Compare commits
2 commits
056bfafcd5
...
3c4f505413
Author | SHA1 | Date | |
---|---|---|---|
3c4f505413 | |||
af2ee0a076 |
8 changed files with 155 additions and 0 deletions
|
@ -1,5 +1,6 @@
|
|||
data_directory_base: /mnt/data
|
||||
git_ssh_port: 56287
|
||||
elasticsearch_port: 14653
|
||||
concourse_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBSVLcr617iJt+hqLFSsOQy1JeueLIAj1eRfuI+KeZAu pim@x260"
|
||||
|
||||
nfs_shares:
|
||||
|
@ -37,6 +38,12 @@ nfs_shares:
|
|||
path: /mnt/data/overleaf/mongodb
|
||||
- name: prometheus_data
|
||||
path: /mnt/data/prometheus/data
|
||||
- name: elasticsearch_certs
|
||||
path: /mnt/data/elasticsearch/certs
|
||||
- name: elasticsearch_data
|
||||
path: /mnt/data/elasticsearch/data
|
||||
- name: grafana_data
|
||||
path: /mnt/data/grafana/data
|
||||
|
||||
database_passwords:
|
||||
nextcloud: !vault |
|
||||
|
|
|
@ -9,3 +9,5 @@ all:
|
|||
hosts:
|
||||
bancomart:
|
||||
ansible_host: bancomart.dmz
|
||||
handjecontantje:
|
||||
ansible_host: handjecontantje.dmz
|
||||
|
|
|
@ -53,3 +53,10 @@
|
|||
authorized_key:
|
||||
user: root
|
||||
key: "{{ concourse_public_key }}"
|
||||
|
||||
- hosts: manager, workers
|
||||
tasks:
|
||||
- name: Increase vm.max_map_count
|
||||
sysctl:
|
||||
name: vm.max_map_count
|
||||
value: 262144
|
||||
|
|
|
@ -20,3 +20,4 @@
|
|||
- {role: nextcloud, tags: nextcloud}
|
||||
- {role: syncthing, tags: syncthing}
|
||||
- {role: prometheus, tags: prometheus}
|
||||
- {role: monitoring, tags: monitoring}
|
||||
|
|
98
ansible/roles/monitoring/docker-stack.yml.j2
Normal file
98
ansible/roles/monitoring/docker-stack.yml.j2
Normal file
|
@ -0,0 +1,98 @@
|
|||
# vi: ft=yaml
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
traefik:
|
||||
external: true
|
||||
|
||||
configs:
|
||||
esdatasource:
|
||||
external: true
|
||||
name: "{{ esdatasource.config_name }}"
|
||||
|
||||
volumes:
|
||||
escerts:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
device: ":/mnt/data/elasticsearch/certs"
|
||||
esdata:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
device: ":/mnt/data/elasticsearch/data"
|
||||
grafanadata:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
device: ":/mnt/data/grafana/data"
|
||||
|
||||
services:
|
||||
elasticsearch:
|
||||
image: docker.elastic.co/elasticsearch/elasticsearch:8.8.1
|
||||
volumes:
|
||||
- type: volume
|
||||
source: escerts
|
||||
target: /usr/share/elasticsearch/config/certs
|
||||
volume:
|
||||
nocopy: true
|
||||
- type: volume
|
||||
source: esdata
|
||||
target: /usr/share/elasticsearch/data
|
||||
volume:
|
||||
nocopy: true
|
||||
ports:
|
||||
- {{ elasticsearch_port }}:9200
|
||||
environment:
|
||||
- node.name=es01
|
||||
- cluster.name=shoarma
|
||||
- cluster.initial_master_nodes=es01
|
||||
- bootstrap.memory_lock=true
|
||||
- xpack.security.enabled=false
|
||||
- xpack.security.http.ssl.enabled=false
|
||||
- xpack.security.http.ssl.key=certs/es01/es01.key
|
||||
- xpack.security.http.ssl.certificate=certs/es01/es01.crt
|
||||
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
|
||||
- xpack.security.transport.ssl.enabled=false
|
||||
- xpack.security.transport.ssl.key=certs/es01/es01.key
|
||||
- xpack.security.transport.ssl.certificate=certs/es01/es01.crt
|
||||
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
|
||||
- xpack.security.transport.ssl.verification_mode=certificate
|
||||
- xpack.license.self_generated.type=basic
|
||||
ulimits:
|
||||
memlock:
|
||||
soft: -1
|
||||
hard: -1
|
||||
healthcheck:
|
||||
test:
|
||||
[
|
||||
"CMD-SHELL",
|
||||
"curl http://localhost:9200 | grep -q 'You Know, for Search'",
|
||||
]
|
||||
interval: 10s
|
||||
timeout: 10s
|
||||
retries: 120
|
||||
|
||||
grafana:
|
||||
image: grafana/grafana-oss
|
||||
networks:
|
||||
- traefik
|
||||
deploy:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.grafana.entrypoints=localsecure
|
||||
- traefik.http.routers.grafana.rule=Host(`grafana.kun.is`)
|
||||
- traefik.http.routers.grafana.tls=true
|
||||
- traefik.http.routers.grafana.tls.certresolver=letsencrypt
|
||||
- traefik.http.routers.grafana.service=grafana
|
||||
- traefik.http.services.grafana.loadbalancer.server.port=3000
|
||||
- traefik.docker.network=traefik
|
||||
volumes:
|
||||
- type: volume
|
||||
source: grafanadata
|
||||
target: /var/lib/grafana
|
||||
volume:
|
||||
nocopy: true
|
||||
configs:
|
||||
- source: esdatasource
|
||||
target: /etc/grafana/provisioning/datasources/elasticsearch.yaml
|
12
ansible/roles/monitoring/elasticsearch.yml
Normal file
12
ansible/roles/monitoring/elasticsearch.yml
Normal file
|
@ -0,0 +1,12 @@
|
|||
apiVersion: 1
|
||||
|
||||
datasources:
|
||||
- name: Elasticsearch
|
||||
type: elasticsearch
|
||||
access: proxy
|
||||
url: http://maestro.dmz:14653
|
||||
jsonData:
|
||||
# index: '[metrics-]YYYY.MM.DD'
|
||||
interval: Daily
|
||||
timeField: '@timestamp'
|
||||
|
13
ansible/roles/monitoring/tasks/main.yml
Normal file
13
ansible/roles/monitoring/tasks/main.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
- name: Create elasticsearch data source config
|
||||
docker_config:
|
||||
name: esdatasource
|
||||
data: "{{ lookup('template', '{{ role_path }}/elasticsearch.yml') }}"
|
||||
use_ssh_client: true
|
||||
rolling_versions: true
|
||||
register: esdatasource
|
||||
|
||||
- name: Deploy Docker stack
|
||||
docker_stack:
|
||||
name: monitoring
|
||||
compose:
|
||||
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"
|
|
@ -24,6 +24,11 @@ provider "libvirt" {
|
|||
uri = "qemu+ssh://root@jefke.hyp/system"
|
||||
}
|
||||
|
||||
provider "libvirt" {
|
||||
alias = "lewis"
|
||||
uri = "qemu+ssh://root@lewis.hyp/system"
|
||||
}
|
||||
|
||||
module "maestro" {
|
||||
source = "git::https://git.kun.is/home/tf-modules.git//debian"
|
||||
name = "maestro"
|
||||
|
@ -44,3 +49,13 @@ module "bancomart" {
|
|||
libvirt = libvirt.jefke
|
||||
}
|
||||
}
|
||||
|
||||
module "handjecontantje" {
|
||||
source = "git::https://git.kun.is/home/tf-modules.git//debian"
|
||||
name = "handjecontantje"
|
||||
domain_name = "tf-handjecontantje"
|
||||
memory = 3 * 1024
|
||||
providers = {
|
||||
libvirt = libvirt.lewis
|
||||
}
|
||||
}
|
||||
|
|
Reference in a new issue