forked from oracle-quickstart/oci-ebs-monitoring
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
217 lines (178 loc) · 8.38 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
# Copyright (c) 2022, Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
locals {
namespace = data.oci_objectstorage_namespace.os_namespace.namespace
timestamp = formatdate("YYYYMMDDhhmmss", timestamp())
instance_dynamic_group_name = "Mgmtagent_Compute_Dynamicgroup_${local.timestamp}"
instance_policy_name = "Mgmtagent_Compute_Policies_${local.timestamp}"
instance_tenancy_policy_name = "Mgmtagent_Tenancy_Policies_${local.timestamp}"
mgmtagent_dynamic_group_name = "Mgmtagent_Dynamicgroup_${local.timestamp}"
mgmtagent_policy_name = "Mgmtagent_Policies_${local.timestamp}"
db_name = "${var.la_entity_name}"
log_group_name = "EBSDBLogs"
}
# Compute instance dynamic group and policies
module "create_instance_dynamicgroup" {
source = "./modules/identity"
count = var.setup_policies ? 1 : 0
providers = {
oci = oci.home
}
tenancy_ocid = var.tenancy_ocid
dynamic_group_name = local.instance_dynamic_group_name
dynamic_group_description = "This is the compute instance dynamic group created by Agent stack"
matching_rule = "ANY {instance.compartment.id = '${var.db_compartment}'}"
create_policies = false
policy_name = local.instance_policy_name
policy_description = "This policy allows compute instances to manage Management agents"
policy_compartment_id = var.db_compartment
policy_statements = [
"ALLOW DYNAMIC-GROUP ${local.instance_dynamic_group_name} TO MANAGE management-agents IN COMPARTMENT ID ${var.db_compartment}",
"ALLOW DYNAMIC-GROUP ${local.instance_dynamic_group_name} TO READ secret-family in COMPARTMENT ID ${var.db_cred_compartment} where target.secret.id = '${var.db_credentials}'"
]
}
# Create policies for compute dynamic group at tenancy level
module "instance_tenancy_policies" {
depends_on = [
module.create_instance_dynamicgroup, module.create_mgmtagent_dynamicgroup
]
source = "./modules/identity"
count = var.setup_policies ? 1 : 0
providers = {
oci = oci.home
}
create_dynamicgroup = false
policy_name = local.instance_tenancy_policy_name
policy_description = "These polices allow compute instances to install and configure mgmt agent and Agents to upload logs to Log Analytics"
policy_compartment_id = var.tenancy_ocid
policy_statements = [
"Allow DYNAMIC-GROUP ${local.mgmtagent_dynamic_group_name} to {LOG_ANALYTICS_LOG_GROUP_UPLOAD_LOGS} in tenancy",
"ALLOW DYNAMIC-GROUP ${local.mgmtagent_dynamic_group_name} TO MANAGE management-agents IN COMPARTMENT ID ${var.db_compartment}",
"ALLOW DYNAMIC-GROUP ${local.mgmtagent_dynamic_group_name} TO USE METRICS IN COMPARTMENT ID ${var.db_compartment}",
"ALLOW DYNAMIC-GROUP ${local.instance_dynamic_group_name} TO MANAGE management-agents IN COMPARTMENT ID ${var.db_compartment}",
# "ALLOW DYNAMIC-GROUP ${local.instance_dynamic_group_name} TO MANAGE management-agent-install-keys IN COMPARTMENT ID ${var.db_compartment}",
"ALLOW DYNAMIC-GROUP ${local.instance_dynamic_group_name} TO MANAGE OBJECTS IN COMPARTMENT ID ${var.db_compartment}",
"ALLOW DYNAMIC-GROUP ${local.instance_dynamic_group_name} TO READ BUCKETS IN COMPARTMENT ID ${var.db_compartment}",
"ALLOW DYNAMIC-GROUP ${local.instance_dynamic_group_name} TO READ secret-family in COMPARTMENT ID ${var.db_cred_compartment} where target.secret.id = '${var.db_credentials}'"
]
}
# Management agent dynamic group and policies
module "create_mgmtagent_dynamicgroup" {
source = "./modules/identity"
count = var.setup_policies ? 1 : 0
providers = {
oci = oci.home
}
tenancy_ocid = var.tenancy_ocid
dynamic_group_name = local.mgmtagent_dynamic_group_name
dynamic_group_description = "This is a Management Agent dynamic group created by Agent stack"
matching_rule = "ALL {resource.type='managementagent', resource.compartment.id='${var.db_compartment}'}"
create_policies = false
policy_name = local.mgmtagent_policy_name
policy_description = "These are the required policies for Management Agent functionality"
policy_compartment_id = var.db_compartment
policy_statements = [
"ALLOW DYNAMIC-GROUP ${local.mgmtagent_dynamic_group_name} TO MANAGE management-agents IN COMPARTMENT ID ${var.db_compartment}",
"ALLOW DYNAMIC-GROUP ${local.mgmtagent_dynamic_group_name} TO USE METRICS IN COMPARTMENT ID ${var.db_compartment}"
]
}
module "create_compute_instance" {
depends_on = [
module.create_mgmtagent_dynamicgroup, module.create_instance_dynamicgroup, module.instance_tenancy_policies
]
source = "./modules/core_compute"
tenancy_id = var.tenancy_ocid
compartment_ocid = var.db_compartment
availability_domain = var.availability_domain
display_name = var.instance_name
compute_shape = var.instance_shape
subnet_id = var.subnet_ocid
public_key = var.user_ssh_secret
db_secret_ocid = var.db_credentials
db_user = var.db_username
db_name = local.db_name
namespace = local.namespace
log_group_ocid = var.create_log_group? oci_log_analytics_log_analytics_log_group.test_log_group[0].id : var.log_group_ocid
bucket_name = var.bucket_name
file_name = var.file_name
}
# This creates a 3 minutes delay that is required in further execution
module "wait_until_agent_is_ready" {
depends_on = [
module.create_compute_instance
]
source = "./modules/time_delay"
wait_in_minutes = 3
}
module "macs_interactions" {
# Wait for some time as agent creation might take time and might not be available immediately
depends_on = [
module.create_compute_instance,
module.wait_until_agent_is_ready
]
source = "./modules/macs"
instance_ocid = module.create_compute_instance.host_details.id
compartment_ocid = var.db_compartment
}
# Creates Log Analytics entity
module "la_entity" {
depends_on = [
module.macs_interactions
]
source = "./modules/logan_entity"
compartment_id = var.resource_compartment
namespace = local.namespace
entity_type_name = "Oracle Database Instance"
name = local.db_name
management_agent_id = module.macs_interactions.agent_details.id
properties = tomap({ "host_name" = "${var.db_host}", "db_port" = "${var.db_port}", "service_name" = "${var.db_service}" })
}
resource "oci_log_analytics_log_analytics_log_group" "test_log_group" {
compartment_id = var.resource_compartment
display_name = local.log_group_name
count = var.create_log_group ? 1 : 0
namespace = local.namespace
description = "Group for RBS DB Logs"
}
module "logan_sources" {
depends_on = [
module.la_entity
]
source = "./modules/logan_sources"
auth_type = var.auth_type
config_file_profile = var.config_file_profile
namespace = local.namespace
compartment_id = var.resource_compartment
for_each = toset(split(",", var.products))
path = format("%s/%s", "./contents/sources", each.value)
}
resource "null_resource" "import_lookups" {
provisioner "local-exec" {
command = "python3 ./scripts/import_lookup.py -t Lookup -a ${var.auth_type} -p ${var.config_file_profile} -n \"EBS Functional Sensors\" -f ./contents/lookups/EBS_Lookup.csv"
}
}
# This creates a 3 minutes delay that is required in further execution
module "wait_until_entity_is_ready" {
depends_on = [
module.la_entity
]
source = "./modules/time_delay"
wait_in_minutes = 3
}
module "create_assoc" {
depends_on = [
module.wait_until_entity_is_ready, module.logan_sources
]
source = "./modules/logan_associations"
for_each = toset(split(",", var.products))
auth_type = var.auth_type
config_file_profile = var.config_file_profile
entity_compartment_id = var.resource_compartment
entity_id = module.la_entity.entity_id
filepath = format("%s/%s", "./contents/sources", each.value)
loggroup_id = var.create_log_group? oci_log_analytics_log_analytics_log_group.test_log_group[0].id : var.log_group_ocid
}
resource "oci_management_dashboard_management_dashboards_import" "multiple_dashboard_files" {
for_each = var.dashboard_files
import_details = templatefile(format("%s/%s/%s", path.root,"contents/dashboards", each.value), {"compartment_ocid" : "${var.resource_compartment}"})
}