Trouble with Auto scaling group in a VPC - Terraform

0
votes

I'm working on an AWS configuration via Terraform.

What I'm trying to do is to have an auto-scaling group of lab-indexers spun up within the lab-VPC with routes/subnets/security group configured. When I execute `terraform apply' the script will hang at the 'lab-indexer' portion and then timeout. I am not getting any errors other than the timeout message that I have configured. If I comment out the vpc_zone_indentifier line the indexes spin up without error, although not correctly configured. This leads me to believe that I'm making some sort of configuration error within my VPC settings.

I've searched the Terraform Docs, Stack Overflow, and this comprehensive guide to Terraform.

UPDATE: I was able to log in to the console and check the ASG activity while the instance within the ASG were being created. I noticed a bunch of attempted instance creations with "cancelled" as the status. Upon investigation I saw the following message.

Description: Description Launching a new EC2 instance: i-0bf6afd70895e8212. Status Reason: Failed to update load balancer lab-asg-indexer: EC2 instance i-044ff993c34bc237a is not in the same VPC as ELB. Updating load balancer configuration failed

Cause: Cause At 2017-06-19T13:00:41Z an instance was started in response to a difference between desired and actual capacity, increasing the capacity from 0 to 3.

I'm not sure how to go about fixing this issue with the VPC. I added the ELB to the VPC (I think) via:

  subnets            = ["${aws_subnet.lab-Subnet.id}"]

but this hasn't resolved the issue.

1
amazon-web-servicesamazon-vpcterraform
At a quick glance I'd guess it because you're using an ELB health check on the ASG but not actually configuring your ELB health check. Either fix the ELB health check or switch to an EC2 health check (does it pass basic system checks as far as the hypervisor is concerned) and see if that fixes your issue.ydaetskcoR
If you could post the terraform script that would be helpful.strongjz
@ydaetskcoR - Thanks for your suggestion! I changed the type to EC2, but I'm having the same result. The console gets to the point where it's creating the ASG ''' aws_autoscaling_group.lab-indexer: still creating... ''' and it just sits there repeating that message until the inevitable timeout.Matt G.
Please never post ephemeral content like paste.ofcode.org on Stack Overflow.Cœur

1 Answers

0
votes

Some of the configuration were wrong.

  1. Firstly the launch_configuration you set as "${aws_launch_configuration.lab-indexer.id}" should be ${data.aws_availability_zones.all.names}
  2. Also there were no resources to create the key pair in your config
  3. there are no VPC ID assocated with the ELB security group.

I have amended this for you and tested from my system and it now working. Let me know how it goes

# ---------------------------------------------------------------------------------------------------------------------
# GET THE LIST OF AVAILABILITY ZONES IN THE CURRENT REGION
# Every AWS accout has slightly different availability zones in each region.
# ---------------------------------------------------------------------------------------------------------------------
data "aws_availability_zones" "all" {}

# --------------------------------------------------------------------------------------------------------------------
# CREATE VPC
# --------------------------------------------------------------------------------------------------------------------
resource "aws_vpc" "lab-VPC" {
  cidr_block = "10.0.0.0/16"

  tags {
    Name = "lab-VPC"
  }
}

# --------------------------------------------------------------------------------------------------------------------
# CREATE SUBNET
# --------------------------------------------------------------------------------------------------------------------
resource "aws_subnet" "lab-Subnet" {
  vpc_id                  = "${aws_vpc.lab-VPC.id}"
  availability_zone       = "us-east-1a"
  cidr_block              = "10.0.0.0/24"
  map_public_ip_on_launch = "false"
}


# --------------------------------------------------------------------------------------------------------------------
# CREATE ROUTE TABLE
# --------------------------------------------------------------------------------------------------------------------
resource "aws_route_table" "lab-RouteTable-Private" {
  vpc_id = "${aws_vpc.lab-VPC.id}"
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.gw.id}"
  }
}

resource "aws_route_table_association" "lab-associatedVPS" {
  subnet_id      = "${aws_subnet.lab-Subnet.id}"
  route_table_id = "${aws_route_table.lab-RouteTable-Private.id}"
}

# ---------------------------------------------------------------------------------------------------------------------
# CREATE THE AUTO SCALING GROUP
# ---------------------------------------------------------------------------------------------------------------------
resource "aws_autoscaling_group" "lab-indexers" {
  launch_configuration = "${aws_launch_configuration.lab-indexer.name}"
  # availability_zones   = ["${data.aws_availability_zones.all.names}"]
  # availability_zones = ["${var.region}a"]
  vpc_zone_identifier = ["${aws_subnet.lab-Subnet.id}"]

  min_size = 3
  max_size = 9

  load_balancers            = ["${aws_elb.lab-indexer-elb.name}"]
  health_check_type         = "ELB"
  wait_for_capacity_timeout = "5m"

  tag {
    key                 = "Name"
    value               = "lab-indexer"
    propagate_at_launch = true
  }
}

# --------------------------------------------------------------------------------------------------------------------
# CREATE IGW
# --------------------------------------------------------------------------------------------------------------------
resource "aws_internet_gateway" "gw" {
  vpc_id = "${aws_vpc.lab-VPC.id}"

  tags {
    Name = "lab-IGW"
  }
}

variable "PATH_TO_PUBLIC_KEY" {
  default = "myKey.pub"
}

###create key
resource "aws_key_pair" "mykeypair" {
  key_name = "mykeypair"
  public_key = "${file("${var.PATH_TO_PUBLIC_KEY}")}"
  lifecycle {
    ignore_changes = ["public_key"]
  }
}


# ---------------------------------------------------------------------------------------------------------------------
# CREATE A LAUNCH CONFIGURATION THAT DEFINES EACH EC2 INSTANCE IN THE ASG
# ---------------------------------------------------------------------------------------------------------------------
resource "aws_launch_configuration" "lab-indexer" {
  # AWS Linux AMI (HVM), SSD Volume Type in us-east-1
  image_id      = "ami-c58c1dd3"
  instance_type = "t2.micro"
  security_groups = ["${aws_security_group.instance.id}"]
  key_name      = "${aws_key_pair.mykeypair.key_name}"

# This device contains homePath
  ebs_block_device {
    device_name           = "/dev/xvdb"
    volume_size           = 8
    volume_type           = "gp2"
#    encrypted             = true
    delete_on_termination = true
  }

  ebs_block_device {
    device_name           = "/dev/xvdc"
    volume_size           = 8
    volume_type           = "gp2"
#    encrypted             = true
    delete_on_termination = true
  }

  lifecycle {
    create_before_destroy = true
  }
}

# ---------------------------------------------------------------------------------------------------------------------
# CREATE THE SECURITY GROUP THAT'S APPLIED TO EACH EC2 INSTANCE IN THE ASG
# ---------------------------------------------------------------------------------------------------------------------
resource "aws_security_group" "instance" {
  name = "lab-indexer"
   vpc_id = "${aws_vpc.lab-VPC.id}"

  # Inbound SSH
  ingress {
    from_port   = "22"
    to_port     = "22"
    protocol    = "tcp"
    cidr_blocks = ["66.196.30.124/32"]
  }

  # Outbound All Protocols
  egress {
    from_port   = "0"
    to_port     = "0"
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  lifecycle {
    create_before_destroy = true
  }
}

# ---------------------------------------------------------------------------------------------------------------------
# CREATE AN ELB TO ROUTE TRAFFIC ACROSS THE AUTO SCALING GROUP
# ---------------------------------------------------------------------------------------------------------------------
resource "aws_elb" "lab-indexer-elb" {
  name               = "lab-asg-indexer"
  security_groups    = ["${aws_security_group.elb.id}"]
 # availability_zones = ["${data.aws_availability_zones.all.names}"]
  subnets             = ["${aws_subnet.lab-Subnet.id}"]

  # will work on this later
  # health_check {
  #   healthy_threshold = 5
  #   unhealthy_threshold = 5
  #   timeout = 3
  #   interval = 30
  #   target = "HTTP:80/"
  # }

  # This adds a listener for incoming HTTP requests.
  listener {
    lb_port           = 80
    lb_protocol       = "http"
    instance_port     = "80"
    instance_protocol = "http"
  }
}

# ---------------------------------------------------------------------------------------------------------------------
# CREATE A SECURITY GROUP THAT CONTROLS WHAT TRAFFIC AN GO IN AND OUT OF THE ELB
# ---------------------------------------------------------------------------------------------------------------------
resource "aws_security_group" "elb" {
  name = "lab-indexer-elb"
  vpc_id = "${aws_vpc.lab-VPC.id}"

  # Allow all outbound
  egress {
    from_port   = 0
    to_port     = 0
    # -1 is semantically equivalent to "all." So all protocols are allowed
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  # Inbound HTTP from anywhere
  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}