imperva / dsfkit Goto Github PK

comment for dummy issue

Hello Imperva,

As the follow up on the issue #381, we have tried to deploy the code based on your recommandations using terraform variables:

enable_dam = false
agentless_gw_count = 0
agent_gw_count = 0
hub_hadr = false
agentless_gw_hadr = false
dra_version = "4.14"
attach_persistent_public_ip = false

aws_profile = ""
aws_region_1 = "eu-west-1"
aws_region_2 = "eu-west-1"

/dsf_single_account_deployment$ terraform plan -var-file=default.tfvars

Here is the issue that we got:

│ Error: Invalid index
│
│ on sonar.tf line 6, in locals:
│ 6: hub_dr_public_ip = var.enable_sonar ? (length(module.hub_dr[0].public_ip) > 0 ? format("%s/32", module.hub_dr[0].public_ip) : null) : null
│ ├────────────────
│ │ module.hub_dr is empty tuple
│
│ The given key does not identify an element in this collection value: the collection has no elements.
╵
╷
│ Error: Invalid index
│
│ on sonar.tf line 10, in locals:
│ 10: hub_dr_ip = var.enable_sonar ? (length(module.hub_dr[0].public_dns) > 0 ? module.hub_dr[0].public_dns : module.hub_dr[0].private_dns) : null
│ ├────────────────
│ │ module.hub_dr is empty tuple
│
│ The given key does not identify an element in this collection value: the collection has no elements.

Could you please advise how to deploy successfully Imperva infrastructure (without HADR)?

Thank you!
Iliya

Hello Imperva,

I would have suggestion for improving the code in your repo.

We only would like to deploy DSF, DRA Admin, DRA Analytics in one region (without HADR instances deployed in second region) with below configuration

enable_dam = false
agentless_gw_count = 0
agent_gw_count = 0
hub_hadr = false
agentless_gw_hadr = false
dra_version = "4.14"
aws_profile = ""
aws_region_1 = "us-east-1"
aws_region_2 = ""

│ Error: Invalid AWS Region:
│ with provider["registry.terraform.io/hashicorp/aws"].provider-2,
│ on providers.tf line 13, in provider "aws":
│ 13: provider "aws" {

The terraform is still expecting second region. We found a the solution as changing the logic for hub_dr_public_ip & hub_dr_ip from below file:

https://github.com/imperva/dsfkit/blob/master/examples/aws/installation/dsf_single_account_deployment/sonar.tf

hub_dr_public_ip = var.enable_sonar && var.hub_hadr ? (length(module.hub_dr[0].public_ip) > 0 ? format("%s/32", module.hub_dr[0].public_ip) : null) : null
hub_dr_ip = var.enable_sonar && var.hub_hadr ? (length(module.hub_dr[0].public_dns) > 0 ? module.hub_dr[0].public_dns : module.hub_dr[0].private_dns) : null

Could you please review and the code change and and add it as fix, or advise if there is another way of deploying the resources without HADR?

Thank you!

Hello Imperva,

I would like to draw your attention to the following use case:

1 The current Terraform code in the DRA Admin module spins up a machine with a public IP address. My first question is whether it’s possible to modify the code to include an option to disable the Elastic IP address.
Additionally, during the execution of the script for the DRA Admin and DRA Analytics modules, it attempts to connect to the application via the public IP address from the deployment machine.

module.dra_admin[0].null_resource.readiness (local-exec): Executing: ["/bin/bash" "-c" " while true; do\n response=$(curl -k -s -o /dev/null -w \"%{http_code}\" --request GET 'https://3.13.11.65:8443/mvc/login')\n if [ $response -eq 200 ]; then\n exit 0\n else\n sleep 60\n fi\n done"] module.dra_analytics[0].null_resource.readiness (local-exec): Executing: ["/bin/bash" "-c" " while true; do\n response=$(curl -k -s -o /dev/null -w \"%{http_code}\" --request GET 'https://3.13.11.65:8443/mvc/login')\n if [ $response -eq 200 ]; then\n exit 0\n else\n sleep 60\n fi\n done"]

2 If there is no specific reason for the current setup, may I suggest altering the code so that the script attempts to connect to the respective DRA component via its private IP address first, and then, if necessary, via its public IP address?

examples/aws/installation/dsf_single_account_deployment/.terraform/modules/dra_admin/main.tf
readiness_script = templatefile("${path.module}/readiness.tftpl", { admin_server_public_ip = try(local.private_ip,local.public_ip,) })

examples/aws/installation/dsf_single_account_deployment/.terraform/modules/dra_analytics/main.tf
readiness_script = templatefile("${path.module}/readiness.tftpl", { admin_server_public_ip = try(var.admin_server_private_ip, var.admin_server_public_ip,) })

Thank you for reviewing my submission. Please let me know your thoughts.

Hello @lindanasredin, Imperva,

Hope you are doing well.

I returning to you with ask for help for another issue.

During the terraform apply, the execution of the code continues a few hours. After the terraform deployment was manually interrupted it showed message that "readiness" script was not finished.

default.tfvars:
`enable_dam = false
agentless_gw_count = 0
agent_gw_count = 0
hub_hadr = false
agentless_gw_hadr = false
dra_version = "4.14"

aws_profile = ""
aws_region_1 = "eu-west-1"
aws_region_2 = "eu-west-1"
subnet_ids = {
hub_main_subnet_id = "subnet-xxxxxxxxxxxxxxx"
hub_dr_subnet_id = "subnet-xxxxxxxxxxxxxxx"
agentless_gw_main_subnet_id = "subnet-xxxxxxxxxxxxxxx"
agentless_gw_dr_subnet_id = "subnet-xxxxxxxxxxxxxxx"
mx_subnet_id = "subnet-xxxxxxxxxxxxxxx"
agent_gw_subnet_id = "subnet-xxxxxxxxxxxxxxx"
dra_admin_subnet_id = "subnet-xxxxxxxxxxxxxxx"
dra_analytics_subnet_id = "subnet-xxxxxxxxxxxxxxx"`

Output:
�[0m�[1mmodule.dra_analytics[0].aws_instance.dsf_base_instance: Still creating... [10s elapsed]�[0m�[0m
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0] (remote-exec):�[0m �[0mConnecting to remote host via SSH...
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0] (remote-exec):�[0m �[0m Host: 10...136
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0] (remote-exec):�[0m �[0m User: ec2-user
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0] (remote-exec):�[0m �[0m Password: false
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0] (remote-exec):�[0m �[0m Private key: true
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0] (remote-exec):�[0m �[0m Certificate: false
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0] (remote-exec):�[0m �[0m SSH Agent: false
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0] (remote-exec):�[0m �[0m Checking Host Key: false
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0] (remote-exec):�[0m �[0m Target Platform: unix
�[0m�[1mmodule.dra_analytics[0].aws_instance.dsf_base_instance: Creation complete after 12s [id=i-09f15ea899ca22975]�[0m
�[0m�[1mmodule.dra_analytics[0].null_resource.readiness: Creating...�[0m�[0m
�[0m�[1mmodule.dra_analytics[0].null_resource.readiness: Provisioning with 'local-exec'...�[0m�[0m
�[0m�[1mmodule.dra_analytics[0].null_resource.readiness (local-exec):�[0m �[0mExecuting: ["/bin/bash" "-c" " while true; do\n response=$(curl -k -s -o /dev/null -w "%{http_code}" --request GET 'https://34...182:8443/mvc/login')\n if [ $response -eq 200 ]; then\n exit 0\n else\n sleep 60\n fi\n done"]
�[0m�[1mmodule.dra_admin[0].aws_instance.dsf_base_instance: Creation complete after 13s [id=i-0992274acca3bffb3]�[0m
�[0m�[1mmodule.dra_admin[0].null_resource.readiness: Creating...�[0m�[0m
�[0m�[1mmodule.dra_admin[0].aws_eip_association.eip_assoc[0]: Creating...�[0m�[0m
�[0m�[1mmodule.dra_admin[0].null_resource.readiness: Provisioning with 'local-exec'...�[0m�[0m
�[0m�[1mmodule.dra_admin[0].null_resource.readiness (local-exec):�[0m �[0mExecuting: ["/bin/bash" "-c" " while true; do\n response=$(curl -k -s -o /dev/null -w "%{http_code}" --request GET 'https://34...182:8443/mvc/login')\n if [ $response -eq 200 ]; then\n exit 0\n else\n sleep 60\n fi\n done"]
�[0m�[1mmodule.dra_admin[0].aws_eip_association.eip_assoc[0]: Creation complete after 1s [id=eipassoc-010f2d21b951d0b5f]�[0m
�[0m�[1mmodule.hub_main[0].module.hub_instance.aws_volume_attachment.ebs_att: Still creating... [20s elapsed]�[0m�[0m
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0]: Still creating... [20s elapsed]�[0m�[0m
�[0m�[1mmodule.hub_main[0].module.hub_instance.aws_volume_attachment.ebs_att: Creation complete after 21s [id=vai-947258387]�[0m

FYI, after the terraform deployment was manually interrupted , it showed the following error:
Error: local-exec provisioner error
│
│ with module.dra_admin[0].null_resource.readiness,
│ on .terraform/modules/dra_admin/main.tf line 75, in resource "null_resource" "readiness":
│ 75: provisioner "local-exec" {
│
│ Error running command ' while true; do
│ response=$(curl -k -s -o /dev/null -w "%{http_code}" --request GET 'https://34.*.*.182:8443/mvc/login')
│ if [ $response -eq 200 ]; then
│ exit 0
│ else
│ sleep 60
│ fi
│ done': signal: interrupt. Output:
╵
╷
│ Error: local-exec provisioner error
│
│ with module.dra_analytics[0].null_resource.readiness,
│ on .terraform/modules/dra_analytics/main.tf line 69, in resource "null_resource" "readiness":
│ 69: provisioner "local-exec" {
│
│ Error running command ' while true; do
│ response=$(curl -k -s -o /dev/null -w "%{http_code}" --request GET 'https://34.*.*.182:8443/mvc/login')
│ if [ $response -eq 200 ]; then
│ exit 0
│ else
│ sleep 60
│ fi
│ done': signal: interrupt. Output:
╵
╷
│ Error: remote-exec provisioner error
│
│ with module.hub_main[0].module.hub_instance.null_resource.readiness[0],
│ on .terraform/modules/hub_main/_modules/aws/sonar-base-instance/userdata.tf line 58, in resource "null_resource" "readiness":
│ 58: provisioner "remote-exec" {
│
│ interrupted - last error: dial tcp 10...136:22: i/o timeout

Could you please take a look and advise what could cause the while loop to continue infinity ?

P.S. A few side questions.

1. Does dskkit has the option to deploy DRA Analytics without Elastic IP address?
2. I would like to access DRA Admin and DRA Analytics and run the readiness script locally for the pure test, which ssh user should be used in combination with ssh passwords stored in AWS Secret Manager?

For reference #381 #386

Thank you!
Iliya