diff options
| author | Alex Auvolat <alex@adnab.me> | 2022-02-26 20:14:55 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2022-02-26 20:14:55 +0100 |
| commit | bd2abf344915f502693a17a5f141518e1609910d (patch) | |
| tree | 6c0672bc5fc359e1da276e48abecdf2933b1d8b2 | |
| parent | 8064d91dfb76bc38466b5e9382b4d43f3188a444 (diff) | |
| download | nixcfg-bd2abf344915f502693a17a5f141518e1609910d.tar.gz nixcfg-bd2abf344915f502693a17a5f141518e1609910d.zip | |
Have an ElasticSearch cluster
| -rw-r--r-- | app/telemetry/deploy/telemetry-system.hcl | 61 | ||||
| -rw-r--r-- | app/telemetry/deploy/telemetry.hcl | 34 | ||||
| -rw-r--r-- | configuration.nix | 4 |
3 files changed, 65 insertions, 34 deletions
diff --git a/app/telemetry/deploy/telemetry-system.hcl b/app/telemetry/deploy/telemetry-system.hcl new file mode 100644 index 0000000..9dd379d --- /dev/null +++ b/app/telemetry/deploy/telemetry-system.hcl @@ -0,0 +1,61 @@ +job "telemetry-system" { + datacenters = ["neptune"] + type = "system" + + group "elasticsearch" { + network { + port "elastic" { + static = 9200 + } + port "elastic_internal" { + static = 9300 + } + } + + task "elastic" { + driver = "docker" + config { + image = "docker.elastic.co/elasticsearch/elasticsearch:7.17.0" + network_mode = "host" + volumes = [ + "/mnt/ssd/telemetry/es_data:/usr/share/elasticsearch/data", + ] + ports = [ "elastic", "elastic_internal" ] + sysctl = { + #"vm.max_map_count" = "262144", + } + ulimit = { + memlock = "9223372036854775807:9223372036854775807", + } + } + + resources { + memory = 2500 + cpu = 500 + } + + template { + data = <<EOH +node.name={{ env "attr.unique.hostname" }} +http.port=9200 +transport.port=9300 +cluster.name=es-deuxfleurs +cluster.initial_master_nodes=caribou,cariacou,carcajou +discovery.seed_hosts=carcajou,caribou,cariacou +bootstrap.memory_lock=true +xpack.security.enabled=true +xpack.security.authc.api_key.enabled=true +xpack.security.transport.ssl.enabled=true +xpack.security.transport.ssl.verification_mode=certificate +xpack.security.transport.ssl.client_authentication=required +xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/data/elastic-certificates.p12 +xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/data/elastic-certificates.p12 +ES_JAVA_OPTS=-Xms512M -Xmx512M +EOH + destination = "secrets/env" + env = true + } + } + } +} + diff --git a/app/telemetry/deploy/telemetry.hcl b/app/telemetry/deploy/telemetry.hcl index 48ea4ea..90cde54 100644 --- a/app/telemetry/deploy/telemetry.hcl +++ b/app/telemetry/deploy/telemetry.hcl @@ -15,9 +15,6 @@ job "telemetry" { port "otel_grpc" { static = 4317 } - port "elastic" { - static = 9200 - } port "kibana" { static = 5601 } @@ -54,37 +51,6 @@ job "telemetry" { } } - task "elastic" { - driver = "docker" - config { - image = "docker.elastic.co/elasticsearch/elasticsearch:7.17.0" - network_mode = "host" - volumes = [ - "/mnt/ssd/telemetry/es_data:/usr/share/elasticsearch/data", - ] - ports = [ "elastic" ] - } - - resources { - memory = 2500 - cpu = 500 - } - - template { - data = <<EOH -node.name=elastic -http.port=9200 -cluster.name=es-docker-cluster -discovery.type=single-node -bootstrap.memory_lock=true -xpack.security.enabled=true -ES_JAVA_OPTS=-Xms512m -Xmx512m -EOH - destination = "secrets/env" - env = true - } - } - task "kibana" { driver = "docker" config { diff --git a/configuration.nix b/configuration.nix index 278e841..4e323eb 100644 --- a/configuration.nix +++ b/configuration.nix @@ -34,6 +34,10 @@ keyMap = "fr"; }; + boot.kernel.sysctl = { + "vm.max_map_count" = 262144; + }; + # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ |