Changeset View
Changeset View
Standalone View
Standalone View
site-modules/profile/manifests/thanos/store.pp
- This file was moved from site-modules/profile/manifests/thanos/gateway.pp.
# Thanos gateway services (historical metrics access) | # Thanos store services (historical metrics access) | ||||
class profile::thanos::gateway { | class profile::thanos::store { | ||||
include profile::thanos::base | include profile::thanos::base | ||||
include profile::thanos::tls_certificate | include profile::thanos::tls_certificate | ||||
$cert_paths = $::profile::thanos::tls_certificate::cert_paths | $cert_paths = $::profile::thanos::tls_certificate::cert_paths | ||||
$internal_ip = ip_for_network(lookup('internal_network')) | $internal_ip = ip_for_network(lookup('internal_network')) | ||||
$services = lookup('thanos::gateway::services') | $stores = lookup('thanos::stores') | ||||
$azure_account = lookup('thanos::objstore::azure_account') | $azure_account = lookup('thanos::objstore::azure_account') | ||||
$azure_account_key = lookup('thanos::objstore::azure_account_key') | $azure_account_key = lookup('thanos::objstore::azure_account_key') | ||||
$config_dir = $::profile::thanos::base::config_dir | $config_dir = $::profile::thanos::base::config_dir | ||||
$services.each | $dataset_name, $service | { | $stores.each | $dataset_name, $service | { | ||||
$objstore_config = { | $objstore_config = { | ||||
"type" => "AZURE", | "type" => "AZURE", | ||||
"config" => { | "config" => { | ||||
"storage_account" => $azure_account, | "storage_account" => $azure_account, | ||||
"storage_account_key" => $azure_account_key, | "storage_account_key" => $azure_account_key, | ||||
"container" => $service['azure-storage-container'], | "container" => $service['azure-storage-container'], | ||||
}, | }, | ||||
} | } | ||||
$objstore_config_file = "${::profile::thanos::base::config_dir}/objstore-${dataset_name}.yml" | $objstore_config_file = "${::profile::thanos::base::config_dir}/objstore-${dataset_name}.yml" | ||||
file {$objstore_config_file: | file {$objstore_config_file: | ||||
ensure => present, | ensure => present, | ||||
owner => 'root', | owner => 'root', | ||||
group => 'prometheus', | group => 'prometheus', | ||||
mode => '0640', | mode => '0640', | ||||
content => inline_yaml($objstore_config), | content => inline_yaml($objstore_config), | ||||
require => File[$::profile::thanos::base::config_dir], | require => File[$::profile::thanos::base::config_dir], | ||||
} | } | ||||
$port_http = $service['port-http'] | $port_http = $service['store']['port-http'] | ||||
$http_address = "${internal_ip}:${port_http}" | $http_address = "${internal_ip}:${port_http}" | ||||
$port_grpc = $service['port-grpc'] | $http_target = "${swh_hostname['internal_fqdn']}:${port_http}" | ||||
$port_grpc = $service['store']['port-grpc'] | |||||
$grpc_address = "${internal_ip}:${port_grpc}" | $grpc_address = "${internal_ip}:${port_grpc}" | ||||
$grpc_target = "${swh_hostname['internal_fqdn']}:${port_grpc}" | $grpc_target = "${swh_hostname['internal_fqdn']}:${port_grpc}" | ||||
$service_name = "thanos-gateway@${dataset_name}" | $service_name = "thanos-store@${dataset_name}" | ||||
$unit_name = "${service_name}.service" | $unit_name = "${service_name}.service" | ||||
::systemd::dropin_file {"${service_name}/parameters.conf": | ::systemd::dropin_file {"${service_name}/parameters.conf": | ||||
ensure => present, | ensure => present, | ||||
unit => $unit_name, | unit => $unit_name, | ||||
filename => 'parameters.conf', | filename => 'parameters.conf', | ||||
content => template('profile/thanos/gateway-parameters.conf.erb'), | content => template('profile/thanos/store-parameters.conf.erb'), | ||||
notify => Service[$service_name], | notify => Service[$service_name], | ||||
} | } | ||||
service {$service_name: | # Cleanup old thanos-gateway service instances | ||||
service {"thanos-gateway@${dataset_name}": | |||||
ensure => stopped, | |||||
enable => false, | |||||
} | |||||
-> service {$service_name: | |||||
ensure => 'running', | ensure => 'running', | ||||
enable => true, | enable => true, | ||||
require => [ | require => [ | ||||
File[$cert_paths['fullchain']], | File[$cert_paths['fullchain']], | ||||
File[$cert_paths['privkey']], | File[$cert_paths['privkey']], | ||||
], | ], | ||||
tag => 'thanos-gateway', | tag => 'thanos-store', | ||||
} | |||||
# And clean up drop-in files for old service instances | |||||
-> file {"/etc/systemd/system/thanos-gateway@${dataset_name}.service.d": | |||||
ensure => absent, | |||||
recurse => true, | |||||
force => true, | |||||
} | } | ||||
# Ensure service is restarted when the certs are renewed | # Ensure service is restarted when the certs are renewed | ||||
File[$cert_paths['fullchain']] ~> Service[$service_name] | File[$cert_paths['fullchain']] ~> Service[$service_name] | ||||
File[$cert_paths['privkey']] ~> Service[$service_name] | File[$cert_paths['privkey']] ~> Service[$service_name] | ||||
# gateway service grpc address pushed to query service configuration file to access | # store service grpc address pushed to query service configuration file to access | ||||
# historical data | # historical data | ||||
::profile::thanos::export_query_endpoint {"thanos-gateway-${grpc_target}": | ::profile::thanos::export_query_endpoint {"thanos-store-${grpc_target}": | ||||
grpc_address => $grpc_target | grpc_address => $grpc_target | ||||
} | } | ||||
$http_target = "${swh_hostname['internal_fqdn']}:${port_http}" | ::profile::prometheus::export_scrape_config {"thanos-store-${http_target}": | ||||
::profile::prometheus::export_scrape_config {"thanos-gateway-${http_target}": | |||||
target => $http_target, | target => $http_target, | ||||
job => 'thanos_gateway', | job => 'thanos_store', | ||||
labels => { | labels => { | ||||
dataset_name => $dataset_name, | dataset_name => $dataset_name, | ||||
}, | }, | ||||
} | } | ||||
} | } | ||||
# Uses: $config_dir, $cert_paths | # Uses: $config_dir, $cert_paths | ||||
systemd::unit_file {'thanos-gateway@.service': | systemd::unit_file {'thanos-store@.service': | ||||
ensure => present, | ensure => present, | ||||
content => template('profile/thanos/gateway@.service.erb'), | content => template('profile/thanos/store@.service.erb'), | ||||
require => Class['profile::thanos::base'], | require => Class['profile::thanos::base'], | ||||
} ~> Service <| tag == 'thanos-gateway' |> | } ~> Service <| tag == 'thanos-store' |> | ||||
# Cleanup old thanos-gateway service file | |||||
Service <| tag == 'thanos-store' |> | |||||
-> systemd::unit_file {'thanos-gateway@.service': | |||||
ensure => absent, | |||||
} | |||||
} | } |