Merge branch 'monitoring' into 'master'

Monitoring See merge request !1

Merge branch 'monitoring' into 'master'
447e1e85 · Radosław Piliszek · 5c82ece0 · 5145fe9d · 447e1e85 · 447e1e85
Commit 447e1e85 authored 2 years ago by Radosław Piliszek
--- a/config.yaml
+++ b/config.yaml
 ---
 iac:
 - terraform
+- piacere_monitoring_requirements
 - piacere_monitoring
 - nginx
 ...
\ No newline at end of file
--- a/piacere_monitoring/ansible.cfg
+++ b/piacere_monitoring/ansible.cfg
 # https://docs.ansible.com/ansible/latest/reference_appendices/config.html
 [defaults]
 host_key_checking = False
-inventory = {{CWD}}/hosts.yaml  ; This points to the file that lists your hosts
-remote_user = esilab
 deprecation_warnings=False ; to remove the python version depretation warning
 display_skipped_hosts = no 
\ No newline at end of file
--- a/piacere_monitoring/config.yaml
+++ b/piacere_monitoring/config.yaml
@@ -3,6 +3,7 @@
 input:
  - instance_ip_vm1
  - instance_server_private_key_user1
+  - DEPLOYMENT_ID
 output: []
 engine: ansible
 ...
--- a/piacere_monitoring/hosts.yaml
+++ b/piacere_monitoring/hosts.yaml
-all:
-  hosts:
-    localhost:
-      ansible_connection: local
--- a/piacere_monitoring/install_playbook_requirements.sh
+++ b/piacere_monitoring/install_playbook_requirements.sh
-#!/bin/bash
-set -e
-SCRIPT_DIR=$(dirname "$0")
-# to avoid the being run in a world writable directory we explicitly assign the ANSIBLE_CONFIG variable 
-if [[ -f ./ansible.cfg ]]
-then
-    export ANSIBLE_CONFIG=./ansible.cfg
-else 
-    if [[ -f $SCRIPT_DIR/ansible.cfg ]]
-    then
-        export ANSIBLE_CONFIG=$SCRIPT_DIR/ansible.cfg
-    fi
-fi
-if [[ -z "$ANSIBLE_CONFIG" ]]
-then 
-    echo ANSIBLE_CONFIG to assigned using default https://docs.ansible.com/ansible/latest/reference_appendices/config.html
-else 
-    echo ANSIBLE_CONFIG=$ANSIBLE_CONFIG
-fi
-if [[ -z "$1" ]]
-then 
-    # echo without params 
-    echo ansible-playbook $SCRIPT_DIR/site_requirements.yaml
-    ansible-playbook $SCRIPT_DIR/site_requirements.yaml
-else 
-    # echo with params
-    echo ansible-playbook $SCRIPT_DIR/site_requirements.yaml --extra-vars "$1"
-    ansible-playbook $SCRIPT_DIR/site_requirements.yaml --extra-vars "$1"
-fi
--- a/piacere_monitoring/main.yml
+++ b/piacere_monitoring/main.yml
---
- hosts: localhost
-  tasks:
-    - name: print disclamer
-      debug:
-        msg: this can also be done with "ansible-galaxy install -r requirements"
-    - name: install telegraf from galaxy
-      community.general.ansible_galaxy_install:
-        type: role
-        requirements_file: ansible_requirements.yml
 - hosts: all
  pre_tasks:
+    - name: Check parameters
+      fail:
+        msg: 'variable {{item}} empty'
+      when:  item | length == 0
+      with_items:
+        - "{{ pma_deployment_id }}"
+        - "{{ pma_influxdb_bucket }}"
+        - "{{ pma_influxdb_token }}"
+        - "{{ pma_influxdb_org }}"
+        - "{{ pma_influxdb_addr }}"
+    - name: Print parameters
+      debug:
+        msg: 
+          - "pma_deployment_id: {{ pma_deployment_id }}"
+          - "pma_influxdb_bucket: {{ pma_influxdb_bucket }}"
+          - "pma_influxdb_token: {{ pma_influxdb_token }}"
+          - "pma_influxdb_org: {{ pma_influxdb_org }}"
+          - "pma_influxdb_addr: {{ pma_influxdb_addr | length }}"
    - name: Ensure gnupg package
      package:
        name: gnupg
        state: present
      become: true
  vars_files:
    - vars/main.yaml
  roles:

--- a/piacere_monitoring/run-playbook.sh
+++ b/piacere_monitoring/run-playbook.sh
-#!/bin/bash
-set -e
-SCRIPT_DIR=$(dirname "$0")
-# to avoid the being run in a world writable directory we explicitly assign the ANSIBLE_CONFIG variable 
-if [[ -f ./ansible.cfg ]]
-then
-    export ANSIBLE_CONFIG=./ansible.cfg
-else 
-    if [[ -f $SCRIPT_DIR/ansible.cfg ]]
-    then
-        export ANSIBLE_CONFIG=$SCRIPT_DIR/ansible.cfg
-    fi
-fi
-if [[ -z "$ANSIBLE_CONFIG" ]]
-then 
-    echo ANSIBLE_CONFIG to assigned using default https://docs.ansible.com/ansible/latest/reference_appendices/config.html
-else 
-    echo ANSIBLE_CONFIG=$ANSIBLE_CONFIG
-fi
-if [[ -z "$1" ]]
-then 
-    # echo without params 
-    echo ansible-playbook $SCRIPT_DIR/site.yaml
-    ansible-playbook $SCRIPT_DIR/site.yaml
-else 
-    # echo with params
-    echo ansible-playbook $SCRIPT_DIR/site.yaml --extra-vars "$1"
-    ansible-playbook $SCRIPT_DIR/site.yaml --extra-vars "$1"
-fi
--- a/piacere_monitoring/site.yaml
+++ b/piacere_monitoring/site.yaml
- hosts: all
-  pre_tasks:
-    - name: Check parameters
-      fail:
-        msg: 'variable {{item}} not defined'
-      when: item is not defined
-      with_items:
-        - pma_deployment_id
-        - pma_influxdb_bucket
-        - pma_influxdb_token
-        - pma_influxdb_org
-        - pma_influxdb_addr
-    - name: Print parameters
-      debug:
-        msg: 
-          - "pma_deployment_id: {{ pma_deployment_id }}"
-          - "pma_influxdb_bucket: {{ pma_influxdb_bucket }}"
-          - "pma_influxdb_token: {{ pma_influxdb_token }}"
-          - "pma_influxdb_org: {{ pma_influxdb_org }}"
-          - "pma_influxdb_addr: {{ pma_influxdb_addr }}"
-    - name: Ensure gnupg package
-      package:
-        name: gnupg
-        state: present
-      become: true
-  vars_files:
-    - vars/main.yaml
-  roles:
-    - dj-wasabi.telegraf
--- a/piacere_monitoring/vars/main.yaml
+++ b/piacere_monitoring/vars/main.yaml
-pma_deployment_id: "123e4567-e89b-12d3-a456-426614174002"
+pma_deployment_id: "{{ lookup('env', 'DEPLOYMENT_ID' ) }}" 
-pma_influxdb_bucket: "bucket"
+pma_influxdb_bucket:  "{{ lookup('env', 'INFLUXDB_BUCKET' ) }}"
-pma_influxdb_token: "piacerePassword"
+pma_influxdb_token:  "{{ lookup('env', 'INFLUXDB_TOKEN' ) }}"
-pma_influxdb_org: "piacere"
+pma_influxdb_org:  "{{ lookup('env', 'INFLUXDB_ORG' ) }}"
-pma_influxdb_addr: "https://influxdb.pm.ci.piacere.digital.tecnalia.dev"
+pma_influxdb_addr:  "{{ lookup('env', 'INFLUXDB_ADDR' ) }}"
 telegraf_agent_package_state: latest

--- a/piacere_monitoring_requirements/ansible.cfg
+++ b/piacere_monitoring_requirements/ansible.cfg
+# https://docs.ansible.com/ansible/latest/reference_appendices/config.html
+[defaults]
+host_key_checking = False
+deprecation_warnings=False ; to remove the python version depretation warning
+display_skipped_hosts = no 
\ No newline at end of file
--- a/piacere_monitoring/ansible_requirements.yml
+++ b/piacere_monitoring/ansible_requirements.yml
--- a/piacere_monitoring_requirements/config.yaml
+++ b/piacere_monitoring_requirements/config.yaml
+---
+input: []
+output: []
+engine: ansible
+...
--- a/piacere_monitoring_requirements/inventory.j2
+++ b/piacere_monitoring_requirements/inventory.j2
+localhost ansible_connection=local
\ No newline at end of file
--- a/piacere_monitoring_requirements/main.yml
+++ b/piacere_monitoring_requirements/main.yml
+- name: "Intalling requirements"
+  hosts: localhost
+  connection: local 
+  tasks:
+    - name: print disclamer
+      debug:
+        msg: this can also be done with "ansible-galaxy install -r requirements"
+    - name: install telegraf from galaxy
+      community.general.ansible_galaxy_install:
+        type: role
+        requirements_file: ansible_requirements.yml
--- a/piacere_monitoring_requirements/ssh_key.j2
+++ b/piacere_monitoring_requirements/ssh_key.j2
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -67,11 +67,7 @@ resource "openstack_networking_port_v2" "net1" {
  network_id     = openstack_networking_network_v2.net1.id
  admin_state_up = true
  security_group_ids = [
-  openstack_compute_secgroup_v2.icmp.id,
+  openstack_compute_secgroup_v2.nginx.id,
-  openstack_compute_secgroup_v2.http.id,
-  openstack_compute_secgroup_v2.https.id,
-  openstack_compute_secgroup_v2.ssh.id,
  ]
  fixed_ip {
    subnet_id = openstack_networking_subnet_v2.net1_subnet.id
@@ -89,54 +85,43 @@ resource "openstack_networking_router_interface_v2" "net1_router_interface" {
  subnet_id = openstack_networking_subnet_v2.net1_subnet.id
 }
+# generate random string
+resource "random_string" "key_pair_user_name" {
+  length           = 16
+  special          = false
+  upper            = false
+  numeric          = false
+}
 # Create ssh keys
 resource "openstack_compute_keypair_v2" "user1" {
-  name       = "user1"
+  name       = random_string.key_pair_user_name.result
  # public_key = "user1"
 }
 # CREATING SECURITY_GROUP
-resource "openstack_compute_secgroup_v2" "icmp" {
+resource "openstack_compute_secgroup_v2" "nginx" {
-  name        = "icmp"
+  name        = "nginx"
-  description  = "Security group rule for port -1"
+  description  = "Security group rule for nginx"
  rule {
    from_port   = -1
    to_port     = -1
    ip_protocol = "icmp"
    cidr        = "0.0.0.0/0"
  }
-}
-resource "openstack_compute_secgroup_v2" "http" {
-  name        = "http"
-  description  = "Security group rule for port 80"
  rule {
    from_port   = 80
    to_port     = 80
    ip_protocol = "tcp"
    cidr        = "0.0.0.0/0"
  }
-}
-resource "openstack_compute_secgroup_v2" "https" {
-  name        = "https"
-  description  = "Security group rule for port 443"
  rule {
    from_port   = 443
    to_port     = 443
    ip_protocol = "tcp"
    cidr        = "0.0.0.0/0"
  }
-}
-resource "openstack_compute_secgroup_v2" "ssh" {
-  name        = "ssh"
-  description  = "Security group rule for port 22"
  rule {
    from_port   = 22
    to_port     = 22