diff options
author | Alex Auvolat <alex@adnab.me> | 2022-02-26 20:14:55 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-02-26 20:14:55 +0100 |
commit | bd2abf344915f502693a17a5f141518e1609910d (patch) | |
tree | 6c0672bc5fc359e1da276e48abecdf2933b1d8b2 /app/telemetry/deploy/telemetry-system.hcl | |
parent | 8064d91dfb76bc38466b5e9382b4d43f3188a444 (diff) | |
download | nixcfg-bd2abf344915f502693a17a5f141518e1609910d.tar.gz nixcfg-bd2abf344915f502693a17a5f141518e1609910d.zip |
Have an ElasticSearch cluster
Diffstat (limited to 'app/telemetry/deploy/telemetry-system.hcl')
-rw-r--r-- | app/telemetry/deploy/telemetry-system.hcl | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/app/telemetry/deploy/telemetry-system.hcl b/app/telemetry/deploy/telemetry-system.hcl new file mode 100644 index 0000000..9dd379d --- /dev/null +++ b/app/telemetry/deploy/telemetry-system.hcl @@ -0,0 +1,61 @@ +job "telemetry-system" { + datacenters = ["neptune"] + type = "system" + + group "elasticsearch" { + network { + port "elastic" { + static = 9200 + } + port "elastic_internal" { + static = 9300 + } + } + + task "elastic" { + driver = "docker" + config { + image = "docker.elastic.co/elasticsearch/elasticsearch:7.17.0" + network_mode = "host" + volumes = [ + "/mnt/ssd/telemetry/es_data:/usr/share/elasticsearch/data", + ] + ports = [ "elastic", "elastic_internal" ] + sysctl = { + #"vm.max_map_count" = "262144", + } + ulimit = { + memlock = "9223372036854775807:9223372036854775807", + } + } + + resources { + memory = 2500 + cpu = 500 + } + + template { + data = <<EOH +node.name={{ env "attr.unique.hostname" }} +http.port=9200 +transport.port=9300 +cluster.name=es-deuxfleurs +cluster.initial_master_nodes=caribou,cariacou,carcajou +discovery.seed_hosts=carcajou,caribou,cariacou +bootstrap.memory_lock=true +xpack.security.enabled=true +xpack.security.authc.api_key.enabled=true +xpack.security.transport.ssl.enabled=true +xpack.security.transport.ssl.verification_mode=certificate +xpack.security.transport.ssl.client_authentication=required +xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/data/elastic-certificates.p12 +xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/data/elastic-certificates.p12 +ES_JAVA_OPTS=-Xms512M -Xmx512M +EOH + destination = "secrets/env" + env = true + } + } + } +} + |