From 9e259ee372d4f0918f3fdb3f9fba6faedea37ae8 Mon Sep 17 00:00:00 2001
From: Yaron Amir <yamir@outbrain.com>
Date: Sun, 2 Jun 2019 10:08:46 +0300
Subject: [PATCH 1/3] adding files for metrics session

---
 .../docker/startDummyExporter.txt             |  5 +
 service_registartion/file/commands.txt        |  9 ++
 .../file/node-exporter-9100.json              | 15 +++
 .../update_to_prometheus.yml                  | 41 ++++++++
 terraform_metrics/aws.tf                      | 67 +++++++++++++
 terraform_metrics/consul.tf                   | 40 ++++++++
 terraform_metrics/metrics.tf                  | 96 +++++++++++++++++++
 terraform_metrics/templates/consul.sh.tpl     | 76 +++++++++++++++
 .../templates/policies/assume-role.json       | 15 +++
 .../policies/describe-instances.json          | 10 ++
 terraform_metrics/variables.tf                | 38 ++++++++
 11 files changed, 412 insertions(+)
 create mode 100644 service_registartion/docker/startDummyExporter.txt
 create mode 100644 service_registartion/file/node-exporter-9100.json
 create mode 100644 service_registartion/update_prometheus/update_to_prometheus.yml
 create mode 100644 terraform_metrics/aws.tf
 create mode 100644 terraform_metrics/consul.tf
 create mode 100644 terraform_metrics/metrics.tf
 create mode 100644 terraform_metrics/templates/consul.sh.tpl
 create mode 100644 terraform_metrics/templates/policies/assume-role.json
 create mode 100644 terraform_metrics/templates/policies/describe-instances.json
 create mode 100644 terraform_metrics/variables.tf

diff --git a/service_registartion/docker/startDummyExporter.txt b/service_registartion/docker/startDummyExporter.txt
new file mode 100644
index 0000000..e848727
--- /dev/null
+++ b/service_registartion/docker/startDummyExporter.txt
@@ -0,0 +1,5 @@
+# Bring up and register dummy exporter
+docker run --rm -d --name dummyexporter2 -P -e SERVICE_TAGS=dummyexporter,docker,metrics -p 8080:5000 dummyexporter
+
+# DeRegister
+docker stop dummyexporter2
diff --git a/service_registartion/file/commands.txt b/service_registartion/file/commands.txt
index 63229ce..00b74a6 100644
--- a/service_registartion/file/commands.txt
+++ b/service_registartion/file/commands.txt
@@ -1,4 +1,5 @@
 # Register
+# ssh 
 vi /etc/consul.d/ssh-22.json
 systemctl reload consul
 
@@ -6,3 +7,11 @@ systemctl reload consul
 rm /etc/consul.d/ssh-22.json
 consul reload
 
+
+# node-exporter
+vi /etc/consul.d/node-expoter-22.json
+systemctl reload consul
+
+# DeRegister
+rm /etc/consul.d/node-expoter-22.json
+consul reload
diff --git a/service_registartion/file/node-exporter-9100.json b/service_registartion/file/node-exporter-9100.json
new file mode 100644
index 0000000..49ed408
--- /dev/null
+++ b/service_registartion/file/node-exporter-9100.json
@@ -0,0 +1,15 @@
+{
+  "service": {
+    "name": "node-expoter",
+    "id":"node-exporter-9100",
+    "tags": ["metrics"],
+    "port": 9100,
+    "checks": [
+      {
+        "name": "Port 9100 tcp check",
+        "interval": "30s",
+        "TCP": "localhost:9100"
+      }
+    ]
+  }
+}
diff --git a/service_registartion/update_prometheus/update_to_prometheus.yml b/service_registartion/update_prometheus/update_to_prometheus.yml
new file mode 100644
index 0000000..c966424
--- /dev/null
+++ b/service_registartion/update_prometheus/update_to_prometheus.yml
@@ -0,0 +1,41 @@
+# my global config
+global:
+  scrape_interval:     10s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
+  evaluation_interval: 10s # Evaluate rules every 15 seconds. The default is every 1 minute.
+  # scrape_timeout is set to the global default (10s).
+
+# Alertmanager configuration
+alerting:
+  alertmanagers:
+  - static_configs:
+    - targets:
+      # - alertmanager:9093
+
+# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
+rule_files:
+  # - "first_rules.yml"
+  # - "second_rules.yml"
+
+# A scrape configuration containing exactly one endpoint to scrape:
+# Here it's Prometheus itself.
+scrape_configs:
+  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
+  - job_name: 'prometheus'
+    static_configs:
+    - targets: ['localhost:9090']
+
+  - job_name: 'dummy_exporter'
+    static_configs:
+    - targets: ['localhost:8081']
+
+  - job_name: 'node_expoter_via_consul'
+    consul_sd_configs:
+      - server: 'localhost:8500'
+        services: []
+    relabel_configs:
+      - source_labels: [__meta_consul_tags]
+        regex: .*,metrics,.*
+        action: keep
+      - source_labels: [__meta_consul_service]
+        target_label: job
+
diff --git a/terraform_metrics/aws.tf b/terraform_metrics/aws.tf
new file mode 100644
index 0000000..1f9b335
--- /dev/null
+++ b/terraform_metrics/aws.tf
@@ -0,0 +1,67 @@
+provider "aws" {
+  region = "${var.region}"
+  version = "~> 1.0"
+}
+
+resource "aws_security_group" "opsschool_consul" {
+  name        = "opsschool-consul"
+  description = "Allow ssh & consul inbound traffic"
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    self        = true
+    description = "Allow all inside security group"
+  }
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow ssh from the world"
+  }
+
+  ingress {
+    from_port   = 8500
+    to_port     = 8500
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow consul UI access from the world"
+  }
+
+  egress {
+    from_port       = 0
+    to_port         = 0
+    protocol        = "-1"
+    cidr_blocks     = ["0.0.0.0/0"]
+    description     = "Allow all outside security group"
+  }
+}
+
+# Create an IAM role for the auto-join
+resource "aws_iam_role" "consul-join" {
+  name               = "opsschool-consul-join"
+  assume_role_policy = "${file("${path.module}/templates/policies/assume-role.json")}"
+}
+
+# Create the policy
+resource "aws_iam_policy" "consul-join" {
+  name        = "opsschool-consul-join"
+  description = "Allows Consul nodes to describe instances for joining."
+  policy      = "${file("${path.module}/templates/policies/describe-instances.json")}"
+}
+
+# Attach the policy
+resource "aws_iam_policy_attachment" "consul-join" {
+  name       = "opsschool-consul-join"
+  roles      = ["${aws_iam_role.consul-join.name}"]
+  policy_arn = "${aws_iam_policy.consul-join.arn}"
+}
+
+# Create the instance profile
+resource "aws_iam_instance_profile" "consul-join" {
+  name  = "opsschool-consul-join"
+  role = "${aws_iam_role.consul-join.name}"
+}
diff --git a/terraform_metrics/consul.tf b/terraform_metrics/consul.tf
new file mode 100644
index 0000000..9ee6e25
--- /dev/null
+++ b/terraform_metrics/consul.tf
@@ -0,0 +1,40 @@
+# Create the user-data for the Consul server
+data "template_file" "consul_server" {
+  count    = "${var.servers}"
+  template = "${file("${path.module}/templates/consul.sh.tpl")}"
+
+  vars {
+    consul_version = "${var.consul_version}"
+    config = <<EOF
+     "node_name": "opsschool-server-${count.index+1}",
+     "server": true,
+     "bootstrap_expect": 3,
+     "ui": true,
+     "client_addr": "0.0.0.0"
+    EOF
+  }
+}
+
+# Create the Consul cluster
+resource "aws_instance" "consul_server" {
+  count = "${var.servers}"
+
+  ami           = "${lookup(var.ami, var.region)}"
+  instance_type = "t2.micro"
+  key_name      = "${var.key_name}"
+
+  iam_instance_profile   = "${aws_iam_instance_profile.consul-join.name}"
+  vpc_security_group_ids = ["${aws_security_group.opsschool_consul.id}"]
+
+  tags = {
+    Name = "opsschool-server-${count.index+1}"
+    consul_server = "true"
+  }
+
+  user_data = "${element(data.template_file.consul_server.*.rendered, count.index)}"
+}
+
+output "servers" {
+  value = ["${aws_instance.consul_server.*.public_ip}"]
+}
+
diff --git a/terraform_metrics/metrics.tf b/terraform_metrics/metrics.tf
new file mode 100644
index 0000000..6ab3fd2
--- /dev/null
+++ b/terraform_metrics/metrics.tf
@@ -0,0 +1,96 @@
+resource "aws_instance" "metrics_servers" {
+  count = "${var.metrics_servers}"
+
+  ami           = "${lookup(var.metrics-ami, var.region)}"
+  instance_type = "t2.small"
+  key_name      = "${var.key_name}"
+
+  iam_instance_profile   = "${aws_iam_instance_profile.consul-join.name}"
+  vpc_security_group_ids = ["${aws_security_group.opsschool_consul.id}","${aws_security_group.metrics-server-sec.id}"]
+
+  tags = {
+    Name = "opsschool-client-${count.index+1}"
+  }
+
+  user_data = "${element(data.template_file.consul_client.*.rendered, count.index)}"
+}
+
+# Create the user-data for the Consul agent
+data "template_file" "consul_client" {
+  count    = "${var.metrics_servers}"
+  template = "${file("${path.module}/templates/consul.sh.tpl")}"
+
+  vars {
+    consul_version = "${var.consul_version}"
+    config = <<EOF
+     "node_name": "opsschool-client-${count.index+1}",
+     "enable_script_checks": true,
+     "server": false
+    EOF
+  }
+}
+
+resource "aws_security_group" "metrics-server-sec" {
+  name        = "metrics-server-sec"
+  description = "Allow ssh & consul inbound traffic"
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    self        = true
+    description = "Allow all inside security group"
+  }
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow ssh from the world"
+  }
+
+  ingress {
+    from_port   = 3000
+    to_port     = 3000
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow grafana UI access from the world"
+  }
+
+  ingress {
+    from_port   = 8080
+    to_port     = 8081
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow dummyExporter metrics from dockes from the world"
+  }
+
+  ingress {
+    from_port   = 9100
+    to_port     = 9100
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "allow node exporter metrics to the world"
+  }
+
+  ingress {
+    from_port   = 9090
+    to_port     = 9094
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow prometheus UI access from the world"
+  }
+
+  egress {
+    from_port       = 0
+    to_port         = 0
+    protocol        = "-1"
+    cidr_blocks     = ["0.0.0.0/0"]
+    description     = "Allow all outside security group"
+  }
+}
+
+output "clients" {
+  value = ["${aws_instance.metrics_servers.*.public_ip}"]
+}
diff --git a/terraform_metrics/templates/consul.sh.tpl b/terraform_metrics/templates/consul.sh.tpl
new file mode 100644
index 0000000..66d267b
--- /dev/null
+++ b/terraform_metrics/templates/consul.sh.tpl
@@ -0,0 +1,76 @@
+#!/usr/bin/env bash
+set -e
+
+echo "Grabbing IPs..."
+PRIVATE_IP=$(curl http://169.254.169.254/latest/meta-data/local-ipv4)
+
+echo "Installing dependencies..."
+sudo apt-get -qq update &>/dev/null
+sudo apt-get -yqq install unzip dnsmasq &>/dev/null
+
+echo "Configuring dnsmasq..."
+cat << EODMCF >/etc/dnsmasq.d/10-consul
+# Enable forward lookup of the 'consul' domain:
+server=/consul/127.0.0.1#8600
+EODMCF
+
+systemctl restart dnsmasq
+
+echo "Fetching Consul..."
+cd /tmp
+curl -sLo consul.zip https://releases.hashicorp.com/consul/${consul_version}/consul_${consul_version}_linux_amd64.zip
+
+echo "Installing Consul..."
+unzip consul.zip >/dev/null
+sudo chmod +x consul
+sudo mv consul /usr/local/bin/consul
+
+# Setup Consul
+sudo mkdir -p /opt/consul
+sudo mkdir -p /etc/consul.d
+sudo mkdir -p /run/consul
+sudo tee /etc/consul.d/config.json > /dev/null <<EOF
+{
+  "advertise_addr": "$PRIVATE_IP",
+  "data_dir": "/opt/consul",
+  "datacenter": "opsschool",
+  "encrypt": "uDBV4e+LbFW3019YKPxIrg==",
+  "disable_remote_exec": true,
+  "disable_update_check": true,
+  "leave_on_terminate": true,
+  "retry_join": ["provider=aws tag_key=consul_server tag_value=true"],
+  ${config}
+}
+EOF
+
+# Create user & grant ownership of folders
+sudo useradd consul
+sudo chown -R consul:consul /opt/consul /etc/consul.d /run/consul
+
+
+# Configure consul service
+sudo tee /etc/systemd/system/consul.service > /dev/null <<"EOF"
+[Unit]
+Description=Consul service discovery agent
+Requires=network-online.target
+After=network.target
+
+[Service]
+User=consul
+Group=consul
+PIDFile=/run/consul/consul.pid
+Restart=on-failure
+Environment=GOMAXPROCS=2
+ExecStartPre=[ -f "/run/consul/consul.pid" ] && /usr/bin/rm -f /run/consul/consul.pid
+ExecStart=/usr/local/bin/consul agent -pid-file=/run/consul/consul.pid -config-dir=/etc/consul.d
+ExecReload=/bin/kill -s HUP $MAINPID
+KillSignal=SIGINT
+TimeoutStopSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+sudo systemctl daemon-reload
+sudo systemctl enable consul.service
+sudo systemctl start consul.service
diff --git a/terraform_metrics/templates/policies/assume-role.json b/terraform_metrics/templates/policies/assume-role.json
new file mode 100644
index 0000000..27bf50f
--- /dev/null
+++ b/terraform_metrics/templates/policies/assume-role.json
@@ -0,0 +1,15 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+
+
diff --git a/terraform_metrics/templates/policies/describe-instances.json b/terraform_metrics/templates/policies/describe-instances.json
new file mode 100644
index 0000000..dc039e2
--- /dev/null
+++ b/terraform_metrics/templates/policies/describe-instances.json
@@ -0,0 +1,10 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": "ec2:DescribeInstances",
+      "Resource": "*"
+    }
+  ]
+}
diff --git a/terraform_metrics/variables.tf b/terraform_metrics/variables.tf
new file mode 100644
index 0000000..3c3ed95
--- /dev/null
+++ b/terraform_metrics/variables.tf
@@ -0,0 +1,38 @@
+variable "region" {
+  description = "AWS region for VMs"
+  default = "us-east-1"
+}
+
+variable "servers" {
+  description = "The number of consul servers."
+  default = 3
+}
+
+variable "metrics_servers" {
+  description = "The number of consul client instances"
+  default = 1
+}
+
+variable "consul_version" {
+  description = "The version of Consul to install (server and client)."
+  default     = "1.4.0"
+}
+
+variable "key_name" {
+  description = "name of ssh key to attach to hosts"
+}
+
+variable "ami" {
+  description = "ami to use - based on region"
+  default = {
+    "us-east-1" = "ami-0565af6e282977273"
+    "us-east-2" = "ami-0653e888ec96eab9b"
+  }
+}
+
+variable "metrics-ami" {
+  description = "metrics ami to use - based on region"
+  default = {
+    "us-east-1" = "ami-0949302e6829a54d3"
+  }
+}

From 399f7c103b9cec8c4e33d9a09c06797567d130ad Mon Sep 17 00:00:00 2001
From: Yaron Amir <yamir@outbrain.com>
Date: Tue, 4 Jun 2019 08:29:04 +0300
Subject: [PATCH 2/3] adding configuration of default vpc, for those who do not
 have it

---
 terraform_metrics/default_vpc/default_vpc.tf | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 terraform_metrics/default_vpc/default_vpc.tf

diff --git a/terraform_metrics/default_vpc/default_vpc.tf b/terraform_metrics/default_vpc/default_vpc.tf
new file mode 100644
index 0000000..0de2ad5
--- /dev/null
+++ b/terraform_metrics/default_vpc/default_vpc.tf
@@ -0,0 +1,5 @@
+resource "aws_default_vpc" "default" {
+  tags = {
+    Name = "Default VPC"
+  }
+}

From d665030900110d0ccab18489e1f88c92420f3b07 Mon Sep 17 00:00:00 2001
From: Yaron Amir <yamir@outbrain.com>
Date: Tue, 4 Jun 2019 08:45:11 +0300
Subject: [PATCH 3/3] adding instructions to the README for consul metrics
 session

---
 README.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/README.md b/README.md
index 87851d9..f9cff91 100644
--- a/README.md
+++ b/README.md
@@ -12,3 +12,26 @@
 * Each method has it's own directory
 * Instructions are in the `commands.txt` file
 * Additional resources (json files) are in each directory
+
+
+### metrics session
+* for the shared metrics and consul session we will use the terraform_metrics directory
+#### what do we have in this directory?
+this terraform will create the following
+1. three node consul cluster
+2. one metrics EC2 instance with the following installed
+   - docker
+   - consul client
+   - dummyExporter docker image
+   - grafana docker image
+   - node exporter
+   - prometheus
+   - this instance will join the consul cluster as a client.
+
+### Steps to bring up the environment:
+* if you do not have a default_vpc copy the the default_vpc.tf from the default_vpc directory
+* cd terraform_metrics
+* Run `terraform init`
+* Run `terraform plan`
+* Run `terraform apply`
+