More enhancements to Terraform script and Ansible playbook (#27)

- Polish the environment variables in Ansible playbook.
- Use Terraform template to render the Ansible inventory.
- Fine tune the security groups.
- Reorganize the Terraform scripts for different components.
- Add more Terraform output informations.

Author: kezhenxu94

.gitignore

@@ -15,4 +15,6 @@ aws/.terraform/
 aws/.terraform.lock.hcl
 aws/terraform.tfstate
 aws/terraform.tfstate.backup
+ansible/local.var.yaml
 ansible/inventory
+!ansible/inventory/template

README.md

@@ -167,3 +167,32 @@ After confirming connectivity, proceed to install Apache SkyWalking using the An
 ```
 ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ec2-user --private-key "$SSH_KEY_FILE" playbooks/install-skywalking.yml
 ```
+
+### 4. Configurations
+
+The Ansible playbook can be customized to install Apache SkyWalking with
+different configurations. The following variables can be modified to suit your
+needs: 
+
+> For full configurations, refer to the
+> [ansible/roles/skywalking/vars/main.yml](ansible/roles/skywalking/vars/main.yml).
+> file.
+
+```yaml
+# `skywalking_tarball` can be a remote URL or a local path, if it's a remote URL
+# the remote file will be downloaded to the remote host and then extracted,
+# if it's a local path, the local file will be copied to the remote host and
+# then extracted.
+skywalking_tarball: "https://dist.apache.org/repos/dist/release/skywalking/9.5.0/apache-skywalking-apm-9.5.0.tar.gz"
+
+# `skywalking_ui_environment` is a dictionary of environment variables that will
+# be sourced when running the skywalking-ui service. All environment variables
+# that are supported by SkyWalking webapp can be set here.
+skywalking_ui_environment: {}
+
+# `skywalking_oap_environment` is a dictionary of environment variables that will
+# be sourced when running the skywalking-oap service. All environment variables
+# that are supported by SkyWalking OAP can be set here.
+skywalking_oap_environment: {}
+
+```

ansible/inventory/template/skywalking.yaml.tftpl

@@ -0,0 +1,36 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+skywalking:
+  children:
+    skywalking_oap:
+    skywalking_ui:
+
+skywalking_oap:
+  hosts:
+%{ for oap in oap_instances ~}
+    ${oap.public_ip}:
+      private_ip: ${oap.private_ip}
+%{ endfor ~}
+
+skywalking_ui:
+  hosts:
+%{ for ui in ui_instances ~}
+    ${ui.public_ip}:
+      private_ip: ${ui.private_ip}
+%{ endfor ~}

ansible/roles/skywalking/tasks/main.yml

@@ -23,14 +23,13 @@
     group: skywalking
     mode: "0755"
 
-- name: Download Apache SkyWalking tarball
+- name: Download remote Apache SkyWalking tarball
   when: skywalking_tarball is match('^https?://.*')
   get_url:
     url: "{{ skywalking_tarball }}"
-    timeout: 120
     dest: /usr/local/skywalking/apache-skywalking-apm.tar.gz
 
-- name: Upload Local Apache SkyWalking tarball
+- name: Upload local Apache SkyWalking tarball
   when: skywalking_tarball is not match('^https?://.*')
   ansible.builtin.copy:
     src: "{{ skywalking_tarball }}"
@@ -39,26 +38,39 @@
     group: skywalking
     mode: '0755'
 
-- name: Extract tar file
+- name: Extract tarball
   unarchive:
     src: /usr/local/skywalking/apache-skywalking-apm.tar.gz
-    dest: "/usr/local/skywalking"
+    dest: /usr/local/skywalking
     remote_src: yes
+    owner: skywalking
+    group: skywalking
     extra_opts: [--strip-components=1]
 
+- name: Generate environment file for webui service
+  template:
+    src: skywalking-ui.env.j2
+    dest: /home/skywalking/webapp.env
+    owner: skywalking
+    mode: "0660"
+  when: inventory_hostname in groups['skywalking_ui']
+
+- name: Generate environment file for OAP service
+  template:
+    src: skywalking-oap.env.j2
+    dest: /home/skywalking/oap.env
+    owner: skywalking
+    mode: "0660"
+  when: inventory_hostname in groups['skywalking_oap']
+
 - name: Check hostgroup size
   set_fact:
     group_size: "{{ groups['skywalking_oap'] | length }}"
-    oap_standalone: "{{ [groups['skywalking_oap'][0]] }}"
-    oap_bundled: "{{ groups['skywalking_oap'][1:] if groups['skywalking_oap'] | length > 1 else [] }}"
+    oap_init_node: "{{ [groups['skywalking_oap'][0]] }}"
 
 - name: Run the OAPSericeInit script
-  shell: "sudo -u skywalking /usr/local/skywalking/bin/oapServiceInit.sh"
-  when: inventory_hostname in oap_standalone
-
-- name: Run the OAPSericeNoInit script
-  shell: "sudo -u skywalking /usr/local/skywalking/bin/oapServiceNoInit.sh"
-  when: inventory_hostname in oap_bundled
+  command: "sudo -u skywalking /usr/local/skywalking/bin/oapServiceInit.sh" 
+  when: inventory_hostname in oap_init_node
 
 - name: Generate systemd unit file for oap service
   template:
@@ -76,14 +88,6 @@
     mode: "0660"
   when: inventory_hostname in groups['skywalking_ui']
 
-- name: Registration of OAP Server address within WebUI environment file
-  ansible.builtin.lineinfile:
-    path: "{{ env_file }}"
-    line: "{{ item.key }}={{ item.value }}"
-    create: yes
-  loop: "{{ sw_ui_env_vars | dict2items }}"
-  when: inventory_hostname in groups['skywalking_ui']
-
 - name: Reload systemd
   systemd:
     daemon_reload: yes
@@ -111,3 +115,4 @@
     name: skywalking-ui
     state: started
   when: inventory_hostname in groups['skywalking_ui']
+

ansible/roles/skywalking/templates/skywalking-oap.env.j2

@@ -0,0 +1,22 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+{% for key, value in skywalking_oap_environment.items() %}
+{{ key }}="{{ value }}"
+{% endfor %}
+

ansible/roles/skywalking/templates/skywalking-ui.env.j2

@@ -0,0 +1,25 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+{% for key, value in skywalking_ui_environment.items() %}
+{{ key }}="{{ value }}"
+{% endfor %}
+
+SW_OAP_ADDRESS="{% for host in groups['skywalking_oap'] %}http://{{ hostvars[host].private_ip }}:{{ skywalking_ui_environment['SW_CORE_GRPC_PORT'] | default ('12800') }}{% if not loop.last %},{% endif %}{% endfor %}"
+SW_ZIPKIN_ADDRESS="{% for host in groups['skywalking_oap'] %}http://{{ hostvars[host].private_ip }}:{{ skywalking_ui_environment['SW_QUERY_ZIPKIN_REST_PORT'] | default ('9412') }}{% if not loop.last %},{% endif %}{% endfor %}"
+

ansible/roles/skywalking/templates/skywalking-ui.service.j2

@@ -19,7 +19,7 @@ After=network.target
 
 [Service]
 Type=simple
-EnvironmentFile=/usr/local/skywalking/webapp/sw_ui_env_file
+EnvironmentFile=/home/skywalking/webapp.env
 User=skywalking
 Group=skywalking
 ExecStart=/usr/local/skywalking/bin/webappService.sh

ansible/roles/skywalking/vars/main.yml

@@ -14,17 +14,19 @@
 # limitations under the License.
 
 ---
-# skywalking_tarball can be a remote URL or a local path, if it's a remote URL
+# `skywalking_tarball` can be a remote URL or a local path, if it's a remote URL
 # the remote file will be downloaded to the remote host and then extracted,
 # if it's a local path, the local file will be copied to the remote host and
 # then extracted.
 skywalking_tarball: "https://dist.apache.org/repos/dist/release/skywalking/9.5.0/apache-skywalking-apm-9.5.0.tar.gz"
-sw_ui_server_port: "8080"
-sw_oap_server_port: "12800"
-sw_zipkin_address: "9412"
 
-sw_ui_env_vars:
-  SW_SERVER_PORT: "{{ sw_ui_server_port }}"
-  SW_OAP_ADDRESS: "{% for host in groups['skywalking_oap'] %}http://{{ hostvars[host].inventory_hostname }}:{{ sw_oap_server_port }}{% if not loop.last %},{% endif %}{% endfor %}"
-  SW_ZIPKIN_ADDRESS: "{% for host in groups['skywalking_oap'] %}http://{{ hostvars[host].inventory_hostname }}:{{ sw_zipkin_address }}{% if not loop.last %},{% endif %}{% endfor %}"
-env_file: /usr/local/skywalking/webapp/sw_ui_env_file
+# `skywalking_ui_environment` is a dictionary of environment variables that will
+# be sourced when running the skywalking-ui service. All environment variables
+# that are supported by SkyWalking webapp can be set here.
+skywalking_ui_environment: {}
+
+# `skywalking_oap_environment` is a dictionary of environment variables that will
+# be sourced when running the skywalking-oap service. All environment variables
+# that are supported by SkyWalking OAP can be set here.
+skywalking_oap_environment: {}
+

aws/ec2-main.tf

@@ -0,0 +1,67 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+provider "aws" {
+  region     = var.region
+  access_key = var.access_key
+  secret_key = var.secret_key
+}
+
+resource "aws_security_group" "ssh-access" {
+  name        = "ssh-access"
+  description = "Allow SSH access from the Internet"
+  ingress = [
+    {
+      from_port        = 22
+      to_port          = 22
+      protocol         = "tcp"
+      cidr_blocks      = ["0.0.0.0/0"]
+      description      = "Allow SSH access from the Internet"
+      ipv6_cidr_blocks = []
+      prefix_list_ids  = []
+      security_groups  = []
+      self             = false
+    }
+  ]
+  tags = var.extra_tags
+}
+
+resource "aws_security_group" "public-egress-access" {
+  name        = "public-egress-access"
+  description = "Allow access to the Internet"
+  egress = [
+    {
+      from_port        = 0
+      to_port          = 0
+      protocol         = -1
+      cidr_blocks      = ["0.0.0.0/0"]
+      description      = "Allow access to the Internet"
+      ipv6_cidr_blocks = []
+      prefix_list_ids  = []
+      security_groups  = []
+      self             = false
+    }
+  ]
+  tags = var.extra_tags
+}
+
+resource "local_file" "inventories" {
+  filename        = "${path.module}/../ansible/inventory/skywalking.yaml"
+  file_permission = "0600"
+  content = templatefile("${path.module}/../ansible/inventory/template/skywalking.yaml.tftpl", {
+    oap_instances = aws_instance.skywalking-oap
+    ui_instances  = aws_instance.skywalking-ui
+  })
+}