imperva / dsfkit Goto Github PK
View Code? Open in Web Editor NEWImperva eDSF Kit is designed to automate the deployment of DSF
License: MIT License
Imperva eDSF Kit is designed to automate the deployment of DSF
License: MIT License
comment for dummy issue
Hello Imperva,
As the follow up on the issue #381, we have tried to deploy the code based on your recommandations using terraform variables:
enable_dam = false
agentless_gw_count = 0
agent_gw_count = 0
hub_hadr = false
agentless_gw_hadr = false
dra_version = "4.14"
attach_persistent_public_ip = false
aws_profile = ""
aws_region_1 = "eu-west-1"
aws_region_2 = "eu-west-1"
/dsf_single_account_deployment$ terraform plan -var-file=default.tfvars
Here is the issue that we got:
│ Error: Invalid index
│
│ on sonar.tf line 6, in locals:
│ 6: hub_dr_public_ip = var.enable_sonar ? (length(module.hub_dr[0].public_ip) > 0 ? format("%s/32", module.hub_dr[0].public_ip) : null) : null
│ ├────────────────
│ │ module.hub_dr is empty tuple
│
│ The given key does not identify an element in this collection value: the collection has no elements.
╵
╷
│ Error: Invalid index
│
│ on sonar.tf line 10, in locals:
│ 10: hub_dr_ip = var.enable_sonar ? (length(module.hub_dr[0].public_dns) > 0 ? module.hub_dr[0].public_dns : module.hub_dr[0].private_dns) : null
│ ├────────────────
│ │ module.hub_dr is empty tuple
│
│ The given key does not identify an element in this collection value: the collection has no elements.
Could you please advise how to deploy successfully Imperva infrastructure (without HADR)?
Thank you!
Iliya
Hello Imperva,
I would like to draw your attention to the following use case:
1 The current Terraform code in the DRA Admin module spins up a machine with a public IP address. My first question is whether it’s possible to modify the code to include an option to disable the Elastic IP address.
Additionally, during the execution of the script for the DRA Admin and DRA Analytics modules, it attempts to connect to the application via the public IP address from the deployment machine.
module.dra_admin[0].null_resource.readiness (local-exec): Executing: ["/bin/bash" "-c" " while true; do\n response=$(curl -k -s -o /dev/null -w \"%{http_code}\" --request GET 'https://3.13.11.65:8443/mvc/login')\n if [ $response -eq 200 ]; then\n exit 0\n else\n sleep 60\n fi\n done"] module.dra_analytics[0].null_resource.readiness (local-exec): Executing: ["/bin/bash" "-c" " while true; do\n response=$(curl -k -s -o /dev/null -w \"%{http_code}\" --request GET 'https://3.13.11.65:8443/mvc/login')\n if [ $response -eq 200 ]; then\n exit 0\n else\n sleep 60\n fi\n done"]
2 If there is no specific reason for the current setup, may I suggest altering the code so that the script attempts to connect to the respective DRA component via its private IP address first, and then, if necessary, via its public IP address?
examples/aws/installation/dsf_single_account_deployment/.terraform/modules/dra_admin/main.tf
readiness_script = templatefile("${path.module}/readiness.tftpl", { admin_server_public_ip = try(local.private_ip,local.public_ip,) })
examples/aws/installation/dsf_single_account_deployment/.terraform/modules/dra_analytics/main.tf
readiness_script = templatefile("${path.module}/readiness.tftpl", { admin_server_public_ip = try(var.admin_server_private_ip, var.admin_server_public_ip,) })
Thank you for reviewing my submission. Please let me know your thoughts.
Hello Imperva,
I would have suggestion for improving the code in your repo.
We only would like to deploy DSF, DRA Admin, DRA Analytics in one region (without HADR instances deployed in second region) with below configuration
enable_dam = false
agentless_gw_count = 0
agent_gw_count = 0
hub_hadr = false
agentless_gw_hadr = false
dra_version = "4.14"
aws_profile = ""
aws_region_1 = "us-east-1"
aws_region_2 = ""
│ Error: Invalid AWS Region:
│ with provider["registry.terraform.io/hashicorp/aws"].provider-2,
│ on providers.tf line 13, in provider "aws":
│ 13: provider "aws" {
The terraform is still expecting second region. We found a the solution as changing the logic for hub_dr_public_ip & hub_dr_ip from below file:
hub_dr_public_ip = var.enable_sonar && var.hub_hadr ? (length(module.hub_dr[0].public_ip) > 0 ? format("%s/32", module.hub_dr[0].public_ip) : null) : null
hub_dr_ip = var.enable_sonar && var.hub_hadr ? (length(module.hub_dr[0].public_dns) > 0 ? module.hub_dr[0].public_dns : module.hub_dr[0].private_dns) : null
Could you please review and the code change and and add it as fix, or advise if there is another way of deploying the resources without HADR?
Thank you!
Hello @lindanasredin, Imperva,
Hope you are doing well.
I returning to you with ask for help for another issue.
During the terraform apply, the execution of the code continues a few hours. After the terraform deployment was manually interrupted it showed message that "readiness" script was not finished.
default.tfvars:
`enable_dam = false
agentless_gw_count = 0
agent_gw_count = 0
hub_hadr = false
agentless_gw_hadr = false
dra_version = "4.14"
aws_profile = ""
aws_region_1 = "eu-west-1"
aws_region_2 = "eu-west-1"
subnet_ids = {
hub_main_subnet_id = "subnet-xxxxxxxxxxxxxxx"
hub_dr_subnet_id = "subnet-xxxxxxxxxxxxxxx"
agentless_gw_main_subnet_id = "subnet-xxxxxxxxxxxxxxx"
agentless_gw_dr_subnet_id = "subnet-xxxxxxxxxxxxxxx"
mx_subnet_id = "subnet-xxxxxxxxxxxxxxx"
agent_gw_subnet_id = "subnet-xxxxxxxxxxxxxxx"
dra_admin_subnet_id = "subnet-xxxxxxxxxxxxxxx"
dra_analytics_subnet_id = "subnet-xxxxxxxxxxxxxxx"`
Output:
�[0m�[1mmodule.dra_analytics[0].aws_instance.dsf_base_instance: Still creating... [10s elapsed]�[0m�[0m
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0] (remote-exec):�[0m �[0mConnecting to remote host via SSH...
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0] (remote-exec):�[0m �[0m Host: 10...136
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0] (remote-exec):�[0m �[0m User: ec2-user
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0] (remote-exec):�[0m �[0m Password: false
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0] (remote-exec):�[0m �[0m Private key: true
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0] (remote-exec):�[0m �[0m Certificate: false
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0] (remote-exec):�[0m �[0m SSH Agent: false
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0] (remote-exec):�[0m �[0m Checking Host Key: false
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0] (remote-exec):�[0m �[0m Target Platform: unix
�[0m�[1mmodule.dra_analytics[0].aws_instance.dsf_base_instance: Creation complete after 12s [id=i-09f15ea899ca22975]�[0m
�[0m�[1mmodule.dra_analytics[0].null_resource.readiness: Creating...�[0m�[0m
�[0m�[1mmodule.dra_analytics[0].null_resource.readiness: Provisioning with 'local-exec'...�[0m�[0m
�[0m�[1mmodule.dra_analytics[0].null_resource.readiness (local-exec):�[0m �[0mExecuting: ["/bin/bash" "-c" " while true; do\n response=$(curl -k -s -o /dev/null -w "%{http_code}" --request GET 'https://34...182:8443/mvc/login')\n if [ $response -eq 200 ]; then\n exit 0\n else\n sleep 60\n fi\n done"]
�[0m�[1mmodule.dra_admin[0].aws_instance.dsf_base_instance: Creation complete after 13s [id=i-0992274acca3bffb3]�[0m
�[0m�[1mmodule.dra_admin[0].null_resource.readiness: Creating...�[0m�[0m
�[0m�[1mmodule.dra_admin[0].aws_eip_association.eip_assoc[0]: Creating...�[0m�[0m
�[0m�[1mmodule.dra_admin[0].null_resource.readiness: Provisioning with 'local-exec'...�[0m�[0m
�[0m�[1mmodule.dra_admin[0].null_resource.readiness (local-exec):�[0m �[0mExecuting: ["/bin/bash" "-c" " while true; do\n response=$(curl -k -s -o /dev/null -w "%{http_code}" --request GET 'https://34...182:8443/mvc/login')\n if [ $response -eq 200 ]; then\n exit 0\n else\n sleep 60\n fi\n done"]
�[0m�[1mmodule.dra_admin[0].aws_eip_association.eip_assoc[0]: Creation complete after 1s [id=eipassoc-010f2d21b951d0b5f]�[0m
�[0m�[1mmodule.hub_main[0].module.hub_instance.aws_volume_attachment.ebs_att: Still creating... [20s elapsed]�[0m�[0m
�[0m�[1mmodule.hub_main[0].module.hub_instance.null_resource.readiness[0]: Still creating... [20s elapsed]�[0m�[0m
�[0m�[1mmodule.hub_main[0].module.hub_instance.aws_volume_attachment.ebs_att: Creation complete after 21s [id=vai-947258387]�[0m
FYI, after the terraform deployment was manually interrupted , it showed the following error:
Error: local-exec provisioner error
│
│ with module.dra_admin[0].null_resource.readiness,
│ on .terraform/modules/dra_admin/main.tf line 75, in resource "null_resource" "readiness":
│ 75: provisioner "local-exec" {
│
│ Error running command ' while true; do
│ response=$(curl -k -s -o /dev/null -w "%{http_code}" --request GET 'https://34.*.*.182:8443/mvc/login')
│ if [ $response -eq 200 ]; then
│ exit 0
│ else
│ sleep 60
│ fi
│ done': signal: interrupt. Output:
╵
╷
│ Error: local-exec provisioner error
│
│ with module.dra_analytics[0].null_resource.readiness,
│ on .terraform/modules/dra_analytics/main.tf line 69, in resource "null_resource" "readiness":
│ 69: provisioner "local-exec" {
│
│ Error running command ' while true; do
│ response=$(curl -k -s -o /dev/null -w "%{http_code}" --request GET 'https://34.*.*.182:8443/mvc/login')
│ if [ $response -eq 200 ]; then
│ exit 0
│ else
│ sleep 60
│ fi
│ done': signal: interrupt. Output:
╵
╷
│ Error: remote-exec provisioner error
│
│ with module.hub_main[0].module.hub_instance.null_resource.readiness[0],
│ on .terraform/modules/hub_main/_modules/aws/sonar-base-instance/userdata.tf line 58, in resource "null_resource" "readiness":
│ 58: provisioner "remote-exec" {
│
│ interrupted - last error: dial tcp 10...136:22: i/o timeout
Could you please take a look and advise what could cause the while loop to continue infinity ?
P.S. A few side questions.
Thank you!
Iliya
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.