├── .gitmodules ├── NOTICE ├── .gitignore ├── ansible ├── ansible.cfg ├── template │ ├── group_vars │ │ └── skywalking_oap.yaml.tftpl │ └── inventory.yaml.tftpl ├── roles │ ├── skywalking │ │ ├── templates │ │ │ ├── skywalking-ui.service.j2 │ │ │ ├── skywalking-oap.service.j2 │ │ │ ├── skywalking-ui.env.j2 │ │ │ └── skywalking-oap.env.j2 │ │ ├── vars │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ └── install-java │ │ └── tasks │ │ └── main.yml ├── skywalking.yml └── README.md ├── aws ├── alb-output.tf ├── aws-main.tf ├── elasticsearch-output.tf ├── modules │ └── skywalking │ │ ├── main-data.tf │ │ ├── main-key-pair.tf │ │ ├── main-ui.tf │ │ ├── main-bastion.tf │ │ ├── outputs.tf │ │ ├── main-oap.tf │ │ ├── variables.tf │ │ └── README.md ├── vpc.tf ├── h2-main.tf ├── skywalking-outputs.tf ├── rds-postgresql-output.tf ├── ec2-main.tf ├── skywalking-main.tf ├── alb-main.tf ├── README.md ├── elasticsearch-main.tf ├── rds-postgresql-main.tf ├── .terraform.lock.hcl ├── variables.tf └── configurations.md ├── README.md ├── .licenserc.yaml ├── .asf.yaml ├── .github └── workflows │ ├── license.yml │ └── documentation.yaml └── LICENSE /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule ".github/actions/terraform-docs"] 2 | path = .github/actions/terraform-docs 3 | url = https://github.com/terraform-docs/gh-actions.git 4 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Apache SkyWalking 2 | Copyright 2017-2023 The Apache Software Foundation 3 | 4 | This product includes software developed at 5 | The Apache Software Foundation (http://www.apache.org/). 6 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ 2 | *.iml 3 | .classpath 4 | .project 5 | .settings/ 6 | .DS_Store 7 | *~ 8 | packages/ 9 | /docker/snapshot/*.gz 10 | .factorypath 11 | .vscode 12 | .checkstyle 13 | .externalToolBuilders 14 | aws/.terraform/ 15 | aws/terraform.tfstate 16 | aws/terraform.tfstate.backup 17 | ansible/local.var.yaml 18 | ansible/inventory 19 | !ansible/inventory/template 20 | .terraform.tfstate.lock.info 21 | terraform.tfvars 22 | -------------------------------------------------------------------------------- /ansible/ansible.cfg: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | [defaults] 17 | roles_path = roles/ 18 | inventory = inventory/ 19 | timeout = 60 20 | 21 | [privilege_escalation] 22 | become = yes 23 | become_method = sudo 24 | -------------------------------------------------------------------------------- /aws/alb-output.tf: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | output "alb_dns_name" { 19 | value = module.alb.lb_dns_name 20 | description = "The domain name of the ALB that can be used to access SkyWalking UI." 21 | } 22 | -------------------------------------------------------------------------------- /aws/aws-main.tf: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | provider "aws" { 17 | region = var.region 18 | access_key = var.access_key 19 | secret_key = var.secret_key 20 | } 21 | 22 | data "aws_availability_zones" "available" { 23 | state = "available" 24 | } 25 | -------------------------------------------------------------------------------- /aws/elasticsearch-output.tf: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | output "elasticsearch_endpoint" { 19 | value = local.storage_name == "elasticsearch" ? aws_elasticsearch_domain.elasticsearch[0].endpoint : "" 20 | description = "The elasticsearch endpoint" 21 | } 22 | -------------------------------------------------------------------------------- /ansible/template/group_vars/skywalking_oap.yaml.tftpl: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | database: 19 | type: ${database_type} 20 | host: ${database_host} 21 | port: ${database_port} 22 | name: ${database_name} 23 | user: ${database_user} 24 | password: ${database_password} 25 | 26 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Terraform module for SkyWalking 2 | 3 | For now, we have supported the following cloud vendors, and we welcome everyone to contribute supports for 4 | more cloud vendors: 5 | 6 | - [AWS](aws): Terraform scripts to provision necessary resources on Amazon Web Services. 7 | 8 | > [!NOTE] 9 | > HashiCorp had changed the LICENSE of Terraform from MPL 2.0 to BSL/BUSL 1.1 10 | > since its 1.5.6 release. We don't have hard-dependencies on Terraform. 11 | > 12 | > OpenTF Foundation announced to maintain the MPL 2.0 based fork of Terraform. 13 | > Read their [announcement](https://opentf.org/announcement) and 14 | > [website](https://opentf.org/) for more details. 15 | > 16 | > All Terraform and/or OpenTF scripts are just for end-user convenience. 17 | > The Apache 2.0 License is only for the scripts. 18 | 19 | 20 | # Ansible playbook for SkyWalking 21 | 22 | You can use the Ansible playbook in combination with the Terraform to create 23 | necessary infrastructure and install SkyWalking on the created infrastructure, 24 | or you can use the Ansible to install SkyWalking on the existing infrastructure. 25 | 26 | Please go to the [ansible](ansible) folder for more details. 27 | -------------------------------------------------------------------------------- /.licenserc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | header: 20 | license: 21 | spdx-id: Apache-2.0 22 | copyright-owner: Apache Software Foundation 23 | 24 | paths-ignore: 25 | - '.terraform.lock.hcl' 26 | - '**/*.md' 27 | - '**/*.json' 28 | - '**/.gitignore' 29 | - '.gitmodules' 30 | - 'LICENSE' 31 | - 'NOTICE' 32 | 33 | comment: on-failure 34 | -------------------------------------------------------------------------------- /ansible/roles/skywalking/templates/skywalking-ui.service.j2: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | [Unit] 17 | Description=Apache SkyWalking WebUI Service 18 | After=network.target 19 | 20 | [Service] 21 | Type=simple 22 | EnvironmentFile=/home/skywalking/webapp.env 23 | User=skywalking 24 | Group=skywalking 25 | ExecStart=/usr/local/skywalking/bin/webappService.sh 26 | TimeoutSec=300 27 | KillMode=process 28 | ExecReload=/bin/kill -HUP $MAINPID 29 | Restart=on-failure 30 | 31 | [Install] 32 | WantedBy=multi-user.target 33 | -------------------------------------------------------------------------------- /.asf.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | github: 19 | description: Terraform modules and Ansible playbook for Apache SkyWalking 20 | homepage: https://skywalking.apache.org/ 21 | labels: 22 | - skywalking 23 | - terraform 24 | - ansible 25 | enabled_merge_buttons: 26 | squash: true 27 | merge: false 28 | rebase: false 29 | 30 | notifications: 31 | commits: commits@skywalking.apache.org 32 | issues: commits@skywalking.apache.org 33 | pullrequests: commits@skywalking.apache.org 34 | -------------------------------------------------------------------------------- /aws/modules/skywalking/main-data.tf: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | data "aws_ami" "amazon-linux" { 19 | most_recent = true 20 | owners = ["amazon"] 21 | 22 | filter { 23 | name = "virtualization-type" 24 | values = ["hvm"] 25 | } 26 | 27 | filter { 28 | name = "architecture" 29 | values = ["x86_64"] 30 | } 31 | 32 | filter { 33 | name = "root-device-type" 34 | values = ["ebs"] 35 | } 36 | 37 | filter { 38 | name = "name" 39 | values = ["al2022-ami-*"] 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /.github/workflows/license.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | name: License 17 | 18 | on: 19 | push: 20 | branches: 21 | - main 22 | pull_request: 23 | 24 | jobs: 25 | license: 26 | name: license 27 | runs-on: ubuntu-latest 28 | steps: 29 | - name: Checkout 30 | uses: actions/checkout@v2 31 | with: 32 | submodules: 'recursive' 33 | - name: Check License Header 34 | uses: apache/skywalking-eyes/header/@d299844e334855087f18ae1fe3c81ae8d22bc282 35 | with: 36 | config: .licenserc.yaml 37 | -------------------------------------------------------------------------------- /aws/vpc.tf: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | module "vpc" { 17 | source = "terraform-aws-modules/vpc/aws" 18 | version = "~> 5.0" 19 | 20 | name = var.cluster_name 21 | cidr = var.cidr 22 | 23 | azs = data.aws_availability_zones.available.names 24 | 25 | private_subnets = var.private_subnets 26 | public_subnets = var.public_subnets 27 | database_subnets = var.database_subnets 28 | 29 | enable_nat_gateway = true 30 | enable_vpn_gateway = false 31 | single_nat_gateway = true 32 | enable_dns_hostnames = true 33 | enable_dns_support = true 34 | } 35 | -------------------------------------------------------------------------------- /aws/h2-main.tf: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | resource "local_file" "h2_vars" { 19 | count = local.storage_name == "h2" ? 1 : 0 20 | 21 | filename = "${path.module}/../ansible/inventory/group_vars/skywalking_oap.yaml" 22 | file_permission = "0600" 23 | content = templatefile("${path.module}/../ansible/template/group_vars/skywalking_oap.yaml.tftpl", { 24 | database_type = local.storage_name 25 | database_host = "" 26 | database_port = "" 27 | database_user = "" 28 | database_name = "" 29 | database_password = "" 30 | }) 31 | } 32 | -------------------------------------------------------------------------------- /aws/modules/skywalking/main-key-pair.tf: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | resource "tls_private_key" "ssh-user" { 19 | algorithm = "RSA" 20 | rsa_bits = 4096 21 | } 22 | 23 | resource "aws_key_pair" "ssh-user" { 24 | key_name = "skywalking" 25 | public_key = tls_private_key.ssh-user.public_key_openssh 26 | tags = var.extra_tags 27 | } 28 | 29 | resource "local_file" "ssh-user" { 30 | filename = "${pathexpand(var.public_key_path)}/${aws_key_pair.ssh-user.key_name}.pem" 31 | content = tls_private_key.ssh-user.private_key_pem 32 | file_permission = "0600" 33 | } 34 | -------------------------------------------------------------------------------- /ansible/roles/install-java/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | --- 17 | - name: Install Java 11 on RHEL-based systems 18 | package: 19 | name: java-11-openjdk 20 | state: present 21 | when: ansible_distribution == 'RedHat' or ansible_distribution == 'CentOS' or ansible_distribution == 'Fedora' 22 | 23 | - name: Install Java 11 on Ubuntu systems 24 | package: 25 | name: openjdk-11-jdk 26 | state: present 27 | when: ansible_distribution == 'Ubuntu' 28 | 29 | - name: Install Java 11 on Amazon distribution 30 | package: 31 | name: java-11-amazon-corretto 32 | state: present 33 | when: ansible_distribution == 'Amazon' 34 | -------------------------------------------------------------------------------- /ansible/roles/skywalking/templates/skywalking-oap.service.j2: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | [Unit] 17 | Description=Apache SkyWalking OAP Service 18 | After=network.target 19 | 20 | [Service] 21 | Type=simple 22 | User=skywalking 23 | Group=skywalking 24 | EnvironmentFile=/home/skywalking/oap.env 25 | {% if hostvars[inventory_hostname]['database']['type'] == 'h2' %} 26 | ExecStart=/usr/local/skywalking/bin/oapService.sh 27 | {% else %} 28 | ExecStart=/usr/local/skywalking/bin/oapServiceNoInit.sh 29 | {% endif %} 30 | TimeoutSec=300 31 | KillMode=process 32 | ExecReload=/bin/kill -HUP $MAINPID 33 | Restart=on-failure 34 | 35 | [Install] 36 | WantedBy=multi-user.target 37 | -------------------------------------------------------------------------------- /ansible/roles/skywalking/templates/skywalking-ui.env.j2: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | {% for key, value in skywalking_ui_environment.items() %} 20 | {{ key }}="{{ value }}" 21 | {% endfor %} 22 | 23 | SW_OAP_ADDRESS="{% for host in groups['skywalking_oap'] %}http://{{ hostvars[host].inventory_hostname }}:{{ skywalking_ui_environment['SW_CORE_GRPC_PORT'] | default ('12800') }}{% if not loop.last %},{% endif %}{% endfor %}" 24 | SW_ZIPKIN_ADDRESS="{% for host in groups['skywalking_oap'] %}http://{{ hostvars[host].inventory_hostname }}:{{ skywalking_ui_environment['SW_QUERY_ZIPKIN_REST_PORT'] | default ('9412') }}{% if not loop.last %},{% endif %}{% endfor %}" 25 | 26 | -------------------------------------------------------------------------------- /ansible/skywalking.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | --- 17 | - name: Create skywalking group 18 | hosts: all 19 | gather_facts: false 20 | tasks: 21 | - group: 22 | name: skywalking 23 | state: present 24 | 25 | - name: Create skywalking user 26 | hosts: all 27 | gather_facts: false 28 | tasks: 29 | - user: 30 | name: skywalking 31 | group: skywalking 32 | state: present 33 | 34 | - name: Install Java 35 | hosts: all 36 | gather_facts: true 37 | roles: 38 | - install-java 39 | 40 | - name: Download and configure Apache SkyWalking APM Service on all hosts 41 | hosts: all 42 | gather_facts: false 43 | roles: 44 | - skywalking 45 | -------------------------------------------------------------------------------- /aws/skywalking-outputs.tf: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | output "oap_ips" { 19 | value = module.skywalking.oap_ips 20 | description = "The private IPs of the OAP instances" 21 | } 22 | 23 | output "ui_ips" { 24 | value = module.skywalking.ui_ips 25 | description = "The IPs of the SkyWalking UI instances" 26 | } 27 | 28 | output "bastion_ips" { 29 | value = module.skywalking.bastion_ips 30 | description = "The public IP that can be used to SSH into the bastion host" 31 | } 32 | 33 | output "ssh_user_key_file" { 34 | value = module.skywalking.ssh_user_key_file 35 | description = "The SSH private key file to use to connect to the bastion host" 36 | } 37 | -------------------------------------------------------------------------------- /ansible/template/inventory.yaml.tftpl: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | proxy: 21 | ${bastion.public_ip}: 22 | 23 | skywalking: 24 | vars: 25 | ansible_ssh_private_key_file: ${private_key_file} 26 | ansible_ssh_user: ec2-user 27 | ansible_ssh_common_args: '-o StrictHostKeyChecking=no -o ProxyCommand="ssh -i ${private_key_file} -o StrictHostKeyChecking=no -W %h:%p -q ec2-user@${bastion.public_ip}"' 28 | children: 29 | skywalking_oap: 30 | skywalking_ui: 31 | 32 | skywalking_oap: 33 | hosts: 34 | %{ for oap in oap_instances ~} 35 | ${oap.private_ip}: 36 | %{ endfor ~} 37 | 38 | skywalking_ui: 39 | hosts: 40 | %{ for ui in ui_instances ~} 41 | ${ui.private_ip}: 42 | %{ endfor ~} 43 | -------------------------------------------------------------------------------- /ansible/roles/skywalking/templates/skywalking-oap.env.j2: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | {% set database = hostvars[inventory_hostname]["database"] %} 21 | {% set storage = database['type'] %} 22 | 23 | {% if storage and (storage | length) %} 24 | SW_STORAGE={{ storage | regex_replace('^rds_', '')}} 25 | {% endif %} 26 | 27 | {% if "postgresql" in storage %} 28 | SW_JDBC_URL=jdbc:postgresql://{{ database["host"] }}:{{ database["port"] }}/{{ database["name"] }} 29 | SW_DATA_SOURCE_USER={{ database['user'] }} 30 | SW_DATA_SOURCE_PASSWORD={{ database['password'] }} 31 | {% elif "elasticsearch" in storage %} 32 | SW_STORAGE_ES_CLUSTER_NODES={{ database["host"] }} 33 | SW_STORAGE_ES_HTTP_PROTOCOL=https 34 | {% endif %} 35 | 36 | {% for key, value in skywalking_oap_environment.items() %} 37 | {{ key }}="{{ value }}" 38 | {% endfor %} 39 | 40 | -------------------------------------------------------------------------------- /ansible/roles/skywalking/vars/main.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | --- 17 | # `skywalking_tarball` can be a remote URL or a local path, if it's a remote URL 18 | # the remote file will be downloaded to the remote host and then extracted, 19 | # if it's a local path, the local file will be copied to the remote host and 20 | # then extracted. 21 | skywalking_tarball: "https://dist.apache.org/repos/dist/release/skywalking/9.5.0/apache-skywalking-apm-9.5.0.tar.gz" 22 | 23 | # `skywalking_ui_environment` is a dictionary of environment variables that will 24 | # be sourced when running the skywalking-ui service. All environment variables 25 | # that are supported by SkyWalking webapp can be set here. 26 | skywalking_ui_environment: {} 27 | 28 | # `skywalking_oap_environment` is a dictionary of environment variables that will 29 | # be sourced when running the skywalking-oap service. All environment variables 30 | # that are supported by SkyWalking OAP can be set here. 31 | skywalking_oap_environment: {} 32 | 33 | -------------------------------------------------------------------------------- /aws/rds-postgresql-output.tf: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | output "database_address" { 19 | value = var.storage == "rds-postgresql" ? module.rds[0].db_instance_address : "" 20 | description = "The database address" 21 | } 22 | 23 | output "database_port" { 24 | value = var.storage == "rds-postgresql" ? module.rds[0].db_instance_port : "" 25 | description = "The database port" 26 | } 27 | 28 | output "database_name" { 29 | value = var.storage == "rds-postgresql" ? module.rds[0].db_instance_name : "" 30 | description = "The database name" 31 | } 32 | 33 | output "database_username" { 34 | value = var.storage == "rds-postgresql" ? module.rds[0].db_instance_username : "" 35 | sensitive = true 36 | description = "The database username" 37 | } 38 | 39 | output "database_password" { 40 | value = var.storage == "rds-postgresql" ? module.rds[0].db_instance_password : "" 41 | sensitive = true 42 | description = "The database password" 43 | } 44 | -------------------------------------------------------------------------------- /aws/ec2-main.tf: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | resource "aws_security_group" "public-egress-access" { 17 | name = "public-egress-access" 18 | description = "Allow access to the Internet" 19 | vpc_id = module.vpc.vpc_id 20 | 21 | egress { 22 | from_port = 0 23 | to_port = 0 24 | protocol = -1 25 | cidr_blocks = ["0.0.0.0/0"] 26 | description = "Allow access to the Internet" 27 | security_groups = [] 28 | } 29 | 30 | tags = var.extra_tags 31 | } 32 | 33 | resource "local_file" "inventories" { 34 | filename = "${path.module}/../ansible/inventory/skywalking.yaml" 35 | file_permission = "0600" 36 | content = templatefile("${path.module}/../ansible/template/inventory.yaml.tftpl", { 37 | bastion = module.skywalking.bastion_instances[0] 38 | oap_instances = module.skywalking.oap_instances 39 | ui_instances = module.skywalking.ui_instances 40 | private_key_file = module.skywalking.ssh_user_key_file 41 | }) 42 | } 43 | -------------------------------------------------------------------------------- /.github/workflows/documentation.yaml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | name: Check Docs 19 | on: 20 | - pull_request 21 | 22 | jobs: 23 | docs: 24 | name: ${{ matrix.doc.name }} 25 | runs-on: ubuntu-latest 26 | strategy: 27 | matrix: 28 | doc: 29 | - name: AWS 30 | dir: aws 31 | output-file: configurations.md 32 | - name: AWS SkyWalking Module 33 | dir: aws/modules/skywalking 34 | output-file: README.md 35 | fail-fast: true 36 | steps: 37 | - uses: actions/checkout@v4 38 | with: 39 | submodules: true 40 | - name: Render and check docs is updated 41 | uses: ./.github/actions/terraform-docs 42 | with: 43 | working-dir: ${{ matrix.doc.dir }} 44 | output-file: ${{ matrix.doc.output-file }} 45 | output-method: inject 46 | fail-on-diff: "true" 47 | - name: Print diff 48 | if: ${{ failure() }} 49 | run: git diff --staged 50 | -------------------------------------------------------------------------------- /aws/skywalking-main.tf: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | locals { 19 | storage = { 20 | for storage, config in var.storage : storage => config if config != null 21 | } 22 | storage_name = keys(local.storage)[0] 23 | storage_config = values(local.storage)[0] 24 | } 25 | 26 | module "skywalking" { 27 | source = "./modules/skywalking" 28 | 29 | cluster_name = var.cluster_name 30 | storage = local.storage_name 31 | 32 | oap_instance_count = var.oap_instance_count 33 | oap_instance_type = var.oap_instance_type 34 | oap_instance_subnet_id = element(module.vpc.private_subnets, 0) 35 | 36 | ui_instance_count = var.ui_instance_count 37 | ui_instance_type = var.ui_instance_type 38 | ui_instance_subnet_id = element(module.vpc.private_subnets, 0) 39 | ui_instance_security_group_ids = var.create_lb ? aws_security_group.alb-skywalking-ui.*.id : [] 40 | 41 | bastion_enabled = var.bastion_enabled 42 | bastion_instance_type = var.bastion_instance_type 43 | bastion_ssh_cidr_blocks = var.bastion_ssh_cidr_blocks 44 | public_key_path = var.public_key_path 45 | 46 | vpc_id = module.vpc.vpc_id 47 | vpc_bastion_subnet_id = element(module.vpc.public_subnets, 0) 48 | } 49 | -------------------------------------------------------------------------------- /aws/modules/skywalking/main-ui.tf: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | locals { 17 | ui_ami_id = var.ui_instance_ami_id != "" ? var.ui_instance_ami_id : data.aws_ami.amazon-linux.id 18 | } 19 | 20 | resource "aws_instance" "skywalking-ui" { 21 | count = var.ui_instance_count 22 | ami = local.ui_ami_id 23 | instance_type = var.ui_instance_type 24 | key_name = aws_key_pair.ssh-user.id 25 | subnet_id = var.ui_instance_subnet_id 26 | 27 | vpc_security_group_ids = concat( 28 | var.ui_instance_security_group_ids, 29 | [aws_security_group.skywalking-ui.id] 30 | ) 31 | 32 | tags = merge( 33 | { 34 | Name = "skywalking-ui" 35 | Description = "Installing and configuring SkyWalking UI on AWS" 36 | }, 37 | var.extra_tags 38 | ) 39 | } 40 | 41 | resource "aws_security_group" "skywalking-ui" { 42 | name = "skywalking-ui" 43 | description = "Security group for SkyWalking UI" 44 | vpc_id = var.vpc_id 45 | 46 | ingress { 47 | from_port = 22 48 | to_port = 22 49 | protocol = "tcp" 50 | description = "Allow SSH access from the bastion" 51 | security_groups = [aws_security_group.bastion.id] 52 | } 53 | 54 | egress { 55 | from_port = 0 56 | to_port = 0 57 | protocol = "-1" 58 | cidr_blocks = ["0.0.0.0/0"] 59 | description = "Allow all outbound traffic" 60 | } 61 | 62 | tags = var.extra_tags 63 | } 64 | 65 | -------------------------------------------------------------------------------- /aws/modules/skywalking/main-bastion.tf: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | resource "aws_instance" "bastion" { 17 | count = var.bastion_enabled ? 1 : 0 18 | ami = data.aws_ami.amazon-linux.id 19 | instance_type = var.bastion_instance_type 20 | key_name = aws_key_pair.ssh-user.id 21 | subnet_id = var.vpc_bastion_subnet_id 22 | associate_public_ip_address = true 23 | 24 | vpc_security_group_ids = [aws_security_group.bastion.id] 25 | tags = merge( 26 | { 27 | Name = "Bastion Host" 28 | Description = "Bastion host for SSH access" 29 | }, 30 | var.extra_tags 31 | ) 32 | 33 | connection { 34 | host = self.public_ip 35 | user = "ec2-user" 36 | type = "ssh" 37 | private_key = tls_private_key.ssh-user.private_key_pem 38 | } 39 | 40 | provisioner "file" { 41 | content = tls_private_key.ssh-user.private_key_pem 42 | destination = "/home/ec2-user/.ssh/id_rsa" 43 | 44 | } 45 | 46 | provisioner "remote-exec" { 47 | inline = ["chmod og-rwx /home/ec2-user/.ssh/id_rsa"] 48 | } 49 | } 50 | 51 | resource "aws_security_group" "bastion" { 52 | name = "bastion" 53 | description = "Security group for bastion" 54 | vpc_id = var.vpc_id 55 | 56 | ingress { 57 | description = "SSH access from the Internet" 58 | from_port = 22 59 | to_port = 22 60 | protocol = "tcp" 61 | cidr_blocks = var.bastion_ssh_cidr_blocks 62 | } 63 | 64 | egress { 65 | from_port = 0 66 | to_port = 0 67 | protocol = "-1" 68 | cidr_blocks = ["0.0.0.0/0"] 69 | } 70 | 71 | tags = var.extra_tags 72 | } 73 | -------------------------------------------------------------------------------- /aws/modules/skywalking/outputs.tf: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | output "ui_instances" { 19 | value = aws_instance.skywalking-ui 20 | description = "The SkyWalking UI instances" 21 | } 22 | 23 | output "ui_instance_ids" { 24 | value = aws_instance.skywalking-ui.*.id 25 | description = "The IDs of the SkyWalking UI instances" 26 | } 27 | 28 | output "ui_ips" { 29 | value = aws_instance.skywalking-ui.*.private_ip 30 | description = "The IPs of the SkyWalking UI instances" 31 | } 32 | 33 | output "ui_security_groups" { 34 | value = [aws_security_group.skywalking-ui.id] 35 | description = "The security groups of the SkyWalking UI instances" 36 | } 37 | 38 | output "oap_instances" { 39 | value = aws_instance.skywalking-oap 40 | description = "The OAP instances" 41 | } 42 | 43 | output "oap_instance_ids" { 44 | value = aws_instance.skywalking-oap.*.id 45 | description = "The IDs of the OAP instances" 46 | } 47 | 48 | output "oap_ips" { 49 | value = aws_instance.skywalking-oap.*.private_ip 50 | description = "The private IPs of the OAP instances" 51 | } 52 | 53 | output "oap_security_groups" { 54 | value = [aws_security_group.skywalking-oap.id] 55 | description = "The security groups of the OAP instances" 56 | } 57 | 58 | output "bastion_instances" { 59 | value = aws_instance.bastion 60 | description = "The bastion instances" 61 | } 62 | 63 | output "bastion_ips" { 64 | value = aws_instance.bastion.*.public_ip 65 | description = "The public IP that can be used to SSH into the bastion host" 66 | } 67 | 68 | output "ssh_user_key_file" { 69 | value = local_file.ssh-user.filename 70 | description = "The SSH key file that can be used to connect to the bastion instance." 71 | } 72 | 73 | -------------------------------------------------------------------------------- /aws/modules/skywalking/main-oap.tf: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | locals { 17 | oap_ami_id = var.oap_instance_ami_id != "" ? var.oap_instance_ami_id : data.aws_ami.amazon-linux.id 18 | } 19 | 20 | resource "aws_instance" "skywalking-oap" { 21 | count = var.oap_instance_count 22 | ami = local.oap_ami_id 23 | instance_type = var.oap_instance_type 24 | key_name = aws_key_pair.ssh-user.id 25 | subnet_id = var.oap_instance_subnet_id 26 | 27 | vpc_security_group_ids = concat( 28 | var.oap_instance_security_group_ids, 29 | [aws_security_group.skywalking-oap.id] 30 | ) 31 | 32 | tags = merge( 33 | { 34 | Name = "skywalking-oap" 35 | Description = "Installing and configuring SkyWalking OAP on AWS" 36 | }, 37 | var.extra_tags 38 | ) 39 | 40 | lifecycle { 41 | precondition { 42 | condition = !(var.oap_instance_count > 1 && var.storage == "h2") 43 | error_message = "OAP instance count must be 1 if storage is h2" 44 | } 45 | } 46 | } 47 | 48 | resource "aws_security_group" "skywalking-oap" { 49 | name = "skywalking-oap" 50 | description = "Security group for SkyWalking OAP" 51 | vpc_id = var.vpc_id 52 | 53 | ingress { 54 | from_port = 12800 55 | to_port = 12800 56 | protocol = "tcp" 57 | security_groups = [aws_security_group.skywalking-ui.id] 58 | description = "Allow incoming HTTP connections from SkyWalking UI" 59 | } 60 | ingress { 61 | from_port = 9412 62 | to_port = 9412 63 | protocol = "tcp" 64 | security_groups = [aws_security_group.skywalking-ui.id] 65 | description = "Allow incoming HTTP connections from SkyWalking UI" 66 | } 67 | ingress { 68 | from_port = 22 69 | to_port = 22 70 | protocol = "tcp" 71 | description = "Allow SSH access from the bastion" 72 | security_groups = [aws_security_group.bastion.id] 73 | } 74 | 75 | egress { 76 | from_port = 0 77 | to_port = 0 78 | protocol = "-1" 79 | cidr_blocks = ["0.0.0.0/0"] 80 | } 81 | 82 | tags = var.extra_tags 83 | } 84 | 85 | -------------------------------------------------------------------------------- /aws/alb-main.tf: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | module "alb" { 17 | source = "terraform-aws-modules/alb/aws" 18 | version = "~> 8.0" 19 | 20 | create_lb = var.create_lb 21 | 22 | name = var.cluster_name 23 | 24 | load_balancer_type = "application" 25 | 26 | vpc_id = module.vpc.vpc_id 27 | subnets = module.vpc.public_subnets 28 | security_groups = [module.vpc.default_security_group_id] 29 | 30 | security_group_rules = { 31 | ingress_all_http = { 32 | type = "ingress" 33 | from_port = 80 34 | to_port = 80 35 | protocol = "tcp" 36 | description = "Allow HTTP traffic" 37 | cidr_blocks = ["0.0.0.0/0"] 38 | } 39 | egress_all = { 40 | type = "egress" 41 | from_port = 0 42 | to_port = 0 43 | protocol = "-1" 44 | cidr_blocks = ["0.0.0.0/0"] 45 | } 46 | } 47 | 48 | target_groups = [ 49 | { 50 | name_prefix = substr(var.cluster_name, 0, 6) 51 | backend_protocol = "HTTP" 52 | backend_port = 8080 53 | target_type = "instance" 54 | targets = [ 55 | for i, ui_id in module.skywalking.ui_instance_ids : { 56 | target_id = ui_id 57 | port = 8080 58 | } 59 | ] 60 | health_check = { 61 | enabled = true 62 | interval = 30 63 | path = "/internal/l7check" 64 | port = "traffic-port" 65 | healthy_threshold = 3 66 | unhealthy_threshold = 3 67 | timeout = 6 68 | protocol = "HTTP" 69 | matcher = "200" 70 | } 71 | } 72 | ] 73 | 74 | http_tcp_listeners = [ 75 | { 76 | port = 80 77 | protocol = "HTTP" 78 | target_group_index = 0 79 | } 80 | ] 81 | 82 | tags = var.extra_tags 83 | } 84 | 85 | resource "aws_security_group" "alb-skywalking-ui" { 86 | count = var.create_lb ? 1 : 0 87 | 88 | name = "alb-skywalking-ui" 89 | description = "Security group for ALB to access SkyWalking UI" 90 | vpc_id = module.vpc.vpc_id 91 | 92 | ingress { 93 | from_port = 8080 94 | to_port = 8080 95 | protocol = "tcp" 96 | description = "Allow access from ALB to SkyWalking UI" 97 | security_groups = [module.alb.security_group_id] 98 | } 99 | } 100 | -------------------------------------------------------------------------------- /ansible/README.md: -------------------------------------------------------------------------------- 1 | This guide provides steps on using Ansible to install Apache SkyWalking on VM instances. 2 | 3 | # Prerequisites 4 | 5 | - [Ansible installed](https://docs.ansible.com/ansible/latest/installation_guide/index.html). 6 | - A working knowledge of Ansible. 7 | - Access to instances. 8 | 9 | # Instructions 10 | 11 | ## Change diroectory 12 | 13 | ```shell 14 | cd ansible 15 | ``` 16 | 17 | ## Test Connectivity to the Instances 18 | 19 | Before installing SkyWalking, ensure that you can connect to the instances: 20 | 21 | ```shell 22 | ansible -m ping all 23 | ``` 24 | 25 | **Expected Output**: 26 | 27 | You should see output for each IP with a `SUCCESS` status: 28 | 29 | ```text 30 | | SUCCESS => { 31 | "ansible_facts": { 32 | "discovered_interpreter_python": "/usr/bin/python3" 33 | }, 34 | "changed": false, 35 | "ping": "pong" 36 | } 37 | | SUCCESS => { 38 | "ansible_facts": { 39 | "discovered_interpreter_python": "/usr/bin/python3" 40 | }, 41 | "changed": false, 42 | "ping": "pong" 43 | } 44 | ``` 45 | 46 | ## Install Apache SkyWalking 47 | 48 | After confirming connectivity, proceed to install Apache SkyWalking using the Ansible playbook: 49 | 50 | ``` 51 | ansible-playbook skywalking.yml 52 | ``` 53 | 54 | ## Configurations 55 | 56 | The Ansible playbook can be customized to install Apache SkyWalking with 57 | different configurations. The following variables can be modified to suit your 58 | needs: 59 | 60 | > For full configurations, refer to the 61 | > [roles/skywalking/vars/main.yml](roles/skywalking/vars/main.yml). 62 | > file. 63 | 64 | ```yaml 65 | # `skywalking_tarball` can be a remote URL or a local path, if it's a remote URL 66 | # the remote file will be downloaded to the remote host and then extracted, 67 | # if it's a local path, the local file will be copied to the remote host and 68 | # then extracted. 69 | skywalking_tarball: "https://dist.apache.org/repos/dist/release/skywalking/9.5.0/apache-skywalking-apm-9.5.0.tar.gz" 70 | 71 | # `skywalking_ui_environment` is a dictionary of environment variables that will 72 | # be sourced when running the skywalking-ui service. All environment variables 73 | # that are supported by SkyWalking webapp can be set here. 74 | skywalking_ui_environment: {} 75 | 76 | # `skywalking_oap_environment` is a dictionary of environment variables that will 77 | # be sourced when running the skywalking-oap service. All environment variables 78 | # that are supported by SkyWalking OAP can be set here. 79 | skywalking_oap_environment: {} 80 | 81 | ``` 82 | 83 | You can create a local variable file to override the default values: 84 | 85 | ```shell 86 | cat < local.var.yaml 87 | skywalking_tarball: "~/workspace/skywalking/apm-dist/target/apache-skywalking-apm-bin.tar.gz" 88 | EOF 89 | ``` 90 | 91 | And then run the playbook with the local variable file: 92 | 93 | ```shell 94 | ansible-playbook skywalking.yml -e @local.var.yaml 95 | ``` 96 | 97 | ## Accessing SkyWalking UI! 98 | 99 | After the installation is complete, you can go back to the aws folder and get 100 | the ALB domain name address that can be used to access the SkyWalking UI: 101 | 102 | ```shell 103 | cd ../aws 104 | terraform output -raw alb_dns_name 105 | ``` 106 | 107 | And you can open your browser and access the SkyWalking UI with the address. 108 | 109 | -------------------------------------------------------------------------------- /aws/README.md: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | 3 | - [Terraform installed](https://developer.hashicorp.com/terraform/downloads). 4 | - AWS Credentials: Ensure your environment is set up with the necessary AWS credentials. This can be done in various ways, such as: 5 | - Setting the [`access_key`](configurations.md#input_access_key) and [`secret_key`](configurations.md#input_secret_key) variable in Terraform. 6 | - Setting up environment variables (`AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`). 7 | - Configuring using the [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). 8 | - Using IAM roles with necessary permissions if you're running Terraform on an AWS EC2 instance. 9 | - For more information on configuring AWS credentials for Terraform, see the [official documentation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration). 10 | - A working knowledge of Terraform and AWS resources 11 | 12 | # Instructions 13 | 14 | ## Initialization 15 | 16 | Before applying any Terraform script, initialize your Terraform working directory: 17 | 18 | ```bash 19 | terraform init 20 | ``` 21 | 22 | ## Configuration 23 | 24 | The script is designed with modularity and reusability in mind. Various 25 | parameters like region, instance count, instance type, etc., are exposed 26 | as variables for easier customization. 27 | 28 | For the full configuration list, please refer to [the doc](configurations.md). 29 | 30 | To modify the default values, you can create a `terraform.tfvars` file in the 31 | same directory as your Terraform script: 32 | 33 | ```bash 34 | cat < terraform.tfvars 35 | region = "ap-southeast-1" 36 | access_key = "" 37 | secret_key = "" 38 | storage = "rds-postgresql" 39 | extra_tags = { 40 | "Environment" = "Production" 41 | } 42 | EOF 43 | ``` 44 | 45 | ## Test and apply the outcomes of the script 46 | 47 | After adjusting your configuration, test and apply the script: 48 | 49 | ```bash 50 | terraform plan 51 | terraform apply 52 | ``` 53 | 54 | > [!WARNING] 55 | > **Security Attention**: two security rules are created for the bastion host: 56 | > - `ssh-access`: Allows SSH access from any IP (`0.0.0.0/0`). 57 | > **Please note** that this is potentially insecure and you should restrict 58 | > the IP range by setting the variable 59 | > [`bastion_ssh_cidr_blocks`](configurations.md#input_bastion_ssh_cidr_blocks). 60 | > - `public-egress-access`: Allows egress access to the internet for the instances. 61 | 62 | After all the resources are created, you can head to the 63 | [Ansible part](../ansible/README.md) to start deploying SkyWalking. 64 | 65 | ## Accessing the resources 66 | 67 | ### SSH into bastion host (Optional) 68 | 69 | You don't usually need to directly SSH into the bastion host, but if you want, 70 | you can SSH into the bastion host with the command: 71 | 72 | ```shell 73 | KEY_FILE=$(terraform output -raw ssh_user_key_file) 74 | BASTION_IP=$(terraform output -json bastion_ips | jq -r '.[0]') 75 | 76 | ssh -i "$KEY_FILE" ec2-user@"$BASTION_IP" 77 | ``` 78 | 79 | ### Access the SkyWalking UI ALB 80 | 81 | If you set the variable [`create_lb`](configurations.md#input_create_lb) to 82 | `true` (this is set by default, so if you didn't set it to `false`, you should 83 | have an ALB), you can access the SkyWalking UI ALB with the command: 84 | 85 | ```shell 86 | terraform output -raw alb_dns_name 87 | ``` 88 | 89 | When you open the URL in your browser, you should see something like this: 90 | 91 | ```text 92 | 503 Service Temporarily Unavailable 93 | ``` 94 | 95 | This is because you didn't deploy SkyWalking yet, after you complete the steps 96 | in the [Ansible part](../ansible/README.md), you should be able to see the 97 | SkyWalking UI then. 98 | 99 | ## Tearing Down 100 | 101 | To destroy the resources when they are no longer needed: 102 | 103 | ```bash 104 | terraform destroy 105 | ``` 106 | 107 | This command will prompt you to confirm before destroying the resources. 108 | 109 | -------------------------------------------------------------------------------- /ansible/roles/skywalking/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | --- 17 | - name: Create and set permissions for skywalking directory 18 | file: 19 | path: /usr/local/skywalking 20 | state: directory 21 | recurse: yes 22 | owner: skywalking 23 | group: skywalking 24 | mode: "0755" 25 | 26 | - name: Download remote Apache SkyWalking tarball 27 | when: skywalking_tarball is match('^https?://.*') 28 | get_url: 29 | url: "{{ skywalking_tarball }}" 30 | dest: /usr/local/skywalking/apache-skywalking-apm.tar.gz 31 | 32 | - name: Upload local Apache SkyWalking tarball 33 | when: skywalking_tarball is not match('^https?://.*') 34 | ansible.builtin.copy: 35 | src: "{{ skywalking_tarball }}" 36 | dest: /usr/local/skywalking/apache-skywalking-apm.tar.gz 37 | owner: skywalking 38 | group: skywalking 39 | mode: '0755' 40 | 41 | - name: Extract tarball 42 | unarchive: 43 | src: /usr/local/skywalking/apache-skywalking-apm.tar.gz 44 | dest: /usr/local/skywalking 45 | remote_src: yes 46 | owner: skywalking 47 | group: skywalking 48 | extra_opts: [--strip-components=1] 49 | 50 | - name: Generate environment file for webui service 51 | template: 52 | src: skywalking-ui.env.j2 53 | dest: /home/skywalking/webapp.env 54 | owner: skywalking 55 | mode: "0600" 56 | when: inventory_hostname in groups['skywalking_ui'] 57 | 58 | - name: Generate environment file for OAP service 59 | template: 60 | src: skywalking-oap.env.j2 61 | dest: /home/skywalking/oap.env 62 | owner: skywalking 63 | mode: "0600" 64 | when: inventory_hostname in groups['skywalking_oap'] 65 | 66 | - name: Check hostgroup size 67 | set_fact: 68 | oap_init_node: "{{ (inventory_hostname in groups['skywalking_oap'] and hostvars[inventory_hostname]['database']['type'] == 'h2') | ternary([], [groups['skywalking_oap'][0]]) }}" 69 | 70 | - name: Run the OAPSericeInit script 71 | command: "sudo -u skywalking -- sh -c 'set -a; source /home/skywalking/oap.env; set +a; /usr/local/skywalking/bin/oapServiceInit.sh'" 72 | when: inventory_hostname in oap_init_node 73 | 74 | - name: Generate systemd unit file for oap service 75 | template: 76 | src: skywalking-oap.service.j2 77 | dest: /usr/lib/systemd/system/skywalking-oap.service 78 | owner: root 79 | mode: "0660" 80 | when: inventory_hostname in groups['skywalking_oap'] 81 | 82 | - name: Generate systemd unit file for webui service 83 | template: 84 | src: skywalking-ui.service.j2 85 | dest: /usr/lib/systemd/system/skywalking-ui.service 86 | owner: root 87 | mode: "0660" 88 | when: inventory_hostname in groups['skywalking_ui'] 89 | 90 | - name: Reload systemd 91 | systemd: 92 | daemon_reload: yes 93 | 94 | - name: Link and enable skywalking-oap service 95 | systemd: 96 | name: skywalking-oap 97 | enabled: yes 98 | when: inventory_hostname in groups['skywalking_oap'] 99 | 100 | - name: Link and enable skywalking-ui service 101 | systemd: 102 | name: skywalking-ui 103 | enabled: yes 104 | when: inventory_hostname in groups['skywalking_ui'] 105 | 106 | - name: Start SkyWalking-OAP service 107 | systemd: 108 | name: skywalking-oap 109 | state: started 110 | when: inventory_hostname in groups['skywalking_oap'] 111 | 112 | - name: Start SkyWalking-UI service 113 | systemd: 114 | name: skywalking-ui 115 | state: started 116 | when: inventory_hostname in groups['skywalking_ui'] 117 | 118 | -------------------------------------------------------------------------------- /aws/elasticsearch-main.tf: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | locals { 19 | elasticsearch_domain_name = coalesce(lookup(local.storage_config, "domain_name", var.cluster_name)) 20 | elasticsearch_version = coalesce(lookup(local.storage_config, "version", "7.10")) 21 | elasticsearch_instance_type = coalesce(lookup(local.storage_config, "instance_type","m3.medium.elasticsearch")) 22 | elasticsearch_instance_count = coalesce(lookup(local.storage_config, "instance_count", 2)) 23 | elasticsearch_additional_security_groups = coalesce(lookup(local.storage_config, "additional_security_groups", [])) 24 | elasticsearch_zone_awareness_enabled = coalesce(lookup(local.storage_config, "zone_awareness_enabled", false)) 25 | elasticsearch_availability_zone_count = coalesce(lookup(local.storage_config, "availability_zone_count",2)) 26 | elasticsearch_ebs_enabled = coalesce(lookup(local.storage_config, "ebs_enabled",false)) 27 | } 28 | 29 | data "aws_caller_identity" "current" {} 30 | 31 | resource "aws_elasticsearch_domain" "elasticsearch" { 32 | count = local.storage_name == "elasticsearch" ? 1 : 0 33 | 34 | domain_name = local.elasticsearch_domain_name 35 | elasticsearch_version = local.elasticsearch_version 36 | 37 | cluster_config { 38 | instance_type = local.elasticsearch_instance_type 39 | instance_count = local.elasticsearch_instance_count 40 | zone_awareness_enabled = local.elasticsearch_zone_awareness_enabled 41 | zone_awareness_config { 42 | availability_zone_count = local.elasticsearch_availability_zone_count 43 | } 44 | } 45 | 46 | vpc_options { 47 | subnet_ids = slice(module.vpc.private_subnets, 0, local.elasticsearch_zone_awareness_enabled ? 2 : 1) 48 | 49 | security_group_ids = [aws_security_group.elasticsearch.id] 50 | } 51 | 52 | ebs_options { 53 | ebs_enabled = local.elasticsearch_ebs_enabled 54 | } 55 | 56 | access_policies = < 2 | ## Requirements 3 | 4 | No requirements. 5 | 6 | ## Providers 7 | 8 | | Name | Version | 9 | |------|---------| 10 | | [aws](#provider\_aws) | n/a | 11 | | [local](#provider\_local) | n/a | 12 | | [tls](#provider\_tls) | n/a | 13 | 14 | ## Modules 15 | 16 | No modules. 17 | 18 | ## Resources 19 | 20 | | Name | Type | 21 | |------|------| 22 | | [aws_instance.bastion](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource | 23 | | [aws_instance.skywalking-oap](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource | 24 | | [aws_instance.skywalking-ui](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource | 25 | | [aws_key_pair.ssh-user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair) | resource | 26 | | [aws_security_group.bastion](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | 27 | | [aws_security_group.skywalking-oap](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | 28 | | [aws_security_group.skywalking-ui](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | 29 | | [local_file.ssh-user](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | 30 | | [tls_private_key.ssh-user](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource | 31 | | [aws_ami.amazon-linux](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source | 32 | 33 | ## Inputs 34 | 35 | | Name | Description | Type | Default | Required | 36 | |------|-------------|------|---------|:--------:| 37 | | [bastion\_enabled](#input\_bastion\_enabled) | Enable bastion host, if you want to access the instances via SSH, you must enable it. | `bool` | `true` | no | 38 | | [bastion\_instance\_type](#input\_bastion\_instance\_type) | CPU, memory, storage and networking capacity for bastion host | `string` | `"t2.micro"` | no | 39 | | [bastion\_ssh\_cidr\_blocks](#input\_bastion\_ssh\_cidr\_blocks) | CIDR blocks for SSH access to bastion host | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | 40 | | [cluster\_name](#input\_cluster\_name) | Name of the cluster | `string` | `"skywalking-cluster"` | no | 41 | | [create\_lb](#input\_create\_lb) | Create a load balancer for UI instances | `bool` | `true` | no | 42 | | [extra\_tags](#input\_extra\_tags) | Additional tags to be added to all resources | `map(string)` | `{}` | no | 43 | | [oap\_instance\_ami\_id](#input\_oap\_instance\_ami\_id) | AMI ID for OAP instances, if not set, a suitable AMI ID will be selected automatically. | `string` | `""` | no | 44 | | [oap\_instance\_count](#input\_oap\_instance\_count) | Number of OAP instances, if you want to use H2 storage, you must set it to 1. | `number` | `1` | no | 45 | | [oap\_instance\_security\_group\_ids](#input\_oap\_instance\_security\_group\_ids) | Additional security groups for OAP instances | `list(string)` | `[]` | no | 46 | | [oap\_instance\_subnet\_id](#input\_oap\_instance\_subnet\_id) | Subnet ID for OAP instances | `string` | n/a | yes | 47 | | [oap\_instance\_type](#input\_oap\_instance\_type) | CPU, memory, storage and networking capacity for OAP instances | `string` | `"c5.xlarge"` | no | 48 | | [public\_key\_path](#input\_public\_key\_path) | Path to store the key file for SSH access to the instances. | `string` | `"~/.ssh"` | no | 49 | | [storage](#input\_storage) | Storage type for SkyWalking OAP, can be `h2`, `elasticsearch` or `rds-postgresql` | `string` | `"rds-postgresql"` | no | 50 | | [ui\_instance\_ami\_id](#input\_ui\_instance\_ami\_id) | AMI ID for UI instances, if not set, a suitable AMI ID will be selected automatically. | `string` | `""` | no | 51 | | [ui\_instance\_count](#input\_ui\_instance\_count) | Number of UI instances | `number` | `1` | no | 52 | | [ui\_instance\_security\_group\_ids](#input\_ui\_instance\_security\_group\_ids) | Additional security groups for UI instances | `list(string)` | `[]` | no | 53 | | [ui\_instance\_subnet\_id](#input\_ui\_instance\_subnet\_id) | Subnet ID for UI instances | `string` | n/a | yes | 54 | | [ui\_instance\_type](#input\_ui\_instance\_type) | CPU, memory, storage and networking capacity for UI instances | `string` | `"t2.medium"` | no | 55 | | [vpc\_bastion\_subnet\_id](#input\_vpc\_bastion\_subnet\_id) | Subnet ID for bastion host | `string` | n/a | yes | 56 | | [vpc\_id](#input\_vpc\_id) | VPC ID | `string` | n/a | yes | 57 | 58 | ## Outputs 59 | 60 | | Name | Description | 61 | |------|-------------| 62 | | [bastion\_instances](#output\_bastion\_instances) | The bastion instances | 63 | | [bastion\_ips](#output\_bastion\_ips) | The public IP that can be used to SSH into the bastion host | 64 | | [oap\_instance\_ids](#output\_oap\_instance\_ids) | The IDs of the OAP instances | 65 | | [oap\_instances](#output\_oap\_instances) | The OAP instances | 66 | | [oap\_ips](#output\_oap\_ips) | The private IPs of the OAP instances | 67 | | [oap\_security\_groups](#output\_oap\_security\_groups) | The security groups of the OAP instances | 68 | | [ssh\_user\_key\_file](#output\_ssh\_user\_key\_file) | The SSH key file that can be used to connect to the bastion instance. | 69 | | [ui\_instance\_ids](#output\_ui\_instance\_ids) | The IDs of the SkyWalking UI instances | 70 | | [ui\_instances](#output\_ui\_instances) | The SkyWalking UI instances | 71 | | [ui\_ips](#output\_ui\_ips) | The IPs of the SkyWalking UI instances | 72 | | [ui\_security\_groups](#output\_ui\_security\_groups) | The security groups of the SkyWalking UI instances | 73 | -------------------------------------------------------------------------------- /aws/configurations.md: -------------------------------------------------------------------------------- 1 | 2 | ## Requirements 3 | 4 | No requirements. 5 | 6 | ## Providers 7 | 8 | | Name | Version | 9 | |------|---------| 10 | | [aws](#provider\_aws) | 5.39.1 | 11 | | [local](#provider\_local) | 2.4.1 | 12 | | [random](#provider\_random) | 3.6.0 | 13 | 14 | ## Modules 15 | 16 | | Name | Source | Version | 17 | |------|--------|---------| 18 | | [alb](#module\_alb) | terraform-aws-modules/alb/aws | ~> 8.0 | 19 | | [rds](#module\_rds) | terraform-aws-modules/rds/aws | ~> 5.0 | 20 | | [skywalking](#module\_skywalking) | ./modules/skywalking | n/a | 21 | | [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | 22 | 23 | ## Resources 24 | 25 | | Name | Type | 26 | |------|------| 27 | | [aws_elasticsearch_domain.elasticsearch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain) | resource | 28 | | [aws_security_group.alb-skywalking-ui](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | 29 | | [aws_security_group.allow_apps](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | 30 | | [aws_security_group.elasticsearch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | 31 | | [aws_security_group.public-egress-access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | 32 | | [local_file.elasticsearch_vars](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | 33 | | [local_file.h2_vars](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | 34 | | [local_file.inventories](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | 35 | | [local_file.rds_postgresql_vars](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | 36 | | [random_password.rds_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | 37 | | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | 38 | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | 39 | 40 | ## Inputs 41 | 42 | | Name | Description | Type | Default | Required | 43 | |------|-------------|------|---------|:--------:| 44 | | [access\_key](#input\_access\_key) | Access key of the AWS account, if you have configured AWS CLI, you can leave it empty. | `string` | `""` | no | 45 | | [bastion\_enabled](#input\_bastion\_enabled) | Enable bastion host, if you want to access the instances via SSH, you must enable it. | `bool` | `true` | no | 46 | | [bastion\_instance\_type](#input\_bastion\_instance\_type) | CPU, memory, storage and networking capacity for bastion host | `string` | `"t2.micro"` | no | 47 | | [bastion\_ssh\_cidr\_blocks](#input\_bastion\_ssh\_cidr\_blocks) | CIDR blocks for SSH access to bastion host | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | 48 | | [cidr](#input\_cidr) | CIDR for database tier | `string` | `"11.0.0.0/16"` | no | 49 | | [cluster\_name](#input\_cluster\_name) | Name of the cluster | `string` | `"skywalking-cluster"` | no | 50 | | [create\_lb](#input\_create\_lb) | Create load balancer for SkyWalking UI | `bool` | `true` | no | 51 | | [database\_subnets](#input\_database\_subnets) | CIDR used for database subnets | `set(string)` | 
[
  "11.0.104.0/24",
  "11.0.105.0/24",
  "11.0.106.0/24"
]
| no | 52 | | [extra\_tags](#input\_extra\_tags) | Additional tags to be added to all resources | `map(string)` | `{}` | no | 53 | | [oap\_instance\_count](#input\_oap\_instance\_count) | Number of OAP instances, if you want to use H2 storage, you must set it to 1. | `number` | `1` | no | 54 | | [oap\_instance\_type](#input\_oap\_instance\_type) | CPU, memory, storage and networking capacity for OAP instances | `string` | `"c5.xlarge"` | no | 55 | | [private\_subnets](#input\_private\_subnets) | CIDR used for private subnets | `set(string)` | 
[
  "11.0.1.0/24",
  "11.0.2.0/24",
  "11.0.3.0/24"
]
| no | 56 | | [public\_key\_path](#input\_public\_key\_path) | Path to store the key file for SSH access to the instances. | `string` | `"~/.ssh"` | no | 57 | | [public\_subnets](#input\_public\_subnets) | CIDR used for public subnets | `set(string)` | 
[
  "11.0.101.0/24",
  "11.0.102.0/24",
  "11.0.103.0/24"
]
| no | 58 | | [region](#input\_region) | Physical location for clustered data centers. | `string` | `"us-east-1"` | no | 59 | | [secret\_key](#input\_secret\_key) | Secret key of the AWS account, if you have configured AWS CLI, you can leave it empty. | `string` | `""` | no | 60 | | [storage](#input\_storage) | Storage configuration for SkyWalking OAP | 
object({
    h2 = optional(object({}))
    rds_postgresql = optional(object({
      db_storage_size_gb     = optional(number)
      db_max_storage_size_gb = optional(number)
      db_instance_class      = optional(string)
      db_name                = optional(string)
      db_username            = optional(string)
      db_password            = optional(string)
    }))
    elasticsearch = optional(object({
      domain_name                = optional(string)
      version                    = optional(string)
      instance_type              = optional(string)
      instance_count             = optional(number)
      additional_security_groups = optional(list(string))
      zone_awareness_enabled     = optional(bool)
      availability_zone_count    = optional(number)
      ebs_enabled                = optional(bool)
    }))
  })
| 
{
  "h2": {}
}
| no | 61 | | [ui\_instance\_count](#input\_ui\_instance\_count) | Number of UI instances | `number` | `1` | no | 62 | | [ui\_instance\_type](#input\_ui\_instance\_type) | CPU, memory, storage and networking capacity for UI instances | `string` | `"t2.medium"` | no | 63 | 64 | ## Outputs 65 | 66 | | Name | Description | 67 | |------|-------------| 68 | | [alb\_dns\_name](#output\_alb\_dns\_name) | The domain name of the ALB that can be used to access SkyWalking UI. | 69 | | [bastion\_ips](#output\_bastion\_ips) | The public IP that can be used to SSH into the bastion host | 70 | | [database\_address](#output\_database\_address) | The database address | 71 | | [database\_name](#output\_database\_name) | The database name | 72 | | [database\_password](#output\_database\_password) | The database password | 73 | | [database\_port](#output\_database\_port) | The database port | 74 | | [database\_username](#output\_database\_username) | The database username | 75 | | [elasticsearch\_endpoint](#output\_elasticsearch\_endpoint) | The elasticsearch endpoint | 76 | | [oap\_ips](#output\_oap\_ips) | The private IPs of the OAP instances | 77 | | [ssh\_user\_key\_file](#output\_ssh\_user\_key\_file) | The SSH private key file to use to connect to the bastion host | 78 | | [ui\_ips](#output\_ui\_ips) | The IPs of the SkyWalking UI instances | 79 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | ======================================================================= 204 | Apache SkyWalking Subcomponents: 205 | 206 | The Apache SkyWalking project contains subcomponents with separate copyright 207 | notices and license terms. Your use of the source code for the these 208 | subcomponents is subject to the terms and conditions of the following 209 | licenses. 210 | --------------------------------------------------------------------------------