-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TECH-3227: Modernizing cloud-init.yml #22
TECH-3227: Modernizing cloud-init.yml #22
Conversation
cloud-init.yaml
Outdated
- path: /root/conf/advanced.config | ||
content: | | ||
[ | ||
{rabbit, [ | ||
{forced_feature_flags_on_init, [ | ||
drop_unroutable_metric, empty_basic_get_metric, implicit_default_bindings, quorum_queue, virtual_host_metadata | ||
]} | ||
]} | ||
]. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because newer versions of RabbitMQ have feature flags that are automatically enabled and not backwards compatible nor can you disable them once they are on. We need to disable them on boot and then enable them once the cluster is upgraded to the new version.
NOTE: Unfortunately this can only be done using the old config file format.
AND: Yes is auto loaded and yes its advanced.config
not *.conf
like the new format ><
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might be nice to have this be a var but I haven't gotten there yet.
- path: /root/conf/rabbitmq.conf | ||
content: | | ||
[ { rabbit, [ | ||
{ loopback_users, [ ] } ] } | ||
]. | ||
loopback_users = none |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The new config format is much simpler, easier for humans to read and machines to generate. It is also relatively limited compared to the classic config format used prior to RabbitMQ 3.7.0.
NOTE: file name did change from rabbitmq.config
-> rabbitmq.conf
REF: https://www.rabbitmq.com/configure.html#config-file-formats
cloud-init.yaml
Outdated
- yum update -y | ||
- yum install -y docker jq | ||
- pip3 install boto3 | ||
- DD_AGENT_MAJOR_VERSION=7 DD_INSTALL_ONLY=true DD_API_KEY=$(aws ssm get-parameter --name ${dd_api_key} --with-decryption --region ${region} | jq -r '.Parameter.Value') DD_SITE="${dd_site}" bash -c "$(curl -L https://s3.amazonaws.com/dd-agent/scripts/install_script.sh)" | ||
- DD_AGENT_MAJOR_VERSION=7 DD_INSTALL_ONLY=true DD_API_KEY=$(aws ssm get-parameter --name ${dd_api_key} --with-decryption --region ${region} | jq -r '.Parameter.Value') DD_SITE="${dd_site}" bash -c "$(curl -L https://s3.amazonaws.com/dd-agent/scripts/install_script_agent7.sh)" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
install_script.sh
- Install script that usesDD_AGENT_MAJOR_VERSION=6
by default and also emits a deprecation warning when run
REF: https://github.com/DataDog/agent-linux-install-script#working-with-this-repository
@@ -196,12 +213,14 @@ runcmd: | |||
- cp /root/datadog-agent/conf.d/rabbitmq.d/conf.yaml /etc/datadog-agent/conf.d/rabbitmq.d/conf.yaml && chown dd-agent /etc/datadog-agent/conf.d/rabbitmq.d/conf.yaml | |||
- cp /root/datadog-agent/secrets.py /etc/datadog-agent/secrets.py && chown dd-agent /etc/datadog-agent/secrets.py && chmod 0700 /etc/datadog-agent/secrets.py | |||
- systemctl start datadog-agent | |||
- $(aws ecr get-login --no-include-email --region ${region} --registry-ids ${ecr_registry_id}) | |||
- docker run -d --name rabbitmq --hostname $HOSTNAME --log-driver=local --log-opt max-size=10m -p 4369:4369 -p 5672:5672 -p 15672:15672 -p 25672:25672 -e RABBITMQ_ERLANG_COOKIE=$(aws ssm get-parameter --name ${secret_cookie} --with-decryption --region ${region} | jq -r '.Parameter.Value') -v /root/data:/var/lib/rabbitmq -v /root/conf/:/etc/rabbitmq -v /root/bin:/tmp/bin ${rabbitmq_image} | |||
- $(aws ecr get-login-password --region ${region} | docker login --username AWS --password-stdin ${ecr_registry_id}.dkr.ecr.${region}.amazonaws.com) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security risk:
This command displays docker login commands to stdout with authentication credentials. Your credentials could be visible by other users on your system in a process list display or a command history. If you are not on a secure system, you should consider this risk and login interactively. For more information, see get-authorization-token.
REF: https://docs.aws.amazon.com/cli/latest/reference/ecr/get-login.html
- docker run -d --name rabbitmq --hostname $HOSTNAME --log-driver=local --log-opt max-size=10m -p 4369:4369 -p 5672:5672 -p 15672:15672 -p 25672:25672 -e RABBITMQ_ERLANG_COOKIE=$(aws ssm get-parameter --name ${secret_cookie} --with-decryption --region ${region} | jq -r '.Parameter.Value') -v /root/data:/var/lib/rabbitmq -v /root/conf/:/etc/rabbitmq -v /root/bin:/tmp/bin ${rabbitmq_image} | ||
- $(aws ecr get-login-password --region ${region} | docker login --username AWS --password-stdin ${ecr_registry_id}.dkr.ecr.${region}.amazonaws.com) | ||
- bash /root/erlang_cookie.sh | ||
- docker run -d --name rabbitmq --hostname $HOSTNAME --log-driver=local --log-opt max-size=10m -p 4369:4369 -p 5672:5672 -p 15672:15672 -p 25672:25672 -v /root/data:/var/lib/rabbitmq -v /root/conf/:/etc/rabbitmq -v /root/bin:/tmp/bin ${rabbitmq_image} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
RABBITMQ_ERLANG_COOKIE env variable support is deprecated and will be REMOVED in a future version. Use the $HOME/.erlang.cookie file or the --erlang-cookie switch instead.
There is not much mentioned about this other than its usage and the deprecated warning found in 3.8.10.
REF: https://www.rabbitmq.com/clustering.html#cookie-file-locations
cloud-init.yaml
Outdated
- path: /root/erlang_cookie.sh | ||
content: | | ||
#!/usr/bin/env bash | ||
mkdir /root/data/ | ||
aws ssm get-parameter --name ${secret_cookie} --with-decryption --region ${region} | jq -r '.Parameter.Value' > /root/data/.erlang.cookie | ||
chmod 400 /root/data/.erlang.cookie | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Other parts of preexisting docker run will handle the rest of this through volume mounting. But first we need the correct file in the correct location with the correct perms:
- mkdir /root/data/
- /root/data:/var/lib/rabbitmq
- chmod 400 /root/data/.erlang.cookie
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this info would be great to include in a comments!
- path: /root/conf/enabled_plugins | ||
content: | | ||
[prometheus_rabbitmq_exporter,rabbitmq_management]. | ||
- path: /root/conf/rabbitmq.config | ||
[ | ||
rabbitmq_management | ||
]. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
RabbitMQ versions prior to 3.8 used a separate plugin,
prometheus_rabbitmq_exporter
, to expose metrics to Prometheus.
NOTE: We are and have been on 3.8.* for a long time no need for this removed plugin.
REF: https://www.rabbitmq.com/prometheus.html#3rd-party-plugin
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@alexraskin FYI
Don't hate the programmer hate the language :) terraform-aws-rabbitmq/main.tf Lines 1 to 29 in c7e6518
All parts tested from 3.8.* to 3.12.* all work as intended even if it looks a little sketchy. Unfortunately TF does NOT give us much options other that gnarly strings with nested if's. |
- | | ||
TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` | ||
sed -i "s/replace_ip_address_here/$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/local-ipv4)/g" /root/datadog-agent/conf.d/rabbitmq.d/conf.yaml |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
v1 wasn't returning anything so needed v2: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
- All better RabbitMQ QA Cluster Degraded: https://app.datadoghq.com/monitors/48134887
- Dashboard: https://app.datadoghq.com/dashboard/kpa-i8c-nqn/rabbitmq-cmw-qa
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are some huge gains in this PR! thank you for all the attention to detail
cloud-init.yaml
Outdated
- path: /root/erlang_cookie.sh | ||
content: | | ||
#!/usr/bin/env bash | ||
mkdir /root/data/ | ||
aws ssm get-parameter --name ${secret_cookie} --with-decryption --region ${region} | jq -r '.Parameter.Value' > /root/data/.erlang.cookie | ||
chmod 400 /root/data/.erlang.cookie | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this info would be great to include in a comments!
# https://aws.amazon.com/about-aws/whats-new/2021/11/amazon-linux-2-ami-kernel-5-10/ | ||
name = "name" | ||
values = ["amzn2-ami-kernel-5.*"] | ||
feature_flag_template = ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Clever!
Description
This makes it so we can go from
3.8.0
->3.12.*
with hot rolling upgrades.Steps to Test
Links