From 8b3e2904787ed36e3afffb79d499cded2e9a2953 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Mon, 16 May 2022 11:17:19 +0200 Subject: [PATCH 1/2] feat: Add options `throughput`, `kms_key_id`, `snapshot_id to ebs block device mapping --- README.md | 2 +- examples/default/main.tf | 10 +++++----- modules/runners/README.md | 2 +- modules/runners/main.tf | 7 +++++-- modules/runners/variables.tf | 20 +++++++++++++------- variables.tf | 20 +++++++++++++------- 6 files changed, 38 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 2ddc1965f6..777e9b9b9b 100644 --- a/README.md +++ b/README.md @@ -398,7 +398,7 @@ In case the setup does not work as intended follow the trace of events: | [ami\_owners](#input\_ami\_owners) | The list of owners used to select the AMI of action runner instances. | `list(string)` | 
[
  "amazon"
]
| no | | [aws\_partition](#input\_aws\_partition) | (optiona) partition in the arn namespace to use if not 'aws' | `string` | `"aws"` | no | | [aws\_region](#input\_aws\_region) | AWS region. | `string` | n/a | yes | -| [block\_device\_mappings](#input\_block\_device\_mappings) | The EC2 instance block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops` | 
list(object({
    device_name           = string
    delete_on_termination = bool
    volume_type           = string
    volume_size           = number
    encrypted             = bool
    iops                  = number
  }))
| 
[
  {
    "delete_on_termination": true,
    "device_name": "/dev/xvda",
    "encrypted": true,
    "iops": null,
    "volume_size": 30,
    "volume_type": "gp3"
  }
]
| no | +| [block\_device\_mappings](#input\_block\_device\_mappings) | The EC2 instance block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops`, `throughput`, `kms_key_id`, `snapshot_id`. | 
list(object({
    delete_on_termination = bool
    device_name           = string
    encrypted             = bool
    iops                  = number
    kms_key_id            = string
    snapshot_id           = string
    throughput            = number
    volume_size           = number
    volume_type           = string
  }))
| 
[
  {
    "delete_on_termination": true,
    "device_name": "/dev/xvda",
    "encrypted": true,
    "iops": null,
    "kms_key_id": null,
    "snapshot_id": null,
    "throughput": null,
    "volume_size": 30,
    "volume_type": "gp3"
  }
]
| no | | [cloudwatch\_config](#input\_cloudwatch\_config) | (optional) Replaces the module default cloudwatch log config. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html for details. | `string` | `null` | no | | [create\_service\_linked\_role\_spot](#input\_create\_service\_linked\_role\_spot) | (optional) create the serviced linked role for spot instances that is required by the scale-up lambda. | `bool` | `false` | no | | [delay\_webhook\_event](#input\_delay\_webhook\_event) | The number of seconds the event accepted by the webhook is invisible on the queue before the scale up lambda will receive the event. | `number` | `30` | no | diff --git a/examples/default/main.tf b/examples/default/main.tf index 6ee90a15c8..b3d27c61d4 100644 --- a/examples/default/main.tf +++ b/examples/default/main.tf @@ -1,5 +1,5 @@ locals { - environment = "default" + environment = "niek" aws_region = "eu-west-1" } @@ -41,11 +41,11 @@ module "runners" { # }] # Grab zip files via lambda_download - webhook_lambda_zip = "lambdas-download/webhook.zip" - runner_binaries_syncer_lambda_zip = "lambdas-download/runner-binaries-syncer.zip" - runners_lambda_zip = "lambdas-download/runners.zip" + # webhook_lambda_zip = "lambdas-download/webhook.zip" + # runner_binaries_syncer_lambda_zip = "lambdas-download/runner-binaries-syncer.zip" + # runners_lambda_zip = "lambdas-download/runners.zip" - enable_organization_runners = false + enable_organization_runners = true runner_extra_labels = "default,example" # enable access to the runners via SSM diff --git a/modules/runners/README.md b/modules/runners/README.md index 4c6b82a082..8a9060618e 100644 --- a/modules/runners/README.md +++ b/modules/runners/README.md @@ -117,7 +117,7 @@ yarn run dist | [ami\_owners](#input\_ami\_owners) | The list of owners used to select the AMI of action runner instances. | `list(string)` | 
[
  "amazon"
]
| no | | [aws\_partition](#input\_aws\_partition) | (optional) partition for the base arn if not 'aws' | `string` | `"aws"` | no | | [aws\_region](#input\_aws\_region) | AWS region. | `string` | n/a | yes | -| [block\_device\_mappings](#input\_block\_device\_mappings) | The EC2 instance block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops` | 
list(object({
    device_name           = string
    delete_on_termination = bool
    volume_type           = string
    volume_size           = number
    encrypted             = bool
    iops                  = number
  }))
| 
[
  {
    "delete_on_termination": true,
    "device_name": "/dev/xvda",
    "encrypted": true,
    "iops": null,
    "volume_size": 30,
    "volume_type": "gp3"
  }
]
| no | +| [block\_device\_mappings](#input\_block\_device\_mappings) | The EC2 instance block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops`, `throughput`, `kms_key_id`, `snapshot_id`. | 
list(object({
    delete_on_termination = bool
    device_name           = string
    encrypted             = bool
    iops                  = number
    kms_key_id            = string
    snapshot_id           = string
    throughput            = number
    volume_size           = number
    volume_type           = string
  }))
| 
[
  {
    "delete_on_termination": true,
    "device_name": "/dev/xvda",
    "encrypted": true,
    "iops": null,
    "kms_key_id": null,
    "snapshot_id": null,
    "throughput": null,
    "volume_size": 30,
    "volume_type": "gp3"
  }
]
| no | | [cloudwatch\_config](#input\_cloudwatch\_config) | (optional) Replaces the module default cloudwatch log config. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html for details. | `string` | `null` | no | | [create\_service\_linked\_role\_spot](#input\_create\_service\_linked\_role\_spot) | (optional) create the service linked role for spot instances that is required by the scale-up lambda. | `bool` | `false` | no | | [disable\_runner\_autoupdate](#input\_disable\_runner\_autoupdate) | Disable the auto update of the github runner agent. Be-aware there is a grace period of 30 days, see also the [GitHub article](https://github.blog/changelog/2022-02-01-github-actions-self-hosted-runners-can-now-disable-automatic-updates/) | `bool` | `false` | no | diff --git a/modules/runners/main.tf b/modules/runners/main.tf index f8fc25d97c..9ae3c7f01e 100644 --- a/modules/runners/main.tf +++ b/modules/runners/main.tf @@ -63,10 +63,13 @@ resource "aws_launch_template" "runner" { ebs { delete_on_termination = block_device_mappings.value.delete_on_termination - volume_type = block_device_mappings.value.volume_type - volume_size = block_device_mappings.value.volume_size encrypted = block_device_mappings.value.encrypted iops = block_device_mappings.value.iops + kms_key_id = block_device_mappings.value.kms_key_id + snapshot_id = block_device_mappings.value.snapshot_id + throughput = block_device_mappings.value.throughput + volume_size = block_device_mappings.value.volume_size + volume_type = block_device_mappings.value.volume_type } } } diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf index 91b77806fa..619423685d 100644 --- a/modules/runners/variables.tf +++ b/modules/runners/variables.tf @@ -46,22 +46,28 @@ variable "s3_location_runner_binaries" { } variable "block_device_mappings" { - description = "The EC2 instance block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops`" + description = "The EC2 instance block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops`, `throughput`, `kms_key_id`, `snapshot_id`." type = list(object({ - device_name = string delete_on_termination = bool - volume_type = string - volume_size = number + device_name = string encrypted = bool iops = number + kms_key_id = string + snapshot_id = string + throughput = number + volume_size = number + volume_type = string })) default = [{ - device_name = "/dev/xvda" delete_on_termination = true - volume_type = "gp3" - volume_size = 30 + device_name = "/dev/xvda" encrypted = true iops = null + kms_key_id = null + snapshot_id = null + throughput = null + volume_size = 30 + volume_type = "gp3" }] } diff --git a/variables.tf b/variables.tf index fc0102c61b..781c7e7701 100644 --- a/variables.tf +++ b/variables.tf @@ -230,22 +230,28 @@ variable "runner_allow_prerelease_binaries" { } variable "block_device_mappings" { - description = "The EC2 instance block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops`" + description = "The EC2 instance block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops`, `throughput`, `kms_key_id`, `snapshot_id`." type = list(object({ - device_name = string delete_on_termination = bool - volume_type = string - volume_size = number + device_name = string encrypted = bool iops = number + kms_key_id = string + snapshot_id = string + throughput = number + volume_size = number + volume_type = string })) default = [{ - device_name = "/dev/xvda" delete_on_termination = true - volume_type = "gp3" - volume_size = 30 + device_name = "/dev/xvda" encrypted = true iops = null + kms_key_id = null + snapshot_id = null + throughput = null + volume_size = 30 + volume_type = "gp3" }] } From d9e29a87dfc2ac3e7b9dec02c79bf09cb904b64d Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Mon, 16 May 2022 11:21:34 +0200 Subject: [PATCH 2/2] fix examples --- examples/default/main.tf | 10 +++++----- examples/ubuntu/main.tf | 3 +++ 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/examples/default/main.tf b/examples/default/main.tf index b3d27c61d4..6ee90a15c8 100644 --- a/examples/default/main.tf +++ b/examples/default/main.tf @@ -1,5 +1,5 @@ locals { - environment = "niek" + environment = "default" aws_region = "eu-west-1" } @@ -41,11 +41,11 @@ module "runners" { # }] # Grab zip files via lambda_download - # webhook_lambda_zip = "lambdas-download/webhook.zip" - # runner_binaries_syncer_lambda_zip = "lambdas-download/runner-binaries-syncer.zip" - # runners_lambda_zip = "lambdas-download/runners.zip" + webhook_lambda_zip = "lambdas-download/webhook.zip" + runner_binaries_syncer_lambda_zip = "lambdas-download/runner-binaries-syncer.zip" + runners_lambda_zip = "lambdas-download/runners.zip" - enable_organization_runners = true + enable_organization_runners = false runner_extra_labels = "default,example" # enable access to the runners via SSM diff --git a/examples/ubuntu/main.tf b/examples/ubuntu/main.tf index e03ac544e7..4cf2575203 100644 --- a/examples/ubuntu/main.tf +++ b/examples/ubuntu/main.tf @@ -64,6 +64,9 @@ module "runners" { volume_size = 30 encrypted = true iops = null + throughput = null + kms_key_id = null + snapshot_id = null }] runner_log_files = [