diff --git a/modules/prometheus/.tflint.hcl b/modules/prometheus/.tflint.hcl
deleted file mode 100644
index c94d47ad..00000000
--- a/modules/prometheus/.tflint.hcl
+++ /dev/null
@@ -1,3 +0,0 @@
-config {
- varfile = ["example.tfvars"]
-}
diff --git a/modules/prometheus/INOUT.md b/modules/prometheus/INOUT.md
deleted file mode 100644
index 386a3e39..00000000
--- a/modules/prometheus/INOUT.md
+++ /dev/null
@@ -1,62 +0,0 @@
-## Providers
-
-| Name | Version |
-|------|---------|
-| aws | >= 2.42, < 4.0.0 |
-| consul | >= 2.5 |
-| template | >= 2.0 |
-| vault | n/a |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:-----:|
-| additional\_cidr\_blocks | Additional CIDR blocks other than the VPC CIDR block thatn can access the Prometheus server | `list(string)` | `[]` | no |
-| allowed\_ssh\_cidr\_blocks | List of allowed CIDR blocks to allow SSH access | `list(string)` | `[]` | no |
-| ami\_id | AMI ID for Prometheus Server | `any` | n/a | yes |
-| associate\_public\_ip\_address | Associate a public IP address for instance | `bool` | `false` | no |
-| aws\_auth\_enabled | Enable AWS Authentication | `bool` | `false` | no |
-| aws\_auth\_path | Path to the Vault AWS Authentication backend | `string` | `"aws"` | no |
-| aws\_auth\_period\_minutes | Period, in minutes, that the Vault token issued will live for | `string` | `"60"` | no |
-| aws\_auth\_policies | List of Vault policies to assign to the tokens issued by the AWS authentication backend | `list(string)` | `[]` | no |
-| aws\_auth\_vault\_role | Name of the role in the AWS Authentication backend to create | `string` | `"prometheus"` | no |
-| consul\_cluster\_tag\_key | Key that Consul Server Instances are tagged with for discovery | `string` | `"consul-servers"` | no |
-| consul\_cluster\_tag\_value | Value that Consul Server Instances are tagged with for discovery | `string` | `"consul"` | no |
-| consul\_key\_prefix | Path prefix to the key in Consul to set for the `core` module to know that this module has
been applied. If you change this, you have to update the
`integration_consul_prefix` variable in the core module as well. | `string` | `"terraform/"` | no |
-| consul\_security\_group\_id | Security Group ID for Consul servers | `any` | n/a | yes |
-| curator\_age | Age in days to retain indices | `string` | `"90"` | no |
-| curator\_enable | Enable Curator integration for Prometheus | `bool` | `false` | no |
-| curator\_prefix | Elasticsearch prefix for Curator logs | `string` | `"services.prometheus"` | no |
-| data\_device\_name | Path of the EBS device that is mounted | `string` | `"/dev/nvme1n1"` | no |
-| data\_volume\_id | EBS Volume ID for Prometheus Data Storage | `any` | n/a | yes |
-| data\_volume\_mount | Data volume mount device name | `string` | `"/dev/sdf"` | no |
-| instance\_type | Type of instance to deploy | `string` | `"t2.micro"` | no |
-| name | Base name for resources | `string` | `"prometheus"` | no |
-| prometheus\_client\_service | Name of the Prometheus Client services to scrape | `string` | `"prometheus-client"` | no |
-| prometheus\_db\_dir | Path where the data for Prometheus will be stored. This will be where the EBS volume where data is persisted will be mounted. | `string` | `"/mnt/data"` | no |
-| prometheus\_port | Port at which the server will be listening to. | `string` | `"9090"` | no |
-| prometheus\_service | Name of Prometheus server service to register in Consul. | `string` | `"prometheus"` | no |
-| root\_volume\_size | Size of the Prometheus server root volume in GB | `number` | `50` | no |
-| server\_type | Server type for the various types of modules integration | `string` | `"prometheus"` | no |
-| ssh\_key\_name | Name of SSH key to assign to the instance | `any` | n/a | yes |
-| subnet\_id | Subnet ID to deploy the instance to | `any` | n/a | yes |
-| tags | Tags to apply to resources | `map` | {
"Terraform": "true"
}
| no |
-| td\_agent\_enabled | Enable td-agent integration. You will still need to provide the appropriate configuration file for td-agent during the AMI building process. | `bool` | `false` | no |
-| traefik\_enabled | Enable Traefik Integration | `bool` | `false` | no |
-| traefik\_entrypoints | List of entrypoints for Traefik | `list` | [
"internal"
]
| no |
-| traefik\_fqdns | List of FQDNs for Traefik to listen to. You have to create the DNS records separately. | `list(string)` | `[]` | no |
-| vault\_ssh\_enabled | Enable Vault SSH integration | `bool` | `false` | no |
-| vault\_ssh\_max\_ttl | Max TTL for certificate renewal | `number` | `86400` | no |
-| vault\_ssh\_path | Path to mount the SSH secrets engine | `string` | `"ssh_prometheus"` | no |
-| vault\_ssh\_role\_name | Role name for the Vault SSH secrets engine | `string` | `"default"` | no |
-| vault\_ssh\_ttl | TTL for the Vault SSH certificate in seconds | `number` | `300` | no |
-| vault\_ssh\_user | Username to allow SSH access | `string` | `"ubuntu"` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| instance\_id | Instance ID for the server |
-| instance\_private\_ip | Private IP address for the server |
-| security\_group\_id | Security Group ID for the instance |
-
diff --git a/modules/prometheus/README.md b/modules/prometheus/README.md
deleted file mode 100644
index 2563c236..00000000
--- a/modules/prometheus/README.md
+++ /dev/null
@@ -1,107 +0,0 @@
-# Prometheus Server
-
-This module sets up a Prometheus server with tight integrations with the other modules in this
-repository.
-
-## Packer Template
-
-### Instance AMI
-
-You will have to build an AMI with the [Packer template](packer/packer.json) provided.
-See https://github.com/cloudalchemy/ansible-prometheus/blob/3b866fd50d4b13c7ee4d7f45f7308354acbe3036/README.md for build instructions.
-If you are using Mac as the deployer host, you may encounter the following issue: https://github.com/rbenv/ruby-build/issues/1385
-
-```bash
-packer build \
- -var-file "your_vars.json" \
- packer/ami/packer.json
-```
-
-Ansible will be used to provision the AMI.
-
-### Data Volume Snapshot
-
-You will need to use Packer to build a __one off__ data volume to hold your Prometheus data. You
-will then need to provide the EBS volume ID to the Terraform module.
-
-**Make sure you create the volume in the same availability zone as the instance you are going to run.**
-
-```bash
-packer build \
- -var-file "your_vars.json" \
- packer/data/packer.json
-```
-
-## Persistence
-
-By default, Prometheus will be configured to write to `/mnt/data`, which the Terraform module will
-create as a separate EBS volume that will be mounted onto the Prometheus EC2 instance. This will
-ensure that the data from Prometheus is never lost when respawning the EC2 instance.
-
-## Scraping
-
-Prometheus will be configured to scrape targets from
-[Consul](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config).
-
-Prometheus will be configured will scrape from targets in the `prometheus-client` service by default
-on the path `/metrics` by default. The port of the Prometheus client will be the port that is
-reported by the service.
-
-In addition, you can add the following [tags](https://www.consul.io/docs/agent/services.html) in
-the form of `=` to change the behaviour for scraping:
-
-- `prometheus_path`: Change the path for scraping to anything else other than `/metrics`.
-- `prometheus_disable`: Set this to `true` to temporarily stop scraping this target
-
-Up to 5 other keys that are prefixed with `prometheus_tag_` will be added as labels for the target
-with their prefixes removed. To allow for more tags, modify the the
-[Ansible playbook](packer/ami/site.yml) with more relabel actions. This is a limitation of
-Prometheus.
-
-## Important Variables
-
-The following variables, available both in the Packer template and Terraform module unless otherwise
-stated, are the more "important" variables that **must be equal** in both places for Prometheus to
-work properly.
-
-- `prometheus_client_service`: Name of the Prometheus clients to scrape from. Defaults to `prometheus-client`
-- `prometheus_db_dir`: Path where the data for Prometheus will be stored. This will be where the EBS volume where data is persisted will be mounted. Defaults to `/mnt/data`.
-- `prometheus_port`: Port at which the server will be listening to. Defaults to `9090`.
-
-## Integration with other modules
-
-### Traefik
-
-Automatic reverse proxy via Traefik can be enabled with the appropriate variables set.
-
-### AWS Authentication
-
-An AWS authentication role can be automatically created.
-
-### Vault SSH
-
-Access via SSH with Vault can be automatically configured.
-
-### `td-agent`
-
-If you would like to configure `td-agent` to automatically ship logs to your fluentd server, you
-will have to provide a configuration file for `td-agent`.
-
-You can use the recommended default template and variables by setting the following variables for
-the Packer template:
-
-- `td_agent_config_file`: Set this to `../td-agent/config/template/td-agent.conf`
-- `td_agent_config_vars_file`: Set this to `packer/td-agent-vars.yml`.
-
-For example, add the following arguments to `packer build`:
-
-```bash
- --var "td_agent_config_file=$(pwd)/../td-agent/config/template/td-agent.conf" \
- --var "td_agent_config_vars_file=$(pwd)/packer/td-agent-vars.yml"
-```
-
-Refer to the module documentation for more details.
-
-## Inputs and Outputs
-
-Refer to [INOUT.md](INOUT.md)
diff --git a/modules/prometheus/aws_auth.tf b/modules/prometheus/aws_auth.tf
deleted file mode 100644
index 4fb5744c..00000000
--- a/modules/prometheus/aws_auth.tf
+++ /dev/null
@@ -1,20 +0,0 @@
-resource "vault_aws_auth_backend_role" "prometheus" {
- count = var.aws_auth_enabled ? 1 : 0
-
- backend = var.aws_auth_path
- role = var.aws_auth_vault_role
- auth_type = "ec2"
- bound_iam_role_arns = [aws_iam_role.prometheus.arn]
- token_policies = var.aws_auth_policies
- token_period = var.aws_auth_period_minutes
-}
-
-resource "consul_keys" "aws_auth" {
- count = var.aws_auth_enabled ? 1 : 0
-
- key {
- path = "${var.consul_key_prefix}aws-auth/roles/${var.server_type}"
- value = var.aws_auth_vault_role
- delete = true
- }
-}
diff --git a/modules/prometheus/consul.tf b/modules/prometheus/consul.tf
deleted file mode 100644
index 59127d6b..00000000
--- a/modules/prometheus/consul.tf
+++ /dev/null
@@ -1,43 +0,0 @@
-locals {
- consul_prefix = "${var.consul_key_prefix}prometheus/"
-}
-
-resource "consul_keys" "service_name" {
- key {
- path = "${local.consul_prefix}service_name"
- value = var.prometheus_service
- delete = true
- }
-}
-
-resource "consul_keys" "client_service" {
- key {
- path = "${local.consul_prefix}client_service"
- value = var.prometheus_client_service
- delete = true
- }
-}
-
-resource "consul_keys" "db_dir" {
- key {
- path = "${local.consul_prefix}db_dir"
- value = var.prometheus_db_dir
- delete = true
- }
-}
-
-resource "consul_keys" "port" {
- key {
- path = "${local.consul_prefix}port"
- value = var.prometheus_port
- delete = true
- }
-}
-
-resource "consul_keys" "data_device_name" {
- key {
- path = "${local.consul_prefix}data_device_name"
- value = var.data_device_name
- delete = true
- }
-}
diff --git a/modules/prometheus/curator.tf b/modules/prometheus/curator.tf
deleted file mode 100644
index f473d512..00000000
--- a/modules/prometheus/curator.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-module "curator" {
- source = "../curator/action"
-
- key = "prometheus"
- disable = var.curator_enable ? "false" : "true"
- age = var.curator_age
- prefix = var.curator_prefix
- consul_key_prefix = var.consul_key_prefix
-}
diff --git a/modules/prometheus/example.tfvars b/modules/prometheus/example.tfvars
deleted file mode 100644
index 2e15094b..00000000
--- a/modules/prometheus/example.tfvars
+++ /dev/null
@@ -1,5 +0,0 @@
-ami_id = "xxx"
-ssh_key_name = "xxx"
-subnet_id = "xxx"
-consul_security_group_id = "xxx"
-data_volume_id = "xxx"
diff --git a/modules/prometheus/files/user_data.sh b/modules/prometheus/files/user_data.sh
deleted file mode 100644
index b26c860b..00000000
--- a/modules/prometheus/files/user_data.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-# Avoid Terraform template by either using double dollar signs, or not using curly braces
-readonly service_type="${service_type}"
-readonly marker_path="/etc/user-data-marker"
-
-# Send the log output from this script to user-data.log, syslog, and the console
-# From: https://alestic.com/2010/12/ec2-user-data-output/
-exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
-
-# These variables are passed in via Terraform template interplation
-/opt/consul/bin/run-consul \
- --client \
- --cluster-tag-key "${cluster_tag_key}" \
- --cluster-tag-value "${cluster_tag_value}"
-
-# Post startup Configuration
-/opt/consul/bin/post-configure \
- --client \
- --initialisation-marker-path "$marker_path" \
- --consul-prefix "${consul_prefix}"
-
-# Configure and run consul-template
-/opt/consul-template/bin/run-consul-template \
- --server-type "$service_type" \
- --dedup-enable \
- --syslog-enable \
- --consul-prefix "${consul_prefix}"
-
-# Configure Consul for Prometheus Service registration
-/opt/prometheus --server-type "$service_type" \
- --consul-prefix "${consul_prefix}"
-
-/opt/vault-ssh \
- --consul-prefix "${consul_prefix}" \
- --type "$service_type"
-
-/opt/run-td-agent \
- --consul-prefix "${consul_prefix}" \
- --type "$service_type"
-
-/opt/run-telegraf \
- --consul-prefix "${consul_prefix}" \
- --type "$service_type"
-
-# Touch the marker file to indicate completion
-touch "$marker_path"
diff --git a/modules/prometheus/main.tf b/modules/prometheus/main.tf
deleted file mode 100644
index 1cd3b772..00000000
--- a/modules/prometheus/main.tf
+++ /dev/null
@@ -1,135 +0,0 @@
-data "aws_subnet" "selected" {
- id = var.subnet_id
-}
-
-data "aws_vpc" "selected" {
- id = data.aws_subnet.selected.vpc_id
-}
-
-resource "aws_instance" "prometheus" {
- ami = var.ami_id
- instance_type = var.instance_type
- key_name = var.ssh_key_name
- subnet_id = var.subnet_id
-
- user_data = data.template_file.user_data.rendered
-
- associate_public_ip_address = var.associate_public_ip_address
- vpc_security_group_ids = [aws_security_group.prometheus.id]
- iam_instance_profile = aws_iam_instance_profile.prometheus.name
- tags = merge(var.tags, { Name = var.name })
- volume_tags = merge(var.tags, { Name = var.name })
-
- root_block_device {
- volume_type = "gp2"
- volume_size = var.root_volume_size
- }
-}
-
-resource "aws_volume_attachment" "data" {
- device_name = var.data_volume_mount
- volume_id = var.data_volume_id
- instance_id = aws_instance.prometheus.id
-
- skip_destroy = true
-}
-
-data "template_file" "user_data" {
- template = file("${path.module}/files/user_data.sh")
-
- vars = {
- service_type = var.server_type
-
- cluster_tag_key = var.consul_cluster_tag_key
- cluster_tag_value = var.consul_cluster_tag_value
- consul_prefix = var.consul_key_prefix
- }
-}
-
-resource "aws_iam_instance_profile" "prometheus" {
- name = var.name
- role = aws_iam_role.prometheus.name
-}
-
-resource "aws_iam_role" "prometheus" {
- name = var.name
- assume_role_policy = data.aws_iam_policy_document.assume_role.json
- description = "IAM Role for Prometheus server"
-}
-
-data "aws_iam_policy_document" "assume_role" {
- statement {
- effect = "Allow"
- actions = ["sts:AssumeRole"]
-
- principals {
- type = "Service"
- identifiers = ["ec2.amazonaws.com"]
- }
- }
-}
-
-# ---------------------------------------------------------------------------------------------------------------------
-# ATTACH IAM POLICIES FOR CONSUL
-# To allow our client Nodes to automatically discover the Consul servers, we need to give them the IAM permissions from
-# the Consul AWS Module's consul-iam-policies module.
-# ---------------------------------------------------------------------------------------------------------------------
-module "consul_iam_policies_clients" {
- source = "github.com/hashicorp/terraform-aws-consul//modules/consul-iam-policies?ref=v0.8.3"
-
- iam_role_id = aws_iam_role.prometheus.id
-}
-
-resource "aws_security_group" "prometheus" {
- name = var.name
- description = "Security group for Prometheus server"
- vpc_id = data.aws_subnet.selected.vpc_id
-
- tags = merge(var.tags, { Name = var.name })
-}
-
-resource "aws_security_group_rule" "ssh_ingress" {
- type = "ingress"
- from_port = 22
- to_port = 22
- protocol = "tcp"
- cidr_blocks = var.allowed_ssh_cidr_blocks
- description = "SSH access to Prometheus server"
-
- security_group_id = aws_security_group.prometheus.id
-}
-
-resource "aws_security_group_rule" "prometheus" {
- type = "ingress"
- from_port = var.prometheus_port
- to_port = var.prometheus_port
- protocol = "tcp"
- cidr_blocks = concat(var.additional_cidr_blocks, [data.aws_vpc.selected.cidr_block])
- description = "Access to Prometheus server"
-
- security_group_id = aws_security_group.prometheus.id
-}
-
-resource "aws_security_group_rule" "egress" {
- type = "egress"
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_blocks = ["0.0.0.0/0"]
-
- security_group_id = aws_security_group.prometheus.id
-}
-
-# ---------------------------------------------------------------------------------------------------------------------
-# PERMIT CONSUL SPECIFIC TRAFFIC
-# To allow the instance to communicate with other consul agents and participate in the LAN gossip,
-# we open up the consul specific protocols and ports for consul traffic
-# ---------------------------------------------------------------------------------------------------------------------
-
-module "consul_gossip" {
- source = "github.com/hashicorp/terraform-aws-consul//modules/consul-client-security-group-rules?ref=v0.8.3"
-
- security_group_id = aws_security_group.prometheus.id
- allowed_inbound_cidr_blocks = [data.aws_vpc.selected.cidr_block]
- allowed_inbound_security_group_ids = [var.consul_security_group_id]
-}
diff --git a/modules/prometheus/outputs.tf b/modules/prometheus/outputs.tf
deleted file mode 100644
index b669dc39..00000000
--- a/modules/prometheus/outputs.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-output "instance_id" {
- description = "Instance ID for the server"
- value = aws_instance.prometheus.id
-}
-
-output "instance_private_ip" {
- description = "Private IP address for the server"
- value = aws_instance.prometheus.private_ip
-}
-
-output "security_group_id" {
- description = "Security Group ID for the instance"
- value = aws_security_group.prometheus.id
-}
diff --git a/modules/prometheus/packer/ami/configure.sh b/modules/prometheus/packer/ami/configure.sh
deleted file mode 100644
index 16cf388f..00000000
--- a/modules/prometheus/packer/ami/configure.sh
+++ /dev/null
@@ -1,252 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-readonly SCRIPT_NAME="$(basename "$0")"
-
-readonly MAX_RETRIES=30
-readonly SLEEP_BETWEEN_RETRIES_SEC=10
-
-function print_usage {
- echo
- echo "Usage: prometheus [OPTIONS]"
- echo
- echo "This script is used to configure a Prometheus instance."
- echo
- echo "Options:"
- echo
- echo -e " --server-type\t\tType of server for integrations with other modules. Optional. Defaults to 'prometheus'."
- echo -e " --consul-config\t\tConsul configuration directory. Optional. Defaults to '/opt/consul/config'."
- echo -e " --consul-prefix\t\tPath prefix in Consul KV store to query for integration status. Optional. Defaults to terraform/"
-}
-
-function log {
- local readonly level="$1"
- local readonly message="$2"
- local readonly timestamp=$(date +"%Y-%m-%d %H:%M:%S")
- >&2 echo -e "${timestamp} [${level}] [$SCRIPT_NAME] ${message}"
-}
-
-function log_info {
- local readonly message="$1"
- log "INFO" "${message}"
-}
-
-function log_warn {
- local readonly message="$1"
- log "WARN" "${message}"
-}
-
-function log_error {
- local readonly message="$1"
- log "ERROR" "${message}"
-}
-
-function assert_not_empty {
- local readonly arg_name="$1"
- local readonly arg_value="$2"
-
- if [[ -z "${arg_value}" ]]; then
- log_error "The value for '${arg_name}' cannot be empty"
- print_usage
- exit 1
- fi
-}
-
-function assert_is_installed {
- local readonly name="$1"
-
- if [[ ! $(command -v ${name}) ]]; then
- log_error "The binary '${name}' is required by this script but is not installed or in the system's PATH."
- exit 1
- fi
-}
-
-# Based on: http://unix.stackexchange.com/a/7732/215969
-function get_owner_of_path {
- local readonly path="$1"
- ls -ld "$path" | awk '{print $3}'
-}
-
-function wait_for_consul {
- local consul_leader
-
- for (( i=1; i<="$MAX_RETRIES"; i++ )); do
- consul_leader=$(
- curl -sS http://localhost:8500/v1/status/leader 2> /dev/null || echo "failed"
- )
-
- if [[ "${consul_leader}" = "failed" ]]; then
- log_warn "Failed to find Consul cluster leader. Will sleep for $SLEEP_BETWEEN_RETRIES_SEC seconds and try again."
- sleep "$SLEEP_BETWEEN_RETRIES_SEC"
- else
- log_info "Found Consul leader at ${consul_leader}"
- return
- fi
- done
-
- log_error "Failed to detect Consul agent after $MAX_RETRIES retries. Did you start a Consul agent before running the script?"
- exit 1
-}
-
-
-function consul_kv {
- local readonly path="${1}"
- local value
- value=$(consul kv get "${path}") || exit $?
- log_info "Consul KV Path ${path} = ${value}"
- echo -n "${value}"
-}
-
-function consul_kv_with_default {
- local readonly path="${1}"
- local readonly default="${2}"
- local value
- value=$(consul kv get "${path}" || echo -n "${default}") || exit $?
- log_info "Consul KV Path ${path} = ${value}"
- echo -n "${value}"
-}
-
-# Based on: http://unix.stackexchange.com/a/7732/215969
-function get_owner_of_path {
- local readonly path="$1"
- ls -ld "$path" | awk '{print $3}'
-}
-
-function generate_consul_config {
- local readonly consul_prefix="${1}"
- local readonly consul_config="${2}"
-
- local readonly consul_destination="${consul_config}/prometheus.hcl"
-
- local readonly prometheus_service=$(consul_kv "${consul_prefix}prometheus/service_name")
- local readonly prometheus_port=$(consul_kv "${consul_prefix}prometheus/port")
-
- local readonly traefik_enabled=$(consul_kv_with_default "${consul_prefix}prometheus/traefik/enabled" "no")
-
- local traefik_tags=""
-
- if [[ "$traefik_enabled" == "yes" ]]; then
- local readonly traefik_fqdns=$(consul_kv "${consul_prefix}prometheus/traefik/fqdns")
- local readonly traefik_entrypoints=$(consul_kv "${consul_prefix}prometheus/traefik/entrypoints")
-
- traefik_tags=$(cat < "${consul_destination}"
- local readonly consul_owner=$(get_owner_of_path "${consul_config}")
- chown "${consul_owner}:${consul_owner}" "${consul_destination}"
-
- systemctl kill -s SIGHUP consul
-}
-
-function mount_ebs {
- local readonly data_device_name="${1}"
- local readonly db_dir="${2}"
-
- until ls "${data_device_name}"; do
- log_info "Waiting for data device ${data_device_name} to be mounted"
- sleep 5
- done
-
- log_info "Mounting data volume"
- mkdir -p "${db_dir}"
- mount "${data_device_name}" "${db_dir}"
-
- local readonly uuid="$(blkid -s UUID -o value "${data_device_name}")"
- echo "" >> /etc/fstab
- echo "UUID=${uuid} ${db_dir} ext4 defaults,nofail" >> /etc/fstab
- # Safety Check
- mount -a
-
- chown -R prometheus:prometheus "${db_dir}"
-}
-function main {
- local consul_config="/opt/consul/config"
- local server_type="prometheus"
- local consul_prefix="terraform/"
- local all_args=()
-
- while [[ $# > 0 ]]; do
- local key="$1"
-
- case "$key" in
- --consul-config)
- assert_not_empty "$key" "$2"
- consul_config="$2"
- shift
- ;;
- --server-type)
- assert_not_empty "$key" "$2"
- server_type="$2"
- shift
- ;;
- --consul-prefix)
- assert_not_empty "$key" "$2"
- consul_prefix="$2"
- shift
- ;;
- --help)
- print_usage
- exit
- ;;
- *)
- log_error "Unrecognized argument: $key"
- print_usage
- exit 1
- ;;
- esac
-
- shift
- done
-
- assert_is_installed "curl"
- assert_is_installed "consul"
-
- wait_for_consul
-
- generate_consul_config "${consul_prefix}" "${consul_config}"
-
- local readonly data_device_name=$(consul_kv "${consul_prefix}prometheus/data_device_name")
- local readonly db_dir=$(consul_kv "${consul_prefix}prometheus/db_dir")
- mount_ebs "$data_device_name" "$db_dir"
-
- systemctl enable prometheus
- systemctl start prometheus
-}
-
-main "$@"
diff --git a/modules/prometheus/packer/ami/packer.json b/modules/prometheus/packer/ami/packer.json
deleted file mode 100644
index 253051c9..00000000
--- a/modules/prometheus/packer/ami/packer.json
+++ /dev/null
@@ -1,117 +0,0 @@
-{
- "min_packer_version": "1.1.2",
- "variables": {
- "additional_ntp_servers": "[\"169.254.169.123\"]",
- "ami_base_name": "prometheus",
- "aws_region": "ap-southeast-1",
- "subnet_id": "",
- "temporary_security_group_source_cidrs": "0.0.0.0/0",
- "associate_public_ip_address": "true",
- "ssh_interface": "",
- "consul_module_repo": "https://github.com/hashicorp/terraform-aws-consul.git",
- "consul_module_version": "v0.3.5",
- "consul_version": "1.4.0",
- "consul_enable_syslog": "true",
- "td_agent_config_file": "",
- "td_agent_config_vars_file": "",
- "td_agent_config_app_vars_file": "",
- "ca_certificate": "",
- "consul_host": "",
- "consul_port": "443",
- "consul_scheme": "https",
- "consul_token": "",
- "consul_integration_prefix": "terraform/",
- "timezone": "Asia/Singapore",
- "prometheus_version": "2.22.0",
- "prometheus_db_dir": "/mnt/data",
- "prometheus_storage_retention": "90d",
- "prometheus_client_service": "prometheus-client",
- "prometheus_consul_job_name": "consul",
- "prometheus_port": "9090"
- },
- "builders": [
- {
- "name": "ubuntu-1604-prometheus-ami",
- "ami_name": "{{ user `ami_base_name` }}-{{isotime | clean_resource_name}}",
- "ami_description": "An Ubuntu 16.04 AMI that has Prometheus installed.",
- "instance_type": "t3.micro",
- "region": "{{user `aws_region`}}",
- "type": "amazon-ebs",
- "subnet_id": "{{user `subnet_id`}}",
- "associate_public_ip_address": "{{user `associate_public_ip_address`}}",
- "ssh_interface": "{{user `ssh_interface`}}",
- "temporary_security_group_source_cidrs": "{{user `temporary_security_group_source_cidrs`}}",
- "source_ami_filter": {
- "filters": {
- "virtualization-type": "hvm",
- "architecture": "x86_64",
- "name": "*ubuntu-xenial-16.04-amd64-server-*",
- "block-device-mapping.volume-type": "gp2",
- "root-device-type": "ebs"
- },
- "owners": [
- "099720109477"
- ],
- "most_recent": true
- },
- "ssh_username": "ubuntu",
- "run_tags": {
- "Name": "{{user `ami_base_name` }}-{{isotime | clean_resource_name}}",
- "Base Name": "{{user `ami_base_name` }}",
- "Timestamp": "{{isotime \"2006-01-02 03:04:05\"}}",
- "Packer": "yes",
- "Consul Version": "{{user `consul_version` }}",
- "Prometheus Version": "{{user `prometheus_version` }}"
- },
- "tags": {
- "Name": "{{user `ami_base_name` }}-{{isotime | clean_resource_name}}",
- "Base Name": "{{user `ami_base_name` }}",
- "Timestamp": "{{isotime \"2006-01-02 03:04:05\"}}",
- "Packer": "yes",
- "Consul Version": "{{user `consul_version` }}",
- "Prometheus Version": "{{user `prometheus_version` }}"
- },
- "snapshot_tags": {
- "Name": "{{user `ami_base_name` }}-{{isotime | clean_resource_name}}",
- "Base Name": "{{user `ami_base_name` }}",
- "Timestamp": "{{isotime \"2006-01-02 03:04:05\"}}",
- "Packer": "yes",
- "Consul Version": "{{user `consul_version` }}",
- "Prometheus Version": "{{user `prometheus_version` }}"
- }
- }
- ],
- "provisioners": [
- {
- "type": "shell",
- "inline": [
- "timeout 60s bash -c \"while ! [ -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting on cloud-init...'; sleep 2; done\""
- ]
- },
- {
- "type": "ansible",
- "playbook_file": "{{ template_dir }}/site.yml",
- "user": "ubuntu",
- "extra_arguments": [
- "-e",
- "{ \"additional_ntp_servers\": {{user `additional_ntp_servers`}} }",
- "-e",
- "consul_module_version={{user `consul_module_version`}} consul_version={{user `consul_version`}} consul_module_repo={{user `consul_module_repo`}}",
- "-e",
- "{ \"consul_enable_syslog\": {{user `consul_enable_syslog`}} }",
- "-e",
- "td_agent_config_file={{user `td_agent_config_file`}} td_agent_config_vars_file={{user `td_agent_config_vars_file`}} td_agent_config_app_vars_file={{user `td_agent_config_app_vars_file`}}",
- "-e",
- "ca_certificate={{user `ca_certificate`}}",
- "-e",
- "consul_host={{user `consul_host`}} consul_port={{user `consul_port`}} consul_scheme={{user `consul_scheme`}} consul_token={{user `consul_token`}} consul_integration_prefix={{user `consul_integration_prefix`}}",
- "-e",
- "prometheus_version={{user `prometheus_version`}} prometheus_db_dir={{user `prometheus_db_dir`}} prometheus_storage_retention={{user `prometheus_storage_retention`}} prometheus_client_service={{user `prometheus_client_service`}} prometheus_consul_job_name={{user `prometheus_consul_job_name`}} prometheus_port={{user `prometheus_port`}}",
- "-e",
- "timezone={{user `timezone`}}",
- "-e",
- "ansible_python_interpreter=\"$(command -v python3)\""
- ]
- }
- ]
-}
diff --git a/modules/prometheus/packer/ami/site.yml b/modules/prometheus/packer/ami/site.yml
deleted file mode 100644
index bc7ac911..00000000
--- a/modules/prometheus/packer/ami/site.yml
+++ /dev/null
@@ -1,143 +0,0 @@
----
-- name: Provision Prometheus AMI
- hosts: all
- vars:
- additional_ntp_servers: ["169.254.169.123"]
- consul_module_repo: "https://github.com/hashicorp/terraform-aws-consul.git"
- consul_module_version: "v0.3.5"
- consul_version: "1.4.0"
- consul_enable_syslog: true
- td_agent_config_file: ""
- td_agent_config_vars_file: ""
- td_agent_config_app_vars_file: ""
- td_agent_config_dest_file: "/etc/td-agent/td-agent.conf"
- ca_certificate: ""
- consul_host: ""
- consul_port: 443
- consul_scheme: https
- consul_token: ""
- consul_integration_prefix: "terraform/"
- timezone: "Asia/Singapore"
- prometheus_version: "2.4.3"
- prometheus_db_dir: "/mnt/data"
- prometheus_storage_retention: "90d"
- prometheus_client_service: "prometheus-client"
- prometheus_consul_job_name: "consul"
- prometheus_port: 9090
- tasks:
- - name: Upgrade all packages to the latest version
- apt:
- upgrade: yes
- update_cache: yes
- become: yes
- - name: Install CA Certificate
- include_tasks: "{{ playbook_dir }}/../../../../tasks/include_role_checked.yml"
- vars:
- role: "{{ playbook_dir }}/../../../../roles/ansible-ca-store"
- certificate: "{{ ca_certificate }}"
- certificate_rename: "ca.crt"
- become: yes
- - name: Install Vault PKI CA Certificate
- include_role:
- name: "{{ playbook_dir }}/../../../../roles/vault-pki"
- - name: Install chrony
- include_role:
- name: "{{ playbook_dir }}/../../../../roles/chrony"
- - name: Install td-agent
- include_role:
- name: "{{ playbook_dir }}/../../../../roles/td-agent"
- vars:
- config_file: "{{ td_agent_config_file }}"
- config_vars_file: "{{ td_agent_config_vars_file }}"
- config_app_vars_file: "{{ td_agent_config_app_vars_file }}"
- config_dest_file: "{{ td_agent_config_dest_file }}"
- - name: Install Telegraf
- include_role:
- name: "{{ playbook_dir }}/../../../../roles/telegraf"
- - name: Install Consul
- include_role:
- name: "{{ playbook_dir }}/../../../../roles/consul"
- - name: Install Consul-Template
- include_role:
- name: "{{ playbook_dir }}/../../../../roles/install-consul-template"
- - name: Install Vault SSH Configuration Script
- include_role:
- name: "{{ playbook_dir }}/../../../../roles/install-ssh-script"
- - name: Set default timezone
- include_role:
- name: "{{ playbook_dir }}/../../../../roles/timezone"
-
- - name: Install Prometheus
- include_tasks: "{{ playbook_dir }}/../../../../tasks/include_role_checked.yml"
- vars:
- role: "{{ playbook_dir }}/../../../../roles/prometheus"
- prometheus_web_listen_address: "0.0.0.0:{{ prometheus_port }}"
- prometheus_scrape_configs:
- - job_name: "{{ prometheus_consul_job_name }}"
- consul_sd_configs:
- - server: "localhost:8500"
- services:
- - "{{ prometheus_client_service }}"
- allow_stale: false
- relabel_configs:
- # From https://groups.google.com/forum/#!topic/prometheus-users/Jn6RdehOX0Q
- - source_labels: ["__meta_consul_tags"]
- action: replace
- regex: .*,prometheus_path=([^,]+),.*
- replacement: '${1}'
- target_label: __metrics_path__
- - source_labels: ["__meta_consul_tags"]
- regex: .*,prometheus_disable=true,.*
- action: drop
- # Convert all the `prometheus_tag_xxx` tags to additional tags for the target
- # Due to how the regex works, we have to have as many actions as the number of potential
- # tags
- # See https://www.robustperception.io/extracting-full-labels-from-consul-tags
- - source_labels: ["__meta_consul_tags"]
- action: replace
- regex: ',(?:[^,]+,){0}prometheus_tag_([^=]+)=([^,]+),.*'
- replacement: '${2}'
- target_label: '${1}'
- - source_labels: ["__meta_consul_tags"]
- action: replace
- regex: ',(?:[^,]+,){1}prometheus_tag_([^=]+)=([^,]+),.*'
- replacement: '${2}'
- target_label: '${1}'
- - source_labels: ["__meta_consul_tags"]
- action: replace
- regex: ',(?:[^,]+,){2}prometheus_tag_([^=]+)=([^,]+),.*'
- replacement: '${2}'
- target_label: '${1}'
- - source_labels: ["__meta_consul_tags"]
- action: replace
- regex: ',(?:[^,]+,){3}prometheus_tag_([^=]+)=([^,]+),.*'
- replacement: '${2}'
- target_label: '${1}'
- - source_labels: ["__meta_consul_tags"]
- action: replace
- regex: ',(?:[^,]+,){4}prometheus_tag_([^=]+)=([^,]+),.*'
- replacement: '${2}'
- target_label: '${1}'
-
- - name: Stop Prometheus Service for the rest of the build
- systemd:
- name: prometheus
- state: stopped
- enabled: false
- become: yes
- - name: Make Prometheus Data Mount directory
- file:
- state: "{{ item }}"
- path: "{{ prometheus_db_dir }}"
- owner: "prometheus"
- group: "prometheus"
- become: yes
- loop:
- - absent
- - directory
- - name: Install Prometheus Script
- copy:
- src: "{{ playbook_dir }}/configure.sh"
- dest: /opt/prometheus
- mode: 0755
- become: yes
diff --git a/modules/prometheus/packer/ami/td-agent-vars.yml b/modules/prometheus/packer/ami/td-agent-vars.yml
deleted file mode 100644
index f110c15a..00000000
--- a/modules/prometheus/packer/ami/td-agent-vars.yml
+++ /dev/null
@@ -1,32 +0,0 @@
----
-consul:
- tag: consul
- identifier: consul
- position_file: /etc/td-agent/positions/consul.pos
-consul_template:
- tag: consul-template
- identifier: consul-template
- position_file: /etc/td-agent/positions/consul-template.pos
-
-additionals:
- - tag: cron
- identifier: cron
- position_file: /etc/td-agent/positions/cron.pos
- - tag: td-agent
- identifier: td-agent
- position_file: /etc/td-agent/positions/td-agent.pos
- - tag: telegraf
- identifier: telegraf
- position_file: /etc/td-agent/positions/telegraf.pos
- - tag: sshd
- identifier: sshd
- position_file: /etc/td-agent/positions/sshd.pos
- - tag: sudo
- identifier: sudo
- position_file: /etc/td-agent/positions/sudo.pos
- - tag: prometheus
- prefix: services
- identifier: prometheus
- position_file: /etc/td-agent/positions/prometheus.pos
-
-user_data_path: /var/log/user-data.log
diff --git a/modules/prometheus/packer/data/packer.json b/modules/prometheus/packer/data/packer.json
deleted file mode 100644
index eded4e79..00000000
--- a/modules/prometheus/packer/data/packer.json
+++ /dev/null
@@ -1,63 +0,0 @@
-{
- "description": "Create and format an EBS volume for Prometheus data",
- "min_packer_version": "1.3.4",
- "variables": {
- "volume_name": "prometheus-server-data",
- "aws_region": "ap-southeast-1",
- "subnet_id": "",
- "temporary_security_group_source_cidrs": "0.0.0.0/0",
- "associate_public_ip_address": "true",
- "ssh_interface": "",
- "data_volume_size": "400"
- },
- "builders": [
- {
- "name": "prometheus-data",
- "instance_type": "t3.micro",
- "region": "{{user `aws_region`}}",
- "type": "amazon-ebsvolume",
- "subnet_id": "{{user `subnet_id`}}",
- "associate_public_ip_address": "{{user `associate_public_ip_address`}}",
- "ssh_interface": "{{user `ssh_interface`}}",
- "temporary_security_group_source_cidrs": "{{user `temporary_security_group_source_cidrs`}}",
- "source_ami_filter": {
- "filters": {
- "virtualization-type": "hvm",
- "architecture": "x86_64",
- "name": "*ubuntu-xenial-16.04-amd64-server-*",
- "block-device-mapping.volume-type": "gp2",
- "root-device-type": "ebs"
- },
- "owners": [
- "099720109477"
- ],
- "most_recent": true
- },
- "ssh_username": "ubuntu",
- "ebs_volumes": [
- {
- "volume_type": "gp2",
- "device_name": "/dev/sdf",
- "delete_on_termination": false,
- "volume_size": "{{user `data_volume_size`}}",
- "tags": {
- "Name": "{{user `volume_name`}}",
- "Timestamp": "{{isotime \"2006-01-02 03:04:05\"}}"
- }
- }
- ],
- "run_tags": {
- "Name": "{{user `volume_name` }}",
- "Timestamp": "{{isotime \"2006-01-02 03:04:05\"}}"
- }
- }
- ],
- "provisioners": [
- {
- "type": "shell",
- "inline": [
- "sudo mkfs -t ext4 /dev/nvme1n1"
- ]
- }
- ]
-}
diff --git a/modules/prometheus/td_agent.tf b/modules/prometheus/td_agent.tf
deleted file mode 100644
index 7485fed9..00000000
--- a/modules/prometheus/td_agent.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-resource "consul_keys" "td_agent" {
- count = var.td_agent_enabled ? 1 : 0
-
- key {
- path = "${var.consul_key_prefix}td-agent/${var.server_type}/enabled"
- value = "yes"
- delete = true
- }
-}
diff --git a/modules/prometheus/traefik.tf b/modules/prometheus/traefik.tf
deleted file mode 100644
index 870a0a42..00000000
--- a/modules/prometheus/traefik.tf
+++ /dev/null
@@ -1,30 +0,0 @@
-# Traefik Integration
-resource "consul_keys" "traefik_enabled" {
- count = var.traefik_enabled ? 1 : 0
-
- key {
- path = "${local.consul_prefix}traefik/enabled"
- value = "yes"
- delete = true
- }
-}
-
-resource "consul_keys" "traefik_fqdns" {
- count = var.traefik_enabled ? 1 : 0
-
- key {
- path = "${local.consul_prefix}traefik/fqdns"
- value = join(",", var.traefik_fqdns)
- delete = true
- }
-}
-
-resource "consul_keys" "traefik_entrypoints" {
- count = var.traefik_enabled ? 1 : 0
-
- key {
- path = "${local.consul_prefix}traefik/entrypoints"
- value = join(",", var.traefik_entrypoints)
- delete = true
- }
-}
diff --git a/modules/prometheus/variables.tf b/modules/prometheus/variables.tf
deleted file mode 100644
index baca0bd3..00000000
--- a/modules/prometheus/variables.tf
+++ /dev/null
@@ -1,229 +0,0 @@
-variable "ami_id" {
- description = "AMI ID for Prometheus Server"
-}
-
-variable "ssh_key_name" {
- description = "Name of SSH key to assign to the instance"
-}
-
-variable "subnet_id" {
- description = "Subnet ID to deploy the instance to"
-}
-
-variable "consul_security_group_id" {
- description = "Security Group ID for Consul servers"
-}
-
-variable "data_volume_id" {
- description = "EBS Volume ID for Prometheus Data Storage"
-}
-
-variable "name" {
- description = "Base name for resources"
- default = "prometheus"
-}
-
-variable "associate_public_ip_address" {
- description = "Associate a public IP address for instance"
- default = false
-}
-
-variable "instance_type" {
- description = "Type of instance to deploy"
- default = "t2.micro"
-}
-
-variable "prometheus_service" {
- description = "Name of Prometheus server service to register in Consul."
- default = "prometheus"
-}
-
-variable "prometheus_client_service" {
- description = "Name of the Prometheus Client services to scrape"
- default = "prometheus-client"
-}
-
-variable "prometheus_db_dir" {
- description = "Path where the data for Prometheus will be stored. This will be where the EBS volume where data is persisted will be mounted."
- default = "/mnt/data"
-}
-
-variable "prometheus_port" {
- description = "Port at which the server will be listening to."
- default = "9090"
-}
-
-variable "data_device_name" {
- description = "Path of the EBS device that is mounted"
- default = "/dev/nvme1n1"
-}
-
-variable "allowed_ssh_cidr_blocks" {
- description = "List of allowed CIDR blocks to allow SSH access"
- type = list(string)
- default = []
-}
-
-variable "additional_cidr_blocks" {
- description = "Additional CIDR blocks other than the VPC CIDR block thatn can access the Prometheus server"
- type = list(string)
- default = []
-}
-
-variable "tags" {
- description = "Tags to apply to resources"
-
- default = {
- Terraform = "true"
- }
-}
-
-variable "root_volume_size" {
- description = "Size of the Prometheus server root volume in GB"
- default = 50
-}
-
-variable "consul_cluster_tag_key" {
- description = "Key that Consul Server Instances are tagged with for discovery"
- default = "consul-servers"
-}
-
-variable "consul_cluster_tag_value" {
- description = "Value that Consul Server Instances are tagged with for discovery"
- default = "consul"
-}
-
-variable "data_volume_mount" {
- description = "Data volume mount device name"
- default = "/dev/sdf"
-}
-
-# --------------------------------------------------------------------------------------------------
-# Traefik Integration
-# --------------------------------------------------------------------------------------------------
-
-variable "traefik_enabled" {
- description = "Enable Traefik Integration"
- default = false
-}
-
-variable "traefik_entrypoints" {
- description = "List of entrypoints for Traefik"
-
- # Default "internal" entrypoint
- default = ["internal"]
-}
-
-variable "traefik_fqdns" {
- description = "List of FQDNs for Traefik to listen to. You have to create the DNS records separately."
- type = list(string)
- default = []
-}
-
-# --------------------------------------------------------------------------------------------------
-# AWS Auth Integration
-# --------------------------------------------------------------------------------------------------
-variable "aws_auth_enabled" {
- description = "Enable AWS Authentication"
- default = false
-}
-
-variable "aws_auth_path" {
- description = "Path to the Vault AWS Authentication backend"
- default = "aws"
-}
-
-variable "aws_auth_vault_role" {
- description = "Name of the role in the AWS Authentication backend to create"
- default = "prometheus"
-}
-
-variable "aws_auth_policies" {
- description = "List of Vault policies to assign to the tokens issued by the AWS authentication backend"
- type = list(string)
- default = []
-}
-
-variable "aws_auth_period_minutes" {
- description = "Period, in minutes, that the Vault token issued will live for"
- default = "60"
-}
-
-# --------------------------------------------------------------------------------------------------
-# Vault SSH Integration
-# --------------------------------------------------------------------------------------------------
-
-variable "vault_ssh_enabled" {
- description = "Enable Vault SSH integration"
- default = false
-}
-
-variable "vault_ssh_path" {
- description = "Path to mount the SSH secrets engine"
- default = "ssh_prometheus"
-}
-
-variable "vault_ssh_role_name" {
- description = "Role name for the Vault SSH secrets engine"
- default = "default"
-}
-
-variable "vault_ssh_user" {
- description = "Username to allow SSH access"
- default = "ubuntu"
-}
-
-variable "vault_ssh_ttl" {
- description = "TTL for the Vault SSH certificate in seconds"
- default = 300
-}
-
-variable "vault_ssh_max_ttl" {
- description = "Max TTL for certificate renewal"
- default = 86400
-}
-
-# --------------------------------------------------------------------------------------------------
-# td-agent Integration
-# --------------------------------------------------------------------------------------------------
-
-variable "td_agent_enabled" {
- description = "Enable td-agent integration. You will still need to provide the appropriate configuration file for td-agent during the AMI building process."
- default = false
-}
-
-# --------------------------------------------------------------------------------------------------
-# Curator Integration
-# --------------------------------------------------------------------------------------------------
-variable "curator_enable" {
- description = "Enable Curator integration for Prometheus"
- default = false
-}
-
-variable "curator_age" {
- description = "Age in days to retain indices"
- default = "90"
-}
-
-variable "curator_prefix" {
- description = "Elasticsearch prefix for Curator logs"
- default = "services.prometheus"
-}
-
-# --------------------------------------------------------------------------------------------------
-# CORE INTEGRATION SETTINGS
-# --------------------------------------------------------------------------------------------------
-variable "consul_key_prefix" {
- description = <