Context
role::github_runner currently does not include profile::cloudwatch_agent.
Verified the include chain:
modules/role/manifests/github_runner.pp — includes profile::base and
profile::github_runner.modules/profile/manifests/base.pp — includes ntp, repos, packages,
infrahouse_toolkit, puppet_apply, swap, accounts, sudo. Not cloudwatch_agent.modules/profile/manifests/github_runner.pp — includes docker, user,
package, register, service. Not cloudwatch_agent.
The profile::cloudwatch_agent manifest already exists in this repo and is
applied to terraformer, openvpn_server, and jumphost roles.
Why
terraform-aws-actions-runner is adding host-level alarms (disk / memory)
as part of the alarms-and-dashboard work
(infrahouse/terraform-aws-actions-runner#93). Without the CloudWatch agent
on runners, those alarms would sit in "insufficient data" forever, so the
module is shipping them opt-in (enable_disk_alarm, enable_memory_alarm
default false).
Once this issue lands, we can flip those defaults to true in a subsequent
major release of the runner module and get monitored-by-default behavior.
Proposed change
Add include 'profile::cloudwatch_agent' to role::github_runner (and/or
wire it into profile::github_runner). Ensure the metric collection config
includes disk (path=/) and mem plugins so alarms have data.
Out of scope
- Flipping the alarm defaults in
terraform-aws-actions-runner — that's a
follow-up in that repo, gated on this landing.
Context
role::github_runnercurrently does not includeprofile::cloudwatch_agent.Verified the include chain:
modules/role/manifests/github_runner.pp— includesprofile::baseandprofile::github_runner.modules/profile/manifests/base.pp— includes ntp, repos, packages,infrahouse_toolkit, puppet_apply, swap, accounts, sudo. Not cloudwatch_agent.
modules/profile/manifests/github_runner.pp— includes docker, user,package, register, service. Not cloudwatch_agent.
The
profile::cloudwatch_agentmanifest already exists in this repo and isapplied to
terraformer,openvpn_server, andjumphostroles.Why
terraform-aws-actions-runneris adding host-level alarms (disk / memory)as part of the alarms-and-dashboard work
(infrahouse/terraform-aws-actions-runner#93). Without the CloudWatch agent
on runners, those alarms would sit in "insufficient data" forever, so the
module is shipping them opt-in (
enable_disk_alarm,enable_memory_alarmdefault
false).Once this issue lands, we can flip those defaults to
truein a subsequentmajor release of the runner module and get monitored-by-default behavior.
Proposed change
Add
include 'profile::cloudwatch_agent'torole::github_runner(and/orwire it into
profile::github_runner). Ensure the metric collection configincludes
disk(path=/) andmemplugins so alarms have data.Out of scope
terraform-aws-actions-runner— that's afollow-up in that repo, gated on this landing.