From ce3d75bb9abd4466f877017c5ca0e7ac81107099 Mon Sep 17 00:00:00 2001 From: geigerj0 <112163019+geigerj0@users.noreply.github.com> Date: Wed, 5 Jun 2024 09:10:28 +0200 Subject: [PATCH] merge configure-log-cache-and-forward-metrics-via-mtls.yml into app-autoscaler.yml manifest also: remove ops file that sets nozzle shard id --- ci/autoscaler/pipeline.yml | 3 - ci/autoscaler/scripts/deploy-autoscaler.sh | 1 - ...nt-name-to-loggregator-nozzle-shard-id.yml | 5 - ...log-cache-and-forward-metrics-via-mtls.yml | 110 ------------------ templates/app-autoscaler.yml | 85 ++++++++++---- 5 files changed, 62 insertions(+), 142 deletions(-) delete mode 100644 operations/append-deployment-name-to-loggregator-nozzle-shard-id.yml delete mode 100644 operations/configure-log-cache-and-forward-metrics-via-mtls.yml diff --git a/ci/autoscaler/pipeline.yml b/ci/autoscaler/pipeline.yml index ac7f18da2a..74030b2428 100644 --- a/ci/autoscaler/pipeline.yml +++ b/ci/autoscaler/pipeline.yml @@ -9,7 +9,6 @@ anchors: operations/loggregator-certs-from-cf.yml operations/add-extra-plan.yml operations/set-release-version.yml - operations/configure-log-cache-and-forward-metrics-via-mtls.yml operations/enable-metricsforwarder-via-metron-agent.yml operations/remove-metricsserver.yml operations/remove-metricsgateway.yml @@ -24,7 +23,6 @@ anchors: operations/loggregator-certs-from-cf.yml operations/add-extra-plan.yml operations/set-release-version.yml - operations/configure-log-cache-and-forward-metrics-via-mtls.yml operations/enable-metricsforwarder-via-syslog-agent.yml operations/remove-metricsserver.yml operations/remove-metricsgateway.yml @@ -37,7 +35,6 @@ anchors: operations/add-postgres-variables.yml operations/enable-nats-tls.yml operations/loggregator-certs-from-cf.yml - operations/append-deployment-name-to-loggregator-nozzle-shard-id.yml operations/postgres-persistent-disk.yml operations/add-extra-plan.yml operations/set-release-version.yml diff --git a/ci/autoscaler/scripts/deploy-autoscaler.sh b/ci/autoscaler/scripts/deploy-autoscaler.sh index d8e0351339..01c8baf83c 100755 --- a/ci/autoscaler/scripts/deploy-autoscaler.sh +++ b/ci/autoscaler/scripts/deploy-autoscaler.sh @@ -16,7 +16,6 @@ ops_files=${OPS_FILES:-"${autoscaler_dir}/operations/add-releases.yml\ ${autoscaler_dir}/operations/loggregator-certs-from-cf.yml\ ${autoscaler_dir}/operations/add-extra-plan.yml\ ${autoscaler_dir}/operations/set-release-version.yml\ - ${autoscaler_dir}/operations/configure-log-cache-and-forward-metrics-via-mtls.yml\ ${autoscaler_dir}/operations/remove-metricsserver.yml\ ${autoscaler_dir}/operations/remove-metricsgateway.yml\ ${autoscaler_dir}/operations/enable-log-cache-via-uaa.yml\ diff --git a/operations/append-deployment-name-to-loggregator-nozzle-shard-id.yml b/operations/append-deployment-name-to-loggregator-nozzle-shard-id.yml deleted file mode 100644 index 067bfbc5ab..0000000000 --- a/operations/append-deployment-name-to-loggregator-nozzle-shard-id.yml +++ /dev/null @@ -1,5 +0,0 @@ -# This can be used to make the Loggregator nozzle of the autoscaler unique and is primarily used in our CI where multiple deployments run at the same time in the same CF foundation. ---- -- type: replace - path: /instance_groups/name=metricsgateway/jobs/name=metricsgateway/properties/autoscaler/metricsgateway/nozzle/shard_id? - value: CF_AUTOSCALER_((deployment_name)) diff --git a/operations/configure-log-cache-and-forward-metrics-via-mtls.yml b/operations/configure-log-cache-and-forward-metrics-via-mtls.yml deleted file mode 100644 index 3316b0a527..0000000000 --- a/operations/configure-log-cache-and-forward-metrics-via-mtls.yml +++ /dev/null @@ -1,110 +0,0 @@ -# safeguard: make sure there is no loggregator agent configured -- type: remove - path: /instance_groups/name=metricsforwarder/jobs/name=loggregator_agent? - - -# configure metricscollector -- type: replace - path: /instance_groups/name=eventgenerator/jobs/name=eventgenerator/properties/autoscaler/eventgenerator/metricscollector/use_log_cache? - value: true -- type: replace - path: /instance_groups/name=eventgenerator/jobs/name=eventgenerator/properties/autoscaler/eventgenerator/metricscollector/host - value: logcache -- type: replace - path: /instance_groups/name=eventgenerator/jobs/name=eventgenerator/properties/autoscaler/eventgenerator/metricscollector/port - value: 8080 -- type: replace - path: /instance_groups/name=eventgenerator/jobs/name=eventgenerator/properties/autoscaler/eventgenerator/metricscollector/ca_cert - value: ((/bosh-autoscaler/cf/log_cache.ca)) -- type: replace - path: /instance_groups/name=eventgenerator/jobs/name=eventgenerator/properties/autoscaler/eventgenerator/metricscollector/client_cert - value: ((/bosh-autoscaler/cf/log_cache.certificate)) -- type: replace - path: /instance_groups/name=eventgenerator/jobs/name=eventgenerator/properties/autoscaler/eventgenerator/metricscollector/client_key - value: ((/bosh-autoscaler/cf/log_cache.private_key)) - - -# configure metricsforwarder -- type: replace - path: /instance_groups/name=metricsforwarder/jobs/name=metricsforwarder/properties/autoscaler/metricsforwarder/loggregator - value: - tls: # connection to syslog-agent - ca_cert: ((!metricsforwarder_autoscaler_metricsforwarder_loggregator_tls.ca)) - cert: ((!metricsforwarder_autoscaler_metricsforwarder_loggregator_tls.certificate)) - key: ((!metricsforwarder_autoscaler_metricsforwarder_loggregator_tls.private_key)) - - -# configure syslog-agent - -# safeguard: make sure there is no syslog-agent configured -- type: remove - path: /instance_groups/name=metricsforwarder/jobs/name=loggr-syslog-agent? - -# add configuration -- type: replace - path: /instance_groups/name=metricsforwarder/jobs/- - value: - name: loggr-syslog-agent - release: loggregator-agent - properties: - tls: # connection to syslog-agent - ca_cert: ((!loggr_syslog_agent_tls.ca)) - cert: ((!loggr_syslog_agent_tls.certificate)) - key: ((!loggr_syslog_agent_tls.private_key)) - cache: # connection to syslog-binding-cache - tls: - ca_cert: ((!loggr_syslog_agent_cache_tls.ca)) - cert: ((!loggr_syslog_agent_cache_tls.certificate)) - key: ((!loggr_syslog_agent_cache_tls.private_key)) - cn: loggr_syslog_binding_cache - # url: the value is automatically being generated if syslog-binding-cache is deployed https://github.com/cloudfoundry/loggregator-agent-release/blob/a5366d6d7c490417d12f990c1af0437a1feb067f/jobs/loggr-syslog-agent/templates/bpm.yml.erb#L60 - metrics: # connection for metric scrapers, here are dummy values configured since the /metrics endpoint can't be disabled via configuration - ca_cert: ((!loggr_syslog_agent_metrics.ca)) - cert: ((!loggr_syslog_agent_metrics.certificate)) - key: ((!loggr_syslog_agent_metrics.private_key)) - server_name: metrics.config.is.required.by.job.specification.but.not.needed.in.our.case - - -# configure syslog-binding-cache - -# safeguard: make sure there is no syslog-binding-cache configured -- type: remove - path: /instance_groups/name=metricsforwarder/jobs/name=loggr-syslog-binding-cache? - -# add configuration -- type: replace - path: /instance_groups/name=metricsforwarder/jobs/- - value: - name: loggr-syslog-binding-cache - release: loggregator-agent - consumes: - cloud_controller: { from: cloud_controller, deployment: cf } # required by job to resolve API URL https://github.com/cloudfoundry/loggregator-agent-release/blob/0e3340f17f94d06cb3d4c11d1553a9a2a5bfb891/jobs/loggr-syslog-binding-cache/templates/bpm.yml.erb#L4 - properties: - tls: # connection to syslog-binding-cache api, e.g. /v2/aggregate & /v2/bindings - ca_cert: ((!loggr_syslog_binding_cache_tls.ca)) - cert: ((!loggr_syslog_binding_cache_tls.certificate)) - key: ((!loggr_syslog_binding_cache_tls.private_key)) - cn: loggr_syslog_agent_tls - external_port: 9000 - aggregate_drains: # connection to log-cache - - url: "syslog-tls://log-cache.service.cf.internal:6067?include-metrics-deprecated=true&ssl-strict-internal=true" - # reusing these certificates here is a workaround so that we don't need to generate own ones. - # the problem is that when we generate own certificates (see variables section of app-autoscaler.yml), - # we have no possibility to reuse the CA from CF to issue new certificates. - ca: ((/bosh-autoscaler/cf/log_cache_syslog_tls.ca)) - cert: ((/bosh-autoscaler/cf/syslog_agent_log_cache_tls.certificate)) - key: ((/bosh-autoscaler/cf/syslog_agent_log_cache_tls.private_key)) - metrics: # connection for metric scrapers, here are dummy values configured since the /metrics endpoint can't be disabled via configuration - ca_cert: ((!loggr_syslog_binding_cache_metrics.ca)) - cert: ((!loggr_syslog_binding_cache_metrics.certificate)) - key: ((!loggr_syslog_binding_cache_metrics.private_key)) - server_name: metrics.config.is.required.by.job.specification.but.not.needed.in.our.case - api: # connection to CF cloud controller - # here are dummy values configured since there is no need to query the CC API for all bindings. - # if a customer wants to ever receive their own custom metrics in their own syslog-drain, we would need to configure this properly. - tls: - cn: api.tls.config.is.required.by.job.specification.but.not.needed.in.our.case - ca_cert: ((!loggr_syslog_binding_cache_api_tls.ca)) - cert: ((!loggr_syslog_binding_cache_api_tls.certificate)) - key: ((!loggr_syslog_binding_cache_api_tls.private_key)) - polling_interval: 876000h # 100 years, workaround to basically never poll the cloud controller API diff --git a/templates/app-autoscaler.yml b/templates/app-autoscaler.yml index 5efa2bb159..664ffc0250 100644 --- a/templates/app-autoscaler.yml +++ b/templates/app-autoscaler.yml @@ -82,20 +82,6 @@ addons: deployment: ((deployment_name)) network: default domain: bosh - - domain: *metricsgateway_domain - targets: - - query: '*' - instance_group: metricsgateway - deployment: ((deployment_name)) - network: default - domain: bosh - - domain: *metricsserver_domain - targets: - - query: '*' - instance_group: metricsserver - deployment: ((deployment_name)) - network: default - domain: bosh # Cf internal names - domain: nats.service.cf.internal targets: @@ -264,7 +250,7 @@ instance_groups: ca_cert: ((!metricsserver_client_cert.ca)) client_cert: ((!metricsserver_client_cert.certificate)) client_key: ((!metricsserver_client_cert.private_key)) - host: *metricsserver_domain + host: logcache event_generator: ca_cert: ((!eventgenerator_client_cert.ca)) client_cert: ((!eventgenerator_client_cert.certificate)) @@ -583,11 +569,12 @@ instance_groups: client_key: ((!scalingengine_client_cert.private_key)) host: *scalingengine_domain metricscollector: - ca_cert: ((!metricsserver_client_cert.ca)) - client_cert: ((!metricsserver_client_cert.certificate)) - client_key: ((!metricsserver_client_cert.private_key)) - port: *metricsserverPort - host: *metricsserver_domain + use_log_cache: true + ca_cert: ((/bosh-autoscaler/cf/log_cache.ca)) + client_cert: ((/bosh-autoscaler/cf/log_cache.certificate)) + client_key: ((/bosh-autoscaler/cf/log_cache.private_key)) + port: 8080 + host: logcache - name: route_registrar release: routing consumes: @@ -630,10 +617,62 @@ instance_groups: port: &metricsforwarderServerPort 6201 loggregator: tls: - ca_cert: ((loggregator_tls_agent.ca)) - cert: ((loggregator_tls_agent.certificate)) - key: ((loggregator_tls_agent.private_key)) + ca_cert: ((!metricsforwarder_autoscaler_metricsforwarder_loggregator_tls.ca)) + cert: ((!metricsforwarder_autoscaler_metricsforwarder_loggregator_tls.certificate)) + key: ((!metricsforwarder_autoscaler_metricsforwarder_loggregator_tls.private_key)) storedprocedure_db: *database + - name: loggr-syslog-agent + release: loggregator-agent + properties: + tls: # connection to syslog-agent + ca_cert: ((!loggr_syslog_agent_tls.ca)) + cert: ((!loggr_syslog_agent_tls.certificate)) + key: ((!loggr_syslog_agent_tls.private_key)) + cache: # connection to syslog-binding-cache + tls: + ca_cert: ((!loggr_syslog_agent_cache_tls.ca)) + cert: ((!loggr_syslog_agent_cache_tls.certificate)) + key: ((!loggr_syslog_agent_cache_tls.private_key)) + cn: loggr_syslog_binding_cache + # url: the value is automatically being generated if syslog-binding-cache is deployed https://github.com/cloudfoundry/loggregator-agent-release/blob/a5366d6d7c490417d12f990c1af0437a1feb067f/jobs/loggr-syslog-agent/templates/bpm.yml.erb#L60 + metrics: # connection for metric scrapers, here are dummy values configured since the /metrics endpoint can't be disabled via configuration + ca_cert: ((!loggr_syslog_agent_metrics.ca)) + cert: ((!loggr_syslog_agent_metrics.certificate)) + key: ((!loggr_syslog_agent_metrics.private_key)) + server_name: metrics.config.is.required.by.job.specification.but.not.needed.in.our.case + - name: loggr-syslog-binding-cache + release: loggregator-agent + consumes: + cloud_controller: { from: cloud_controller, deployment: cf } # required by job to resolve API URL https://github.com/cloudfoundry/loggregator-agent-release/blob/0e3340f17f94d06cb3d4c11d1553a9a2a5bfb891/jobs/loggr-syslog-binding-cache/templates/bpm.yml.erb#L4 + properties: + tls: # connection to syslog-binding-cache api, e.g. /v2/aggregate & /v2/bindings + ca_cert: ((!loggr_syslog_binding_cache_tls.ca)) + cert: ((!loggr_syslog_binding_cache_tls.certificate)) + key: ((!loggr_syslog_binding_cache_tls.private_key)) + cn: loggr_syslog_agent_tls + external_port: 9000 + aggregate_drains: # connection to log-cache + - url: "syslog-tls://log-cache.service.cf.internal:6067?include-metrics-deprecated=true&ssl-strict-internal=true" + # reusing these certificates here is a workaround so that we don't need to generate own ones. + # the problem is that when we generate own certificates (see variables section of app-autoscaler.yml), + # we have no possibility to reuse the CA from CF to issue new certificates. + ca: ((/bosh-autoscaler/cf/log_cache_syslog_tls.ca)) + cert: ((/bosh-autoscaler/cf/syslog_agent_log_cache_tls.certificate)) + key: ((/bosh-autoscaler/cf/syslog_agent_log_cache_tls.private_key)) + metrics: # connection for metric scrapers, here are dummy values configured since the /metrics endpoint can't be disabled via configuration + ca_cert: ((!loggr_syslog_binding_cache_metrics.ca)) + cert: ((!loggr_syslog_binding_cache_metrics.certificate)) + key: ((!loggr_syslog_binding_cache_metrics.private_key)) + server_name: metrics.config.is.required.by.job.specification.but.not.needed.in.our.case + api: # connection to CF cloud controller + # here are dummy values configured since there is no need to query the CC API for all bindings. + # if a customer wants to ever receive their own custom metrics in their own syslog-drain, we would need to configure this properly. + tls: + cn: api.tls.config.is.required.by.job.specification.but.not.needed.in.our.case + ca_cert: ((!loggr_syslog_binding_cache_api_tls.ca)) + cert: ((!loggr_syslog_binding_cache_api_tls.certificate)) + key: ((!loggr_syslog_binding_cache_api_tls.private_key)) + polling_interval: 876000h # 100 years, workaround to basically never poll the cloud controller API - name: loggregator_agent release: loggregator-agent consumes: