Skip to content

Commit

Permalink
Update etcd
Browse files Browse the repository at this point in the history
  • Loading branch information
cvlc committed Apr 14, 2022
1 parent d9b8f50 commit 1d4704c
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 13 deletions.
4 changes: 3 additions & 1 deletion asg.tf
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,9 @@ resource "aws_launch_configuration" "default" {
peer_key_file = tls_private_key.peer[count.index].private_key_pem,
server_cert_file = tls_locally_signed_cert.server[count.index].cert_pem,
server_key_file = tls_private_key.server[count.index].private_key_pem,
maintenance_day_of_the_month = count.index < 26 ? count.index + 1 : count.index - 25
maintenance_day_of_the_month = count.index < 26 ? count.index + 1 : count.index - 25,
aws_region = data.aws_region.current.name,
aws_dns_server = cidrhost(data.aws_vpc.target.cidr_block, 2),
})])
root_block_device { encrypted = true }

Expand Down
34 changes: 23 additions & 11 deletions cloudinit/userdata-template.sh
Original file line number Diff line number Diff line change
@@ -1,40 +1,52 @@
## Install ETCD
useradd -U -M -s /dev/null etcd

mkdir -p /etc/ssl/etcd; chown -R etcd:etcd /etc/ssl/etcd; chmod -R 700 /etc/ssl/etcd
curl -L -o /tmp/etcd-v${etcd_version}-linux-amd64.tar.gz ${etcd_url}
mkdir -p /etc/ssl/etcd
chown -R etcd:etcd /etc/ssl/etcd
chmod -R 700 /etc/ssl/etcd
curl -L -o /tmp/etcd-v"$etcd_version"-linux-amd64.tar.gz "$etcd_url"

tar xvf /tmp/etcd-v${etcd_version}-linux-amd64.tar.gz -C /tmp
tar xvf /tmp/etcd-v"$etcd_version"-linux-amd64.tar.gz -C /tmp

mv /tmp/etcd-v${etcd_version}-linux-amd64/{etcd,etcdctl,etcdutl} /usr/local/bin
mv /tmp/etcd-v"$etcd_version"-linux-amd64/{etcd,etcdctl,etcdutl} /usr/local/bin

mkdir -p /var/lib/etcd/
chown -R etcd:etcd /var/lib/etcd
chmod -R 700 /var/lib/etcd
mkdir -p /etc/etcd

cat << EOT > /etc/systemd/system/etcd-member.service
## Switch to AWS DNS direct rather than systemd-resolved
systemctl disable systemd-resolved
cat <<EOF >/etc/resolv.conf
nameserver ${aws_dns_server}
options edns0
search ${aws_region}.compute.internal
EOF
chattr +i /etc/resolv.conf
systemctl stop systemd-resolved

cat <<EOT >/etc/systemd/system/etcd-member.service
${etcd_member_unit}
EOT

## Create certificate files
cat << EOT > /etc/ssl/etcd/ca.pem
cat <<EOT >/etc/ssl/etcd/ca.pem
${ca_file}
EOT

cat << EOT > /etc/ssl/etcd/server.pem
cat <<EOT >/etc/ssl/etcd/server.pem
${server_cert_file}
EOT

cat << EOT > /etc/ssl/etcd/server-key.pem
cat <<EOT >/etc/ssl/etcd/server-key.pem
${server_key_file}
EOT

cat << EOT > /etc/ssl/etcd/peer.pem
cat <<EOT >/etc/ssl/etcd/peer.pem
${peer_cert_file}
EOT

cat << EOT > /etc/ssl/etcd/peer-key.pem
cat <<EOT >/etc/ssl/etcd/peer-key.pem
${peer_key_file}
EOT

Expand All @@ -44,7 +56,7 @@ local_ipv4=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.25
sed -e "s/~private_ipv4/$local_ipv4/g" -i /etc/systemd/system/etcd-member.service

## Create a cronjob to defrag etcd data, but be careful to spread out the time across all nodes to maintain service availability
cat <<EOT> /etc/cron.d/defrag-etcd
cat <<EOT >/etc/cron.d/defrag-etcd
5 3 ${maintenance_day_of_the_month} * * root /usr/bin/sudo -u etcd ETCDCTL_API=3 ETCDCTL_CERT=/etc/ssl/etcd/server.pem ETCDCTL_KEY=/etc/ssl/etcd/server-key.pem ETCDCTL_ENDPOINTS="https://${etcd_endpoint}:2379" etcdctl defrag
EOT

Expand Down
2 changes: 1 addition & 1 deletion variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ variable "role" {
}

variable "etcd_version" {
default = "3.5.1"
default = "3.5.3"
description = "etcd version to install"
}

Expand Down

0 comments on commit 1d4704c

Please sign in to comment.