Merge pull request #1339 from USEPA/main

Version 2024-03-07
USEPA · Mar 7, 2024 · 7805067 · 7805067
2 parents 6f9eee5 + 41a7414
commit 7805067
Show file tree

Hide file tree

Showing 13 changed files with 3 additions and 310 deletions.
diff --git a/.buildkite/feature.yml b/.buildkite/feature.yml
@@ -110,19 +110,6 @@ steps:
                       --target="$$TARGET" \
                       --no-push
 
-      # The FPM metrics sidecar is a much smaller image, so we can just let
-      # Kaniko build it without any caching logic. The build is otherwise
-      # identical to the one above.
-      - label: "Build fpm-metrics"
-        concurrency_group: $BUILDKITE_PIPELINE_SLUG/build-$BUILDKITE_BRANCH
-        concurrency: 4
-
-        commands: docker build services/metrics
-
-        plugins:
-          - cultureamp/aws-assume-role#v0.1.0:
-              role: arn:aws:iam::316981092358:role/BuildkiteRoleForImageBuilds
-
   # Perform a Terraform formatting check. See the terraform-fmt.sh script for more details
   # on what is executed in this step.
   - label: ":terraform: Formatting"

diff --git a/.buildkite/webcms.yml b/.buildkite/webcms.yml
@@ -76,18 +76,6 @@ steps:
                       --target="$$TARGET" \
                       --destination="${WEBCMS_REPO_URL}/webcms-${WEBCMS_ENVIRONMENT}-${WEBCMS_SITE}-$$TARGET:${WEBCMS_IMAGE_TAG}"
 
-      - label: "Build fpm-metrics"
-        concurrency_group: $BUILDKITE_PIPELINE_SLUG/build-$BUILDKITE_BRANCH
-        concurrency: 4
-
-        commands:
-          - docker build services/metrics --tag "${WEBCMS_REPO_URL}/webcms-${WEBCMS_ENVIRONMENT}-${WEBCMS_SITE}-fpm-metrics:${WEBCMS_IMAGE_TAG}"
-          - docker push "${WEBCMS_REPO_URL}/webcms-${WEBCMS_ENVIRONMENT}-${WEBCMS_SITE}-fpm-metrics:${WEBCMS_IMAGE_TAG}"
-
-        plugins:
-          - cultureamp/aws-assume-role#v0.1.0:
-              role: arn:aws:iam::316981092358:role/BuildkiteRoleForImageBuilds
-
   - wait: ~
 
   - label: ":terraform: WebCMS (${WEBCMS_SITE}-en)"

diff --git a/services/metrics/Dockerfile b/services/metrics/Dockerfile
diff --git a/services/metrics/README.md b/services/metrics/README.md
diff --git a/services/metrics/entrypoint.sh b/services/metrics/entrypoint.sh
diff --git a/services/metrics/transform.jq b/services/metrics/transform.jq
diff --git a/terraform/infrastructure/drupal_iam_task.tf b/terraform/infrastructure/drupal_iam_task.tf
@@ -92,31 +92,6 @@ resource "aws_iam_role_policy_attachment" "drupal_es_access" {
   policy_arn = aws_iam_policy.drupal_es_access.arn
 }
 
-data "aws_iam_policy_document" "drupal_publish_metrics" {
-  version = "2012-10-17"
-
-  statement {
-    sid       = "putMetrics"
-    effect    = "Allow"
-    actions   = ["cloudwatch:PutMetricData"]
-    resources = ["*"]
-  }
-}
-
-resource "aws_iam_policy" "drupal_publish_metrics" {
-  name        = "${var.iam_prefix}-${var.aws_region}-${var.environment}-PublishMetrics"
-  description = "Permits publishing CloudWatch metrics"
-
-  policy = data.aws_iam_policy_document.drupal_publish_metrics.json
-}
-
-resource "aws_iam_role_policy_attachment" "drupal_publish_metrics" {
-  for_each = local.sites
-
-  role       = aws_iam_role.drupal_task[each.key].name
-  policy_arn = aws_iam_policy.drupal_publish_metrics.arn
-}
-
 # Grant the Drupal container permissions to Cloudwatch to create a log stream
 # and publish log events.
 data "aws_iam_policy_document" "drupal_put_logs" {

diff --git a/terraform/infrastructure/ecr.tf b/terraform/infrastructure/ecr.tf
@@ -30,16 +30,6 @@ resource "aws_ecr_repository" "drush" {
   tags = var.tags
 }
 
-# Create a custom repo for the Alpine-based metrics sidecar. See services/metrics for more
-# information.
-resource "aws_ecr_repository" "metrics" {
-  for_each = toset(var.sites)
-
-  name = "webcms-${var.environment}-${each.key}-fpm-metrics"
-
-  tags = var.tags
-}
-
 # Finally, we create a cache repository for Kaniko-based builds. This repository has some
 # lifecycle policies that aggressively expire images in order to avoid an arbitrarily large
 # cache from building up (see below).

diff --git a/terraform/infrastructure/logging.tf b/terraform/infrastructure/logging.tf
@@ -34,15 +34,6 @@ resource "aws_cloudwatch_log_group" "drupal" {
   tags = var.tags
 }
 
-# Log group for the FPM metrics helper
-resource "aws_cloudwatch_log_group" "fpm_metrics" {
-  for_each = local.sites
-
-  name = "/webcms/${var.environment}/${each.value.site}/${each.value.lang}/fpm-metrics"
-
-  tags = var.tags
-}
-
 # Log group for any Terraform runs performed inside the ECS cluster
 resource "aws_cloudwatch_log_group" "terraform" {
   name = "/webcms/${var.environment}/terraform"

diff --git a/terraform/infrastructure/parameters.tf b/terraform/infrastructure/parameters.tf
@@ -151,16 +151,6 @@ resource "aws_ssm_parameter" "ecr_drush" {
   tags = var.tags
 }
 
-resource "aws_ssm_parameter" "ecr_metrics" {
-  for_each = local.sites
-
-  name  = "/webcms/${var.environment}/${each.value.site}/${each.value.lang}/ecr/metrics"
-  type  = "String"
-  value = aws_ecr_repository.metrics[each.value.site].repository_url
-
-  tags = var.tags
-}
-
 #endregion
 
 #region Log groups
@@ -195,16 +185,6 @@ resource "aws_ssm_parameter" "drush_log_group" {
   tags = var.tags
 }
 
-resource "aws_ssm_parameter" "fpm_metrics_log_group" {
-  for_each = local.sites
-
-  name  = "/webcms/${var.environment}/${each.value.site}/${each.value.lang}/log-groups/fpm-metrics"
-  type  = "String"
-  value = aws_cloudwatch_log_group.fpm_metrics[each.key].name
-
-  tags = var.tags
-}
-
 resource "aws_ssm_parameter" "drupal_log_group" {
   for_each = local.sites
 

diff --git a/terraform/webcms/README.md b/terraform/webcms/README.md
@@ -60,7 +60,7 @@ See the [parent directory's README](../) for instructions on using a backend for
 
 ### Built Images
 
-The images for Drupal, nginx, Drush, and the metrics sidecar must have been built before this module is deployed. See [How to Run](#how-to-run) for more information.
+The images for Drupal, nginx, and Drush must have been built before this module is deployed. See [How to Run](#how-to-run) for more information.
 
 ## Module Inputs
 
@@ -173,7 +173,6 @@ As with the infrastructure and database modules, this module assumes that certai
 - Log group identifiers are also read from Parameter Store:
   - `/webcms/${var.environment}/${var.site}/${var.lang}log-groups/php-fpm`: The name of the log group for Drupal's PHP-FPM container.
   - `/webcms/${var.environment}/${var.site}/${var.lang}log-groups/nginx`: The name of the log group for Drupal's nginx container.
-  - `/webcms/${var.environment}/${var.site}/${var.lang}log-groups/fpm-metrics`: The name of the log group for for Drupal's FPM metrics container.
   - `/webcms/${var.environment}/${var.site}/${var.lang}log-groups/drush`: The name of the log group for Drush runs.
   - `/webcms/${var.environment}/${var.site}/${var.lang}log-groups/drupal`: The name of the log group for Drupal application logs.
 - Finally, Secrets Manager ARNs are read from Parameter Store. More information on how these are used can be read
@@ -187,7 +186,7 @@ As with the infrastructure and database modules, this module assumes that certai
 
 ### Drupal
 
-This module creates an ECS task definition and service for running the WebCMS. This task includes a pair of containers, nginx and PHP-FPM, that handle incoming web traffic. In addition, a third container runs a basic Alpine image that gathers PHP-FPM metrics every 60 seconds and publishes them to CloudWatch.
+This module creates an ECS task definition and service for running the WebCMS. This task includes a pair of containers, nginx and PHP-FPM, that handle incoming web traffic.
 
 An autoscaling policy is attached to the Drupal service that tracks 60% CPU utilization. Scale-out is more aggressive than scale-in by a factor of five. We enforce slow scale in due to the relatively slow warm-up time of the Drupal containers; a long cooldown smooths out spiky traffic patterns and keeps containers from exhibiting thrashing-like behavior as opcache warms up.
 
@@ -209,7 +208,7 @@ Deployments can be broken down into three steps: build images, apply Terraform,
 
 ### Build Images
 
-There are four custom Docker images: Drupal, nginx, Drush, and the metrics sidecar. While it is possible to build these in parallel, it is probably best to build them in serial and push after deployments. A sample shell script is below:
+There are four custom Docker images: Drupal, nginx, and Drush. While it is possible to build these in parallel, it is probably best to build them in serial and push after deployments. A sample shell script is below:
 
 ```sh
 #!/bin/bash
@@ -231,10 +230,6 @@ docker build services/drupal --tag "<drush repository>:$BUILD_TAG" --target drus
 docker push "<drupal repository>:$BUILD_TAG"
 docker push "<nginx repository>:$BUILD_TAG"
 docker push "<drush repository>:$BUILD_TAG"
-
-# Now, build the metrics sidecar.
-docker build services/metrics --tag "<metrics repository>:$BUILD_TAG"
-docker push "<metrics repository>:$BUILD_TAG"
 ```
 
 Note that this script does not cover authenticating with ECR or other topics; see the AWS CLI's documentation on authenticating with ECR:

diff --git a/terraform/webcms/drupal.tf b/terraform/webcms/drupal.tf
@@ -120,28 +120,6 @@ resource "aws_ecs_task_definition" "drupal_task" {
         }
       }
     },
-
-    # Report FPM metrics to CloudWatch using the custom metrics container. See the
-    # services/metrics directory for more.
-    {
-      name  = "metrics"
-      image = "${data.aws_ssm_parameter.ecr_metrics.value}:${var.image_tag}"
-
-      environment = [
-        { name = "AWS_REGION", value = var.aws_region },
-        { name = "WEBCMS_SITE", value = "${var.site}-${var.lang}" },
-      ]
-
-      logConfiguration = {
-        logDriver = "awslogs"
-
-        options = {
-          awslogs-group         = data.aws_ssm_parameter.fpm_metrics_log_group.value
-          awslogs-region        = var.aws_region
-          awslogs-stream-prefix = "fpm-metrics"
-        }
-      }
-    },
   ])
 
   tags = var.tags