PR #86 feedback 1

README.md

@@ -42,7 +42,7 @@ You can pass the following variables as `-e var=value`:
 * `advertise_public_ips=false|true`: Configure Redpanda to advertise the node's public IPs for client communication instead of private IPs. This allows for using the cluster from outside its subnet. **Note**: This is not recommended for production deployments, because it means that your nodes will be public. Use it for testing only. Default `false`
 * `grafana_admin_pass=<password_here>`: Configure Grafana's admin user's password
 * `ephemeral_disk`: Enable filesystem check for attached disk, useful when using attached disks in instances with ephemeral OS disks (i.e Azure L Series). This allows a filesystem repair at boot time and ensures that the drive is remounted automatically after a reboot. Default `false` 
-* `si_max_upload_interval`: Maps to `cloud_storage_segment_max_upload_interval_sec`. Sets the number of seconds for idle timeout. If this property is empty, Redpanda uploads metadata to the cloud storage, but the segment is not uploaded until it reaches the `segment.bytes` size. By default, the property is empty.
+* `cloud_storage_segment_max_upload_interval_sec`: Sets the number of seconds for idle timeout. If this property is empty, Redpanda uploads metadata to the cloud storage, but the segment is not uploaded until it reaches the `segment.bytes` size. By default, the property is empty.
 
 2. Use `rpk` & standard Kafka tools to produce/consume from the Redpanda cluster & access the Grafana installation on the monitor host.
 * The Grafana URL is http://&lt;grafana host&gt;:3000/login

ansible/playbooks/start-redpanda.yml

@@ -68,18 +68,18 @@
       - restart redpanda
     vars:
       use_public_ips: "{{ advertise_public_ips | d() | bool }}"
-      this_node: "{{ inventory_hostname if use_public_ips else private_ip }}"
+      urls: "{{ groups['redpanda'] | map('extract', hostvars) | map(attribute='inventory_hostname') | product([':9644']) | map('join') | join(',') if use_public_ips else groups['redpanda'] | map('extract', hostvars) | map(attribute='private_ip') | product([':9644']) | map('join') | join(',') }}"
     shell: |
-      sudo -u redpanda rpk cluster config set cloud_storage_bucket {{ si_bucket_name }} --api-urls {{ "%s:%d" % (this_node, 9644) }}
-      sudo -u redpanda rpk cluster config set cloud_storage_region {{ aws_region }} --api-urls {{ "%s:%d" % (this_node, 9644) }}
-      sudo -u redpanda rpk cluster config set cloud_storage_access_key ABCDEFGHIJKLMNOP --api-urls {{ "%s:%d" % (this_node, 9644) }}
-      sudo -u redpanda rpk cluster config set cloud_storage_secret_key 1234567890abcdefghijklmnop --api-urls {{ "%s:%d" % (this_node, 9644) }}
-      {% if si_max_upload_interval is defined %}
-      sudo -u redpanda rpk cluster config set cloud_storage_segment_max_upload_interval_sec {{ si_max_upload_interval }} --api-urls {{ "%s:%d" % (this_node, 9644) }}
+      sudo -u redpanda rpk cluster config set cloud_storage_bucket {{ tiered_storage_bucket_name }} --api-urls {{ urls }}
+      sudo -u redpanda rpk cluster config set cloud_storage_region {{ aws_region }} --api-urls {{ urls }}
+      sudo -u redpanda rpk cluster config set cloud_storage_access_key ABCDEFGHIJKLMNOP --api-urls {{ urls }}
+      sudo -u redpanda rpk cluster config set cloud_storage_secret_key 1234567890abcdefghijklmnop --api-urls {{ urls }}
+      {% if cloud_storage_segment_max_upload_interval_sec is defined %}
+      sudo -u redpanda rpk cluster config set cloud_storage_segment_max_upload_interval_sec {{ cloud_storage_segment_max_upload_interval_sec }} --api-urls {{ urls }}
       {% endif %}
-      sudo -u redpanda rpk cluster config set cloud_storage_credentials_source aws_instance_metadata --api-urls {{ "%s:%d" % (this_node, 9644) }}
-      sudo -u redpanda rpk cluster config set cloud_storage_enabled true --api-urls {{ "%s:%d" % (this_node, 9644) }}
-    when: si_bucket_name is defined
+      sudo -u redpanda rpk cluster config set cloud_storage_credentials_source aws_instance_metadata --api-urls {{ urls }}
+      sudo -u redpanda rpk cluster config set cloud_storage_enabled true --api-urls {{ urls }}
+    when: tiered_storage_bucket_name is defined
 
   handlers:
   - name: restart redpanda-tuner

aws/cluster.tf

@@ -3,10 +3,10 @@ resource "random_uuid" "cluster" {}
 resource "time_static" "timestamp" {}
 
 locals {
-  uuid           = random_uuid.cluster.result
-  timestamp      = time_static.timestamp.rfc3339
-  deployment_id  = "redpanda-${local.uuid}-${local.timestamp}"
-  si_bucket_name = "${var.instance_name_prefix}-redpanda-si-bucket"
+  uuid                       = random_uuid.cluster.result
+  timestamp                  = time_static.timestamp.unix
+  deployment_id              = length(var.deployment_prefix) > 0 ? var.deployment_prefix : "redpanda-${substr(local.uuid, 0, 8)}-${local.timestamp}"
+  tiered_storage_bucket_name = "${local.deployment_id}-bucket"
 
   # tags shared by all instances
   instance_tags = {
@@ -16,7 +16,8 @@ locals {
 }
 
 resource "aws_iam_policy" "redpanda" {
-  name   = "${var.instance_name_prefix}-redpanda"
+  count  = var.tiered_storage_enabled ? 1 : 0
+  name   = local.deployment_id
   path   = "/"
   policy = jsonencode({
     Version   = "2012-10-17"
@@ -28,15 +29,16 @@ resource "aws_iam_policy" "redpanda" {
           "s3-object-lambda:*",
         ],
         "Resource": [
-          "arn:aws:s3:::${local.si_bucket_name}/*"
+          "arn:aws:s3:::${local.tiered_storage_bucket_name}/*"
         ]
       },
     ]
   })
 }
 
 resource "aws_iam_role" "redpanda" {
-  name               = "${var.instance_name_prefix}-redpanda"
+  count              = var.tiered_storage_enabled ? 1 : 0
+  name               = local.deployment_id
   assume_role_policy = jsonencode({
     Version   = "2012-10-17"
     Statement = [
@@ -53,29 +55,31 @@ resource "aws_iam_role" "redpanda" {
 }
 
 resource "aws_iam_policy_attachment" "redpanda" {
-  name       = "${var.instance_name_prefix}-redpanda"
-  roles      = [aws_iam_role.redpanda.name]
-  policy_arn = aws_iam_policy.redpanda.arn
+  count      = var.tiered_storage_enabled ? 1 : 0
+  name       = local.deployment_id
+  roles      = [aws_iam_role.redpanda[count.index].name]
+  policy_arn = aws_iam_policy.redpanda[count.index].arn
 }
 
 resource "aws_iam_instance_profile" "redpanda" {
-  name = "${var.instance_name_prefix}-redpanda"
-  role = aws_iam_role.redpanda.name
+  count  = var.tiered_storage_enabled ? 1 : 0
+  name   = local.deployment_id
+  role   = aws_iam_role.redpanda[count.index].name
 }
 
 resource "aws_instance" "redpanda" {
   count                      = var.nodes
   ami                        = var.distro_ami[var.distro]
   instance_type              = var.instance_type
   key_name                   = aws_key_pair.ssh.key_name
-  iam_instance_profile       = aws_iam_instance_profile.redpanda.name
+  iam_instance_profile       = var.tiered_storage_enabled ? aws_iam_instance_profile.redpanda[0].name : null
   vpc_security_group_ids     = [aws_security_group.node_sec_group.id]
   placement_group            = var.ha ? aws_placement_group.redpanda-pg[0].id : null
   placement_partition_number = var.ha ? (count.index % aws_placement_group.redpanda-pg[0].partition_count) + 1 : null
   tags                       = merge(
     local.instance_tags,
     {
-      Name = "${var.instance_name_prefix}-redpanda-${count.index}",
+      Name = "${local.deployment_id}-node-${count.index}",
     }
   )
 
@@ -92,7 +96,12 @@ resource "aws_instance" "prometheus" {
   instance_type          = var.prometheus_instance_type
   key_name               = aws_key_pair.ssh.key_name
   vpc_security_group_ids = [aws_security_group.node_sec_group.id]
-  tags                   = local.instance_tags
+  tags                   = merge(
+    local.instance_tags,
+    {
+      Name = "${local.deployment_id}-prometheus",
+    }
+  )
 
   connection {
     user        = var.distro_ssh_user[var.distro]
@@ -107,7 +116,12 @@ resource "aws_instance" "client" {
   instance_type          = var.client_instance_type
   key_name               = aws_key_pair.ssh.key_name
   vpc_security_group_ids = [aws_security_group.node_sec_group.id]
-  tags                   = local.instance_tags
+  tags                   = merge(
+    local.instance_tags,
+    {
+      Name = "${local.deployment_id}-client",
+    }
+  )
 
   connection {
     user        = var.distro_ssh_user[var.client_distro]
@@ -204,19 +218,19 @@ resource "aws_key_pair" "ssh" {
 resource "local_file" "hosts_ini" {
   content = templatefile("${path.module}/../templates/hosts_ini.tpl",
     {
-      redpanda_public_ips  = aws_instance.redpanda.*.public_ip
-      redpanda_private_ips = aws_instance.redpanda.*.private_ip
-      monitor_public_ip    = var.enable_monitoring ? aws_instance.prometheus[0].public_ip : ""
-      monitor_private_ip   = var.enable_monitoring ? aws_instance.prometheus[0].private_ip : ""
-      ssh_user             = var.distro_ssh_user[var.distro]
-      enable_monitoring    = var.enable_monitoring
-      client_public_ips    = aws_instance.client.*.public_ip
-      client_private_ips   = aws_instance.client.*.private_ip
-      rack                 = aws_instance.redpanda.*.placement_partition_number
-      client_count         = var.clients
-      aws_region           = var.aws_region
-      si_enabled           = var.si_enabled
-      si_bucket_name       = local.si_bucket_name
+      redpanda_public_ips        = aws_instance.redpanda.*.public_ip
+      redpanda_private_ips       = aws_instance.redpanda.*.private_ip
+      monitor_public_ip          = var.enable_monitoring ? aws_instance.prometheus[0].public_ip : ""
+      monitor_private_ip         = var.enable_monitoring ? aws_instance.prometheus[0].private_ip : ""
+      ssh_user                   = var.distro_ssh_user[var.distro]
+      enable_monitoring          = var.enable_monitoring
+      client_public_ips          = aws_instance.client.*.public_ip
+      client_private_ips         = aws_instance.client.*.private_ip
+      rack                       = aws_instance.redpanda.*.placement_partition_number
+      client_count               = var.clients
+      aws_region                 = var.aws_region
+      tiered_storage_enabled     = var.tiered_storage_enabled
+      tiered_storage_bucket_name = local.tiered_storage_bucket_name
     }
   )
   filename = "${path.module}/../hosts.ini"

aws/readme.md

@@ -55,6 +55,7 @@ No Modules.
 | nodes | The number of nodes to deploy | `number` | `"3"` | no |
 | prometheus\_instance\_type | Instant type of the prometheus/grafana node | `string` | `"c5.2xlarge"` | no |
 | public\_key\_path | The public key used to ssh to the hosts | `string` | `"~/.ssh/id_rsa.pub"` | no |
+| tiered\_storage\_enabled | Enables or disables tiered storage | `bool` | `false` | no |
 
 ### Client Inputs
 By default, no client VMs are provisioned. If you want to also provision client

aws/s3.tf

@@ -1,18 +1,18 @@
-resource "aws_s3_bucket" "si" {
-  count  = var.si_enabled ? 1 : 0
-  bucket = local.si_bucket_name
+resource "aws_s3_bucket" "tiered_storage" {
+  count  = var.tiered_storage_enabled ? 1 : 0
+  bucket = local.tiered_storage_bucket_name
   tags   = local.instance_tags
 }
 
-resource "aws_s3_bucket_acl" "si" {
-  count  = var.si_enabled ? 1 : 0
-  bucket = aws_s3_bucket.si[count.index].id
+resource "aws_s3_bucket_acl" "tiered_storage" {
+  count  = var.tiered_storage_enabled ? 1 : 0
+  bucket = aws_s3_bucket.tiered_storage[count.index].id
   acl    = "private"
 }
 
-resource "aws_s3_bucket_versioning" "si" {
-  count  = var.si_enabled ? 1 : 0
-  bucket = aws_s3_bucket.si[count.index].id
+resource "aws_s3_bucket_versioning" "tiered_storage" {
+  count  = var.tiered_storage_enabled ? 1 : 0
+  bucket = aws_s3_bucket.tiered_storage[count.index].id
   versioning_configuration {
     status = "Disabled"
   }

aws/vars.tf

@@ -15,10 +15,10 @@ variable "ha" {
   default     = false
 }
 
-variable "instance_name_prefix" {
-  description = "The prefix for the instance name"
+variable "deployment_prefix" {
+  description = "The prefix for the instance name (defaults to {random uuid}-{timestamp})"
   type        = string
-  default     = "prefix"
+  default     = ""
 }
 
 variable "distro" {
@@ -102,8 +102,8 @@ variable "distro_ssh_user" {
   }
 }
 
-variable "si_enabled" {
-  description = "Enables or disables shadow indexing"
+variable "tiered_storage_enabled" {
+  description = "Enables or disables tiered storage"
   type = bool
-  default = false
+  default = true
 }

templates/hosts_ini.tpl

@@ -1,6 +1,6 @@
 [redpanda]
 %{ for i, ip in redpanda_public_ips ~}
-${ ip } ansible_user=${ ssh_user } ansible_become=True private_ip=${redpanda_private_ips[i]} id=${i}%{ if rack[i] != null } rack=${rack[i]}%{ endif }%{ if si_enabled } si_bucket_name=${si_bucket_name} aws_region=${aws_region}%{ endif }
+${ ip } ansible_user=${ ssh_user } ansible_become=True private_ip=${redpanda_private_ips[i]} id=${i}%{ if rack[i] != null } rack=${rack[i]}%{ endif }%{ if tiered_storage_enabled } tiered_storage_bucket_name=${tiered_storage_bucket_name} aws_region=${aws_region}%{ endif }
 %{ endfor ~}
 %{ if enable_monitoring }