Jeanschmidt/runners send metrics (#843)

This change changes CW agent config, enabling runners to send host metrics, so dashboards/alerts can be built for disk usage, cpu, memory, etc.

Author: jeanschmidt

terraform-aws-github-runner/main.tf

@@ -109,7 +109,6 @@ module "runners" {
   lambda_security_group_ids        = var.lambda_security_group_ids
   logging_retention_in_days        = var.logging_retention_in_days
   enable_cloudwatch_agent          = var.enable_cloudwatch_agent
-  cloudwatch_config                = var.cloudwatch_config
   scale_up_lambda_concurrency      = var.scale_up_lambda_concurrency
 
   instance_profile_path     = var.instance_profile_path

terraform-aws-github-runner/modules/runners/README.md

@@ -68,7 +68,7 @@ No requirements.
 | block\_device\_mappings | The EC2 instance block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops` | `map(string)` | `{}` | no |
 | cloudwatch\_config | (optional) Replaces the module default cloudwatch log config. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html for details. | `string` | `null` | no |
 | create\_service\_linked\_role\_spot | (optional) create the serviced linked role for spot instances that is required by the scale-up lambda. | `bool` | `false` | no |
-| enable\_cloudwatch\_agent | Enabling the cloudwatch agent on the ec2 runner instances, the runner contains default config. Configuration can be overridden via `cloudwatch_config`. | `bool` | `true` | no |
+| enable\_cloudwatch\_agent | Enabling the cloudwatch agent on the ec2 runner instances, the runner contains default config. | `bool` | `true` | no |
 | enable\_organization\_runners | n/a | `bool` | n/a | yes |
 | enable\_ssm\_on\_runners | Enable to allow access the runner instances for debugging purposes via SSM. Note that this adds additional permissions to the runner instances. | `bool` | n/a | yes |
 | encryption | KMS key to encrypted lambda environment secrets. Either provide a key and `encrypt` set to `true`. Or set the key to `null` and encrypt to `false`. | <pre>object({<br>    kms_key_id = string<br>    encrypt    = bool<br>  })</pre> | n/a | yes |

terraform-aws-github-runner/modules/runners/logging.tf

@@ -61,9 +61,19 @@ resource "aws_ssm_parameter" "cloudwatch_agent_config_runner_linux" {
   count = var.enable_cloudwatch_agent ? 1 : 0
   name  = "${var.environment}-cloudwatch_agent_config_runner_linux"
   type  = "String"
-  value = var.cloudwatch_config != null ? var.cloudwatch_config : templatefile("${path.module}/templates/cloudwatch_config.json", {
-    logfiles = jsonencode(local.logfiles_linux)
-  })
+  value = jsonencode(
+    jsondecode(
+      templatefile(
+        "${path.module}/templates/cloudwatch_config.json",
+        {
+          aws_region = var.aws_region
+          environment = var.environment
+          logfiles = jsonencode(local.logfiles_linux)
+          metrics_collected = templatefile("${path.module}/templates/cloudwatch_config_linux.json", {})
+        }
+      )
+    )
+  )
   tags = local.tags
 }
 
@@ -85,14 +95,23 @@ resource "aws_iam_role_policy" "cloudwatch_linux" {
   )
 }
 
-
 resource "aws_ssm_parameter" "cloudwatch_agent_config_runner_windows" {
   count = var.enable_cloudwatch_agent ? 1 : 0
   name  = "${var.environment}-cloudwatch_agent_config_runner_windows"
   type  = "String"
-  value = var.cloudwatch_config != null ? var.cloudwatch_config : templatefile("${path.module}/templates/cloudwatch_config.json", {
-    logfiles = jsonencode(local.logfiles_windows)
-  })
+  value = jsonencode(
+    jsondecode(
+      templatefile(
+        "${path.module}/templates/cloudwatch_config.json",
+        {
+          aws_region = var.aws_region
+          environment = var.environment
+          metrics_collected = templatefile("${path.module}/templates/cloudwatch_config_windows.json", {})
+          logfiles = jsonencode(local.logfiles_linux)
+        }
+      )
+    )
+  )
   tags = local.tags
 }
 

terraform-aws-github-runner/modules/runners/templates/cloudwatch_config.json

@@ -1,6 +1,21 @@
 {
     "agent": {
-        "metrics_collection_interval": 5
+        "metrics_collection_interval": 10,
+        "region": "${aws_region}"
+    },
+    "metrics": {
+      "namespace": "GHARunners/${environment}",
+      "append_dimensions": {
+        "ImageID":"$${aws:ImageId}",
+        "InstanceId":"$${aws:InstanceId}",
+        "InstanceType":"$${aws:InstanceType}"
+      },
+      "aggregation_dimensions": [
+        ["ImageID"],
+        ["InstanceType"],
+        ["ImageID", "InstanceType"]
+      ],
+      "metrics_collected": ${metrics_collected}
     },
     "logs": {
         "logs_collected": {
@@ -9,4 +24,4 @@
             }
         }
     }
-}
+}

terraform-aws-github-runner/modules/runners/templates/cloudwatch_config_linux.json

@@ -0,0 +1,49 @@
+{
+  "cpu": {
+    "measurement": [
+      "cpu_usage_idle",
+      "cpu_usage_iowait",
+      "cpu_usage_user",
+      "cpu_usage_system"
+    ],
+    "metrics_collection_interval": 10
+  },
+  "disk": {
+    "measurement": [
+      "free",
+      "total",
+      "used",
+      "used_percent",
+      "inodes_free",
+      "inodes_total"
+    ],
+    "metrics_collection_interval": 10,
+    "resources": [
+      "*"
+    ]
+  },
+  "diskio": {
+    "measurement": [
+      "io_time"
+    ],
+    "metrics_collection_interval": 10,
+    "resources": [
+      "*"
+    ]
+  },
+  "mem": {
+    "measurement": [
+      "total",
+      "used",
+      "free",
+      "used_percent"
+    ],
+    "metrics_collection_interval": 10
+  },
+  "swap": {
+    "measurement": [
+      "swap_used_percent"
+    ],
+    "metrics_collection_interval": 10
+  }
+}

terraform-aws-github-runner/modules/runners/templates/cloudwatch_config_windows.json

@@ -0,0 +1,46 @@
+{
+  "LogicalDisk": {
+    "measurement": [
+      "% Free Space"
+    ],
+    "metrics_collection_interval": 10,
+    "resources": [
+      "*"
+    ]
+  },
+  "Memory": {
+    "measurement": [
+      "% Committed Bytes In Use"
+    ],
+    "metrics_collection_interval": 10
+  },
+  "Paging File": {
+    "measurement": [
+      "% Usage"
+    ],
+    "metrics_collection_interval": 10,
+    "resources": [
+      "*"
+    ]
+  },
+  "PhysicalDisk": {
+    "measurement": [
+      "% Disk Time"
+    ],
+    "metrics_collection_interval": 10,
+    "resources": [
+      "*"
+    ]
+  },
+  "Processor": {
+    "measurement": [
+      "% User Time",
+      "% Idle Time",
+      "% Interrupt Time"
+    ],
+    "metrics_collection_interval": 10,
+    "resources": [
+      "_Total"
+    ]
+  }
+}

terraform-aws-github-runner/modules/runners/variables.tf

@@ -257,17 +257,11 @@ variable "runner_iam_role_managed_policy_arns" {
 }
 
 variable "enable_cloudwatch_agent" {
-  description = "Enabling the cloudwatch agent on the ec2 runner instances, the runner contains default config. Configuration can be overridden via `cloudwatch_config`."
+  description = "Enabling the cloudwatch agent on the ec2 runner instances, the runner contains default config."
   type        = bool
   default     = true
 }
 
-variable "cloudwatch_config" {
-  description = "(optional) Replaces the module default cloudwatch log config. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html for details."
-  type        = string
-  default     = null
-}
-
 variable "ghes_url" {
   description = "GitHub Enterprise Server URL. DO NOT SET IF USING PUBLIC GITHUB"
   type        = string

terraform-aws-github-runner/variables.tf

@@ -272,17 +272,11 @@ variable "runner_iam_role_managed_policy_arns" {
 }
 
 variable "enable_cloudwatch_agent" {
-  description = "Enabling the cloudwatch agent on the ec2 runner instances, the runner contains default config. Configuration can be overridden via `cloudwatch_config`."
+  description = "Enabling the cloudwatch agent on the ec2 runner instances, the runner contains default config."
   type        = bool
   default     = true
 }
 
-variable "cloudwatch_config" {
-  description = "(optional) Replaces the module default cloudwatch log config. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html for details."
-  type        = string
-  default     = null
-}
-
 variable "ghes_url" {
   description = "GitHub Enterprise Server URL. Example: https://github.internal.co - DO NOT SET IF USING PUBLIC GITHUB"
   type        = string