AWS terraform weka deployment module.
Applying this terraform module will create the following resources:
-
DynamoDB table (stores the the weka cluster state default KMS key)
-
Lambda:
-
deploy - responsible for providing new machines installation script
-
clusterize - responsible for providing clusterize script
-
clusterize-finalization - responsible for updating the cluster state about clusterization completion
-
report - responsible for updating the state about clusterization and new machines installation progress
-
status - responsible for providing the cluster progress status
-
for State Machine:
- fetch - fetches cluster/autoscaling group information and passes to the next stage
- scale-down - relied on fetch information to work on the Weka cluster, i.e., deactivate drives/hosts. Will fail if the required target is not supported (like scaling down to 2 backend instances)
- terminate - terminates deactivated hosts
- transient - lambda responsible for reporting transient errors, e.g., could not deactivate specific hosts, but some have been deactivated, and the whole flow proceeded
-
-
Launch Template: used for new auto-scaling group instances; will run the deploy script on launch.
-
Ec2 instances
-
Placement Group
-
Auto Scaling Group
-
ALB (optional for UI and Backends)
-
State Machine: invokes the fetch, scale-down, terminate, transient
- Uses the previous lambda output as input for the following lambda.
- CloudWatch: invokes the state machine every minute
-
SecretManager (stores the weka user name, password and get.weka.io token)
-
IAM Roles (and policies):
-
vpc (with secret manager endpoint)
-
subnet (optional: additional_alb_subnet for ALB)
-
security group (with self reference rule)
-
iam roles
Ec2 iam policy (replace *prefix* and *cluster_name* with relevant values)
{ "Statement": [ { "Action": [ "ec2:DescribeNetworkInterfaces", "ec2:AttachNetworkInterface", "ec2:CreateNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "lambda:InvokeFunction" ], "Effect": "Allow", "Resource": [ "arn:aws:lambda:*:*:function:prefix-cluster_name*" ] }, { "Action": [ "s3:DeleteObject", "s3:GetObject", "s3:ListBucket", "s3:PutObject" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::prefix-cluster_name-obs/*" ] }, { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams", "logs:PutRetentionPolicy" ], "Effect": "Allow", "Resource": [ "arn:aws:logs:*:*:log-group:/wekaio/prefix-cluster_name*" ] } ], "Version": "2012-10-17" }
Lambda iam policy (replace *prefix* and *cluster_name* with relevant values)
{ "Statement": [ { "Action": [ "s3:CreateBucket" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::prefix-cluster_name-obs" ] }, { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect": "Allow", "Resource": [ "arn:aws:logs:*:*:log-group:/aws/lambda/prefix-cluster_name*:*" ] }, { "Action": [ "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:ModifyInstanceAttribute", "ec2:TerminateInstances", "ec2:DescribeInstances", "ec2:CreateTags" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "dynamodb:GetItem", "dynamodb:UpdateItem" ], "Effect": "Allow", "Resource": [ "arn:aws:dynamodb:*:*:table/prefix-cluster_name-weka-deployment" ] }, { "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue" ], "Effect": "Allow", "Resource": [ "arn:aws:secretsmanager:*:*:secret:weka/prefix-cluster_name/*" ] }, { "Action": [ "autoscaling:DetachInstances", "autoscaling:DescribeAutoScalingGroups", "autoscaling:SetInstanceProtection" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "lambda:InvokeFunction" ], "Effect": "Allow", "Resource": [ "arn:aws:lambda:*:*:function:prefix-cluster_name-*-lambda" ] } ], "Version": "2012-10-17" }
State Machine iam policy (replace *prefix* and *cluster_name* with relevant values)
{ "Statement": [ { "Action": [ "lambda:InvokeFunction" ], "Effect": "Allow", "Resource": [ "arn:aws:lambda:*:*:function:prefix-cluster_name-*-lambda" ] }, { "Action": [ "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:UpdateLogDelivery", "logs:DeleteLogDelivery", "logs:ListLogDeliveries", "logs:PutLogEvents", "logs:PutResourcePolicy", "logs:DescribeResourcePolicies", "logs:DescribeLogGroups" ], "Effect": "Allow", "Resource": [ "*" ] } ], "Version": "2012-10-17" }
Cloud Watch Events iam policy (replace *prefix* and *cluster_name* with relevant values)
{ "Statement": [ { "Action": [ "states:StartExecution" ], "Effect": "Allow", "Resource": [ "arn:aws:states:*:*:stateMachine:prefix-cluster_name-scale-down-state-machine" ] } ], "Version": "2012-10-17" }
This example will automatically create a vpc, subnets, security group and iam roles.
provider "aws" {
}
module "deploy_weka" {
source = "weka/weka/aws"
version = "1.0.1"
prefix = "weka-tf"
cluster_name = "test"
allow_ssh_cidrs = ["0.0.0.0/0"]
get_weka_io_token = "..."
}
output "deploy_weka_output" {
value = module.deploy_weka
}
vpc_id = "..."
subnet_ids = ["..."]
sg_ids = ["..."]
instance_iam_profile_arn = "..."
lambda_iam_role_arn = "..."
sfn_iam_role_arn = "..."
event_iam_role_arn = "..."
We provide iam, network and security_group modules to help you create the prerequisites for the weka deployment.
Check our example that uses these modules.
- When sg_ids isn't provided we automatically create a security group using our module.
- When subnet_ids isn't provided we automatically create a subnet using our module.
- When instance_iam_profile_arn isn't provided we automatically create an iam instance profile using our module.
- var
availability_zones
need to provide only when we create network module, Currently limited to single subnet. for exampleeu-west-1c
we provide module for creating private network with NAT To create private vpc with NAT, you must provide the following variables:
create_nat_gateway = true
nat_public_subnet_cidr = PUBLIC_CIDR_RANGE
we provide module for creating private network with NO internet access To create private vpc, you must provide the following variables:
subnet_autocreate_as_private = true
assign_public_ip = false
The username for ssh into vms is ec2-user
.
If ami_id
is provided by the user, the default ssh username will be accordingly.
We allow passing existing key pair name:
key_pair_name = "..."
We allow passing an existing public key string to create new key pair:
ssh_public_key = "..."
If key pair name and public key aren't passed we will create it for you and store the private key locally under /tmp
Names will be:
/tmp/${prefix}-${cluster_name}-public-key.pub
/tmp/${prefix}-${cluster_name}-private-key.pem
To disable using key pair need to set:
enable_key_pair = false
To pass any custom data to init script, for example to install SSM need to set:
custom_data = "sudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm\n sudo systemctl start amazon-ssm-agent"
We support ALB creation for backend UI, and joining weka clients will use this ALB to join a cluster, allowing for better distribution of load amongst backends. mandatory variables you must provide are:
create_alb = true
alb_additional_subnet_cidr_block = ADDITIONAL_SUBNET_CIDR_BLOCK
To use existing additional subnet, you must supply the following variables:
additional_alb_subnet_id = SUBNET_ID
alb_sg_ids = ALB_SG_IDS
To add ALB dns name to zone record, you must supply the following variables:
alb_alias_name = ALB_ALIAS_NAME
alb_route53_zone_id = ROUTE53_ZONE_ID
TO create and use HTTPS ALB listener a certificate and DNS zone Id are mandatory. You must provide the following variables:
alb_cert_arn = ALB_CERT_ARN
alb_alias_name = ALB_ALIAS_NAME
alb_route53_zone_id = ROUTE53_ZONE_ID
We support tiering to s3. In order to setup tiering, you must supply the following variables:
tiering_enable_obs_integration = true
tiering_obs_name = "..."
In addition, you can supply (and override our default):
tiering_ssd_percent = VALUE
- client_instance_iam_profile_arn
Clients iam policy (replace *prefix* and *cluster_name* with relevant values)
{
"Statement": [
{
"Action": [
"autoscaling:DescribeAutoScalingGroups"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeNetworkInterfaces",
"ec2:AttachNetworkInterface",
"ec2:CreateNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DeleteNetworkInterface",
"ec2:DescribeInstances",
"ec2:DescribeInstanceTypes"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:PutRetentionPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/wekaio/clients/prefix-cluster_name-client*"
]
}
],
"Version": "2012-10-17"
}
We support creating clients that will be mounted automatically to the cluster.
In order to create clients you need to provide the number of clients you want (by default the number is 0),
for example:
clients_number = 2
This will automatically create 2 clients.
In addition you can provide these optional variables:
client_instance_type = "c5.2xlarge"
client_nics_num = DESIRED_NUM
client_instance_ami_id = AMI_ID
client_arch = "x86_64"
In order to use exising iam instance profile ARN you need to provide the following variable:
client_instance_iam_profile_arn = CLIENT_ARN
We support creating protocol gateways that will be mounted automatically to the cluster.
In order to create you need to provide the number of protocol gateways instances you want (by default the number is 0),
for example:
nfs_protocol_gateways_number = 2
This will automatically create 2 instances.
In addition you can supply these optional variables:
nfs_protocol_gateway_secondary_ips_per_nic = 3
nfs_protocol_gateway_instance_type = "c5.2xlarge"
nfs_protocol_gateway_nics_num = 2
nfs_protocol_gateway_disk_size = 48
nfs_protocol_gateway_fe_cores_num = 1
nfs_protocol_gateway_instance_iam_profile_arn = ""
nfs_protocol_gateway_instance_ami_id = "<YOUR AMI_ID>"
In order to create stateless clients, need to set variable:
nfs_setup_protocol = true
- protocol_gateway_instance_iam_profile_arn
Protocol gateway iam policy (replace *prefix*, *cluster_name* and *gateways_name* with relevant values)
{
"Statement": [
{
"Effect": "Allow",
"Action":
[
"ec2:DescribeNetworkInterfaces",
"ec2:AttachNetworkInterface",
"ec2:CreateNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DeleteNetworkInterface",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:AssignPrivateIpAddresses"
],
"Resource": "*",
},
{
"Effect": "Allow",
"Action":
[
"secretsmanager:GetSecretValue"
]
"Resource":
[
"arn:aws:secretsmanager:*:*:secret:weka/prefix-cluster_name/*"
]
},
{
"Effect": "Allow",
"Action":
[
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:PutRetentionPolicy"
],
"Resource":
[
"arn:aws:logs:*:*:log-group:/wekaio/clients/gateways_name*"
]
},
{
"Effect": "Allow",
"Action":
[
"autoscaling:DescribeAutoScalingGroups"
],
"Resource":
[
"*"
]
},
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:prefix-cluster_name*"
]
},
]
}
We support creating protocol gateways that will be mounted automatically to the cluster.
In order to create you need to provide the number of protocol gateways instances you want (by default the number is 0),
for example:
s3_protocol_gateways_number = 2
This will automatically create 2 instances.
In addition you can supply these optional variables:
s3_protocol_gateway_instance_type = "c5.2xlarge"
s3_protocol_gateway_disk_size = 48
s3_protocol_gateway_fe_cores_num = 1
s3_protocol_gateway_instance_iam_profile_arn = "<YOUR ARN>"
s3_protocol_gateway_instance_ami_id = "<YOUR AMI_ID>"
We support creating protocol gateways that will be mounted automatically to the cluster.
In order to create you need to provide the number of protocol gateways instances you want (by default the number is 0),
The amount of SMB protocol gateways should be at least 3.
for example:
smb_protocol_gateways_number = 3
This will automatically create 2 instances.
In addition you can supply these optional variables:
smb_protocol_gateway_secondary_ips_per_nic = 3
smb_protocol_gateway_instance_type = "c5.2xlarge"
smb_protocol_gateway_nics_num = 2
smb_protocol_gateway_disk_size = 48
smb_protocol_gateway_fe_cores_num = 1
smb_protocol_gateway_instance_iam_profile_arn = ""
smb_cluster_name = ""
smb_domain_name = ""
smb_protocol_gateway_instance_ami_id = "<YOUR AMI_ID>"
In order to create stateless clients, need to set variable:
smb_setup_protocol = true
In order to enable SMBW, need to set variable:
smbw_enabled = true
To join an SMB cluster in Active Directory, need to run manually command:
weka smb domain join <smb_domain_username> <smb_domain_password> [--server smb_server_name]
.
- protocol_gateway_instance_iam_profile_arn
Protocol gateway iam policy (replace *prefix*, *cluster_name* and *gateways_name* with relevant values)
{
"Statement": [
{
"Effect": "Allow",
"Action":
[
"ec2:DescribeNetworkInterfaces",
"ec2:AttachNetworkInterface",
"ec2:CreateNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DeleteNetworkInterface",
"ec2:DescribeInstances",
"ec2:DescribeTags"
],
"Resource": "*",
},
{
"Effect": "Allow",
"Action":
[
"secretsmanager:GetSecretValue"
]
"Resource":
[
"arn:aws:secretsmanager:*:*:secret:weka/prefix-cluster_name/*"
]
},
{
"Effect": "Allow",
"Action":
[
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:PutRetentionPolicy"
]
"Resource":
[
"arn:aws:logs:*:*:log-group:/wekaio/clients/gateways_name*"
]
},
{
"Effect": "Allow",
"Action":
[
"autoscaling:DescribeAutoScalingGroups"
],
"Resource":
[
"*"
]
},
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:prefix-cluster_name*"
]
}
]
}
By default, if not provided explicitly to the module, we will set:
secretmanager_use_vpc_endpoint = true
secretmanager_create_vpc_endpoint = true
This means we will create a secretmanager endpoint and will use it in the scale down lambda function.
If a secretmanager endpoint already exists, then set:
secretmanager_create_vpc_endpoint = false
It is possible to not use the secretmanager endpoint, but not recommended.
To not use the secretmanager endpoint, set:
secretmanager_use_vpc_endpoint = false
secretmanager_create_vpc_endpoint = false
To enable vpc config for lambdas, set:
enable_lambda_vpc_config = true
If network VPC is not configured with a NAT gateway, the following needs to be set:
vpc_endpoint_ec2_create = true
vpc_endpoint_lambda_create = true
vpc_endpoint_dynamodb_gateway_create = true
vpc_endpoint_autoscaling_create = true
We use the secret manager to store the weka username, password (and get.weka.io token).
We need to be able to use them on scale down
lambda which runs inside the provided vpc.
This is the reason we need the secret manager endpoint on the vpc.
In case setting secret manager endpoint isn't possible, you will need to set the variables as described above.
In this case the weka password will be shown as plain text on the state machine, since it will need to be sent
from the fetch lambda to the scale down lambda.
In case you want to deploy a weka cluster inside a vpc with no internet access, you will need to set the following endpoints:
We need an endpoint to reach home.weka.io, get.weka.io, and AWS EC2/cloudwatch services.
To use weka vpc endpoint service, set:
vpc_endpoint_proxy_create = true
Alternatively appropriate customer-managed proxy can be provided by proxy_url
variable:
proxy_url = "..."
Weka deployment requires access to EC2 services.
To let terraform create ec2 endpoint, set:
vpc_endpoint_ec2_create = true
Weka deployment requires access to S3 services.
To let terraform create s3 gateway, set:
vpc_endpoint_s3_gateway_create = true
Weka deployment requires access to lambda services.
To let terraform create lambda endpoint, set:
vpc_endpoint_s3_gateway_create = true
The module output contains useful information about the created resources.
For example: ssh username, weka password secret id etc.
The helper_commands
part in the output provides lambda call that can be used to learn about the clusterization process.
Name | Version |
---|---|
terraform | >= 1.4.6 |
aws | >= 5.5.0 |
local | >= 2.0.0 |
random | >= 3.5.0 |
tls | >= 4.0.0 |
Name | Version |
---|---|
aws | >= 5.5.0 |
local | >= 2.0.0 |
random | >= 3.5.0 |
tls | >= 4.0.0 |
Name | Source | Version |
---|---|---|
clients | ./modules/clients | n/a |
iam | ./modules/iam | n/a |
network | ./modules/network | n/a |
nfs_protocol_gateways | ./modules/protocol_gateways | n/a |
s3_protocol_gateways | ./modules/protocol_gateways | n/a |
security_group | ./modules/security_group | n/a |
smb_protocol_gateways | ./modules/protocol_gateways | n/a |
vpc_endpoint | ./modules/endpoint | n/a |
Name | Description | Type | Default | Required |
---|---|---|---|---|
additional_instance_iam_policy_statement | Additional IAM policy statement to be added to the instance IAM role. | list(object({ |
null |
no |
alb_additional_subnet_cidr_block | Additional CIDR block for public subnet | string |
"10.0.3.0/24" |
no |
alb_additional_subnet_id | Required to specify if subnet_ids were used to specify pre-defined subnets for weka. ALB requires an additional subnet, and in the case of pre-defined networking this one also should be pre-defined | string |
"" |
no |
alb_additional_subnet_zone | Zone for the ALB additional subnet | string |
"" |
no |
alb_alias_name | Set ALB alias name | string |
"" |
no |
alb_allow_https_cidrs | CIDRs to allow connecting to ALB over 443 port, by default 443 is not opened, and port 14000 used for connection, inheriting setting from allow_weka_api_ranges | list(string) |
[] |
no |
alb_cert_arn | HTTPS certificate ARN for ALB | string |
null |
no |
alb_route53_zone_id | Route53 zone id | string |
"" |
no |
alb_sg_ids | Security group ids for ALB | list(string) |
[] |
no |
allow_ssh_cidrs | Allow port 22, if not provided, i.e leaving the default empty list, the rule will not be included in the SG | list(string) |
[] |
no |
allow_weka_api_cidrs | Allow connection to port 14000 on weka backends and ALB(if exists and not provided with dedicated SG) from specified CIDRs, by default no CIDRs are allowed. All ports (including 14000) are allowed within VPC | list(string) |
[] |
no |
ami_id | AMI ID to use, Amazon Linux 2 is the supported OS. | string |
null |
no |
assign_public_ip | Determines whether to assign public IP to all instances deployed by TF module. Includes backends, clients and protocol gateways | string |
"auto" |
no |
availability_zones | Required only if not specifying subnet_ids, this zone(s) will be used to create subnet that will be used by weka. Currently limited to single subnet | list(string) |
[] |
no |
backends_root_volume_size | The backends' root disk size. | number |
null |
no |
backends_weka_volume_size | The backends' default disk size. | number |
48 |
no |
capacity_reservation_id | The ID of the Capacity Reservation in which to run the backends | string |
null |
no |
client_arch | Use arch for ami id, value can be arm64/x86_64. | string |
null |
no |
client_capacity_reservation_id | The ID of the capacity reservation in which to run the clients | string |
null |
no |
client_frontend_cores | Number of frontend cores to use on client instances, this number will reflect on number of NICs attached to instance, as each weka core requires dedicated NIC | number |
1 |
no |
client_instance_ami_id | The default AMI ID is set to Amazon Linux 2. For the list of all supported Weka Client OSs please refer to: https://docs.weka.io/planning-and-installation/prerequisites-and-compatibility#operating-system | string |
null |
no |
client_instance_iam_profile_arn | ARN of IAM Instance Profile to use by client instance. If not specified Instance Profile will be automatically created | string |
"" |
no |
client_instance_type | The client instance type (sku) to deploy | string |
"c5.2xlarge" |
no |
client_placement_group_name | The client instances placement group name. Backend placement group can be reused. If not specified placement group will be created automatically | string |
null |
no |
client_use_backends_placement_group | Use backends placement group for clients | bool |
true |
no |
clients_custom_data | Custom data to pass to the client instances | string |
"" |
no |
clients_number | The number of client instances to deploy | number |
0 |
no |
clients_root_volume_size | The client's root volume size in GB | number |
48 |
no |
clients_use_autoscaling_group | Use autoscaling group for clients | bool |
false |
no |
clients_use_dpdk | Mount weka clients in DPDK mode | bool |
true |
no |
cluster_name | The cluster name. | string |
"poc" |
no |
cluster_size | The number of virtual machines to deploy. | number |
6 |
no |
containers_config_map | Maps the number of objects and memory size per machine type. | map(object({ |
{ |
no |
create_alb | Create ALB for backend UI, and joining weka clients will use this ALB to join a cluster, allowing for better distribution of load amongst backends | bool |
true |
no |
create_nat_gateway | NAT needs to be created when no public ip is assigned to the backend, to allow internet access | bool |
false |
no |
custom_data | Custom data to pass to instances. | string |
"" |
no |
custom_prefix | Custom prefix for resources. The supported keys are: lb, db, kms, cloudwatch, sfn, lambda, secrets, ec2, iam, obs | map(string) |
{} |
no |
debug_down_backends_removal_timeout | Don't change this value without consulting weka support team. Timeout for removing down backends. Valid time units are ns, us (or µs), ms, s, m, h. | string |
"3h" |
no |
dynamodb_hash_key_name | DynamoDB hash key name (optional configuration, will use 'Key' by default). This key will be used if dynamodb table will be created automatically, by not setting dynamodb_table_name param. In case dynamodb_table_name parameter is set, dynamodb_hash_key_name should match the key that should be used by us within pre-created table |
string |
"Key" |
no |
dynamodb_table_name | DynamoDB table name, if not supplied a new table will be created | string |
"" |
no |
ebs_encrypted | Enables EBS encryption on the volume | bool |
true |
no |
ebs_kms_key_id | The ARN of the AWS Key Management Service | string |
null |
no |
enable_key_pair | create / use key pair for instance template | bool |
true |
no |
enable_lambda_vpc_config | Config lambda to run inside vpc | bool |
false |
no |
event_iam_role_arn | IAM Role that will be used by cloudwatch rule(event), if not specified will be created automatically. If pre-created should match policy described in readme | string |
"" |
no |
get_weka_io_token | The token to download the Weka release from get.weka.io. | string |
n/a | yes |
get_weka_io_token_secret_id | The secrets manager secret id of the token to download the Weka release from get.weka.io. i.e. arn:aws:secretsmanager::<ACCOUNT_NUMBER>:secret:<SECRET_NAME> | string |
"" |
no |
hotspare | Number of hotspares to set on weka cluster. Refer to https://docs.weka.io/overview/ssd-capacity-management#hot-spare | number |
1 |
no |
install_cluster_dpdk | Install weka cluster with DPDK | bool |
true |
no |
install_weka_url | The URL of the Weka release. Supports path to weka tar file or installation script. | string |
"" |
no |
instance_iam_profile_arn | ARN of IAM Instance Profile that will be used by weka backend instances, if not specified will be created automatically. If pre-created should match policy described in readme | string |
"" |
no |
instance_type | The virtual machine type (sku) to deploy. | string |
"i3en.2xlarge" |
no |
key_pair_name | Ssh key pair name to pass to the instances. | string |
null |
no |
lambda_iam_role_arn | IAM Role that will be used by AWS Lambdas, if not specified will be created automatically. If pre-created should match policy described in readme | string |
"" |
no |
lambdas_custom_s3_bucket | S3 bucket name for lambdas | string |
null |
no |
lambdas_custom_s3_key | S3 key for lambdas | string |
null |
no |
lambdas_dist | Lambdas code dist | string |
"release" |
no |
lambdas_version | Lambdas code version (hash) | string |
"871ba1d14342e39e37ce7f0466aecd4c" |
no |
metadata_http_tokens | Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2) | string |
"required" |
no |
nat_public_subnet_cidr | CIDR block for public subnet | string |
"10.0.2.0/24" |
no |
nfs_capacity_reservation_id | The ID of the capacity reservation in which to run the nfs clients | string |
null |
no |
nfs_interface_group_name | Interface group name. | string |
"weka-ig" |
no |
nfs_protocol_gateway_fe_cores_num | The protocol gateways' NICs number. | number |
1 |
no |
nfs_protocol_gateway_instance_ami_id | AMI ID to use, Amazon Linux 2 is the supported OS. | string |
null |
no |
nfs_protocol_gateway_instance_iam_profile_arn | The protocol gateway instance IAM profile ARN | string |
"" |
no |
nfs_protocol_gateway_instance_type | The protocol gateways' virtual machine type (sku) to deploy. | string |
"c5n.2xlarge" |
no |
nfs_protocol_gateway_root_volume_size | The protocol gateways' root volume size. | number |
null |
no |
nfs_protocol_gateway_secondary_ips_per_nic | Number of secondary IPs per single NIC per protocol gateway virtual machine. | number |
3 |
no |
nfs_protocol_gateway_weka_volume_size | The protocol gateways' default disk size. | number |
48 |
no |
nfs_protocol_gateways_number | The number of protocol gateway virtual machines to deploy. | number |
0 |
no |
nfs_setup_protocol | Setup protocol, default if false | bool |
false |
no |
placement_group_name | n/a | string |
null |
no |
post_cluster_setup_script | A script to run after the cluster is up | string |
"" |
no |
prefix | Prefix for all resources | string |
"weka" |
no |
protection_level | Cluster data protection level. | number |
2 |
no |
proxy_url | Weka proxy url | string |
"" |
no |
s3_capacity_reservation_id | The ID of the capacity reservation in which to run the s3 clients | string |
null |
no |
s3_protocol_gateway_fe_cores_num | S3 protocol gateways' NICs number. | number |
1 |
no |
s3_protocol_gateway_instance_ami_id | AMI ID to use, Amazon Linux 2 is the supported OS. | string |
null |
no |
s3_protocol_gateway_instance_iam_profile_arn | The protocol gateway instance IAM profile ARN | string |
"" |
no |
s3_protocol_gateway_instance_type | The protocol gateways' virtual machine type (sku) to deploy. | string |
"c5n.2xlarge" |
no |
s3_protocol_gateway_root_volume_size | The protocol gateways' root volume size. | number |
null |
no |
s3_protocol_gateway_weka_volume_size | The protocol gateways' default disk size. | number |
48 |
no |
s3_protocol_gateways_number | The number of protocol gateway virtual machines to deploy. | number |
0 |
no |
s3_setup_protocol | Config protocol, default if false | bool |
false |
no |
secretmanager_create_vpc_endpoint | Enable secret manager VPC endpoint | bool |
true |
no |
secretmanager_sg_ids | Secret manager endpoint security groups ids | list(string) |
[] |
no |
secretmanager_use_vpc_endpoint | Use of secret manager is optional, if not used secrets will be passed between lambdas over step function. If secret manager is used, all lambdas will fetch secret directly when needed. | bool |
true |
no |
set_dedicated_fe_container | Create cluster with FE containers | bool |
false |
no |
set_default_fs | Set the default filesystem which will use the full available capacity | bool |
true |
no |
sfn_iam_role_arn | Step function iam role arn | string |
"" |
no |
sg_custom_ingress_rules | Custom inbound rules to be added to the security group. | list(object({ |
[] |
no |
sg_ids | Security group ids | list(string) |
[] |
no |
smb_capacity_reservation_id | The ID of the capacity reservation in which to run the smb clients | string |
null |
no |
smb_cluster_name | The name of the SMB setup. | string |
"Weka-SMB" |
no |
smb_domain_name | The domain to join the SMB cluster to. | string |
"" |
no |
smb_protocol_gateway_fe_cores_num | The protocol gateways' NICs number. | number |
1 |
no |
smb_protocol_gateway_instance_ami_id | AMI ID to use, Amazon Linux 2 is the supported OS. | string |
null |
no |
smb_protocol_gateway_instance_iam_profile_arn | The protocol gateway instance IAM profile ARN | string |
"" |
no |
smb_protocol_gateway_instance_type | The protocol gateways' virtual machine type (sku) to deploy. | string |
"c5n.2xlarge" |
no |
smb_protocol_gateway_root_volume_size | The protocol gateways' root volume size. | number |
null |
no |
smb_protocol_gateway_secondary_ips_per_nic | Number of secondary IPs per single NIC per protocol gateway virtual machine. | number |
0 |
no |
smb_protocol_gateway_weka_volume_size | The protocol gateways' default disk size. | number |
48 |
no |
smb_protocol_gateways_number | The number of protocol gateway virtual machines to deploy. | number |
0 |
no |
smb_setup_protocol | Config protocol, default if false | bool |
false |
no |
smbw_enabled | Enable SMBW protocol. This option should be provided before cluster is created to leave extra capacity for SMBW setup. | bool |
true |
no |
ssh_public_key | Ssh public key to pass to the instances. | string |
null |
no |
stripe_width | Stripe width = cluster_size - protection_level - 1 (by default). | number |
-1 |
no |
subnet_autocreate_as_private | Create private subnet using nat gateway to route traffic. The default is public network. Relevant only when subnet_ids is empty. | bool |
false |
no |
subnet_ids | List of subnet ids | list(string) |
[] |
no |
subnets_cidrs | CIDR block for subnet creation, required only if not specifying subnet_ids, this block will be used to create subnet that will be used by weka. Currently limited to single | list(string) |
[ |
no |
tags_map | A map of tags to assign the same metadata to all resources in the environment. Format: key:value. Note: Manually tagged resources will be overridden by Terraform apply. | map(string) |
{} |
no |
tiering_enable_obs_integration | Determines whether to enable object stores integration with the Weka cluster. Set true to enable the integration. | bool |
false |
no |
tiering_enable_ssd_percent | When set_obs_integration is true, this variable sets the capacity percentage of the filesystem that resides on SSD. For example, for an SSD with a total capacity of 20GB, and the tiering_ssd_percent is set to 20, the total available capacity is 100GB. | number |
20 |
no |
tiering_obs_name | Name of an existing S3 bucket | string |
"" |
no |
tiering_obs_start_demote | Target tiering cue (in seconds) before starting upload data to OBS (turning it into read cache). Default is 10 seconds. | number |
10 |
no |
tiering_obs_target_ssd_retention | Target retention period (in seconds) before tiering to OBS (how long data will stay in SSD). Default is 86400 seconds (24 hours). | number |
86400 |
no |
use_placement_group | Use cluster placement group for backends. Note: If not using a cluster placement group, the instances will most likely be spread out across the underlying AWS infrastructure, resulting in not getting the maximum performance from the WEKA cluster | bool |
true |
no |
vpc_cidr | CIDR block of the vpc | string |
"10.0.0.0/16" |
no |
vpc_endpoint_autoscaling_create | Create autoscaling VPC endpoint | bool |
false |
no |
vpc_endpoint_dynamodb_gateway_create | Create dynamodb gateway VPC endpoint | bool |
false |
no |
vpc_endpoint_ec2_create | Create Ec2 VPC endpoint | bool |
false |
no |
vpc_endpoint_lambda_create | Create Ec2 VPC endpoint | bool |
false |
no |
vpc_endpoint_proxy_create | creates VPC endpoint to weka-provided VPC Endpoint services that enable managed proxy to reach home.weka.io, get.weka.io, and AWS EC2/cloudwatch services”. Alternatively appropriate customer-managed proxy can be provided by proxy_url variable | bool |
false |
no |
vpc_endpoint_s3_gateway_create | Create S3 gateway VPC endpoint | bool |
false |
no |
vpc_id | VPC ID, required only for security group creation | string |
"" |
no |
weka_home_url | Weka Home url | string |
"" |
no |
weka_version | The Weka version to deploy. | string |
"" |
no |
Name | Description |
---|---|
alb_alias_record | If 'alb_alias_name not null, it will output fqdn of the ALB |
alb_dns_name | If 'create_alb set to true, it will output dns name of the ALB |
asg_name | Name of ASG |
client_asg_name | n/a |
client_helper_commands | n/a |
client_ips | Ips of clients |
cluster_helper_commands | n/a |
cluster_name | The cluster name |
deploy_lambda_name | n/a |
ips_type | If 'assign_public_ip' is set to true, it will output the public ips, If no it will output the private ips |
lambda_status_name | Name of lambda status |
local_ssh_private_key | If 'ssh_public_key' is set to null and no key_pair_name provided, it will output the private ssh key location. |
nfs_protocol_gateways_ips | Ips of NFS protocol gateways |
nfs_protocol_gateways_name | Name of NFS protocol gateway instances |
placement_group_name | Name of placement group |
pre_terraform_destroy_command | Mandatory pre-destroy steps only when S3/SMB protocol gateways are crated. Terraform doesn't handle protection removal. |
s3_protocol_gateways_ips | Ips of S3 protocol gateways |
s3_protocol_gateways_name | Name of S3 protocol gateway instances |
sg_ids | Security group ids of backends |
smb_protocol_gateways_ips | Ips of SMB protocol gateways |
smb_protocol_gateways_name | Name of SMB protocol gateway instances |
subnet_ids | Subnet ids of backends |
vpc_id | VPC id |
weka_cluster_admin_password_secret_id | Secret id of weka admin password |