Merge pull request #48 from redis-field-engineering/dynatrace-tf

Author: slorello89

dynatrace_v2/.gitignore

@@ -0,0 +1,2 @@
+bundle.zip
+extension.zip

dynatrace_v2/README.adoc

@@ -11,29 +11,95 @@ use the https://www.dynatrace.com/support/help/extend-dynatrace/extensions20/ext
 
 * link:#Installation[Installation]
 * link:#Dashboards[Dashboards]
-* link:#Dashboards[Alternative Redis Plugins]
+* link:#Alternative-Redis-Plugins[Alternative Redis Plugins]
 * link:#Support[Support]
 * link:#License[License]
 
 == Installation
 
-The Dyntrace v2.0 Extensions support Prometheus metrics, and as such we have created the necessary extension file and
-dashboards so that this option is available. At this time Dynatrace are still testing their signing mechanism so that
-this extension is not available directly from them, but will have to be built and signed according to their instructions.
+The Dynatrace v2.0 Extensions Framework supports Prometheus metrics, and as such we have created the necessary extension file and
+dashboards so that this option is available. At this time Dynatrace are still testing their signing mechanism, so this
+extension is not available directly from them but will have to be built and signed according to their instructions.
 They have indicated that they will sign 3rd party extensions starting in Q1 2025, at which point this process will no
 longer be necessary.
 
-Clone the repository and cd into its root folder ('redis-enterprise-dynatrace-observability'). The contents are already
-in the required format; a 'src' directory containing a .yml file and a folder containing .json dashboard files.
+=== Setting Up the Dynatrace Extension
 
-Follow the instructions here:
+==== Prerequisites
 
-https://www.dynatrace.com/support/help/extend-dynatrace/extensions20/sign-extension
+* Python 3.7+ installed on your system
+* A Dynatrace tenant
+* An API token with permissions: `extensions.read`, `extensions.write`, `extensions.manage`, and `metrics.ingest`
+* Redis Enterprise Software or Redis Cloud with metrics exporter enabled on port 8070
+
+==== Step-by-Step Installation
+
+1. Set up a Python virtual environment and install dt-cli:
++
+[source,bash]
+----
+python -m venv dt-venv
+source dt-venv/bin/activate  # On Windows: dt-venv\Scripts\activate
+pip install dt-cli
+----
+
+2. Create certificates required for signing the extension:
++
+[source,bash]
+----
+# Create a directory for certificates
+mkdir -p secrets
+
+# Generate a CA certificate
+dt extension genca --no-ca-passphrase
+
+# Generate a CA key
+dt extension generate-developer-pem -o developer.pem --ca-crt ca.pem --ca-key ca.key  --name "Redis Developer"
+
+# Move certificates to the secrets directory
+mv ca.pem ca.key developer.pem developer.key secrets/
+----
+
+3. Assemble, sign, and upload the extension:
++
+[source,bash]
+----
+# Assemble the extension
+dt extension assemble
+
+# Sign the extension with your developer certificate
+dt extension sign --key secrets/developer.pem
+
+# Upload the extension to your Dynatrace tenant
+dt extension upload --tenant-url https://YOUR_TENANT_ID.live.dynatrace.com --api-token YOUR_API_TOKEN bundle.zip
+----
+
+4. *Important:* For remote monitoring, you need an ActiveGate or OneAgent. Install it by following the https://docs.dynatrace.com/docs/ingest-from/dynatrace-activegate/installation/linux[Dynatrace ActiveGate installation instructions].
+
+5. Install your CA certificate on the ActiveGate:
++
+[source,bash]
+----
+# Copy the CA certificate to ActiveGate
+sudo cp secrets/ca.pem /var/lib/dynatrace/remotepluginmodule/agent/conf/certificates/
+
+# Restart ActiveGate to apply changes
+sudo systemctl restart dynatracegateway
+----
+
+6. In your Dynatrace tenant:
+   * Go to "Settings" → "Extensions"
+   * Find "Redis Enterprise Extension" and click "Activate"
+   * Configure remote monitoring with your Redis endpoint: `https://YOUR_REDIS_SOFTWARE_ENDPOINT:8070/v2`
+
+=== Terraform Automation for GCP
+
+If you have an Active-Active Redis Enterprise deployment in GCP, you can use our Terraform scripts to automate the entire process. See the `terraform/gcp` directory for configuration details.
 
 == Dashboards
 
-This respository includes sample Dynatrace dashboards for monitoring your Redis deplyoment. See the
-link:/dynatrace/dashboards[dashboards] folder for the available set of dashboards.
+This repository includes sample Dynatrace dashboards for monitoring your Redis deployment. See the
+link:/src/dashboards[dashboards] folder for the available set of dashboards.
 
 == Support
 
@@ -43,4 +109,4 @@ please https://github.com/{project-owner}/{project-name}/issues[file an issue].
 
 == License
 
-This code in this repository is licensed under the MIT License. Copyright (C) 2023 Redis, Inc.
+This code in this repository is licensed under the MIT License. Copyright (C) 2023 Redis, Inc.

dynatrace_v2/terraform/gcp/.gitignore

@@ -0,0 +1,45 @@
+.tfvars
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+secrets
+modified.json
+extension.zip
+bundle.zip
+dt_object_id.txt
+.dt_venv

dynatrace_v2/terraform/gcp/.terraform.lock.hcl

@@ -0,0 +1,16 @@
+# example.auto.tfvars
+
+project                = ""
+region                 = ""
+zone                   = ""
+network                = ""
+subnet                 = ""
+ssh_private_key        = ""
+dynatrace_api_token    = ""
+custom_ca_pem          = ""
+developer_pem          = ""
+gcp_user_name          = ""
+tenant_id              = ""
+primary_endpoint       = ""
+secondary_endpoint     = ""
+extension_version      = ""

dynatrace_v2/terraform/gcp/.tfvars.example

@@ -0,0 +1,134 @@
+# main.tf
+
+provider "google" {
+  project = var.project
+  region  = var.region
+}
+
+terraform {
+    required_providers {
+        dynatrace = {
+            version = "~> 1.0"
+            source = "dynatrace-oss/dynatrace"
+        }
+    }
+} 
+
+data "google_compute_network" "primary_network" {
+    name = var.network   
+}
+
+resource "google_compute_instance" "activegate" {
+  name         = "dynatrace-activegate"
+  machine_type = "e2-medium"
+  zone         = var.zone
+
+  boot_disk {
+    initialize_params {
+      image = "ubuntu-os-cloud/ubuntu-2004-lts"
+    }
+  }
+
+  network_interface {
+    network    = var.network
+    subnetwork = var.subnet
+    access_config {}
+  }
+
+  tags = ["dynatrace"]
+}
+
+locals {
+  dynatrace_tenant_url = "https://${var.tenant_id}.live.dynatrace.com"
+  activegate_installer_url = "https://${var.tenant_id}.live.dynatrace.com/api/v1/deployment/installer/gateway/unix/latest?arch=x86"
+}
+
+resource "null_resource" "install_activegate" {
+  provisioner "remote-exec" {
+    inline = [
+      "#!/bin/bash",
+      "sudo apt-get update",
+      "sudo apt-get install -y wget",
+      "wget -O ActiveGate.sh \"${local.activegate_installer_url}\" --header=\"Authorization: Api-Token ${var.dynatrace_api_token}\"",
+      "chmod +x ActiveGate.sh",
+      "sudo ./ActiveGate.sh"
+    ]
+  }
+  connection {
+    type        = "ssh"
+    host        = google_compute_instance.activegate.network_interface[0].access_config[0].nat_ip
+    user        = var.gcp_user_name
+    private_key = file(var.ssh_private_key)
+  }
+  depends_on = [google_compute_instance.activegate]
+}
+
+
+
+resource "null_resource" "upload_extension" {
+  provisioner "local-exec" {
+    command = <<EOT
+      python3 -m venv .dt_venv
+      source .dt_venv/bin/activate
+      pip install dt-cli
+      base_dir=$(pwd)
+      cd ../..
+      dt extension assemble
+      dt extension sign --key $base_dir/${var.developer_pem}
+      dt extension upload --tenant-url ${local.dynatrace_tenant_url} --api-token ${var.dynatrace_api_token} bundle.zip
+    EOT
+  }
+  provisioner "local-exec" {
+    when = destroy
+    command = <<EOT
+      python3 -m venv .dt_venv
+      source .dt_venv/bin/activate
+      DTCLI_API_TOKEN=${self.triggers.dynatrace_api_token} dt extension delete --tenant-url ${self.triggers.dynatrace_tenant_url} custom:com.redis.enterprise.extension
+    EOT
+    
+  }
+  triggers = {
+    extension_hash = filesha256("../../src/extension.yaml")
+    dynatrace_api_token = var.dynatrace_api_token
+    dynatrace_tenant_url = local.dynatrace_tenant_url
+  }
+  depends_on = [null_resource.install_activegate]
+}
+
+resource "null_resource" "install_ca_pem" {
+  provisioner "file" {
+    source      = var.custom_ca_pem
+    destination = "ca.pem"
+  }
+  provisioner "remote-exec" {
+    inline = [
+      "sudo mv ~/ca.pem /var/lib/dynatrace/remotepluginmodule/agent/conf/certificates/ca.pem",
+      "sudo systemctl restart dynatracegateway"
+    ]
+  }
+  connection {
+    type        = "ssh"
+    host        = google_compute_instance.activegate.network_interface[0].access_config[0].nat_ip
+    user        = var.gcp_user_name
+    private_key = file(var.ssh_private_key)
+  }
+  depends_on = [null_resource.install_activegate]
+}
+
+
+resource "null_resource" "create_monitoring_configuration" {
+  depends_on = [ google_compute_instance.activegate, null_resource.upload_extension, null_resource.install_ca_pem, null_resource.install_activegate ]
+  provisioner "local-exec" {
+    command = "./start-monitoring.sh ${var.primary_endpoint} ${var.secondary_endpoint} ${var.extension_version} ${var.dynatrace_api_token} ${var.tenant_id}"
+  } 
+
+  provisioner "local-exec" {
+    when = destroy    
+    command = "./stop-monitoring.sh ${self.triggers.token} ${self.triggers.tenant_id}"
+  }
+
+  triggers = {
+    token = var.dynatrace_api_token
+    tenant_id = var.tenant_id
+  }
+}