nomad
/
monitoring
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Small fixes

This commit is contained in:
Daniel Berteaud 2024-03-23 23:53:37 +01:00
parent a4d66759e0
commit 210264b4aa
8 changed files with 44 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
TODO.md
View File

@ -34,11 +34,12 @@
- vector-aggregator - vector-aggregator
- vector-agent (dans job agent) - vector-agent (dans job agent)
- ~~loki (modulariser ou laisser en monolithique ?)~~ - ~~loki (modulariser ou laisser en monolithique ?)~~
- grafana - ~~grafana~~
- ~~cluster-metrics (job exporters)~~ - ~~cluster-metrics (job exporters)~~
- questions / various - questions / various
- prom rules: keep or move to a -conf bundle ? - ~~prom rules: keep or move to a -conf bundle ?~~
- ~~config alertes am (recipient + routing)~~ - ~~config alertes am (recipient + routing)~~
- ~~http and tcp probes, as exporters are now in a dedicated job~~ - ~~http and tcp probes, as exporters are now in a dedicated job~~
- alertmanager & rules for loki - alertmanager & rules for loki
- bootstrap grafana

5
example/TODO.md
View File

@ -34,11 +34,12 @@
- vector-aggregator - vector-aggregator
- vector-agent (dans job agent) - vector-agent (dans job agent)
- ~~loki (modulariser ou laisser en monolithique ?)~~ - ~~loki (modulariser ou laisser en monolithique ?)~~
- grafana - ~~grafana~~
- ~~cluster-metrics (job exporters)~~ - ~~cluster-metrics (job exporters)~~
- questions / various - questions / various
- prom rules: keep or move to a -conf bundle ? - ~~prom rules: keep or move to a -conf bundle ?~~
- ~~config alertes am (recipient + routing)~~ - ~~config alertes am (recipient + routing)~~
- ~~http and tcp probes, as exporters are now in a dedicated job~~ - ~~http and tcp probes, as exporters are now in a dedicated job~~
- alertmanager & rules for loki - alertmanager & rules for loki
- bootstrap grafana

3
example/prep.d/10-montoring-rand-secrets
View File

@ -10,9 +10,10 @@ RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50"
if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then
vault kv put ${VAULT_KV_PATH} \ vault kv put ${VAULT_KV_PATH} \
secret_key="$(sh -c "${RAND_CMD}")" \ secret_key="$(sh -c "${RAND_CMD}")" \
initial_admin_pwd="$(sh -c "${RAND_CMD}")" \
fi fi
for SECRET in secret_key; do for SECRET in secret_key initial_admin_pwd; do
if ! vault kv get -field ${SECRET} ${VAULT_KV_PATH} >/dev/null 2>&1; then if ! vault kv get -field ${SECRET} ${VAULT_KV_PATH} >/dev/null 2>&1; then
vault kv patch ${VAULT_KV_PATH} \ vault kv patch ${VAULT_KV_PATH} \
${SECRET}=$(sh -c "${RAND_CMD}") ${SECRET}=$(sh -c "${RAND_CMD}")

5
example/services.nomad.hcl
View File

@ -1910,7 +1910,7 @@ _EOT
} }
} }
group "interface" { group "grafana" {
shutdown_delay = "6s" shutdown_delay = "6s"
@ -2141,6 +2141,7 @@ _EOT
# Use a template block instead of env {} so we can fetch values from vault # Use a template block instead of env {} so we can fetch values from vault
template { template {
data = <<_EOT data = <<_EOT
GF_SECURITY_ADMIN_PASSWORD={{ with secret "kv/service/monitoring/grafana" }}{{ .Data.data.initial_admin_pwd }}{{ end }}
LANG=fr_FR.utf8 LANG=fr_FR.utf8
TZ=Europe/Paris TZ=Europe/Paris
_EOT _EOT
@ -2185,6 +2186,8 @@ secret_key = {{ with secret "kv/service/monitoring/grafana" }}{{ .Data.data.secr
[dataproxy] [dataproxy]
timeout = 120 timeout = 120
[feature_toggles]
_EOT _EOT
destination = "secrets/grafana.ini" destination = "secrets/grafana.ini"
uid = 103000 uid = 103000

2
services.nomad.hcl
View File

@ -559,7 +559,7 @@ _EOT
} }
} }
group "interface" { group "grafana" {
[[- $c := merge .monitoring.grafana .monitoring . ]] [[- $c := merge .monitoring.grafana .monitoring . ]]
shutdown_delay = "6s" shutdown_delay = "6s"

5
templates/grafana/grafana.ini
View File

@ -35,3 +35,8 @@ secret_key = {{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]/grafana
[dataproxy] [dataproxy]
timeout = 120 timeout = 120
[feature_toggles]
[[- range $feature, $value := .feature_toggles ]]
[[ $feature ]] = [[ $value ]]
[[- end ]]

29
templates/prometheus/prometheus.yml
View File

@ -52,7 +52,7 @@ scrape_configs:
params: params:
module: ["http_2xx"] module: ["http_2xx"]
static_configs: static_configs:
{{ range $idx, $instance := service "blackbox-exporter[[ .consul.suffix ]]" }} {{- range $idx, $instance := service "blackbox-exporter[[ .consul.suffix ]]" }}
- targets: - targets:
[[- range $http_probe := .exporters.blackbox.http_probes ]] [[- range $http_probe := .exporters.blackbox.http_probes ]]
- [[ $http_probe ]] - [[ $http_probe ]]
@ -63,8 +63,8 @@ scrape_configs:
- source_labels: [__param_target] - source_labels: [__param_target]
target_label: instance target_label: instance
- target_label: __address__ - target_label: __address__
replacement: {{ .Address }}:{{ .Port }} replacement: {{ $instance.Address }}:{{ $instance.Port }}
{{ end }} {{- end }}
{{- end }} {{- end }}
[[- end ]] [[- end ]]
@ -81,9 +81,10 @@ scrape_configs:
params: params:
module: ["tcp_connect"] module: ["tcp_connect"]
static_configs: static_configs:
{ range $idx, $instance := service "blackbox-exporter[[ .consul.suffix ]]" }} {{- range $idx, $instance := service "blackbox-exporter[[ .consul.suffix ]]" }}
- targets:
[[- range $target := .exporters.blackbox.tcp_probes ]] [[- range $target := .exporters.blackbox.tcp_probes ]]
- [[ $target ]] - [[ $target ]]
[[- end ]] [[- end ]]
relabel_configs: relabel_configs:
- source_labels: [__address__] - source_labels: [__address__]
@ -91,11 +92,25 @@ scrape_configs:
- source_labels: [__param_target] - source_labels: [__param_target]
target_label: instance target_label: instance
- target_label: __address__ - target_label: __address__
replacement: {{ .Address }}:{{ .Port }} replacement: {{ $instance.Address }}:{{ $instance.Port }}
{{ end }} {{- end }}
{{- end }} {{- end }}
[[- end ]] [[- end ]]
[[- if gt (len .exporters.ping.probes) 0 ]]
# Ping exporter
- job_name: ping
scheme: https
tls_config:
ca_file: /local/monitoring.ca.pem
cert_file: /secrets/prometheus.bundle.pem
key_file: /secrets/prometheus.bundle.pem
static_configs:
{{- range $idx, $instance := service "ping-exporter[[ .consul.suffix ]]" }}
- targets: ["{{ $instance.Address }}:{{ $instance.Port }}"]
{{- end }}
[[- end ]]
# Cluster services # Cluster services
- job_name: cluster-services - job_name: cluster-services
scheme: https scheme: https

5
variables.yml
View File

@ -10,6 +10,7 @@ vault:
- path: grafana - path: grafana
fields: fields:
- secret_key - secret_key
- initial_admin_pwd
monitoring: monitoring:
@ -188,7 +189,8 @@ monitoring:
grafana: grafana:
version: 10.4.1 version: 10.4.1
image: '[[ .docker.repo ]]grafana:[[ .monitoring.grafana.version ]]-1' image: '[[ .docker.repo ]]grafana:[[ .monitoring.grafana.version ]]-1'
env: {} env:
GF_SECURITY_ADMIN_PASSWORD: '{{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]/grafana" }}{{ .Data.data.initial_admin_pwd }}{{ end }}'
resources: resources:
cpu: 100 cpu: 100
memory: 256 memory: 256
@ -198,6 +200,7 @@ monitoring:
#- ddurieux-glpi-app #- ddurieux-glpi-app
- grafana-clock-panel - grafana-clock-panel
- grafana-piechart-panel - grafana-piechart-panel
feature_toggles: {}
traefik: traefik:
enabled: true enabled: true
router: grafana router: grafana