Merge pull request #23 from wyTrivail/terraform

support windows

Author: wyTrivail

terraform/ec2/amis.tf

@@ -1,24 +1,74 @@
-variable "amis" {
+variable "ami_family" {
   default = {
     ubuntu = {
-      ami_search_pattern = "ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"
       login_user = "ubuntu"
-      install_package = "rpm"
+      install_package = "aws-observability-collector.deb"
+      instance_type = "t2.micro"
+      otconfig_destination = "/tmp/ot-default.yml"
+      download_command_pattern = "wget %s"
+      install_command = "sudo dpkg -i aws-observability-collector.deb"
+      start_command = "sudo /opt/aws/aws-observability-collector/bin/aws-observability-collector-ctl -c /tmp/ot-default.yml -a start"
+      connection_type = "ssh"
+      user_data = ""
+    },
+    amazon_linux = {
+      login_user = "ec2-user"
+      install_package = "aws-observability-collector.rpm"
+      instance_type = "t2.micro"
+      otconfig_destination = "/tmp/ot-default.yml"
+      download_command_pattern = "wget %s"
+      install_command = "sudo rpm -Uvh aws-observability-collector.rpm"
+      start_command = "sudo /opt/aws/aws-observability-collector/bin/aws-observability-collector-ctl -c /tmp/ot-default.yml -a start"
+      connection_type = "ssh"
+      user_data = ""
+    }
+    windows = {
+      login_user = "Administrator"
+      install_package = "aws-observability-collector.msi"
+      instance_type = "t2.micro"
+      otconfig_destination = "C:\\ot-default.yml"
+      download_command_pattern = "powershell -command \"Invoke-WebRequest -Uri %s -OutFile C:\\aws-observability-collector.msi\""
+      install_command = "msiexec /i C:\\aws-observability-collector.msi"
+      start_command = "powershell \"& 'C:\\Program Files\\Amazon\\AwsObservabilityCollector\\aws-observability-collector-ctl.ps1' -ConfigLocation C:\\ot-default.yml -Action start\""
+      connection_type = "winrm"
+      user_data = <<EOF
+<powershell>
+winrm quickconfig -q
+winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'
+winrm set winrm/config '@{MaxTimeoutms="1800000"}'
+winrm set winrm/config/service '@{AllowUnencrypted="true"}'
+winrm set winrm/config/service/auth '@{Basic="true"}'
+netsh advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow
+netsh advfirewall firewall add rule name="WinRM 5986" protocol=TCP dir=in localport=5986 action=allow
+net stop winrm
+sc.exe config winrm start=auto
+net start winrm
+Set-NetFirewallProfile -Profile Public -Enabled False
+</powershell>
+EOF
+    }
+  }
+}
+
+variable "amis" {
+  default = {
+    ubuntu16 = {
+      ami_search_pattern = "ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"
+      ami_owner = "099720109477"
+      family = "ubuntu"
+      arch = "amd64"
     }
     amazonlinux2 = {
       ami_search_pattern = "amzn2-ami-hvm*"
-      login_user = "ec2-user"
-      install_package = "rpm"
-    }
-    suse = {
-      ami_search_pattern = "suse-sles-15*"
-      login_user = "ec2-user"
-      install_package = "rpm"
+      ami_owner = "amazon"
+      family = "amazon_linux"
+      arch = "amd64"
     }
     windows2019 = {
-      ami_search_pattern = "Windows_Server-2019-English-Full-Base*"
-      login_user = "Administrator"
-      install_package = "msi"
+      ami_search_pattern = "Windows_Server-2019-English-Full-Base-*"
+      ami_owner = "amazon"
+      family = "windows"
+      arch = "amd64"
     }
   }
 }
@@ -31,14 +81,11 @@ data "aws_ami" "selected" {
     values = [var.amis[var.testing_ami]["ami_search_pattern"]]
   }
 
-  filter {
-    name   = "owner-alias"
-    values = ["amazon"]
-  }
-
-  owners = ["amazon"] # Canonical
+  owners = [var.amis[var.testing_ami]["ami_owner"]] # Canonical
 }
 
+
+# this ami is used to launch the emitter instance
 data "aws_ami" "suse" {
   most_recent = true
 

terraform/ec2/main.tf

@@ -15,6 +15,19 @@ provider "aws" {
   region  = var.region
 }
 
+# get ami object
+locals {
+  selected_ami = var.amis[var.testing_ami]
+  ami_family = var.ami_family[local.selected_ami["family"]]
+  ami_id = data.aws_ami.selected.id
+  instance_type = local.ami_family["instance_type"]
+  otconfig_destination = local.ami_family["otconfig_destination"]
+  login_user = local.ami_family["login_user"]
+  connection_type = local.ami_family["connection_type"]
+  user_data = local.ami_family["user_data"]
+  download_command = format(local.ami_family["download_command_pattern"], "https://${var.package_s3_bucket}.s3.amazonaws.com/${local.selected_ami["family"]}/${local.selected_ami["arch"]}/${var.aoc_version}/${local.ami_family["install_package"]}")
+}
+
 ## get the ssh private key
 data "aws_s3_bucket_object" "ssh_private_key" {
   bucket = var.sshkey_s3_bucket
@@ -33,39 +46,43 @@ data "template_file" "otconfig" {
   }
 }
 
-# launch ec2 instance to install aoc [todo, support more amis, only amazonlinux2 is supported now]
+# launch ec2 instance to install aoc [todo, support more amis, only amazonlinux2 ubuntu, windows2019 is supported now]
 resource "aws_instance" "aoc" {
-  ami                         = data.aws_ami.selected.id
-  instance_type               = "t2.micro"
+  ami                         = local.ami_id
+  instance_type               = local.instance_type
   subnet_id                   = tolist(module.basic_components.aoc_public_subnet_ids)[0]
   vpc_security_group_ids      = [module.basic_components.aoc_security_group_id]
   associate_public_ip_address = true
   iam_instance_profile        = module.common.aoc_iam_role_name
   key_name                    = module.common.ssh_key_name
+  get_password_data = local.connection_type == "winrm" ? true : null
+  user_data = local.user_data
 
   provisioner "file" {
     content = data.template_file.otconfig.rendered
-    destination = "/tmp/ot-default.yml"
+    destination = local.otconfig_destination
 
     connection {
-      type = "ssh"
-      user = "ec2-user"
-      private_key = data.aws_s3_bucket_object.ssh_private_key.body
+      type = local.connection_type
+      user = local.login_user
+      private_key = local.connection_type == "ssh" ? data.aws_s3_bucket_object.ssh_private_key.body : null
+      password = local.connection_type == "winrm" ? rsadecrypt(aws_instance.aoc.password_data, data.aws_s3_bucket_object.ssh_private_key.body) : null
       host = aws_instance.aoc.public_ip
     }
   }
 
   provisioner "remote-exec" {
     inline = [
-      "wget https://${var.package_s3_bucket}.s3.amazonaws.com/amazon_linux/amd64/${var.aoc_version}/aws-observability-collector.rpm",
-      "sudo rpm -Uvh aws-observability-collector.rpm",
-      "sudo /opt/aws/aws-observability-collector/bin/aws-observability-collector-ctl -c /tmp/ot-default.yml -a start"
+      local.download_command,
+      local.ami_family["install_command"],
+      local.ami_family["start_command"]
     ]
 
     connection {
-      type = "ssh"
-      user = "ec2-user"
-      private_key = data.aws_s3_bucket_object.ssh_private_key.body
+      type = local.connection_type
+      user = local.login_user
+      private_key = local.connection_type == "ssh" ? data.aws_s3_bucket_object.ssh_private_key.body : null
+      password = local.connection_type == "winrm" ? rsadecrypt(aws_instance.aoc.password_data, data.aws_s3_bucket_object.ssh_private_key.body) : null
       host = aws_instance.aoc.public_ip
     }
   }
@@ -74,8 +91,6 @@ resource "aws_instance" "aoc" {
 
 ## launch a ec2 instance to install data emitter
 resource "aws_instance" "emitter" {
-  # don't do emitter instance if the sample app is not callable
-  count = var.sample_app_callable ? 1 : 0
   ami                         = data.aws_ami.suse.id
   instance_type               = "t2.micro"
   subnet_id                   = tolist(module.basic_components.aoc_public_subnet_ids)[0]
@@ -98,16 +113,14 @@ data "template_file" "docker_compose" {
   }
 }
 resource "null_resource" "sample-app-validator" {
-  count = var.sample_app_callable ? 1 : 0
-
   provisioner "file" {
     content = data.template_file.docker_compose.rendered
     destination = "/tmp/docker-compose.yml"
     connection {
       type = "ssh"
       user = "ec2-user"
       private_key = data.aws_s3_bucket_object.ssh_private_key.body
-      host = aws_instance.emitter[0].public_ip
+      host = aws_instance.emitter.public_ip
     }
   }
   provisioner "remote-exec" {
@@ -122,21 +135,12 @@ resource "null_resource" "sample-app-validator" {
       type = "ssh"
       user = "ec2-user"
       private_key = data.aws_s3_bucket_object.ssh_private_key.body
-      host = aws_instance.emitter[0].public_ip
+      host = aws_instance.emitter.public_ip
     }
   }
 
   provisioner "local-exec" {
-    command = "${module.common.validator_path} --args='-c ${var.validation_config} -t ${module.common.testing_id} --region ${var.region} --metric-namespace ${module.common.otel_service_namespace}/${module.common.otel_service_name} --endpoint http://${aws_instance.emitter[0].public_ip}'"
-    working_dir = "../../"
-  }
-}
-
-# only run it when aoc collects metrics without any sample apps
-resource "null_resource" "validator" {
-  count = !var.sample_app_callable ? 1 : 0
-  provisioner "local-exec" {
-    command = "${module.common.validator_path} --args='-c ${var.validation_config} -t ${module.common.testing_id} --region ${var.region} --metric-namespace ${module.common.otel_service_namespace}/${module.common.otel_service_name}'"
+    command = "${module.common.validator_path} --args='-c ${var.validation_config} -t ${module.common.testing_id} --region ${var.region} --metric-namespace ${module.common.otel_service_namespace}/${module.common.otel_service_name} --endpoint http://${aws_instance.emitter.public_ip}'"
     working_dir = "../../"
   }
 }

terraform/setup/setup.tf

@@ -132,11 +132,27 @@ resource "aws_security_group" "aoc_sg" {
     cidr_blocks = ["0.0.0.0/0"]
   }
 
+  ingress {
+    from_port = 5985
+    to_port = 5985
+    protocol = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port = 3389
+    to_port = 3389
+    protocol = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
   egress {
     from_port   = 0
     to_port     = 0
     protocol    = "-1"
     cidr_blocks = ["0.0.0.0/0"]
   }
+
+
 }