krd/vault-redux
1
0
Fork 0
Code
9bd7bba551
vault-redux/.gitignore
hc-github-team-secure-vault-core 9bd7bba551
enos: use on-demand targets (#21459) (#21464) 
Add an updated `target_ec2_instances` module that is capable of
dynamically splitting target instances over subnet/az's that are
compatible with the AMI architecture and the associated instance type
for the architecture. Use the `target_ec2_instances` module where
necessary. Ensure that `raft` storage scenarios don't provision
unnecessary infrastructure with a new `target_ec2_shim` module.

After a lot of trial, the state of Ec2 spot instance capacity, their
associated APIs, and current support for different fleet types in AWS
Terraform provider, have proven to make using spot instances for
scenario targets too unreliable.

The current state of each method:
* `target_ec2_fleet`: unusable due to the fact that the `instant` type
  does not guarantee fulfillment of either `spot` or `on-demand`
  instance request types. The module does support both `on-demand` and
  `spot` request types and is capable of bidding across a maximum of
  four availability zones, which makes it an attractive choice if the
  `instant` type would always fulfill requests. Perhaps a `request` type
  with `wait_for_fulfillment` option like `aws_spot_fleet_request` would
  make it more viable for future consideration.
* `target_ec2_spot_fleet`: more reliable if bidding for target instances
  that have capacity in the chosen zone. Issues in the AWS provider
  prevent us from bidding across multiple zones succesfully. Over the
  last 2-3 months target capacity for the instance types we'd prefer to
  use has dropped dramatically and the price is near-or-at on-demand.
  The volatility for nearly no cost savings means we should put this
  option on the shelf for now.
* `target_ec2_instances`: the most reliable method we've got. It is now
  capable of automatically determing which subnets and availability
  zones to provision targets in and has been updated to be usable for
  both Vault and Consul targets. By default we use the cheapest medium
  instance types that we've found are reliable to test vault.

* Update .gitignore
* enos/modules/create_vpc: create a subnet for every availability zone
* enos/modules/target_ec2_fleet: bid across the maximum of four
  availability zones for targets
* enos/modules/target_ec2_spot_fleet: attempt to make the spot fleet bid
  across more availability zones for targets
* enos/modules/target_ec2_instances: create module to use
  ec2:RunInstances for scenario targets
* enos/modules/target_ec2_shim: create shim module to satisfy the
  target module interface
* enos/scenarios: use target_ec2_shim for backend targets on raft
  storage scenarios
* enos/modules/az_finder: remove unsed module

Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-06-26 16:54:39 -06:00

131 lines
1.6 KiB
Plaintext
Raw Blame History

# Compiled Object files, Static and Dynamic libs (Shared Objects)
*.o
*.a
*.so
# Folders
_obj
_test
.cover
# Architecture specific extensions/prefixes
*.[568vq]
[568vq].out
*.cgo1.go
*.cgo2.c
_cgo_defun.c
_cgo_gotypes.go
_cgo_export.*
_testmain.go
*.exe
*.test
*.prof
# Other dirs
/bin/
/pkg/
# Generated Web UI goes here
/http/web_ui/*.*
/http/web_ui/**/*.*
# Vault-specific
example.hcl
example.vault.d
# Without this, the *.[568vq] above ignores this folder.
!**/graphrbac/1.6
# Ruby
website/vendor
website/.bundle
website/build
website/tmp
# Vagrant
.vagrant/
Vagrantfile
# Configs
*.hcl
!.copywrite.hcl
!.release/ci.hcl
!.release/security-scan.hcl
!.release/linux/package/etc/vault.d/vault.hcl
!command/agent/config/test-fixtures/*.hcl
!command/server/test-fixtures/**/*.hcl
!enos/**/*.hcl
# Enos
.enos
enos-local.vars.hcl
enos/**/support
enos/**/kubeconfig
.terraform
.terraform.lock.hcl
.tfstate.*
.DS_Store
.idea
.vscode
dist/*
# ignore ctags
./tags
# Editor backups
*~
*.sw[a-z]
# IntelliJ IDEA project files
.idea
*.ipr
*.iml
# compiled output
ui/dist
ui/tmp
ui/root
# dependencies
ui/node_modules
ui/bower_components
# misc
ui/.DS_Store
ui/.sass-cache
ui/connect.lock
ui/coverage/*
ui/libpeerconnection.log
ui/npm-debug.log
ui/test-reports/*
ui/testem.log
# used for JS acceptance tests
ui/tests/helpers/vault-keys.js
ui/vault-ui-integration-server.pid
# for building static assets
node_modules
# Website
website/.bundle
website/build/
website/npm-debug.log
website/vendor
website/.bundle
website/.cache
website/assets/node_modules
website/assets/public
website/components/node_modules
.buildcache/
.releaser/
*.log
tools/godoctests/.bin
View Git Blame Copy Permalink