Add support for EC2 instance type (#63)

* add support for ec2 instance type

* update changelog and readme

* PR comment updates

Author: rpoluri

.gitignore

@@ -39,3 +39,5 @@ target/
 # Ansible host file
 ansible/*-hosts
 ansible/*-hosts
+
+test/*

CHANGELOG.md

@@ -3,6 +3,11 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [2.0.0] - TBD
+
+### Added
+- Support for running Waggle Dance on EC2 nodes.
+
 ## [1.1.3] - 2019-06-27
 
 ### Changed

README.md

@@ -31,6 +31,13 @@ For more information please refer to the main [Apiary](https://github.com/Expedi
 | tags | A map of tags to apply to resources. | map | `<map>` | no |
 | vpc_id | VPC ID. | string | - | yes |
 | wd_ecs_task_count | Number of ECS tasks to create. | string | `1` | no |
+| wd_instance_type | Waggle Dance instance type, possible values: `ecs`,`ec2`. | string | `ecs` | no |
+| waggledance_version | Waggle Dance version to install on EC2 nodes | string | `3.3.2` | no |
+| key_name | Waggle Dance EC2 ssh key pair name. | string | automation | no |
+| root_vol_type | Waggle Dance EC2 root volume type. | string | `gp2` | no |
+| root_vol_size | Waggle Dance EC2 root volume size. | string | `10` | no |
+| ec2_instance_type | Waggle Dance EC2 instance type. | string | `m5.large` | no |
+| ami_id | Amazon Linux AMI. | string | - | no |
 
 ## Usage
 

common.tf

@@ -5,20 +5,23 @@
  */
 
 locals {
-  instance_alias               = "${ var.instance_name == "" ? "waggledance" : format("waggledance-%s",var.instance_name) }"
-  remote_metastore_zone_prefix = "${ var.instance_name == "" ? "remote-metastore" : format("remote-metastore-%s",var.instance_name) }"
+  instance_alias               = "${var.instance_name == "" ? "waggledance" : format("waggledance-%s", var.instance_name)}"
+  remote_metastore_zone_prefix = "${var.instance_name == "" ? "remote-metastore" : format("remote-metastore-%s", var.instance_name)}"
+  cw_arn                       = "arn:aws:swf:${var.aws_region}:${data.aws_caller_identity.current.account_id}:action/actions/AWS_EC2.InstanceId.Reboot/1.0"
 }
 
+data "aws_caller_identity" "current" {}
+
 data "aws_vpc" "waggledance_vpc" {
   id = "${var.vpc_id}"
 }
 
 data "aws_secretsmanager_secret" "bastion_ssh_key" {
-  count = "${ var.bastion_ssh_key_secret_name == "" ? 0 : 1}"
+  count = "${var.bastion_ssh_key_secret_name == "" ? 0 : 1}"
   name  = "${var.bastion_ssh_key_secret_name}"
 }
 
 data "aws_secretsmanager_secret" "docker_registry" {
-  count = "${ var.docker_registry_auth_secret_name == "" ? 0 : 1 }"
-  name  = "${ var.docker_registry_auth_secret_name }"
+  count = "${var.docker_registry_auth_secret_name == "" ? 0 : 1}"
+  name  = "${var.docker_registry_auth_secret_name}"
 }

ec2.tf

@@ -0,0 +1,81 @@
+/**
+ * Copyright (C) 2018-2019 Expedia Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ */
+
+data "aws_ami" "amzn" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+
+  filter {
+    name   = "name"
+    values = ["amzn-ami-hvm-*-ebs"]
+  }
+
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+}
+
+data "template_file" "waggledance_userdata" {
+  template = "${file("${path.module}/templates/waggledance_userdata.sh")}"
+}
+
+resource "aws_instance" "waggledance" {
+  count         = "${var.wd_instance_type == "ecs" ? 0 : length(var.subnets)}"
+  ami           = "${var.ami_id == "" ? data.aws_ami.amzn.id : var.ami_id}"
+  instance_type = "${var.ec2_instance_type}"
+  key_name      = "${var.key_name}"
+  ebs_optimized = true
+
+  subnet_id              = "${var.subnets[count.index]}"
+  iam_instance_profile   = "${aws_iam_instance_profile.waggledance.id}"
+  vpc_security_group_ids = ["${aws_security_group.wd_sg.id}"]
+
+  user_data_base64 = "${base64encode(data.template_file.waggledance_userdata.rendered)}"
+
+  root_block_device {
+    volume_type = "${var.root_vol_type}"
+    volume_size = "${var.root_vol_size}"
+  }
+
+  tags = "${merge(map("Name", "${local.instance_alias}-${count.index + 1}"), "${var.tags}")}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "waggledance" {
+  count = "${var.wd_instance_type == "ecs" ? 0 : length(var.subnets)}"
+
+  alarm_name = "Auto Reboot - ${aws_instance.waggledance.*.id[count.index]}"
+
+  dimensions {
+    InstanceId = "${aws_instance.waggledance.*.id[count.index]}"
+  }
+
+  metric_name         = "StatusCheckFailed"
+  namespace           = "AWS/EC2"
+  period              = "60"
+  statistic           = "Average"
+  threshold           = "1"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "3"
+
+  alarm_description = "This will restart ${local.instance_alias}-${count.index + 1} if the status check fails"
+
+  alarm_actions = ["${local.cw_arn}"]
+}

ecs-service-discovery.tf

@@ -5,12 +5,14 @@
  */
 
 resource "aws_service_discovery_private_dns_namespace" "waggledance" {
-  name = "${local.instance_alias}-${var.aws_region}.${var.domain_extension}"
-  vpc  = "${var.vpc_id}"
+  count = "${var.wd_instance_type == "ecs" ? 1 : 0}"
+  name  = "${local.instance_alias}-${var.aws_region}.${var.domain_extension}"
+  vpc   = "${var.vpc_id}"
 }
 
 resource "aws_service_discovery_service" "metastore_proxy" {
-  name = "metastore-proxy"
+  count = "${var.wd_instance_type == "ecs" ? 1 : 0}"
+  name  = "metastore-proxy"
 
   dns_config {
     namespace_id = "${aws_service_discovery_private_dns_namespace.waggledance.id}"
@@ -29,8 +31,8 @@ resource "aws_service_discovery_service" "metastore_proxy" {
 }
 
 resource "aws_route53_zone_association" "secondary" {
-  count      = "${length(var.secondary_vpcs)}"
+  count      = "${var.wd_instance_type == "ecs" ? length(var.secondary_vpcs) : 0}"
   zone_id    = "${aws_service_discovery_private_dns_namespace.waggledance.hosted_zone}"
-  vpc_id     = "${element(var.secondary_vpcs,count.index)}"
+  vpc_id     = "${element(var.secondary_vpcs, count.index)}"
   vpc_region = "${var.aws_region}"
 }

ecs.tf

@@ -5,11 +5,13 @@
  */
 
 resource "aws_ecs_cluster" "waggledance" {
-  name = "${local.instance_alias}"
-  tags = "${var.tags}"
+  count = "${var.wd_instance_type == "ecs" ? 1 : 0}"
+  name  = "${local.instance_alias}"
+  tags  = "${var.tags}"
 }
 
 resource "aws_ecs_service" "waggledance_service" {
+  count           = "${var.wd_instance_type == "ecs" ? 1 : 0}"
   name            = "${local.instance_alias}-service"
   launch_type     = "FARGATE"
   cluster         = "${aws_ecs_cluster.waggledance.id}"
@@ -27,6 +29,7 @@ resource "aws_ecs_service" "waggledance_service" {
 }
 
 resource "aws_ecs_task_definition" "waggledance" {
+  count                    = "${var.wd_instance_type == "ecs" ? 1 : 0}"
   family                   = "${local.instance_alias}"
   task_role_arn            = "${aws_iam_role.waggledance_task.arn}"
   execution_role_arn       = "${aws_iam_role.waggledance_task_exec.arn}"

iam-ecs.tf

@@ -42,7 +42,7 @@ resource "aws_iam_role_policy" "secretsmanager_for_ecs_task_exec" {
     "Statement": {
         "Effect": "Allow",
         "Action": "secretsmanager:GetSecretValue",
-        "Resource": [ "${join("\",\"",concat(data.aws_secretsmanager_secret.docker_registry.*.arn))}" ]
+        "Resource": [ "${join("\",\"", concat(data.aws_secretsmanager_secret.docker_registry.*.arn))}" ]
     }
 }
 EOF
@@ -59,7 +59,7 @@ resource "aws_iam_role" "waggledance_task" {
       "Sid": "",
       "Effect": "Allow",
       "Principal": {
-        "Service": "ecs-tasks.amazonaws.com"
+        "Service": [ "ecs-tasks.amazonaws.com", "ec2.amazonaws.com" ]
       },
       "Action": "sts:AssumeRole"
     }
@@ -71,7 +71,7 @@ EOF
 }
 
 resource "aws_iam_role_policy" "secretsmanager_for_waggledance_task" {
-  count = "${ var.bastion_ssh_key_secret_name == "" ? 0 : 1}"
+  count = "${var.bastion_ssh_key_secret_name == "" ? 0 : 1}"
   name  = "secretsmanager"
   role  = "${aws_iam_role.waggledance_task.id}"
 
@@ -86,3 +86,15 @@ resource "aws_iam_role_policy" "secretsmanager_for_waggledance_task" {
 }
 EOF
 }
+
+resource "aws_iam_role_policy_attachment" "waggledance_ssm_policy" {
+  count      = "${var.wd_instance_type == "ecs" ? 0 : 1}"
+  role       = "${aws_iam_role.waggledance_task.name}"
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"
+}
+
+resource "aws_iam_instance_profile" "waggledance" {
+  count = "${var.wd_instance_type == "ecs" ? 0 : 1}"
+  name  = "${aws_iam_role.waggledance_task.name}"
+  role  = "${aws_iam_role.waggledance_task.name}"
+}

route53.tf

@@ -0,0 +1,24 @@
+/**
+ * Copyright (C) 2018-2019 Expedia Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ */
+
+resource "aws_route53_zone" "waggledance" {
+  count = "${var.wd_instance_type == "ecs" ? 0 : 1}"
+  name  = "${local.instance_alias}-${var.aws_region}.${var.domain_extension}"
+
+  vpc = {
+    vpc_id = "${var.vpc_id}"
+  }
+}
+
+resource "aws_route53_record" "metastore_proxy" {
+  count = "${var.wd_instance_type == "ecs" ? 0 : 1}"
+  name  = "metastore-proxy"
+
+  zone_id = "${aws_route53_zone.waggledance.id}"
+  type    = "A"
+  ttl     = "300"
+  records = ["${aws_instance.waggledance.*.private_ip}"]
+}

sg.tf

@@ -9,6 +9,13 @@ resource "aws_security_group" "wd_sg" {
   vpc_id = "${var.vpc_id}"
   tags   = "${var.tags}"
 
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = "${var.ingress_cidr}"
+  }
+
   ingress {
     from_port   = 48869
     to_port     = 48869

ssm.tf

@@ -0,0 +1,48 @@
+/**
+ * Copyright (C) 2018-2019 Expedia Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ */
+
+data "template_file" "waggledance_playbook" {
+  template = "${file("${path.module}/templates/waggledance_playbook.yml")}"
+
+  vars {
+    aws_region          = "${var.aws_region}"
+    waggledance_version = "${var.waggledance_version}"
+    server_yaml         = "${base64encode(data.template_file.server_yaml.rendered)}"
+    federation_yaml     = "${base64encode(data.template_file.federation_yaml.rendered)}"
+  }
+}
+
+#to delay ssm assiociation till ansible is installed
+resource "null_resource" "waggledance_delay" {
+  count = "${var.wd_instance_type == "ecs" ? 0 : 1}"
+
+  triggers = {
+    waggledance_instance_ids = "${join(",", aws_instance.waggledance.*.id)}"
+  }
+
+  provisioner "local-exec" {
+    command = "sleep 90"
+  }
+}
+
+resource "aws_ssm_association" "waggledance_playbook" {
+  count            = "${var.wd_instance_type == "ecs" ? 0 : 1}"
+  name             = "AWS-RunAnsiblePlaybook"
+  association_name = "${local.instance_alias}-playbook"
+
+  schedule_expression = "rate(30 minutes)"
+
+  targets {
+    key    = "InstanceIds"
+    values = ["${aws_instance.waggledance.*.id}"]
+  }
+
+  parameters = {
+    playbook = "${data.template_file.waggledance_playbook.rendered}"
+  }
+
+  depends_on = ["null_resource.waggledance_delay"]
+}

templates/waggledance_playbook.yml

@@ -0,0 +1,66 @@
+- hosts: all
+  become: true
+
+  vars:
+    server_yaml: "${server_yaml}"
+    federation_yaml: "${federation_yaml}"
+    heapsize: "{{ (ansible_memtotal_mb * 0.8)|int }}"
+
+  tasks:
+
+  - name: cleanup packages
+    yum:
+      name:
+        - java-1.7.0-openjdk
+      state: absent
+
+  - name: install binaries
+    yum:
+      name:
+        - java-1.8.0-openjdk
+        - wget
+        - unzip
+        - jq
+        - htop
+        - telnet
+        - nc
+      state: present
+
+  - name: install waggle-dance
+    yum:
+      name: http://search.maven.org/remotecontent?filepath=com/hotels/waggle-dance-rpm/${waggledance_version}/waggle-dance-rpm-${waggledance_version}.rpm
+      state: present
+
+  - name: server yaml
+    copy:
+      dest: /opt/waggle-dance/conf/waggle-dance-server.yml
+      content: "{{ server_yaml|b64decode }}"
+
+  - name: federation yaml
+    copy:
+      dest: /opt/waggle-dance/conf/waggle-dance-federation.yml
+      content: "{{ federation_yaml|b64decode }}"
+
+  - name: server conf
+    copy:
+      dest: /opt/waggle-dance/service/waggle-dance-core-latest-exec.conf
+      content: |
+        LOG_FOLDER=/var/log/waggle-dance/
+        JAVA_OPTS="-Xmx{{ heapsize }}m -Xms{{ heapsize }}m -XX:+UseG1GC -XX:G1ReservePercent=15 -Dlog4j.configurationFile=/opt/waggle-dance/conf/log4j2.xml -Dlogging.config=/opt/waggle-dance/conf/log4j2.xml"
+        RUN_ARGS="--server-config=/opt/waggle-dance/conf/waggle-dance-server.yml --federation-config=/opt/waggle-dance/conf/waggle-dance-federation.yml"
+    notify:
+      - restart-waggledance
+
+  - name: state waggle-dance
+    service:
+      name: waggle-dance
+      enabled: yes
+      state: started
+
+  handlers:
+
+  - name: restart-waggledance
+    service:
+      name: waggle-dance
+      enabled: yes
+      state: restarted