This is an automated email from the ASF dual-hosted git repository. kezhenxu94 pushed a commit to branch enhancement in repository https://gitbox.apache.org/repos/asf/skywalking-terraform.git
commit f25fbb19f6304416a07b0b0e6ab4f59f51c588d6 Author: kezhenxu94 <[email protected]> AuthorDate: Wed Aug 30 14:26:52 2023 +0800 More enhancements to Terraform script and Ansible playbook - Polish the environment variables in Ansible playbook. - Use Terraform template to render the Ansible inventory. - Fine tune the security groups. - Reorganize the Terraform scripts for different components. - Add more Terraform output informations. --- .gitignore | 2 + README.md | 29 +++++ ansible/inventory/template/skywalking.yaml.tftpl | 18 +++ ansible/local.var.yaml | 2 + ansible/roles/skywalking/tasks/main.yml | 47 ++++---- .../skywalking/templates/skywalking-oap.env.j2 | 4 + .../skywalking/templates/skywalking-ui.env.j2 | 7 ++ .../skywalking/templates/skywalking-ui.service.j2 | 2 +- ansible/roles/skywalking/vars/main.yml | 20 ++-- aws/ec2-main.tf | 67 +++++++++++ aws/ec2.tf | 130 --------------------- aws/skywalking-oap-main.tf | 54 +++++++++ aws/skywalking-oap-output.tf | 21 ++++ aws/skywalking-ui-main.tf | 53 +++++++++ aws/skywalking-ui-output.tf | 20 ++++ aws/variables.tf | 1 + 16 files changed, 316 insertions(+), 161 deletions(-) diff --git a/.gitignore b/.gitignore index 6745ea4..ea6ebe3 100644 --- a/.gitignore +++ b/.gitignore @@ -15,4 +15,6 @@ aws/.terraform/ aws/.terraform.lock.hcl aws/terraform.tfstate aws/terraform.tfstate.backup +ansible/local.var.yaml ansible/inventory +!ansible/inventory/template diff --git a/README.md b/README.md index 5c84e6c..9e0d319 100644 --- a/README.md +++ b/README.md @@ -167,3 +167,32 @@ After confirming connectivity, proceed to install Apache SkyWalking using the An ``` ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ec2-user --private-key "$SSH_KEY_FILE" playbooks/install-skywalking.yml ``` + +### 4. Configurations + +The Ansible playbook can be customized to install Apache SkyWalking with +different configurations. The following variables can be modified to suit your +needs: + +> For full configurations, refer to the +> [ansible/roles/skywalking/vars/main.yml](ansible/roles/skywalking/vars/main.yml). +> file. + +```yaml +# `skywalking_tarball` can be a remote URL or a local path, if it's a remote URL +# the remote file will be downloaded to the remote host and then extracted, +# if it's a local path, the local file will be copied to the remote host and +# then extracted. +skywalking_tarball: "https://dist.apache.org/repos/dist/release/skywalking/9.5.0/apache-skywalking-apm-9.5.0.tar.gz"; + +# `skywalking_ui_environment` is a dictionary of environment variables that will +# be sourced when running the skywalking-ui service. All environment variables +# that are supported by SkyWalking webapp can be set here. +skywalking_ui_environment: {} + +# `skywalking_oap_environment` is a dictionary of environment variables that will +# be sourced when running the skywalking-oap service. All environment variables +# that are supported by SkyWalking OAP can be set here. +skywalking_oap_environment: {} + +``` diff --git a/ansible/inventory/template/skywalking.yaml.tftpl b/ansible/inventory/template/skywalking.yaml.tftpl new file mode 100644 index 0000000..b4e2276 --- /dev/null +++ b/ansible/inventory/template/skywalking.yaml.tftpl @@ -0,0 +1,18 @@ +skywalking: + children: + skywalking_oap: + skywalking_ui: + +skywalking_oap: + hosts: +%{ for oap in oap_instances ~} + ${oap.public_ip}: + private_ip: ${oap.private_ip} +%{ endfor ~} + +skywalking_ui: + hosts: +%{ for ui in ui_instances ~} + ${ui.public_ip}: + private_ip: ${ui.private_ip} +%{ endfor ~} diff --git a/ansible/local.var.yaml b/ansible/local.var.yaml new file mode 100644 index 0000000..6e140a3 --- /dev/null +++ b/ansible/local.var.yaml @@ -0,0 +1,2 @@ +skywalking_tarball: /Users/kezhenxu94/workspace/skywalking/apm-dist/target/apache-skywalking-apm-bin.tar.gz + diff --git a/ansible/roles/skywalking/tasks/main.yml b/ansible/roles/skywalking/tasks/main.yml index 5b9a0a3..b8c593b 100644 --- a/ansible/roles/skywalking/tasks/main.yml +++ b/ansible/roles/skywalking/tasks/main.yml @@ -23,14 +23,13 @@ group: skywalking mode: "0755" -- name: Download Apache SkyWalking tarball +- name: Download remote Apache SkyWalking tarball when: skywalking_tarball is match('^https?://.*') get_url: url: "{{ skywalking_tarball }}" - timeout: 120 dest: /usr/local/skywalking/apache-skywalking-apm.tar.gz -- name: Upload Local Apache SkyWalking tarball +- name: Upload local Apache SkyWalking tarball when: skywalking_tarball is not match('^https?://.*') ansible.builtin.copy: src: "{{ skywalking_tarball }}" @@ -39,26 +38,39 @@ group: skywalking mode: '0755' -- name: Extract tar file +- name: Extract tarball unarchive: src: /usr/local/skywalking/apache-skywalking-apm.tar.gz - dest: "/usr/local/skywalking" + dest: /usr/local/skywalking remote_src: yes + owner: skywalking + group: skywalking extra_opts: [--strip-components=1] +- name: Generate environment file for webui service + template: + src: skywalking-ui.env.j2 + dest: /home/skywalking/webapp.env + owner: skywalking + mode: "0660" + when: inventory_hostname in groups['skywalking_ui'] + +- name: Generate environment file for OAP service + template: + src: skywalking-oap.env.j2 + dest: /home/skywalking/oap.env + owner: skywalking + mode: "0660" + when: inventory_hostname in groups['skywalking_oap'] + - name: Check hostgroup size set_fact: group_size: "{{ groups['skywalking_oap'] | length }}" - oap_standalone: "{{ [groups['skywalking_oap'][0]] }}" - oap_bundled: "{{ groups['skywalking_oap'][1:] if groups['skywalking_oap'] | length > 1 else [] }}" + oap_init_node: "{{ [groups['skywalking_oap'][0]] }}" - name: Run the OAPSericeInit script - shell: "sudo -u skywalking /usr/local/skywalking/bin/oapServiceInit.sh" - when: inventory_hostname in oap_standalone - -- name: Run the OAPSericeNoInit script - shell: "sudo -u skywalking /usr/local/skywalking/bin/oapServiceNoInit.sh" - when: inventory_hostname in oap_bundled + command: "sudo -u skywalking /usr/local/skywalking/bin/oapServiceInit.sh" + when: inventory_hostname in oap_init_node - name: Generate systemd unit file for oap service template: @@ -76,14 +88,6 @@ mode: "0660" when: inventory_hostname in groups['skywalking_ui'] -- name: Registration of OAP Server address within WebUI environment file - ansible.builtin.lineinfile: - path: "{{ env_file }}" - line: "{{ item.key }}={{ item.value }}" - create: yes - loop: "{{ sw_ui_env_vars | dict2items }}" - when: inventory_hostname in groups['skywalking_ui'] - - name: Reload systemd systemd: daemon_reload: yes @@ -111,3 +115,4 @@ name: skywalking-ui state: started when: inventory_hostname in groups['skywalking_ui'] + diff --git a/ansible/roles/skywalking/templates/skywalking-oap.env.j2 b/ansible/roles/skywalking/templates/skywalking-oap.env.j2 new file mode 100644 index 0000000..13cd31c --- /dev/null +++ b/ansible/roles/skywalking/templates/skywalking-oap.env.j2 @@ -0,0 +1,4 @@ +{% for key, value in skywalking_oap_environment.items() %} +{{ key }}="{{ value }}" +{% endfor %} + diff --git a/ansible/roles/skywalking/templates/skywalking-ui.env.j2 b/ansible/roles/skywalking/templates/skywalking-ui.env.j2 new file mode 100644 index 0000000..92f2987 --- /dev/null +++ b/ansible/roles/skywalking/templates/skywalking-ui.env.j2 @@ -0,0 +1,7 @@ +{% for key, value in skywalking_ui_environment.items() %} +{{ key }}="{{ value }}" +{% endfor %} + +SW_OAP_ADDRESS="{% for host in groups['skywalking_oap'] %}http://{{ hostvars[host].private_ip }}:{{ skywalking_ui_environment['SW_CORE_GRPC_PORT'] | default ('12800') }}{% if not loop.last %},{% endif %}{% endfor %}" +SW_ZIPKIN_ADDRESS="{% for host in groups['skywalking_oap'] %}http://{{ hostvars[host].private_ip }}:{{ skywalking_ui_environment['SW_QUERY_ZIPKIN_REST_PORT'] | default ('9412') }}{% if not loop.last %},{% endif %}{% endfor %}" + diff --git a/ansible/roles/skywalking/templates/skywalking-ui.service.j2 b/ansible/roles/skywalking/templates/skywalking-ui.service.j2 index c087c7a..ed36c73 100644 --- a/ansible/roles/skywalking/templates/skywalking-ui.service.j2 +++ b/ansible/roles/skywalking/templates/skywalking-ui.service.j2 @@ -19,7 +19,7 @@ After=network.target [Service] Type=simple -EnvironmentFile=/usr/local/skywalking/webapp/sw_ui_env_file +EnvironmentFile=/home/skywalking/webapp.env User=skywalking Group=skywalking ExecStart=/usr/local/skywalking/bin/webappService.sh diff --git a/ansible/roles/skywalking/vars/main.yml b/ansible/roles/skywalking/vars/main.yml index 9bb5661..198aa7e 100644 --- a/ansible/roles/skywalking/vars/main.yml +++ b/ansible/roles/skywalking/vars/main.yml @@ -14,17 +14,19 @@ # limitations under the License. --- -# skywalking_tarball can be a remote URL or a local path, if it's a remote URL +# `skywalking_tarball` can be a remote URL or a local path, if it's a remote URL # the remote file will be downloaded to the remote host and then extracted, # if it's a local path, the local file will be copied to the remote host and # then extracted. skywalking_tarball: "https://dist.apache.org/repos/dist/release/skywalking/9.5.0/apache-skywalking-apm-9.5.0.tar.gz"; -sw_ui_server_port: "8080" -sw_oap_server_port: "12800" -sw_zipkin_address: "9412" -sw_ui_env_vars: - SW_SERVER_PORT: "{{ sw_ui_server_port }}" - SW_OAP_ADDRESS: "{% for host in groups['skywalking_oap'] %}http://{{ hostvars[host].inventory_hostname }}:{{ sw_oap_server_port }}{% if not loop.last %},{% endif %}{% endfor %}" - SW_ZIPKIN_ADDRESS: "{% for host in groups['skywalking_oap'] %}http://{{ hostvars[host].inventory_hostname }}:{{ sw_zipkin_address }}{% if not loop.last %},{% endif %}{% endfor %}" -env_file: /usr/local/skywalking/webapp/sw_ui_env_file +# `skywalking_ui_environment` is a dictionary of environment variables that will +# be sourced when running the skywalking-ui service. All environment variables +# that are supported by SkyWalking webapp can be set here. +skywalking_ui_environment: {} + +# `skywalking_oap_environment` is a dictionary of environment variables that will +# be sourced when running the skywalking-oap service. All environment variables +# that are supported by SkyWalking OAP can be set here. +skywalking_oap_environment: {} + diff --git a/aws/ec2-main.tf b/aws/ec2-main.tf new file mode 100644 index 0000000..1f2ea25 --- /dev/null +++ b/aws/ec2-main.tf @@ -0,0 +1,67 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +provider "aws" { + region = var.region + access_key = var.access_key + secret_key = var.secret_key +} + +resource "aws_security_group" "ssh-access" { + name = "ssh-access" + description = "Allow SSH access from the Internet" + ingress = [ + { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + description = "Allow SSH access from the Internet" + ipv6_cidr_blocks = [] + prefix_list_ids = [] + security_groups = [] + self = false + } + ] + tags = var.extra_tags +} + +resource "aws_security_group" "public-egress-access" { + name = "public-egress-access" + description = "Allow access to the Internet" + egress = [ + { + from_port = 0 + to_port = 0 + protocol = -1 + cidr_blocks = ["0.0.0.0/0"] + description = "Allow access to the Internet" + ipv6_cidr_blocks = [] + prefix_list_ids = [] + security_groups = [] + self = false + } + ] + tags = var.extra_tags +} + +resource "local_file" "inventories" { + filename = "${path.module}/../ansible/inventory/skywalking.yaml" + file_permission = "0600" + content = templatefile("${path.module}/../ansible/inventory/template/skywalking.yaml.tftpl", { + oap_instances = aws_instance.skywalking-oap + ui_instances = aws_instance.skywalking-ui + }) +} diff --git a/aws/ec2.tf b/aws/ec2.tf deleted file mode 100644 index eb23151..0000000 --- a/aws/ec2.tf +++ /dev/null @@ -1,130 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -provider "aws" { - region = var.region - access_key = var.access_key - secret_key = var.secret_key -} - -resource "aws_instance" "skywalking-oap" { - count = var.oap_instance_count - ami = data.aws_ami.amazon-linux.id - instance_type = var.instance_type - tags = merge( - { - Name = "skywalking-oap" - Description = "Installing and configuring SkyWalking OAPService on AWS" - }, - var.extra_tags - ) - key_name = aws_key_pair.ssh-user.id - vpc_security_group_ids = [ - aws_security_group.ssh-access.id, - aws_security_group.public-egress-access.id, - aws_security_group.ui-to-oap-communication.id - ] -} - -resource "aws_instance" "skywalking-ui" { - count = var.ui_instance_count - ami = data.aws_ami.amazon-linux.id - instance_type = var.instance_type - tags = merge( - { - Name = "skywalking-ui" - Description = "Installing and configuring SkyWalking UI on AWS" - }, - var.extra_tags - ) - key_name = aws_key_pair.ssh-user.id - vpc_security_group_ids = [ - aws_security_group.ssh-access.id, - aws_security_group.public-egress-access.id - ] -} - -resource "aws_security_group" "ssh-access" { - name = "ssh-access" - description = "Allow SSH access from the Internet" - ingress = [ - { - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - description = "SSH access rule" - ipv6_cidr_blocks = [] - prefix_list_ids = [] - security_groups = [] - self = false - } - ] - tags = var.extra_tags -} - -resource "aws_security_group" "public-egress-access" { - name = "public-egress-access" - description = "Allow access to the Internet" - egress = [ - { - from_port = 0 - to_port = 0 - protocol = -1 - cidr_blocks = ["0.0.0.0/0"] - description = "Allow access to the Internet" - ipv6_cidr_blocks = [] - prefix_list_ids = [] - security_groups = [] - self = false - } - ] - tags = var.extra_tags -} - -resource "aws_security_group" "ui-to-oap-communication" { - name = "ui-to-oap-communication" - description = "Allow communication from SkyWalking UI to SkyWalking OAP" - ingress { - from_port = 0 - to_port = 12800 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - security_groups = [aws_security_group.public-egress-access.id] - } - tags = var.extra_tags -} - -resource "local_file" "oap_instance_ips" { - count = var.oap_instance_count - content = join("\n", flatten([ - ["[skywalking_oap]"], - aws_instance.skywalking-oap.*.public_ip, - [""] # Adds an empty string for the trailing newline - ])) - filename = "${path.module}/../ansible/inventory/oap-server" - file_permission = "0600" -} - -resource "local_file" "ui_instance_ips" { - count = var.ui_instance_count - content = join("\n", flatten([ - ["[skywalking_ui]"], - aws_instance.skywalking-ui.*.public_ip, - [""] # Adds an empty string for the trailing newline - ])) - filename = "${path.module}/../ansible/inventory/ui-server" - file_permission = "0600" -} diff --git a/aws/skywalking-oap-main.tf b/aws/skywalking-oap-main.tf new file mode 100644 index 0000000..17c1b3a --- /dev/null +++ b/aws/skywalking-oap-main.tf @@ -0,0 +1,54 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "aws_instance" "skywalking-oap" { + count = var.oap_instance_count + ami = data.aws_ami.amazon-linux.id + instance_type = var.instance_type + key_name = aws_key_pair.ssh-user.id + vpc_security_group_ids = [ + aws_security_group.skywalking-oap.id, + aws_security_group.ssh-access.id, + aws_security_group.public-egress-access.id + ] + tags = merge( + { + Name = "skywalking-oap" + Description = "Installing and configuring SkyWalking OAP on AWS" + }, + var.extra_tags + ) +} + +resource "aws_security_group" "skywalking-oap" { + name = "skywalking-oap" + description = "Security group for SkyWalking OAP" + ingress { + from_port = 12800 + to_port = 12800 + protocol = "tcp" + security_groups = [aws_security_group.skywalking-ui.id] + description = "Allow incoming HTTP connections from SkyWalking UI" + } + ingress { + from_port = 9412 + to_port = 9412 + protocol = "tcp" + security_groups = [aws_security_group.skywalking-ui.id] + description = "Allow incoming HTTP connections from SkyWalking UI" + } + tags = var.extra_tags +} + diff --git a/aws/skywalking-oap-output.tf b/aws/skywalking-oap-output.tf new file mode 100644 index 0000000..5508145 --- /dev/null +++ b/aws/skywalking-oap-output.tf @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +output "skywalking_oap_ips" { + value = ["${aws_instance.skywalking-oap.*.public_ip}"] +} + diff --git a/aws/skywalking-ui-main.tf b/aws/skywalking-ui-main.tf new file mode 100644 index 0000000..8644fe0 --- /dev/null +++ b/aws/skywalking-ui-main.tf @@ -0,0 +1,53 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "aws_instance" "skywalking-ui" { + count = var.ui_instance_count + ami = data.aws_ami.amazon-linux.id + instance_type = var.instance_type + key_name = aws_key_pair.ssh-user.id + vpc_security_group_ids = [ + aws_security_group.skywalking-ui.id, + aws_security_group.ssh-access.id, + aws_security_group.public-egress-access.id + ] + tags = merge( + { + Name = "skywalking-ui" + Description = "Installing and configuring SkyWalking UI on AWS" + }, + var.extra_tags + ) +} + +resource "aws_security_group" "skywalking-ui" { + name = "skywalking-ui" + description = "Security group for SkyWalking UI" + ingress = [ + { + from_port = 8080 + to_port = 8080 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + description = "Allow access from Intenet to SkyWalking UI" + ipv6_cidr_blocks = [] + prefix_list_ids = [] + security_groups = [] + self = false + } + ] + tags = var.extra_tags +} + diff --git a/aws/skywalking-ui-output.tf b/aws/skywalking-ui-output.tf new file mode 100644 index 0000000..3b09582 --- /dev/null +++ b/aws/skywalking-ui-output.tf @@ -0,0 +1,20 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +output "skywalking_ui_ips" { + value = ["${aws_instance.skywalking-ui.*.public_ip}"] +} diff --git a/aws/variables.tf b/aws/variables.tf index d85cc4e..4ed59fb 100644 --- a/aws/variables.tf +++ b/aws/variables.tf @@ -58,3 +58,4 @@ variable "extra_tags" { type = map(string) default = {} } +
