_http_string_type + route53_availability_http_string_type = upper(local.calculated_protocol) lb_tls_certificate_arn = var.lb_tls_certificate_arn lb_dns_name = module.load_balancer.lb_dns_name != "" ? module.load_balancer.lb_dns_name : null } @@ -248,7 +249,7 @@ module "graphdb" { # Network Load Balancer lb_enable_private_access = var.lb_internal ? var.lb_enable_private_access : false lb_subnets = local.lb_subnets - graphdb_lb_dns_name = module.load_balancer.lb_dns_name + graphdb_lb_dns_name = var.graphdb_external_dns != "" ? var.graphdb_external_dns : module.load_balancer.lb_dns_name # GraphDB Configurations @@ -309,7 +310,8 @@ module "graphdb" { # User data scripts - deploy_monitoring = var.deploy_monitoring + deploy_monitoring = var.deploy_monitoring + external_address_protocol = local.calculated_protocol # S3 Replication Logging Bucket Policy diff --git a/modules/graphdb/config.tf b/modules/graphdb/config.tf index fafea71..7daedf9 100644 --- a/modules/graphdb/config.tf +++ b/modules/graphdb/config.tf @@ -39,13 +39,6 @@ resource "aws_ssm_parameter" "graphdb_license" { key_id = var.parameter_store_key_arn } -resource "aws_ssm_parameter" "graphdb_lb_dns_name" { - name = "/${var.resource_name_prefix}/graphdb/lb_dns_name" - description = "The DNS name of the load balancer for the GraphDB nodes." - type = "String" - value = var.graphdb_lb_dns_name -} - resource "aws_ssm_parameter" "graphdb_properties" { count = var.graphdb_properties_path != null ? 1 : 0 diff --git a/modules/graphdb/templates/04_gdb_conf_overrides.sh.tpl b/modules/graphdb/templates/04_gdb_conf_overrides.sh.tpl index 7c99ff6..3c5fa58 100644 --- a/modules/graphdb/templates/04_gdb_conf_overrides.sh.tpl +++ b/modules/graphdb/templates/04_gdb_conf_overrides.sh.tpl @@ -22,7 +22,7 @@ echo "#######################################" LB_DNS_RECORD=${graphdb_lb_dns_name} NODE_DNS_RECORD=$(cat /var/opt/graphdb/node_dns) - +PROTOCOL=${external_address_protocol} # Get and store the GraphDB license aws --cli-connect-timeout 300 ssm get-parameter --region ${region} --name "/${name}/graphdb/license" --with-decryption | \ jq -r .Parameter.Value | \ @@ -32,15 +32,26 @@ aws --cli-connect-timeout 300 ssm get-parameter --region ${region} --name "/${na GRAPHDB_CLUSTER_TOKEN="$(aws --cli-connect-timeout 300 ssm get-parameter --region ${region} --name "/${name}/graphdb/cluster_token" --with-decryption | jq -r .Parameter.Value | base64 -d)" # Get the NODE_DNS_RECORD value from the previous script SSM_PARAMETERS=$(aws ssm describe-parameters --cli-connect-timeout 300 --region ${region} --query "Parameters[?starts_with(Name, '/${name}/graphdb/')].Name" --output text) +NODE_COUNT=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names ${name} --query "AutoScalingGroups[0].DesiredCapacity" --output text) + -cat << EOF > /etc/graphdb/graphdb.properties +# graphdb.external-url.enforce.transactions: determines whether it is necessary to rewrite the Location header when no proxy is configured. +# This is required because when working with the GDB transaction endpoint it returns an erroneous URL with HTTP protocol instead of HTTPS +if [ "$NODE_COUNT" -eq 1 ]; then + cat << EOF > /etc/graphdb/graphdb.properties +graphdb.connector.port=7201 +graphdb.external-url=$${PROTOCOL}://$${LB_DNS_RECORD} +graphdb.external-url.enforce.transactions=true +EOF +else + cat << EOF > /etc/graphdb/graphdb.properties graphdb.auth.token.secret=$GRAPHDB_CLUSTER_TOKEN graphdb.connector.port=7201 -graphdb.external-url=http://$${NODE_DNS_RECORD}:7201 +graphdb.external-url=$${PROTOCOL}://$${NODE_DNS_RECORD}:7201 graphdb.rpc.address=$${NODE_DNS_RECORD}:7301 EOF -cat << EOF > /etc/graphdb-cluster-proxy/graphdb.properties + cat << EOF > /etc/graphdb-cluster-proxy/graphdb.properties graphdb.auth.token.secret=$GRAPHDB_CLUSTER_TOKEN graphdb.connector.port=7200 graphdb.external-url=http://$${LB_DNS_RECORD} @@ -48,6 +59,7 @@ graphdb.vhosts=http://$${LB_DNS_RECORD},http://$${NODE_DNS_RECORD}:7200 graphdb.rpc.address=$${NODE_DNS_RECORD}:7300 graphdb.proxy.hosts=$${NODE_DNS_RECORD}:7301 EOF +fi mkdir -p /etc/systemd/system/graphdb.service.d/ diff --git a/modules/graphdb/user_data.tf b/modules/graphdb/user_data.tf index 0932bee..9346e01 100644 --- a/modules/graphdb/user_data.tf +++ b/modules/graphdb/user_data.tf @@ -61,6 +61,7 @@ data "cloudinit_config" "graphdb_user_data" { content = templatefile("${path.module}/templates/04_gdb_conf_overrides.sh.tpl", { name : var.resource_name_prefix region : var.aws_region + external_address_protocol : var.external_address_protocol graphdb_lb_dns_name : var.graphdb_lb_dns_name }) } diff --git a/modules/graphdb/variables.tf b/modules/graphdb/variables.tf index f7b68f6..c6f894c 100644 --- a/modules/graphdb/variables.tf +++ b/modules/graphdb/variables.tf @@ -168,6 +168,13 @@ variable "route53_zone_dns_name" { type = string } +# User Data Parameters + +variable "external_address_protocol" { + description = "External address HTTP string type" + type = string +} + # Optional Parameters variable "backup_retention_count" { diff --git a/modules/load_balancer/main.tf b/modules/load_balancer/main.tf index 1b9adb0..7c68e04 100644 --- a/modules/load_balancer/main.tf +++ b/modules/load_balancer/main.tf @@ -11,7 +11,6 @@ resource "random_id" "tg_name_suffix" { locals { lb_name = var.resource_name_prefix target_group_name = "${var.resource_name_prefix}-tg-${random_id.tg_name_suffix.hex}" - lb_tls_enabled = var.lb_tls_certificate_arn != null ? true : false } resource "aws_lb" "graphdb_lb" { @@ -55,7 +54,7 @@ resource "aws_lb_target_group" "graphdb_lb_target_group" { } resource "aws_lb_listener" "graphdb_listener" { - count = local.lb_tls_enabled ? 0 : 1 + count = var.lb_tls_enabled ? 0 : 1 load_balancer_arn = aws_lb.graphdb_lb.id port = 80 @@ -68,7 +67,7 @@ resource "aws_lb_listener" "graphdb_listener" { } resource "aws_lb_listener" "graphdb_tls" { - count = local.lb_tls_enabled ? 1 : 0 + count = var.lb_tls_enabled ? 1 : 0 load_balancer_arn = aws_lb.graphdb_lb.id port = 443 diff --git a/modules/load_balancer/variables.tf b/modules/load_balancer/variables.tf index 5055211..68b9504 100644 --- a/modules/load_balancer/variables.tf +++ b/modules/load_balancer/variables.tf @@ -89,3 +89,8 @@ variable "graphdb_node_count" { description = "Number of GraphDB nodes to deploy in ASG" type = number } + +variable "lb_tls_enabled" { + description = "Is TLS enabled for the LB" + type = bool +} diff --git a/variables.tf b/variables.tf index b113692..761951b 100644 --- a/variables.tf +++ b/variables.tf @@ -306,6 +306,12 @@ variable "route53_zone_dns_name" { } } +variable "graphdb_external_dns" { + description = "External domain name where GraphDB will be accessed" + type = string + default = "" +} + # Monitoring variable "deploy_monitoring" { @@ -374,11 +380,6 @@ variable "monitoring_route53_availability_https_port" { default = 443 } -variable "monitoring_route53_healtcheck_fqdn_url" { - description = "Define custom domain name for the Route53 Health check" - type = string -} - # GraphDB overrides variable "graphdb_properties_path" { From 19e03c1ce5bd29a70582962cfc9be6079a2c9c68 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 17 Jul 2024 06:19:28 +0000 Subject: [PATCH 2/2] terraform-docs: updated markdown table --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3d65027..4b27688 100644 --- a/README.md +++ b/README.md @@ -135,6 +135,7 @@ Before you begin using this Terraform module, ensure you meet the following prer | graphdb\_admin\_password | Password for the 'admin' user in GraphDB. | `string` | `null` | no | | graphdb\_cluster\_token | Cluster token used for authenticating the communication between the nodes. | `string` | `null` | no | | route53\_zone\_dns\_name | DNS name for the private hosted zone in Route 53 | `string` | `"graphdb.cluster"` | no | +| graphdb\_external\_dns | External domain name where GraphDB will be accessed | `string` | `""` | no | | deploy\_monitoring | Enable or disable toggle for monitoring | `bool` | `false` | no | | monitoring\_route53\_measure\_latency | Enable or disable route53 function to measure latency | `bool` | `false` | no | | monitoring\_actions\_enabled | Enable or disable actions on alarms | `bool` | `false` | no | @@ -146,7 +147,6 @@ Before you begin using this Terraform module, ensure you meet the following prer | monitoring\_route53\_health\_check\_aws\_region | Define the region in which you want the monitoring to be deployed. It is used to define where the Route53 Availability Check will be deployed, since if it is not specified it will deploy the check in us-east-1 and if you deploy in different region it will not find the dimensions. | `string` | `"us-east-1"` | no | | monitoring\_route53\_availability\_http\_port | Define the HTTP port for the Route53 availability check | `number` | `80` | no | | monitoring\_route53\_availability\_https\_port | Define the HTTPS port for the Route53 availability check | `number` | `443` | no | -| monitoring\_route53\_healtcheck\_fqdn\_url | Define custom domain name for the Route53 Health check | `string` | n/a | yes | | graphdb\_properties\_path | Path to a local file containing GraphDB properties (graphdb.properties) that would be appended to the default in the VM. | `string` | `null` | no | | graphdb\_java\_options | GraphDB options to pass to GraphDB with GRAPHDB\_JAVA\_OPTS environment variable. | `string` | `null` | no | | deploy\_logging\_module | Enable or disable logging module | `bool` | `false` | no |