diff options
author | Alex Auvolat <alex@adnab.me> | 2023-01-03 21:00:10 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2023-01-03 21:00:10 +0100 |
commit | fe805b6bab6336554b62b997c3cf6fa7344ac08d (patch) | |
tree | b623f931651104efaf2e9719a6fc3d63501cd213 /cluster/prod/app/telemetry/deploy/telemetry-service.hcl | |
parent | 606668e25ede883f8640daeb8f9a0d7605e88853 (diff) | |
download | nixcfg-fe805b6bab6336554b62b997c3cf6fa7344ac08d.tar.gz nixcfg-fe805b6bab6336554b62b997c3cf6fa7344ac08d.zip |
Fix prometheus ssl certs
Diffstat (limited to 'cluster/prod/app/telemetry/deploy/telemetry-service.hcl')
-rw-r--r-- | cluster/prod/app/telemetry/deploy/telemetry-service.hcl | 223 |
1 files changed, 223 insertions, 0 deletions
diff --git a/cluster/prod/app/telemetry/deploy/telemetry-service.hcl b/cluster/prod/app/telemetry/deploy/telemetry-service.hcl new file mode 100644 index 0000000..4790cbd --- /dev/null +++ b/cluster/prod/app/telemetry/deploy/telemetry-service.hcl @@ -0,0 +1,223 @@ +job "telemetry-service" { + datacenters = ["neptune", "bespin"] + type = "service" + + group "prometheus" { + count = 2 + + network { + port "prometheus" { + static = 9090 + } + } + + constraint { + attribute = "${attr.unique.hostname}" + operator = "set_contains_any" + value = "concombre,df-ymk" + } + + task "prometheus" { + driver = "docker" + config { + image = "prom/prometheus:v2.39.0" + network_mode = "host" + ports = [ "prometheus" ] + args = [ + "--config.file=/etc/prometheus/prometheus.yml", + "--storage.tsdb.path=/data", + "--storage.tsdb.retention.size=20GB", + ] + volumes = [ + "secrets:/etc/prometheus", + "/mnt/ssd/prometheus:/data" + ] + } + + template { + data = file("../config/prometheus.yml") + destination = "secrets/prometheus.yml" + } + + template { + data = "{{ key \"secrets/consul/consul-ca.crt\" }}" + destination = "secrets/consul-ca.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "secrets/consul-client.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "secrets/consul-client.key" + } + + template { + data = "{{ key \"secrets/nomad/nomad-ca.crt\" }}" + destination = "secrets/nomad-ca.crt" + } + + template { + data = "{{ key \"secrets/nomad/nomad-client.crt\" }}" + destination = "secrets/nomad-client.crt" + } + + template { + data = "{{ key \"secrets/nomad/nomad-client.key\" }}" + destination = "secrets/nomad-client.key" + } + + resources { + memory = 1000 + cpu = 1000 + } + + service { + port = 9090 + address_mode = "driver" + name = "prometheus" + check { + type = "http" + path = "/" + port = 9090 + address_mode = "driver" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } + + group "grafana" { + count = 1 + + network { + port "grafana" { + static = 3719 + } + } + + task "restore-db" { + lifecycle { + hook = "prestart" + sidecar = false + } + + driver = "docker" + config { + image = "litestream/litestream:0.3.7" + args = [ + "restore", "-config", "/etc/litestream.yml", "/ephemeral/grafana.db" + ] + volumes = [ + "../alloc/data:/ephemeral", + "secrets/litestream.yml:/etc/litestream.yml" + ] + } + user = "472" + + template { + data = file("../config/grafana-litestream.yml") + destination = "secrets/litestream.yml" + } + + resources { + memory = 200 + cpu = 100 + } + } + + task "grafana" { + driver = "docker" + config { + image = "grafana/grafana:9.2.0" + network_mode = "host" + ports = [ "grafana" ] + volumes = [ + "../alloc/data:/var/lib/grafana", + "secrets/prometheus.yaml:/etc/grafana/provisioning/datasources/prometheus.yaml", + "secrets/ldap.toml:/etc/grafana/ldap.toml" + ] + } + + template { + data = file("../config/grafana-datasource-prometheus.yaml") + destination = "secrets/prometheus.yaml" + } + + template { + data = file("../config/grafana-ldap.toml") + destination = "secrets/ldap.toml" + } + + template { + data = <<EOH +GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource,grafana-piechart-panel,grafana-worldmap-panel,grafana-polystat-panel +GF_SERVER_HTTP_PORT=3719 +GF_AUTH_LDAP_ENABLED=true +EOH + destination = "secrets/env" + env = true + } + + resources { + memory = 500 + cpu = 500 + } + + service { + tags = [ + "grafana", + "tricot grafana.deuxfleurs.fr", + ] + port = 3719 + address_mode = "driver" + name = "grafana" + check { + type = "tcp" + port = 3719 + address_mode = "driver" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + + task "replicate-db" { + driver = "docker" + config { + image = "litestream/litestream:0.3.7" + args = [ + "replicate", "-config", "/etc/litestream.yml" + ] + volumes = [ + "../alloc/data:/ephemeral", + "secrets/litestream.yml:/etc/litestream.yml" + ] + } + user = "472" + + template { + data = file("../config/grafana-litestream.yml") + destination = "secrets/litestream.yml" + } + + resources { + memory = 200 + cpu = 100 + } + } + } +} |