From 114c1d2e8e86df589bc2b5b54d87d5e152ecaa4b Mon Sep 17 00:00:00 2001
From: Steve Smith <ssmith@atlassian.com>
Date: Wed, 11 Sep 2019 14:59:00 +1000
Subject: [PATCH] DCD-436: Add ability to disable log aggregation.

---
 group_vars/aws_node_local.yml                 |  2 ++
 .../aws_common/molecule/default/playbook.yml  |  2 ++
 .../molecule/logs-disabled/Dockerfile.j2      | 14 ++++++++
 .../molecule/logs-disabled/molecule.yml       | 26 ++++++++++++++
 .../molecule/logs-disabled/playbook.yml       | 19 ++++++++++
 .../logs-disabled/tests/test_default.py       | 25 +++++++++++++
 .../templates/amazon-cloudwatch-agent.json.j2 | 36 ++++++++++---------
 7 files changed, 108 insertions(+), 16 deletions(-)
 create mode 100644 roles/aws_common/molecule/logs-disabled/Dockerfile.j2
 create mode 100644 roles/aws_common/molecule/logs-disabled/molecule.yml
 create mode 100644 roles/aws_common/molecule/logs-disabled/playbook.yml
 create mode 100644 roles/aws_common/molecule/logs-disabled/tests/test_default.py

diff --git a/group_vars/aws_node_local.yml b/group_vars/aws_node_local.yml
index 65505fc..1bb262b 100644
--- a/group_vars/aws_node_local.yml
+++ b/group_vars/aws_node_local.yml
@@ -56,6 +56,8 @@ atl_aws_region: "{{ lookup('env', 'ATL_AWS_REGION') }}"
 atl_aws_iam_role: "{{ lookup('env', 'ATL_AWS_IAM_ROLE') }}"
 atl_aws_iam_role_arn: "{{ lookup('env', 'ATL_AWS_IAM_ROLE_ARN') }}"
 
+atl_aws_enable_cw_logs: "{{ lookup('env', 'ATL_AWS_ENABLE_CW_LOGS') or false }}"
+
 atl_db_engine: "{{ lookup('env', 'ATL_DB_ENGINE') }}"
 atl_db_host: "{{ lookup('env', 'ATL_DB_HOST') }}"
 atl_db_port: "{{ lookup('env', 'ATL_DB_PORT') or '5432' }}"
diff --git a/roles/aws_common/molecule/default/playbook.yml b/roles/aws_common/molecule/default/playbook.yml
index 0eb5b02..6af238a 100644
--- a/roles/aws_common/molecule/default/playbook.yml
+++ b/roles/aws_common/molecule/default/playbook.yml
@@ -11,6 +11,8 @@
     atl_product_edition: "jira-software"
     atl_aws_stack_name: "MY_STACK"
 
+    atl_aws_enable_cw_logs: true
     atl_aws_agent_restart: false
+
   roles:
     - role: aws_common
diff --git a/roles/aws_common/molecule/logs-disabled/Dockerfile.j2 b/roles/aws_common/molecule/logs-disabled/Dockerfile.j2
new file mode 100644
index 0000000..e6aa95d
--- /dev/null
+++ b/roles/aws_common/molecule/logs-disabled/Dockerfile.j2
@@ -0,0 +1,14 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi
diff --git a/roles/aws_common/molecule/logs-disabled/molecule.yml b/roles/aws_common/molecule/logs-disabled/molecule.yml
new file mode 100644
index 0000000..9db2aa4
--- /dev/null
+++ b/roles/aws_common/molecule/logs-disabled/molecule.yml
@@ -0,0 +1,26 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint:
+  name: yamllint
+platforms:
+  - name: amazon_linux2
+    image: amazonlinux:2
+    groups:
+      - aws_node_local
+# - name: ubuntu_lts
+#   image: ubuntu:bionic
+provisioner:
+  name: ansible
+  lint:
+    name: ansible-lint
+  inventory:
+    links:
+      group_vars: ../../../../group_vars/
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
+    enabled: false
diff --git a/roles/aws_common/molecule/logs-disabled/playbook.yml b/roles/aws_common/molecule/logs-disabled/playbook.yml
new file mode 100644
index 0000000..3431e5c
--- /dev/null
+++ b/roles/aws_common/molecule/logs-disabled/playbook.yml
@@ -0,0 +1,19 @@
+---
+- name: Converge
+  hosts: all
+  vars:
+    ansible_ec2_local_ipv4: "1.1.1.1"
+    ansible_default_ipv4:
+      address: "9.9.9.9"
+    ansible_ec2_instance_id: "NONE"
+
+    atl_product_family: "jira"
+    atl_product_edition: "jira-software"
+    atl_aws_stack_name: "MY_STACK"
+
+    atl_aws_enable_cw_logs: "false"
+
+    atl_aws_agent_restart: false
+
+  roles:
+    - role: aws_common
diff --git a/roles/aws_common/molecule/logs-disabled/tests/test_default.py b/roles/aws_common/molecule/logs-disabled/tests/test_default.py
new file mode 100644
index 0000000..cc94261
--- /dev/null
+++ b/roles/aws_common/molecule/logs-disabled/tests/test_default.py
@@ -0,0 +1,25 @@
+import os
+import pytest
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+@pytest.mark.parametrize('exe', [
+    '/usr/bin/ec2-metadata',
+    '/usr/bin/amazon-ssm-agent',
+    '/sbin/mount.efs',
+    '/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent'
+])
+def test_package_exes(host, exe):
+    assert host.file(exe).exists
+
+
+def test_service_file(host):
+    f = host.file('/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json')
+    assert not f.contains('"log_group_name": "jira-software-MY_STACK"')
+    assert f.user == 'root'
+    assert f.group == 'root'
+    assert f.mode == 0o0644
diff --git a/roles/aws_common/templates/amazon-cloudwatch-agent.json.j2 b/roles/aws_common/templates/amazon-cloudwatch-agent.json.j2
index b33ff45..3c23e84 100644
--- a/roles/aws_common/templates/amazon-cloudwatch-agent.json.j2
+++ b/roles/aws_common/templates/amazon-cloudwatch-agent.json.j2
@@ -4,23 +4,27 @@
     "run_as_user": "root"
   },
 
-  "logs": {
-    "logs_collected": {
-      "files": {
-        "collect_list": [
-          {% set comma = joiner(',') %}
-          {% for path in atl_product_log_locations[atl_product_family] %}
-            {{ comma() }}
-            {
-              "file_path": "{{ path }}/*",
-              "log_group_name": "{{ atl_aws_log_group }}",
-              "log_stream_name": "{instance_id}"
-            }
-          {% endfor %}
-        ]
+  {% if atl_aws_enable_cw_logs == true or atl_aws_enable_cw_logs == 'true' %}
+    "logs": {
+      "logs_collected": {
+        "files": {
+          "collect_list": [
+
+            {% set comma = joiner(',') %}
+            {% for path in atl_product_log_locations[atl_product_family] %}
+              {{ comma() }}
+              {
+                "file_path": "{{ path }}/*",
+                "log_group_name": "{{ atl_aws_log_group }}",
+                "log_stream_name": "{instance_id}"
+              }
+            {% endfor %}
+
+          ]
+        }
       }
-    }
-  },
+    },
+  {% endif %}
 
   "metrics": {
     "append_dimensions": {