Page MenuHomeSoftware Heritage
Differential D8439 Diff 30428 site-modules/profile/manifests/thanos/store.pp

Changeset View

Standalone View

View Options

site-modules/profile/manifests/thanos/store.pp

  • This file was moved from site-modules/profile/manifests/thanos/gateway.pp.
# Thanos gateway services (historical metrics access) # Thanos store services (historical metrics access)
class profile::thanos::gateway { class profile::thanos::store {
include profile::thanos::base include profile::thanos::base
include profile::thanos::tls_certificate include profile::thanos::tls_certificate
$cert_paths = $::profile::thanos::tls_certificate::cert_paths $cert_paths = $::profile::thanos::tls_certificate::cert_paths
$internal_ip = ip_for_network(lookup('internal_network')) $internal_ip = ip_for_network(lookup('internal_network'))
$services = lookup('thanos::gateway::services') $stores = lookup('thanos::stores')
$azure_account = lookup('thanos::objstore::azure_account') $azure_account = lookup('thanos::objstore::azure_account')
$azure_account_key = lookup('thanos::objstore::azure_account_key') $azure_account_key = lookup('thanos::objstore::azure_account_key')
$config_dir = $::profile::thanos::base::config_dir $config_dir = $::profile::thanos::base::config_dir
$services.each | $dataset_name, $service | { $stores.each | $dataset_name, $service | {
$objstore_config = { $objstore_config = {
"type" => "AZURE", "type" => "AZURE",
"config" => { "config" => {
"storage_account" => $azure_account, "storage_account" => $azure_account,
"storage_account_key" => $azure_account_key, "storage_account_key" => $azure_account_key,
"container" => $service['azure-storage-container'], "container" => $service['azure-storage-container'],
}, },
} }
$objstore_config_file = "${::profile::thanos::base::config_dir}/objstore-${dataset_name}.yml" $objstore_config_file = "${::profile::thanos::base::config_dir}/objstore-${dataset_name}.yml"
file {$objstore_config_file: file {$objstore_config_file:
ensure => present, ensure => present,
owner => 'root', owner => 'root',
group => 'prometheus', group => 'prometheus',
mode => '0640', mode => '0640',
content => inline_yaml($objstore_config), content => inline_yaml($objstore_config),
require => File[$::profile::thanos::base::config_dir], require => File[$::profile::thanos::base::config_dir],
} }
$port_http = $service['port-http'] $port_http = $service['store']['port-http']
$http_address = "${internal_ip}:${port_http}" $http_address = "${internal_ip}:${port_http}"
$port_grpc = $service['port-grpc'] $http_target = "${swh_hostname['internal_fqdn']}:${port_http}"
$port_grpc = $service['store']['port-grpc']
$grpc_address = "${internal_ip}:${port_grpc}" $grpc_address = "${internal_ip}:${port_grpc}"
$grpc_target = "${swh_hostname['internal_fqdn']}:${port_grpc}" $grpc_target = "${swh_hostname['internal_fqdn']}:${port_grpc}"
$service_name = "thanos-gateway@${dataset_name}" $service_name = "thanos-store@${dataset_name}"
$unit_name = "${service_name}.service" $unit_name = "${service_name}.service"
::systemd::dropin_file {"${service_name}/parameters.conf": ::systemd::dropin_file {"${service_name}/parameters.conf":
ensure => present, ensure => present,
unit => $unit_name, unit => $unit_name,
filename => 'parameters.conf', filename => 'parameters.conf',
content => template('profile/thanos/gateway-parameters.conf.erb'), content => template('profile/thanos/store-parameters.conf.erb'),
notify => Service[$service_name], notify => Service[$service_name],
} }
service {$service_name: # Cleanup old thanos-gateway service instances
service {"thanos-gateway@${dataset_name}":
ensure => stopped,
enable => false,
}
-> service {$service_name:
ensure => 'running', ensure => 'running',
enable => true, enable => true,
require => [ require => [
File[$cert_paths['fullchain']], File[$cert_paths['fullchain']],
File[$cert_paths['privkey']], File[$cert_paths['privkey']],
], ],
tag => 'thanos-gateway', tag => 'thanos-store',
}
# And clean up drop-in files for old service instances
-> file {"/etc/systemd/system/thanos-gateway@${dataset_name}.service.d":
ensure => absent,
recurse => true,
force => true,
} }
# Ensure service is restarted when the certs are renewed # Ensure service is restarted when the certs are renewed
File[$cert_paths['fullchain']] ~> Service[$service_name] File[$cert_paths['fullchain']] ~> Service[$service_name]
File[$cert_paths['privkey']] ~> Service[$service_name] File[$cert_paths['privkey']] ~> Service[$service_name]
# gateway service grpc address pushed to query service configuration file to access # store service grpc address pushed to query service configuration file to access
# historical data # historical data
::profile::thanos::export_query_endpoint {"thanos-gateway-${grpc_target}": ::profile::thanos::export_query_endpoint {"thanos-store-${grpc_target}":
grpc_address => $grpc_target grpc_address => $grpc_target
} }
$http_target = "${swh_hostname['internal_fqdn']}:${port_http}" ::profile::prometheus::export_scrape_config {"thanos-store-${http_target}":
::profile::prometheus::export_scrape_config {"thanos-gateway-${http_target}":
target => $http_target, target => $http_target,
job => 'thanos_gateway', job => 'thanos_store',
labels => { labels => {
dataset_name => $dataset_name, dataset_name => $dataset_name,
}, },
} }
} }
# Uses: $config_dir, $cert_paths # Uses: $config_dir, $cert_paths
systemd::unit_file {'thanos-gateway@.service': systemd::unit_file {'thanos-store@.service':
ensure => present, ensure => present,
content => template('profile/thanos/gateway@.service.erb'), content => template('profile/thanos/store@.service.erb'),
require => Class['profile::thanos::base'], require => Class['profile::thanos::base'],
} ~> Service <| tag == 'thanos-gateway' |> } ~> Service <| tag == 'thanos-store' |>
# Cleanup old thanos-gateway service file
Service <| tag == 'thanos-store' |>
-> systemd::unit_file {'thanos-gateway@.service':
ensure => absent,
}
} }
About · Developer information · Legal