monitoring refactor for gprd.

86a0f178 · John Jarvis · bceadf36 · 86a0f178 · 86a0f178 · 86a0f178
Commit 86a0f178 authored Feb 20, 2018 by John Jarvis
5 changed files
--- a/environments/gprd/main.tf
+++ b/environments/gprd/main.tf
@@ -469,6 +469,11 @@ module "consul" {
 #
 #  Monitoring
 #
+#  Uses the monitoring module, this
+#  creates a single instance behind
+#  a load balancer with identity aware
+#  proxy enabled.
+#
 ##################################

 resource "google_compute_subnetwork" "monitoring" {
@@ -499,12 +504,11 @@ module "performance" {
  data_disk_size       = 100
  data_disk_type       = "pd-standard"
  chef_provision       = "${var.chef_provision}"
-  chef_run_list        = "${var.empty_chef_run_list}"
+  chef_run_list        = "\"role[${var.environment}-private-grafana]\""
  dns_zone_name        = "${var.dns_zone_name}"
  environment          = "${var.environment}"
  machine_type         = "${var.machine_types["monitoring"]}"
  name                 = "performance"
-  node_count           = "${var.node_count["performance"]}"
  project              = "${var.project}"
  region               = "${var.region}"
  source               = "../../modules/google/monitoring"
@@ -515,8 +519,8 @@ module "performance" {
  cert_link            = "projects/gitlab-production/global/sslCertificates/gprd-wildcard"
  service_port         = "80"
  service_path         = "/login"
-  oauth2_client_id     = "${var.oauth2_client_id}"
-  oauth2_client_secret = "${var.oauth2_client_secret}"
+  oauth2_client_id     = "${var.oauth2_client_id_performance}"
+  oauth2_client_secret = "${var.oauth2_client_secret_performance}"
 }

 module "prometheus" {
@@ -525,12 +529,11 @@ module "prometheus" {
  data_disk_size       = 1000
  data_disk_type       = "pd-standard"
  chef_provision       = "${var.chef_provision}"
-  chef_run_list        = "${var.empty_chef_run_list}"
+  chef_run_list        = "\"role[${var.environment}-infra-prometheus]\""
  dns_zone_name        = "${var.dns_zone_name}"
  environment          = "${var.environment}"
  machine_type         = "${var.machine_types["monitoring"]}"
  name                 = "prometheus"
-  node_count           = "${var.node_count["prometheus"]}"
  project              = "${var.project}"
  region               = "${var.region}"
  source               = "../../modules/google/monitoring"
@@ -541,8 +544,8 @@ module "prometheus" {
  cert_link            = "projects/gitlab-production/global/sslCertificates/gprd-wildcard"
  service_port         = "9090"
  service_path         = "/graph"
-  oauth2_client_id     = "${var.oauth2_client_id}"
-  oauth2_client_secret = "${var.oauth2_client_secret}"
+  oauth2_client_id     = "${var.oauth2_client_id_prometheus}"
+  oauth2_client_secret = "${var.oauth2_client_secret_prometheus}"
 }

 ##################################

--- a/environments/gprd/variables.tf
+++ b/environments/gprd/variables.tf
-variable "oauth2_client_id" {}
-variable "oauth2_client_secret" {}
+variable "oauth2_client_id_prometheus" {}
+variable "oauth2_client_secret_prometheus" {}
+
+variable "oauth2_client_id_performance" {}
+variable "oauth2_client_secret_performance" {}

 variable "base_chef_run_list" {
  default = "\"role[gitlab]\",\"recipe[gitlab_users::default]\",\"recipe[gitlab_sudo::default]\",\"recipe[gitlab-server::bashrc]\""
@@ -13,6 +16,15 @@ variable "dns_zone_name" {
  default = "gitlab.com"
 }

+variable "run_lists" {
+  type = "map"
+
+  default = {
+    "prometheus"  = "\"role[gitlab]\",\"recipe[gitlab_users::default]\",\"recipe[gitlab_sudo::default]\",\"recipe[gitlab-server::bashrc]\""
+    "performance" = "\"role[gitlab]\",\"recipe[gitlab_users::default]\",\"recipe[gitlab_sudo::default]\",\"recipe[gitlab-server::bashrc]\""
+  }
+}
+
 variable "public_ports" {
  type = "map"

@@ -99,8 +111,6 @@ variable "node_count" {
    "lfs"                = 1
    "pages"              = 1
    "pgb"                = 1
-    "prometheus"         = 1
-    "performance"        = 1
    "redis"              = 1
    "redis-cache"        = 1
    "share"              = 1

--- a/modules/google/monitoring/instance.tf
+++ b/modules/google/monitoring/instance.tf
 resource "google_compute_disk" "data_disk" {
  project = "${var.project}"
-  count   = "${(var.attach_data_disk && var.node_count > 0) ? var.node_count : 0}"
-  name    = "${format("%v-%02d-%v-%v-data", var.name, count.index + 1, var.tier, var.environment)}"
-  zone    = "${var.zone != "" ? var.zone : data.google_compute_zones.available.names[(count.index + 1) % length(data.google_compute_zones.available.names)]}"
+  name    = "${format("%v-%v-%v-data", var.name, var.tier, var.environment)}"
+  zone    = "${var.zone != "" ? var.zone : data.google_compute_zones.available.names[0]}"
  size    = "${var.data_disk_size}"
  type    = "${var.data_disk_type}"

@@ -13,14 +12,13 @@ resource "google_compute_disk" "data_disk" {
 }

 resource "google_compute_instance" "instance_with_attached_disk" {
-  count        = "${var.attach_data_disk ? var.node_count : 0}"
-  name         = "${format("%v-%02d-%v-%v", var.name, count.index + 1, var.tier, var.environment)}"
+  name         = "${format("%v-%v-%v", var.name, var.tier, var.environment)}"
  machine_type = "${var.machine_type}"

  metadata = {
    "CHEF_URL"                = "${var.chef_provision.["server_url"]}"
    "CHEF_VERSION"            = "${var.chef_provision.["version"]}"
-    "CHEF_NODE_NAME"          = "${format("%v-%02d.%v.%v.%v", var.name, count.index + 1, var.tier, var.environment, var.dns_zone_name)}"
+    "CHEF_NODE_NAME"          = "${format("%v.%v.%v.%v", var.name, var.tier, var.environment, var.dns_zone_name)}"
    "CHEF_ENVIRONMENT"        = "${var.environment}"
    "CHEF_RUN_LIST"           = "${var.chef_run_list}"
    "CHEF_DNS_ZONE_NAME"      = "${var.dns_zone_name}"
@@ -31,7 +29,7 @@ resource "google_compute_instance" "instance_with_attached_disk" {

  metadata_startup_script = "${file("${path.module}/../../../scripts/google/bootstrap-v${var.bootstrap_version}.sh")}"
  project                 = "${var.project}"
-  zone                    = "${var.zone != "" ? var.zone : data.google_compute_zones.available.names[(count.index + 1) % length(data.google_compute_zones.available.names)]}"
+  zone                    = "${var.zone != "" ? var.zone : data.google_compute_zones.available.names[0]}"

  service_account {
    // this should be the instance under which the instance should be running, rather than the one creating it...
@@ -67,7 +65,7 @@ resource "google_compute_instance" "instance_with_attached_disk" {
  }

  attached_disk {
-    source = "${google_compute_disk.data_disk.*.self_link[count.index]}"
+    source = "${google_compute_disk.data_disk.self_link}"
  }

  network_interface {
@@ -87,6 +85,6 @@ resource "google_compute_instance" "instance_with_attached_disk" {

  provisioner "local-exec" {
    when    = "destroy"
-    command = "knife node delete ${format("%v-%02d.%v.%v.%v", var.name, count.index + 1, var.tier, var.environment, var.dns_zone_name)} -y; knife client delete ${format("%v-%02d.%v.%v.%v", var.name, count.index + 1, var.tier, var.environment, var.dns_zone_name)} -y; exit 0"
+    command = "knife node delete ${format("%v.%v.%v.%v", var.name, var.tier, var.environment, var.dns_zone_name)} -y; knife client delete ${format("%v.%v.%v.%v", var.name, var.tier, var.environment, var.dns_zone_name)} -y; exit 0"
  }
 }
--- a/modules/google/monitoring/loadbalancing.tf
+++ b/modules/google/monitoring/loadbalancing.tf
 data "google_compute_lb_ip_ranges" "ranges" {}

 resource "aws_route53_record" "monitoring" {
-  count   = "${var.node_count}"
  zone_id = "${var.gitlab_com_zone_id}"
-  name    = "${format("%v-%02d.%v.gitlab.com.", var.name, count.index + 1, var.environment)}"
+  name    = "${format("%v.%v.gitlab.com.", var.name, var.environment)}"
  type    = "A"
  ttl     = "300"
-  records = ["${google_compute_global_address.monitoring.*.address[count.index]}"]
+  records = ["${google_compute_global_address.monitoring.address}"]
 }

 resource "google_compute_global_address" "monitoring" {
-  count = "${var.node_count}"
-  name  = "${format("%v-%v-%02d", var.environment, var.name, count.index + 1)}"
+  name = "${format("%v-%v", var.environment, var.name)}"
 }

 resource "google_compute_global_forwarding_rule" "monitoring" {
-  count      = "${var.node_count}"
-  name       = "${format("%v-%v-%02d", var.environment, var.name, count.index + 1)}"
-  target     = "${google_compute_target_https_proxy.monitoring.*.self_link[count.index]}"
+  name       = "${format("%v-%v", var.environment, var.name)}"
+  target     = "${google_compute_target_https_proxy.monitoring.self_link}"
  port_range = "443"
-  ip_address = "${google_compute_global_address.monitoring.*.address[count.index]}"
+  ip_address = "${google_compute_global_address.monitoring.address}"
 }

 resource "google_compute_target_https_proxy" "monitoring" {
-  count            = "${var.node_count}"
-  name             = "${format("%v-%v-%02d", var.environment, var.name, count.index + 1)}"
-  description      = "https proxy for monitoring-${count.index + 1}"
+  name             = "${format("%v-%v", var.environment, var.name)}"
+  description      = "https proxy for monitoring"
  ssl_certificates = ["${var.cert_link}"]
-  url_map          = "${google_compute_url_map.monitoring.*.self_link[count.index]}"
+  url_map          = "${google_compute_url_map.monitoring.self_link}"
 }

 resource "google_compute_url_map" "monitoring" {
-  count           = "${var.node_count}"
-  name            = "${format("%v-%v-%02d", var.environment, var.name, count.index + 1)}"
-  default_service = "${google_compute_backend_service.monitoring.*.self_link[count.index]}"
+  name            = "${format("%v-%v", var.environment, var.name)}"
+  default_service = "${google_compute_backend_service.monitoring.self_link}"

  host_rule {
    hosts        = ["*"]
@@ -42,32 +37,30 @@ resource "google_compute_url_map" "monitoring" {

  path_matcher {
    name            = "allpaths"
-    default_service = "${google_compute_backend_service.monitoring.*.self_link[count.index]}"
+    default_service = "${google_compute_backend_service.monitoring.self_link}"

    path_rule {
      paths   = ["${var.service_path}"]
-      service = "${google_compute_backend_service.monitoring.*.self_link[count.index]}"
+      service = "${google_compute_backend_service.monitoring.self_link}"
    }
  }
 }

 resource "google_compute_instance_group" "monitoring" {
-  count       = "${var.node_count}"
-  name        = "${format("%v-%v-%02d", var.environment, var.name, count.index + 1)}"
+  name        = "${format("%v-%v", var.environment, var.name)}"
  description = "Instance group for monitoring VM."
-  zone        = "${var.zone != "" ? var.zone : data.google_compute_zones.available.names[(count.index + 1) % length(data.google_compute_zones.available.names)]}"
+  zone        = "${var.zone != "" ? var.zone : data.google_compute_zones.available.names[0]}"

  named_port {
-    name = "${var.name}-${count.index + 1}"
+    name = "${var.name}"
    port = "${var.service_port}"
  }

-  instances = ["${google_compute_instance.instance_with_attached_disk.*.self_link[count.index]}"]
+  instances = ["${google_compute_instance.instance_with_attached_disk.self_link}"]
 }

 resource "google_compute_health_check" "monitoring" {
-  count = "${var.node_count}"
-  name  = "${format("%v-%v-%02d", var.environment, var.name, count.index + 1)}"
+  name = "${format("%v-%v", var.environment, var.name)}"

  http_health_check {
    port         = "${var.service_port}"
@@ -76,16 +69,15 @@ resource "google_compute_health_check" "monitoring" {
 }

 resource "google_compute_backend_service" "monitoring" {
-  count     = "${var.node_count}"
-  name      = "${format("%v-%v-%02d", var.environment, var.name, count.index + 1)}"
+  name      = "${format("%v-%v", var.environment, var.name)}"
  protocol  = "HTTP"
-  port_name = "${var.name}-${count.index + 1}"
+  port_name = "${var.name}"

  backend {
-    group = "${google_compute_instance_group.monitoring.*.self_link[count.index]}"
+    group = "${google_compute_instance_group.monitoring.self_link}"
  }

-  health_checks = ["${google_compute_health_check.monitoring.*.self_link[count.index]}"]
+  health_checks = ["${google_compute_health_check.monitoring.self_link}"]

  iap {
    oauth2_client_secret = "${var.oauth2_client_secret}"

--- a/modules/google/monitoring/variables.tf
+++ b/modules/google/monitoring/variables.tf
@@ -96,11 +96,6 @@ variable "name" {
  description = "The pet name"
 }

-variable "node_count" {
-  type        = "string"
-  description = "The nodes count"
-}
-
 variable "os_boot_image" {
  type        = "string"
  description = "The OS image to boot"