diff --git a/ansible/playbooks/start-redpanda.yml b/ansible/playbooks/start-redpanda.yml index c64a5d1c..b1477445 100644 --- a/ansible/playbooks/start-redpanda.yml +++ b/ansible/playbooks/start-redpanda.yml @@ -61,3 +61,43 @@ --api-urls {{ groups["redpanda"] | map('extract', hostvars) | map(attribute='private_ip') | product([':9644']) | map('join') | join(',') }} {% endif %} when: rack is defined and rack != -1 + + - name: enable shadow indexing + notify: + - restart redpanda-tuner + - restart redpanda + vars: + use_public_ips: "{{ advertise_public_ips | d() | bool }}" + shell: | + {% if use_public_ips %} + sudo -u redpanda rpk cluster config set cloud_storage_bucket {{ si_bucket_name }} --api-urls {{ "%s:%d" % (inventory_hostname, 9644) }} + sudo -u redpanda rpk cluster config set cloud_storage_region {{ aws_region }} --api-urls {{ "%s:%d" % (inventory_hostname, 9644) }} + sudo -u redpanda rpk cluster config set cloud_storage_access_key ABCDEFGHIJKLMNOP --api-urls {{ "%s:%d" % (inventory_hostname, 9644) }} + sudo -u redpanda rpk cluster config set cloud_storage_secret_key 1234567890abcdefghijklmnop --api-urls {{ "%s:%d" % (inventory_hostname, 9644) }} + sudo -u redpanda rpk cluster config set cloud_storage_enable_remote_read true --api-urls {{ "%s:%d" % (inventory_hostname, 9644) }} + sudo -u redpanda rpk cluster config set cloud_storage_enable_remote_write true --api-urls {{ "%s:%d" % (inventory_hostname, 9644) }} + sudo -u redpanda rpk cluster config set cloud_storage_segment_max_upload_interval_sec 30 --api-urls {{ "%s:%d" % (inventory_hostname, 9644) }} + sudo -u redpanda rpk cluster config set cloud_storage_credentials_source aws_instance_metadata --api-urls {{ "%s:%d" % (inventory_hostname, 9644) }} + sudo -u redpanda rpk cluster config set cloud_storage_enabled true --api-urls {{ "%s:%d" % (inventory_hostname, 9644) }} + {% else %} + sudo -u redpanda rpk cluster config set cloud_storage_bucket {{ si_bucket_name }} --api-urls {{ "%s:%d" % (private_ip, 9644) }} + sudo -u redpanda rpk cluster config set cloud_storage_region {{ aws_region }} --api-urls {{ "%s:%d" % (private_ip, 9644) }} + sudo -u redpanda rpk cluster config set cloud_storage_access_key ABCDEFGHIJKLMNOP --api-urls {{ "%s:%d" % (private_ip, 9644) }} + sudo -u redpanda rpk cluster config set cloud_storage_secret_key 1234567890abcdefghijklmnop --api-urls {{ "%s:%d" % (private_ip, 9644) }} + sudo -u redpanda rpk cluster config set cloud_storage_enable_remote_read true --api-urls {{ "%s:%d" % (private_ip, 9644) }} + sudo -u redpanda rpk cluster config set cloud_storage_enable_remote_write true --api-urls {{ "%s:%d" % (private_ip, 9644) }} + sudo -u redpanda rpk cluster config set cloud_storage_segment_max_upload_interval_sec 30 --api-urls {{ "%s:%d" % (private_ip, 9644) }} + sudo -u redpanda rpk cluster config set cloud_storage_credentials_source aws_instance_metadata --api-urls {{ "%s:%d" % (private_ip, 9644) }} + sudo -u redpanda rpk cluster config set cloud_storage_enabled true --api-urls {{ "%s:%d" % (private_ip, 9644) }} + {% endif %} + when: si_bucket_name is defined + + handlers: + - name: restart redpanda-tuner + systemd: + name: redpanda-tuner + state: restarted + - name: restart redpanda + systemd: + name: redpanda + state: restarted diff --git a/aws/cluster.tf b/aws/cluster.tf index d2233e18..4c62657f 100644 --- a/aws/cluster.tf +++ b/aws/cluster.tf @@ -6,6 +6,7 @@ locals { uuid = random_uuid.cluster.result timestamp = time_static.timestamp.rfc3339 deployment_id = "redpanda-${local.uuid}-${local.timestamp}" + si_bucket_name = "${var.instance_name_prefix}-redpanda-si-bucket" # tags shared by all instances instance_tags = { @@ -14,15 +15,63 @@ locals { } } +resource "aws_iam_policy" "redpanda" { + name = "${var.instance_name_prefix}-redpanda" + path = "/" + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + "Effect": "Allow", + "Action": [ + "s3:*", + "s3-object-lambda:*", + ], + "Resource": [ + "arn:aws:s3:::${local.si_bucket_name}/*" + ] + }, + ] + }) +} + +resource "aws_iam_role" "redpanda" { + name = "${var.instance_name_prefix}-redpanda" + assume_role_policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Sid = "" + Principal = { + Service = "ec2.amazonaws.com" + } + }, + ] + }) +} + +resource "aws_iam_policy_attachment" "redpanda" { + name = "${var.instance_name_prefix}-redpanda" + roles = [aws_iam_role.redpanda.name] + policy_arn = aws_iam_policy.redpanda.arn +} + +resource "aws_iam_instance_profile" "redpanda" { + name = "${var.instance_name_prefix}-redpanda" + role = aws_iam_role.redpanda.name +} + resource "aws_instance" "redpanda" { count = var.nodes ami = var.distro_ami[var.distro] instance_type = var.instance_type key_name = aws_key_pair.ssh.key_name + iam_instance_profile = aws_iam_instance_profile.redpanda.name vpc_security_group_ids = [aws_security_group.node_sec_group.id] placement_group = var.ha ? aws_placement_group.redpanda-pg[0].id : null placement_partition_number = var.ha ? (count.index % aws_placement_group.redpanda-pg[0].partition_count) + 1 : null - tags = local.instance_tags tags = merge( local.instance_tags, { @@ -149,6 +198,7 @@ resource "aws_placement_group" "redpanda-pg" { resource "aws_key_pair" "ssh" { key_name = "${local.deployment_id}-key" public_key = file(var.public_key_path) + tags = local.instance_tags } resource "local_file" "hosts_ini" { @@ -163,6 +213,10 @@ resource "local_file" "hosts_ini" { client_public_ips = aws_instance.client.*.public_ip client_private_ips = aws_instance.client.*.private_ip rack = aws_instance.redpanda.*.placement_partition_number + client_count = var.clients + aws_region = var.aws_region + si_enabled = var.si_enabled + si_bucket_name = local.si_bucket_name } ) filename = "${path.module}/../hosts.ini" diff --git a/aws/provider.tf b/aws/provider.tf index 28bd3128..9c1d9fe1 100644 --- a/aws/provider.tf +++ b/aws/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "3.73.0" + version = "4.35.0" } local = { source = "hashicorp/local" diff --git a/aws/s3.tf b/aws/s3.tf new file mode 100644 index 00000000..8ace1779 --- /dev/null +++ b/aws/s3.tf @@ -0,0 +1,19 @@ +resource "aws_s3_bucket" "si" { + count = var.si_enabled ? 1 : 0 + bucket = local.si_bucket_name + tags = local.instance_tags +} + +resource "aws_s3_bucket_acl" "si" { + count = var.si_enabled ? 1 : 0 + bucket = aws_s3_bucket.si[count.index].id + acl = "private" +} + +resource "aws_s3_bucket_versioning" "si" { + count = var.si_enabled ? 1 : 0 + bucket = aws_s3_bucket.si[count.index].id + versioning_configuration { + status = "Disabled" + } +} diff --git a/aws/vars.tf b/aws/vars.tf index 1e042319..4e5f2970 100644 --- a/aws/vars.tf +++ b/aws/vars.tf @@ -18,7 +18,7 @@ variable "ha" { variable "instance_name_prefix" { description = "The prefix for the instance name" type = string - default = "update-prefix-variable" + default = "prefix" } variable "distro" { @@ -101,3 +101,9 @@ variable "distro_ssh_user" { "amazon-linux-2" = "ec2-user" } } + +variable "si_enabled" { + description = "Enables or disables shadow indexing" + type = bool + default = true +} diff --git a/templates/hosts_ini.tpl b/templates/hosts_ini.tpl index 02c0de2f..3e92868e 100644 --- a/templates/hosts_ini.tpl +++ b/templates/hosts_ini.tpl @@ -1,14 +1,16 @@ [redpanda] %{ for i, ip in redpanda_public_ips ~} -${ ip } ansible_user=${ ssh_user } ansible_become=True private_ip=${redpanda_private_ips[i]} id=${i} %{ if rack[i] != null }rack=${rack[i]}%{ endif } +${ ip } ansible_user=${ ssh_user } ansible_become=True private_ip=${redpanda_private_ips[i]} id=${i}%{ if rack[i] != null } rack=${rack[i]}%{ endif }%{ if si_enabled } si_bucket_name=${si_bucket_name} aws_region=${aws_region}%{ endif } %{ endfor ~} %{ if enable_monitoring } [monitor] ${ monitor_public_ip } ansible_user=${ ssh_user } ansible_become=True private_ip=${ monitor_private_ip } %{ endif } +%{ if client_count > 0 } [client] %{ for i, ip in client_public_ips ~} ${ ip } ansible_user=${ ssh_user } ansible_become=True private_ip=${client_private_ips[i]} id=${i} %{ endfor ~} +%{ endif }