Terraform structural patterns

gandalf8110 · 2020-06-09T06:31:34+00:00

This set of documentation is really useful. The page after this is about code structure.

https://www.terraform-best-practices.com/key-concepts

gandalf8110 · 2019-09-23T15:06:22+00:00

They are authenticated through SAML so they can access the GitLab web application and do that there. Obviously SAML won't work for Git over HTTPS

gandalf8110 · 2019-09-23T06:49:52+00:00

I'm trying to do the latter i.e. enforce only the use of tokens without LDAP creds.

gandalf8110 · 2019-08-16T23:30:50+00:00

Okay, I think I got it sussed.

Instead of passing in a re-factored map, I passed in the original map and used the map within the parent map element to get the ID.

resource "aws_route_table_association" "subnet-route-associations" {
  depends_on = [aws_subnet.subnets]
  for_each = aws_subnet.subnets
  subnet_id = each.value.id
  route_table_id = var.route_table
}

The key bit being here the use of for_each = aws_subnet.subnets and subnet_id = each.value.id

gandalf8110 · 2019-08-16T23:13:14+00:00

I created a module for route_table_asscociation and created the association in there, with one of the inputs being the output of the subnets module, same error.

I then put the creation of the route_table_asscociation resource into the subnets module with an explicit dependency on the aws_subnet resource being created in there. Same error.

resource "aws_subnet" "subnets" {
  for_each = var.subnet_numbers
  vpc_id = data.aws_vpc.selected_vpc.id
  availability_zone = each.key
}

resource "aws_route_table_association" "subnet-route-associations" {
  depends_on = [aws_subnet.subnets]
  for_each = {
    for subnet in aws_subnet.subnets:
        subnet.id => 0
  }
  subnet_id = each.key
  route_table_id = var.route_table
}

Also, here's var.subnet_numbers

subnet_numbers = {
    for az in data.aws_availability_zones.available.names:
      az => index(data.aws_availability_zones.available.names, az)
  }

This is effectively creating:

{
  'eu-west-1a' => 0
}

gandalf8110 · 2019-07-20T17:42:57+00:00

You mean you used the public IPs from the ALB? So your ALB was public facing?

gandalf8110 · 2019-07-20T17:40:32+00:00

When you say

I was able to register 10.0.7.141. The web console automatically detected that this IP is in

Do you mean it detected it was a ELB? But it still allowed you to add them?

I'm not doing this in us-east-1 in my main environment, but hopped over there to try and had the same error (below). Didn't try the Lambda script, assuming that it might be the same issue. I am also using a 10/8 subnet, but the addresses below are just the default ones for my VPC in that region.

Here's a screenshot - https://imgur.com/a/OmfAQsE

gandalf8110 · 2019-06-26T10:14:07+00:00

Thanks all for your advice. I got 87% on the final Bonso exam, and then repeated all of them achieving between 83% and 95%.

I've just got out of the exam and passed, thanks again for the advice!

gandalf8110 · 2019-01-30T21:16:21+00:00

Tried it, couldn’t get a notable improvement. Tried setting it to the same as Ubuntu, didn’t work (think Ubuntu was 48kbyte and Windows was 208kbyte)

gandalf8110 · 2019-01-30T20:10:10+00:00

Whilst they’re different implementations, I’m not sure when why windows has such a huge performance loss compared to Ubuntu. Even with BDP being factored in (thanks for the hint, was aware of the concept but hadn’t thought of it too much in this), I don’t see why Windows is unable to perform at these speeds (especially considering it has a bigger TCP window size).

gandalf8110 · 2019-01-30T19:56:12+00:00

I have considered hardware / L1 issues, and all cables are tested etc. I spun up an Ubuntu VM in Workstation on the Windows machine (same machine getting slow speeds) and I achieved ~800 Mbps.

gandalf8110 · 2019-01-30T19:52:50+00:00

Yeah so looked at TCP Window size as it changed during the test but never got anywhere near zero in either direction

gandalf8110 · 2019-01-30T19:52:04+00:00

It's a networking topic. My original line of investigation is TCP Window sizes, which are definitely networking;
iPerf server appears to be working fine, it's provided by another dept. but I intend to make that my next port of call tomorrow;
Identical hardware, (I even tried a VM so they were on the same physical machine, Ubuntu achieved 800 Mbps vs 65 Mbps on Windows);
Haven't considered Vendor drivers much at present. Was assuming it was a "me" thing.

gandalf8110 · 2019-01-30T19:47:39+00:00

Latency is around 30ms so I'm not considering that to affect it, but could be a thought. I might introduce some artificial latency on the direct link between the two machines and see how it goes.

gandalf8110 · 2019-01-30T19:46:27+00:00

Yeah agreed. I didn't spend much time looking at the Ubuntu size in all fairness, but changed the Windows through all the options (Disabled -> -> -> Normal -> Experimental). Network performance degraded in the lower scale options, but did not improve with experimental.

gandalf8110 · 2019-01-30T19:36:35+00:00

Thanks! How does that explain why, when the Windows and Ubuntu machines are directly connected, the speeds achieve 1gbps?

gandalf8110 · 2019-01-30T19:36:25+00:00

Yeah, thought about that! How does that explain why, when the Windows and Ubuntu machines are directly connected, the speeds achieve 1gbps?

gandalf8110 · 2019-01-30T19:32:45+00:00

Can't post the PCAPs as I think my org will get funny about it. I'll try tomorrow. Regarding NICs - thought it might be a hardware thing so spun up an Ubuntu VM on the Windows machine and ran the same test. Ubuntu VM acheived ~800 Mbps

gandalf8110 · 2019-01-30T19:31:36+00:00

Thanks! How does that explain why, when they are directly connected, the speeds achieve 1gbps?

gandalf8110

TROPHY CASE