MirrorMirror
/
riju
mirror of https://github.com/radian-software/riju.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Delete CloudWatch

This commit is contained in:
Radon Rosborough 2022-02-12 18:25:03 -08:00
parent 0bf1c8cdbd
commit c916f91771
6 changed files with 1 additions and 293 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
packer/cloudwatch.json
View File

@ -1,41 +0,0 @@
{
"agent": {
"metrics_collection_interval": 60,
"run_as_user": "root"
},
"metrics": {
"append_dimensions": {
"ImageId": "${aws:ImageId}",
"InstanceId": "${aws:InstanceId}",
"InstanceType": "${aws:InstanceType}"
},
"aggregation_dimensions": [
["RijuInstanceGroup"],
["RijuInstanceGroup", "path"]
],
"metrics_collected": {
"cpu": {
"append_dimensions": {
"RijuInstanceGroup": "Webserver"
},
"measurement": ["usage_active"],
"metrics_collection_interval": 60
},
"disk": {
"append_dimensions": {
"RijuInstanceGroup": "Webserver"
},
"measurement": ["used_percent"],
"metrics_collection_interval": 60,
"resources": ["/", "/mnt/riju"]
},
"mem": {
"append_dimensions": {
"RijuInstanceGroup": "Webserver"
},
"measurement": ["mem_used_percent"],
"metrics_collection_interval": 60
}
}
}
}

7
packer/provision.bash
View File

@ -44,16 +44,12 @@ sudo ./aws/install
wget -nv https://s3.us-west-1.amazonaws.com/amazon-ssm-us-west-1/latest/debian_amd64/amazon-ssm-agent.deb
wget -nv https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
sudo apt-get install -y ./amazon-cloudwatch-agent.deb
sudo chown root:root \
/tmp/cloudwatch.json /tmp/docker.json /tmp/riju.service \
/tmp/docker.json /tmp/riju.service \
/tmp/riju.slice /tmp/riju-init-volume /tmp/riju-supervisor
sudo mv /tmp/docker.json /etc/docker/daemon.json
sudo mv /tmp/riju.service /tmp/riju.slice /etc/systemd/system/
sudo mv /tmp/cloudwatch.json /opt/aws/amazon-cloudwatch-agent/bin/config.json
sudo mv /tmp/riju-init-volume /tmp/riju-supervisor /usr/local/bin/
sudo sed -Ei 's|^#?PermitRootLogin .*|PermitRootLogin no|' /etc/ssh/sshd_config
@ -69,7 +65,6 @@ sudo sed -Ei "s|\\\$SUPERVISOR_ACCESS_TOKEN|${SUPERVISOR_ACCESS_TOKEN}|" /etc/sy
sudo passwd -l root
sudo useradd admin -g admin -G sudo -s /usr/bin/bash -p "$(echo "${ADMIN_PASSWORD}" | mkpasswd -s)" -m
sudo amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json
sudo systemctl enable riju
if [[ -n "${GRAFANA_API_KEY:-}" ]]; then

5
packer/web.pkr.hcl
View File

@ -87,11 +87,6 @@ source "amazon-ebs" "ubuntu" {
build {
sources = ["source.amazon-ebs.ubuntu"]
provisioner "file" {
destination = "/tmp/cloudwatch.json"
source = "cloudwatch.json"
}
provisioner "file" {
destination = "/tmp/docker.json"
source = "docker.json"

174
tf/cloudwatch.tf
View File

@ -1,174 +0,0 @@
resource "aws_cloudwatch_metric_alarm" "server_cpu" {
alarm_name = "riju-server-cpu-high"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "30"
datapoints_to_alarm = "15"
metric_name = "cpu_usage_active"
namespace = "CWAgent"
period = "60"
statistic = "Average"
threshold = "70"
alarm_description = "Average CPU usage on Riju server is above 70% for 30 minutes"
ok_actions = [aws_sns_topic.riju.arn]
alarm_actions = [aws_sns_topic.riju.arn]
insufficient_data_actions = [aws_sns_topic.riju.arn]
dimensions = {
RijuInstanceGroup = "Webserver"
}
tags = {
BillingSubcategory = "Riju:CloudWatch:Alarm"
}
}
resource "aws_cloudwatch_metric_alarm" "server_memory" {
alarm_name = "riju-server-memory-high"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "30"
datapoints_to_alarm = "15"
metric_name = "mem_used_percent"
namespace = "CWAgent"
period = "60"
statistic = "Average"
threshold = "70"
alarm_description = "Average memory usage on Riju server is above 70% for 30 minutes"
ok_actions = [aws_sns_topic.riju.arn]
alarm_actions = [aws_sns_topic.riju.arn]
insufficient_data_actions = [aws_sns_topic.riju.arn]
dimensions = {
RijuInstanceGroup = "Webserver"
}
tags = {
BillingSubcategory = "Riju:CloudWatch:Alarm"
}
}
resource "aws_cloudwatch_metric_alarm" "server_data_volume_disk_space" {
alarm_name = "riju-server-data-volume-disk-usage-high"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "5"
datapoints_to_alarm = "5"
metric_name = "disk_used_percent"
namespace = "CWAgent"
period = "60"
statistic = "Average"
threshold = "70"
alarm_description = "Disk space usage for data volume on Riju server is above 70%"
ok_actions = [aws_sns_topic.riju.arn]
alarm_actions = [aws_sns_topic.riju.arn]
insufficient_data_actions = [aws_sns_topic.riju.arn]
dimensions = {
RijuInstanceGroup = "Webserver"
path = "/mnt/riju"
}
tags = {
BillingSubcategory = "Riju:CloudWatch:Alarm"
}
}
resource "aws_cloudwatch_metric_alarm" "server_root_volume_disk_space" {
alarm_name = "riju-server-root-volume-disk-usage-high"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "5"
datapoints_to_alarm = "5"
metric_name = "disk_used_percent"
namespace = "CWAgent"
period = "60"
statistic = "Average"
threshold = "70"
alarm_description = "Disk space usage for root volume on Riju server is above 70%"
ok_actions = [aws_sns_topic.riju.arn]
alarm_actions = [aws_sns_topic.riju.arn]
insufficient_data_actions = [aws_sns_topic.riju.arn]
dimensions = {
RijuInstanceGroup = "Webserver"
path = "/"
}
tags = {
BillingSubcategory = "Riju:CloudWatch:Alarm"
}
}
resource "aws_cloudwatch_dashboard" "riju" {
dashboard_name = "Riju"
dashboard_body = <<EOF
{
"widgets": [
{
"type": "metric",
"x": 0,
"y": 0,
"width": 6,
"height": 6,
"properties": {
"title": "CPU",
"annotations": {
"alarms": [
"${aws_cloudwatch_metric_alarm.server_cpu.arn}"
]
},
"view": "timeSeries",
"stacked": false
}
},
{
"type": "metric",
"x": 12,
"y": 0,
"width": 6,
"height": 6,
"properties": {
"title": "Root volume disk space",
"annotations": {
"alarms": [
"${aws_cloudwatch_metric_alarm.server_root_volume_disk_space.arn}"
]
},
"view": "timeSeries",
"stacked": false,
"type": "chart"
}
},
{
"type": "metric",
"x": 18,
"y": 0,
"width": 6,
"height": 6,
"properties": {
"title": "Data volume disk space",
"annotations": {
"alarms": [
"${aws_cloudwatch_metric_alarm.server_data_volume_disk_space.arn}"
]
},
"view": "timeSeries",
"stacked": false,
"type": "chart"
}
},
{
"type": "metric",
"x": 6,
"y": 0,
"width": 6,
"height": 6,
"properties": {
"title": "Memory",
"annotations": {
"alarms": [
"${aws_cloudwatch_metric_alarm.server_memory.arn}"
]
},
"view": "timeSeries",
"stacked": false,
"type": "chart"
}
}
]
}
EOF
}

58
tf/iam.tf
View File

@ -1,7 +1,3 @@
data "aws_iam_policy" "cloudwatch" {
name = "CloudWatchAgentServerPolicy"
}
data "aws_iam_policy" "ssm" {
name = "AmazonSSMManagedInstanceCore"
}
@ -194,11 +190,6 @@ resource "aws_iam_role_policy_attachment" "server" {
policy_arn = aws_iam_policy.server.arn
}
resource "aws_iam_role_policy_attachment" "server_cloudwatch" {
role = aws_iam_role.server.name
policy_arn = data.aws_iam_policy.cloudwatch.arn
}
resource "aws_iam_role_policy_attachment" "server_ssm" {
role = aws_iam_role.server.name
policy_arn = data.aws_iam_policy.ssm.arn
@ -247,52 +238,3 @@ resource "aws_iam_role_policy_attachment" "backup_restores" {
role = aws_iam_role.backup.name
policy_arn = data.aws_iam_policy.backup_restores.arn
}
data "aws_iam_policy_document" "grafana_cloudwatch" {
statement {
actions = [
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:GetMetricData",
"logs:DescribeLogGroups",
"logs:GetLogGroupFields",
"logs:StartQuery",
"logs:StopQuery",
"logs:GetQueryResults",
"logs:GetLogEvents",
"ec2:DescribeTags",
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"tag:GetResources",
]
resources = [
"*",
]
}
}
resource "aws_iam_user" "grafana" {
name = "riju-grafana"
}
resource "aws_iam_policy" "grafana_cloudwatch" {
name = "riju-grafana-cloudwatch"
description = "Policy granting Grafana access to CloudWatch metrics and logs"
policy = data.aws_iam_policy_document.grafana_cloudwatch.json
}
resource "aws_iam_user_policy_attachment" "grafana_cloudwatch" {
user = aws_iam_user.grafana.name
policy_arn = aws_iam_policy.grafana_cloudwatch.arn
}
resource "aws_iam_access_key" "grafana" {
user = aws_iam_user.grafana.name
}

9
tf/outputs.tf
View File

@ -10,12 +10,3 @@ output "deploy_aws_secret_access_key" {
value = aws_iam_access_key.deploy.secret
sensitive = true
}
output "grafana_aws_access_key_id" {
value = aws_iam_access_key.grafana.id
}
output "grafana_aws_secret_access_key" {
value = aws_iam_access_key.grafana.secret
sensitive = true
}