From: Lucas Di Pentima <lucas.dipentima@curii.com>
Date: Mon, 27 Mar 2023 17:15:02 +0000 (-0300)
Subject: 20270: Splits hosts into public & private, saving on public IPs requirements.
X-Git-Tag: 2.6.0~8^2~3
X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/47592afcdea474cd6c8900544a57e86292e12e59

20270: Splits hosts into public & private, saving on public IPs requirements.

Also, asks for less number of instances: there's no need to multiple keepstore
nodes, and keep-web can be run on the same node as workbench.
This makes the basic default cluster to go from 6 to 4 nodes.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
---

diff --git a/tools/salt-install/terraform/aws/services/locals.tf b/tools/salt-install/terraform/aws/services/locals.tf
index 6a81967cf1..523954ce3a 100644
--- a/tools/salt-install/terraform/aws/services/locals.tf
+++ b/tools/salt-install/terraform/aws/services/locals.tf
@@ -10,6 +10,7 @@ locals {
   private_ip = data.terraform_remote_state.vpc.outputs.private_ip
   pubkey_path = pathexpand(var.pubkey_path)
   pubkey_name = "arvados-deployer-key"
-  hostnames = [ for hostname, eip_id in data.terraform_remote_state.vpc.outputs.eip_id: hostname ]
+  public_hosts = data.terraform_remote_state.vpc.outputs.public_hosts
+  private_hosts = data.terraform_remote_state.vpc.outputs.private_hosts
   ssl_password_secret_name = "${local.cluster_name}-${var.ssl_password_secret_name_suffix}"
 }
diff --git a/tools/salt-install/terraform/aws/services/main.tf b/tools/salt-install/terraform/aws/services/main.tf
index 9c27b9726c..457aabc314 100644
--- a/tools/salt-install/terraform/aws/services/main.tf
+++ b/tools/salt-install/terraform/aws/services/main.tf
@@ -44,7 +44,7 @@ resource "aws_iam_instance_profile" "default_instance_profile" {
 }
 
 resource "aws_instance" "arvados_service" {
-  for_each = toset(local.hostnames)
+  for_each = toset(concat(local.public_hosts, local.private_hosts))
   ami = data.aws_ami.debian-11.image_id
   instance_type = var.default_instance_type
   key_name = local.pubkey_name
@@ -107,7 +107,7 @@ resource "aws_iam_policy_attachment" "cloud_dispatcher_ec2_access_attachment" {
 }
 
 resource "aws_eip_association" "eip_assoc" {
-  for_each = toset(local.hostnames)
+  for_each = toset(local.public_hosts)
   instance_id = aws_instance.arvados_service[each.value].id
   allocation_id = data.terraform_remote_state.vpc.outputs.eip_id[each.value]
 }
diff --git a/tools/salt-install/terraform/aws/vpc/locals.tf b/tools/salt-install/terraform/aws/vpc/locals.tf
index 8338aec7ca..ed02fb85a7 100644
--- a/tools/salt-install/terraform/aws/vpc/locals.tf
+++ b/tools/salt-install/terraform/aws/vpc/locals.tf
@@ -9,21 +9,19 @@ locals {
     ssh: "22",
   }
   availability_zone = data.aws_availability_zones.available.names[0]
-  hostnames = [ "controller", "workbench", "keep0", "keep1", "keepproxy", "shell" ]
+  public_hosts = [ "controller", "workbench" ]
+  private_hosts = [ "keep0", "shell" ]
   arvados_dns_zone = "${var.cluster_name}.${var.domain_name}"
   public_ip = { for k, v in aws_eip.arvados_eip: k => v.public_ip }
   private_ip = {
     "controller": "10.1.1.11",
     "workbench": "10.1.1.15",
-    "keepproxy": "10.1.1.12",
     "shell": "10.1.1.17",
     "keep0": "10.1.1.13",
-    "keep1": "10.1.1.14"
   }
   aliases = {
     controller: ["ws"]
-    workbench: ["workbench2", "webshell"]
-    keepproxy: ["keep", "download", "*.collections"]
+    workbench: ["workbench2", "webshell", "keep", "download", "*.collections"]
   }
   cname_by_host = flatten([
     for host, aliases in local.aliases : [
diff --git a/tools/salt-install/terraform/aws/vpc/main.tf b/tools/salt-install/terraform/aws/vpc/main.tf
index 6e21139241..94d245c3d6 100644
--- a/tools/salt-install/terraform/aws/vpc/main.tf
+++ b/tools/salt-install/terraform/aws/vpc/main.tf
@@ -58,7 +58,7 @@ resource "aws_internet_gateway" "arvados_gw" {
   vpc_id = aws_vpc.arvados_vpc.id
 }
 resource "aws_eip" "arvados_eip" {
-  for_each = toset(local.hostnames)
+  for_each = toset(local.public_hosts)
   depends_on = [
     aws_internet_gateway.arvados_gw
   ]
diff --git a/tools/salt-install/terraform/aws/vpc/outputs.tf b/tools/salt-install/terraform/aws/vpc/outputs.tf
index dd58ca7008..9fe16358be 100644
--- a/tools/salt-install/terraform/aws/vpc/outputs.tf
+++ b/tools/salt-install/terraform/aws/vpc/outputs.tf
@@ -29,10 +29,18 @@ output "public_ip" {
   value = local.public_ip
 }
 
+output "public_hosts" {
+  value = local.public_hosts
+}
+
 output "private_ip" {
   value = local.private_ip
 }
 
+output "private_hosts" {
+  value = local.private_hosts
+}
+
 output "route53_dns_ns" {
   value = aws_route53_zone.public_zone.name_servers
 }