Add Grafana in Prometheus VM.

Add prometheus security group.
BBVA · Feb 19, 2019 · 5f30503 · 5f30503
1 parent e7e97a6
commit 5f30503
Show file tree

Hide file tree

Showing 5 changed files with 57 additions and 7 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,7 +4,7 @@
 *.dll
 *.so
 *.dylib
-qed
+./qed
 
 # Autogenerated code 
 tests/plot.hmtl
@@ -40,6 +40,5 @@ coverage.txt
 config.yml
 deploy/aws/config_files/*
 !deploy/aws/config_files/README.md
-!deploy/aws/modules/qed
 deploy/aws/modules/inmemory_storage/data
 deploy/aws/modules/prometheus/data
diff --git a/deploy/aws/main.tf b/deploy/aws/main.tf
@@ -41,7 +41,7 @@ module "leader" {
   api_key: "terraform_qed"
   path: "/var/tmp/qed/"
   server:
-    node_id: "leader"
+    node_id: "qed0"
     addr:
       http: ":8800"
       mgmt: ":8700"
@@ -215,7 +215,7 @@ module "prometheus" {
 
   instance_type = "t3.medium"
   volume_size = "20"
-  vpc_security_group_ids = "${module.security_group.this_security_group_id}"
+  vpc_security_group_ids = "${module.prometheus_security_group.this_security_group_id}"
   subnet_id = "${element(data.aws_subnet_ids.all.ids, 0)}"
   key_name = "${aws_key_pair.qed.key_name}"
 

diff --git a/deploy/aws/modules/prometheus/build.sh b/deploy/aws/modules/prometheus/build.sh
@@ -11,19 +11,19 @@ function _readlink() { (
 pub=$(_readlink ./data)
 tdir=$(mktemp -d /tmp/prometheus.XXX)
 
-app_path=${pub}/prometheus
+prometheus_path=${pub}/prometheus
 
 mkdir -p ${pub}
 
 (
 cd ${tdir}
 
-if [ ! -f ${app_path} ]; then (
+if [ ! -f ${prometheus_path} ]; then (
     version=2.7.0
     folder=prometheus-${version}.linux-amd64
     link=https://github.com/prometheus/prometheus/releases/download/v${version}/${folder}.tar.gz
     wget -qO- ${link} | tar xvz -C ./
-    cp ${folder}/prometheus ${app_path}
+    cp ${folder}/prometheus ${prometheus_path}
 ) fi
 
 )

diff --git a/deploy/aws/modules/prometheus/main.tf b/deploy/aws/modules/prometheus/main.tf
@@ -12,6 +12,13 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 
+resource "null_resource" "prebuild" {
+  provisioner "local-exec" {
+    command = "bash build.sh"
+    working_dir = "${path.module}"
+  }
+}
+
 data "aws_ami" "amazon_linux" {
   most_recent = true
 
@@ -67,12 +74,18 @@ resource "aws_instance" "prometheus" {
   user_data = <<-DATA
   #!/bin/bash
 
+  yum install https://dl.grafana.com/oss/release/grafana-5.4.2-1.x86_64.rpm
+  service grafana-server start
+
   while [ ! -f ${var.path}/prometheus ]; do
     sleep 1 # INFO: wait until binary exists
   done
   sleep 1
 
   chmod +x ${var.path}/prometheus
   ${var.path}/prometheus --config-file=${var.path}/prometheus.yml
+
+
+  
   DATA
 }
diff --git a/deploy/aws/network.tf b/deploy/aws/network.tf
@@ -80,3 +80,41 @@ module "security_group" {
   number_of_computed_ingress_with_source_security_group_id = 1
 
 }
+
+module "prometheus_security_group" {
+  source = "terraform-aws-modules/security-group/aws"
+  version = "2.11.0"
+
+  name        = "prometheus"
+  description = "Security group for Prometheus/Grafana usage"
+  vpc_id      = "${data.aws_vpc.default.id}"
+
+  egress_rules        = ["all-all"]
+
+  ingress_cidr_blocks = ["${chomp(data.http.ip.body)}/32"]
+  ingress_rules       = ["all-icmp", "ssh-tcp" ]
+  ingress_with_cidr_blocks = [
+    {
+      from_port       = 9090
+      to_port         = 9090
+      protocol        = "tcp"
+      cidr_blocks     = "${chomp(data.http.ip.body)}/32"
+    },
+    {
+      from_port       = 3000
+      to_port         = 3000
+      protocol        = "tcp"
+      cidr_blocks     = "${chomp(data.http.ip.body)}/32"
+    },
+  ]
+  computed_ingress_with_source_security_group_id = [
+    {
+      from_port       = 0
+      to_port         = 65535
+      protocol        = "tcp"
+      source_security_group_id  = "${module.security_group.this_security_group_id}"
+    }
+  ]
+  number_of_computed_ingress_with_source_security_group_id = 1
+
+}