Skip to content

Commit

Permalink
bbrooks/Mongo-Preview (#3970)
Browse files Browse the repository at this point in the history 
* Removed removal of Mongo scripts to check they're correct

* Removing the deleting of the remvoing of the files

* Creation of Prod AMI and Staging/Prod using it

* Triggering CICD

* Removing SELinux module after it gets loaded

* Moved rm for Mongo scripts which resolved that specific issue

* Addressed the errors/warnings in AMI build, moved the metrics/system CloudWatch configuration to user-data

* Trigger CI with new AMIs
  • Loading branch information
@cthulhuplus
cthulhuplus authored Apr 19, 2022
1 parent a1e0ca1 commit 4219479
Show file tree
Hide file tree
Showing 6 changed files with 407 additions and 85 deletions.
52 changes: 52 additions & 0 deletions bin/preview-deploy/aws.user-data.sh
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,56 @@
#!/bin/bash
# Configure CloudWatch Agent
touch /opt/aws/amazon-cloudwatch-agent/doc/cwagent.json
cat <<CWAGENTCONFIG > /opt/aws/amazon-cloudwatch-agent/doc/cwagent.json
{
"agent": {
"metrics_collection_interval": 60,
"run_as_user": "cwagent"
},
"metrics": {
"aggregation_dimensions": [
[
"InstanceId"
]
],
"append_dimensions": {
"AutoScalingGroupName": "${aws:AutoScalingGroupName}",
"ImageId": "${aws:ImageId}",
"InstanceId": "${aws:InstanceId}",
"InstanceType": "${aws:InstanceType}"
},
"metrics_collected": {
"collectd": {
"metrics_aggregation_interval": 60
},
"disk": {
"measurement": [
"used_percent"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"mem": {
"measurement": [
"mem_used_percent"
],
"metrics_collection_interval": 60
},
"statsd": {
"metrics_aggregation_interval": 60,
"metrics_collection_interval": 10,
"service_address": ":8125"
}
}
}
}
CWAGENTCONFIG

/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:/opt/aws/amazon-cloudwatch-agent/doc/cwagent.json

sudo yum install -y gcc-c++

# Test to see the command that is getting built for pulling the Git Branch
Expand Down
2 changes: 1 addition & 1 deletion bin/prod-deploy/aws.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -301,7 +301,7 @@ function findAMI() {
aws ec2 describe-images \
--query 'Images[*].{id:ImageId,name:Name,date:CreationDate}' \
--filter 'Name=is-public,Values=false' \
--filter 'Name=name,Values=EAST-RH 7-*Gold*(HVM)*' \
--filter 'Name=name,Values=eAPD Production AMI - *' \
| jq -r -c 'sort_by(.date)|last|.id'
}

Expand Down
51 changes: 51 additions & 0 deletions bin/prod-deploy/aws.user-data.sh
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,55 @@
#!/bin/bash
# Configure CloudWatch Agent
touch /opt/aws/amazon-cloudwatch-agent/doc/cwagent.json
cat <<CWAGENTCONFIG > /opt/aws/amazon-cloudwatch-agent/doc/cwagent.json
{
"agent": {
"metrics_collection_interval": 60,
"run_as_user": "cwagent"
},
"metrics": {
"aggregation_dimensions": [
[
"InstanceId"
]
],
"append_dimensions": {
"AutoScalingGroupName": "${aws:AutoScalingGroupName}",
"ImageId": "${aws:ImageId}",
"InstanceId": "${aws:InstanceId}",
"InstanceType": "${aws:InstanceType}"
},
"metrics_collected": {
"collectd": {
"metrics_aggregation_interval": 60
},
"disk": {
"measurement": [
"used_percent"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"mem": {
"measurement": [
"mem_used_percent"
],
"metrics_collection_interval": 60
},
"statsd": {
"metrics_aggregation_interval": 60,
"metrics_collection_interval": 10,
"service_address": ":8125"
}
}
}
}
CWAGENTCONFIG

/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:/opt/aws/amazon-cloudwatch-agent/doc/cwagent.json

# Add a user group for the default user, and make it the owner of the /app
# directory, then give the directory group write permission
Expand Down
101 changes: 17 additions & 84 deletions packer/bootstrap202202171243.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@ EOF
checkmodule -M -m -o mongodb_cgroup_memory.mod mongodb_cgroup_memory.te
semodule_package -o mongodb_cgroup_memory.pp -m mongodb_cgroup_memory.mod
sudo semodule -i mongodb_cgroup_memory.pp
rm mongodb_cgroup_memory.te
# Start & Enable Mongo
systemctl daemon-reload
Expand All @@ -96,8 +97,17 @@ systemctl start mongod
systemctl enable nginx
systemctl restart nginx
su - postgres << PG_USER
# Prepare PostGres test database
psql -c "CREATE DATABASE hitech_apd;"
psql -c "ALTER USER postgres WITH PASSWORD 'cms';"
#sudo -u postgres psql -c "CREATE DATABASE hitech_apd;"
#sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD 'cms';"
PG_USER
R_USER

# Test to see the command that is getting built for pulling the Git Branch
su ec2-user <<E_USER
sudo su - $(whoami) <<E_USER
# The su block begins inside the root user's home directory. Switch to the
# ec2-user home directory.
cd ~
Expand All @@ -112,10 +122,7 @@ export DATABASE_URL="$DATABASE_URL"
export OKTA_DOMAIN="$OKTA_DOMAIN"
export OKTA_API_KEY="$OKTA_API_KEY"
export ENVIRONMENT="$ENVIRONMENT"
# Prepare PostGres test database
sudo -u postgres psql -c "CREATE DATABASE hitech_apd;"
sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD 'cms';"
export TERM="xterm"
#Migrate from PostGres
# Seed eAPD Mongo Database
Expand All @@ -139,100 +146,28 @@ cd ~
cat <<MONGOROOTUSERSEED > mongo-init.sh
mongo $MONGO_INITDB_DATABASE --eval "db.runCommand({'createUser' : '$MONGO_INITDB_ROOT_USERNAME','pwd' : '$MONGO_INITDB_ROOT_PASSWORD', 'roles' : [{'role' : 'root','db' : '$MONGO_INITDB_DATABASE'}]});"
MONGOROOTUSERSEED
cd ~/eAPD/api
sh ~/mongo-init.sh
#NODE_ENV=production MONGO_ADMIN_URL=$MONGO_ADMIN_URL DATABASE_URL=$DATABASE_URL OKTA_DOMAIN=$OKTA_DOMAIN OKTA_API_KEY=$OKTA_API_KEY yarn run migrate
cd ~
cat <<MONGOUSERSEED > mongo-user.sh
mongo $MONGO_INITDB_DATABASE --eval "db.runCommand({'createUser' : '$MONGO_DATABASE_USERNAME','pwd' : '$MONGO_DATABASE_PASSWORD', 'roles' : [{'role':'readWrite', 'db': '$MONGO_DATABASE'}, {'role' : 'dbAdmin', 'db' :'$MONGO_DATABASE'}]});"
MONGOUSERSEED
sh ~/mongo-user.sh
rm ~/mongo-user.sh
rm ~/mongo-init.sh
E_USER

sudo su <<R_USER
# Harden & Restart Mongo
sed -i 's|#security:|security:|g' /etc/mongod.conf
sed -i '/security:/a \ \ authorization: "enabled"' /etc/mongod.conf
sed -i 's|bindIp:.*|bindIp: 0.0.0.0|g' /etc/mongod.conf
systemctl restart mongod
rm /home/ec2-user/mongo-user.sh
rm /home/ec2-user/mongo-init.sh
# Configure CloudWatch Agent
mkdir -p /opt/aws/amazon-cloudwatch-agent/doc/
touch /opt/aws/amazon-cloudwatch-agent/doc/cwagent.json
cat <<CWAGENTCONFIG > /opt/aws/amazon-cloudwatch-agent/doc/cwagent.json
{
"agent": {
"metrics_collection_interval": 60,
"run_as_user": "cwagent"
},
"metrics": {
"append_dimensions": {
"AutoScalingGroupName": "${aws:AutoScalingGroupName}",
"ImageId": "${aws:ImageId}",
"InstanceId": "${aws:InstanceId}",
"InstanceType": "${aws:InstanceType}"
},
"metrics_collected": {
"collectd": {
"metrics_aggregation_interval": 60
},
"cpu": {
"measurement": [
"cpu_usage_idle",
"cpu_usage_iowait",
"cpu_usage_user",
"cpu_usage_system"
],
"metrics_collection_interval": 60,
"totalcpu": false
},
"disk": {
"measurement": [
"used_percent",
"inodes_free"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"diskio": {
"measurement": [
"io_time"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"mem": {
"measurement": [
"mem_used_percent"
],
"metrics_collection_interval": 60
},
"statsd": {
"metrics_aggregation_interval": 60,
"metrics_collection_interval": 60,
"service_address": ":8125"
},
"swap": {
"measurement": [
"swap_used_percent"
],
"metrics_collection_interval": 60
}
}
}
}
CWAGENTCONFIG
touch /opt/aws/amazon-cloudwatch-agent/doc/app-logs.json
cat <<CWAPPLOGCONFIG > /opt/aws/amazon-cloudwatch-agent/doc/app-logs.json
{
"logs": {
"logs_collected": {
Expand Down Expand Up @@ -383,8 +318,6 @@ cat <<CWVAROPTCONFIG > /opt/aws/amazon-cloudwatch-agent/doc/var-opt.json
CWVAROPTCONFIG
/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:/opt/aws/amazon-cloudwatch-agent/doc/cwagent.json
/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a append-config -m ec2 -s -c file:/opt/aws/amazon-cloudwatch-agent/doc/var-log.json
/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a append-config -m ec2 -s -c file:/opt/aws/amazon-cloudwatch-agent/doc/var-opt.json
Expand Down
39 changes: 39 additions & 0 deletions packer/prod-ami.pkr.hcl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
variable "vpc_id" {}
variable "subnet_id" {}
variable "ami_name" {}
variable "gold_owner" {}
variable "environment" {}

locals { timestamp = regex_replace(timestamp(), "[- TZ:]", "") }

source "amazon-ebs" "Golden_Image" {
ami_name = "eAPD Production AMI - ${local.timestamp}"
instance_type = "t3.medium"
access_key = ""
secret_key = ""
region = ""
source_ami_filter {
filters = {
name = "EAST-RH 7-9 Gold Image V.*"
root-device-type = "ebs"
virtualization-type = "hvm"
}
most_recent = true
owners = [var.gold_owner]
}
ssh_username = "ec2-user"
associate_public_ip_address = true
vpc_id = var.vpc_id
subnet_id = var.subnet_id
}

build {
sources = ["source.amazon-ebs.Golden_Image"]

provisioner "shell" {
environment_vars = [
"ENVIRONMENT=${var.environment}"
]
script = "./prodlogging.sh"
}
}
Loading

0 comments on commit 4219479

Please sign in to comment.