Skip to content
Snippets Groups Projects
Commit a51dfabf authored by Hannes Feldt's avatar Hannes Feldt
Browse files

fixes

parent 01a41fb8
Branches
No related tags found
No related merge requests found
Pipeline #94386 passed
......@@ -12,6 +12,11 @@ job "grafana" {
stagger = "30s"
max_parallel = 1
}
reschedule {
unlimited = true
delay = "30s"
delay_function = "constant"
}
group "grafana" {
restart {
......@@ -37,10 +42,29 @@ job "grafana" {
}
service {
tags = ["scrape"]
tags = ["scrape", "cert", "lb"]
name = "monitoring"
port = "https"
task = "nginx"
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "metrics"
local_bind_port = 9009
}
upstreams {
destination_name = "operations-grafana-postgres"
local_bind_port = 5432
}
upstreams {
destination_name = "operations-oncall"
local_bind_port = 8080
}
}
}
}
}
task "grafana" {
......@@ -50,19 +74,22 @@ job "grafana" {
policies = ["default"]
}
config {
image = "git.astron.nl:5000/lofar2.0/grafana-station-dashboards:latest"
image = "git.astron.nl:5000/lofar2.0/grafana-station-dashboards:[[.image_tag]]"
mount {
type = "bind"
source = "local/datasources/"
target = "/etc/grafana/provisioning/datasources/"
}
extra_hosts = [
"prometheus:127.0.0.1"
]
}
env {
GF_SERVER_DOMAIN = "monitoring.lofar.net"
GF_DATABASE_TYPE = "postgres"
GF_DATABASE_HOST = "operations-grafana-postgres.service.consul:5432"
GF_DATABASE_HOST = "localhost:5432"
GF_DATABASE_NAME = "grafana"
GF_DATABASE_USER = "postgres"
GF_DATABASE_PASSWORD = "password"
......@@ -186,7 +213,7 @@ datasources:
server_name monitoring.lofar.net;
server_name_in_redirect on;
ssl_certificate {{ env "NOMAD_SECRETS_DIR" }}/fullchain.cer;
ssl_certificate_key {{ env "NOMAD_SECRETS_DIR" }}/privkey.key;
ssl_certificate_key {{ env "NOMAD_SECRETS_DIR" }}/key.key;
ssl_session_timeout 10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
......@@ -215,7 +242,7 @@ datasources:
template {
data = <<EOH
{{with secret "lets-encrypt/certificates/monitoring.lofar.net" -}}
{{.Data.data.cert -}}
{{.Data.data.cert }}
{{.Data.data.chain -}}
{{end}}
EOH
......@@ -224,10 +251,10 @@ EOH
template {
data = <<EOH
{{with secret "lets-encrypt/certificates/monitoring.lofar.net" -}}
{{.Data.data.privkey -}}
{{.Data.data.key -}}
{{end}}
EOH
destination = "${NOMAD_SECRETS_DIR}/privkey.key"
destination = "${NOMAD_SECRETS_DIR}/key.key"
}
}
}
......@@ -246,7 +273,6 @@ EOH
network {
mode = "bridge"
port "postgres" {
static = 5432
to = 5432
}
}
......@@ -255,6 +281,11 @@ EOH
name = "operations-grafana-postgres"
port = "postgres"
task = "postgres"
address_mode = "alloc"
connect {
sidecar_service {}
}
}
task "postgres" {
......@@ -307,6 +338,17 @@ EOH
interval = "10s"
timeout = "1s"
}
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "operations-grafana-postgres"
local_bind_port = 5432
}
}
}
}
}
task "oncall" {
......@@ -325,13 +367,13 @@ EOH
DJANGO_SETTINGS_MODULE = "settings.hobby"
GRAFANA_API_URL = "https://monitoring.lofar.net"
SECRET_KEY = "my-little-secret-key-passphrase-thingy"
BASE_URL = "http://operations-grafana-oncall:8080"
BASE_URL = "http://127.0.0.1:8080"
DATABASE_TYPE = "postgresql"
DATABASE_NAME = "grafana"
DATABASE_USER = "postgres"
DATABASE_PASSWORD = "password"
DATABASE_HOST = "operations-grafana-postgres.service.consul"
DATABASE_HOST = "127.0.0.1"
DATABASE_PORT = "5432"
}
......@@ -372,7 +414,7 @@ EOH
DATABASE_NAME = "grafana"
DATABASE_USER = "postgres"
DATABASE_PASSWORD = "password"
DATABASE_HOST = "operations-grafana-postgres.service.consul"
DATABASE_HOST = "127.0.0.1"
DATABASE_PORT = "5432"
}
......
......@@ -196,6 +196,7 @@ job "metrics" {
max_label_name_length: 100000
ingestion_rate: 100000
ingestion_burst_size: 2000000
max_global_series_per_user: 20000000
tenant_federation:
enabled: true
......
......@@ -107,6 +107,10 @@ EOF
interval = "10s"
timeout = "2s"
}
connect {
sidecar_service {}
}
}
}
}
......
......@@ -14,6 +14,6 @@ secrets {
metaurl="redis://operations-valkey.service.consul:26379/0"
bucket="https://s3.lofar.net/csi-volumes/operations"
storage="minio"
access-key="<key>"
secret-key="<key>"
access-key="minioadmin"
secret-key="minioadmin"
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment