Page MenuHomeDevCentral
Files F3765152

D2565.id6481.diff
No OneTemporary
Actions

D2565.id6481.diff
View Options

diff --git a/PORTS b/PORTS
--- a/PORTS
+++ b/PORTS
@@ -14,6 +14,18 @@
32080 Discourse HTTP
40080 RocketChat HTTP
+paas-docker-sensu-backend
+ 2379 gRPC - Sensu storage client - external etcd instance
+ 2380 gRPC - Sensu storage peer - communicate with other Sensu backends
+ 6060 HTTP - Sensu performance profiling
+ 8080 HTTP - Sensu API
+ 8081 HTTP - Sensu Agent API
+
+reserved-for-monitoring
+ 3030 Sensu agent - socket
+ 3031 Sensu agent - API
+ 8125 Sensu agent - StatsD listener [UDP]
+
paas-docker
5000 Docker registry HTTP
9090 Openfire HTTP
@@ -40,4 +52,5 @@
43080 Hauk
44080 Hound
# 45080 should be reserved for OpenGrok to compare with Hound
+ 46080 Sensu Web UI
50000 Jenkins master's port for JNLP-based Jenkins agents - CD
diff --git a/roles/core/init.sls b/pillar/monitoring/sensu.sls
copy from roles/core/init.sls
copy to pillar/monitoring/sensu.sls
--- a/roles/core/init.sls
+++ b/pillar/monitoring/sensu.sls
@@ -1,24 +1,11 @@
# -------------------------------------------------------------
-# Salt — Core units
+# Salt — Sensu configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-include:
- - .rc
- - .hostname
- - .login
- - .network
- - .memory
- - .motd
- - .src
- - .ports
- - .rsyslog
- - .salt
- - .sshd
- - .sudo
- - .sysctl
- - .timezone
- - .userland-software
- - .users
+sensu:
+ backends:
+ api: 172.27.27.4:8080
+ agent_api: 172.27.27.4:8081
diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls
--- a/pillar/paas/docker.sls
+++ b/pillar/paas/docker.sls
@@ -6,10 +6,6 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-docker_aliases:
- - &ipv4_docker001 51.255.124.9
- - &ipv4_docker001_restricted 51.255.124.9
-
# -------------------------------------------------------------
# Images
#
@@ -71,7 +67,20 @@
- bilde2910/hauk
# -------------------------------------------------------------
-# Networks
+# Networks - Machines
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_hosts_ips:
+ dwellers:
+ restricted: 172.27.27.4
+
+ docker-001:
+ public: &ipv4_docker001 51.255.124.9
+ restricted: 172.27.27.6
+ transition: &ipv4_docker001_restricted 51.255.124.9
+
+# -------------------------------------------------------------
+# Networks - Docker
#
# Containers can be grouped by network, instead to use links.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -80,6 +89,8 @@
dwellers:
bugzilla:
subnet: 172.21.3.0/24
+ sensu:
+ subnet: 172.21.4.0/24
docker-001:
cd:
subnet: 172.18.1.0/24
@@ -102,6 +113,20 @@
docker-001:
thinpool: wharf-thinpool
+# -------------------------------------------------------------
+# Containers distributions
+#
+# Like docker_containers, but non attached to a specific server
+# so we can move more easily a group of services.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_containers_distributions:
+
+ sensu_agent: &sensu_agent
+ sensu-agent:
+ sensu-agent:
+ backend: ws://172.27.27.4:8081
+
# -------------------------------------------------------------
# Containers
#
@@ -137,6 +162,8 @@
#
dwellers:
+ <<: *sensu_agent
+
#
# Core services
#
@@ -146,6 +173,19 @@
network: bugzilla
version: 5.7
+ #
+ # Monitoring
+ #
+
+ sensu_backend:
+ sensu:
+ sensu-backend:
+ network: sensu
+ host: monitoring.nasqueron.org
+ app_port: 46080
+ api_port: 8080
+ ws_port: 8081
+
#
# Bugzilla
#
@@ -177,6 +217,8 @@
#
docker-001:
+ <<: *sensu_agent
+
#
# Core services
#
diff --git a/pillar/top.sls b/pillar/top.sls
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -15,6 +15,7 @@
- nodes.nodes
- nodes.forests
- hotfixes.roles
+ - monitoring.sensu
- webserver.sites
cloudhugger:
diff --git a/roles/core/init.sls b/roles/core/init.sls
--- a/roles/core/init.sls
+++ b/roles/core/init.sls
@@ -11,6 +11,7 @@
- .login
- .network
- .memory
+ - .monitoring
- .motd
- .src
- .ports
diff --git a/roles/core/init.sls b/roles/core/monitoring/init.sls
copy from roles/core/init.sls
copy to roles/core/monitoring/init.sls
--- a/roles/core/init.sls
+++ b/roles/core/monitoring/init.sls
@@ -1,24 +1,9 @@
# -------------------------------------------------------------
-# Salt — Core units
+# Salt — Monitoring
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
include:
- - .rc
- - .hostname
- - .login
- - .network
- - .memory
- - .motd
- - .src
- - .ports
- - .rsyslog
- - .salt
- - .sshd
- - .sudo
- - .sysctl
- - .timezone
- - .userland-software
- - .users
+ - .sensu
diff --git a/roles/core/init.sls b/roles/core/monitoring/sensu.sls
copy from roles/core/init.sls
copy to roles/core/monitoring/sensu.sls
--- a/roles/core/init.sls
+++ b/roles/core/monitoring/sensu.sls
@@ -1,24 +1,12 @@
# -------------------------------------------------------------
-# Salt — Core units
+# Salt — Monitoring
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-include:
- - .rc
- - .hostname
- - .login
- - .network
- - .memory
- - .motd
- - .src
- - .ports
- - .rsyslog
- - .salt
- - .sshd
- - .sudo
- - .sysctl
- - .timezone
- - .userland-software
- - .users
+/usr/local/etc/sensu.conf:
+ file.managed:
+ - makedirs: True
+ - contents: |
+ SENSU_BACKEND={{ pillar['sensu']['backends']['api'] }}
diff --git a/roles/paas-docker/containers/sensu-agent.sls b/roles/paas-docker/containers/sensu-agent.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/sensu-agent.sls
@@ -0,0 +1,30 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set containers = pillar['docker_containers'][grains['id']] %}
+
+{% for instance, container in containers['sensu-agent'].items() %}
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: sensu/sensu:6.6.6
+ - ports:
+ - 3030
+ - hostname: agent-{{ grains['id'] }}
+ - command: |
+ sensu-agent start \
+ --backend-url {{ container['backend']}} --deregister \
+ --keepalive-interval=5 --keepalive-warning-timeout=10 \
+ --subscriptions linux,system,docker-host
+
+{% endfor %}
diff --git a/roles/paas-docker/containers/sensu.sls b/roles/paas-docker/containers/sensu.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/sensu.sls
@@ -0,0 +1,56 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set containers = pillar['docker_containers'][grains['id']] %}
+{% set ip = pillar['docker_hosts_ips'][grains['id']]['restricted'] %}
+
+{% for instance, container in containers['sensu'].items() %}
+
+# -------------------------------------------------------------
+# Storage directory
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/srv/sensu/{{ instance }}/lib:
+ file.directory:
+ - makedirs: True
+
+{% if has_selinux %}
+selinux_context_sensu_data_{{ instance }}:
+ selinux.fcontext_policy_present:
+ - name: /srv/sensu/{{ instance }}/lib
+ - sel_type: container_file_t
+
+selinux_context_sensu_data_applied_{{ instance }}:
+ selinux.fcontext_policy_applied:
+ - name: /srv/sensu/{{ instance }}/lib
+{% endif %}
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: sensu/sensu:6.6.6
+ - networks:
+ - {{ container['network']}}
+ - binds:
+ - /srv/sensu/{{ instance }}/lib:/var/lib/sensu
+ - ports:
+ - 3000
+ - 8080
+ - 8081
+ - port_bindings:
+ - 127.0.0.1:{{ container['app_port'] }}:3000
+ - {{ ip }}:{{ container['api_port'] }}:8080
+ - {{ ip }}:{{ container['ws_port'] }}:8081
+ - command: sensu-backend start
+
+{% endfor %}
diff --git a/roles/paas-docker/nginx/files/vhosts/sensu.conf b/roles/paas-docker/nginx/files/vhosts/sensu.conf
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/nginx/files/vhosts/sensu.conf
@@ -0,0 +1,53 @@
+# -------------------------------------------------------------
+# Configuration for Docker PaaS front-end nginx
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Author: Sébastien Santoro aka Dereckson
+# Created: 2018-09-11
+# Source file: roles/paas-docker/nginx/files/vhosts/_default.conf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+include includes/geo_ops;
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name {{ fqdn }};
+
+ include includes/letsencrypt;
+
+ return 301 https://$host$request_uri;
+}
+
+server {
+ server_name {{ fqdn }};
+
+ include includes/tls;
+ ssl_certificate /srv/letsencrypt/etc/live/{{ fqdn }}/fullchain.pem;
+ ssl_certificate_key /srv/letsencrypt/etc/live/{{ fqdn }}/privkey.pem;
+
+ include includes/letsencrypt;
+
+ location / {
+ if ($not_nasqueron_ops) {
+ return 403;
+ }
+
+ proxy_pass http://localhost:{{ app_port }};
+ include includes/proxy_params;
+ }
+
+ root /var/wwwroot-502/_default;
+ error_page 502 /502.html;
+ error_page 403 /403-ops.html;
+
+ location /502.html {}
+ location /403-ops.html {}
+
+}
diff --git a/roles/paas-docker/wrappers/files/sensuctl.sh b/roles/paas-docker/wrappers/files/sensuctl.sh
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/wrappers/files/sensuctl.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# -------------------------------------------------------------
+# PaaS Docker
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/paas-docker/wrappers/files/sensuctl.sh
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+. /usr/local/etc/sensu.conf
+
+echo "EXTRA_ARGS won't work, please refactor this."
+exit 1
+
+# Is this needed?
+# If the goal is to configure the agent, we've:
+# alias sensuctl="docker exec -it sensu-agent sensuctl
+
+EXTRA_ARGS="--api-url http://$SENSU_BACKEND"
+
+docker run -it --rm \
+ --network=sensu \
+ sensu/sensu:6.6.6 \
+ sensuctl $EXTRA_ARGS $@
diff --git a/roles/paas-docker/wrappers/init.sls b/roles/paas-docker/wrappers/init.sls
--- a/roles/paas-docker/wrappers/init.sls
+++ b/roles/paas-docker/wrappers/init.sls
@@ -12,7 +12,7 @@
# Wrapper binaries
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for command in ['certbot', 'phpbb', 'mysql', 'sentry', 'openfire'] %}
+{% for command in ['certbot', 'phpbb', 'mysql', 'sentry', 'openfire', 'sensuctl'] %}
{{ dirs.bin }}/{{ command }}:
file.managed:
- source: salt://roles/paas-docker/wrappers/files/{{ command }}.sh

File Metadata

Mime Type
text/plain
Expires
Sat, Nov 23, 10:42 (17 h, 21 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2257786
Default Alt Text
D2565.id6481.diff (12 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator