From b862c78ec9cd12e4fe645d028828ae3ebbb5a393 Mon Sep 17 00:00:00 2001
From: Nemo <me@captnemo.in>
Date: Sun, 12 May 2019 18:13:48 +0530
Subject: [PATCH] General Updates
---
main.tf | 2 ++
variables.tf | 9 +++++----
cloudflare/main.tf | 18 ++++++++++++++++++
cloudflare/variables.tf | 2 ++
digitalocean/droplets.tf | 8 +++++++-
monitoring/cadvisor.tf | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------------------
monitoring/data.tf | 16 ----------------
monitoring/grafana.tf | 33 +++++++++++++++++++++++----------
monitoring/images.tf | 20 --------------------
monitoring/main.tf | 1 -
monitoring/nodeexporter.tf | 52 +++++++++++++++++++++++++++++++---------------------
monitoring/speedtest.tf | 26 ++++++++++++++++++--------
monitoring/config/prometheus.yml | 32 +++++++++++++++++---------------
13 files changed, 162 insertions(+), 144 deletions(-)
diff --git a/main.tf b/main.tf
index 4e10649..35608b8 100644
--- a/main.tf
+++ a/main.tf
@@ -1,7 +1,9 @@
module "cloudflare" {
source = "cloudflare"
domain = "bb8.fun"
ips = "${var.ips}"
+
+ droplet_ip = "${module.digitalocean.droplet_ipv4}"
}
module "docker" {
diff --git a/variables.tf b/variables.tf
index efddf05..938927f 100644
--- a/variables.tf
+++ a/variables.tf
@@ -1,11 +1,12 @@
variable "ips" {
type = "map"
default = {
- eth0 = "192.168.1.111"
- tun0 = "10.8.0.14"
- dovpn = "10.8.0.1"
- static = "139.59.48.222"
+ eth0 = "192.168.1.111"
+ tun0 = "10.8.0.14"
+ dovpn = "10.8.0.1"
+ static = "139.59.48.222"
+ droplet = "139.59.22.234"
}
}
diff --git a/cloudflare/main.tf b/cloudflare/main.tf
index 9fb6ab6..dbaec8e 100644
--- a/cloudflare/main.tf
+++ a/cloudflare/main.tf
@@ -25,7 +25,7 @@
resource "cloudflare_record" "internet" {
domain = "${var.domain}"
name = "@"
- value = "${var.ips["static"]}"
+ value = "${var.droplet_ip}"
type = "A"
}
@@ -35,8 +35,24 @@
value = "${cloudflare_record.internet.hostname}"
type = "CNAME"
ttl = 3600
+}
+
+resource "cloudflare_record" "dns" {
+ domain = "${var.domain}"
+ name = "dns"
+ value = "${var.ips["static"]}"
+ type = "A"
+}
+
+resource "cloudflare_record" "doh" {
+ domain = "${var.domain}"
+ name = "doh"
+ value = "${var.ips["static"]}"
+ type = "A"
}
+// This ensures that _acme-challenge is not a CNAME
+// alongside the above wildcard CNAME entry.
resource "cloudflare_record" "acme-no-cname-1" {
domain = "${var.domain}"
name = "_acme-challenge.${var.domain}"
diff --git a/cloudflare/variables.tf b/cloudflare/variables.tf
index 83f7203..6c1cb5e 100644
--- a/cloudflare/variables.tf
+++ a/cloudflare/variables.tf
@@ -5,3 +5,5 @@
variable "ips" {
type = "map"
}
+
+variable "droplet_ip" {}
diff --git a/digitalocean/droplets.tf b/digitalocean/droplets.tf
index d5507bc..6c79fd8 100644
--- a/digitalocean/droplets.tf
+++ a/digitalocean/droplets.tf
@@ -1,16 +1,22 @@
resource "digitalocean_droplet" "sydney" {
image = ""
name = "sydney.captnemo.in"
region = "blr1"
- size = "1gb"
+ size = "s-1vcpu-2gb"
ipv6 = true
private_networking = true
resize_disk = true
+ volume_ids = ["eae03502-9279-11e8-ab31-0242ac11470b"]
+
tags = [
"bangalore",
"proxy",
"sydney",
"vpn",
]
+}
+
+output "droplet_ipv4" {
+ value = "${digitalocean_droplet.sydney.ipv4_address}"
}
diff --git a/monitoring/cadvisor.tf b/monitoring/cadvisor.tf
index b14ffde..c7c1db2 100644
--- a/monitoring/cadvisor.tf
+++ a/monitoring/cadvisor.tf
@@ -1,47 +1,56 @@
-resource "docker_container" "cadvisor" {
+module "cadvisor" {
+ source = "../modules/container"
name = "cadvisor"
- image = "${docker_image.cadvisor.latest}"
- memory = 512
+ image = "google/cadvisor:latest"
+
+ resource {
+ memory = 512
+ memory_swap = 512
+ }
restart = "unless-stopped"
destroy_grace_seconds = 10
must_run = true
-
- volumes {
- host_path = "/sys"
- container_path = "/sys"
- read_only = true
- }
-
- volumes {
- host_path = "/"
- container_path = "/rootfs"
- read_only = true
- }
- volumes {
- host_path = "/var/lib/docker"
- container_path = "/var/lib/docker"
- read_only = true
+ volumes = [
+ {
+ host_path = "/sys"
+ container_path = "/sys"
+ read_only = true
+ },
+ {
+ host_path = "/"
+ container_path = "/rootfs"
+ read_only = true
+ },
+ {
+ host_path = "/var/lib/docker"
+ container_path = "/var/lib/docker"
+ read_only = true
+ },
+ {
+ host_path = "/dev/disk"
+ container_path = "/dev/disk"
+ read_only = true
+ },
+ {
+ host_path = "/var/run"
+ container_path = "/var/run"
+ },
+ ]
+
+ networks_advanced = [
+ {
+ name = "traefik"
+ },
+ {
+ name = "monitoring"
+ },
+ ]
+
+ web {
+ expose = true
+ port = 8080
+ auth = true
}
-
- volumes {
- host_path = "/dev/disk"
- container_path = "/dev/disk"
- read_only = true
- }
-
- volumes {
- host_path = "/var/run"
- container_path = "/var/run"
- }
-
- networks = ["${var.traefik-network-id}", "${docker_network.monitoring.id}"]
-
- labels = "${merge(
- var.traefik-labels, map(
- "traefik.port", 8080,
- "traefik.frontend.rule","Host:cadvisor.${var.domain}",
- "traefik.frontend.auth.basic", "${var.basic_auth}"
- ))}"
}
diff --git a/monitoring/data.tf b/monitoring/data.tf
index 76d2332..1a5ae92 100644
--- a/monitoring/data.tf
+++ a/monitoring/data.tf
@@ -1,19 +1,3 @@
-data "docker_registry_image" "grafana" {
- name = "grafana/grafana:latest"
-}
-
data "docker_registry_image" "prometheus" {
name = "prom/prometheus:latest"
-}
-
-data "docker_registry_image" "nodeexporter" {
- name = "prom/node-exporter:latest"
-}
-
-data "docker_registry_image" "cadvisor" {
- name = "google/cadvisor:latest"
-}
-
-data "docker_registry_image" "speedtest" {
- name = "captn3m0/speedtest-exporter:alpine"
}
diff --git a/monitoring/grafana.tf b/monitoring/grafana.tf
index 1db6d61..c6519ef 100644
--- a/monitoring/grafana.tf
+++ a/monitoring/grafana.tf
@@ -1,22 +1,31 @@
-resource "docker_container" "grafana" {
- name = "grafana"
- image = "${docker_image.grafana.latest}"
+# resource "docker_container" "grafana" {
+module "grafana" {
+ name = "grafana"
+ source = "../modules/container"
+ image = "grafana/grafana:latest"
// grafana:grafana
user = "984:982"
- labels = "${merge(
- var.traefik-labels, map(
- "traefik.port", 3000,
- "traefik.frontend.rule","Host:grafana.${var.domain}"
- ))}"
+ web {
+ port = 3000
+ host = "grafana.${var.domain}"
+ expose = true
+ }
- volumes {
+ volumes = [{
host_path = "/mnt/xwing/data/grafana"
container_path = "/var/lib/grafana"
- }
-
- networks = ["${var.traefik-network-id}", "${docker_network.monitoring.id}"]
+ }]
+
+ networks_advanced = [
+ {
+ name = "traefik"
+ },
+ {
+ name = "monitoring"
+ },
+ ]
env = [
"GF_SERVER_ROOT_URL=https://grafana.${var.domain}",
diff --git a/monitoring/images.tf b/monitoring/images.tf
index 31dc75b..12fcfdc 100644
--- a/monitoring/images.tf
+++ a/monitoring/images.tf
@@ -1,26 +1,6 @@
-resource "docker_image" "grafana" {
- name = "${data.docker_registry_image.grafana.name}"
- pull_triggers = ["${data.docker_registry_image.grafana.sha256_digest}"]
-}
-
resource "docker_image" "prometheus" {
name = "${data.docker_registry_image.prometheus.name}"
pull_triggers = ["${data.docker_registry_image.prometheus.sha256_digest}"]
-}
-
-resource "docker_image" "nodeexporter" {
- name = "${data.docker_registry_image.nodeexporter.name}"
- pull_triggers = ["${data.docker_registry_image.nodeexporter.sha256_digest}"]
-}
-
-resource "docker_image" "cadvisor" {
- name = "${data.docker_registry_image.cadvisor.name}"
- pull_triggers = ["${data.docker_registry_image.cadvisor.sha256_digest}"]
-}
-
-resource "docker_image" "speedtest" {
- name = "${data.docker_registry_image.speedtest.name}"
- pull_triggers = ["${data.docker_registry_image.speedtest.sha256_digest}"]
}
resource "docker_image" "act-exporter" {
diff --git a/monitoring/main.tf b/monitoring/main.tf
deleted file mode 100644
index 8b13789..0000000 100644
--- a/monitoring/main.tf
+++ /dev/null
@@ -1,1 +1,0 @@
-
diff --git a/monitoring/nodeexporter.tf b/monitoring/nodeexporter.tf
index b0a3842..c665f75 100644
--- a/monitoring/nodeexporter.tf
+++ a/monitoring/nodeexporter.tf
@@ -1,28 +1,28 @@
-resource "docker_container" "nodeexporter" {
- name = "nodeexporter"
- image = "${docker_image.nodeexporter.latest}"
+module "nodeexporter" {
+ name = "nodeexporter"
+ source = "../modules/container"
+ image = "prom/node-exporter:latest"
- volumes {
- host_path = "/proc"
- container_path = "/host/proc"
- }
-
- volumes {
- host_path = "/sys"
- container_path = "/host/sys"
- }
-
- volumes {
- host_path = "/"
- container_path = "/rootfs"
- read_only = true
- }
-
- volumes {
- host_path = "/mnt/xwing"
- container_path = "/host/mnt"
- read_only = true
- }
+ volumes = [
+ {
+ host_path = "/proc"
+ container_path = "/host/proc"
+ },
+ {
+ host_path = "/sys"
+ container_path = "/host/sys"
+ },
+ {
+ host_path = "/"
+ container_path = "/rootfs"
+ read_only = true
+ },
+ {
+ host_path = "/mnt/xwing"
+ container_path = "/host/mnt"
+ read_only = true
+ },
+ ]
command = [
"--path.procfs=/host/proc",
@@ -30,7 +30,9 @@
"--collector.filesystem.ignored-mount-points=\"^/(sys|proc|dev|host|etc)($$|/)\"",
]
- networks = ["${docker_network.monitoring.id}"]
+ networks = [
+ "${docker_network.monitoring.id}",
+ ]
restart = "unless-stopped"
destroy_grace_seconds = 10
diff --git a/monitoring/speedtest.tf b/monitoring/speedtest.tf
index bcbc9de..0a0c11c 100644
--- a/monitoring/speedtest.tf
+++ a/monitoring/speedtest.tf
@@ -1,17 +1,25 @@
# Transmission Exporter for speedtest results
# https://hub.docker.com/r/stefanwalther/speedtest-exporter/
# Built against Alpine: https://github.com/stefanwalther/speedtest-exporter/pull/7
-resource "docker_container" "speedtest" {
- name = "speedtest"
- image = "${docker_image.speedtest.latest}"
- networks_advanced {
- name = "monitoring"
- aliases = ["speedtest", "speedtest.docker"]
- }
+module "speedtest" {
+ name = "speedtest"
+ image = "captn3m0/speedtest-exporter:alpine"
+ source = "../modules/container"
- networks_advanced {
- name = "bridge"
+ networks_advanced = [
+ {
+ name = "monitoring"
+ aliases = ["speedtest", "speedtest.docker"]
+ },
+ {
+ name = "bridge"
+ },
+ ]
+
+ resource {
+ memory = 256
+ memory_swap = 256
}
restart = "unless-stopped"
diff --git a/monitoring/config/prometheus.yml b/monitoring/config/prometheus.yml
index 7e3f6db..51ca239 100644
--- a/monitoring/config/prometheus.yml
+++ a/monitoring/config/prometheus.yml
@@ -1,44 +1,44 @@
global:
scrape_interval: 15s
external_labels:
- monitor: 'docker-monitor'
+ monitor: "docker-monitor"
scrape_configs:
- - job_name: 'prometheus'
+ - job_name: "prometheus"
static_configs:
- - targets: ['localhost:9090']
+ - targets: ["localhost:9090"]
- - job_name: 'node'
+ - job_name: "node"
scrape_interval: 5s
static_configs:
- - targets: ['nodeexporter:9100']
+ - targets: ["nodeexporter:9100"]
- - job_name: 'cadvisor'
+ - job_name: "cadvisor"
scrape_interval: 5s
static_configs:
- - targets: ['cadvisor:8080']
+ - targets: ["cadvisor:8080"]
- - job_name: 'speedtest'
+ - job_name: "speedtest"
scrape_interval: 15m
scrape_timeout: 2m
static_configs:
- - targets: ['speedtest.docker:9696']
+ - targets: ["speedtest:9696"]
- - job_name: 'docker'
+ - job_name: "docker"
scrape_interval: 5s
static_configs:
- - targets: ['192.168.1.111:1337']
+ - targets: ["192.168.1.111:1337"]
- - job_name: 'traefik'
+ - job_name: "traefik"
scrape_interval: 5s
static_configs:
- - targets: ['192.168.1.111:1111']
+ - targets: ["192.168.1.111:1111"]
- - job_name: 'act'
+ - job_name: "act"
scrape_interval: 15m
scrape_timeout: 1m
static_configs:
- - targets: ['act-exporter.docker:3000']
+ - targets: ["act-exporter.docker:3000"]
rule_files:
- - 'alert.rules'
+ - "alert.rules"
--
rgit 0.1.5