diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index d523c4fc..5f50e181 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -304,7 +304,6 @@ module "ooniapi_cluster" { asg_min = 2 asg_max = 4 - asg_desired = 2 instance_type = "t3a.micro" @@ -331,9 +330,8 @@ module "oonitier1plus_cluster" { vpc_id = module.network.vpc_id subnet_ids = module.network.vpc_subnet_private[*].id - asg_min = 2 + asg_min = 1 asg_max = 4 - asg_desired = 2 instance_type = "t3a.micro" @@ -402,9 +400,7 @@ module "ooniapi_ooniprobe_deployer" { module "ooniapi_ooniprobe" { source = "../../modules/ooniapi_service" - task_memory = 64 - - service_desired_count = 2 + task_memory = 256 # First run should be set on first run to bootstrap the task definition # first_run = true @@ -436,6 +432,17 @@ module "ooniapi_ooniprobe" { # module.ooniapi_cluster.web_security_group_id ] + use_autoscaling = true + service_desired_count = 1 + max_desired_count = 4 + autoscale_policies = [ + { + resource_type = "memory" + name = "memory" + scaleout_treshold = 60 + } + ] + tags = merge( local.tags, { Name = "ooni-tier0-ooniprobe" } @@ -752,7 +759,7 @@ module "ooniapi_oonirun_deployer" { module "ooniapi_oonirun" { source = "../../modules/ooniapi_service" - task_memory = 64 + task_memory = 256 vpc_id = module.network.vpc_id @@ -801,7 +808,7 @@ module "ooniapi_oonifindings_deployer" { module "ooniapi_oonifindings" { source = "../../modules/ooniapi_service" - task_memory = 64 + task_memory = 256 vpc_id = module.network.vpc_id @@ -851,7 +858,7 @@ module "ooniapi_ooniauth_deployer" { module "ooniapi_ooniauth" { source = "../../modules/ooniapi_service" - task_memory = 64 + task_memory = 128 vpc_id = module.network.vpc_id @@ -918,7 +925,7 @@ module "ooniapi_oonimeasurements_deployer" { module "ooniapi_oonimeasurements" { source = "../../modules/ooniapi_service" - task_memory = 64 + task_memory = 256 first_run = true vpc_id = module.network.vpc_id @@ -929,7 +936,6 @@ module "ooniapi_oonimeasurements" { dns_zone_ooni_io = local.dns_zone_ooni_io key_name = module.adm_iam_roles.oonidevops_key_name ecs_cluster_id = module.oonitier1plus_cluster.cluster_id - service_desired_count = 2 task_secrets = { POSTGRESQL_URL = data.aws_ssm_parameter.oonipg_url.arn @@ -949,6 +955,17 @@ module "ooniapi_oonimeasurements" { module.oonitier1plus_cluster.web_security_group_id ] + use_autoscaling = true + service_desired_count = 1 + max_desired_count = 8 + autoscale_policies = [ + { + name = "memory" + resource_type = "memory" + scaleout_treshold = 60 + } + ] + tags = merge( local.tags, { Name = "ooni-tier0-oonimeasurements" } diff --git a/tf/environments/prod/.terraform.lock.hcl b/tf/environments/prod/.terraform.lock.hcl index febae2ab..1eff2df3 100644 --- a/tf/environments/prod/.terraform.lock.hcl +++ b/tf/environments/prod/.terraform.lock.hcl @@ -2,192 +2,183 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/digitalocean/digitalocean" { - version = "2.43.0" + version = "2.72.0" constraints = "~> 2.0" hashes = [ - "h1:9bQ4VyiF3oIjIgHxTXDVIWojoLYhCFwiqCLTZEsyVmA=", - "h1:NFD+iFS14S3EILq2ZJ8bHaQGetYEAnETqEjkhl52eiI=", - "zh:0023fa4ca4304e9141357df9dafff3bdb33f0189d0c8544f8b872070660ccb0e", - "zh:4004c3034197ca6a2d719d26125eb21e01e652dc77932e27fd0c60151d7ca6d1", - "zh:44173e57c086cad3177bb6c2063981fb9f4ac2d5f7fd9a9e1891b8c16a00d0d9", - "zh:4622261e108f8539102ce84894e03afcf9f70c796eee0ddced02c235a15d9460", - "zh:4fd86a35073061746c5b7dc693fb2a44793a15b49791edcbf0dbefef1d3dae0c", - "zh:5e00b0d847ce0f1e2f269ae55e1f9ea9ea76efb0f40af9ad43c61f89dd84a6d6", - "zh:815c30ce11020e18dd05462f22038764c4200c61a27313e67343dc66ebdcf12c", - "zh:901be1ee215935e0a459b9cb91699757e442355e5dd625637481e1d33cc0498c", - "zh:9bd04a076c175d2b90ab69cd03753e5e0ac3bab96ee6bfcaba83dcd29c829135", - "zh:9d03d25e7e30a2da6f6c2b7f46f6d21a33d55ee80209c21361b57baf7f3dd3f3", - "zh:b1f6ac1c4296e4e0e84b6955661058b04c812d72292d8f3af0b93327b59d0e6b", - "zh:c1cabafc7f1b836a56d62aa43b7d5b77faeb6d685490825f90b776c6852e9ffd", - "zh:ddfcf6ef57b99193f0dde25796cc8ad96a04dcb940eccd137e9a4d5f50c21d17", - "zh:e93dffb991e7ad7c8a0800bd6c7a692225f87656a8b73d7f0e8489a0635ea8ce", - "zh:f2137db6bd5a10662fe23c779c05d312eb71f6df5aa8d5f1e6a45b4c0404b2a0", - "zh:f5e494414b35293f830ffc741e4915744fa84400810dcbcb7df9920a4dadc56d", + "h1:7UznWVOvFb/mjGPuZU3O/uzStEqrRYxaPFUhnGLfWqc=", + "zh:06fd036391b1e67e33b9aeb6e717b3be7f3fa358192111ac6cebc6d71e69ae17", + "zh:159fd52b64482467994faf7fa2988f53817f7e213ddf0a5e51de3d49375d9c36", + "zh:16b91e919a2b6f49cd6882d4241b9e05480a3838804114208e60f1b47b29b8e6", + "zh:39dfb113e810070fe932ab8906280ea9f81e7009e165b9933c48c5f0b9b30b9d", + "zh:432b3ef2f5b3d06821cb4cb11d705125bd365d7d6fb08db4b3ddcd0354471c5b", + "zh:4e9e286f148df4de33dd6a656e6be5586bc3e49c744bc5b6a315f2cf179c3803", + "zh:60a56107c1b047dc8be17a6944d6098a1fea6894929874ea70ff59a7879f7252", + "zh:7ef58ae0830af5559f0cb9f6cff260bf7bd4c120d31781ce1c6297fe9b149d6d", + "zh:9623850701a5a1d7840a32451b48bc6423791814e98cde8a26a112e824102845", + "zh:a73e4eae3c510de4c3882f301a4024efe1c733b9ef20492b85d367f04c83db1a", + "zh:a8ac85aa1bec870b88c8ff15c7d682b6239cc7fd3ec43348c71a0c25e1bc8d18", + "zh:d72c44619d38e471a1a13809c111b459396fcb61be97058287bb883b422973a3", + "zh:d8f2751dd548e996890dd8b91ee834fbdd64aeeb41df1ef0ffbf97b03e07ce19", + "zh:decf393b215330f62b4f43135dd4827c0c32b3b230e5d9cf78d973e6862043a8", + "zh:ecfe43046837abc2b9b1eeac945d103513fc485d63f0c2cc39e71b52d9c417f8", + "zh:f27c41e46fcd5a2d9faba3aa51a4769dad3f413ac65203fb96ff7a0c68a801e6", ] } provider "registry.terraform.io/hashicorp/aws" { - version = "5.75.0" + version = "6.27.0" constraints = ">= 4.9.0, >= 4.66.1" hashes = [ - "h1:1R08bG9RT1qWHU6K0B992s3VbTIdb7cWt421+TBVS/8=", - "h1:36n0sS0B/ZL0yr4JsW07TT+WtLmozvlKTAA/MQWpDY8=", - "zh:01b01b132b70df918f735898f1ad012ab3033d1b909b2e38950d16964d94c084", - "zh:28bc6ee7b0c88b1a48f315509ad390fb1e8f39bebe0f7a43c22b1a63825251d1", - "zh:31f9043a4c3538883ab9b9d3b399dae62e4552251e6a2b1da13ec3a2018a027d", - "zh:47451c295ffbddd19679a41d728f0942486d6de0d9206418d9593dda5a20c120", - "zh:5204c1a9f41dcc10e38879d41d95d95fdbb10527f613c129603137b1dbe99777", - "zh:64c3165a6019045782c8ad2a40d6fa4253d44dba67a5a971a81791cff5a9d3d5", + "h1:bixp2PSsP5ZGBczGCxcbSDn6lF5QFlUXlNroq9cdab4=", + "zh:177a24b806c72e8484b5cabc93b2b38e3d770ae6f745a998b54d6619fd0e8129", + "zh:4ac4a85c14fb868a3306b542e6a56c10bd6c6d5a67bc0c9b8f6a9060cf5f3be7", + "zh:552652185bc85c8ba1da1d65dea47c454728a5c6839c458b6dcd3ce71c19ccfc", + "zh:60284b8172d09aee91eae0856f09855eaf040ce3a58d6933602ae17c53f8ed04", + "zh:6be38d156756ca61fb8e7c752cc5d769cd709686700ac4b230f40a6e95b5dbc9", + "zh:7a409138fae4ef42e3a637e37cb9efedf96459e28a3c764fc4e855e8db9a7485", + "zh:8070cf5224ed1ed3a3e9a59f7c30ff88bf071c7567165275d477c1738a56c064", + "zh:894439ef340a9a79f69cd759e27ad11c7826adeca27be1b1ca82b3c9702fa300", + "zh:89d035eebf08a97c89374ff06040955ddc09f275ecca609d0c9d58d149bef5cf", + "zh:985b1145d724fc1f38369099e4a5087141885740fd6c0b1dbc492171e73c2e49", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a5788f78da2f0ac78f99ca2a4c489c041654bec992f3183fd0b972e0554f91e9", - "zh:aed486e3b24e9f82543bf558b2a7eade4a905608060fac1284145c00ff63d3e2", - "zh:b42523c409940a9c3866f4973c8251b96e5f3a0934230849c533a04b95854965", - "zh:b570353eeb97b3ed1b423a6f67857a7a3c1c47c9907e45a81c3df186a2fd88d0", - "zh:bf05df84199cbc776a878f920f6be4d27737f2de204f80794e6a652d49692f0d", - "zh:c27133287d20620244de95f4c2438135e60c057e0891a3ec97539c990f7ebdec", - "zh:c59143082fe8e4f5d5b0676472b8b0e24c2a2f1ede622a64f9f24639382d4b03", - "zh:ebe01c3b7a85deebc10b4081097dd6e8b4c79b7c13a20acb099bd17ff06afcb7", + "zh:a80b47ae8d1475201c86bd94a5dcb9dd4da5e8b73102a90820b68b66b76d50fd", + "zh:d3395be1556210f82199b9166a6b2e677cee9c4b67e96e63f6c3a98325ad7ab0", + "zh:db0b869d09657f6f1e4110b56093c5fcdf9dbdd97c020db1e577b239c0adcbce", + "zh:ffc72e680370ae7c21f9bd3082c6317730df805c6797427839a6b6b7e9a26a01", ] } provider "registry.terraform.io/hashicorp/cloudinit" { - version = "2.3.5" + version = "2.3.7" hashes = [ - "h1:HCoabXm6NQwCivl1q24+l9VUufc2mFqNeulsQBA9iFg=", - "h1:Sf1Lt21oTADbzsnlU38ylpkl8YXP0Beznjcy5F/Yx64=", - "zh:17c20574de8eb925b0091c9b6a4d859e9d6e399cd890b44cfbc028f4f312ac7a", - "zh:348664d9a900f7baf7b091cf94d657e4c968b240d31d9e162086724e6afc19d5", - "zh:5a876a468ffabff0299f8348e719cb704daf81a4867f8c6892f3c3c4add2c755", - "zh:6ef97ee4c8c6a69a3d36746ba5c857cf4f4d78f32aa3d0e1ce68f2ece6a5dba5", + "h1:iZ27qylcH/2bs685LJTKOKcQ+g7cF3VwN3kHMrzm4Ow=", + "zh:06f1c54e919425c3139f8aeb8fcf9bceca7e560d48c9f0c1e3bb0a8ad9d9da1e", + "zh:0e1e4cf6fd98b019e764c28586a386dc136129fef50af8c7165a067e7e4a31d5", + "zh:1871f4337c7c57287d4d67396f633d224b8938708b772abfc664d1f80bd67edd", + "zh:2b9269d91b742a71b2248439d5e9824f0447e6d261bfb86a8a88528609b136d1", + "zh:3d8ae039af21426072c66d6a59a467d51f2d9189b8198616888c1b7fc42addc7", + "zh:3ef4e2db5bcf3e2d915921adced43929214e0946a6fb11793085d9a48995ae01", + "zh:42ae54381147437c83cbb8790cc68935d71b6357728a154109d3220b1beb4dc9", + "zh:4496b362605ae4cbc9ef7995d102351e2fe311897586ffc7a4a262ccca0c782a", + "zh:652a2401257a12706d32842f66dac05a735693abcb3e6517d6b5e2573729ba13", + "zh:7406c30806f5979eaed5f50c548eced2ea18ea121e01801d2f0d4d87a04f6a14", + "zh:7848429fd5a5bcf35f6fee8487df0fb64b09ec071330f3ff240c0343fe2a5224", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:8283e5a785e3c518a440f6ac6e7cc4fc07fe266bf34974246f4e2ef05762feda", - "zh:a44eb5077950168b571b7eb65491246c00f45409110f0f172cc3a7605f19dba9", - "zh:aa0806cbff72b49c1b389c0b8e6904586e5259c08dabb7cb5040418568146530", - "zh:bec4613c3beaad9a7be7ca99cdb2852073f782355b272892e6ee97a22856aec1", - "zh:d7fe368577b6c8d1ae44c751ed42246754c10305c7f001cc0109833e95aa107d", - "zh:df2409fc6a364b1f0a0f8a9cd8a86e61e80307996979ce3790243c4ce88f2915", - "zh:ed3c263396ff1f4d29639cc43339b655235acf4d06296a7c120a80e4e0fd6409", ] } provider "registry.terraform.io/hashicorp/dns" { - version = "3.4.2" + version = "3.4.3" hashes = [ - "h1:2r/hFLnTWnZiIKrxwCrkSH7X2F12fu8BJzuRjHYA45M=", - "h1:fANvQG0D/XKyj+s+egm66efvr8z2gNKER6UlKfjUxvU=", - "zh:75e40862402368e23cd298b62519203621cf4891b95e1c863530bf7d8e9614e6", + "h1:8wz2nUJwdMb9YWFX67SbX5HoFLINXm+XRQxWxVy0I1I=", + "zh:11526db629adb59e5069aa9af6549f9a274e00365db5e2ea32ed3fef548b2112", + "zh:198a1cd01c6bcb2c00146ac38aabcf04e9f027442bbe9c3ec7aa31220a6964d9", + "zh:3b6d141ef3ad2978b6efddc780b3444e50e4c3988ccd45f8756398669ec52189", + "zh:561adc509f35999e42b2b519eb84e937dd2a3b30138c401834ea9a2adc7418a6", + "zh:61960b0e2d5bcdba1fbe3863f636e06727d7330a9f63a92f42bdb511f1943119", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7a660fbfe5f83d7b94fd5b4cc9bf10d2f6ae280779839f4b7f183c7db5f1e368", - "zh:7c8c3499fb015d2a877a645ffd0225c3fdb4e8b71c044ff242762a1aed2a28e6", - "zh:954f20a96c8d6a04961896137bc004dae19fdaaaf8fd29229fb6ebc98ccac040", - "zh:96bd331cdd3673037e679b20cbf64e02e16f16f05a8c5dc2567c484fdd271d48", - "zh:96f83dfaeba393b1cf17feef05f25ffc4083432c1e3336a28977e626aac6eb53", - "zh:c663da6c3fda06a69d082d23935cebc34c7dc1b898e03a825b50628ad0e0ba71", - "zh:d0cc78a4f9444efe52764a57e7159b217181e0fd4ab4a610fa3bf7839bd94b02", - "zh:d1e938eec2c7ec946775bf984e79b3c66440fe3c08c3662bf0b40d3097985ed9", - "zh:dee0ccb0588f4c4224fe36e50f649ae36add82d72ccbf070800438860da820ac", - "zh:f2b3be35c8c97ed58f7d01ac532207fc816514eda639dcd3fd1929f5f5be369f", + "zh:7ee3a93fe3e45ad16285f2d0ca3a6b6afc4906784b2da1af89a3a0818f3b303b", + "zh:7fc8329861864ee69fffa29b17cafbe67eecbcef3c30749e31659d7837ac8983", + "zh:b29c35262e7fc6619ac80fa38d13076975b613e6a884044bd163599413596e35", + "zh:b778b9c4dfba7ae2ac1658bb4b0d1c45a5edd80893e1f8bbee4b080145a11909", + "zh:f41a325947b78f4d9b51a68a0c6167bc37302356ec47bc8e513106f4f58db732", + "zh:fd7110602e3fc39f70e2b757ffae675fc8232dd3d8534892a0b91e4d5c7539ff", ] } provider "registry.terraform.io/hashicorp/local" { - version = "2.5.2" + version = "2.6.1" constraints = ">= 2.0.0" hashes = [ - "h1:IyFbOIO6mhikFNL/2h1iZJ6kyN3U00jgkpCLUCThAfE=", - "h1:JlMZD6nYqJ8sSrFfEAH0Vk/SL8WLZRmFaMUF9PJK5wM=", - "zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511", - "zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea", - "zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0", - "zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b", - "zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038", - "zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3", + "h1:LMoX85QLTgCCqRuy2aXoz47P7gZ4WRPSA00fUPC/Rho=", + "zh:10050d08f416de42a857e4b6f76809aae63ea4ec6f5c852a126a915dede814b4", + "zh:2df2a3ebe9830d4759c59b51702e209fe053f47453cb4688f43c063bac8746b7", + "zh:2e759568bcc38c86ca0e43701d34cf29945736fdc8e429c5b287ddc2703c7b18", + "zh:6a62a34e48500ab4aea778e355e162ebde03260b7a9eb9edc7e534c84fbca4c6", + "zh:74373728ba32a1d5450a3a88ac45624579e32755b086cd4e51e88d9aca240ef6", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4", - "zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464", - "zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b", - "zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e", - "zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1", + "zh:8dddae588971a996f622e7589cd8b9da7834c744ac12bfb59c97fa77ded95255", + "zh:946f82f66353bb97aefa8d95c4ca86db227f9b7c50b82415289ac47e4e74d08d", + "zh:e9a5c09e6f35e510acf15b666fd0b34a30164cecdcd81ce7cda0f4b2dade8d91", + "zh:eafe5b873ef42b32feb2f969c38ff8652507e695620cbaf03b9db714bee52249", + "zh:ec146289fa27650c9d433bb5c7847379180c0b7a323b1b94e6e7ad5d2a7dbe71", + "zh:fc882c35ce05631d76c0973b35adde26980778fc81d9da81a2fade2b9d73423b", ] } provider "registry.terraform.io/hashicorp/null" { - version = "3.2.3" + version = "3.2.4" hashes = [ - "h1:+AnORRgFbRO6qqcfaQyeX80W0eX3VmjadjnUFUJTiXo=", - "h1:I0Um8UkrMUb81Fxq/dxbr3HLP2cecTH2WMJiwKSrwQY=", - "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", - "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", - "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", - "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f", - "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1", + "h1:hkf5w5B6q8e2A42ND2CjAvgvSN3puAosDmOJb3zCVQM=", + "zh:59f6b52ab4ff35739647f9509ee6d93d7c032985d9f8c6237d1f8a59471bbbe2", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301", - "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670", - "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed", - "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65", - "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", - "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", + "zh:795c897119ff082133150121d39ff26cb5f89a730a2c8c26f3a9c1abf81a9c43", + "zh:7b9c7b16f118fbc2b05a983817b8ce2f86df125857966ad356353baf4bff5c0a", + "zh:85e33ab43e0e1726e5f97a874b8e24820b6565ff8076523cc2922ba671492991", + "zh:9d32ac3619cfc93eb3c4f423492a8e0f79db05fec58e449dee9b2d5873d5f69f", + "zh:9e15c3c9dd8e0d1e3731841d44c34571b6c97f5b95e8296a45318b94e5287a6e", + "zh:b4c2ab35d1b7696c30b64bf2c0f3a62329107bd1a9121ce70683dec58af19615", + "zh:c43723e8cc65bcdf5e0c92581dcbbdcbdcf18b8d2037406a5f2033b1e22de442", + "zh:ceb5495d9c31bfb299d246ab333f08c7fb0d67a4f82681fbf47f2a21c3e11ab5", + "zh:e171026b3659305c558d9804062762d168f50ba02b88b231d20ec99578a6233f", + "zh:ed0fe2acdb61330b01841fa790be00ec6beaac91d41f311fb8254f74eb6a711f", ] } provider "registry.terraform.io/hashicorp/random" { - version = "3.6.3" + version = "3.7.2" hashes = [ - "h1:Fnaec9vA8sZ8BXVlN3Xn9Jz3zghSETIKg7ch8oXhxno=", - "h1:zG9uFP8l9u+yGZZvi5Te7PV62j50azpgwPunq2vTm1E=", - "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", - "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", - "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", - "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", - "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", - "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", + "h1:356j/3XnXEKr9nyicLUufzoF4Yr6hRy481KIxRVpK0c=", + "zh:14829603a32e4bc4d05062f059e545a91e27ff033756b48afbae6b3c835f508f", + "zh:1527fb07d9fea400d70e9e6eb4a2b918d5060d604749b6f1c361518e7da546dc", + "zh:1e86bcd7ebec85ba336b423ba1db046aeaa3c0e5f921039b3f1a6fc2f978feab", + "zh:24536dec8bde66753f4b4030b8f3ef43c196d69cccbea1c382d01b222478c7a3", + "zh:29f1786486759fad9b0ce4fdfbbfece9343ad47cd50119045075e05afe49d212", + "zh:4d701e978c2dd8604ba1ce962b047607701e65c078cb22e97171513e9e57491f", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", - "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", - "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", - "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", - "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", + "zh:7b8434212eef0f8c83f5a90c6d76feaf850f6502b61b53c329e85b3b281cba34", + "zh:ac8a23c212258b7976e1621275e3af7099e7e4a3d4478cf8d5d2a27f3bc3e967", + "zh:b516ca74431f3df4c6cf90ddcdb4042c626e026317a33c53f0b445a3d93b720d", + "zh:dc76e4326aec2490c1600d6871a95e78f9050f9ce427c71707ea412a2f2f1a62", + "zh:eac7b63e86c749c7d48f527671c7aee5b4e26c10be6ad7232d6860167f99dbb0", ] } provider "registry.terraform.io/hashicorp/time" { - version = "0.12.1" + version = "0.13.1" constraints = ">= 0.7.1" hashes = [ - "h1:6BhxSYBJdBBKyuqatOGkuPKVenfx6UmLdiI13Pb3his=", - "h1:JzYsPugN8Fb7C4NlfLoFu7BBPuRVT2/fCOdCaxshveI=", - "zh:090023137df8effe8804e81c65f636dadf8f9d35b79c3afff282d39367ba44b2", - "zh:26f1e458358ba55f6558613f1427dcfa6ae2be5119b722d0b3adb27cd001efea", - "zh:272ccc73a03384b72b964918c7afeb22c2e6be22460d92b150aaf28f29a7d511", - "zh:438b8c74f5ed62fe921bd1078abe628a6675e44912933100ea4fa26863e340e9", + "h1:+W+DMrVoVnoXo3f3M4W+OpZbkCrUn6PnqDF33D2Cuf0=", + "zh:02cb9aab1002f0f2a94a4f85acec8893297dc75915f7404c165983f720a54b74", + "zh:04429b2b31a492d19e5ecf999b116d396dac0b24bba0d0fb19ecaefe193fdb8f", + "zh:26f8e51bb7c275c404ba6028c1b530312066009194db721a8427a7bc5cdbc83a", + "zh:772ff8dbdbef968651ab3ae76d04afd355c32f8a868d03244db3f8496e462690", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:85c8bd8eefc4afc33445de2ee7fbf33a7807bc34eb3734b8eefa4e98e4cddf38", - "zh:98bbe309c9ff5b2352de6a047e0ec6c7e3764b4ed3dfd370839c4be2fbfff869", - "zh:9c7bf8c56da1b124e0e2f3210a1915e778bab2be924481af684695b52672891e", - "zh:d2200f7f6ab8ecb8373cda796b864ad4867f5c255cff9d3b032f666e4c78f625", - "zh:d8c7926feaddfdc08d5ebb41b03445166df8c125417b28d64712dccd9feef136", - "zh:e2412a192fc340c61b373d6c20c9d805d7d3dee6c720c34db23c2a8ff0abd71b", - "zh:e6ac6bba391afe728a099df344dbd6481425b06d61697522017b8f7a59957d44", + "zh:898db5d2b6bd6ca5457dccb52eedbc7c5b1a71e4a4658381bcbb38cedbbda328", + "zh:8de913bf09a3fa7bedc29fec18c47c571d0c7a3d0644322c46f3aa648cf30cd8", + "zh:9402102c86a87bdfe7e501ffbb9c685c32bbcefcfcf897fd7d53df414c36877b", + "zh:b18b9bb1726bb8cfbefc0a29cf3657c82578001f514bcf4c079839b6776c47f0", + "zh:b9d31fdc4faecb909d7c5ce41d2479dd0536862a963df434be4b16e8e4edc94d", + "zh:c951e9f39cca3446c060bd63933ebb89cedde9523904813973fbc3d11863ba75", + "zh:e5b773c0d07e962291be0e9b413c7a22c044b8c7b58c76e8aa91d1659990dfb5", ] } provider "registry.terraform.io/hashicorp/tls" { - version = "4.0.6" + version = "4.1.0" hashes = [ - "h1:dYSb3V94K5dDMtrBRLPzBpkMTPn+3cXZ/kIJdtFL+2M=", - "h1:n3M50qfWfRSpQV9Pwcvuse03pEizqrmYEryxKky4so4=", - "zh:10de0d8af02f2e578101688fd334da3849f56ea91b0d9bd5b1f7a243417fdda8", - "zh:37fc01f8b2bc9d5b055dc3e78bfd1beb7c42cfb776a4c81106e19c8911366297", - "zh:4578ca03d1dd0b7f572d96bd03f744be24c726bfd282173d54b100fd221608bb", - "zh:6c475491d1250050765a91a493ef330adc24689e8837a0f07da5a0e1269e11c1", - "zh:81bde94d53cdababa5b376bbc6947668be4c45ab655de7aa2e8e4736dfd52509", - "zh:abdce260840b7b050c4e401d4f75c7a199fafe58a8b213947a258f75ac18b3e8", - "zh:b754cebfc5184873840f16a642a7c9ef78c34dc246a8ae29e056c79939963c7a", - "zh:c928b66086078f9917aef0eec15982f2e337914c5c4dbc31dd4741403db7eb18", - "zh:cded27bee5f24de6f2ee0cfd1df46a7f88e84aaffc2ecbf3ff7094160f193d50", - "zh:d65eb3867e8f69aaf1b8bb53bd637c99c6b649ba3db16ded50fa9a01076d1a27", - "zh:ecb0c8b528c7a619fa71852bb3fb5c151d47576c5aab2bf3af4db52588722eeb", + "h1:Ka8mEwRFXBabR33iN/WTIEW6RP0z13vFsDlwn11Pf2I=", + "zh:14c35d89307988c835a7f8e26f1b83ce771e5f9b41e407f86a644c0152089ac2", + "zh:2fb9fe7a8b5afdbd3e903acb6776ef1be3f2e587fb236a8c60f11a9fa165faa8", + "zh:35808142ef850c0c60dd93dc06b95c747720ed2c40c89031781165f0c2baa2fc", + "zh:35b5dc95bc75f0b3b9c5ce54d4d7600c1ebc96fbb8dfca174536e8bf103c8cdc", + "zh:38aa27c6a6c98f1712aa5cc30011884dc4b128b4073a4a27883374bfa3ec9fac", + "zh:51fb247e3a2e88f0047cb97bb9df7c228254a3b3021c5534e4563b4007e6f882", + "zh:62b981ce491e38d892ba6364d1d0cdaadcee37cc218590e07b310b1dfa34be2d", + "zh:bc8e47efc611924a79f947ce072a9ad698f311d4a60d0b4dfff6758c912b7298", + "zh:c149508bd131765d1bc085c75a870abb314ff5a6d7f5ac1035a8892d686b6297", + "zh:d38d40783503d278b63858978d40e07ac48123a2925e1a6b47e62179c046f87a", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fb07f708e3316615f6d218cec198504984c0ce7000b9f1eebff7516e384f4b54", ] } diff --git a/tf/environments/prod/main.tf b/tf/environments/prod/main.tf index 6d0ed043..1600c6d5 100644 --- a/tf/environments/prod/main.tf +++ b/tf/environments/prod/main.tf @@ -529,7 +529,6 @@ module "ooniapi_cluster" { # You need be careful how these are tweaked. asg_min = 2 asg_max = 10 - asg_desired = 2 instance_type = "t3a.medium" @@ -558,7 +557,6 @@ module "oonitier1plus_cluster" { asg_min = 2 asg_max = 5 - asg_desired = 4 instance_type = "t3a.medium" @@ -638,7 +636,6 @@ module "ooniapi_ooniprobe" { ecs_cluster_id = module.ooniapi_cluster.cluster_id task_memory = 256 - service_desired_count = 8 task_secrets = { POSTGRESQL_URL = data.aws_ssm_parameter.oonipg_url.arn @@ -658,6 +655,17 @@ module "ooniapi_ooniprobe" { module.ooniapi_cluster.web_security_group_id ] + use_autoscaling = true + service_desired_count = 2 + max_desired_count = 8 + autoscale_policies = [ + { + resource_type = "memory" + name = "memory" + scaleout_treshold = 60 + } + ] + tags = merge( local.tags, { Name = "ooni-tier0-ooniprobe" } @@ -959,8 +967,6 @@ module "ooniapi_oonimeasurements" { ecs_cluster_id = module.oonitier1plus_cluster.cluster_id # ecs_cluster_id = module.ooniapi_cluster.cluster_id - service_desired_count = 8 - task_secrets = { POSTGRESQL_URL = data.aws_ssm_parameter.oonipg_url.arn JWT_ENCRYPTION_KEY = data.aws_ssm_parameter.jwt_secret.arn @@ -983,6 +989,17 @@ module "ooniapi_oonimeasurements" { module.ooniapi_cluster.web_security_group_id ] + use_autoscaling = true + service_desired_count = 4 + max_desired_count = 8 + autoscale_policies = [ + { + name = "memory" + resource_type = "memory" + scaleout_treshold = 60 + } + ] + tags = merge( local.tags, { Name = "ooni-tier0-oonimeasurements" } diff --git a/tf/modules/ecs_cluster/main.tf b/tf/modules/ecs_cluster/main.tf index fa0557ef..b95fb7ea 100644 --- a/tf/modules/ecs_cluster/main.tf +++ b/tf/modules/ecs_cluster/main.tf @@ -117,7 +117,7 @@ resource "aws_security_group" "container_host" { security_groups = concat([ aws_security_group.web.id, - ], + ], var.monitoring_sg_ids) } @@ -197,7 +197,9 @@ resource "aws_autoscaling_group" "container_host" { vpc_zone_identifier = var.subnet_ids min_size = var.asg_min max_size = var.asg_max - desired_capacity = var.asg_desired + # desired_capacity is usually managed by the capacity provider + # defined below. Note that this is an ECS cluster, so + # cluster capacity is directed by task load demands launch_template { id = aws_launch_template.container_host.id @@ -212,4 +214,42 @@ resource "aws_autoscaling_group" "container_host" { triggers = ["tag"] } + + // This tag is required by the aws_ecs_capacity_provider resource + // See: https://registry.terraform.io/providers/hashicorp/aws/5.87.0/docs/resources/ecs_capacity_provider#example-usage + tag { + key = "AmazonECSManaged" + value = true + propagate_at_launch = true + } +} + +resource "aws_ecs_capacity_provider" "capacity_provider" { + name = "${var.name}-capacity-provider" + + auto_scaling_group_provider { + auto_scaling_group_arn = aws_autoscaling_group.container_host.arn + managed_termination_protection = "ENABLED" + # managed_draining = "ENABLED" + + managed_scaling { + maximum_scaling_step_size = 1000 + minimum_scaling_step_size = 1 + status = "ENABLED" + target_capacity = 100 + } + } +} + +// You also need to link the capacity provider to the cluster +resource "aws_ecs_cluster_capacity_providers" "cluster_capacity_providers" { + cluster_name = aws_ecs_cluster.main.name + + capacity_providers = [aws_ecs_capacity_provider.capacity_provider.name] + + default_capacity_provider_strategy { + base = 1 + weight = 100 + capacity_provider = aws_ecs_capacity_provider.capacity_provider.name + } } diff --git a/tf/modules/ecs_cluster/variables.tf b/tf/modules/ecs_cluster/variables.tf index 16e1592e..a9669ebf 100644 --- a/tf/modules/ecs_cluster/variables.tf +++ b/tf/modules/ecs_cluster/variables.tf @@ -45,11 +45,6 @@ variable "asg_max" { default = 6 } -variable "asg_desired" { - description = "Desired numbers of servers in ASG" - default = 1 -} - variable "admin_cidr_ingress" { default = "0.0.0.0/0" } @@ -75,4 +70,4 @@ variable "monitoring_active" { description = "If the monitoring system should consider cluster machines. Set it to 'true' to activate it, anything else to deactivate it" default = "true" type = string -} \ No newline at end of file +} diff --git a/tf/modules/ooniapi_service/main.tf b/tf/modules/ooniapi_service/main.tf index f19e08f0..f0e459cc 100644 --- a/tf/modules/ooniapi_service/main.tf +++ b/tf/modules/ooniapi_service/main.tf @@ -145,3 +145,43 @@ resource "aws_alb_target_group" "ooniapi_service" { tags = var.tags } + +resource "aws_appautoscaling_target" "ecs_target" { + // Use count to support conditional resource creation + count = var.use_autoscaling ? 1 : 0 + service_namespace = "ecs" + scalable_dimension = "ecs:service:DesiredCount" + resource_id = "${reverse(split(":", aws_ecs_service.ooniapi_service.id))[0]}" + + min_capacity = var.service_desired_count + max_capacity = var.max_desired_count +} + +resource "aws_appautoscaling_policy" "policies" { + for_each = { + for p in var.autoscale_policies : + p.name => p + } + + name = each.value.name + service_namespace = "ecs" + scalable_dimension = aws_appautoscaling_target.ecs_target[0].scalable_dimension + resource_id = aws_appautoscaling_target.ecs_target[0].resource_id + policy_type = "TargetTrackingScaling" + + target_tracking_scaling_policy_configuration { + predefined_metric_specification { + predefined_metric_type = lookup({ + cpu = "ECSServiceAverageCPUUtilization" + memory = "ECSServiceAverageMemoryUtilization" + }, + each.value.resource_type, + "ECSServiceAverageMemoryUtilization" + ) + } + + target_value = each.value.scaleout_treshold + scale_in_cooldown = 60 + scale_out_cooldown = 60 + } +} diff --git a/tf/modules/ooniapi_service/variables.tf b/tf/modules/ooniapi_service/variables.tf index 0dfaf4bf..c0e42b66 100644 --- a/tf/modules/ooniapi_service/variables.tf +++ b/tf/modules/ooniapi_service/variables.tf @@ -30,7 +30,11 @@ variable "tags" { } variable "service_desired_count" { - description = "Desired numbers of instances in the ecs service" + description = <<-EOF + Desired numbers of instances in the ecs service. + When `use_autoscaling == true` this will be the minimum amount of + spawned services + EOF default = 1 } @@ -65,3 +69,27 @@ variable "ooniapi_service_security_groups" { description = "the shared web security group from the ecs cluster" type = list(string) } + +// Autoscaling +variable "use_autoscaling" { + description = "Whether this service should use autoscaling to modify task count at runtime" + type = bool + default = false +} + +variable "max_desired_count" { + description = "Desired numbers of instances in the ecs service" + default = 1 +} + +variable "autoscale_policies" { + description = "Policies used for autoscaling resources, only valid if `use_autoscaling` == true" + + type = list(object({ + resource_type = string // memory | cpu + scaleout_treshold = number // from 0 to 100, number used to trigger a scale in. Should be higher than scalein_treshold + name = string + })) + + default = [] +}