enable shadow indexing

redpanda-data · Oct 24, 2022 · 43cceed · 43cceed
1 parent 6914182
commit 43cceed
Show file tree

Hide file tree

Showing 6 changed files with 125 additions and 4 deletions.
diff --git a/ansible/playbooks/start-redpanda.yml b/ansible/playbooks/start-redpanda.yml
@@ -61,3 +61,43 @@
         --api-urls {{ groups["redpanda"] | map('extract', hostvars) | map(attribute='private_ip') | product([':9644']) | map('join') | join(',') }}
       {% endif %}
     when: rack is defined and rack != -1
+
+  - name: enable shadow indexing
+    notify:
+      - restart redpanda-tuner
+      - restart redpanda
+    vars:
+      use_public_ips: "{{ advertise_public_ips | d() | bool }}"
+    shell: |
+      {% if use_public_ips %}
+      sudo -u redpanda rpk cluster config set cloud_storage_bucket {{ si_bucket_name }} --api-urls {{ "%s:%d" % (inventory_hostname, 9644) }}
+      sudo -u redpanda rpk cluster config set cloud_storage_region {{ aws_region }} --api-urls {{ "%s:%d" % (inventory_hostname, 9644) }}
+      sudo -u redpanda rpk cluster config set cloud_storage_access_key ABCDEFGHIJKLMNOP --api-urls {{ "%s:%d" % (inventory_hostname, 9644) }}
+      sudo -u redpanda rpk cluster config set cloud_storage_secret_key 1234567890abcdefghijklmnop --api-urls {{ "%s:%d" % (inventory_hostname, 9644) }}
+      sudo -u redpanda rpk cluster config set cloud_storage_enable_remote_read true --api-urls {{ "%s:%d" % (inventory_hostname, 9644) }}
+      sudo -u redpanda rpk cluster config set cloud_storage_enable_remote_write true --api-urls {{ "%s:%d" % (inventory_hostname, 9644) }}
+      sudo -u redpanda rpk cluster config set cloud_storage_segment_max_upload_interval_sec 30 --api-urls {{ "%s:%d" % (inventory_hostname, 9644) }}
+      sudo -u redpanda rpk cluster config set cloud_storage_credentials_source aws_instance_metadata --api-urls {{ "%s:%d" % (inventory_hostname, 9644) }}
+      sudo -u redpanda rpk cluster config set cloud_storage_enabled true --api-urls {{ "%s:%d" % (inventory_hostname, 9644) }}
+      {% else %}
+      sudo -u redpanda rpk cluster config set cloud_storage_bucket {{ si_bucket_name }} --api-urls {{ "%s:%d" % (private_ip, 9644) }}
+      sudo -u redpanda rpk cluster config set cloud_storage_region {{ aws_region }} --api-urls {{ "%s:%d" % (private_ip, 9644) }}
+      sudo -u redpanda rpk cluster config set cloud_storage_access_key ABCDEFGHIJKLMNOP --api-urls {{ "%s:%d" % (private_ip, 9644) }}
+      sudo -u redpanda rpk cluster config set cloud_storage_secret_key 1234567890abcdefghijklmnop --api-urls {{ "%s:%d" % (private_ip, 9644) }}
+      sudo -u redpanda rpk cluster config set cloud_storage_enable_remote_read true --api-urls {{ "%s:%d" % (private_ip, 9644) }}
+      sudo -u redpanda rpk cluster config set cloud_storage_enable_remote_write true --api-urls {{ "%s:%d" % (private_ip, 9644) }}
+      sudo -u redpanda rpk cluster config set cloud_storage_segment_max_upload_interval_sec 30 --api-urls {{ "%s:%d" % (private_ip, 9644) }}
+      sudo -u redpanda rpk cluster config set cloud_storage_credentials_source aws_instance_metadata --api-urls {{ "%s:%d" % (private_ip, 9644) }}
+      sudo -u redpanda rpk cluster config set cloud_storage_enabled true --api-urls {{ "%s:%d" % (private_ip, 9644) }}
+      {% endif %}
+    when: si_bucket_name is defined
+
+  handlers:
+  - name: restart redpanda-tuner
+    systemd:
+      name: redpanda-tuner
+      state: restarted
+  - name: restart redpanda
+    systemd:
+      name: redpanda
+      state: restarted
diff --git a/aws/cluster.tf b/aws/cluster.tf
@@ -6,6 +6,7 @@ locals {
   uuid          = random_uuid.cluster.result
   timestamp     = time_static.timestamp.rfc3339
   deployment_id = "redpanda-${local.uuid}-${local.timestamp}"
+  si_bucket_name = "${var.instance_name_prefix}-redpanda-si-bucket"
 
   # tags shared by all instances
   instance_tags = {
@@ -14,15 +15,63 @@ locals {
   }
 }
 
+resource "aws_iam_policy" "redpanda" {
+  name   = "${var.instance_name_prefix}-redpanda"
+  path   = "/"
+  policy = jsonencode({
+    Version   = "2012-10-17"
+    Statement = [
+      {
+        "Effect": "Allow",
+        "Action": [
+          "s3:*",
+          "s3-object-lambda:*",
+        ],
+        "Resource": [
+          "arn:aws:s3:::${local.si_bucket_name}/*"
+        ]
+      },
+    ]
+  })
+}
+
+resource "aws_iam_role" "redpanda" {
+  name               = "${var.instance_name_prefix}-redpanda"
+  assume_role_policy = jsonencode({
+    Version   = "2012-10-17"
+    Statement = [
+      {
+        Action    = "sts:AssumeRole"
+        Effect    = "Allow"
+        Sid       = ""
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
+
+resource "aws_iam_policy_attachment" "redpanda" {
+  name       = "${var.instance_name_prefix}-redpanda"
+  roles      = [aws_iam_role.redpanda.name]
+  policy_arn = aws_iam_policy.redpanda.arn
+}
+
+resource "aws_iam_instance_profile" "redpanda" {
+  name = "${var.instance_name_prefix}-redpanda"
+  role = aws_iam_role.redpanda.name
+}
+
 resource "aws_instance" "redpanda" {
   count                      = var.nodes
   ami                        = var.distro_ami[var.distro]
   instance_type              = var.instance_type
   key_name                   = aws_key_pair.ssh.key_name
+  iam_instance_profile       = aws_iam_instance_profile.redpanda.name
   vpc_security_group_ids     = [aws_security_group.node_sec_group.id]
   placement_group            = var.ha ? aws_placement_group.redpanda-pg[0].id : null
   placement_partition_number = var.ha ? (count.index % aws_placement_group.redpanda-pg[0].partition_count) + 1 : null
-  tags                       = local.instance_tags
   tags                       = merge(
     local.instance_tags,
     {
@@ -149,6 +198,7 @@ resource "aws_placement_group" "redpanda-pg" {
 resource "aws_key_pair" "ssh" {
   key_name   = "${local.deployment_id}-key"
   public_key = file(var.public_key_path)
+  tags       = local.instance_tags
 }
 
 resource "local_file" "hosts_ini" {
@@ -163,6 +213,10 @@ resource "local_file" "hosts_ini" {
       client_public_ips    = aws_instance.client.*.public_ip
       client_private_ips   = aws_instance.client.*.private_ip
       rack                 = aws_instance.redpanda.*.placement_partition_number
+      client_count         = var.clients
+      aws_region           = var.aws_region
+      si_enabled           = var.si_enabled
+      si_bucket_name       = local.si_bucket_name
     }
   )
   filename = "${path.module}/../hosts.ini"

diff --git a/aws/provider.tf b/aws/provider.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "3.73.0"
+      version = "4.35.0"
     }
     local = {
       source  = "hashicorp/local"

diff --git a/aws/s3.tf b/aws/s3.tf
@@ -0,0 +1,19 @@
+resource "aws_s3_bucket" "si" {
+  count = var.si_enabled ? 1 : 0
+  bucket = local.si_bucket_name
+  tags   = local.instance_tags
+}
+
+resource "aws_s3_bucket_acl" "si" {
+  count = var.si_enabled ? 1 : 0
+  bucket = aws_s3_bucket.si[count.index].id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_versioning" "si" {
+  count = var.si_enabled ? 1 : 0
+  bucket = aws_s3_bucket.si[count.index].id
+  versioning_configuration {
+    status = "Disabled"
+  }
+}
diff --git a/aws/vars.tf b/aws/vars.tf
@@ -18,7 +18,7 @@ variable "ha" {
 variable "instance_name_prefix" {
   description = "The prefix for the instance name"
   type        = string
-  default     = "update-prefix-variable"
+  default     = "prefix"
 }
 
 variable "distro" {
@@ -101,3 +101,9 @@ variable "distro_ssh_user" {
     "amazon-linux-2" = "ec2-user"
   }
 }
+
+variable "si_enabled" {
+  description = "Enables or disables shadow indexing"
+  type = bool
+  default = true
+}
diff --git a/templates/hosts_ini.tpl b/templates/hosts_ini.tpl
@@ -1,14 +1,16 @@
 [redpanda]
 %{ for i, ip in redpanda_public_ips ~}
-${ ip } ansible_user=${ ssh_user } ansible_become=True private_ip=${redpanda_private_ips[i]} id=${i} %{ if rack[i] != null }rack=${rack[i]}%{ endif }
+${ ip } ansible_user=${ ssh_user } ansible_become=True private_ip=${redpanda_private_ips[i]} id=${i}%{ if rack[i] != null } rack=${rack[i]}%{ endif }%{ if si_enabled } si_bucket_name=${si_bucket_name} aws_region=${aws_region}%{ endif }
 %{ endfor ~}
 %{ if enable_monitoring }
 
 [monitor]
 ${ monitor_public_ip } ansible_user=${ ssh_user } ansible_become=True private_ip=${ monitor_private_ip }
 %{ endif }
+%{ if client_count > 0 }
 
 [client]
 %{ for i, ip in client_public_ips ~}
 ${ ip } ansible_user=${ ssh_user } ansible_become=True private_ip=${client_private_ips[i]} id=${i}
 %{ endfor ~}
+%{ endif }