Feature/splunk configuration (#292)

ExpediaGroup · Jan 10, 2025 · ba72432 · ba72432
1 parent e07d06c
commit ba72432
Show file tree

Hide file tree

Showing 6 changed files with 122 additions and 39 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [7.9.0] - 2025-01-09
+### Added
+- Enabled Splunk for log forwarding and implemented health checks for ECS HMS.
+
 ## [7.8.0] - 2024-12-12
 ### Added
 - Hive databases backed by S3 can now have versioning enabled.

diff --git a/VARIABLES.md b/VARIABLES.md
diff --git a/templates.tf b/templates.tf
@@ -57,23 +57,29 @@ locals{
     s3_enable_logs = local.enable_apiary_s3_log_hive ? "1" : ""
 
     # Template vars for init container
-    init_container_enabled = var.external_database_host == "" ? true : false
-    mysql_permissions      = "ALL"
-    mysql_master_cred_arn  = var.external_database_host == "" ? aws_secretsmanager_secret.apiary_mysql_master_credentials[0].arn : null
-    mysql_user_cred_arn    = data.aws_secretsmanager_secret.db_rw_user.arn
+    init_container_enabled     = var.external_database_host == "" ? true : false
+    mysql_permissions          = "ALL"
+    mysql_master_cred_arn      = var.external_database_host == "" ? aws_secretsmanager_secret.apiary_mysql_master_credentials[0].arn : null
+    mysql_user_cred_arn        = data.aws_secretsmanager_secret.db_rw_user.arn
 
     # Datadog variables
-    datadog_secret_key    = length(var.datadog_key_secret_name) > 0 ? chomp(data.external.datadog_key[0].result["api_key"]) : ""
-    wd_instance_type      = var.hms_instance_type
-    metrics_port          = var.datadog_metrics_port
-    datadog_agent_version = var.datadog_agent_version
-    datadog_agent_enabled = var.datadog_agent_enabled
-    datadog_tags          = local.datadog_tags
-    tcp_keepalive_time    = var.tcp_keepalive_time
-    tcp_keepalive_intvl   = var.tcp_keepalive_intvl
-    tcp_keepalive_probes  = var.tcp_keepalive_probes
+    datadog_secret_key         = length(var.datadog_key_secret_name) > 0 ? chomp(data.external.datadog_key[0].result["api_key"]) : ""
+    wd_instance_type           = var.hms_instance_type
+    metrics_port               = var.datadog_metrics_port
+    datadog_agent_version      = var.datadog_agent_version
+    datadog_agent_enabled      = var.datadog_agent_enabled
+    datadog_tags               = local.datadog_tags
+    tcp_keepalive_time         = var.tcp_keepalive_time
+    tcp_keepalive_intvl        = var.tcp_keepalive_intvl
+    tcp_keepalive_probes       = var.tcp_keepalive_probes
     hms_metrics                = local.hms_metrics
     hms_metrics_type_overrides = local.hms_metrics_type_overrides
+
+    // Splunk configuration
+    enable_splunk_logging      = var.enable_splunk_logging
+    splunk_hec_host            = var.splunk_hec_host
+    splunk_hec_token           = var.splunk_hec_token
+    splunk_hec_index           = var.splunk_hec_index
   })
 
   hms_readonly_template = templatefile("${path.module}/templates/apiary-hms-readonly.json", {
@@ -131,5 +137,11 @@ locals{
     hms_metrics_namespace   = "${var.hms_ecs_metrics_readonly_namespace}"
     hms_metrics                = local.hms_metrics
     hms_metrics_type_overrides = local.hms_metrics_type_overrides
+
+    // Splunk configuration
+    enable_splunk_logging      = var.enable_splunk_logging
+    splunk_hec_host            = var.splunk_hec_host
+    splunk_hec_token           = var.splunk_hec_token
+    splunk_hec_index           = var.splunk_hec_index
   })
 }
diff --git a/templates/apiary-hms-readonly.json b/templates/apiary-hms-readonly.json
@@ -66,12 +66,21 @@
         "value": "${tcp_keepalive_probes}"
      }
     ],
-  "logConfiguration": {
-        "logDriver": "awslogs",
-        "options": {
+    "logConfiguration": {
+        "logDriver": "${enable_splunk_logging ? "splunk" : "awslogs"}",
+        "options": ${enable_splunk_logging ?
+          jsonencode({
+            "splunk-token": "${splunk_hec_token}",
+            "splunk-url": "${splunk_hec_host}",
+            "splunk-source": "apiary-hms-readonly-logs",
+            "splunk-sourcetype": "hms-logs",
+            "splunk-index": "${splunk_hec_index}"
+          }) :
+          jsonencode({
             "awslogs-group": "${loggroup}",
             "awslogs-region": "${region}",
             "awslogs-stream-prefix": "/"
+          })
         }
     },
     "dockerLabels": {
@@ -93,6 +102,16 @@
       }
     ],
 %{ endif }
+     "healthCheck": {
+        "command": [
+            "CMD-SHELL",
+            "curl -f http://localhost:8080/actuator/health || exit 1"
+          ],
+        "interval": 30,
+        "timeout": 5,
+        "retries": 3,
+        "startPeriod": 10
+    },
     "environment":[
       {
         "name": "MYSQL_DB_HOST",

diff --git a/templates/apiary-hms-readwrite.json b/templates/apiary-hms-readwrite.json
@@ -67,11 +67,20 @@
       }
     ],
     "logConfiguration": {
-        "logDriver": "awslogs",
-        "options": {
+        "logDriver": "${enable_splunk_logging ? "splunk" : "awslogs"}",
+        "options": ${enable_splunk_logging ?
+          jsonencode({
+            "splunk-token": "${splunk_hec_token}",
+            "splunk-url": "${splunk_hec_host}",
+            "splunk-source": "apiary-hms-readwrite-logs",
+            "splunk-sourcetype": "hms-logs",
+            "splunk-index": "${splunk_hec_index}"
+          }) :
+          jsonencode({
             "awslogs-group": "${loggroup}",
             "awslogs-region": "${region}",
             "awslogs-stream-prefix": "/"
+          })
         }
     },
     "dockerLabels": {
@@ -93,6 +102,16 @@
       }
     ],
 %{ endif }
+     "healthCheck": {
+        "command": [
+            "CMD-SHELL",
+            "curl -f http://localhost:8080/actuator/health || exit 1"
+          ],
+        "interval": 30,
+        "timeout": 5,
+        "retries": 3,
+        "startPeriod": 10
+    },
     "environment":[
      {
         "name": "MYSQL_DB_HOST",

diff --git a/variables.tf b/variables.tf
@@ -1124,3 +1124,28 @@ EOF
   }))
   default = []
 }
+
+variable "enable_splunk_logging" {
+  description = "Enable sending longs to Splunk. When enabling we also need splunk_hec_token, splunk_hec_host and splunk_index."
+  type        = bool
+  default     = false
+}
+
+variable "splunk_hec_token" {
+  description = "The token used for authentication with the Splunk HTTP Event Collector (HEC). This is required for sending logs to Splunk. Compatible with both EC2 and FARGATE ECS task definitions."
+  type        = string
+  default     = ""
+}
+
+variable "splunk_hec_host" {
+  description = "The hostname or URL of the Splunk HTTP Event Collector (HEC) endpoint to which logs will be sent."
+  type        = string
+  default     = ""
+}
+
+variable "splunk_hec_index" {
+  description = "The index in Splunk where logs will be stored. This is used to organize and manage logs within Splunk."
+  type        = string
+  default     = ""
+}
+