diff options
author | Alex Auvolat <alex@adnab.me> | 2022-05-04 16:27:46 +0200 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-05-04 16:27:46 +0200 |
commit | 9cae8c8fc2fc3486edb80a135ecfed02fb6840a3 (patch) | |
tree | b9dc92ec1e57d743089d5cc67a1d7a1609f3de97 /app | |
parent | 1b4f96ffb2fb4130102955fdf1b152c6d56ee0f8 (diff) | |
download | nixcfg-9cae8c8fc2fc3486edb80a135ecfed02fb6840a3.tar.gz nixcfg-9cae8c8fc2fc3486edb80a135ecfed02fb6840a3.zip |
Update telemetry to ES 8.2.0 and simplify config a bit
Diffstat (limited to 'app')
-rw-r--r-- | app/telemetry/config/apm-config.yaml | 4 | ||||
-rw-r--r-- | app/telemetry/config/grafana/provisioning/datasources/elastic.yaml | 8 | ||||
-rw-r--r-- | app/telemetry/deploy/telemetry-system.hcl | 18 | ||||
-rw-r--r-- | app/telemetry/deploy/telemetry.hcl | 2 |
4 files changed, 20 insertions, 12 deletions
diff --git a/app/telemetry/config/apm-config.yaml b/app/telemetry/config/apm-config.yaml index 9288036..07a88bd 100644 --- a/app/telemetry/config/apm-config.yaml +++ b/app/telemetry/config/apm-config.yaml @@ -8,8 +8,8 @@ output.elasticsearch: # In case you specify and additional path, the scheme is required: `http://localhost:9200/path`. # IPv6 addresses should always be defined as: `https://[2001:db8::1]:9200`. hosts: ["localhost:9200"] - username: "apm" - password: "{{ key "secrets/telemetry/elastic_passwords/apm" }}" + username: "elastic" + password: "{{ key "secrets/telemetry/elastic_passwords/elastic" }}" instrumentation: enabled: true diff --git a/app/telemetry/config/grafana/provisioning/datasources/elastic.yaml b/app/telemetry/config/grafana/provisioning/datasources/elastic.yaml index a41be6f..7d2277c 100644 --- a/app/telemetry/config/grafana/provisioning/datasources/elastic.yaml +++ b/app/telemetry/config/grafana/provisioning/datasources/elastic.yaml @@ -5,13 +5,13 @@ datasources: type: elasticsearch access: proxy url: http://localhost:9200 - password: '{{ key "secrets/telemetry/elastic_passwords/grafana" }}' - user: 'grafana' - database: apm-* + password: '{{ key "secrets/telemetry/elastic_passwords/elastic" }}' + user: 'elastic' + database: metrics-* basicAuth: false isDefault: true jsonData: - esVersion: "7.10.0" + esVersion: "8.2.0" includeFrozen: false logLevelField: '' logMessageField: '' diff --git a/app/telemetry/deploy/telemetry-system.hcl b/app/telemetry/deploy/telemetry-system.hcl index cb39bac..d5a7241 100644 --- a/app/telemetry/deploy/telemetry-system.hcl +++ b/app/telemetry/deploy/telemetry-system.hcl @@ -15,10 +15,11 @@ job "telemetry-system" { task "elastic" { driver = "docker" config { - image = "docker.elastic.co/elasticsearch/elasticsearch:7.17.0" + image = "docker.elastic.co/elasticsearch/elasticsearch:8.2.0" network_mode = "host" volumes = [ "/mnt/ssd/telemetry/es_data:/usr/share/elasticsearch/data", + "secrets/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12", ] ports = [ "elastic", "elastic_internal" ] sysctl = { @@ -29,12 +30,19 @@ job "telemetry-system" { } } + user = "1000" + resources { memory = 1500 cpu = 500 } template { + data = "{{ key \"secrets/telemetry/elasticsearch/elastic-certificates.p12\" }}" + destination = "secrets/elastic-certificates.p12" + } + + template { data = <<EOH node.name={{ env "attr.unique.hostname" }} http.port=9200 @@ -48,8 +56,8 @@ xpack.security.authc.api_key.enabled=true xpack.security.transport.ssl.enabled=true xpack.security.transport.ssl.verification_mode=certificate xpack.security.transport.ssl.client_authentication=required -xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/data/elastic-certificates.p12 -xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/data/elastic-certificates.p12 +xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/elastic-certificates.p12 +xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/elastic-certificates.p12 cluster.routing.allocation.disk.watermark.high=75% cluster.routing.allocation.disk.watermark.low=65% ES_JAVA_OPTS=-Xms512M -Xmx512M @@ -101,7 +109,7 @@ EOH task "apm" { driver = "docker" config { - image = "docker.elastic.co/apm/apm-server:7.17.1" + image = "docker.elastic.co/apm/apm-server:8.2.0" network_mode = "host" ports = [ "apm" ] args = [ "--strict.perms=false" ] @@ -144,7 +152,7 @@ EOH task "filebeat" { driver = "docker" config { - image = "docker.elastic.co/beats/filebeat:7.17.1" + image = "docker.elastic.co/beats/filebeat:8.2.0" network_mode = "host" volumes = [ "/mnt/ssd/telemetry/filebeat:/usr/share/filebeat/data", diff --git a/app/telemetry/deploy/telemetry.hcl b/app/telemetry/deploy/telemetry.hcl index fc0c389..afabfa7 100644 --- a/app/telemetry/deploy/telemetry.hcl +++ b/app/telemetry/deploy/telemetry.hcl @@ -14,7 +14,7 @@ job "telemetry" { task "kibana" { driver = "docker" config { - image = "docker.elastic.co/kibana/kibana:7.17.0" + image = "docker.elastic.co/kibana/kibana:8.2.0" network_mode = "host" ports = [ "kibana" ] } |