This is an automated email from the ASF dual-hosted git repository.
kezhenxu94 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/skywalking-terraform.git
The following commit(s) were added to refs/heads/main by this push:
new 4b15cd7 Move skywalking cluster to a dedicated module and reorganize
the doc (#29)
4b15cd7 is described below
commit 4b15cd78457f50e51b8e0cde3cce46bfd7995143
Author: kezhenxu94 <[email protected]>
AuthorDate: Sat Sep 2 15:18:05 2023 +0800
Move skywalking cluster to a dedicated module and reorganize the doc (#29)
- Add workflow to generate and push doc.
- Check .terraform.lock.hcl into codebase for consistent provider
version.
---
.github/actions/terraform-docs | 1 +
.github/workflows/documentation.yaml | 50 +++++
.gitignore | 2 +-
.gitmodules | 3 +
.licenserc.yaml | 19 +-
README.md | 208 ++-------------------
ansible/README.md | 108 +++++++++++
aws/.terraform.lock.hcl | 82 ++++++++
aws/README.md | 191 ++++++++++---------
aws/alb-main.tf | 22 ++-
aws/{README.md => configurations.md} | 26 +--
aws/ec2-main.tf | 8 +-
aws/key-pair-output.tf | 21 ---
aws/modules/skywalking/README.md | 73 ++++++++
.../skywalking/main-bastion.tf} | 16 +-
.../skywalking/main-data.tf} | 0
.../skywalking/main-key-pair.tf} | 0
.../skywalking/main-oap.tf} | 28 ++-
.../skywalking/main-ui.tf} | 37 ++--
aws/modules/skywalking/outputs.tf | 72 +++++++
aws/{ => modules/skywalking}/variables.tf | 131 ++++++-------
aws/rds-postgresql-main.tf | 2 +-
aws/skywalking-main.tf | 40 ++++
aws/skywalking-oap-output.tf | 22 ---
aws/{bastion-output.tf => skywalking-outputs.tf} | 19 +-
aws/skywalking-ui-output.tf | 21 ---
aws/variables.tf | 22 ++-
27 files changed, 737 insertions(+), 487 deletions(-)
diff --git a/.github/actions/terraform-docs b/.github/actions/terraform-docs
new file mode 160000
index 0000000..d1c9943
--- /dev/null
+++ b/.github/actions/terraform-docs
@@ -0,0 +1 @@
+Subproject commit d1c99433f7a1e5003ef213d70f89aaa47cb0b675
diff --git a/.github/workflows/documentation.yaml
b/.github/workflows/documentation.yaml
new file mode 100644
index 0000000..e9a0640
--- /dev/null
+++ b/.github/workflows/documentation.yaml
@@ -0,0 +1,50 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+name: Check Docs
+on:
+ - pull_request
+
+jobs:
+ docs:
+ name: ${{ matrix.doc.name }}
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ doc:
+ - name: AWS
+ dir: aws
+ output-file: configurations.md
+ - name: AWS SkyWalking Module
+ dir: aws/modules/skywalking
+ output-file: README.md
+ fail-fast: true
+ steps:
+ - uses: actions/checkout@v3
+ with:
+ submodules: true
+ ref: ${{ github.event.pull_request.head.ref }}
+ - name: Render and check docs is updated
+ uses: ./.github/actions/terraform-docs
+ with:
+ working-dir: ${{ matrix.doc.dir }}
+ output-file: ${{ matrix.doc.output-file }}
+ output-method: inject
+ fail-on-diff: "true"
+ - name: Print diff
+ if: ${{ failure() }}
+ run: git diff --staged
diff --git a/.gitignore b/.gitignore
index 29354fb..62c24f4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,10 +12,10 @@ packages/
.checkstyle
.externalToolBuilders
aws/.terraform/
-aws/.terraform.lock.hcl
aws/terraform.tfstate
aws/terraform.tfstate.backup
ansible/local.var.yaml
ansible/inventory
!ansible/inventory/template
.terraform.tfstate.lock.info
+terraform.tfvars
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..a5aaa2b
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule ".github/actions/terraform-docs"]
+ path = .github/actions/terraform-docs
+ url = https://github.com/terraform-docs/gh-actions.git
diff --git a/.licenserc.yaml b/.licenserc.yaml
index 7737bc2..84f4dba 100644
--- a/.licenserc.yaml
+++ b/.licenserc.yaml
@@ -22,24 +22,11 @@ header:
copyright-owner: Apache Software Foundation
paths-ignore:
- - '.github/ISSUE_TEMPLATE'
- - '.github/PULL_REQUEST_TEMPLATE'
- - '**/.gitignore'
- - '.gitmodules'
- - '.lift'
- - 'docker/.env'
- - 'dist'
- - 'licenses'
- - 'dist-material/release-docs'
+ - '.terraform.lock.hcl'
- '**/*.md'
- '**/*.json'
- - '**/*.ftl'
- - '**/target/**'
- - '**/*.iml'
- - '**/*.ini'
- - '**/*.crt'
- - '**/*.pem'
- - '**/*.txt'
+ - '**/.gitignore'
+ - '.gitmodules'
- 'LICENSE'
- 'NOTICE'
diff --git a/README.md b/README.md
index a8dfc52..38b946d 100644
--- a/README.md
+++ b/README.md
@@ -1,200 +1,26 @@
-# SkyWalking Terraform and Ansible
-
-This repository contains the Terraform scripts to create the infrastructure
for SkyWalking on cloud vendors,
-and the Ansible playbooks to install SkyWalking on the created infrastructure,
or on the existing infrastructure,
-no matter on-premises or on cloud vendors, such as AWS.
-
-# Terraform
-
-**Notice, HashiCorp had changed the LICENSE of Terraform from MPL 2.0 to
BSL/BUSL 1.1 since its 1.5.6 release. We don't have hard-dependencies on
Terraform.**
-
-**OpenTF Foundation announced to maintain the MPL 2.0 based fork of Terraform.
Read their [announcement](https://opentf.org/announcement) and
[website](https://opentf.org/) for more details.**
-
-**All Terraform and/or OpenTF scripts are just for end-user convenience. The
Apache 2.0 License is only for the scripts.**
+# Terraform module for SkyWalking
For now, we have supported the following cloud vendors, and we welcome
everyone to contribute supports for
more cloud vendors:
-- Amazon Web Services (AWS): go to the [aws](aws) folder for more details.
-
-## Prerequisites
-
-1. Terraform installed
-2. AWS Credentials: Ensure your environment is set up with the necessary AWS
credentials. This can be done in various ways, such as:
- - Configuring using the AWS CLI.
- - Setting up environment variables (`AWS_ACCESS_KEY_ID` and
`AWS_SECRET_ACCESS_KEY`).
- - Using IAM roles with necessary permissions if you're running Terraform on
an AWS EC2 instance.
- - For more information on configuring AWS credentials for Terraform, see the
[official
documentation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration).
-3. A working knowledge of Terraform and AWS resources
-
-## Instructions
-
-### 1. Initialization
-
-Before applying any Terraform script, initialize your Terraform working
directory:
-
-```bash
-cd aws/
-terraform init
-```
-
-### 2. Configuration
-
-The script is designed with modularity and reusability in mind. Various
parameters like region, instance count, instance type, etc., are exposed as
variables for easier customization.
-
-For the full configuration list, please refer to [the doc](/aws/README.md).
-
-To modify the default values, you can create a `terraform.tfvars` file in the
same directory as your Terraform script:
-
-```bash
-oap_instance_count = 2
-ui_instance_count = 2
-region = "us-west-1"
-instance_type = "t2.large"
-extra_tags = {
- "Environment" = "Production"
-}
-```
-
-### 3. Test and apply the outcomes of the Script
-
-After adjusting your configuration, test and apply the script:
-
-```bash
-terraform plan
-terraform apply
-```
-
-After all the resources are created, you can head to the
-[Ansible part](#ansible) to start deploying SkyWalking.
-
-### 4. Accessing the Resources
-
-#### SSH into bastion host (Optional)
-
-You don't usually need to SSH into the bastion host, but if you want to, you
can
-SSH into the bastion host with the command:
-
-```shell
-KEY_FILE=$(terraform output -raw ssh-user-key-file)
-BASTION_IP=$(terraform output -json bastion_ips | jq -r '.[0]')
-
-ssh -i "$KEY_FILE" ec2-user@"$BASTION_IP"
-```
-
-- **Security Attention**: two security rules are created for the bastion host:
- - `ssh-access`: Allows SSH access from any IP (`0.0.0.0/0`). **Please note**
that this is potentially insecure and you should restrict the IP range wherever
possible.
- - `public-egress-access`: Allows egress access to the internet for the
instances.
-
-### 5. Tearing Down
-
-To destroy the resources when they are no longer needed:
-
-```bash
-terraform destroy
-```
-
-This command will prompt you to confirm before destroying the resources.
-
-## Security Note
-
-SSH access is open to the entire internet (`0.0.0.0/0`). This is not
recommended for production environments. Always restrict the CIDR block to
known IP ranges for better security.
-
-# Ansible
-
-You can use the Ansible playbook in combination with the Terraform to create
necessary infrastructure and install
-SkyWalking on the created infrastructure, or you can use the Ansible to
install SkyWalking on the existing infrastructure.
-
-This guide provides steps on using Ansible to install Apache SkyWalking on AWS
instances.
-
-## Prerequisites
-
-1. Ansible installed.
-2. A working knowledge of Ansible and AWS resources.
-3. An active SSH key and access to AWS EC2 instances.
-
-## Instructions
-
-### 1. Change diroectory
-
-```shell
-cd ../ansible/
-```
-
-### 2. Test Connectivity to the EC2 Instances
-
-Before installing SkyWalking, ensure that you can connect to the EC2 instances:
-
-```
-ansible -m ping all -u ec2-user
-```
-
-**Expected Output**:
-
-You should see output for each IP with a `SUCCESS` status:
-```text
-<ip1> | SUCCESS => {
- "ansible_facts": {
- "discovered_interpreter_python": "/usr/bin/python3"
- },
- "changed": false,
- "ping": "pong"
-}
-<ip2> | SUCCESS => {
- "ansible_facts": {
- "discovered_interpreter_python": "/usr/bin/python3"
- },
- "changed": false,
- "ping": "pong"
-}
-```
-
-### 3. Install Apache SkyWalking
-
-After confirming connectivity, proceed to install Apache SkyWalking using the
Ansible playbook:
-
-```
-ansible-playbook skywalking.yml
-```
-
-### 4. Configurations
-
-The Ansible playbook can be customized to install Apache SkyWalking with
-different configurations. The following variables can be modified to suit your
-needs:
-
-> For full configurations, refer to the
->
[ansible/roles/skywalking/vars/main.yml](ansible/roles/skywalking/vars/main.yml).
-> file.
-
-```yaml
-# `skywalking_tarball` can be a remote URL or a local path, if it's a remote
URL
-# the remote file will be downloaded to the remote host and then extracted,
-# if it's a local path, the local file will be copied to the remote host and
-# then extracted.
-skywalking_tarball:
"https://dist.apache.org/repos/dist/release/skywalking/9.5.0/apache-skywalking-apm-9.5.0.tar.gz";
-
-# `skywalking_ui_environment` is a dictionary of environment variables that
will
-# be sourced when running the skywalking-ui service. All environment variables
-# that are supported by SkyWalking webapp can be set here.
-skywalking_ui_environment: {}
-
-# `skywalking_oap_environment` is a dictionary of environment variables that
will
-# be sourced when running the skywalking-oap service. All environment variables
-# that are supported by SkyWalking OAP can be set here.
-skywalking_oap_environment: {}
-
-```
+- [AWS](aws): Terraform scripts to provision necessary resources on Amazon Web
Services.
-### 5. Accessing SkyWalking UI!
+> [!NOTE]
+> HashiCorp had changed the LICENSE of Terraform from MPL 2.0 to BSL/BUSL 1.1
+> since its 1.5.6 release. We don't have hard-dependencies on Terraform.
+>
+> OpenTF Foundation announced to maintain the MPL 2.0 based fork of Terraform.
+> Read their [announcement](https://opentf.org/announcement) and
+> [website](https://opentf.org/) for more details.
+>
+> All Terraform and/or OpenTF scripts are just for end-user convenience.
+> The Apache 2.0 License is only for the scripts.
-After the installation is complete, you can go back to the aws folder and get
-the ALB domain name address that can be used to access the SkyWalking UI:
-```shell
-cd ../aws
-terraform output -raw alb_dns_name
-```
+# Ansible playbook for SkyWalking
-And you can open your browser and access the SkyWalking UI with the address.
+You can use the Ansible playbook in combination with the Terraform to create
+necessary infrastructure and install SkyWalking on the created infrastructure,
+or you can use the Ansible to install SkyWalking on the existing
infrastructure.
+Please go to the [ansible](ansible) folder for more details.
diff --git a/ansible/README.md b/ansible/README.md
new file mode 100644
index 0000000..25c7fbf
--- /dev/null
+++ b/ansible/README.md
@@ -0,0 +1,108 @@
+This guide provides steps on using Ansible to install Apache SkyWalking on VM
instances.
+
+# Prerequisites
+
+- [Ansible
installed](https://docs.ansible.com/ansible/latest/installation_guide/index.html).
+- A working knowledge of Ansible.
+- Access to instances.
+
+# Instructions
+
+## Change diroectory
+
+```shell
+cd ansible
+```
+
+## Test Connectivity to the Instances
+
+Before installing SkyWalking, ensure that you can connect to the instances:
+
+```shell
+ansible -m ping all
+```
+
+**Expected Output**:
+
+You should see output for each IP with a `SUCCESS` status:
+
+```text
+<ip1> | SUCCESS => {
+ "ansible_facts": {
+ "discovered_interpreter_python": "/usr/bin/python3"
+ },
+ "changed": false,
+ "ping": "pong"
+}
+<ip2> | SUCCESS => {
+ "ansible_facts": {
+ "discovered_interpreter_python": "/usr/bin/python3"
+ },
+ "changed": false,
+ "ping": "pong"
+}
+```
+
+## Install Apache SkyWalking
+
+After confirming connectivity, proceed to install Apache SkyWalking using the
Ansible playbook:
+
+```
+ansible-playbook skywalking.yml
+```
+
+## Configurations
+
+The Ansible playbook can be customized to install Apache SkyWalking with
+different configurations. The following variables can be modified to suit your
+needs:
+
+> For full configurations, refer to the
+> [roles/skywalking/vars/main.yml](roles/skywalking/vars/main.yml).
+> file.
+
+```yaml
+# `skywalking_tarball` can be a remote URL or a local path, if it's a remote
URL
+# the remote file will be downloaded to the remote host and then extracted,
+# if it's a local path, the local file will be copied to the remote host and
+# then extracted.
+skywalking_tarball:
"https://dist.apache.org/repos/dist/release/skywalking/9.5.0/apache-skywalking-apm-9.5.0.tar.gz";
+
+# `skywalking_ui_environment` is a dictionary of environment variables that
will
+# be sourced when running the skywalking-ui service. All environment variables
+# that are supported by SkyWalking webapp can be set here.
+skywalking_ui_environment: {}
+
+# `skywalking_oap_environment` is a dictionary of environment variables that
will
+# be sourced when running the skywalking-oap service. All environment variables
+# that are supported by SkyWalking OAP can be set here.
+skywalking_oap_environment: {}
+
+```
+
+You can create a local variable file to override the default values:
+
+```shell
+cat <<EOF > local.var.yaml
+skywalking_tarball:
"~/workspace/skywalking/apm-dist/target/apache-skywalking-apm-bin.tar.gz"
+EOF
+```
+
+And then run the playbook with the local variable file:
+
+```shell
+ansible-playbook skywalking.yml -e @local.var.yaml
+```
+
+## Accessing SkyWalking UI!
+
+After the installation is complete, you can go back to the aws folder and get
+the ALB domain name address that can be used to access the SkyWalking UI:
+
+```shell
+cd ../aws
+terraform output -raw alb_dns_name
+```
+
+And you can open your browser and access the SkyWalking UI with the address.
+
diff --git a/aws/.terraform.lock.hcl b/aws/.terraform.lock.hcl
new file mode 100644
index 0000000..0a95708
--- /dev/null
+++ b/aws/.terraform.lock.hcl
@@ -0,0 +1,82 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "5.10.0"
+ hashes = [
+ "h1:g0NYapqztQLdHycec4tlBGNQJTUXUY0Xy5/XUgjAD7U=",
+ "zh:24f8b40ba25521ec809906623ce1387542f3da848952167bc960663583a7b2c7",
+ "zh:3c12afbda4e8ed44ab8315d16bbba4329ef3f18ffe3c0d5ea456dd05472fa610",
+ "zh:4da2de97535c7fb51ede8ef9b6bd45c790005aec36daac4317a6175d2ff632fd",
+ "zh:5631fd3c02c5abe5e51a73bd77ddeaaf97b2d508845ea03bc1e5955b52d94706",
+ "zh:5bdef27b4e5b2dcd0661125fcc1e70826d545903b1e19bb8d28d2a0c812468d5",
+ "zh:7b7f6b3e00ad4b7bfaa9872388f7b8014d8c9a1fe5c3f9f57865535865727633",
+ "zh:935f7a599a3f55f69052b096491262d59787625ce5d52f729080328e5088e823",
+ "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+ "zh:a451a24f6675f8ad643a9b218cdb54c2af75a53d6a712daff46f64b81ec61032",
+ "zh:a5bcf820baefdc9f455222878f276a7f406a1092ac7b4c0cdbd6e588bff84847",
+ "zh:c9ab7b838a75bbcacc298658c1a04d1f0ee5935a928d821afcbe08c98cca7c5f",
+ "zh:d83855b6d66aaa03b1e66e03b7d0a4d1c9f992fce06f00011edde2a6ad6d91d6",
+ "zh:f1793e9a1e3ced98ca301ef1a294f46c06f77f6eb10f4d67ffef87ea60835421",
+ "zh:f366c99ddb16d75e07a687a60c015e8e2e0cdb593dea902385629571bd604859",
+ "zh:fb3ec60ea72144f480f495634c6d3e7a7638d7061a77c228a30768c1ae0b91f6",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/local" {
+ version = "2.4.0"
+ hashes = [
+ "h1:Bs7LAkV/iQTLv72j+cTMrvx2U3KyXrcVHaGbdns1NcE=",
+ "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9",
+ "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf",
+ "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35",
+ "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04",
+ "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406",
+ "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6",
+ "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7",
+ "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2",
+ "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc",
+ "zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/random" {
+ version = "3.5.1"
+ constraints = ">= 3.1.0"
+ hashes = [
+ "h1:sZ7MTSD4FLekNN2wSNFGpM+5slfvpm5A/NLVZiB7CO0=",
+ "zh:04e3fbd610cb52c1017d282531364b9c53ef72b6bc533acb2a90671957324a64",
+ "zh:119197103301ebaf7efb91df8f0b6e0dd31e6ff943d231af35ee1831c599188d",
+ "zh:4d2b219d09abf3b1bb4df93d399ed156cadd61f44ad3baf5cf2954df2fba0831",
+ "zh:6130bdde527587bbe2dcaa7150363e96dbc5250ea20154176d82bc69df5d4ce3",
+ "zh:6cc326cd4000f724d3086ee05587e7710f032f94fc9af35e96a386a1c6f2214f",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:b6d88e1d28cf2dfa24e9fdcc3efc77adcdc1c3c3b5c7ce503a423efbdd6de57b",
+ "zh:ba74c592622ecbcef9dc2a4d81ed321c4e44cddf7da799faa324da9bf52a22b2",
+ "zh:c7c5cde98fe4ef1143bd1b3ec5dc04baf0d4cc3ca2c5c7d40d17c0e9b2076865",
+ "zh:dac4bad52c940cd0dfc27893507c1e92393846b024c5a9db159a93c534a3da03",
+ "zh:de8febe2a2acd9ac454b844a4106ed295ae9520ef54dc8ed2faf29f12716b602",
+ "zh:eab0d0495e7e711cca367f7d4df6e322e6c562fc52151ec931176115b83ed014",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/tls" {
+ version = "4.0.4"
+ hashes = [
+ "h1:Wd3RqmQW60k2QWPN4sK5CtjGuO1d+CRNXgC+D4rKtXc=",
+ "zh:23671ed83e1fcf79745534841e10291bbf34046b27d6e68a5d0aab77206f4a55",
+ "zh:45292421211ffd9e8e3eb3655677700e3c5047f71d8f7650d2ce30242335f848",
+ "zh:59fedb519f4433c0fdb1d58b27c210b27415fddd0cd73c5312530b4309c088be",
+ "zh:5a8eec2409a9ff7cd0758a9d818c74bcba92a240e6c5e54b99df68fff312bbd5",
+ "zh:5e6a4b39f3171f53292ab88058a59e64825f2b842760a4869e64dc1dc093d1fe",
+ "zh:810547d0bf9311d21c81cc306126d3547e7bd3f194fc295836acf164b9f8424e",
+ "zh:824a5f3617624243bed0259d7dd37d76017097dc3193dac669be342b90b2ab48",
+ "zh:9361ccc7048be5dcbc2fafe2d8216939765b3160bd52734f7a9fd917a39ecbd8",
+ "zh:aa02ea625aaf672e649296bce7580f62d724268189fe9ad7c1b36bb0fa12fa60",
+ "zh:c71b4cd40d6ec7815dfeefd57d88bc592c0c42f5e5858dcc88245d371b4b8b1e",
+ "zh:dabcd52f36b43d250a3d71ad7abfa07b5622c69068d989e60b79b2bb4f220316",
+ "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+ ]
+}
diff --git a/aws/README.md b/aws/README.md
index 3d3f3f3..19b0b45 100644
--- a/aws/README.md
+++ b/aws/README.md
@@ -1,84 +1,107 @@
-<!-- BEGIN_TF_DOCS -->
-## Requirements
-
-No requirements.
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.10.0 |
-| <a name="provider_local"></a> [local](#provider\_local) | 2.4.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.5.1 |
-| <a name="provider_tls"></a> [tls](#provider\_tls) | 4.0.4 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_alb"></a> [alb](#module\_alb) |
terraform-aws-modules/alb/aws | ~> 8.0 |
-| <a name="module_rds"></a> [rds](#module\_rds) |
terraform-aws-modules/rds/aws | ~> 5.0 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) |
terraform-aws-modules/vpc/aws | ~> 5.0 |
-
-## Resources
-
-| Name | Type |
-|------|------|
-|
[aws_instance.bastion](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance)
| resource |
-|
[aws_instance.skywalking-oap](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance)
| resource |
-|
[aws_instance.skywalking-ui](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance)
| resource |
-|
[aws_key_pair.ssh-user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair)
| resource |
-|
[aws_security_group.allow_apps](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group)
| resource |
-|
[aws_security_group.bastion](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group)
| resource |
-|
[aws_security_group.public-egress-access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group)
| resource |
-|
[aws_security_group.skywalking-oap](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group)
| resource |
-|
[aws_security_group.skywalking-ui](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group)
| resource |
-|
[local_file.inventories](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file)
| resource |
-|
[local_file.ssh-user](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file)
| resource |
-|
[random_password.rds_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password)
| resource |
-|
[tls_private_key.ssh-user](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key)
| resource |
-|
[aws_ami.amazon-linux](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami)
| data source |
-|
[aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones)
| data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_access_key"></a> [access\_key](#input\_access\_key) | Access
key of the AWS account, if you have configured AWS CLI, you can leave it empty.
| `string` | `""` | no |
-| <a name="input_bastion_enabled"></a>
[bastion\_enabled](#input\_bastion\_enabled) | Enable bastion host, if you want
to access the instances via SSH, you must enable it. | `bool` | `true` | no |
-| <a name="input_bastion_instance_type"></a>
[bastion\_instance\_type](#input\_bastion\_instance\_type) | CPU, memory,
storage and networking capacity for bastion host | `string` | `"t2.micro"` | no
|
-| <a name="input_cidr"></a> [cidr](#input\_cidr) | CIDR for database tier |
`string` | `"11.0.0.0/16"` | no |
-| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) |
Name of the cluster | `string` | `"skywalking-cluster"` | no |
-| <a name="input_database_subnets"></a>
[database\_subnets](#input\_database\_subnets) | CIDR used for database subnets
| `set(string)` | <pre>[<br> "11.0.104.0/24",<br> "11.0.105.0/24",<br>
"11.0.106.0/24"<br>]</pre> | no |
-| <a name="input_db_instance_class"></a>
[db\_instance\_class](#input\_db\_instance\_class) | Instance class for the
database | `string` | `"db.t3.medium"` | no |
-| <a name="input_db_max_storage_size"></a>
[db\_max\_storage\_size](#input\_db\_max\_storage\_size) | Maximum storage size
for the database, in GB | `number` | `100` | no |
-| <a name="input_db_name"></a> [db\_name](#input\_db\_name) | Name of the
database | `string` | `"skywalking"` | no |
-| <a name="input_db_password"></a> [db\_password](#input\_db\_password) |
Password for the database, if not set, a random password will be generated. |
`string` | `null` | no |
-| <a name="input_db_storage_size"></a>
[db\_storage\_size](#input\_db\_storage\_size) | Storage size for the database,
in GB | `number` | `5` | no |
-| <a name="input_db_username"></a> [db\_username](#input\_db\_username) |
Username for the database | `string` | `"skywalking"` | no |
-| <a name="input_extra_tags"></a> [extra\_tags](#input\_extra\_tags) |
Additional tags to be added to all resources | `map(string)` | `{}` | no |
-| <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type)
| CPU, memory, storage and networking capacity for OAP and UI instances |
`string` | `"t2.medium"` | no |
-| <a name="input_oap_instance_count"></a>
[oap\_instance\_count](#input\_oap\_instance\_count) | Number of OAP instances,
if you want to use H2 storage, you must set it to 1. | `number` | `1` | no |
-| <a name="input_private_subnets"></a>
[private\_subnets](#input\_private\_subnets) | CIDR used for private subnets |
`set(string)` | <pre>[<br> "11.0.1.0/24",<br> "11.0.2.0/24",<br>
"11.0.3.0/24"<br>]</pre> | no |
-| <a name="input_public_key_path"></a>
[public\_key\_path](#input\_public\_key\_path) | Path to store the key file for
SSH access to the instances. | `string` | `"~/.ssh"` | no |
-| <a name="input_public_subnets"></a>
[public\_subnets](#input\_public\_subnets) | CIDR used for public subnets |
`set(string)` | <pre>[<br> "11.0.101.0/24",<br> "11.0.102.0/24",<br>
"11.0.103.0/24"<br>]</pre> | no |
-| <a name="input_region"></a> [region](#input\_region) | Physical location for
clustered data centers. | `string` | `"us-east-1"` | no |
-| <a name="input_secret_key"></a> [secret\_key](#input\_secret\_key) | Secret
key of the AWS account, if you have configured AWS CLI, you can leave it empty.
| `string` | `""` | no |
-| <a name="input_storage"></a> [storage](#input\_storage) | Storage type for
SkyWalking OAP, can be 'h2', or 'rds-postgresql' | `string` |
`"rds-postgresql"` | no |
-| <a name="input_ui_instance_count"></a>
[ui\_instance\_count](#input\_ui\_instance\_count) | Number of UI instances |
`number` | `1` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_alb_dns_name"></a> [alb\_dns\_name](#output\_alb\_dns\_name)
| The domain name of the ALB that can be used to access SkyWalking UI. |
-| <a name="output_bastion_ips"></a> [bastion\_ips](#output\_bastion\_ips) |
The public IP that can be used to SSH into the bastion host. |
-| <a name="output_database_address"></a>
[database\_address](#output\_database\_address) | The database address |
-| <a name="output_database_name"></a>
[database\_name](#output\_database\_name) | The database name |
-| <a name="output_database_password"></a>
[database\_password](#output\_database\_password) | The database password |
-| <a name="output_database_port"></a>
[database\_port](#output\_database\_port) | The database port |
-| <a name="output_database_username"></a>
[database\_username](#output\_database\_username) | The database username |
-| <a name="output_skywalking_oap_ips"></a>
[skywalking\_oap\_ips](#output\_skywalking\_oap\_ips) | The private IPs of the
OAP instances |
-| <a name="output_skywalking_ui_ips"></a>
[skywalking\_ui\_ips](#output\_skywalking\_ui\_ips) | The IPs of the SkyWalking
UI instances |
-| <a name="output_ssh-user-key-file"></a>
[ssh-user-key-file](#output\_ssh-user-key-file) | The SSH key file that can be
used to connect to the bastion instance. |
-<!-- END_TF_DOCS -->
\ No newline at end of file
+# Prerequisites
+
+- [Terraform installed](https://developer.hashicorp.com/terraform/downloads).
+- AWS Credentials: Ensure your environment is set up with the necessary AWS
credentials. This can be done in various ways, such as:
+ - Setting the `access_key` and `secret_key` variable in Terraform.
+ - Setting up environment variables (`AWS_ACCESS_KEY_ID` and
`AWS_SECRET_ACCESS_KEY`).
+ - Configuring using the [AWS
CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html).
+ - Using IAM roles with necessary permissions if you're running Terraform on
an AWS EC2 instance.
+ - For more information on configuring AWS credentials for Terraform, see the
[official
documentation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration).
+- A working knowledge of Terraform and AWS resources
+
+# Instructions
+
+## Initialization
+
+Before applying any Terraform script, initialize your Terraform working
directory:
+
+```bash
+terraform init
+```
+
+## Configuration
+
+The script is designed with modularity and reusability in mind. Various
+parameters like region, instance count, instance type, etc., are exposed
+as variables for easier customization.
+
+For the full configuration list, please refer to [the doc](configurations.md).
+
+To modify the default values, you can create a `terraform.tfvars` file in the
+same directory as your Terraform script:
+
+```bash
+cat <<EOF > terraform.tfvars
+region = "ap-southeast-1"
+access_key = "<access_key>"
+secret_key = "<secret_key>"
+storage = "rds-postgresql"
+extra_tags = {
+ "Environment" = "Production"
+}
+EOF
+```
+
+## Test and apply the outcomes of the script
+
+After adjusting your configuration, test and apply the script:
+
+```bash
+terraform plan
+terraform apply
+```
+
+> [!WARNING]
+> **Security Attention**: two security rules are created for the bastion host:
+> - `ssh-access`: Allows SSH access from any IP (`0.0.0.0/0`).
+> **Please note** that this is potentially insecure and you should restrict
+> the IP range by setting the variable `bastion_ssh_cidr_blocks`.
+> - `public-egress-access`: Allows egress access to the internet for the
instances.
+
+After all the resources are created, you can head to the
+[Ansible part](../ansible/README.md) to start deploying SkyWalking.
+
+## Accessing the resources
+
+### SSH into bastion host (Optional)
+
+You don't usually need to directly SSH into the bastion host, but if you want,
+you can SSH into the bastion host with the command:
+
+```shell
+KEY_FILE=$(terraform output -raw ssh_user_key_file)
+BASTION_IP=$(terraform output -json bastion_ips | jq -r '.[0]')
+
+ssh -i "$KEY_FILE" ec2-user@"$BASTION_IP"
+```
+
+### Access the SkyWalking UI ALB
+
+If you set the variable `create_lb` to `true` (this is set by default, so if
you
+didn't set it to `false`, you should have an ALB), you can access the
SkyWalking
+UI ALB with the command:
+
+```shell
+terraform output -raw alb_dns_name
+```
+
+When you open the URL in your browser, you should see something like this:
+
+```text
+503 Service Temporarily Unavailable
+```
+
+This is because you didn't deploy SkyWalking yet, after you complete the steps
+in the [Ansible part](../ansible/README.md), you should be able to see the
+SkyWalking UI then.
+
+## Tearing Down
+
+To destroy the resources when they are no longer needed:
+
+```bash
+terraform destroy
+```
+
+This command will prompt you to confirm before destroying the resources.
+
diff --git a/aws/alb-main.tf b/aws/alb-main.tf
index a1cfc28..83d1dcf 100644
--- a/aws/alb-main.tf
+++ b/aws/alb-main.tf
@@ -17,6 +17,8 @@ module "alb" {
source = "terraform-aws-modules/alb/aws"
version = "~> 8.0"
+ create_lb = var.create_lb
+
name = var.cluster_name
load_balancer_type = "application"
@@ -50,8 +52,8 @@ module "alb" {
backend_port = 8080
target_type = "instance"
targets = [
- for i, ui in aws_instance.skywalking-ui : {
- target_id = ui.id
+ for i, ui_id in module.skywalking.ui_instance_ids : {
+ target_id = ui_id
port = 8080
}
]
@@ -68,3 +70,19 @@ module "alb" {
tags = var.extra_tags
}
+
+resource "aws_security_group" "alb-skywalking-ui" {
+ count = var.create_lb ? 1 : 0
+
+ name = "alb-skywalking-ui"
+ description = "Security group for ALB to access SkyWalking UI"
+ vpc_id = module.vpc.vpc_id
+
+ ingress {
+ from_port = 8080
+ to_port = 8080
+ protocol = "tcp"
+ description = "Allow access from ALB to SkyWalking UI"
+ security_groups = [module.alb.security_group_id]
+ }
+}
diff --git a/aws/README.md b/aws/configurations.md
similarity index 74%
copy from aws/README.md
copy to aws/configurations.md
index 3d3f3f3..431266f 100644
--- a/aws/README.md
+++ b/aws/configurations.md
@@ -10,7 +10,6 @@ No requirements.
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.10.0 |
| <a name="provider_local"></a> [local](#provider\_local) | 2.4.0 |
| <a name="provider_random"></a> [random](#provider\_random) | 3.5.1 |
-| <a name="provider_tls"></a> [tls](#provider\_tls) | 4.0.4 |
## Modules
@@ -18,26 +17,18 @@ No requirements.
|------|--------|---------|
| <a name="module_alb"></a> [alb](#module\_alb) |
terraform-aws-modules/alb/aws | ~> 8.0 |
| <a name="module_rds"></a> [rds](#module\_rds) |
terraform-aws-modules/rds/aws | ~> 5.0 |
+| <a name="module_skywalking"></a> [skywalking](#module\_skywalking) |
./modules/skywalking | n/a |
| <a name="module_vpc"></a> [vpc](#module\_vpc) |
terraform-aws-modules/vpc/aws | ~> 5.0 |
## Resources
| Name | Type |
|------|------|
-|
[aws_instance.bastion](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance)
| resource |
-|
[aws_instance.skywalking-oap](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance)
| resource |
-|
[aws_instance.skywalking-ui](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance)
| resource |
-|
[aws_key_pair.ssh-user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair)
| resource |
+|
[aws_security_group.alb-skywalking-ui](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group)
| resource |
|
[aws_security_group.allow_apps](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group)
| resource |
-|
[aws_security_group.bastion](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group)
| resource |
|
[aws_security_group.public-egress-access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group)
| resource |
-|
[aws_security_group.skywalking-oap](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group)
| resource |
-|
[aws_security_group.skywalking-ui](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group)
| resource |
|
[local_file.inventories](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file)
| resource |
-|
[local_file.ssh-user](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file)
| resource |
|
[random_password.rds_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password)
| resource |
-|
[tls_private_key.ssh-user](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key)
| resource |
-|
[aws_ami.amazon-linux](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami)
| data source |
|
[aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones)
| data source |
## Inputs
@@ -47,8 +38,10 @@ No requirements.
| <a name="input_access_key"></a> [access\_key](#input\_access\_key) | Access
key of the AWS account, if you have configured AWS CLI, you can leave it empty.
| `string` | `""` | no |
| <a name="input_bastion_enabled"></a>
[bastion\_enabled](#input\_bastion\_enabled) | Enable bastion host, if you want
to access the instances via SSH, you must enable it. | `bool` | `true` | no |
| <a name="input_bastion_instance_type"></a>
[bastion\_instance\_type](#input\_bastion\_instance\_type) | CPU, memory,
storage and networking capacity for bastion host | `string` | `"t2.micro"` | no
|
+| <a name="input_bastion_ssh_cidr_blocks"></a>
[bastion\_ssh\_cidr\_blocks](#input\_bastion\_ssh\_cidr\_blocks) | CIDR blocks
for SSH access to bastion host | `list(string)` | <pre>[<br>
"0.0.0.0/0"<br>]</pre> | no |
| <a name="input_cidr"></a> [cidr](#input\_cidr) | CIDR for database tier |
`string` | `"11.0.0.0/16"` | no |
| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) |
Name of the cluster | `string` | `"skywalking-cluster"` | no |
+| <a name="input_create_lb"></a> [create\_lb](#input\_create\_lb) | Create
load balancer for SkyWalking UI | `bool` | `true` | no |
| <a name="input_database_subnets"></a>
[database\_subnets](#input\_database\_subnets) | CIDR used for database subnets
| `set(string)` | <pre>[<br> "11.0.104.0/24",<br> "11.0.105.0/24",<br>
"11.0.106.0/24"<br>]</pre> | no |
| <a name="input_db_instance_class"></a>
[db\_instance\_class](#input\_db\_instance\_class) | Instance class for the
database | `string` | `"db.t3.medium"` | no |
| <a name="input_db_max_storage_size"></a>
[db\_max\_storage\_size](#input\_db\_max\_storage\_size) | Maximum storage size
for the database, in GB | `number` | `100` | no |
@@ -57,8 +50,8 @@ No requirements.
| <a name="input_db_storage_size"></a>
[db\_storage\_size](#input\_db\_storage\_size) | Storage size for the database,
in GB | `number` | `5` | no |
| <a name="input_db_username"></a> [db\_username](#input\_db\_username) |
Username for the database | `string` | `"skywalking"` | no |
| <a name="input_extra_tags"></a> [extra\_tags](#input\_extra\_tags) |
Additional tags to be added to all resources | `map(string)` | `{}` | no |
-| <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type)
| CPU, memory, storage and networking capacity for OAP and UI instances |
`string` | `"t2.medium"` | no |
| <a name="input_oap_instance_count"></a>
[oap\_instance\_count](#input\_oap\_instance\_count) | Number of OAP instances,
if you want to use H2 storage, you must set it to 1. | `number` | `1` | no |
+| <a name="input_oap_instance_type"></a>
[oap\_instance\_type](#input\_oap\_instance\_type) | CPU, memory, storage and
networking capacity for OAP instances | `string` | `"c5.xlarge"` | no |
| <a name="input_private_subnets"></a>
[private\_subnets](#input\_private\_subnets) | CIDR used for private subnets |
`set(string)` | <pre>[<br> "11.0.1.0/24",<br> "11.0.2.0/24",<br>
"11.0.3.0/24"<br>]</pre> | no |
| <a name="input_public_key_path"></a>
[public\_key\_path](#input\_public\_key\_path) | Path to store the key file for
SSH access to the instances. | `string` | `"~/.ssh"` | no |
| <a name="input_public_subnets"></a>
[public\_subnets](#input\_public\_subnets) | CIDR used for public subnets |
`set(string)` | <pre>[<br> "11.0.101.0/24",<br> "11.0.102.0/24",<br>
"11.0.103.0/24"<br>]</pre> | no |
@@ -66,19 +59,20 @@ No requirements.
| <a name="input_secret_key"></a> [secret\_key](#input\_secret\_key) | Secret
key of the AWS account, if you have configured AWS CLI, you can leave it empty.
| `string` | `""` | no |
| <a name="input_storage"></a> [storage](#input\_storage) | Storage type for
SkyWalking OAP, can be 'h2', or 'rds-postgresql' | `string` |
`"rds-postgresql"` | no |
| <a name="input_ui_instance_count"></a>
[ui\_instance\_count](#input\_ui\_instance\_count) | Number of UI instances |
`number` | `1` | no |
+| <a name="input_ui_instance_type"></a>
[ui\_instance\_type](#input\_ui\_instance\_type) | CPU, memory, storage and
networking capacity for UI instances | `string` | `"t2.medium"` | no |
## Outputs
| Name | Description |
|------|-------------|
| <a name="output_alb_dns_name"></a> [alb\_dns\_name](#output\_alb\_dns\_name)
| The domain name of the ALB that can be used to access SkyWalking UI. |
-| <a name="output_bastion_ips"></a> [bastion\_ips](#output\_bastion\_ips) |
The public IP that can be used to SSH into the bastion host. |
+| <a name="output_bastion_ips"></a> [bastion\_ips](#output\_bastion\_ips) |
The public IP that can be used to SSH into the bastion host |
| <a name="output_database_address"></a>
[database\_address](#output\_database\_address) | The database address |
| <a name="output_database_name"></a>
[database\_name](#output\_database\_name) | The database name |
| <a name="output_database_password"></a>
[database\_password](#output\_database\_password) | The database password |
| <a name="output_database_port"></a>
[database\_port](#output\_database\_port) | The database port |
| <a name="output_database_username"></a>
[database\_username](#output\_database\_username) | The database username |
-| <a name="output_skywalking_oap_ips"></a>
[skywalking\_oap\_ips](#output\_skywalking\_oap\_ips) | The private IPs of the
OAP instances |
-| <a name="output_skywalking_ui_ips"></a>
[skywalking\_ui\_ips](#output\_skywalking\_ui\_ips) | The IPs of the SkyWalking
UI instances |
-| <a name="output_ssh-user-key-file"></a>
[ssh-user-key-file](#output\_ssh-user-key-file) | The SSH key file that can be
used to connect to the bastion instance. |
+| <a name="output_oap_ips"></a> [oap\_ips](#output\_oap\_ips) | The private
IPs of the OAP instances |
+| <a name="output_ssh_user_key_file"></a>
[ssh\_user\_key\_file](#output\_ssh\_user\_key\_file) | The SSH private key
file to use to connect to the bastion host |
+| <a name="output_ui_ips"></a> [ui\_ips](#output\_ui\_ips) | The IPs of the
SkyWalking UI instances |
<!-- END_TF_DOCS -->
\ No newline at end of file
diff --git a/aws/ec2-main.tf b/aws/ec2-main.tf
index 6d7dab1..50d27c6 100644
--- a/aws/ec2-main.tf
+++ b/aws/ec2-main.tf
@@ -34,10 +34,10 @@ resource "local_file" "inventories" {
filename = "${path.module}/../ansible/inventory/skywalking.yaml"
file_permission = "0600"
content =
templatefile("${path.module}/../ansible/template/inventory.yaml.tftpl", {
- bastion = aws_instance.bastion[0]
- oap_instances = aws_instance.skywalking-oap
- ui_instances = aws_instance.skywalking-ui
- private_key_file = local_file.ssh-user.filename
+ bastion = module.skywalking.bastion_instances[0]
+ oap_instances = module.skywalking.oap_instances
+ ui_instances = module.skywalking.ui_instances
+ private_key_file = module.skywalking.ssh_user_key_file
database_type = var.storage
database_host = var.storage == "rds-postgresql" ?
module.rds[0].db_instance_address : ""
database_port = var.storage == "rds-postgresql" ?
module.rds[0].db_instance_port : ""
diff --git a/aws/key-pair-output.tf b/aws/key-pair-output.tf
deleted file mode 100644
index a1a4271..0000000
--- a/aws/key-pair-output.tf
+++ /dev/null
@@ -1,21 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-output "ssh-user-key-file" {
- value = local_file.ssh-user.filename
- description = "The SSH key file that can be used to connect to the bastion
instance."
-}
diff --git a/aws/modules/skywalking/README.md b/aws/modules/skywalking/README.md
new file mode 100644
index 0000000..35abf8d
--- /dev/null
+++ b/aws/modules/skywalking/README.md
@@ -0,0 +1,73 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+| <a name="provider_local"></a> [local](#provider\_local) | n/a |
+| <a name="provider_tls"></a> [tls](#provider\_tls) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+|
[aws_instance.bastion](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance)
| resource |
+|
[aws_instance.skywalking-oap](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance)
| resource |
+|
[aws_instance.skywalking-ui](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance)
| resource |
+|
[aws_key_pair.ssh-user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair)
| resource |
+|
[aws_security_group.bastion](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group)
| resource |
+|
[aws_security_group.skywalking-oap](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group)
| resource |
+|
[aws_security_group.skywalking-ui](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group)
| resource |
+|
[local_file.ssh-user](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file)
| resource |
+|
[tls_private_key.ssh-user](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key)
| resource |
+|
[aws_ami.amazon-linux](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami)
| data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_bastion_enabled"></a>
[bastion\_enabled](#input\_bastion\_enabled) | Enable bastion host, if you want
to access the instances via SSH, you must enable it. | `bool` | `true` | no |
+| <a name="input_bastion_instance_type"></a>
[bastion\_instance\_type](#input\_bastion\_instance\_type) | CPU, memory,
storage and networking capacity for bastion host | `string` | `"t2.micro"` | no
|
+| <a name="input_bastion_ssh_cidr_blocks"></a>
[bastion\_ssh\_cidr\_blocks](#input\_bastion\_ssh\_cidr\_blocks) | CIDR blocks
for SSH access to bastion host | `list(string)` | <pre>[<br>
"0.0.0.0/0"<br>]</pre> | no |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) |
Name of the cluster | `string` | `"skywalking-cluster"` | no |
+| <a name="input_create_lb"></a> [create\_lb](#input\_create\_lb) | Create a
load balancer for UI instances | `bool` | `true` | no |
+| <a name="input_extra_tags"></a> [extra\_tags](#input\_extra\_tags) |
Additional tags to be added to all resources | `map(string)` | `{}` | no |
+| <a name="input_oap_instance_ami_id"></a>
[oap\_instance\_ami\_id](#input\_oap\_instance\_ami\_id) | AMI ID for OAP
instances, if not set, a suitable AMI ID will be selected automatically. |
`string` | `""` | no |
+| <a name="input_oap_instance_count"></a>
[oap\_instance\_count](#input\_oap\_instance\_count) | Number of OAP instances,
if you want to use H2 storage, you must set it to 1. | `number` | `1` | no |
+| <a name="input_oap_instance_security_group_ids"></a>
[oap\_instance\_security\_group\_ids](#input\_oap\_instance\_security\_group\_ids)
| Additional security groups for OAP instances | `list(string)` | `[]` | no |
+| <a name="input_oap_instance_subnet_id"></a>
[oap\_instance\_subnet\_id](#input\_oap\_instance\_subnet\_id) | Subnet ID for
OAP instances | `string` | n/a | yes |
+| <a name="input_oap_instance_type"></a>
[oap\_instance\_type](#input\_oap\_instance\_type) | CPU, memory, storage and
networking capacity for OAP instances | `string` | `"c5.xlarge"` | no |
+| <a name="input_public_key_path"></a>
[public\_key\_path](#input\_public\_key\_path) | Path to store the key file for
SSH access to the instances. | `string` | `"~/.ssh"` | no |
+| <a name="input_storage"></a> [storage](#input\_storage) | Storage type for
SkyWalking OAP, can be `h2`, or `rds-postgresql` | `string` |
`"rds-postgresql"` | no |
+| <a name="input_ui_instance_ami_id"></a>
[ui\_instance\_ami\_id](#input\_ui\_instance\_ami\_id) | AMI ID for UI
instances, if not set, a suitable AMI ID will be selected automatically. |
`string` | `""` | no |
+| <a name="input_ui_instance_count"></a>
[ui\_instance\_count](#input\_ui\_instance\_count) | Number of UI instances |
`number` | `1` | no |
+| <a name="input_ui_instance_security_group_ids"></a>
[ui\_instance\_security\_group\_ids](#input\_ui\_instance\_security\_group\_ids)
| Additional security groups for UI instances | `list(string)` | `[]` | no |
+| <a name="input_ui_instance_subnet_id"></a>
[ui\_instance\_subnet\_id](#input\_ui\_instance\_subnet\_id) | Subnet ID for UI
instances | `string` | n/a | yes |
+| <a name="input_ui_instance_type"></a>
[ui\_instance\_type](#input\_ui\_instance\_type) | CPU, memory, storage and
networking capacity for UI instances | `string` | `"t2.medium"` | no |
+| <a name="input_vpc_bastion_subnet_id"></a>
[vpc\_bastion\_subnet\_id](#input\_vpc\_bastion\_subnet\_id) | Subnet ID for
bastion host | `string` | n/a | yes |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID | `string` |
n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_bastion_instances"></a>
[bastion\_instances](#output\_bastion\_instances) | The bastion instances |
+| <a name="output_bastion_ips"></a> [bastion\_ips](#output\_bastion\_ips) |
The public IP that can be used to SSH into the bastion host |
+| <a name="output_oap_instance_ids"></a>
[oap\_instance\_ids](#output\_oap\_instance\_ids) | The IDs of the OAP
instances |
+| <a name="output_oap_instances"></a>
[oap\_instances](#output\_oap\_instances) | The OAP instances |
+| <a name="output_oap_ips"></a> [oap\_ips](#output\_oap\_ips) | The private
IPs of the OAP instances |
+| <a name="output_oap_security_groups"></a>
[oap\_security\_groups](#output\_oap\_security\_groups) | The security groups
of the OAP instances |
+| <a name="output_ssh_user_key_file"></a>
[ssh\_user\_key\_file](#output\_ssh\_user\_key\_file) | The SSH key file that
can be used to connect to the bastion instance. |
+| <a name="output_ui_instance_ids"></a>
[ui\_instance\_ids](#output\_ui\_instance\_ids) | The IDs of the SkyWalking UI
instances |
+| <a name="output_ui_instances"></a> [ui\_instances](#output\_ui\_instances) |
The SkyWalking UI instances |
+| <a name="output_ui_ips"></a> [ui\_ips](#output\_ui\_ips) | The IPs of the
SkyWalking UI instances |
+| <a name="output_ui_security_groups"></a>
[ui\_security\_groups](#output\_ui\_security\_groups) | The security groups of
the SkyWalking UI instances |
+<!-- END_TF_DOCS -->
\ No newline at end of file
diff --git a/aws/bastion-main.tf b/aws/modules/skywalking/main-bastion.tf
similarity index 87%
rename from aws/bastion-main.tf
rename to aws/modules/skywalking/main-bastion.tf
index 6ddb9df..1c892ec 100644
--- a/aws/bastion-main.tf
+++ b/aws/modules/skywalking/main-bastion.tf
@@ -18,13 +18,10 @@ resource "aws_instance" "bastion" {
ami = data.aws_ami.amazon-linux.id
instance_type = var.bastion_instance_type
key_name = aws_key_pair.ssh-user.id
- subnet_id = element(module.vpc.public_subnets, 0)
+ subnet_id = var.vpc_bastion_subnet_id
associate_public_ip_address = true
- vpc_security_group_ids = [
- aws_security_group.bastion.id,
- aws_security_group.public-egress-access.id
- ]
+ vpc_security_group_ids = [aws_security_group.bastion.id]
tags = merge(
{
Name = "Bastion Host"
@@ -54,13 +51,20 @@ resource "aws_instance" "bastion" {
resource "aws_security_group" "bastion" {
name = "bastion"
description = "Security group for bastion"
- vpc_id = module.vpc.vpc_id
+ vpc_id = var.vpc_id
ingress {
description = "SSH access from the Internet"
from_port = 22
to_port = 22
protocol = "tcp"
+ cidr_blocks = var.bastion_ssh_cidr_blocks
+ }
+
+ egress {
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
diff --git a/aws/system-main.tf b/aws/modules/skywalking/main-data.tf
similarity index 100%
rename from aws/system-main.tf
rename to aws/modules/skywalking/main-data.tf
diff --git a/aws/key-pair-main.tf b/aws/modules/skywalking/main-key-pair.tf
similarity index 100%
rename from aws/key-pair-main.tf
rename to aws/modules/skywalking/main-key-pair.tf
diff --git a/aws/skywalking-oap-main.tf b/aws/modules/skywalking/main-oap.tf
similarity index 80%
rename from aws/skywalking-oap-main.tf
rename to aws/modules/skywalking/main-oap.tf
index 3d25f06..1e7e6e2 100644
--- a/aws/skywalking-oap-main.tf
+++ b/aws/modules/skywalking/main-oap.tf
@@ -13,17 +13,22 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+locals {
+ oap_ami_id = var.oap_instance_ami_id != "" ? var.oap_instance_ami_id :
data.aws_ami.amazon-linux.id
+}
+
resource "aws_instance" "skywalking-oap" {
count = var.oap_instance_count
- ami = data.aws_ami.amazon-linux.id
- instance_type = var.instance_type
+ ami = local.oap_ami_id
+ instance_type = var.oap_instance_type
key_name = aws_key_pair.ssh-user.id
- subnet_id = element(module.vpc.private_subnets, 0)
+ subnet_id = var.oap_instance_subnet_id
+
+ vpc_security_group_ids = concat(
+ var.oap_instance_security_group_ids,
+ [aws_security_group.skywalking-oap.id]
+ )
- vpc_security_group_ids = [
- aws_security_group.skywalking-oap.id,
- aws_security_group.public-egress-access.id
- ]
tags = merge(
{
Name = "skywalking-oap"
@@ -43,7 +48,7 @@ resource "aws_instance" "skywalking-oap" {
resource "aws_security_group" "skywalking-oap" {
name = "skywalking-oap"
description = "Security group for SkyWalking OAP"
- vpc_id = module.vpc.vpc_id
+ vpc_id = var.vpc_id
ingress {
from_port = 12800
@@ -67,6 +72,13 @@ resource "aws_security_group" "skywalking-oap" {
security_groups = [aws_security_group.bastion.id]
}
+ egress {
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
tags = var.extra_tags
}
diff --git a/aws/skywalking-ui-main.tf b/aws/modules/skywalking/main-ui.tf
similarity index 73%
rename from aws/skywalking-ui-main.tf
rename to aws/modules/skywalking/main-ui.tf
index e367159..e2c2e91 100644
--- a/aws/skywalking-ui-main.tf
+++ b/aws/modules/skywalking/main-ui.tf
@@ -13,17 +13,22 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+locals {
+ ui_ami_id = var.ui_instance_ami_id != "" ? var.ui_instance_ami_id :
data.aws_ami.amazon-linux.id
+}
+
resource "aws_instance" "skywalking-ui" {
count = var.ui_instance_count
- ami = data.aws_ami.amazon-linux.id
- instance_type = var.instance_type
+ ami = local.ui_ami_id
+ instance_type = var.ui_instance_type
key_name = aws_key_pair.ssh-user.id
- subnet_id = element(module.vpc.private_subnets, 0)
+ subnet_id = var.ui_instance_subnet_id
+
+ vpc_security_group_ids = concat(
+ var.ui_instance_security_group_ids,
+ [aws_security_group.skywalking-ui.id]
+ )
- vpc_security_group_ids = [
- aws_security_group.skywalking-ui.id,
- aws_security_group.public-egress-access.id
- ]
tags = merge(
{
Name = "skywalking-ui"
@@ -36,15 +41,7 @@ resource "aws_instance" "skywalking-ui" {
resource "aws_security_group" "skywalking-ui" {
name = "skywalking-ui"
description = "Security group for SkyWalking UI"
- vpc_id = module.vpc.vpc_id
-
- ingress {
- from_port = 8080
- to_port = 8080
- protocol = "tcp"
- description = "Allow access from ALB to SkyWalking UI"
- security_groups = [module.alb.security_group_id]
- }
+ vpc_id = var.vpc_id
ingress {
from_port = 22
@@ -54,6 +51,14 @@ resource "aws_security_group" "skywalking-ui" {
security_groups = [aws_security_group.bastion.id]
}
+ egress {
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_blocks = ["0.0.0.0/0"]
+ description = "Allow all outbound traffic"
+ }
+
tags = var.extra_tags
}
diff --git a/aws/modules/skywalking/outputs.tf
b/aws/modules/skywalking/outputs.tf
new file mode 100644
index 0000000..daf597f
--- /dev/null
+++ b/aws/modules/skywalking/outputs.tf
@@ -0,0 +1,72 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+output "ui_instances" {
+ value = aws_instance.skywalking-ui
+ description = "The SkyWalking UI instances"
+}
+
+output "ui_instance_ids" {
+ value = aws_instance.skywalking-ui.*.id
+ description = "The IDs of the SkyWalking UI instances"
+}
+
+output "ui_ips" {
+ value = aws_instance.skywalking-ui.*.private_ip
+ description = "The IPs of the SkyWalking UI instances"
+}
+
+output "ui_security_groups" {
+ value = [aws_security_group.skywalking-ui.id]
+ description = "The security groups of the SkyWalking UI instances"
+}
+
+output "oap_instances" {
+ value = aws_instance.skywalking-oap
+ description = "The OAP instances"
+}
+
+output "oap_instance_ids" {
+ value = aws_instance.skywalking-oap.*.id
+ description = "The IDs of the OAP instances"
+}
+
+output "oap_ips" {
+ value = aws_instance.skywalking-oap.*.private_ip
+ description = "The private IPs of the OAP instances"
+}
+
+output "oap_security_groups" {
+ value = [aws_security_group.skywalking-oap.id]
+ description = "The security groups of the OAP instances"
+}
+
+output "bastion_instances" {
+ value = aws_instance.bastion
+ description = "The bastion instances"
+}
+
+output "bastion_ips" {
+ value = aws_instance.bastion.*.public_ip
+ description = "The public IP that can be used to SSH into the bastion host"
+}
+
+output "ssh_user_key_file" {
+ value = local_file.ssh-user.filename
+ description = "The SSH key file that can be used to connect to the bastion
instance."
+}
+
diff --git a/aws/variables.tf b/aws/modules/skywalking/variables.tf
similarity index 57%
copy from aws/variables.tf
copy to aws/modules/skywalking/variables.tf
index dfdf1d6..6e8818e 100644
--- a/aws/variables.tf
+++ b/aws/modules/skywalking/variables.tf
@@ -13,22 +13,14 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-variable "region" {
+variable "vpc_id" {
type = string
- description = "Physical location for clustered data centers."
- default = "us-east-1"
+ description = "VPC ID"
}
-variable "access_key" {
+variable "vpc_bastion_subnet_id" {
type = string
- description = "Access key of the AWS account, if you have configured AWS
CLI, you can leave it empty."
- default = ""
-}
-
-variable "secret_key" {
- type = string
- description = "Secret key of the AWS account, if you have configured AWS
CLI, you can leave it empty."
- default = ""
+ description = "Subnet ID for bastion host"
}
variable "cluster_name" {
@@ -43,12 +35,46 @@ variable "oap_instance_count" {
default = 1
}
+variable "oap_instance_ami_id" {
+ type = string
+ description = "AMI ID for OAP instances, if not set, a suitable AMI ID will
be selected automatically."
+ default = ""
+}
+
+variable "oap_instance_subnet_id" {
+ type = string
+ description = "Subnet ID for OAP instances"
+}
+
+variable "oap_instance_security_group_ids" {
+ type = list(string)
+ description = "Additional security groups for OAP instances"
+ default = []
+}
+
variable "ui_instance_count" {
type = number
description = "Number of UI instances"
default = 1
}
+variable "ui_instance_ami_id" {
+ type = string
+ description = "AMI ID for UI instances, if not set, a suitable AMI ID will
be selected automatically."
+ default = ""
+}
+
+variable "ui_instance_subnet_id" {
+ type = string
+ description = "Subnet ID for UI instances"
+}
+
+variable "ui_instance_security_group_ids" {
+ type = list(string)
+ description = "Additional security groups for UI instances"
+ default = []
+}
+
variable "bastion_enabled" {
type = bool
description = "Enable bastion host, if you want to access the instances via
SSH, you must enable it."
@@ -61,9 +87,21 @@ variable "bastion_instance_type" {
default = "t2.micro"
}
-variable "instance_type" {
+variable "bastion_ssh_cidr_blocks" {
+ type = list(string)
+ description = "CIDR blocks for SSH access to bastion host"
+ default = ["0.0.0.0/0"]
+}
+
+variable "oap_instance_type" {
+ type = string
+ description = "CPU, memory, storage and networking capacity for OAP
instances"
+ default = "c5.xlarge"
+}
+
+variable "ui_instance_type" {
type = string
- description = "CPU, memory, storage and networking capacity for OAP and UI
instances"
+ description = "CPU, memory, storage and networking capacity for UI instances"
default = "t2.medium"
}
@@ -79,35 +117,10 @@ variable "extra_tags" {
default = {}
}
-## VPC
-variable "cidr" {
- type = string
- description = "CIDR for database tier"
- default = "11.0.0.0/16"
-}
-
-variable "private_subnets" {
- type = set(string)
- description = "CIDR used for private subnets"
- default = ["11.0.1.0/24", "11.0.2.0/24", "11.0.3.0/24"]
-}
-
-variable "public_subnets" {
- type = set(string)
- description = "CIDR used for public subnets"
- default = ["11.0.101.0/24", "11.0.102.0/24", "11.0.103.0/24"]
-}
-
-variable "database_subnets" {
- type = set(string)
- description = "CIDR used for database subnets"
- default = ["11.0.104.0/24", "11.0.105.0/24", "11.0.106.0/24"]
-}
-
## Storage
variable "storage" {
type = string
- description = "Storage type for SkyWalking OAP, can be 'h2', or
'rds-postgresql'"
+ description = "Storage type for SkyWalking OAP, can be `h2`, or
`rds-postgresql`"
default = "rds-postgresql"
validation {
@@ -116,39 +129,9 @@ variable "storage" {
}
}
-variable "db_name" {
- type = string
- description = "Name of the database"
- default = "skywalking"
-}
-
-variable "db_username" {
- type = string
- description = "Username for the database"
- default = "skywalking"
-}
-
-variable "db_password" {
- type = string
- description = "Password for the database, if not set, a random password will
be generated."
- default = null
-}
-
-variable "db_storage_size" {
- type = number
- description = "Storage size for the database, in GB"
- default = 5
-}
-
-variable "db_max_storage_size" {
- type = number
- description = "Maximum storage size for the database, in GB"
- default = 100
-}
-
-variable "db_instance_class" {
- type = string
- description = "Instance class for the database"
- default = "db.t3.medium"
+variable "create_lb" {
+ type = bool
+ description = "Create a load balancer for UI instances"
+ default = true
}
diff --git a/aws/rds-postgresql-main.tf b/aws/rds-postgresql-main.tf
index 58f7958..fd685c9 100644
--- a/aws/rds-postgresql-main.tf
+++ b/aws/rds-postgresql-main.tf
@@ -82,7 +82,7 @@ resource "aws_security_group" "allow_apps" {
from_port = 5432
to_port = 5432
protocol = "tcp"
- security_groups = [aws_security_group.skywalking-oap.id]
+ security_groups = module.skywalking.oap_security_groups
}
egress {
diff --git a/aws/skywalking-main.tf b/aws/skywalking-main.tf
new file mode 100644
index 0000000..6ca40d1
--- /dev/null
+++ b/aws/skywalking-main.tf
@@ -0,0 +1,40 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module "skywalking" {
+ source = "./modules/skywalking"
+
+ cluster_name = var.cluster_name
+ storage = var.storage
+
+ oap_instance_count = var.oap_instance_count
+ oap_instance_type = var.oap_instance_type
+ oap_instance_subnet_id = element(module.vpc.private_subnets, 0)
+
+ ui_instance_count = var.ui_instance_count
+ ui_instance_type = var.ui_instance_type
+ ui_instance_subnet_id = element(module.vpc.private_subnets, 0)
+ ui_instance_security_group_ids = var.create_lb ?
aws_security_group.alb-skywalking-ui.*.id : []
+
+ bastion_enabled = var.bastion_enabled
+ bastion_instance_type = var.bastion_instance_type
+ bastion_ssh_cidr_blocks = var.bastion_ssh_cidr_blocks
+ public_key_path = var.public_key_path
+
+ vpc_id = module.vpc.vpc_id
+ vpc_bastion_subnet_id = element(module.vpc.public_subnets, 0)
+}
diff --git a/aws/skywalking-oap-output.tf b/aws/skywalking-oap-output.tf
deleted file mode 100644
index d785e1a..0000000
--- a/aws/skywalking-oap-output.tf
+++ /dev/null
@@ -1,22 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-output "skywalking_oap_ips" {
- value = ["${aws_instance.skywalking-oap.*.private_ip}"]
- description = "The private IPs of the OAP instances"
-}
-
diff --git a/aws/bastion-output.tf b/aws/skywalking-outputs.tf
similarity index 65%
rename from aws/bastion-output.tf
rename to aws/skywalking-outputs.tf
index 03fc206..500eedc 100644
--- a/aws/bastion-output.tf
+++ b/aws/skywalking-outputs.tf
@@ -15,7 +15,22 @@
# specific language governing permissions and limitations
# under the License.
+output "oap_ips" {
+ value = module.skywalking.oap_ips
+ description = "The private IPs of the OAP instances"
+}
+
+output "ui_ips" {
+ value = module.skywalking.ui_ips
+ description = "The IPs of the SkyWalking UI instances"
+}
+
output "bastion_ips" {
- value = aws_instance.bastion.*.public_ip
- description = "The public IP that can be used to SSH into the bastion host."
+ value = module.skywalking.bastion_ips
+ description = "The public IP that can be used to SSH into the bastion host"
+}
+
+output "ssh_user_key_file" {
+ value = module.skywalking.ssh_user_key_file
+ description = "The SSH private key file to use to connect to the bastion
host"
}
diff --git a/aws/skywalking-ui-output.tf b/aws/skywalking-ui-output.tf
deleted file mode 100644
index 89abac4..0000000
--- a/aws/skywalking-ui-output.tf
+++ /dev/null
@@ -1,21 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-output "skywalking_ui_ips" {
- value = ["${aws_instance.skywalking-ui.*.private_ip}"]
- description = "The IPs of the SkyWalking UI instances"
-}
diff --git a/aws/variables.tf b/aws/variables.tf
index dfdf1d6..f78b241 100644
--- a/aws/variables.tf
+++ b/aws/variables.tf
@@ -61,9 +61,21 @@ variable "bastion_instance_type" {
default = "t2.micro"
}
-variable "instance_type" {
+variable "bastion_ssh_cidr_blocks" {
+ type = list(string)
+ description = "CIDR blocks for SSH access to bastion host"
+ default = ["0.0.0.0/0"]
+}
+
+variable "oap_instance_type" {
+ type = string
+ description = "CPU, memory, storage and networking capacity for OAP
instances"
+ default = "c5.xlarge"
+}
+
+variable "ui_instance_type" {
type = string
- description = "CPU, memory, storage and networking capacity for OAP and UI
instances"
+ description = "CPU, memory, storage and networking capacity for UI instances"
default = "t2.medium"
}
@@ -152,3 +164,9 @@ variable "db_instance_class" {
default = "db.t3.medium"
}
+variable "create_lb" {
+ type = bool
+ description = "Create load balancer for SkyWalking UI"
+ default = true
+}
+
