From 5f305032890395e79f74d67b0615326afb8a6425 Mon Sep 17 00:00:00 2001
From: Jose Luis Lucas <joseluis.lucas.simarro@bbva.com>
Date: Tue, 5 Feb 2019 12:10:19 +0100
Subject: [PATCH] Add Grafana in Prometheus VM.

Add prometheus security group.
---
 .gitignore                             |  3 +-
 deploy/aws/main.tf                     |  4 +--
 deploy/aws/modules/prometheus/build.sh |  6 ++--
 deploy/aws/modules/prometheus/main.tf  | 13 +++++++++
 deploy/aws/network.tf                  | 38 ++++++++++++++++++++++++++
 5 files changed, 57 insertions(+), 7 deletions(-)

diff --git a/.gitignore b/.gitignore
index 5cc016a36..80e910d5b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,7 +4,7 @@
 *.dll
 *.so
 *.dylib
-qed
+./qed
 
 # Autogenerated code 
 tests/plot.hmtl
@@ -40,6 +40,5 @@ coverage.txt
 config.yml
 deploy/aws/config_files/*
 !deploy/aws/config_files/README.md
-!deploy/aws/modules/qed
 deploy/aws/modules/inmemory_storage/data
 deploy/aws/modules/prometheus/data
diff --git a/deploy/aws/main.tf b/deploy/aws/main.tf
index 61a2750ee..d9ca6eb2a 100644
--- a/deploy/aws/main.tf
+++ b/deploy/aws/main.tf
@@ -41,7 +41,7 @@ module "leader" {
   api_key: "terraform_qed"
   path: "/var/tmp/qed/"
   server:
-    node_id: "leader"
+    node_id: "qed0"
     addr:
       http: ":8800"
       mgmt: ":8700"
@@ -215,7 +215,7 @@ module "prometheus" {
 
   instance_type = "t3.medium"
   volume_size = "20"
-  vpc_security_group_ids = "${module.security_group.this_security_group_id}"
+  vpc_security_group_ids = "${module.prometheus_security_group.this_security_group_id}"
   subnet_id = "${element(data.aws_subnet_ids.all.ids, 0)}"
   key_name = "${aws_key_pair.qed.key_name}"
 
diff --git a/deploy/aws/modules/prometheus/build.sh b/deploy/aws/modules/prometheus/build.sh
index d96a7e518..84af4e85d 100644
--- a/deploy/aws/modules/prometheus/build.sh
+++ b/deploy/aws/modules/prometheus/build.sh
@@ -11,19 +11,19 @@ function _readlink() { (
 pub=$(_readlink ./data)
 tdir=$(mktemp -d /tmp/prometheus.XXX)
 
-app_path=${pub}/prometheus
+prometheus_path=${pub}/prometheus
 
 mkdir -p ${pub}
 
 (
 cd ${tdir}
 
-if [ ! -f ${app_path} ]; then (
+if [ ! -f ${prometheus_path} ]; then (
     version=2.7.0
     folder=prometheus-${version}.linux-amd64
     link=https://github.com/prometheus/prometheus/releases/download/v${version}/${folder}.tar.gz
     wget -qO- ${link} | tar xvz -C ./
-    cp ${folder}/prometheus ${app_path}
+    cp ${folder}/prometheus ${prometheus_path}
 ) fi
 
 )
diff --git a/deploy/aws/modules/prometheus/main.tf b/deploy/aws/modules/prometheus/main.tf
index b009c36a0..3c13f96b3 100644
--- a/deploy/aws/modules/prometheus/main.tf
+++ b/deploy/aws/modules/prometheus/main.tf
@@ -12,6 +12,13 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 
+resource "null_resource" "prebuild" {
+  provisioner "local-exec" {
+    command = "bash build.sh"
+    working_dir = "${path.module}"
+  }
+}
+
 data "aws_ami" "amazon_linux" {
   most_recent = true
 
@@ -67,6 +74,9 @@ resource "aws_instance" "prometheus" {
   user_data = <<-DATA
   #!/bin/bash
 
+  yum install https://dl.grafana.com/oss/release/grafana-5.4.2-1.x86_64.rpm
+  service grafana-server start
+
   while [ ! -f ${var.path}/prometheus ]; do
     sleep 1 # INFO: wait until binary exists
   done
@@ -74,5 +84,8 @@ resource "aws_instance" "prometheus" {
 
   chmod +x ${var.path}/prometheus
   ${var.path}/prometheus --config-file=${var.path}/prometheus.yml
+
+
+  
   DATA
 }
diff --git a/deploy/aws/network.tf b/deploy/aws/network.tf
index 0b3b857e8..49baf44d9 100644
--- a/deploy/aws/network.tf
+++ b/deploy/aws/network.tf
@@ -80,3 +80,41 @@ module "security_group" {
   number_of_computed_ingress_with_source_security_group_id = 1
 
 }
+
+module "prometheus_security_group" {
+  source = "terraform-aws-modules/security-group/aws"
+  version = "2.11.0"
+
+  name        = "prometheus"
+  description = "Security group for Prometheus/Grafana usage"
+  vpc_id      = "${data.aws_vpc.default.id}"
+
+  egress_rules        = ["all-all"]
+
+  ingress_cidr_blocks = ["${chomp(data.http.ip.body)}/32"]
+  ingress_rules       = ["all-icmp", "ssh-tcp" ]
+  ingress_with_cidr_blocks = [
+    {
+      from_port       = 9090
+      to_port         = 9090
+      protocol        = "tcp"
+      cidr_blocks     = "${chomp(data.http.ip.body)}/32"
+    },
+    {
+      from_port       = 3000
+      to_port         = 3000
+      protocol        = "tcp"
+      cidr_blocks     = "${chomp(data.http.ip.body)}/32"
+    },
+  ]
+  computed_ingress_with_source_security_group_id = [
+    {
+      from_port       = 0
+      to_port         = 65535
+      protocol        = "tcp"
+      source_security_group_id  = "${module.security_group.this_security_group_id}"
+    }
+  ]
+  number_of_computed_ingress_with_source_security_group_id = 1
+
+}
\ No newline at end of file