diff --git a/modules/runtime_container_engine_config/main.tf b/modules/runtime_container_engine_config/main.tf index 145909e..8044296 100644 --- a/modules/runtime_container_engine_config/main.tf +++ b/modules/runtime_container_engine_config/main.tf @@ -11,33 +11,35 @@ locals { local.storage_configuration, local.vault_configuration, { - http_proxy = var.http_proxy != null ? "http://${var.http_proxy}" : null - HTTP_PROXY = var.http_proxy != null ? "http://${var.http_proxy}" : null - https_proxy = var.https_proxy != null ? "http://${var.https_proxy}" : null - HTTPS_PROXY = var.https_proxy != null ? "http://${var.https_proxy}" : null - no_proxy = var.no_proxy != null ? join(",", var.no_proxy) : null - NO_PROXY = var.no_proxy != null ? join(",", var.no_proxy) : null - TFE_HOSTNAME = var.hostname - TFE_HTTP_PORT = var.http_port - TFE_HTTPS_PORT = var.https_port - TFE_OPERATIONAL_MODE = var.operational_mode - TFE_ENCRYPTION_PASSWORD = random_password.enc_password.result - TFE_DISK_CACHE_VOLUME_NAME = "terraform-enterprise_terraform-enterprise-cache" - TFE_LICENSE_REPORTING_OPT_OUT = var.license_reporting_opt_out - TFE_USAGE_REPORTING_OPT_OUT = var.usage_reporting_opt_out - TFE_LICENSE = var.tfe_license - TFE_TLS_CA_BUNDLE_FILE = var.tls_ca_bundle_file != null ? var.tls_ca_bundle_file : null - TFE_TLS_CERT_FILE = var.cert_file - TFE_TLS_CIPHERS = var.tls_ciphers - TFE_TLS_KEY_FILE = var.key_file - TFE_TLS_VERSION = var.tls_version != null ? var.tls_version : "" - TFE_RUN_PIPELINE_IMAGE = var.run_pipeline_image - TFE_CAPACITY_CONCURRENCY = var.capacity_concurrency - TFE_CAPACITY_CPU = var.capacity_cpu - TFE_CAPACITY_MEMORY = var.capacity_memory - TFE_IACT_SUBNETS = var.iact_subnets - TFE_IACT_TIME_LIMIT = var.iact_time_limit - TFE_IACT_TRUSTED_PROXIES = join(",", var.trusted_proxies) + http_proxy = var.http_proxy != null ? "http://${var.http_proxy}" : null + HTTP_PROXY = var.http_proxy != null ? "http://${var.http_proxy}" : null + https_proxy = var.https_proxy != null ? "http://${var.https_proxy}" : null + HTTPS_PROXY = var.https_proxy != null ? "http://${var.https_proxy}" : null + no_proxy = var.no_proxy != null ? join(",", var.no_proxy) : null + NO_PROXY = var.no_proxy != null ? join(",", var.no_proxy) : null + TFE_HOSTNAME = var.hostname + TFE_HTTP_PORT = var.http_port + TFE_HTTPS_PORT = var.https_port + TFE_OPERATIONAL_MODE = var.operational_mode + TFE_ENCRYPTION_PASSWORD = random_password.enc_password.result + TFE_DISK_CACHE_VOLUME_NAME = "terraform-enterprise_terraform-enterprise-cache" + TFE_LICENSE_REPORTING_OPT_OUT = var.license_reporting_opt_out + TFE_USAGE_REPORTING_OPT_OUT = var.usage_reporting_opt_out + TFE_LICENSE = var.tfe_license + TFE_TLS_CA_BUNDLE_FILE = var.tls_ca_bundle_file != null ? var.tls_ca_bundle_file : null + TFE_TLS_CERT_FILE = var.cert_file + TFE_TLS_CIPHERS = var.tls_ciphers + TFE_TLS_KEY_FILE = var.key_file + TFE_TLS_VERSION = var.tls_version != null ? var.tls_version : "" + TFE_RUN_PIPELINE_IMAGE = var.run_pipeline_image + TFE_CAPACITY_CONCURRENCY = var.capacity_concurrency + TFE_CAPACITY_CPU = var.capacity_cpu + TFE_CAPACITY_MEMORY = var.capacity_memory + TFE_IACT_SUBNETS = var.iact_subnets + TFE_IACT_TIME_LIMIT = var.iact_time_limit + TFE_IACT_TRUSTED_PROXIES = join(",", var.trusted_proxies) + TFE_LOG_FORWARDING_CONFIG_PATH = var.tfe_log_forwarding_config_path + TFE_LOG_FORWARDING_ENABLED = var.tfe_log_forwarding_enabled } ) # compose files allow for $ deliminated variable injection. $$ is the appropriate escape. @@ -78,6 +80,16 @@ locals { source = "/var/run/docker.sock" target = "/run/docker.sock" }, + { + type = "bind" + source = "/var/run/docker.sock" + target = "/run/docker.sock" + }, + { + type = "bind" + source = "/etc/fluent-bit/fluent-bit.conf" + target = "/etc/fluent-bit.conf" + }, { type = "bind" source = "/etc/tfe/ssl" diff --git a/modules/runtime_container_engine_config/variables.tf b/modules/runtime_container_engine_config/variables.tf index 37f04d6..8087b9d 100644 --- a/modules/runtime_container_engine_config/variables.tf +++ b/modules/runtime_container_engine_config/variables.tf @@ -287,6 +287,21 @@ variable "tfe_license" { description = "The HashiCorp license. Defaults to \"\" if no value is given. Required when TFE_LICENSE_PATH is unset." } +# ------------------------------------------------------ +# Log Forwarding and Metrics +# ------------------------------------------------------ +variable "tfe_log_forwarding_enabled" { + default = false + type = bool + description = "(Optional) Whether or not to enable log forwarding for Terraform Enterprise. Defaults to false." +} + +variable "tfe_log_forwarding_config_path" { + default = null + type = string + description = "The path to a file containing valid Fluent Bit [OUTPUT] configuration" +} + variable "tls_ca_bundle_file" { default = null type = string diff --git a/modules/tfe_init/templates/aws.ubuntu.docker.tfe.sh.tpl b/modules/tfe_init/templates/aws.ubuntu.docker.tfe.sh.tpl index 2c3f6e2..1b4e26c 100644 --- a/modules/tfe_init/templates/aws.ubuntu.docker.tfe.sh.tpl +++ b/modules/tfe_init/templates/aws.ubuntu.docker.tfe.sh.tpl @@ -32,6 +32,22 @@ https_proxy="${proxy_ip}:${proxy_port}" no_proxy="${no_proxy}" EOF +mkdir -p /etc/fluent-bit +/bin/cat < /etc/fluent-bit/fluent-bit.conf +[OUTPUT] + Name datadog + Match * + Host http-intake.logs.datadoghq.com + TLS On + compress gzip + apikey 1234 + dd_service terraform-enterprise + dd_source docker + dd_tags environment:development,owner:scale-perf-team +EOF + +chmod 644 /etc/fluent-bit/fluent-bit.conf + /bin/cat </etc/apt/apt.conf Acquire::http::Proxy "http://${proxy_ip}:${proxy_port}"; Acquire::https::Proxy "http://${proxy_ip}:${proxy_port}";