This is an automated email from the ASF dual-hosted git repository. kezhenxu94 pushed a commit to branch improvements in repository https://gitbox.apache.org/repos/asf/skywalking-terraform.git
commit 9c5869244e87912a451139f4796263db9889f0a8 Author: kezhenxu94 <kezhenx...@apache.org> AuthorDate: Mon Jul 31 21:02:24 2023 +0800 Some improvements for Terraform scripts - Add egress security group for the instances so that they can access the internet, this is required to install packages (Java) and download SkyWalking package. - Remove the `ping` playbook, it's incomplete for now, and can be simply replaced by `ansible -m ping all` in command line. - Create an SSH key pair on AWS and save to local file, so that users don't have to create the key pair beforehand. - Find an AMI by specific filters to avoid hardcode the AMI ID, the hardcoded AMI might be not available in other regions, for example, the current hardcoded `ami-026ebd4cfe2c043b2` is not available in ap-southeast-1 region. - Add doc for Ansible playbook. --- ansible/README.md | 41 +++++++++++++++++++++++++++++++ ansible/playbooks/ping.yml | 23 ----------------- ansible/roles/install-java/tasks/main.yml | 6 +++++ aws/ec2.tf | 38 +++++++++++++++++++++------- aws/key-pair-main.tf | 33 +++++++++++++++++++++++++ aws/key-pair-output.tf | 20 +++++++++++++++ aws/system-main.tf | 41 +++++++++++++++++++++++++++++++ aws/variables.tf | 10 ++------ 8 files changed, 172 insertions(+), 40 deletions(-) diff --git a/ansible/README.md b/ansible/README.md new file mode 100644 index 0000000..ea300a2 --- /dev/null +++ b/ansible/README.md @@ -0,0 +1,41 @@ +# Ansible playbook to install Apache SkyWalking + +- Save the ssh key file path to a variable for future use + +```shell +SSH_KEY_FILE=$(terraform -chdir=../aws output -raw ssh-user-key-file) +echo $SSH_KEY_FILE +``` + +You should see a file path similar to `/Users/kezhenxu94/.ssh/skywalking.pem`. + +- Test connectivity to the EC2 instances + +```shell +ANSIBLE_HOST_KEY_CHECKING=False ansible -m ping all -u ec2-user --private-key "$SSH_KEY_FILE" +``` + +You should see output similar to the following, note the `SUCCESS` status: + +```text +<ip1> | SUCCESS => { + "ansible_facts": { + "discovered_interpreter_python": "/usr/bin/python3" + }, + "changed": false, + "ping": "pong" +} +<ip2> | SUCCESS => { + "ansible_facts": { + "discovered_interpreter_python": "/usr/bin/python3" + }, + "changed": false, + "ping": "pong" +} +``` + +- Install Apache SkyWalking! + +```shell +ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ec2-user --private-key "$SSH_KEY_FILE" +``` diff --git a/ansible/playbooks/ping.yml b/ansible/playbooks/ping.yml deleted file mode 100644 index beba91e..0000000 --- a/ansible/playbooks/ping.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- name: Ping hosts - hosts: skywalking_server - gather_facts: false - - tasks: - - name: Ping the hosts - ping: diff --git a/ansible/roles/install-java/tasks/main.yml b/ansible/roles/install-java/tasks/main.yml index 82a9166..c65e2d5 100644 --- a/ansible/roles/install-java/tasks/main.yml +++ b/ansible/roles/install-java/tasks/main.yml @@ -25,3 +25,9 @@ name: openjdk-11-jdk state: present when: ansible_distribution == 'Ubuntu' + +- name: Install Java 11 on Amazon distribution + package: + name: java-11-amazon-corretto + state: present + when: ansible_distribution == 'Amazon' diff --git a/aws/ec2.tf b/aws/ec2.tf index dfd135c..51418f1 100644 --- a/aws/ec2.tf +++ b/aws/ec2.tf @@ -19,32 +19,38 @@ provider "aws" { resource "aws_instance" "skywalking-oap" { count = var.oap_instance_count - ami = var.ami + ami = data.aws_ami.amazon-linux.id instance_type = var.instance_type tags = merge( { Name = "skywalking-oap" - Description = "Installing and configuring Skywalking OAPService on AWS" + Description = "Installing and configuring SkyWalking OAPService on AWS" }, var.extra_tags ) key_name = aws_key_pair.ssh-user.id - vpc_security_group_ids = [ aws_security_group.ssh-access.id ] + vpc_security_group_ids = [ + aws_security_group.ssh-access.id, + aws_security_group.public-egress-access.id + ] } resource "aws_instance" "skywalking-ui" { count = var.ui_instance_count - ami = var.ami + ami = data.aws_ami.amazon-linux.id instance_type = var.instance_type tags = merge( { Name = "skywalking-ui" - Description = "Installing and configuring Skywalking UI on AWS" + Description = "Installing and configuring SkyWalking UI on AWS" }, var.extra_tags ) key_name = aws_key_pair.ssh-user.id - vpc_security_group_ids = [ aws_security_group.ssh-access.id ] + vpc_security_group_ids = [ + aws_security_group.ssh-access.id, + aws_security_group.public-egress-access.id + ] } resource "aws_security_group" "ssh-access" { @@ -66,9 +72,23 @@ resource "aws_security_group" "ssh-access" { tags = var.extra_tags } -resource "aws_key_pair" "ssh-user" { - public_key = file(var.public_key_path) - tags = var.extra_tags +resource "aws_security_group" "public-egress-access" { + name = "public-egress-access" + description = "Allow access to the Internet" + egress = [ + { + from_port = 0 + to_port = 0 + protocol = -1 + cidr_blocks = ["0.0.0.0/0"] + description = "Allow access to the Internet" + ipv6_cidr_blocks = [] + prefix_list_ids = [] + security_groups = [] + self = false + } + ] + tags = var.extra_tags } resource "local_file" "oap_instance_ips" { diff --git a/aws/key-pair-main.tf b/aws/key-pair-main.tf new file mode 100644 index 0000000..4e2b235 --- /dev/null +++ b/aws/key-pair-main.tf @@ -0,0 +1,33 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +resource "tls_private_key" "ssh-user" { + algorithm = "RSA" + rsa_bits = 4096 +} + +resource "aws_key_pair" "ssh-user" { + key_name = "skywalking" + public_key = tls_private_key.ssh-user.public_key_openssh + tags = var.extra_tags +} + +resource "local_file" "ssh-user" { + filename = "${pathexpand(var.public_key_path)}/${aws_key_pair.ssh-user.key_name}.pem" + content = tls_private_key.ssh-user.private_key_pem + file_permission = "0700" +} diff --git a/aws/key-pair-output.tf b/aws/key-pair-output.tf new file mode 100644 index 0000000..21ea191 --- /dev/null +++ b/aws/key-pair-output.tf @@ -0,0 +1,20 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +output "ssh-user-key-file" { + value = local_file.ssh-user.filename +} diff --git a/aws/system-main.tf b/aws/system-main.tf new file mode 100644 index 0000000..aeb61dd --- /dev/null +++ b/aws/system-main.tf @@ -0,0 +1,41 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +data "aws_ami" "amazon-linux" { + most_recent = true + owners = ["amazon"] + + filter { + name = "virtualization-type" + values = ["hvm"] + } + + filter { + name = "architecture" + values = ["x86_64"] + } + + filter { + name = "root-device-type" + values = ["ebs"] + } + + filter { + name = "name" + values = ["al2022-ami-*"] + } +} diff --git a/aws/variables.tf b/aws/variables.tf index 1717eb4..93eca98 100644 --- a/aws/variables.tf +++ b/aws/variables.tf @@ -29,12 +29,6 @@ variable "region" { default = "us-east-1" } -variable "ami" { - type = string - description = "Amazon Machine Image" - default = "ami-026ebd4cfe2c043b2" -} - variable "instance_type" { type = string description = "CPU, memory, storage and networking capacity" @@ -43,8 +37,8 @@ variable "instance_type" { variable "public_key_path" { type = string - description = "Path to the public key file" - default = "~/.ssh/skywalking-terraform.pub" + description = "Path to store the key file for SSH access to the instances" + default = "~/.ssh" } variable "extra_tags" {