Merge pull request #149 from mdr-engineering/feature/bp_MSOCI-1456_sensu_gc

Adds Sensu to GC & Removes old Sensu DNS

prod/aws-us-gov/mdr-prod-c2/095-instance-sensu/README.md

@@ -0,0 +1,21 @@
+# Sensu Setup Steps
+
+- Run terraform in 095-instance-sensu to spin up the server and other resources
+- Ensure the RPMs are located on the reposerver
+- Run prep Salt states
+    - `salt sensu*com state.sls os_modifications`
+    - `salt sensu*com state.highstate`
+- Run Salt state sensu_master to install sensu from reposerver
+    - `salt sensu*com state.sls sensu_master`
+- Run post-installation commands on Sensu server to setup the backend
+    - Get the password from Vault to input
+    - Init the backend `sensu-backend init --interactive`
+    - prep to login `vim sensu-password`
+    - Log in via sensuctl `sensuctl configure -n --username 'admin' --password $( cat sensu-password ) --namespace default --url 'https://127.0.0.1:8080' --insecure-skip-tls-verify`
+    - Setup OIDC auth ( no TF support for this call ) `sensuctl create -f /etc/sensu/conf.d/oidc-okta.yml`
+    - Opt-out of stats `sensuctl tessen opt-out --skip-confirm`
+    - Clean up password `echo "" > sensu-password`
+    - Log out of sensuctl `sensuctl logout`
+- Run Terraform in 096-sensu-configuration to configure the software
+    - On your laptop, put the sensu password in the SENSU_PASSWORD environment var 
+    - `export SENSU_PASSWORD=password`

prod/aws-us-gov/mdr-prod-c2/095-instance-sensu/terragrunt.hcl

@@ -0,0 +1,43 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/sensu?ref=v1.0.10"
+}
+
+dependency "vpc-system-services" {
+  config_path = "../010-vpc-system-services"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Sensu"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+    Schedule  = "none"
+  }
+  instance_name = "sensu"
+  instance_type = local.account_vars.locals.sensu_server_instance_type
+  vpc_id = dependency.vpc-system-services.outputs.vpc_id
+  azs = dependency.vpc-system-services.outputs.azs
+  subnets = dependency.vpc-system-services.outputs.private_subnets
+}

prod/aws-us-gov/mdr-prod-c2/096-sensu-configuration/terragrunt.hcl

@@ -0,0 +1,69 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/sensu-configuration?ref=v1.0.10"
+
+}
+
+dependency "vpc-system-services" {
+  config_path = "../010-vpc-system-services"
+}
+
+dependency "instance-sensu" {
+  config_path = "../095-instance-sensu"
+}
+
+#Sensu specific provider
+generate "sensu-provider" {
+  path      = "sensu-provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+terraform {
+  required_providers {
+    sensu = {
+      source = "jtopjian/sensu"
+      version = "0.10.5"
+    }
+  }
+}
+#Provider block for Sensu. 
+provider "sensu" {
+  api_url   = "https://${dependency.instance-sensu.outputs.internal_alb_address}:8080"
+  username  = "admin"
+  namespace = "default"
+  insecure_skip_tls_verify = "true"
+  #password is set with the SENSU_PASSWORD enviroment variable
+}
+EOF
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Sensu"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  vpc_id = dependency.vpc-system-services.outputs.vpc_id
+  azs = dependency.vpc-system-services.outputs.azs
+  subnets = dependency.vpc-system-services.outputs.private_subnets
+}

test/aws-us-gov/mdr-test-c2/095-instance-sensu/terragrunt.hcl

@@ -0,0 +1,43 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/sensu?ref=v1.0.10"
+}
+
+dependency "vpc-system-services" {
+  config_path = "../010-vpc-system-services"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Sensu"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+    Schedule  = "none"
+  }
+  instance_name = "sensu"
+  instance_type = local.account_vars.locals.sensu_server_instance_type
+  vpc_id = dependency.vpc-system-services.outputs.vpc_id
+  azs = dependency.vpc-system-services.outputs.azs
+  subnets = dependency.vpc-system-services.outputs.private_subnets
+}

test/aws-us-gov/mdr-test-c2/096-sensu-configuration/terragrunt.hcl

@@ -0,0 +1,69 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/sensu-configuration?ref=v1.0.10"
+
+}
+
+dependency "vpc-system-services" {
+  config_path = "../010-vpc-system-services"
+}
+
+dependency "instance-sensu" {
+  config_path = "../095-instance-sensu"
+}
+
+#Sensu specific provider
+generate "sensu-provider" {
+  path      = "sensu-provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+terraform {
+  required_providers {
+    sensu = {
+      source = "jtopjian/sensu"
+      version = "0.10.5"
+    }
+  }
+}
+#Provider block for Sensu. 
+provider "sensu" {
+  api_url   = "https://${dependency.instance-sensu.outputs.internal_alb_address}:8080"
+  username  = "admin"
+  namespace = "default"
+  insecure_skip_tls_verify = "true"
+  #password is set with the SENSU_PASSWORD enviroment variable
+}
+EOF
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Sensu"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  vpc_id = dependency.vpc-system-services.outputs.vpc_id
+  azs = dependency.vpc-system-services.outputs.azs
+  subnets = dependency.vpc-system-services.outputs.private_subnets
+}

test/aws-us-gov/mdr-test-c2/account.hcl

@@ -157,6 +157,9 @@ locals {
   # Vault Server
   vault_server_instance_type = "t3a.micro"
 
+  # Sensu Server
+  sensu_server_instance_type = "t3a.medium"
+
   # For testing:
   # Note: instead of changing this here, you can pass parameters to terragrunt on the CLI, such as:
   #   TFVAR_create_test_instance=true TFVAR_test_instance_ami=base terragrunt apply

test/env.hcl

@@ -119,7 +119,7 @@ locals {
     #"phantom" = "10.96.101.186",
     #"proxy" = "10.96.101.188",
     #"reposerver" = "10.96.101.160",
-    "sensu" = "10.96.101.43",
+    #"sensu" = "10.96.101.43",
     #"splunk-mc" = "10.96.1.133",
     #"vault-1" = "10.96.1.38",
     #"vault-2" = "10.96.2.63",
@@ -134,7 +134,7 @@ locals {
     #"proxy" = "18.214.39.158",
     #"reposerver" = "34.202.16.40",
     "salt-master-legacy" = "18.233.43.236",
-    "sensu" = "34.235.81.176"
+    #"sensu" = "34.235.81.176"
   }
   # cnames only
   legacy_public_cname_dns = {