This is an automated email from the ASF dual-hosted git repository.
kezhenxu94 pushed a commit to branch improvements
in repository https://gitbox.apache.org/repos/asf/skywalking-terraform.git
commit 9c5869244e87912a451139f4796263db9889f0a8
Author: kezhenxu94 <kezhenx...@apache.org>
AuthorDate: Mon Jul 31 21:02:24 2023 +0800
Some improvements for Terraform scripts
- Add egress security group for the instances so that they can access the
internet, this is required to install packages (Java) and download SkyWalking
package.
- Remove the `ping` playbook, it's incomplete for now, and can be simply
replaced by `ansible -m ping all` in command line.
- Create an SSH key pair on AWS and save to local file, so that users don't
have to create the key pair beforehand.
- Find an AMI by specific filters to avoid hardcode the AMI ID, the
hardcoded AMI might be not available in other regions, for example, the current
hardcoded `ami-026ebd4cfe2c043b2` is not available in ap-southeast-1 region.
- Add doc for Ansible playbook.
---
ansible/README.md | 41 +++++++++++++++++++++++++++++++
ansible/playbooks/ping.yml | 23 -----------------
ansible/roles/install-java/tasks/main.yml | 6 +++++
aws/ec2.tf | 38 +++++++++++++++++++++-------
aws/key-pair-main.tf | 33 +++++++++++++++++++++++++
aws/key-pair-output.tf | 20 +++++++++++++++
aws/system-main.tf | 41 +++++++++++++++++++++++++++++++
aws/variables.tf | 10 ++------
8 files changed, 172 insertions(+), 40 deletions(-)
diff --git a/ansible/README.md b/ansible/README.md
new file mode 100644
index 0000000..ea300a2
--- /dev/null
+++ b/ansible/README.md
@@ -0,0 +1,41 @@
+# Ansible playbook to install Apache SkyWalking
+
+- Save the ssh key file path to a variable for future use
+
+```shell
+SSH_KEY_FILE=$(terraform -chdir=../aws output -raw ssh-user-key-file)
+echo $SSH_KEY_FILE
+```
+
+You should see a file path similar to `/Users/kezhenxu94/.ssh/skywalking.pem`.
+
+- Test connectivity to the EC2 instances
+
+```shell
+ANSIBLE_HOST_KEY_CHECKING=False ansible -m ping all -u ec2-user --private-key
"$SSH_KEY_FILE"
+```
+
+You should see output similar to the following, note the `SUCCESS` status:
+
+```text
+<ip1> | SUCCESS => {
+ "ansible_facts": {
+ "discovered_interpreter_python": "/usr/bin/python3"
+ },
+ "changed": false,
+ "ping": "pong"
+}
+<ip2> | SUCCESS => {
+ "ansible_facts": {
+ "discovered_interpreter_python": "/usr/bin/python3"
+ },
+ "changed": false,
+ "ping": "pong"
+}
+```
+
+- Install Apache SkyWalking!
+
+```shell
+ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ec2-user --private-key
"$SSH_KEY_FILE"
+```
diff --git a/ansible/playbooks/ping.yml b/ansible/playbooks/ping.yml
deleted file mode 100644
index beba91e..0000000
--- a/ansible/playbooks/ping.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-- name: Ping hosts
- hosts: skywalking_server
- gather_facts: false
-
- tasks:
- - name: Ping the hosts
- ping:
diff --git a/ansible/roles/install-java/tasks/main.yml
b/ansible/roles/install-java/tasks/main.yml
index 82a9166..c65e2d5 100644
--- a/ansible/roles/install-java/tasks/main.yml
+++ b/ansible/roles/install-java/tasks/main.yml
@@ -25,3 +25,9 @@
name: openjdk-11-jdk
state: present
when: ansible_distribution == 'Ubuntu'
+
+- name: Install Java 11 on Amazon distribution
+ package:
+ name: java-11-amazon-corretto
+ state: present
+ when: ansible_distribution == 'Amazon'
diff --git a/aws/ec2.tf b/aws/ec2.tf
index dfd135c..51418f1 100644
--- a/aws/ec2.tf
+++ b/aws/ec2.tf
@@ -19,32 +19,38 @@ provider "aws" {
resource "aws_instance" "skywalking-oap" {
count = var.oap_instance_count
- ami = var.ami
+ ami = data.aws_ami.amazon-linux.id
instance_type = var.instance_type
tags = merge(
{
Name = "skywalking-oap"
- Description = "Installing and configuring Skywalking OAPService on AWS"
+ Description = "Installing and configuring SkyWalking OAPService on AWS"
},
var.extra_tags
)
key_name = aws_key_pair.ssh-user.id
- vpc_security_group_ids = [ aws_security_group.ssh-access.id ]
+ vpc_security_group_ids = [
+ aws_security_group.ssh-access.id,
+ aws_security_group.public-egress-access.id
+ ]
}
resource "aws_instance" "skywalking-ui" {
count = var.ui_instance_count
- ami = var.ami
+ ami = data.aws_ami.amazon-linux.id
instance_type = var.instance_type
tags = merge(
{
Name = "skywalking-ui"
- Description = "Installing and configuring Skywalking UI on AWS"
+ Description = "Installing and configuring SkyWalking UI on AWS"
},
var.extra_tags
)
key_name = aws_key_pair.ssh-user.id
- vpc_security_group_ids = [ aws_security_group.ssh-access.id ]
+ vpc_security_group_ids = [
+ aws_security_group.ssh-access.id,
+ aws_security_group.public-egress-access.id
+ ]
}
resource "aws_security_group" "ssh-access" {
@@ -66,9 +72,23 @@ resource "aws_security_group" "ssh-access" {
tags = var.extra_tags
}
-resource "aws_key_pair" "ssh-user" {
- public_key = file(var.public_key_path)
- tags = var.extra_tags
+resource "aws_security_group" "public-egress-access" {
+ name = "public-egress-access"
+ description = "Allow access to the Internet"
+ egress = [
+ {
+ from_port = 0
+ to_port = 0
+ protocol = -1
+ cidr_blocks = ["0.0.0.0/0"]
+ description = "Allow access to the Internet"
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ security_groups = []
+ self = false
+ }
+ ]
+ tags = var.extra_tags
}
resource "local_file" "oap_instance_ips" {
diff --git a/aws/key-pair-main.tf b/aws/key-pair-main.tf
new file mode 100644
index 0000000..4e2b235
--- /dev/null
+++ b/aws/key-pair-main.tf
@@ -0,0 +1,33 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+resource "tls_private_key" "ssh-user" {
+ algorithm = "RSA"
+ rsa_bits = 4096
+}
+
+resource "aws_key_pair" "ssh-user" {
+ key_name = "skywalking"
+ public_key = tls_private_key.ssh-user.public_key_openssh
+ tags = var.extra_tags
+}
+
+resource "local_file" "ssh-user" {
+ filename =
"${pathexpand(var.public_key_path)}/${aws_key_pair.ssh-user.key_name}.pem"
+ content = tls_private_key.ssh-user.private_key_pem
+ file_permission = "0700"
+}
diff --git a/aws/key-pair-output.tf b/aws/key-pair-output.tf
new file mode 100644
index 0000000..21ea191
--- /dev/null
+++ b/aws/key-pair-output.tf
@@ -0,0 +1,20 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+output "ssh-user-key-file" {
+ value = local_file.ssh-user.filename
+}
diff --git a/aws/system-main.tf b/aws/system-main.tf
new file mode 100644
index 0000000..aeb61dd
--- /dev/null
+++ b/aws/system-main.tf
@@ -0,0 +1,41 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+data "aws_ami" "amazon-linux" {
+ most_recent = true
+ owners = ["amazon"]
+
+ filter {
+ name = "virtualization-type"
+ values = ["hvm"]
+ }
+
+ filter {
+ name = "architecture"
+ values = ["x86_64"]
+ }
+
+ filter {
+ name = "root-device-type"
+ values = ["ebs"]
+ }
+
+ filter {
+ name = "name"
+ values = ["al2022-ami-*"]
+ }
+}
diff --git a/aws/variables.tf b/aws/variables.tf
index 1717eb4..93eca98 100644
--- a/aws/variables.tf
+++ b/aws/variables.tf
@@ -29,12 +29,6 @@ variable "region" {
default = "us-east-1"
}
-variable "ami" {
- type = string
- description = "Amazon Machine Image"
- default = "ami-026ebd4cfe2c043b2"
-}
-
variable "instance_type" {
type = string
description = "CPU, memory, storage and networking capacity"
@@ -43,8 +37,8 @@ variable "instance_type" {
variable "public_key_path" {
type = string
- description = "Path to the public key file"
- default = "~/.ssh/skywalking-terraform.pub"
+ description = "Path to store the key file for SSH access to the instances"
+ default = "~/.ssh"
}
variable "extra_tags" {
