aboutsummaryrefslogtreecommitdiff
path: root/cluster/prod/app/telemetry/config
diff options
context:
space:
mode:
Diffstat (limited to 'cluster/prod/app/telemetry/config')
-rw-r--r--cluster/prod/app/telemetry/config/grafana-ldap.toml49
-rw-r--r--cluster/prod/app/telemetry/config/prometheus.yml24
2 files changed, 73 insertions, 0 deletions
diff --git a/cluster/prod/app/telemetry/config/grafana-ldap.toml b/cluster/prod/app/telemetry/config/grafana-ldap.toml
new file mode 100644
index 0000000..31cf18a
--- /dev/null
+++ b/cluster/prod/app/telemetry/config/grafana-ldap.toml
@@ -0,0 +1,49 @@
+[[servers]]
+# Ldap server host (specify multiple hosts space separated)
+host = "bottin.service.prod.consul"
+# Default port is 389 or 636 if use_ssl = true
+port = 389
+# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)
+use_ssl = false
+# If set to true, use LDAP with STARTTLS instead of LDAPS
+start_tls = false
+# set to true if you want to skip SSL cert validation
+ssl_skip_verify = false
+# set to the path to your root CA certificate or leave unset to use system defaults
+# root_ca_cert = "/path/to/certificate.crt"
+# Authentication against LDAP servers requiring client certificates
+# client_cert = "/path/to/client.crt"
+# client_key = "/path/to/client.key"
+
+# Search user bind dn
+bind_dn = "cn=grafana,ou=services,ou=users,dc=deuxfleurs,dc=fr"
+# Search user bind password
+# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
+bind_password = "{{ key "secrets/telemetry/grafana/grafana_ldap_password" | trimSpace }}"
+
+# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
+# Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
+search_filter = "(cn=%s)"
+
+# An array of base dns to search through
+search_base_dns = ["ou=users,dc=deuxfleurs,dc=fr"]
+
+# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
+# group_search_filter_user_attribute = "distinguishedName"
+# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]
+
+[[servers.group_mappings]]
+group_dn = "cn=admin,ou=groups,dc=deuxfleurs,dc=fr"
+org_role = "Admin"
+grafana_admin = true
+
+[[servers.group_mappings]]
+group_dn = "*"
+org_role = "Viewer"
+
+# Specify names of the LDAP attributes your LDAP uses
+[servers.attributes]
+member_of = "memberof"
+email = "mail"
+username = "cn"
+uid = "cn"
diff --git a/cluster/prod/app/telemetry/config/prometheus.yml b/cluster/prod/app/telemetry/config/prometheus.yml
index 42d438c..a52b64d 100644
--- a/cluster/prod/app/telemetry/config/prometheus.yml
+++ b/cluster/prod/app/telemetry/config/prometheus.yml
@@ -41,3 +41,27 @@ scrape_configs:
ca_file: /etc/prometheus/consul.crt
cert_file: /etc/prometheus/consul-client.crt
key_file: /etc/prometheus/consul-client.key
+
+ # see https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config
+ # and https://www.nomadproject.io/api-docs/metrics
+ # and https://learn.hashicorp.com/tutorials/nomad/prometheus-metrics
+ # dashboard at https://grafana.com/grafana/dashboards/3800
+ - job_name: 'nomad'
+ scrape_interval: 10s
+ metrics_path: "/v1/metrics"
+ params:
+ format: ['prometheus']
+ scheme: 'https'
+ tls_config:
+ ca_file: /etc/prometheus/nomad.crt
+ cert_file: /etc/prometheus/nomad-client.crt
+ key_file: /etc/prometheus/nomad-client.key
+ insecure_skip_verify: true
+ consul_sd_configs:
+ - server: 'https://localhost:8501'
+ services:
+ - 'nomad-client'
+ tls_config:
+ ca_file: /etc/prometheus/consul.crt
+ cert_file: /etc/prometheus/consul-client.crt
+ key_file: /etc/prometheus/consul-client.key