diff options
Diffstat (limited to 'experimental/bad.telemetry-elastic/deploy')
-rw-r--r-- | experimental/bad.telemetry-elastic/deploy/telemetry-system.hcl | 182 | ||||
-rw-r--r-- | experimental/bad.telemetry-elastic/deploy/telemetry.hcl | 181 |
2 files changed, 363 insertions, 0 deletions
diff --git a/experimental/bad.telemetry-elastic/deploy/telemetry-system.hcl b/experimental/bad.telemetry-elastic/deploy/telemetry-system.hcl new file mode 100644 index 0000000..3e26c2e --- /dev/null +++ b/experimental/bad.telemetry-elastic/deploy/telemetry-system.hcl @@ -0,0 +1,182 @@ +job "telemetry-system" { + datacenters = ["neptune"] + type = "system" + + group "elasticsearch" { + network { + port "elastic" { + static = 9200 + } + port "elastic_internal" { + static = 9300 + } + } + + task "elastic" { + driver = "docker" + config { + image = "docker.elastic.co/elasticsearch/elasticsearch:8.2.0" + network_mode = "host" + volumes = [ + "/mnt/ssd/telemetry/es_data:/usr/share/elasticsearch/data", + "secrets/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12", + ] + ports = [ "elastic", "elastic_internal" ] + sysctl = { + #"vm.max_map_count" = "262144", + } + ulimit = { + memlock = "9223372036854775807:9223372036854775807", + } + } + + user = "1000" + + resources { + memory = 1500 + cpu = 500 + } + + template { + data = "{{ key \"secrets/telemetry/elasticsearch/elastic-certificates.p12\" }}" + destination = "secrets/elastic-certificates.p12" + } + + template { + data = <<EOH +node.name={{ env "attr.unique.hostname" }} +http.port=9200 +transport.port=9300 +cluster.name=es-deuxfleurs +cluster.initial_master_nodes=carcajou,caribou,cariacou +discovery.seed_hosts=carcajou,caribou,cariacou +bootstrap.memory_lock=true +xpack.security.enabled=true +xpack.security.authc.api_key.enabled=true +xpack.security.transport.ssl.enabled=true +xpack.security.transport.ssl.verification_mode=certificate +xpack.security.transport.ssl.client_authentication=required +xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/elastic-certificates.p12 +xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/elastic-certificates.p12 +cluster.routing.allocation.disk.watermark.high=75% +cluster.routing.allocation.disk.watermark.low=65% +ES_JAVA_OPTS=-Xms512M -Xmx512M +EOH + destination = "secrets/env" + env = true + } + } + } + + group "collector" { + network { + port "otel_grpc" { + static = 4317 + } + port "apm" { + static = 8200 + } + port "node_exporter" { + static = 9100 + } + } + + task "otel" { + driver = "docker" + config { + image = "otel/opentelemetry-collector-contrib:0.46.0" + args = [ + "--config=/etc/otel-config.yaml", + ] + network_mode = "host" + ports= [ "otel_grpc" ] + volumes = [ + "secrets/otel-config.yaml:/etc/otel-config.yaml" + ] + } + + template { + data = file("../config/otel-config.yaml") + destination = "secrets/otel-config.yaml" + } + + resources { + memory = 100 + cpu = 100 + } + } + + task "apm" { + driver = "docker" + config { + image = "docker.elastic.co/apm/apm-server:8.2.0" + network_mode = "host" + ports = [ "apm" ] + args = [ "--strict.perms=false" ] + volumes = [ + "secrets/apm-config.yaml:/usr/share/apm-server/apm-server.yml:ro" + ] + } + + template { + data = file("../config/apm-config.yaml") + destination = "secrets/apm-config.yaml" + } + + resources { + memory = 100 + cpu = 100 + } + } + +/* + task "node_exporter" { + driver = "docker" + config { + image = "quay.io/prometheus/node-exporter:v1.1.2" + network_mode = "host" + ports = [ "node_exporter" ] + volumes = [ + "/:/host:ro,rslave" + ] + args = [ "--path.rootfs=/host" ] + } + + resources { + cpu = 50 + memory = 40 + } + } +*/ + + task "filebeat" { + driver = "docker" + config { + image = "docker.elastic.co/beats/filebeat:8.2.0" + network_mode = "host" + volumes = [ + "/mnt/ssd/telemetry/filebeat:/usr/share/filebeat/data", + "secrets/filebeat.yml:/usr/share/filebeat/filebeat.yml", + "/var/run/docker.sock:/var/run/docker.sock", + "/var/lib/docker/containers/:/var/lib/docker/containers/:ro", + "/var/log/:/var/log/:ro", + ] + args = [ "--strict.perms=false" ] + privileged = true + } + user = "root" + + + template { + data = file("../config/filebeat.yml") + destination = "secrets/filebeat.yml" + } + + resources { + memory = 100 + cpu = 100 + } + } + } +} + diff --git a/experimental/bad.telemetry-elastic/deploy/telemetry.hcl b/experimental/bad.telemetry-elastic/deploy/telemetry.hcl new file mode 100644 index 0000000..21685a1 --- /dev/null +++ b/experimental/bad.telemetry-elastic/deploy/telemetry.hcl @@ -0,0 +1,181 @@ +job "telemetry" { + datacenters = ["neptune"] + type = "service" + + group "kibana" { + count = 1 + + network { + port "kibana" { + static = 5601 + } + } + + task "kibana" { + driver = "docker" + config { + image = "docker.elastic.co/kibana/kibana:8.2.0" + network_mode = "host" + ports = [ "kibana" ] + } + + template { + data = <<EOH +SERVER_NAME={{ env "attr.unique.hostname" }} +ELASTICSEARCH_HOSTS=http://localhost:9200 +ELASTICSEARCH_USERNAME=kibana_system +ELASTICSEARCH_PASSWORD={{ key "secrets/telemetry/elastic_passwords/kibana_system" }} +SERVER_PUBLICBASEURL=https://kibana.home.adnab.me +EOH + destination = "secrets/env" + env = true + } + + resources { + memory = 1000 + cpu = 500 + } + + service { + tags = [ + "kibana", + "tricot kibana.staging.deuxfleurs.org", + ] + port = 5601 + address_mode = "driver" + name = "kibana" + check { + type = "tcp" + port = 5601 + address_mode = "driver" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } + + group "grafana" { + count = 1 + + network { + port "grafana" { + static = 3333 + } + } + + task "restore-db" { + lifecycle { + hook = "prestart" + sidecar = false + } + + driver = "docker" + config { + image = "litestream/litestream:0.3.7" + args = [ + "restore", "-config", "/etc/litestream.yml", "/ephemeral/grafana.db" + ] + volumes = [ + "../alloc/data:/ephemeral", + "secrets/litestream.yml:/etc/litestream.yml" + ] + } + user = "472" + + template { + data = file("../config/grafana-litestream.yml") + destination = "secrets/litestream.yml" + } + + resources { + memory = 200 + cpu = 1000 + } + } + + task "grafana" { + driver = "docker" + config { + image = "grafana/grafana:8.4.3" + network_mode = "host" + ports = [ "grafana" ] + volumes = [ + "../alloc/data:/var/lib/grafana", + "secrets/elastic.yaml:/etc/grafana/provisioning/datasources/elastic.yaml" + ] + } + + template { + data = file("../config/grafana/provisioning/datasources/elastic.yaml") + destination = "secrets/elastic.yaml" + } + + template { + data = <<EOH +GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource,grafana-piechart-panel,grafana-worldmap-panel,grafana-polystat-panel +GF_SERVER_HTTP_PORT=3333 +EOH + destination = "secrets/env" + env = true + } + + resources { + memory = 500 + cpu = 100 + } + + service { + tags = [ + "grafana", + "tricot grafana.staging.deuxfleurs.org", + ] + port = 3333 + address_mode = "driver" + name = "grafana" + check { + type = "tcp" + port = 3333 + address_mode = "driver" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + + task "replicate-db" { + driver = "docker" + config { + image = "litestream/litestream:0.3.7" + args = [ + "replicate", "-config", "/etc/litestream.yml" + ] + volumes = [ + "../alloc/data:/ephemeral", + "secrets/litestream.yml:/etc/litestream.yml" + ] + } + user = "472" + + template { + data = file("../config/grafana-litestream.yml") + destination = "secrets/litestream.yml" + } + + resources { + memory = 200 + cpu = 100 + } + } + } +} |