ops-school · boulidad · Jun 2, 2019 · Jun 4, 2019 · Jun 4, 2019
diff --git a/README.md b/README.md
@@ -12,3 +12,26 @@
 * Each method has it's own directory
 * Instructions are in the `commands.txt` file
 * Additional resources (json files) are in each directory
+
+
+### metrics session
+* for the shared metrics and consul session we will use the terraform_metrics directory
+#### what do we have in this directory?
+this terraform will create the following
+1. three node consul cluster
+2. one metrics EC2 instance with the following installed
+   - docker
+   - consul client
+   - dummyExporter docker image
+   - grafana docker image
+   - node exporter
+   - prometheus
+   - this instance will join the consul cluster as a client.
+
+### Steps to bring up the environment:
+* if you do not have a default_vpc copy the the default_vpc.tf from the default_vpc directory
+* cd terraform_metrics
+* Run `terraform init`
+* Run `terraform plan`
+* Run `terraform apply`
+
diff --git a/service_registartion/docker/startDummyExporter.txt b/service_registartion/docker/startDummyExporter.txt
@@ -0,0 +1,5 @@
+# Bring up and register dummy exporter
+docker run --rm -d --name dummyexporter2 -P -e SERVICE_TAGS=dummyexporter,docker,metrics -p 8080:5000 dummyexporter
+
+# DeRegister
+docker stop dummyexporter2
diff --git a/service_registartion/file/commands.txt b/service_registartion/file/commands.txt
@@ -1,8 +1,17 @@
 # Register
+# ssh 
 vi /etc/consul.d/ssh-22.json
 systemctl reload consul
 
 # DeRegister
 rm /etc/consul.d/ssh-22.json
 consul reload
 
+
+# node-exporter
+vi /etc/consul.d/node-expoter-22.json
+systemctl reload consul
+
+# DeRegister
+rm /etc/consul.d/node-expoter-22.json
+consul reload
diff --git a/service_registartion/file/node-exporter-9100.json b/service_registartion/file/node-exporter-9100.json
@@ -0,0 +1,15 @@
+{
+  "service": {
+    "name": "node-expoter",
+    "id":"node-exporter-9100",
+    "tags": ["metrics"],
+    "port": 9100,
+    "checks": [
+      {
+        "name": "Port 9100 tcp check",
+        "interval": "30s",
+        "TCP": "localhost:9100"
+      }
+    ]
+  }
+}
diff --git a/service_registartion/update_prometheus/update_to_prometheus.yml b/service_registartion/update_prometheus/update_to_prometheus.yml
@@ -0,0 +1,41 @@
+# my global config
+global:
+  scrape_interval:     10s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
+  evaluation_interval: 10s # Evaluate rules every 15 seconds. The default is every 1 minute.
+  # scrape_timeout is set to the global default (10s).
+
+# Alertmanager configuration
+alerting:
+  alertmanagers:
+  - static_configs:
+    - targets:
+      # - alertmanager:9093
+
+# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
+rule_files:
+  # - "first_rules.yml"
+  # - "second_rules.yml"
+
+# A scrape configuration containing exactly one endpoint to scrape:
+# Here it's Prometheus itself.
+scrape_configs:
+  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
+  - job_name: 'prometheus'
+    static_configs:
+    - targets: ['localhost:9090']
+
+  - job_name: 'dummy_exporter'
+    static_configs:
+    - targets: ['localhost:8081']
+
+  - job_name: 'node_expoter_via_consul'
+    consul_sd_configs:
+      - server: 'localhost:8500'
+        services: []
+    relabel_configs:
+      - source_labels: [__meta_consul_tags]
+        regex: .*,metrics,.*
+        action: keep
+      - source_labels: [__meta_consul_service]
+        target_label: job
+
diff --git a/terraform_metrics/aws.tf b/terraform_metrics/aws.tf
@@ -0,0 +1,67 @@
+provider "aws" {
+  region = "${var.region}"
+  version = "~> 1.0"
+}
+
+resource "aws_security_group" "opsschool_consul" {
+  name        = "opsschool-consul"
+  description = "Allow ssh & consul inbound traffic"
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    self        = true
+    description = "Allow all inside security group"
+  }
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow ssh from the world"
+  }
+
+  ingress {
+    from_port   = 8500
+    to_port     = 8500
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow consul UI access from the world"
+  }
+
+  egress {
+    from_port       = 0
+    to_port         = 0
+    protocol        = "-1"
+    cidr_blocks     = ["0.0.0.0/0"]
+    description     = "Allow all outside security group"
+  }
+}
+
+# Create an IAM role for the auto-join
+resource "aws_iam_role" "consul-join" {
+  name               = "opsschool-consul-join"
+  assume_role_policy = "${file("${path.module}/templates/policies/assume-role.json")}"
+}
+
+# Create the policy
+resource "aws_iam_policy" "consul-join" {
+  name        = "opsschool-consul-join"
+  description = "Allows Consul nodes to describe instances for joining."
+  policy      = "${file("${path.module}/templates/policies/describe-instances.json")}"
+}
+
+# Attach the policy
+resource "aws_iam_policy_attachment" "consul-join" {
+  name       = "opsschool-consul-join"
+  roles      = ["${aws_iam_role.consul-join.name}"]
+  policy_arn = "${aws_iam_policy.consul-join.arn}"
+}
+
+# Create the instance profile
+resource "aws_iam_instance_profile" "consul-join" {
+  name  = "opsschool-consul-join"
+  role = "${aws_iam_role.consul-join.name}"
+}
diff --git a/terraform_metrics/consul.tf b/terraform_metrics/consul.tf
@@ -0,0 +1,40 @@
+# Create the user-data for the Consul server
+data "template_file" "consul_server" {
+  count    = "${var.servers}"
+  template = "${file("${path.module}/templates/consul.sh.tpl")}"
+
+  vars {
+    consul_version = "${var.consul_version}"
+    config = <<EOF
+     "node_name": "opsschool-server-${count.index+1}",
+     "server": true,
+     "bootstrap_expect": 3,
+     "ui": true,
+     "client_addr": "0.0.0.0"
+    EOF
+  }
+}
+
+# Create the Consul cluster
+resource "aws_instance" "consul_server" {
+  count = "${var.servers}"
+
+  ami           = "${lookup(var.ami, var.region)}"
+  instance_type = "t2.micro"
+  key_name      = "${var.key_name}"
+
+  iam_instance_profile   = "${aws_iam_instance_profile.consul-join.name}"
+  vpc_security_group_ids = ["${aws_security_group.opsschool_consul.id}"]
+
+  tags = {
+    Name = "opsschool-server-${count.index+1}"
+    consul_server = "true"
+  }
+
+  user_data = "${element(data.template_file.consul_server.*.rendered, count.index)}"
+}
+
+output "servers" {
+  value = ["${aws_instance.consul_server.*.public_ip}"]
+}
+
diff --git a/terraform_metrics/default_vpc/default_vpc.tf b/terraform_metrics/default_vpc/default_vpc.tf
@@ -0,0 +1,5 @@
+resource "aws_default_vpc" "default" {
+  tags = {
+    Name = "Default VPC"
+  }
+}
diff --git a/terraform_metrics/metrics.tf b/terraform_metrics/metrics.tf
@@ -0,0 +1,96 @@
+resource "aws_instance" "metrics_servers" {
+  count = "${var.metrics_servers}"
+
+  ami           = "${lookup(var.metrics-ami, var.region)}"
+  instance_type = "t2.small"
+  key_name      = "${var.key_name}"
+
+  iam_instance_profile   = "${aws_iam_instance_profile.consul-join.name}"
+  vpc_security_group_ids = ["${aws_security_group.opsschool_consul.id}","${aws_security_group.metrics-server-sec.id}"]
+
+  tags = {
+    Name = "opsschool-client-${count.index+1}"
+  }
+
+  user_data = "${element(data.template_file.consul_client.*.rendered, count.index)}"
+}
+
+# Create the user-data for the Consul agent
+data "template_file" "consul_client" {
+  count    = "${var.metrics_servers}"
+  template = "${file("${path.module}/templates/consul.sh.tpl")}"
+
+  vars {
+    consul_version = "${var.consul_version}"
+    config = <<EOF
+     "node_name": "opsschool-client-${count.index+1}",
+     "enable_script_checks": true,
+     "server": false
+    EOF
+  }
+}
+
+resource "aws_security_group" "metrics-server-sec" {
+  name        = "metrics-server-sec"
+  description = "Allow ssh & consul inbound traffic"
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    self        = true
+    description = "Allow all inside security group"
+  }
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow ssh from the world"
+  }
+
+  ingress {
+    from_port   = 3000
+    to_port     = 3000
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow grafana UI access from the world"
+  }
+
+  ingress {
+    from_port   = 8080
+    to_port     = 8081
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow dummyExporter metrics from dockes from the world"
+  }
+
+  ingress {
+    from_port   = 9100
+    to_port     = 9100
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "allow node exporter metrics to the world"
+  }
+
+  ingress {
+    from_port   = 9090
+    to_port     = 9094
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow prometheus UI access from the world"
+  }
+
+  egress {
+    from_port       = 0
+    to_port         = 0
+    protocol        = "-1"
+    cidr_blocks     = ["0.0.0.0/0"]
+    description     = "Allow all outside security group"
+  }
+}
+
+output "clients" {
+  value = ["${aws_instance.metrics_servers.*.public_ip}"]
+}
diff --git a/terraform_metrics/templates/consul.sh.tpl b/terraform_metrics/templates/consul.sh.tpl
@@ -0,0 +1,76 @@
+#!/usr/bin/env bash
+set -e
+
+echo "Grabbing IPs..."
+PRIVATE_IP=$(curl http://169.254.169.254/latest/meta-data/local-ipv4)
+
+echo "Installing dependencies..."
+sudo apt-get -qq update &>/dev/null
+sudo apt-get -yqq install unzip dnsmasq &>/dev/null
+
+echo "Configuring dnsmasq..."
+cat << EODMCF >/etc/dnsmasq.d/10-consul
+# Enable forward lookup of the 'consul' domain:
+server=/consul/127.0.0.1#8600
+EODMCF
+
+systemctl restart dnsmasq
+
+echo "Fetching Consul..."
+cd /tmp
+curl -sLo consul.zip https://releases.hashicorp.com/consul/${consul_version}/consul_${consul_version}_linux_amd64.zip
+
+echo "Installing Consul..."
+unzip consul.zip >/dev/null
+sudo chmod +x consul
+sudo mv consul /usr/local/bin/consul
+
+# Setup Consul
+sudo mkdir -p /opt/consul
+sudo mkdir -p /etc/consul.d
+sudo mkdir -p /run/consul
+sudo tee /etc/consul.d/config.json > /dev/null <<EOF
+{
+  "advertise_addr": "$PRIVATE_IP",
+  "data_dir": "/opt/consul",
+  "datacenter": "opsschool",
+  "encrypt": "uDBV4e+LbFW3019YKPxIrg==",
+  "disable_remote_exec": true,
+  "disable_update_check": true,
+  "leave_on_terminate": true,
+  "retry_join": ["provider=aws tag_key=consul_server tag_value=true"],
+  ${config}
+}
+EOF
+
+# Create user & grant ownership of folders
+sudo useradd consul
+sudo chown -R consul:consul /opt/consul /etc/consul.d /run/consul
+
+
+# Configure consul service
+sudo tee /etc/systemd/system/consul.service > /dev/null <<"EOF"
+[Unit]
+Description=Consul service discovery agent
+Requires=network-online.target
+After=network.target
+
+[Service]
+User=consul
+Group=consul
+PIDFile=/run/consul/consul.pid
+Restart=on-failure
+Environment=GOMAXPROCS=2
+ExecStartPre=[ -f "/run/consul/consul.pid" ] && /usr/bin/rm -f /run/consul/consul.pid
+ExecStart=/usr/local/bin/consul agent -pid-file=/run/consul/consul.pid -config-dir=/etc/consul.d
+ExecReload=/bin/kill -s HUP $MAINPID
+KillSignal=SIGINT
+TimeoutStopSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+sudo systemctl daemon-reload
+sudo systemctl enable consul.service
+sudo systemctl start consul.service