diff --git a/data/hostname/met.internal.softwareheritage.org.yaml b/data/hostname/met.internal.softwareheritage.org.yaml index a810fd2a..d8b96627 100644 --- a/data/hostname/met.internal.softwareheritage.org.yaml +++ b/data/hostname/met.internal.softwareheritage.org.yaml @@ -1,302 +1,303 @@ backups::exclude: - var/lib/rabbitmq users: ardumont: groups: - docker aeviso: groups: - sudo - docker ddouard: groups: - sudo - docker jayesh: groups: - sudo - docker olasd: groups: - docker vsellier: groups: - docker zack: groups: - docker icinga2::host::vars: load: high swh::apt_config::enable_non_free: true packages: - intel-microcode # install zfs - zfs-dkms rabbitmq::python_package: 'python3' rabbitmq::server::users: - name: "swh-provenance" is_admin: true password: "%{hiera('rabbitmq::monitoring::provenance::password')}" tags: [] - name: swh-provenance-consumer is_admin: false password: "%{hiera('swh::deploy::provenance::consumer::password')}" tags: [] - name: swh-provenance-producer is_admin: false password: "%{hiera('swh::deploy::provenance::producer::password')}" tags: [] swh::postgresql::version: 13 # hack to don't hang in bullseye postgresql::globals::version: "%{lookup('swh::postgresql::version')}" swh::postgresql::listen_addresses: - 0.0.0.0 swh::postgresql::port: 5433 swh::postgresql::cluster_name: "%{lookup('swh::postgresql::version')}/main" swh::postgresql::datadir_base: "%{lookup('swh::base_directory')}/postgres" swh::postgresql::datadir: "%{lookup('swh::postgresql::datadir_base')}/%{lookup('swh::postgresql::cluster_name')}" swh::postgresql::network_accesses: - 192.168.100.0/24 # Monitoring - 192.168.100.0/24 # Internal network # using an indirection to allow the override for vagrant swh::postgresql::shared_buffers: "%{lookup('swh::provenance::db::shared_buffers')}" swh::postgresql::max_connections: 1000 postgresql::server::config_entries: shared_buffers: "%{alias('swh::postgresql::shared_buffers')}" cluster_name: "%{alias('swh::postgresql::cluster_name')}" swh::dbs: provenance: name: "%{hiera('swh::deploy::provenance::db::dbname')}" user: "%{hiera('swh::deploy::provenance::db::user')}" test0: name: test0 user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" test1: name: test1 user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" test2: name: test2 user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" test3: name: test3 user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" test4: name: test4 user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" test5: name: test5 user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" test6: name: test6 user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" test7: name: test7 user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" test8: name: test8 user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" test9: name: test9 user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" # What aliases to install in .pg_service/.pgpass swh::postgres::service::dbs: - alias: swh-provenance name: "%{hiera('swh::deploy::provenance::db::dbname')}" host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: guest - alias: admin-swh-provenance name: "%{hiera('swh::deploy::provenance::db::dbname')}" host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" - alias: test0 name: test0 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: guest - alias: test0-admin name: test0 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" - alias: test1 name: test1 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: guest - alias: test1-admin name: test1 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" - alias: test2 name: test2 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: guest - alias: test2-admin name: test2 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" - alias: test3 name: test3 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: guest - alias: test3-admin name: test3 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" - alias: test4 name: test4 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: guest - alias: test4-admin name: test4 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" - alias: test5 name: test5 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: guest - alias: test5-admin name: test5 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" - alias: test6 name: test6 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: guest - alias: test6-admin name: test6 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" - alias: test7 name: test7 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: guest - alias: test7-admin name: test7 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" - alias: test8 name: test8 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: guest - alias: test8-admin name: test8 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" - alias: test9 name: test9 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: guest - alias: test9-admin name: test9 host: "%{hiera('swh::deploy::provenance::db::host')}" port: "%{hiera('swh::deploy::db::pgbouncer::port')}" user: "%{hiera('swh::deploy::provenance::db::user')}" password: "%{hiera('swh::deploy::provenance::db::password')}" # Install the .pg_service/.pgpass files to those users swh::postgres::service::users: - root - zack - ardumont - aeviso - vsellier pgbouncer::auth_hba_file: /etc/postgresql/13/main/pg_hba.conf pgbouncer::listen_addr: 192.168.100.110 pgbouncer::databases: - source_db: "%{hiera('swh::deploy::provenance::db::dbname')}" host: "%{hiera('swh::deploy::provenance::db::host')}" auth_user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}" port: "%{hiera('swh::deploy::db::main::port')}" - source_db: test0 host: "%{hiera('swh::deploy::provenance::db::host')}" auth_user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}" port: "%{hiera('swh::deploy::db::main::port')}" - source_db: test1 host: "%{hiera('swh::deploy::provenance::db::host')}" auth_user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}" port: "%{hiera('swh::deploy::db::main::port')}" - source_db: test2 host: "%{hiera('swh::deploy::provenance::db::host')}" auth_user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}" port: "%{hiera('swh::deploy::db::main::port')}" - source_db: test3 host: "%{hiera('swh::deploy::provenance::db::host')}" auth_user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}" port: "%{hiera('swh::deploy::db::main::port')}" - source_db: test4 host: "%{hiera('swh::deploy::provenance::db::host')}" auth_user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}" port: "%{hiera('swh::deploy::db::main::port')}" - source_db: test5 host: "%{hiera('swh::deploy::provenance::db::host')}" auth_user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}" port: "%{hiera('swh::deploy::db::main::port')}" - source_db: test6 host: "%{hiera('swh::deploy::provenance::db::host')}" auth_user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}" port: "%{hiera('swh::deploy::db::main::port')}" - source_db: test7 host: "%{hiera('swh::deploy::provenance::db::host')}" auth_user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}" port: "%{hiera('swh::deploy::db::main::port')}" - source_db: test8 host: "%{hiera('swh::deploy::provenance::db::host')}" auth_user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}" port: "%{hiera('swh::deploy::db::main::port')}" - source_db: test9 host: "%{hiera('swh::deploy::provenance::db::host')}" auth_user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}" port: "%{hiera('swh::deploy::db::main::port')}" +prometheus::rabbitmq::listen_port: 15692 \ No newline at end of file diff --git a/site-modules/profile/manifests/rabbitmq.pp b/site-modules/profile/manifests/rabbitmq.pp index d8b1a200..ef34ceb2 100644 --- a/site-modules/profile/manifests/rabbitmq.pp +++ b/site-modules/profile/manifests/rabbitmq.pp @@ -1,90 +1,100 @@ class profile::rabbitmq { $rabbitmq_vhost = '/' $rabbitmq_user = lookup('rabbitmq::monitoring::user') $rabbitmq_password = lookup('rabbitmq::monitoring::password') $users = lookup('rabbitmq::server::users') class { 'rabbitmq': service_manage => true, port => 5672, admin_enable => true, node_ip_address => '0.0.0.0', interface => '0.0.0.0', config_variables => { vm_memory_high_watermark => 0.6, }, heartbeat => 0, } -> rabbitmq_vhost { $rabbitmq_vhost: provider => 'rabbitmqctl', } each ( $users ) | $user | { $username = $user['name'] rabbitmq_user { $username: admin => $user['is_admin'], password => $user['password'], tags => $user['tags'], provider => 'rabbitmqctl', } -> rabbitmq_user_permissions { "${username}@${rabbitmq_vhost}": configure_permission => '.*', read_permission => '.*', write_permission => '.*', provider => 'rabbitmqctl', } } $prometheus_listen_network = lookup('prometheus::rabbitmq::listen_network', Optional[String], 'first', undef) $prometheus_listen_address = lookup('prometheus::rabbitmq::listen_address', Optional[String], 'first', undef) $prometheus_actual_listen_address = pick($prometheus_listen_address, ip_for_network($prometheus_listen_network)) $prometheus_listen_port = lookup('prometheus::rabbitmq::listen_port') $prometheus_target = "${prometheus_actual_listen_address}:${prometheus_listen_port}" $prometheus_include_vhost = lookup('prometheus::rabbitmq::include_vhost') $prometheus_skip_vhost = lookup('prometheus::rabbitmq::skip_vhost') $prometheus_include_queues = lookup('prometheus::rabbitmq::include_queues') $prometheus_skip_queues = lookup('prometheus::rabbitmq::skip_queues') $prometheus_rabbit_capabilities = lookup('prometheus::rabbitmq::rabbit_capabilities', Array[String]).join(',') $prometheus_rabbit_exporters = lookup('prometheus::rabbitmq::rabbit_exporters', Array[String]).join(',') $prometheus_rabbit_timeout = lookup('prometheus::rabbitmq::rabbit_timeout', Integer) $prometheus_exclude_metrics = lookup('prometheus::rabbitmq::exclude_metrics', Array[String]).join(',') - package {'prometheus-rabbitmq-exporter': - ensure => 'present', - } -> file {'/etc/default/prometheus-rabbitmq-exporter': - ensure => 'present', - mode => '0600', # Contains passwords - owner => 'root', - group => 'root', - content => template('profile/rabbitmq/prometheus-rabbitmq-exporter.default.erb'), - } ~> service {'prometheus-rabbitmq-exporter': - ensure => 'running', - enable => true, - } -> profile::prometheus::export_scrape_config {'rabbitmq': - target => $prometheus_target, + if versioncmp($::lsbmajdistrelease, '11') >= 0 { + # Install the official plugin along rabbitmq + rabbitmq_plugin {'rabbitmq_prometheus': + ensure => present, + } + } else { + # Buster and below, retrieve an extra exporter + package {'prometheus-rabbitmq-exporter': + ensure => 'present', + } -> file {'/etc/default/prometheus-rabbitmq-exporter': + ensure => 'present', + mode => '0600', # Contains passwords + owner => 'root', + group => 'root', + content => template('profile/rabbitmq/prometheus-rabbitmq-exporter.default.erb'), + } ~> service {'prometheus-rabbitmq-exporter': + ensure => 'running', + enable => true, + } + } + + profile::prometheus::export_scrape_config {'rabbitmq': + target => $prometheus_target, } # monitoring user for the icinga check $icinga_checks_file = lookup('icinga2::exported_checks::filename') @@::icinga2::object::service {"rabbitmq-server on ${::fqdn}": service_name => 'rabbitmq server', import => ['generic-service'], host_name => $::fqdn, check_command => 'rabbitmq_server', vars => { rabbitmq_port => 15672, rabbitmq_vhost => $rabbitmq_vhost, rabbitmq_node => $::hostname, rabbitmq_user => $rabbitmq_user, rabbitmq_password => $rabbitmq_password, }, target => $icinga_checks_file, tag => 'icinga2::exported', } }