diff options
author | Alex Auvolat <alex@adnab.me> | 2023-01-04 09:35:40 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2023-01-04 09:35:40 +0100 |
commit | c11b6499b8ff35c5a6468cc1e4adb474ea72a963 (patch) | |
tree | 1832f52dd04c4a8e8e7b033646659517aa9353da | |
parent | 64785600876ca2598763312d8d381ef3b5632891 (diff) | |
download | nixcfg-c11b6499b8ff35c5a6468cc1e4adb474ea72a963.tar.gz nixcfg-c11b6499b8ff35c5a6468cc1e4adb474ea72a963.zip |
prod: deploy d53
-rw-r--r-- | cluster/prod/app/core/deploy/core-service.hcl | 64 | ||||
-rw-r--r-- | cluster/prod/app/core/deploy/core.hcl | 8 | ||||
-rw-r--r-- | cluster/prod/app/drone-ci/deploy/server.hcl | 3 | ||||
-rw-r--r-- | cluster/prod/app/garage/deploy/garage-light.hcl | 97 | ||||
-rw-r--r-- | cluster/prod/app/garage/deploy/garage.hcl | 2 | ||||
-rw-r--r-- | cluster/prod/app/guichet/deploy/directory.hcl | 3 | ||||
-rw-r--r-- | cluster/prod/app/jitsi/deploy/jitsi.hcl | 3 | ||||
-rw-r--r-- | cluster/prod/app/telemetry/deploy/telemetry-service.hcl | 98 | ||||
-rw-r--r-- | cluster/prod/app/telemetry/deploy/telemetry-storage.hcl | 97 |
9 files changed, 178 insertions, 197 deletions
diff --git a/cluster/prod/app/core/deploy/core-service.hcl b/cluster/prod/app/core/deploy/core-service.hcl new file mode 100644 index 0000000..d7a6299 --- /dev/null +++ b/cluster/prod/app/core/deploy/core-service.hcl @@ -0,0 +1,64 @@ +job "core-service" { + datacenters = ["neptune", "orion", "bespin"] + type = "service" + priority = 90 + + group "D53" { + count = 1 + + task "d53" { + driver = "docker" + + config { + image = "lxpz/amd64_d53:2" + network_mode = "host" + readonly_rootfs = true + volumes = [ + "secrets:/etc/d53", + ] + } + + resources { + cpu = 100 + memory = 100 + } + + restart { + interval = "3m" + attempts = 10 + delay = "15s" + mode = "delay" + } + + template { + data = "{{ key \"secrets/consul/consul-ca.crt\" }}" + destination = "secrets/consul-ca.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "secrets/consul-client.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "secrets/consul-client.key" + } + + template { + data = <<EOH +D53_CONSUL_HOST=https://localhost:8501 +D53_CONSUL_CA_CERT=/etc/d53/consul-ca.crt +D53_CONSUL_CLIENT_CERT=/etc/d53/consul-client.crt +D53_CONSUL_CLIENT_KEY=/etc/d53/consul-client.key +D53_PROVIDERS=deuxfleurs.fr:gandi +D53_GANDI_API_KEY={{ key "secrets/d53/gandi_api_key" }} +D53_ALLOWED_DOMAINS=deuxfleurs.fr +RUST_LOG=d53=info +EOH + destination = "secrets/env" + env = true + } + } + } +} diff --git a/cluster/prod/app/core/deploy/core.hcl b/cluster/prod/app/core/deploy/core.hcl index 5a28e2e..b59252e 100644 --- a/cluster/prod/app/core/deploy/core.hcl +++ b/cluster/prod/app/core/deploy/core.hcl @@ -147,7 +147,13 @@ EOH service { name = "tricot-https" port = "https_port" - tags = [ "(diplonat (tcp_port 443))", "${meta.site}" ] + tags = [ + "(diplonat (tcp_port 443))", + "${meta.site}", + "d53-aaaa ${meta.site}.site.deuxfleurs.fr", + "d53-a global.site.deuxfleurs.fr", + "d53-aaaa global.site.deuxfleurs.fr", + ] address_mode = "host" } diff --git a/cluster/prod/app/drone-ci/deploy/server.hcl b/cluster/prod/app/drone-ci/deploy/server.hcl index a42a9b1..8177193 100644 --- a/cluster/prod/app/drone-ci/deploy/server.hcl +++ b/cluster/prod/app/drone-ci/deploy/server.hcl @@ -1,5 +1,5 @@ job "drone-ci" { - datacenters = ["neptune"] + datacenters = ["neptune", "orion"] type = "service" group "server" { @@ -89,6 +89,7 @@ EOH tags = [ "drone", "tricot drone.deuxfleurs.fr", + "d53-cname drone.deuxfleurs.fr", ] port = "web_port" address_mode = "host" diff --git a/cluster/prod/app/garage/deploy/garage-light.hcl b/cluster/prod/app/garage/deploy/garage-light.hcl deleted file mode 100644 index 52ffb1c..0000000 --- a/cluster/prod/app/garage/deploy/garage-light.hcl +++ /dev/null @@ -1,97 +0,0 @@ -job "garage-light" { - datacenters = ["neptune", "bespin"] - type = "system" - priority = 80 - - update { - max_parallel = 1 - min_healthy_time = "60s" - } - - group "garage" { - network { - port "s3" { static = 3900 } - port "rpc" { static = 3901 } - port "web" { static = 3902 } - port "admin" { static = 3903 } - } - - update { - max_parallel = 1 - min_healthy_time = "30s" - healthy_deadline = "5m" - } - - task "server" { - driver = "docker" - config { - advertise_ipv6_address = true - image = "dxflrs/garage:v0.8-rc2" - command = "/garage" - args = [ "server" ] - network_mode = "host" - volumes = [ - "/mnt/storage/garage/data:/data", - "/mnt/ssd/garage/meta:/meta", - "secrets/garage.toml:/etc/garage.toml", - "secrets:/etc/garage", - ] - logging { - type = "journald" - } - } - - template { - data = file("../config/garage.toml") - destination = "secrets/garage.toml" - } - - template { - data = "{{ key \"secrets/consul/consul-ca.crt\" }}" - destination = "secrets/consul-ca.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.crt\" }}" - destination = "secrets/consul-client.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.key\" }}" - destination = "secrets/consul-client.key" - } - - resources { - memory = 1000 - cpu = 1000 - } - - kill_timeout = "20s" - - service { - port = 3903 - address_mode = "driver" - name = "garage-admin" - check { - type = "tcp" - port = 3903 - address_mode = "driver" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - - restart { - interval = "30m" - attempts = 10 - delay = "15s" - mode = "delay" - } - } - } -} diff --git a/cluster/prod/app/garage/deploy/garage.hcl b/cluster/prod/app/garage/deploy/garage.hcl index b503440..087e2fc 100644 --- a/cluster/prod/app/garage/deploy/garage.hcl +++ b/cluster/prod/app/garage/deploy/garage.hcl @@ -1,5 +1,5 @@ job "garage" { - datacenters = [ "orion" ] + datacenters = [ "neptune", "bespin", "orion" ] type = "system" priority = 80 diff --git a/cluster/prod/app/guichet/deploy/directory.hcl b/cluster/prod/app/guichet/deploy/directory.hcl index 0e46aa5..7161bb7 100644 --- a/cluster/prod/app/guichet/deploy/directory.hcl +++ b/cluster/prod/app/guichet/deploy/directory.hcl @@ -1,5 +1,5 @@ job "guichet" { - datacenters = [ "neptune" ] + datacenters = [ "neptune", "orion" ] type = "service" priority = 90 @@ -35,6 +35,7 @@ job "guichet" { tags = [ "guichet", "tricot guichet.deuxfleurs.fr", + "d53-cname guichet.deuxfleurs.fr", ] port = "web_port" address_mode = "host" diff --git a/cluster/prod/app/jitsi/deploy/jitsi.hcl b/cluster/prod/app/jitsi/deploy/jitsi.hcl index 7e12ae3..88ab315 100644 --- a/cluster/prod/app/jitsi/deploy/jitsi.hcl +++ b/cluster/prod/app/jitsi/deploy/jitsi.hcl @@ -1,5 +1,5 @@ job "jitsi" { - datacenters = ["neptune"] + datacenters = ["neptune", "orion"] type = "service" priority = "10" @@ -142,6 +142,7 @@ EOF tags = [ "jitsi", "tricot jitsi.deuxfleurs.fr", + "d53-cname jitsi.deuxfleurs.fr", ] port = "https_port" address_mode = "host" diff --git a/cluster/prod/app/telemetry/deploy/telemetry-service.hcl b/cluster/prod/app/telemetry/deploy/telemetry-service.hcl index 4790cbd..9955872 100644 --- a/cluster/prod/app/telemetry/deploy/telemetry-service.hcl +++ b/cluster/prod/app/telemetry/deploy/telemetry-service.hcl @@ -1,100 +1,7 @@ job "telemetry-service" { - datacenters = ["neptune", "bespin"] + datacenters = ["neptune", "orion"] type = "service" - group "prometheus" { - count = 2 - - network { - port "prometheus" { - static = 9090 - } - } - - constraint { - attribute = "${attr.unique.hostname}" - operator = "set_contains_any" - value = "concombre,df-ymk" - } - - task "prometheus" { - driver = "docker" - config { - image = "prom/prometheus:v2.39.0" - network_mode = "host" - ports = [ "prometheus" ] - args = [ - "--config.file=/etc/prometheus/prometheus.yml", - "--storage.tsdb.path=/data", - "--storage.tsdb.retention.size=20GB", - ] - volumes = [ - "secrets:/etc/prometheus", - "/mnt/ssd/prometheus:/data" - ] - } - - template { - data = file("../config/prometheus.yml") - destination = "secrets/prometheus.yml" - } - - template { - data = "{{ key \"secrets/consul/consul-ca.crt\" }}" - destination = "secrets/consul-ca.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.crt\" }}" - destination = "secrets/consul-client.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.key\" }}" - destination = "secrets/consul-client.key" - } - - template { - data = "{{ key \"secrets/nomad/nomad-ca.crt\" }}" - destination = "secrets/nomad-ca.crt" - } - - template { - data = "{{ key \"secrets/nomad/nomad-client.crt\" }}" - destination = "secrets/nomad-client.crt" - } - - template { - data = "{{ key \"secrets/nomad/nomad-client.key\" }}" - destination = "secrets/nomad-client.key" - } - - resources { - memory = 1000 - cpu = 1000 - } - - service { - port = 9090 - address_mode = "driver" - name = "prometheus" - check { - type = "http" - path = "/" - port = 9090 - address_mode = "driver" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } - group "grafana" { count = 1 @@ -137,7 +44,7 @@ job "telemetry-service" { task "grafana" { driver = "docker" config { - image = "grafana/grafana:9.2.0" + image = "grafana/grafana:9.3.2" network_mode = "host" ports = [ "grafana" ] volumes = [ @@ -176,6 +83,7 @@ EOH tags = [ "grafana", "tricot grafana.deuxfleurs.fr", + "d53-cname grafana.deuxfleurs.fr", ] port = 3719 address_mode = "driver" diff --git a/cluster/prod/app/telemetry/deploy/telemetry-storage.hcl b/cluster/prod/app/telemetry/deploy/telemetry-storage.hcl new file mode 100644 index 0000000..bf64719 --- /dev/null +++ b/cluster/prod/app/telemetry/deploy/telemetry-storage.hcl @@ -0,0 +1,97 @@ +job "telemetry-storage" { + datacenters = ["neptune", "bespin"] + type = "service" + + group "prometheus" { + count = 2 + + network { + port "prometheus" { + static = 9090 + } + } + + constraint { + attribute = "${attr.unique.hostname}" + operator = "set_contains_any" + value = "concombre,df-ymk" + } + + task "prometheus" { + driver = "docker" + config { + image = "prom/prometheus:v2.41.0" + network_mode = "host" + ports = [ "prometheus" ] + args = [ + "--config.file=/etc/prometheus/prometheus.yml", + "--storage.tsdb.path=/data", + "--storage.tsdb.retention.size=20GB", + ] + volumes = [ + "secrets:/etc/prometheus", + "/mnt/ssd/prometheus:/data" + ] + } + + template { + data = file("../config/prometheus.yml") + destination = "secrets/prometheus.yml" + } + + template { + data = "{{ key \"secrets/consul/consul-ca.crt\" }}" + destination = "secrets/consul-ca.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "secrets/consul-client.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "secrets/consul-client.key" + } + + template { + data = "{{ key \"secrets/nomad/nomad-ca.crt\" }}" + destination = "secrets/nomad-ca.crt" + } + + template { + data = "{{ key \"secrets/nomad/nomad-client.crt\" }}" + destination = "secrets/nomad-client.crt" + } + + template { + data = "{{ key \"secrets/nomad/nomad-client.key\" }}" + destination = "secrets/nomad-client.key" + } + + resources { + memory = 1000 + cpu = 1000 + } + + service { + port = 9090 + address_mode = "driver" + name = "prometheus" + check { + type = "http" + path = "/" + port = 9090 + address_mode = "driver" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} |