diff --git a/infrastructure/dogfood/terraform/aws-tf-module/free-ecs-hosts.tf b/infrastructure/dogfood/terraform/aws-tf-module/free-ecs-hosts.tf index 801dc9bee0..8021f5892c 100644 --- a/infrastructure/dogfood/terraform/aws-tf-module/free-ecs-hosts.tf +++ b/infrastructure/dogfood/terraform/aws-tf-module/free-ecs-hosts.tf @@ -6,11 +6,11 @@ locals { "5.8.2-ubuntu20.04@sha256:3496ffd0ad570c88a9f405e6ef517079cfeed6ce405b9d22db4dc5ef6ed3faac" = "Cloud-City-server" "5.8.2-ubuntu18.04@sha256:372575e876c218dde3c5c0e24fd240d193800fca9b314e94b4ad4e6e22006c9b" = "Mists-laptop" "5.8.2-ubuntu16.04@sha256:112655c42951960d8858c116529fb4c64951e4cf2e34cb7c08cd599a009025bb" = "Ethers-laptop" - "5.8.2-debian10@sha256:de29337896aac89b2b03c7642805859d3fb6d52e5dc08230f987bbab4eeba9c5" = "Breezes-laptop" - "5.8.2-debian9@sha256:47e46c19cebdf0dc704dd0061328856bda7e1e86b8c0fefdd6f78bd092c6200e" = "Aero-server" - "5.8.2-centos8@sha256:88a8adde80bd3b1b257e098bc6e41b6afea840f60033653dcb9fe984f36b0f97" = "Stratuss-laptop" - "5.8.2-centos7@sha256:ff251de4935b80a91c5fc1ac352aebdab9a6bbbf5bda1aaada8e26d22b50202d" = "Zephyrs-Laptop" - "5.8.2-centos6@sha256:b56736be8436288d3fbd2549ec6165e0588cd7197e91600de4a2f00f1df28617" = "Halo-server" + "5.8.2-debian10@sha256:de29337896aac89b2b03c7642805859d3fb6d52e5dc08230f987bbab4eeba9c5" = "Breezes-laptop" + "5.8.2-debian9@sha256:47e46c19cebdf0dc704dd0061328856bda7e1e86b8c0fefdd6f78bd092c6200e" = "Aero-server" + "5.8.2-centos8@sha256:88a8adde80bd3b1b257e098bc6e41b6afea840f60033653dcb9fe984f36b0f97" = "Stratuss-laptop" + "5.8.2-centos7@sha256:ff251de4935b80a91c5fc1ac352aebdab9a6bbbf5bda1aaada8e26d22b50202d" = "Zephyrs-Laptop" + "5.8.2-centos6@sha256:b56736be8436288d3fbd2549ec6165e0588cd7197e91600de4a2f00f1df28617" = "Halo-server" } } @@ -42,7 +42,7 @@ resource "aws_iam_role_policy_attachment" "osquery_execution_attachment" { resource "aws_iam_role_policy_attachment" "osquery" { policy_arn = aws_iam_policy.osquery.arn role = aws_iam_role.osquery.name -} +} resource "aws_iam_policy" "osquery" { name = "osquery-ecr-policy" @@ -130,11 +130,11 @@ module "osquery_docker" { } resource "random_uuid" "osquery" { - for_each = local.osquery_hosts + for_each = local.osquery_hosts } resource "aws_ecs_task_definition" "osquery" { - for_each = local.osquery_hosts + for_each = local.osquery_hosts // e.g. 5-8-2-ubuntu22-04 to match naming requirements family = "osquery-${replace(split("@sha256", each.key)[0], ".", "-")}" network_mode = "awsvpc" @@ -167,7 +167,7 @@ resource "aws_ecs_task_definition" "osquery" { } environment = [ { - name = "FAKE_HOSTNAME" + name = "FAKE_HOSTNAME" value = each.value } ] @@ -214,13 +214,13 @@ resource "aws_ecs_task_definition" "osquery" { } resource "aws_ecs_service" "osquery" { - for_each = local.osquery_hosts + for_each = local.osquery_hosts # Name must match ^[A-Za-z-_]+$ e.g. 5-8-2-ubuntu22-04 - name = "osquery_${replace(split("@sha256", each.key)[0], ".", "-")}" - launch_type = "FARGATE" - cluster = module.free.byo-db.byo-ecs.service.cluster - task_definition = aws_ecs_task_definition.osquery[each.key].arn - desired_count = 1 + name = "osquery_${replace(split("@sha256", each.key)[0], ".", "-")}" + launch_type = "FARGATE" + cluster = module.free.byo-db.byo-ecs.service.cluster + task_definition = aws_ecs_task_definition.osquery[each.key].arn + desired_count = 1 # Spin down before spin up since we are specifying the host identifier manually deployment_minimum_healthy_percent = 0 deployment_maximum_percent = 100 diff --git a/infrastructure/dogfood/terraform/aws-tf-module/free.tf b/infrastructure/dogfood/terraform/aws-tf-module/free.tf index ba6d77514c..fb9ce97cf2 100644 --- a/infrastructure/dogfood/terraform/aws-tf-module/free.tf +++ b/infrastructure/dogfood/terraform/aws-tf-module/free.tf @@ -128,6 +128,9 @@ module "waf-free" { } module "migrations_free" { + depends_on = [ + module.geolite2 + ] source = "github.com/fleetdm/fleet//terraform/addons/migrations?ref=tf-mod-addon-migrations-v1.0.0" ecs_cluster = module.free.byo-db.byo-ecs.service.cluster task_definition = module.free.byo-db.byo-ecs.task_definition.family diff --git a/infrastructure/dogfood/terraform/aws-tf-module/main.tf b/infrastructure/dogfood/terraform/aws-tf-module/main.tf index 2443ac833f..6d6671457d 100644 --- a/infrastructure/dogfood/terraform/aws-tf-module/main.tf +++ b/infrastructure/dogfood/terraform/aws-tf-module/main.tf @@ -40,9 +40,9 @@ variable "elastic_token" {} data "aws_caller_identity" "current" {} locals { - customer = "fleet-dogfood" - fleet_image = var.fleet_image # Set this to the version of fleet to be deployed - geolite2_image = "${aws_ecr_repository.fleet.repository_url}:${split(":", var.fleet_image)[1]}-geolite2" + customer = "fleet-dogfood" + fleet_image = var.fleet_image # Set this to the version of fleet to be deployed + geolite2_image = "${aws_ecr_repository.fleet.repository_url}:${split(":", var.fleet_image)[1]}-geolite2-${formatdate("YYYYMMDDhhmm", timestamp())}" extra_environment_variables = { FLEET_LICENSE_KEY = var.fleet_license FLEET_LOGGING_DEBUG = "true" @@ -240,6 +240,9 @@ data "aws_iam_policy_document" "sentry" { } module "migrations" { + depends_on = [ + module.geolite2 + ] source = "github.com/fleetdm/fleet//terraform/addons/migrations?ref=tf-mod-addon-migrations-v1.0.0" ecs_cluster = module.main.byo-vpc.byo-db.byo-ecs.service.cluster task_definition = module.main.byo-vpc.byo-db.byo-ecs.task_definition.family @@ -428,8 +431,8 @@ resource "aws_s3_object" "idp_metadata" { } module "geolite2" { - source = "github.com/fleetdm/fleet//terraform/addons/geolite2?ref=tf-mod-addon-geolite2-v1.0.0" - fleet_image = var.fleet_image + source = "github.com/fleetdm/fleet//terraform/addons/geolite2?ref=tf-mod-addon-geolite2-v1.0.0" + fleet_image = var.fleet_image destination_image = local.geolite2_image - license_key = var.geolite2_license + license_key = var.geolite2_license }