diff --git a/site-modules/profile/manifests/thanos/gateway.pp b/site-modules/profile/manifests/thanos/gateway.pp index 6a429e36..0a457b74 100644 --- a/site-modules/profile/manifests/thanos/gateway.pp +++ b/site-modules/profile/manifests/thanos/gateway.pp @@ -1,80 +1,89 @@ # Thanos gateway services (historical metrics access) class profile::thanos::gateway { include profile::thanos::base include profile::thanos::tls_certificate $cert_paths = $::profile::thanos::tls_certificate::cert_paths $internal_ip = ip_for_network(lookup('internal_network')) $services = lookup('thanos::gateway::services') $azure_account = lookup('thanos::objstore::azure_account') $azure_account_key = lookup('thanos::objstore::azure_account_key') $config_dir = $::profile::thanos::base::config_dir $services.each | $dataset_name, $service | { $objstore_config = { "type" => "AZURE", "config" => { "storage_account" => $azure_account, "storage_account_key" => $azure_account_key, "container" => $service['azure-storage-container'], }, } $objstore_config_file = "${::profile::thanos::base::config_dir}/objstore-${dataset_name}.yml" file {$objstore_config_file: ensure => present, owner => 'root', group => 'prometheus', mode => '0640', content => inline_yaml($objstore_config), require => File[$::profile::thanos::base::config_dir], } $port_http = $service['port-http'] $http_address = "${internal_ip}:${port_http}" $port_grpc = $service['port-grpc'] $grpc_address = "${internal_ip}:${port_grpc}" $grpc_target = "${swh_hostname['internal_fqdn']}:${port_grpc}" $service_name = "thanos-gateway@${dataset_name}" $unit_name = "${service_name}.service" ::systemd::dropin_file {"${service_name}/parameters.conf": ensure => present, unit => $unit_name, filename => 'parameters.conf', content => template('profile/thanos/gateway-parameters.conf.erb'), notify => Service[$service_name], } service {$service_name: ensure => 'running', enable => true, require => [ File[$cert_paths['fullchain']], File[$cert_paths['privkey']], ], tag => 'thanos-gateway', } # Ensure service is restarted when the certs are renewed File[$cert_paths['fullchain']] ~> Service[$service_name] File[$cert_paths['privkey']] ~> Service[$service_name] # gateway service grpc address pushed to query service configuration file to access # historical data ::profile::thanos::export_query_endpoint {"thanos-gateway-${grpc_target}": grpc_address => $grpc_target } + + $http_target = "${swh_hostname['internal_fqdn']}:${port_http}" + ::profile::prometheus::export_scrape_config {"thanos-gateway-${http_target}": + target => $http_target, + job => 'thanos_gateway', + labels => { + dataset_name => $dataset_name, + }, + } } # Uses: $config_dir, $cert_paths systemd::unit_file {'thanos-gateway@.service': ensure => present, content => template('profile/thanos/gateway@.service.erb'), require => Class['profile::thanos::base'], } ~> Service <| tag == 'thanos-gateway' |> } diff --git a/site-modules/profile/manifests/thanos/prometheus_sidecar.pp b/site-modules/profile/manifests/thanos/prometheus_sidecar.pp index 8c940941..fd1f006d 100644 --- a/site-modules/profile/manifests/thanos/prometheus_sidecar.pp +++ b/site-modules/profile/manifests/thanos/prometheus_sidecar.pp @@ -1,80 +1,86 @@ # Thanos prometheus sidecar class profile::thanos::prometheus_sidecar { include profile::thanos::base include profile::thanos::tls_certificate $service_name = 'thanos-sidecar' $unit_name = "${service_name}.service" $objstore_config = lookup('thanos::objstore::config') $objstore_config_file = "${::profile::thanos::base::config_dir}/objstore.yml" $port_http = lookup('thanos::sidecar::port_http') $port_grpc = lookup('thanos::sidecar::port_grpc') $internal_ip = ip_for_network(lookup('internal_network')) $grpc_address = "${internal_ip}:${port_grpc}" $grpc_target = "${swh_hostname['internal_fqdn']}:${port_grpc}" $cert_paths = $::profile::thanos::tls_certificate::cert_paths $sidecar_arguments = { tsdb => { path => '/var/lib/prometheus/metrics2', }, prometheus => { # use the listen address for the prometheus server url => "http://${::profile::prometheus::server::target}/", }, objstore => { 'config-file' => $objstore_config_file, }, shipper => { 'upload-compacted' => true, }, 'grpc-server-tls-cert' => $cert_paths['fullchain'], 'grpc-server-tls-key' => $cert_paths['privkey'], 'http-address' => "${internal_ip}:${port_http}", 'grpc-address' => $grpc_address, } file {$objstore_config_file: ensure => present, owner => 'root', group => 'prometheus', mode => '0640', content => inline_yaml($objstore_config), require => File[$::profile::thanos::base::config_dir], } # Template uses: # $sidecar_arguments systemd::unit_file {$unit_name: ensure => present, content => template('profile/thanos/thanos-sidecar.service.erb'), require => Class['profile::thanos::base'], notify => Service[$service_name] } service {$service_name: ensure => 'running', enable => true, require => [ Service['prometheus'], File[$cert_paths['fullchain']], File[$cert_paths['privkey']], ], } Class['profile::thanos::base'] ~> Service[$service_name] # Ensure prometheus is configured properly before starting the sidecar Exec['restart-prometheus'] -> Service[$service_name] # Ensure service is restarted when the certs are renewed File[$cert_paths['fullchain']] ~> Service[$service_name] File[$cert_paths['privkey']] ~> Service[$service_name] ::profile::thanos::export_query_endpoint {"thanos-sidecar-${::fqdn}": grpc_address => $grpc_target } + + $http_target = "${swh_hostname['internal_fqdn']}:${port_http}" + ::profile::prometheus::export_scrape_config {"thanos-sidecar-${::fqdn}": + target => $http_target, + job => 'thanos_sidecar', + } } diff --git a/site-modules/profile/manifests/thanos/query.pp b/site-modules/profile/manifests/thanos/query.pp index 42dd951c..6b321b02 100644 --- a/site-modules/profile/manifests/thanos/query.pp +++ b/site-modules/profile/manifests/thanos/query.pp @@ -1,69 +1,75 @@ # Thanos query class profile::thanos::query { include profile::thanos::base $service_name = 'thanos-query' $unit_name = "${service_name}.service" $port_http = lookup('thanos::query::port_http') $non_puppet_managed_stores = lookup('thanos::query::non_puppet_managed::stores') $internal_ip = ip_for_network(lookup('internal_network')) $config_filepath = lookup('thanos::query::config_filepath') concat {$config_filepath: ensure => present, path => $config_filepath, owner => $user, group => 'prometheus', mode => '0640', ensure_newline => true, order => 'numeric', tag => 'thanos', require => File[$::profile::thanos::base::config_dir], notify => Service[$service_name], } concat::fragment { 'header': target => $config_filepath, content => "---\n- targets:\n", order => 0, tag => 'thanos', require => File[$config_dir], } $non_puppet_managed_stores.map | $store | { concat::fragment { $store: target => $config_filepath, content => " - ${store}\n", order => 1, tag => 'thanos', require => File[$config_dir], } } # Deal with collected resources Profile::Thanos::Query_endpoint <<| |>> $query_arguments = { "http-address" => "${internal_ip}:${port_http}", "store.sd-files" => $config_filepath, "grpc-client-tls-secure" => true, "grpc-client-tls-ca" => '/etc/ssl/certs/ca-certificates.crt', } systemd::unit_file {$unit_name: ensure => present, content => template("profile/thanos/${unit_name}.erb"), require => Class['profile::thanos::base'], notify => Service[$service_name], } # Template uses: # $query_arguments service {$service_name: ensure => 'running', enable => true, } + $http_target = "${swh_hostname['internal_fqdn']}:${port_http}" + + ::profile::prometheus::export_scrape_config {'thanos_query': + target => $http_target, + } + Class['profile::thanos::base'] ~> Service[$service_name] }