| commit | bd31bcfb956a8ebd15770383ed33d6f259f805a1 | [log] [tgz] |
|---|---|---|
| author | kezhenxu94 <kezhenxu94@apache.org> | Fri Sep 01 20:43:07 2023 +0800 |
| committer | GitHub <noreply@github.com> | Fri Sep 01 20:43:07 2023 +0800 |
| tree | 44af20adbc655e3aec4f98d6be3be2f13c1e4109 | |
| parent | e6ba72dc5a8e5ce2614b99c123ecf627c65497fe [diff] |
Add database provisioner, ALB and bastion host (#28) - Add database provisioner, currently support H2 and rds-postgresql. - Add an AWS ALB so that we can access the SkyWalking UI via ALB, instead of doing port forward. - For security reason, add a bastion host and all operations to OAP and UI instances are done via bastion host as a proxy. - Simplify some command line options by adding them into files. - Generate Terraform docs for inputs, outputs, resources, etc.
This repository contains the Terraform scripts to create the infrastructure for SkyWalking on cloud vendors, and the Ansible playbooks to install SkyWalking on the created infrastructure, or on the existing infrastructure, no matter on-premises or on cloud vendors, such as AWS.
Notice, HashiCorp had changed the LICENSE of Terraform from MPL 2.0 to BSL/BUSL 1.1 since its 1.5.6 release. We don't have hard-dependencies on Terraform.
OpenTF Foundation announced to maintain the MPL 2.0 based fork of Terraform. Read their announcement and website for more details.
All Terraform and/or OpenTF scripts are just for end-user convenience. The Apache 2.0 License is only for the scripts.
For now, we have supported the following cloud vendors, and we welcome everyone to contribute supports for more cloud vendors:
AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY).Before applying any Terraform script, initialize your Terraform working directory:
cd aws/ terraform init
The script is designed with modularity and reusability in mind. Various parameters like region, instance count, instance type, etc., are exposed as variables for easier customization.
For the full configuration list, please refer to the doc.
To modify the default values, you can create a terraform.tfvars file in the same directory as your Terraform script:
oap_instance_count = 2 ui_instance_count = 2 region = "us-west-1" instance_type = "t2.large" extra_tags = { "Environment" = "Production" }
After adjusting your configuration, test and apply the script:
terraform plan
terraform apply
After all the resources are created, you can head to the Ansible part to start deploying SkyWalking.
You don't usually need to SSH into the bastion host, but if you want to, you can SSH into the bastion host with the command:
KEY_FILE=$(terraform output -raw ssh-user-key-file) BASTION_IP=$(terraform output -json bastion_ips | jq -r '.[0]') ssh -i "$KEY_FILE" ec2-user@"$BASTION_IP"
ssh-access: Allows SSH access from any IP (0.0.0.0/0). Please note that this is potentially insecure and you should restrict the IP range wherever possible.public-egress-access: Allows egress access to the internet for the instances.To destroy the resources when they are no longer needed:
terraform destroy
This command will prompt you to confirm before destroying the resources.
SSH access is open to the entire internet (0.0.0.0/0). This is not recommended for production environments. Always restrict the CIDR block to known IP ranges for better security.
You can use the Ansible playbook in combination with the Terraform to create necessary infrastructure and install SkyWalking on the created infrastructure, or you can use the Ansible to install SkyWalking on the existing infrastructure.
This guide provides steps on using Ansible to install Apache SkyWalking on AWS instances.
cd ../ansible/
Before installing SkyWalking, ensure that you can connect to the EC2 instances:
ansible -m ping all -u ec2-user
Expected Output:
You should see output for each IP with a SUCCESS status:
<ip1> | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false, "ping": "pong" } <ip2> | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false, "ping": "pong" }
After confirming connectivity, proceed to install Apache SkyWalking using the Ansible playbook:
ansible-playbook -u ec2-user playbooks/install-skywalking.yml -i inventory/skywalking.yaml
The Ansible playbook can be customized to install Apache SkyWalking with different configurations. The following variables can be modified to suit your needs:
For full configurations, refer to the ansible/roles/skywalking/vars/main.yml. file.
# `skywalking_tarball` can be a remote URL or a local path, if it's a remote URL # the remote file will be downloaded to the remote host and then extracted, # if it's a local path, the local file will be copied to the remote host and # then extracted. skywalking_tarball: "https://dist.apache.org/repos/dist/release/skywalking/9.5.0/apache-skywalking-apm-9.5.0.tar.gz" # `skywalking_ui_environment` is a dictionary of environment variables that will # be sourced when running the skywalking-ui service. All environment variables # that are supported by SkyWalking webapp can be set here. skywalking_ui_environment: {} # `skywalking_oap_environment` is a dictionary of environment variables that will # be sourced when running the skywalking-oap service. All environment variables # that are supported by SkyWalking OAP can be set here. skywalking_oap_environment: {}
After the installation is complete, you can go back to the aws folder and get the ALB domain name address that can be used to access the SkyWalking UI:
cd ../aws terraform output -raw alb_dns_name
And you can open your browser and access the SkyWalking UI with the address.