diff options
Diffstat (limited to 'cluster/prod/app/telemetry/config')
-rw-r--r-- | cluster/prod/app/telemetry/config/grafana-ldap.toml | 49 | ||||
-rw-r--r-- | cluster/prod/app/telemetry/config/prometheus.yml | 24 |
2 files changed, 73 insertions, 0 deletions
diff --git a/cluster/prod/app/telemetry/config/grafana-ldap.toml b/cluster/prod/app/telemetry/config/grafana-ldap.toml new file mode 100644 index 0000000..31cf18a --- /dev/null +++ b/cluster/prod/app/telemetry/config/grafana-ldap.toml @@ -0,0 +1,49 @@ +[[servers]] +# Ldap server host (specify multiple hosts space separated) +host = "bottin.service.prod.consul" +# Default port is 389 or 636 if use_ssl = true +port = 389 +# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS) +use_ssl = false +# If set to true, use LDAP with STARTTLS instead of LDAPS +start_tls = false +# set to true if you want to skip SSL cert validation +ssl_skip_verify = false +# set to the path to your root CA certificate or leave unset to use system defaults +# root_ca_cert = "/path/to/certificate.crt" +# Authentication against LDAP servers requiring client certificates +# client_cert = "/path/to/client.crt" +# client_key = "/path/to/client.key" + +# Search user bind dn +bind_dn = "cn=grafana,ou=services,ou=users,dc=deuxfleurs,dc=fr" +# Search user bind password +# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" +bind_password = "{{ key "secrets/telemetry/grafana/grafana_ldap_password" | trimSpace }}" + +# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)" +# Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))" +search_filter = "(cn=%s)" + +# An array of base dns to search through +search_base_dns = ["ou=users,dc=deuxfleurs,dc=fr"] + +# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))" +# group_search_filter_user_attribute = "distinguishedName" +# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"] + +[[servers.group_mappings]] +group_dn = "cn=admin,ou=groups,dc=deuxfleurs,dc=fr" +org_role = "Admin" +grafana_admin = true + +[[servers.group_mappings]] +group_dn = "*" +org_role = "Viewer" + +# Specify names of the LDAP attributes your LDAP uses +[servers.attributes] +member_of = "memberof" +email = "mail" +username = "cn" +uid = "cn" diff --git a/cluster/prod/app/telemetry/config/prometheus.yml b/cluster/prod/app/telemetry/config/prometheus.yml index 42d438c..a52b64d 100644 --- a/cluster/prod/app/telemetry/config/prometheus.yml +++ b/cluster/prod/app/telemetry/config/prometheus.yml @@ -41,3 +41,27 @@ scrape_configs: ca_file: /etc/prometheus/consul.crt cert_file: /etc/prometheus/consul-client.crt key_file: /etc/prometheus/consul-client.key + + # see https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config + # and https://www.nomadproject.io/api-docs/metrics + # and https://learn.hashicorp.com/tutorials/nomad/prometheus-metrics + # dashboard at https://grafana.com/grafana/dashboards/3800 + - job_name: 'nomad' + scrape_interval: 10s + metrics_path: "/v1/metrics" + params: + format: ['prometheus'] + scheme: 'https' + tls_config: + ca_file: /etc/prometheus/nomad.crt + cert_file: /etc/prometheus/nomad-client.crt + key_file: /etc/prometheus/nomad-client.key + insecure_skip_verify: true + consul_sd_configs: + - server: 'https://localhost:8501' + services: + - 'nomad-client' + tls_config: + ca_file: /etc/prometheus/consul.crt + cert_file: /etc/prometheus/consul-client.crt + key_file: /etc/prometheus/consul-client.key |