Merge pull request #1 from kolosovpetro/infra-updates

Infrastructure Updates
kolosovpetro · Dec 1, 2024 · b03af6b · b03af6b
2 parents 11318c4 + 8272b04
commit b03af6b
Show file tree

Hide file tree

Showing 33 changed files with 587 additions and 52 deletions.
diff --git a/Initialize-Control-Node.ps1 b/Initialize-Control-Node.ps1
@@ -0,0 +1,50 @@
+# Copy the SSH private key to the control node
+Write-Output "Starting: Copying the SSH private key to the control node..."
+scp "$env:USER_DIRECTORY/.ssh/id_rsa" razumovsky_r@prom-server.razumovsky.me:~/.ssh
+if (-not $?)
+{
+    Write-Output "Error: Failed to copy the SSH private key. Stopping execution."
+    exit 1
+}
+Write-Output "Completed: SSH private key copied to the control node."
+
+# Secure the SSH private key on the control node
+Write-Output "Starting: Securing the SSH private key on the control node..."
+ssh razumovsky_r@prom-server.razumovsky.me "chmod 600 ~/.ssh/id_rsa"
+if (-not $?)
+{
+    Write-Output "Error: Failed to secure the SSH private key. Stopping execution."
+    exit 1
+}
+Write-Output "Completed: SSH private key secured on the control node."
+
+# Copy the Ansible configuration file to the control node
+Write-Output "Starting: Copying the Ansible configuration file to the control node..."
+scp "../ansible.cfg" razumovsky_r@prom-server.razumovsky.me:~/ansible.cfg
+if (-not $?)
+{
+    Write-Output "Error: Failed to copy the Ansible configuration file. Stopping execution."
+    exit 1
+}
+Write-Output "Completed: Ansible configuration file copied to the control node."
+
+# Move the Ansible configuration file to the correct location
+Write-Output "Starting: Moving the Ansible configuration file to /etc/ansible/ on the control node..."
+ssh razumovsky_r@prom-server.razumovsky.me "sudo mv ~/ansible.cfg /etc/ansible/ansible.cfg"
+if (-not $?)
+{
+    Write-Output "Error: Failed to move the Ansible configuration file. Stopping execution."
+    exit 1
+}
+Write-Output "Completed: Ansible configuration file moved to /etc/ansible/."
+
+# Copy the inventory file to the control node
+Write-Output "Starting: Copying the inventory file to the control node..."
+scp "../inventory/inventory.ini" razumovsky_r@prom-server.razumovsky.me:~/inventory.ini
+ssh razumovsky_r@prom-server.razumovsky.me "sudo mv ~/inventory.ini /etc/ansible"
+if (-not $?)
+{
+    Write-Output "Error: Failed to copy the inventory file. Stopping execution."
+    exit 1
+}
+Write-Output "Completed: Inventory file copied to the control node."
diff --git a/README.md b/README.md
@@ -1,14 +1,22 @@
 # Prometheus
 
-## URLs
+- https://github.com/prometheus/prometheus
+- https://github.com/prometheus/node_exporter
+- https://github.com/prometheus-community/windows_exporter
 
-- prometheus.server.razumovsky.me
-- prometheus.target.razumovsky.me
+## DNS
+
+- http://prom-server.razumovsky.me
+- http://prom-server.razumovsky.me:9090
+- http://linux-target.razumovsky.me
+- http://linux-target.razumovsky.me:9100/metrics
+- http://windows-target.razumovsky.me
+- http://windows-target.razumovsky.me:9182/metrics
 
 ## SSH connection
 
-- ssh razumovsky_r@prometheus.server.razumovsky.me
-- ssh razumovsky_r@prometheus.target.razumovsky.me
+- ssh razumovsky_r@prom-server.razumovsky.me
+- ssh razumovsky_r@linux-target.razumovsky.me
 
 ## Creating scrape service
 
@@ -21,3 +29,4 @@
 ## Notes
 
 - Linux default scrape port: 9100
+- Windows default scrape port: 9182
diff --git a/cloudflare.tf b/cloudflare.tf
@@ -0,0 +1,27 @@
+data "cloudflare_zone" "razumovsky_me_zone" {
+  name = local.domain_name
+}
+
+resource "cloudflare_record" "prom_server_dns" {
+  zone_id = data.cloudflare_zone.razumovsky_me_zone.id
+  name    = local.prometheus_server.subdomain
+  content = module.prometheus_server_vm.public_ip_address
+  type    = "A"
+  proxied = false
+}
+
+resource "cloudflare_record" "linux_target_dns" {
+  zone_id = data.cloudflare_zone.razumovsky_me_zone.id
+  name    = local.linux_target.subdomain
+  content = module.linux_target_vm.public_ip_address
+  type    = "A"
+  proxied = false
+}
+
+resource "cloudflare_record" "windows_target_dns" {
+  zone_id = data.cloudflare_zone.razumovsky_me_zone.id
+  name    = local.windows_target.subdomain
+  content = module.windows_target_vm.public_ip_address
+  type    = "A"
+  proxied = false
+}
diff --git a/img/Prometheus_concept_diagram.png b/img/Prometheus_concept_diagram.png
diff --git a/locals.tf b/locals.tf
@@ -1,17 +1,21 @@
 locals {
-  
+
   resource_group_name = "rg-prom-${var.prefix}"
+  domain_name         = "razumovsky.me"
 
   linux_target = {
-    name = "linux-target"
+    name      = "linux-target"
+    subdomain = "linux-target"
   }
 
   windows_target = {
-    name = "windows-target"
+    name      = "windows-target"
+    subdomain = "windows-target"
   }
 
 
   prometheus_server = {
-    name = "prom-server"
+    name      = "prom-server"
+    subdomain = "prom-server"
   }
 }
diff --git a/main.tf b/main.tf
@@ -12,6 +12,30 @@ module "network" {
   server_subnet_name      = "server-subnet-${var.prefix}"
 }
 
+module "prometheus_server_vm" {
+  source                            = "./modules/ubuntu-vm-public-key-auth"
+  ip_configuration_name             = "ipc-${local.prometheus_server.name}-${var.prefix}"
+  network_interface_name            = "nic-${local.prometheus_server.name}-${var.prefix}"
+  os_profile_admin_public_key_path  = var.os_profile_admin_public_key_path
+  os_profile_admin_username         = var.os_profile_admin_username
+  os_profile_computer_name          = "vm-${local.prometheus_server.name}-${var.prefix}"
+  resource_group_location           = azurerm_resource_group.public.location
+  resource_group_name               = azurerm_resource_group.public.name
+  storage_image_reference_offer     = var.storage_image_reference_offer
+  storage_image_reference_publisher = var.storage_image_reference_publisher
+  storage_image_reference_sku       = var.storage_image_reference_sku
+  storage_image_reference_version   = var.storage_image_reference_version
+  storage_os_disk_caching           = var.storage_os_disk_caching
+  storage_os_disk_create_option     = var.storage_os_disk_create_option
+  storage_os_disk_managed_disk_type = var.storage_os_disk_managed_disk_type
+  storage_os_disk_name              = "osdisk-${local.prometheus_server.name}-${var.prefix}"
+  vm_name                           = "vm-${local.prometheus_server.name}-${var.prefix}"
+  vm_size                           = var.vm_size
+  public_ip_name                    = "pip-${local.prometheus_server.name}-${var.prefix}"
+  subnet_id                         = module.network.prom_server_subnet_id
+  network_security_group_id         = azurerm_network_security_group.public.id
+}
+
 module "linux_target_vm" {
   source                            = "./modules/ubuntu-vm-public-key-auth"
   ip_configuration_name             = "ipc-${local.linux_target.name}-${var.prefix}"
@@ -29,23 +53,21 @@ module "linux_target_vm" {
   storage_os_disk_create_option     = var.storage_os_disk_create_option
   storage_os_disk_managed_disk_type = var.storage_os_disk_managed_disk_type
   storage_os_disk_name              = "osdisk-${local.linux_target.name}-${var.prefix}"
-  subnet_name                       = module.network.targets_subnet_name
   vm_name                           = "vm-${local.linux_target.name}-${var.prefix}"
   vm_size                           = var.vm_size
-  vnet_name                         = module.network.vnet_name
   public_ip_name                    = "pip-${local.linux_target.name}-${var.prefix}"
   subnet_id                         = module.network.target_subnet_id
-  nsg_name                          = "nsg-${local.linux_target.name}-${var.prefix}"
+  network_security_group_id         = azurerm_network_security_group.public.id
 }
 
 module "windows_target_vm" {
   source                      = "./modules/windows-vm"
   ip_configuration_name       = "ipc-${local.windows_target.name}-${var.prefix}"
   network_interface_name      = "nic-${local.windows_target.name}-${var.prefix}"
-  network_security_group_id   = "nsg-${local.windows_target.name}-${var.prefix}"
+  network_security_group_id   = azurerm_network_security_group.public.id
   os_profile_admin_password   = var.os_profile_admin_password
   os_profile_admin_username   = var.os_profile_admin_username
-  os_profile_computer_name    = "vm-${local.windows_target.name}-${var.prefix}"
+  os_profile_computer_name    = "vm-win-target"
   public_ip_name              = "pip-${local.windows_target.name}-${var.prefix}"
   resource_group_location     = azurerm_resource_group.public.location
   resource_group_name         = azurerm_resource_group.public.name
@@ -54,4 +76,44 @@ module "windows_target_vm" {
   subnet_id                   = module.network.target_subnet_id
   vm_name                     = "vm-${local.windows_target.name}-${var.prefix}"
   vm_size                     = var.vm_size
+}
+
+module "storage" {
+  source                      = "./modules/storage"
+  storage_account_name        = "storpromdemo${var.prefix}"
+  storage_account_replication = var.storage_account_replication
+  storage_account_tier        = var.storage_account_tier
+  storage_container_name      = "contvmwin${var.prefix}"
+  storage_location            = azurerm_resource_group.public.location
+  storage_resource_group_name = azurerm_resource_group.public.name
+}
+
+module "configure_windows_servers_winrm_extension" {
+  source                                = "./modules/custom-script-extension"
+  custom_script_extension_absolute_path = "E:\\RiderProjects\\03_TERRAFORM_PROJECTS\\prometheus-learning\\scripts\\Configure-Ansible-Host.ps1"
+  custom_script_extension_file_name     = "Configure-Ansible-Host.ps1"
+  extension_name                        = "ConfigureAnsibleHost"
+  storage_account_name                  = module.storage.storage_account_name
+  storage_container_name                = module.storage.storage_container_name
+  virtual_machine_id                    = module.windows_target_vm.id
+}
+
+module "control_node_install_ansible_extension" {
+  source                                = "./modules/linux-custom-script-extension"
+  custom_script_extension_absolute_path = "E:\\RiderProjects\\03_TERRAFORM_PROJECTS\\prometheus-learning\\scripts\\install_ansible.sh"
+  custom_script_extension_file_name     = "install_ansible.sh"
+  extension_name                        = "InstallAnsible"
+  storage_account_name                  = module.storage.storage_account_name
+  storage_container_name                = module.storage.storage_container_name
+  virtual_machine_id                    = module.prometheus_server_vm.id
+}
+
+module "managed_nodes_install_nginx" {
+  source                                = "./modules/linux-custom-script-extension"
+  custom_script_extension_absolute_path = "E:\\RiderProjects\\03_TERRAFORM_PROJECTS\\prometheus-learning\\scripts\\install_nginx.sh"
+  custom_script_extension_file_name     = "install_nginx.sh"
+  extension_name                        = "InstallNginx"
+  storage_account_name                  = module.storage.storage_account_name
+  storage_container_name                = module.storage.storage_container_name
+  virtual_machine_id                    = module.linux_target_vm.id
 }
diff --git a/modules/ubuntu-vm-public-key-auth/main.tf b/modules/ubuntu-vm-public-key-auth/main.tf
@@ -59,3 +59,8 @@ resource "azurerm_virtual_machine" "public" {
     azurerm_network_interface_security_group_association.public
   ]
 }
+
+resource "azurerm_network_interface_security_group_association" "public" {
+  network_interface_id      = azurerm_network_interface.public.id
+  network_security_group_id = var.network_security_group_id
+}
diff --git a/modules/ubuntu-vm-public-key-auth/output.tf b/modules/ubuntu-vm-public-key-auth/output.tf
@@ -1,4 +1,4 @@
-output "public_ip" {
+output "public_ip_address" {
   value = azurerm_public_ip.public.ip_address
 }
 
@@ -9,3 +9,7 @@ output "public_ip_id" {
 output "username" {
   value = var.os_profile_admin_username
 }
+
+output "id" {
+  value = azurerm_virtual_machine.public.id
+}
diff --git a/modules/ubuntu-vm-public-key-auth/variables.tf b/modules/ubuntu-vm-public-key-auth/variables.tf
@@ -8,16 +8,6 @@ variable "resource_group_location" {
   description = "Location of the resource group."
 }
 
-variable "vnet_name" {
-  type        = string
-  description = "Name of the virtual network"
-}
-
-variable "subnet_name" {
-  type        = string
-  description = "Name of the subnet"
-}
-
 variable "subnet_id" {
   type        = string
   description = "ID of the subnet"
@@ -103,7 +93,7 @@ variable "public_ip_name" {
   description = "Name of the public IP"
 }
 
-variable "nsg_name" {
+variable "network_security_group_id" {
   type        = string
-  description = "Name of the network security group"
+  description = "ID of the network security group"
 }
diff --git a/modules/windows-vm/output.tf b/modules/windows-vm/output.tf
@@ -2,10 +2,6 @@ output "public_ip_address" {
   value = azurerm_public_ip.public.ip_address
 }
 
-output "private_ip_address" {
-  value = var.private_ip_address
-}
-
 output "public_ip_id" {
   value = azurerm_public_ip.public.id
 }

diff --git a/modules/ubuntu-vm-public-key-auth/nsg.tf → nsg.tf b/modules/ubuntu-vm-public-key-auth/nsg.tf → nsg.tf
@@ -1,7 +1,7 @@
 resource "azurerm_network_security_group" "public" {
-  name                = var.nsg_name
-  location            = var.resource_group_location
-  resource_group_name = var.resource_group_name
+  name                = "nsg-prometheus-${var.prefix}"
+  location            = azurerm_resource_group.public.location
+  resource_group_name = azurerm_resource_group.public.name
 }
 
 resource "azurerm_network_security_rule" "allow_ssh" {
@@ -14,7 +14,7 @@ resource "azurerm_network_security_rule" "allow_ssh" {
   destination_port_range      = "22"
   source_address_prefix       = "*"
   destination_address_prefix  = "*"
-  resource_group_name         = var.resource_group_name
+  resource_group_name         = azurerm_resource_group.public.name
   network_security_group_name = azurerm_network_security_group.public.name
 }
 
@@ -28,7 +28,7 @@ resource "azurerm_network_security_rule" "allow_http" {
   destination_port_range      = "80"
   source_address_prefix       = "*"
   destination_address_prefix  = "*"
-  resource_group_name         = var.resource_group_name
+  resource_group_name         = azurerm_resource_group.public.name
   network_security_group_name = azurerm_network_security_group.public.name
 }
 
@@ -42,7 +42,7 @@ resource "azurerm_network_security_rule" "allow_https" {
   destination_port_range      = "443"
   source_address_prefix       = "*"
   destination_address_prefix  = "*"
-  resource_group_name         = var.resource_group_name
+  resource_group_name         = azurerm_resource_group.public.name
   network_security_group_name = azurerm_network_security_group.public.name
 }
 
@@ -56,7 +56,7 @@ resource "azurerm_network_security_rule" "allow_prom_scrape_port" {
   destination_port_range      = "9100"
   source_address_prefix       = "*"
   destination_address_prefix  = "*"
-  resource_group_name         = var.resource_group_name
+  resource_group_name         = azurerm_resource_group.public.name
   network_security_group_name = azurerm_network_security_group.public.name
 }
 
@@ -70,11 +70,34 @@ resource "azurerm_network_security_rule" "allow_prom_server_dashboard_port" {
   destination_port_range      = "9090"
   source_address_prefix       = "*"
   destination_address_prefix  = "*"
-  resource_group_name         = var.resource_group_name
+  resource_group_name         = azurerm_resource_group.public.name
   network_security_group_name = azurerm_network_security_group.public.name
 }
 
-resource "azurerm_network_interface_security_group_association" "public" {
-  network_interface_id      = azurerm_network_interface.public.id
-  network_security_group_id = azurerm_network_security_group.public.id
+resource "azurerm_network_security_rule" "allow_windows_scrape_port" {
+  name                        = "AllowPromWindowsScrapePort"
+  priority                    = 1050
+  direction                   = "Inbound"
+  access                      = "Allow"
+  protocol                    = "Tcp"
+  source_port_range           = "*"
+  destination_port_range      = "9182"
+  source_address_prefix       = "*"
+  destination_address_prefix  = "*"
+  resource_group_name         = azurerm_resource_group.public.name
+  network_security_group_name = azurerm_network_security_group.public.name
+}
+
+resource "azurerm_network_security_rule" "allow_rdp" {
+  name                        = "AllowRDP"
+  priority                    = 1060
+  direction                   = "Inbound"
+  access                      = "Allow"
+  protocol                    = "Tcp"
+  source_port_range           = "*"
+  destination_port_range      = "3389"
+  source_address_prefix       = "*"
+  destination_address_prefix  = "*"
+  resource_group_name         = azurerm_resource_group.public.name
+  network_security_group_name = azurerm_network_security_group.public.name
 }