From 443d2471d223bfaa3f48e2c5212b6ad596b16b08 Mon Sep 17 00:00:00 2001 From: Zachary Winnerman <98712682+zwinnerman-fleetdm@users.noreply.github.com> Date: Mon, 24 Apr 2023 11:25:57 -0400 Subject: [PATCH] Add elastic apm to dogfood (#11287) # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). --- .github/workflows/dogfood-deploy.yml | 2 ++ infrastructure/dogfood/terraform/aws-tf-module/main.tf | 10 ++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dogfood-deploy.yml b/.github/workflows/dogfood-deploy.yml index 8afebf55ad..6c246944b3 100644 --- a/.github/workflows/dogfood-deploy.yml +++ b/.github/workflows/dogfood-deploy.yml @@ -28,6 +28,8 @@ env: TF_VAR_fleet_license: ${{ secrets.DOGFOOD_LICENSE_KEY }} TF_VAR_slack_webhook: ${{ secrets.SLACK_G_HELP_P1_WEBHOOK_URL }} TF_VAR_fleet_sentry_dsn: ${{ secrets.DOGFOOD_SENTRY_DSN }} + TF_VAR_elastic_url: ${{ secrets.ELASTIC_APM_SERVER_URL }} + TF_VAR_elastic_token: ${{ secrets.ELASTIC_APM_SECRET_TOKEN }} permissions: id-token: write diff --git a/infrastructure/dogfood/terraform/aws-tf-module/main.tf b/infrastructure/dogfood/terraform/aws-tf-module/main.tf index 5f5f8a12a3..92a5f8fb32 100644 --- a/infrastructure/dogfood/terraform/aws-tf-module/main.tf +++ b/infrastructure/dogfood/terraform/aws-tf-module/main.tf @@ -28,8 +28,9 @@ variable "fleet_license" {} variable "fleet_image" { default = "160035666661.dkr.ecr.us-east-2.amazonaws.com/fleet:1f68e7a5e39339d763da26a0c8ae3e459b2e1f016538d7962312310493381f7c" } -variable "fleet_sentry_dsn" { -} +variable "fleet_sentry_dsn" {} +variable "elastic_url" {} +variable "elastic_token" {} data "aws_caller_identity" "current" {} @@ -40,9 +41,14 @@ locals { FLEET_LICENSE_KEY = var.fleet_license FLEET_LOGGING_DEBUG = "true" FLEET_LOGGING_JSON = "true" + FLEET_LOGGING_TRACING_ENABLED = "true" + FLEET_LOGGING_TRACING_TYPE = "elasticapm" FLEET_MYSQL_MAX_OPEN_CONNS = "25" FLEET_VULNERABILITIES_DATABASES_PATH = "/home/fleet" FLEET_OSQUERY_ENABLE_ASYNC_HOST_PROCESSING = "false" + ELASTIC_APM_SERVER_URL = var.elastic_url + ELASTIC_APM_SECRET_TOKEN = var.elastic_token + ELASTIC_APM_SERVICE_NAME = "dogfood" } sentry_secrets = { FLEET_SENTRY_DSN = "${aws_secretsmanager_secret.sentry.arn}:FLEET_SENTRY_DSN::"