Add asg-simple-lifecycle

Author: psibi

examples/asg-simple-lifecycle-hooks/Makefile

@@ -0,0 +1,75 @@
+.PHONY: init ssh-key plan-vpc plan-subnets plan-gateway plan apply destroy clean
+
+.DEFAULT_GOAL = help
+
+TERRAFORM = "aws-env terraform"
+
+# Hardcoding value of 3 minutes when we check if the plan file is stale
+STALE_PLAN_FILE := `find "tf.out" -mmin -3 | grep -q tf.out`
+
+## Check if tf.out is stale (Older than 2 minutes)
+check-plan-file:
+	@if ! ${STALE_PLAN_FILE} ; then \
+		echo "ERROR: Stale tf.out plan file (older than 3 minutes)!"; \
+		exit 1; \
+	fi
+
+## Runs terraform get and terraform init for env
+init:
+	$terraform init
+
+## Create ssh key
+ssh-key:
+	@ssh-keygen -q -N "" -b 4096 -C "SSH key for vpc-scenario-1 example" -f ./id_rsa
+
+## use 'terraform plan' to 'target' the vpc in the vpc module
+plan-vpc:
+	@terraform plan \
+		-target="module.vpc.module.vpc" \
+		-out=tf.out
+
+## use 'terraform plan' to 'target' the public subnets in the vpc module
+plan-subnets:
+	@terraform plan \
+		-target="module.vpc.module.public-subnets" \
+		-out=tf.out
+
+## use 'terraform plan' to 'target' the public gateway in the vpc module
+plan-gateway:
+	@terraform plan \
+		-target="module.vpc.module.public-gateway" \
+		-out=tf.out
+
+## use 'terraform plan' to map out updates to apply
+plan:
+	@terraform plan -out=tf.out
+
+## use 'terraform apply' to apply updates in a 'tf.out' plan file
+apply: check-plan-file
+	@terraform apply tf.out
+
+## use 'terraform destroy' to remove all resources from AWS
+destroy:
+	@terraform destroy
+
+## rm -rf all files and state
+clean:
+	@rm -f tf.out
+	@rm -f id_rsa
+	@rm -f id_rsa.pub
+	@rm -f terraform.tfvars
+	@rm -f terraform.*.backup
+	@rm -f terraform.tfstate
+
+## Show help screen.
+help:
+	@echo "Please use \`make <target>' where <target> is one of\n\n"
+	@awk '/^[a-zA-Z\-\_0-9]+:/ { \
+		helpMessage = match(lastLine, /^## (.*)/); \
+		if (helpMessage) { \
+			helpCommand = substr($$1, 0, index($$1, ":")-1); \
+			helpMessage = substr(lastLine, RSTART + 3, RLENGTH); \
+			printf "%-30s %s\n", helpCommand, helpMessage; \
+		} \
+	} \
+	{ lastLine = $$0 }' $(MAKEFILE_LIST)

examples/asg-simple-lifecycle-hooks/README.md

@@ -0,0 +1,74 @@
+# Example of basic ASG integration with lifecycle hooks
+
+The difference between this and the one one is that we aren't using
+any load balancers in this example.
+
+## Environment creation and deployment
+
+To use this example set up AWS credentials and then run the commands in the
+following order:
+
+```
+make ssh-key
+make init
+make plan-vpc
+make apply
+make plan-subnets
+make apply
+make plan-gateway
+make apply
+make plan
+make apply
+```
+
+## Testing
+
+Get the public IP address of the newly created ec2 web instance with the AWS console.
+
+SSH into the machine with the command:
+
+```
+ssh -i id_rsa ec2-user@<ec2-ip-address>
+```
+
+You can see in the machine that `lifecycled` daemon would be
+running. You can check the status of the service using
+
+```
+systemctl status lifecycled.service
+```
+
+
+## Test the Notification
+
+To generate a notification for a launch event, update the Auto Scaling group by increasing the desired capacity of the Auto Scaling group by 1. You receive a notification within a few minutes after instance launch.
+
+To change the desired capacity using the console
+
+    Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
+
+    On the navigation pane, under Auto Scaling, choose Auto Scaling Groups.
+
+    Select your Auto Scaling group.
+
+    On the Details tab, choose Edit.
+
+    For Desired, decrease the current value by 1.
+
+    Choose Save.
+
+    After a few minutes, you'll see that the lifecycle-handler.sh script will be executed and it's side effect operation will be performed.
+
+
+## Destruction
+
+To destroy the test environment run the following commands:
+
+```
+make destroy
+make clean
+```
+
+## Notes
+- This example was last tested with `Terraform v0.11.11`
+- This example assumes AWS credentials setup with access to the **us-east-2** region.

examples/asg-simple-lifecycle-hooks/asg.tf

@@ -0,0 +1,38 @@
+resource "aws_autoscaling_group" "cluster" {
+  name                 = "${var.name_prefix}-${aws_launch_configuration.cluster.name}"
+  launch_configuration = aws_launch_configuration.cluster.id
+  vpc_zone_identifier  = module.vpc.public_subnet_ids
+
+  min_size         = 1
+  desired_capacity = 2
+  max_size         = 4
+
+  lifecycle {
+    create_before_destroy = true
+  }
+
+  initial_lifecycle_hook {
+    name                    = "${var.name_prefix}-lifecycle"
+    default_result          = "CONTINUE"
+    heartbeat_timeout       = 60
+    lifecycle_transition    = "autoscaling:EC2_INSTANCE_TERMINATING"
+    notification_target_arn = aws_sns_topic.main.arn
+    role_arn                = aws_iam_role.lifecycle_hook.arn
+  }
+}
+
+# Launch Config for the ASG
+resource "aws_launch_configuration" "cluster" {
+  name_prefix          = var.name_prefix
+  image_id             = data.aws_ami.linux2.id
+  instance_type        = "t2.nano"
+  key_name             = aws_key_pair.main.key_name
+  iam_instance_profile = aws_iam_instance_profile.ec2.name
+  security_groups      = [aws_security_group.main.id]
+
+  user_data = data.template_file.main.rendered
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}

examples/asg-simple-lifecycle-hooks/cloud-config.yml

@@ -0,0 +1,43 @@
+#cloud-config
+write_files:
+  - path: "/etc/systemd/system/lifecycled.service"
+    permissions: "0644"
+    owner: "root"
+    content: |
+      [Unit]
+      Description=Autoscale Lifecycle Daemon
+      Requires=network-online.target
+      After=network-online.target
+
+      [Service]
+      Type=simple
+      Restart=on-failure
+      RestartSec=30s
+      TimeoutStopSec=5m
+
+      Environment="AWS_REGION=${region}"
+      ExecStart=/usr/local/bin/lifecycled --no-spot --sns-topic=${lifecycle_topic} --handler=/usr/local/scripts/lifecycle-handler.sh --json
+
+      [Install]
+      WantedBy=multi-user.target
+  - path: "/usr/local/scripts/lifecycle-handler.sh"
+    permissions: "0744"
+    owner: "root"
+    content: |
+     #! /usr/bin/bash
+
+     set -euo pipefail
+
+     echo "hello from the handler"
+     curl http://3.22.77.147
+     sleep 120
+     echo "goodbye from the handler"
+runcmd:
+  - |
+    wget https://github.com/buildkite/lifecycled/releases/download/v3.0.2/lifecycled-linux-amd64
+    cp ./lifecycled-linux-amd64 /usr/local/bin/lifecycled
+    chmod +x /usr/local/bin/lifecycled
+    chown root:root /usr/local/bin/lifecycled
+    echo "lifecycled installed"
+  - |
+    systemctl enable lifecycled.service --now

examples/asg-simple-lifecycle-hooks/data.tf

@@ -0,0 +1,106 @@
+# Use the latest Amazon Linux 2 AMI
+data "aws_ami" "linux2" {
+  owners      = ["amazon"]
+  most_recent = true
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami*gp2"]
+  }
+}
+
+data "aws_availability_zones" "available" {
+}
+
+data "aws_region" "current" {
+}
+
+# Cloud init script for the autoscaling group
+data "template_file" "main" {
+  template = file("${path.module}/cloud-config.yml")
+
+  vars = {
+    region          = data.aws_region.current.name
+    lifecycle_topic = aws_sns_topic.main.arn
+  }
+}
+
+# Instance profile for the autoscaling group.
+data "aws_iam_policy_document" "permissions" {
+  statement {
+    effect = "Allow"
+
+    actions = [
+      "sns:Subscribe",
+      "sns:Unsubscribe",
+    ]
+
+    resources = [
+      aws_sns_topic.main.arn,
+    ]
+  }
+
+  statement {
+    effect = "Allow"
+
+    actions = [
+      "autoscaling:RecordLifecycleActionHeartbeat",
+      "autoscaling:CompleteLifecycleAction",
+    ]
+
+    resources = ["*"]
+  }
+}
+
+data "aws_iam_policy_document" "ec2_assume" {
+  statement {
+    effect  = "Allow"
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ec2.amazonaws.com"]
+    }
+  }
+}
+
+data "aws_iam_policy_document" "asg_assume" {
+  statement {
+    effect  = "Allow"
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["autoscaling.amazonaws.com"]
+    }
+  }
+}
+
+data "aws_iam_policy_document" "asg_permissions" {
+  statement {
+    effect = "Allow"
+
+    resources = [
+      aws_sns_topic.main.arn,
+    ]
+
+    actions = [
+      "sns:Publish",
+    ]
+  }
+}

examples/asg-simple-lifecycle-hooks/locals.tf

@@ -0,0 +1,7 @@
+locals {
+  az_count = length(var.public_subnet_cidrs)
+  azs = slice(
+    data.aws_availability_zones.available.names,
+    0,
+    local.az_count)
+}