This is an automated email from the ASF dual-hosted git repository.
kezhenxu94 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/skywalking-terraform.git
The following commit(s) were added to refs/heads/main by this push:
new 6233a1a Some improvements for Terraform scripts (#14)
6233a1a is described below
commit 6233a1a3b4e09256455de9427f48cecea611d3fd
Author: kezhenxu94 <[email protected]>
AuthorDate: Wed Aug 2 14:06:31 2023 +0800
Some improvements for Terraform scripts (#14)
- Add egress security group for the instances so that they can access the
internet, this is required to install packages (Java) and download SkyWalking
package.
- Remove the `ping` playbook, it's incomplete for now, and can be simply
replaced by `ansible -m ping all` in command line.
- Create an SSH key pair on AWS and save to local file, so that users don't
have to create the key pair beforehand.
- Find an AMI by specific filters to avoid hardcode the AMI ID, the
hardcoded AMI might be not available in other regions, for example, the current
hardcoded `ami-026ebd4cfe2c043b2` is not available in ap-southeast-1 region.
- Add doc for Ansible playbook.
- Replace `-` with `_` in group names, as hyphens are invalid character in
group name
---
.gitignore | 13 +--------
ansible/README.md | 41 ++++++++++++++++++++++++++++
ansible/playbooks/install-skywalking.yml | 4 +--
ansible/playbooks/ping.yml | 23 ----------------
ansible/roles/install-java/tasks/main.yml | 6 +++++
ansible/roles/skywalking/tasks/main.yml | 18 ++++++-------
ansible/roles/skywalking/vars/main.yml | 4 +--
aws/ec2.tf | 44 +++++++++++++++++++++++--------
aws/key-pair-main.tf | 33 +++++++++++++++++++++++
aws/key-pair-output.tf | 20 ++++++++++++++
aws/system-main.tf | 41 ++++++++++++++++++++++++++++
aws/variables.tf | 10 ++-----
12 files changed, 190 insertions(+), 67 deletions(-)
diff --git a/.gitignore b/.gitignore
index 74ae3e1..6745ea4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,3 @@
-/build/
-target/
.idea/
*.iml
.classpath
@@ -8,22 +6,13 @@ target/
.DS_Store
*~
packages/
-**/dependency-reduced-pom.xml
-**/dist/
/docker/snapshot/*.gz
-.mvn/wrapper/*.jar
-OALLexer.tokens
.factorypath
.vscode
.checkstyle
.externalToolBuilders
-oap-server/oal-grammar/**/gen/
aws/.terraform/
aws/.terraform.lock.hcl
aws/terraform.tfstate
aws/terraform.tfstate.backup
-ansible/inventory/hosts
-
-# This serves as a template but will ONLY be updated when building a source
release tar,
-# so we don't track future updates of this file.
-oap-server/server-starter/src/main/resources/version.properties
+ansible/inventory
diff --git a/ansible/README.md b/ansible/README.md
new file mode 100644
index 0000000..94e52f4
--- /dev/null
+++ b/ansible/README.md
@@ -0,0 +1,41 @@
+# Ansible playbook to install Apache SkyWalking
+
+- Save the ssh key file path to a variable for future use
+
+```shell
+SSH_KEY_FILE=$(terraform -chdir=../aws output -raw ssh-user-key-file)
+echo $SSH_KEY_FILE
+```
+
+You should see a file path similar to `/Users/kezhenxu94/.ssh/skywalking.pem`.
+
+- Test connectivity to the EC2 instances
+
+```shell
+ANSIBLE_HOST_KEY_CHECKING=False ansible -m ping all -u ec2-user --private-key
"$SSH_KEY_FILE"
+```
+
+You should see output similar to the following, note the `SUCCESS` status:
+
+```text
+<ip1> | SUCCESS => {
+ "ansible_facts": {
+ "discovered_interpreter_python": "/usr/bin/python3"
+ },
+ "changed": false,
+ "ping": "pong"
+}
+<ip2> | SUCCESS => {
+ "ansible_facts": {
+ "discovered_interpreter_python": "/usr/bin/python3"
+ },
+ "changed": false,
+ "ping": "pong"
+}
+```
+
+- Install Apache SkyWalking!
+
+```shell
+ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ec2-user --private-key
"$SSH_KEY_FILE" playbooks/install-skywalking.yml
+```
diff --git a/ansible/playbooks/install-skywalking.yml
b/ansible/playbooks/install-skywalking.yml
index 1cbff86..b24499a 100644
--- a/ansible/playbooks/install-skywalking.yml
+++ b/ansible/playbooks/install-skywalking.yml
@@ -21,14 +21,14 @@
- install-java
- name: Download and configure Apache SkyWalking APM OAP Service
- hosts: skywalking-oap
+ hosts: skywalking_oap
gather_facts: false
roles:
- skywalking
- name: Download and configure Apache SkyWalking APM UI Service
- hosts: skywalking-ui
+ hosts: skywalking_ui
gather_facts: false
roles:
diff --git a/ansible/playbooks/ping.yml b/ansible/playbooks/ping.yml
deleted file mode 100644
index beba91e..0000000
--- a/ansible/playbooks/ping.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-- name: Ping hosts
- hosts: skywalking_server
- gather_facts: false
-
- tasks:
- - name: Ping the hosts
- ping:
diff --git a/ansible/roles/install-java/tasks/main.yml
b/ansible/roles/install-java/tasks/main.yml
index 82a9166..c65e2d5 100644
--- a/ansible/roles/install-java/tasks/main.yml
+++ b/ansible/roles/install-java/tasks/main.yml
@@ -25,3 +25,9 @@
name: openjdk-11-jdk
state: present
when: ansible_distribution == 'Ubuntu'
+
+- name: Install Java 11 on Amazon distribution
+ package:
+ name: java-11-amazon-corretto
+ state: present
+ when: ansible_distribution == 'Amazon'
diff --git a/ansible/roles/skywalking/tasks/main.yml
b/ansible/roles/skywalking/tasks/main.yml
index b70cbc3..062b69a 100644
--- a/ansible/roles/skywalking/tasks/main.yml
+++ b/ansible/roles/skywalking/tasks/main.yml
@@ -45,9 +45,9 @@
- name: Check hostgroup size
set_fact:
- group_size: "{{ groups['skywalking-oap'] | length }}"
- oap_standalone: "{{ [groups['skywalking-oap'][0]] }}"
- oap_bundled: "{{ groups['skywalking-oap'][1:] if groups['skywalking-oap']
| length > 1 else [] }}"
+ group_size: "{{ groups['skywalking_oap'] | length }}"
+ oap_standalone: "{{ [groups['skywalking_oap'][0]] }}"
+ oap_bundled: "{{ groups['skywalking_oap'][1:] if groups['skywalking_oap']
| length > 1 else [] }}"
- name: Run the OAPSericeInit script
shell: /usr/local/skywalking/bin/oapServiceInit.sh
@@ -63,7 +63,7 @@
dest: /usr/lib/systemd/system/skywalking-oap.service
owner: root
mode: "0660"
- when: inventory_hostname in groups['skywalking-oap']
+ when: inventory_hostname in groups['skywalking_oap']
- name: Generate systemd unit file for webui service
template:
@@ -71,7 +71,7 @@
dest: /usr/lib/systemd/system/skywalking-ui.service
owner: root
mode: "0660"
- when: inventory_hostname in groups['skywalking-ui']
+ when: inventory_hostname in groups['skywalking_ui']
- name: Registration of OAP Server address within WebUI environment file
ansible.builtin.lineinfile:
@@ -88,22 +88,22 @@
systemd:
name: skywalking-oap
enabled: yes
- when: inventory_hostname in groups['skywalking-oap']
+ when: inventory_hostname in groups['skywalking_oap']
- name: Link and enable skywalking-ui service
systemd:
name: skywalking-ui
enabled: yes
- when: inventory_hostname in groups['skywalking-ui']
+ when: inventory_hostname in groups['skywalking_ui']
- name: Start SkyWalking-OAP service
systemd:
name: skywalking-oap
state: started
- when: inventory_hostname in groups['skywalking-oap']
+ when: inventory_hostname in groups['skywalking_oap']
- name: Start SkyWalking-UI service
systemd:
name: skywalking-ui
state: started
- when: inventory_hostname in groups['skywalking-ui']
+ when: inventory_hostname in groups['skywalking_ui']
diff --git a/ansible/roles/skywalking/vars/main.yml
b/ansible/roles/skywalking/vars/main.yml
index 9ecada0..6dc21a1 100644
--- a/ansible/roles/skywalking/vars/main.yml
+++ b/ansible/roles/skywalking/vars/main.yml
@@ -21,6 +21,6 @@ sw_zipkin_address: "9412"
sw_ui_env_vars:
SW_SERVER_PORT: "{{ sw_ui_server_port }}"
- SW_OAP_ADDRESS: "{% for host in groups['skywalking-oap'] %}http://{{
hostvars[host].ansible_host }}:{{ sw_oap_server_port }}{% if not loop.last
%},{% endif %}{% endfor %}}"
- SW_ZIPKIN_ADDEESS: "{% for host in groups['skywalking-oap'] %}http://{{
hostvars[host].ansible_host }}:{{ sw_zipkin_address }}{% if not loop.last %},{%
endif %}{% endfor %}}"
+ SW_OAP_ADDRESS: "{% for host in groups['skywalking_oap'] %}http://{{
hostvars[host].ansible_host }}:{{ sw_oap_server_port }}{% if not loop.last
%},{% endif %}{% endfor %}"
+ SW_ZIPKIN_ADDRESS: "{% for host in groups['skywalking_oap'] %}http://{{
hostvars[host].ansible_host }}:{{ sw_zipkin_address }}{% if not loop.last %},{%
endif %}{% endfor %}"
env_file: /usr/local/skywalking/webapp/sw_ui_env_file
diff --git a/aws/ec2.tf b/aws/ec2.tf
index dfd135c..934ec14 100644
--- a/aws/ec2.tf
+++ b/aws/ec2.tf
@@ -19,32 +19,38 @@ provider "aws" {
resource "aws_instance" "skywalking-oap" {
count = var.oap_instance_count
- ami = var.ami
+ ami = data.aws_ami.amazon-linux.id
instance_type = var.instance_type
tags = merge(
{
Name = "skywalking-oap"
- Description = "Installing and configuring Skywalking OAPService on AWS"
+ Description = "Installing and configuring SkyWalking OAPService on AWS"
},
var.extra_tags
)
key_name = aws_key_pair.ssh-user.id
- vpc_security_group_ids = [ aws_security_group.ssh-access.id ]
+ vpc_security_group_ids = [
+ aws_security_group.ssh-access.id,
+ aws_security_group.public-egress-access.id
+ ]
}
resource "aws_instance" "skywalking-ui" {
count = var.ui_instance_count
- ami = var.ami
+ ami = data.aws_ami.amazon-linux.id
instance_type = var.instance_type
tags = merge(
{
Name = "skywalking-ui"
- Description = "Installing and configuring Skywalking UI on AWS"
+ Description = "Installing and configuring SkyWalking UI on AWS"
},
var.extra_tags
)
key_name = aws_key_pair.ssh-user.id
- vpc_security_group_ids = [ aws_security_group.ssh-access.id ]
+ vpc_security_group_ids = [
+ aws_security_group.ssh-access.id,
+ aws_security_group.public-egress-access.id
+ ]
}
resource "aws_security_group" "ssh-access" {
@@ -66,27 +72,43 @@ resource "aws_security_group" "ssh-access" {
tags = var.extra_tags
}
-resource "aws_key_pair" "ssh-user" {
- public_key = file(var.public_key_path)
- tags = var.extra_tags
+resource "aws_security_group" "public-egress-access" {
+ name = "public-egress-access"
+ description = "Allow access to the Internet"
+ egress = [
+ {
+ from_port = 0
+ to_port = 0
+ protocol = -1
+ cidr_blocks = ["0.0.0.0/0"]
+ description = "Allow access to the Internet"
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ security_groups = []
+ self = false
+ }
+ ]
+ tags = var.extra_tags
}
resource "local_file" "oap_instance_ips" {
count = var.oap_instance_count
content = join("\n", flatten([
- ["[skywalking-oap]"],
+ ["[skywalking_oap]"],
aws_instance.skywalking-oap.*.public_ip,
[""] # Adds an empty string for the trailing newline
]))
filename = "${path.module}/../ansible/inventory/oap-server"
+ file_permission = "0600"
}
resource "local_file" "ui_instance_ips" {
count = var.ui_instance_count
content = join("\n", flatten([
- ["[skywalking-ui]"],
+ ["[skywalking_ui]"],
aws_instance.skywalking-ui.*.public_ip,
[""] # Adds an empty string for the trailing newline
]))
filename = "${path.module}/../ansible/inventory/ui-server"
+ file_permission = "0600"
}
diff --git a/aws/key-pair-main.tf b/aws/key-pair-main.tf
new file mode 100644
index 0000000..fc043db
--- /dev/null
+++ b/aws/key-pair-main.tf
@@ -0,0 +1,33 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+resource "tls_private_key" "ssh-user" {
+ algorithm = "RSA"
+ rsa_bits = 4096
+}
+
+resource "aws_key_pair" "ssh-user" {
+ key_name = "skywalking"
+ public_key = tls_private_key.ssh-user.public_key_openssh
+ tags = var.extra_tags
+}
+
+resource "local_file" "ssh-user" {
+ filename =
"${pathexpand(var.public_key_path)}/${aws_key_pair.ssh-user.key_name}.pem"
+ content = tls_private_key.ssh-user.private_key_pem
+ file_permission = "0600"
+}
diff --git a/aws/key-pair-output.tf b/aws/key-pair-output.tf
new file mode 100644
index 0000000..21ea191
--- /dev/null
+++ b/aws/key-pair-output.tf
@@ -0,0 +1,20 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+output "ssh-user-key-file" {
+ value = local_file.ssh-user.filename
+}
diff --git a/aws/system-main.tf b/aws/system-main.tf
new file mode 100644
index 0000000..aeb61dd
--- /dev/null
+++ b/aws/system-main.tf
@@ -0,0 +1,41 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+data "aws_ami" "amazon-linux" {
+ most_recent = true
+ owners = ["amazon"]
+
+ filter {
+ name = "virtualization-type"
+ values = ["hvm"]
+ }
+
+ filter {
+ name = "architecture"
+ values = ["x86_64"]
+ }
+
+ filter {
+ name = "root-device-type"
+ values = ["ebs"]
+ }
+
+ filter {
+ name = "name"
+ values = ["al2022-ami-*"]
+ }
+}
diff --git a/aws/variables.tf b/aws/variables.tf
index 1717eb4..93eca98 100644
--- a/aws/variables.tf
+++ b/aws/variables.tf
@@ -29,12 +29,6 @@ variable "region" {
default = "us-east-1"
}
-variable "ami" {
- type = string
- description = "Amazon Machine Image"
- default = "ami-026ebd4cfe2c043b2"
-}
-
variable "instance_type" {
type = string
description = "CPU, memory, storage and networking capacity"
@@ -43,8 +37,8 @@ variable "instance_type" {
variable "public_key_path" {
type = string
- description = "Path to the public key file"
- default = "~/.ssh/skywalking-terraform.pub"
+ description = "Path to store the key file for SSH access to the instances"
+ default = "~/.ssh"
}
variable "extra_tags" {
