aboutsummaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-05-04 16:27:46 +0200
committerAlex Auvolat <alex@adnab.me>2022-05-04 16:27:46 +0200
commit9cae8c8fc2fc3486edb80a135ecfed02fb6840a3 (patch)
treeb9dc92ec1e57d743089d5cc67a1d7a1609f3de97 /app
parent1b4f96ffb2fb4130102955fdf1b152c6d56ee0f8 (diff)
downloadnixcfg-9cae8c8fc2fc3486edb80a135ecfed02fb6840a3.tar.gz
nixcfg-9cae8c8fc2fc3486edb80a135ecfed02fb6840a3.zip
Update telemetry to ES 8.2.0 and simplify config a bit
Diffstat (limited to 'app')
-rw-r--r--app/telemetry/config/apm-config.yaml4
-rw-r--r--app/telemetry/config/grafana/provisioning/datasources/elastic.yaml8
-rw-r--r--app/telemetry/deploy/telemetry-system.hcl18
-rw-r--r--app/telemetry/deploy/telemetry.hcl2
4 files changed, 20 insertions, 12 deletions
diff --git a/app/telemetry/config/apm-config.yaml b/app/telemetry/config/apm-config.yaml
index 9288036..07a88bd 100644
--- a/app/telemetry/config/apm-config.yaml
+++ b/app/telemetry/config/apm-config.yaml
@@ -8,8 +8,8 @@ output.elasticsearch:
# In case you specify and additional path, the scheme is required: `http://localhost:9200/path`.
# IPv6 addresses should always be defined as: `https://[2001:db8::1]:9200`.
hosts: ["localhost:9200"]
- username: "apm"
- password: "{{ key "secrets/telemetry/elastic_passwords/apm" }}"
+ username: "elastic"
+ password: "{{ key "secrets/telemetry/elastic_passwords/elastic" }}"
instrumentation:
enabled: true
diff --git a/app/telemetry/config/grafana/provisioning/datasources/elastic.yaml b/app/telemetry/config/grafana/provisioning/datasources/elastic.yaml
index a41be6f..7d2277c 100644
--- a/app/telemetry/config/grafana/provisioning/datasources/elastic.yaml
+++ b/app/telemetry/config/grafana/provisioning/datasources/elastic.yaml
@@ -5,13 +5,13 @@ datasources:
type: elasticsearch
access: proxy
url: http://localhost:9200
- password: '{{ key "secrets/telemetry/elastic_passwords/grafana" }}'
- user: 'grafana'
- database: apm-*
+ password: '{{ key "secrets/telemetry/elastic_passwords/elastic" }}'
+ user: 'elastic'
+ database: metrics-*
basicAuth: false
isDefault: true
jsonData:
- esVersion: "7.10.0"
+ esVersion: "8.2.0"
includeFrozen: false
logLevelField: ''
logMessageField: ''
diff --git a/app/telemetry/deploy/telemetry-system.hcl b/app/telemetry/deploy/telemetry-system.hcl
index cb39bac..d5a7241 100644
--- a/app/telemetry/deploy/telemetry-system.hcl
+++ b/app/telemetry/deploy/telemetry-system.hcl
@@ -15,10 +15,11 @@ job "telemetry-system" {
task "elastic" {
driver = "docker"
config {
- image = "docker.elastic.co/elasticsearch/elasticsearch:7.17.0"
+ image = "docker.elastic.co/elasticsearch/elasticsearch:8.2.0"
network_mode = "host"
volumes = [
"/mnt/ssd/telemetry/es_data:/usr/share/elasticsearch/data",
+ "secrets/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12",
]
ports = [ "elastic", "elastic_internal" ]
sysctl = {
@@ -29,12 +30,19 @@ job "telemetry-system" {
}
}
+ user = "1000"
+
resources {
memory = 1500
cpu = 500
}
template {
+ data = "{{ key \"secrets/telemetry/elasticsearch/elastic-certificates.p12\" }}"
+ destination = "secrets/elastic-certificates.p12"
+ }
+
+ template {
data = <<EOH
node.name={{ env "attr.unique.hostname" }}
http.port=9200
@@ -48,8 +56,8 @@ xpack.security.authc.api_key.enabled=true
xpack.security.transport.ssl.enabled=true
xpack.security.transport.ssl.verification_mode=certificate
xpack.security.transport.ssl.client_authentication=required
-xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/data/elastic-certificates.p12
-xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/data/elastic-certificates.p12
+xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
+xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
cluster.routing.allocation.disk.watermark.high=75%
cluster.routing.allocation.disk.watermark.low=65%
ES_JAVA_OPTS=-Xms512M -Xmx512M
@@ -101,7 +109,7 @@ EOH
task "apm" {
driver = "docker"
config {
- image = "docker.elastic.co/apm/apm-server:7.17.1"
+ image = "docker.elastic.co/apm/apm-server:8.2.0"
network_mode = "host"
ports = [ "apm" ]
args = [ "--strict.perms=false" ]
@@ -144,7 +152,7 @@ EOH
task "filebeat" {
driver = "docker"
config {
- image = "docker.elastic.co/beats/filebeat:7.17.1"
+ image = "docker.elastic.co/beats/filebeat:8.2.0"
network_mode = "host"
volumes = [
"/mnt/ssd/telemetry/filebeat:/usr/share/filebeat/data",
diff --git a/app/telemetry/deploy/telemetry.hcl b/app/telemetry/deploy/telemetry.hcl
index fc0c389..afabfa7 100644
--- a/app/telemetry/deploy/telemetry.hcl
+++ b/app/telemetry/deploy/telemetry.hcl
@@ -14,7 +14,7 @@ job "telemetry" {
task "kibana" {
driver = "docker"
config {
- image = "docker.elastic.co/kibana/kibana:7.17.0"
+ image = "docker.elastic.co/kibana/kibana:8.2.0"
network_mode = "host"
ports = [ "kibana" ]
}