From b862c78ec9cd12e4fe645d028828ae3ebbb5a393 Mon Sep 17 00:00:00 2001 From: Nemo Date: Sun, 12 May 2019 18:13:48 +0530 Subject: [PATCH] General Updates --- cloudflare/main.tf | 18 ++++++- cloudflare/variables.tf | 2 + digitalocean/droplets.tf | 8 ++- main.tf | 2 + monitoring/cadvisor.tf | 87 ++++++++++++++++++-------------- monitoring/config/prometheus.yml | 32 ++++++------ monitoring/data.tf | 16 ------ monitoring/grafana.tf | 35 ++++++++----- monitoring/images.tf | 20 -------- monitoring/main.tf | 1 - monitoring/nodeexporter.tf | 52 ++++++++++--------- monitoring/speedtest.tf | 26 ++++++---- variables.tf | 9 ++-- 13 files changed, 163 insertions(+), 145 deletions(-) delete mode 100644 monitoring/main.tf diff --git a/cloudflare/main.tf b/cloudflare/main.tf index 9fb6ab6..dbaec8e 100644 --- a/cloudflare/main.tf +++ b/cloudflare/main.tf @@ -25,7 +25,7 @@ resource "cloudflare_record" "home-wildcard" { resource "cloudflare_record" "internet" { domain = "${var.domain}" name = "@" - value = "${var.ips["static"]}" + value = "${var.droplet_ip}" type = "A" } @@ -37,6 +37,22 @@ resource "cloudflare_record" "internet-wildcard" { ttl = 3600 } +resource "cloudflare_record" "dns" { + domain = "${var.domain}" + name = "dns" + value = "${var.ips["static"]}" + type = "A" +} + +resource "cloudflare_record" "doh" { + domain = "${var.domain}" + name = "doh" + value = "${var.ips["static"]}" + type = "A" +} + +// This ensures that _acme-challenge is not a CNAME +// alongside the above wildcard CNAME entry. resource "cloudflare_record" "acme-no-cname-1" { domain = "${var.domain}" name = "_acme-challenge.${var.domain}" diff --git a/cloudflare/variables.tf b/cloudflare/variables.tf index 83f7203..6c1cb5e 100644 --- a/cloudflare/variables.tf +++ b/cloudflare/variables.tf @@ -5,3 +5,5 @@ variable "domain" { variable "ips" { type = "map" } + +variable "droplet_ip" {} diff --git a/digitalocean/droplets.tf b/digitalocean/droplets.tf index d5507bc..6c79fd8 100644 --- a/digitalocean/droplets.tf +++ b/digitalocean/droplets.tf @@ -2,11 +2,13 @@ resource "digitalocean_droplet" "sydney" { image = "" name = "sydney.captnemo.in" region = "blr1" - size = "1gb" + size = "s-1vcpu-2gb" ipv6 = true private_networking = true resize_disk = true + volume_ids = ["eae03502-9279-11e8-ab31-0242ac11470b"] + tags = [ "bangalore", "proxy", @@ -14,3 +16,7 @@ resource "digitalocean_droplet" "sydney" { "vpn", ] } + +output "droplet_ipv4" { + value = "${digitalocean_droplet.sydney.ipv4_address}" +} diff --git a/main.tf b/main.tf index 4e10649..35608b8 100644 --- a/main.tf +++ b/main.tf @@ -2,6 +2,8 @@ module "cloudflare" { source = "cloudflare" domain = "bb8.fun" ips = "${var.ips}" + + droplet_ip = "${module.digitalocean.droplet_ipv4}" } module "docker" { diff --git a/monitoring/cadvisor.tf b/monitoring/cadvisor.tf index b14ffde..c7c1db2 100644 --- a/monitoring/cadvisor.tf +++ b/monitoring/cadvisor.tf @@ -1,47 +1,56 @@ -resource "docker_container" "cadvisor" { +module "cadvisor" { + source = "../modules/container" name = "cadvisor" - image = "${docker_image.cadvisor.latest}" - memory = 512 + image = "google/cadvisor:latest" + + resource { + memory = 512 + memory_swap = 512 + } restart = "unless-stopped" destroy_grace_seconds = 10 must_run = true - volumes { - host_path = "/sys" - container_path = "/sys" - read_only = true + volumes = [ + { + host_path = "/sys" + container_path = "/sys" + read_only = true + }, + { + host_path = "/" + container_path = "/rootfs" + read_only = true + }, + { + host_path = "/var/lib/docker" + container_path = "/var/lib/docker" + read_only = true + }, + { + host_path = "/dev/disk" + container_path = "/dev/disk" + read_only = true + }, + { + host_path = "/var/run" + container_path = "/var/run" + }, + ] + + networks_advanced = [ + { + name = "traefik" + }, + { + name = "monitoring" + }, + ] + + web { + expose = true + port = 8080 + auth = true } - - volumes { - host_path = "/" - container_path = "/rootfs" - read_only = true - } - - volumes { - host_path = "/var/lib/docker" - container_path = "/var/lib/docker" - read_only = true - } - - volumes { - host_path = "/dev/disk" - container_path = "/dev/disk" - read_only = true - } - - volumes { - host_path = "/var/run" - container_path = "/var/run" - } - - networks = ["${var.traefik-network-id}", "${docker_network.monitoring.id}"] - - labels = "${merge( - var.traefik-labels, map( - "traefik.port", 8080, - "traefik.frontend.rule","Host:cadvisor.${var.domain}", - "traefik.frontend.auth.basic", "${var.basic_auth}" - ))}" } diff --git a/monitoring/config/prometheus.yml b/monitoring/config/prometheus.yml index 7e3f6db..51ca239 100644 --- a/monitoring/config/prometheus.yml +++ b/monitoring/config/prometheus.yml @@ -1,44 +1,44 @@ global: scrape_interval: 15s external_labels: - monitor: 'docker-monitor' + monitor: "docker-monitor" scrape_configs: - - job_name: 'prometheus' + - job_name: "prometheus" static_configs: - - targets: ['localhost:9090'] + - targets: ["localhost:9090"] - - job_name: 'node' + - job_name: "node" scrape_interval: 5s static_configs: - - targets: ['nodeexporter:9100'] + - targets: ["nodeexporter:9100"] - - job_name: 'cadvisor' + - job_name: "cadvisor" scrape_interval: 5s static_configs: - - targets: ['cadvisor:8080'] + - targets: ["cadvisor:8080"] - - job_name: 'speedtest' + - job_name: "speedtest" scrape_interval: 15m scrape_timeout: 2m static_configs: - - targets: ['speedtest.docker:9696'] + - targets: ["speedtest:9696"] - - job_name: 'docker' + - job_name: "docker" scrape_interval: 5s static_configs: - - targets: ['192.168.1.111:1337'] + - targets: ["192.168.1.111:1337"] - - job_name: 'traefik' + - job_name: "traefik" scrape_interval: 5s static_configs: - - targets: ['192.168.1.111:1111'] + - targets: ["192.168.1.111:1111"] - - job_name: 'act' + - job_name: "act" scrape_interval: 15m scrape_timeout: 1m static_configs: - - targets: ['act-exporter.docker:3000'] + - targets: ["act-exporter.docker:3000"] rule_files: - - 'alert.rules' + - "alert.rules" diff --git a/monitoring/data.tf b/monitoring/data.tf index 76d2332..1a5ae92 100644 --- a/monitoring/data.tf +++ b/monitoring/data.tf @@ -1,19 +1,3 @@ -data "docker_registry_image" "grafana" { - name = "grafana/grafana:latest" -} - data "docker_registry_image" "prometheus" { name = "prom/prometheus:latest" } - -data "docker_registry_image" "nodeexporter" { - name = "prom/node-exporter:latest" -} - -data "docker_registry_image" "cadvisor" { - name = "google/cadvisor:latest" -} - -data "docker_registry_image" "speedtest" { - name = "captn3m0/speedtest-exporter:alpine" -} diff --git a/monitoring/grafana.tf b/monitoring/grafana.tf index 1db6d61..c6519ef 100644 --- a/monitoring/grafana.tf +++ b/monitoring/grafana.tf @@ -1,22 +1,31 @@ -resource "docker_container" "grafana" { - name = "grafana" - image = "${docker_image.grafana.latest}" +# resource "docker_container" "grafana" { +module "grafana" { + name = "grafana" + source = "../modules/container" + image = "grafana/grafana:latest" // grafana:grafana user = "984:982" - labels = "${merge( - var.traefik-labels, map( - "traefik.port", 3000, - "traefik.frontend.rule","Host:grafana.${var.domain}" - ))}" - - volumes { - host_path = "/mnt/xwing/data/grafana" - container_path = "/var/lib/grafana" + web { + port = 3000 + host = "grafana.${var.domain}" + expose = true } - networks = ["${var.traefik-network-id}", "${docker_network.monitoring.id}"] + volumes = [{ + host_path = "/mnt/xwing/data/grafana" + container_path = "/var/lib/grafana" + }] + + networks_advanced = [ + { + name = "traefik" + }, + { + name = "monitoring" + }, + ] env = [ "GF_SERVER_ROOT_URL=https://grafana.${var.domain}", diff --git a/monitoring/images.tf b/monitoring/images.tf index 31dc75b..12fcfdc 100644 --- a/monitoring/images.tf +++ b/monitoring/images.tf @@ -1,28 +1,8 @@ -resource "docker_image" "grafana" { - name = "${data.docker_registry_image.grafana.name}" - pull_triggers = ["${data.docker_registry_image.grafana.sha256_digest}"] -} - resource "docker_image" "prometheus" { name = "${data.docker_registry_image.prometheus.name}" pull_triggers = ["${data.docker_registry_image.prometheus.sha256_digest}"] } -resource "docker_image" "nodeexporter" { - name = "${data.docker_registry_image.nodeexporter.name}" - pull_triggers = ["${data.docker_registry_image.nodeexporter.sha256_digest}"] -} - -resource "docker_image" "cadvisor" { - name = "${data.docker_registry_image.cadvisor.name}" - pull_triggers = ["${data.docker_registry_image.cadvisor.sha256_digest}"] -} - -resource "docker_image" "speedtest" { - name = "${data.docker_registry_image.speedtest.name}" - pull_triggers = ["${data.docker_registry_image.speedtest.sha256_digest}"] -} - resource "docker_image" "act-exporter" { name = "${data.docker_registry_image.act-exporter.name}" pull_triggers = ["${data.docker_registry_image.act-exporter.sha256_digest}"] diff --git a/monitoring/main.tf b/monitoring/main.tf deleted file mode 100644 index 8b13789..0000000 --- a/monitoring/main.tf +++ /dev/null @@ -1 +0,0 @@ - diff --git a/monitoring/nodeexporter.tf b/monitoring/nodeexporter.tf index b0a3842..c665f75 100644 --- a/monitoring/nodeexporter.tf +++ b/monitoring/nodeexporter.tf @@ -1,28 +1,28 @@ -resource "docker_container" "nodeexporter" { - name = "nodeexporter" - image = "${docker_image.nodeexporter.latest}" +module "nodeexporter" { + name = "nodeexporter" + source = "../modules/container" + image = "prom/node-exporter:latest" - volumes { - host_path = "/proc" - container_path = "/host/proc" - } - - volumes { - host_path = "/sys" - container_path = "/host/sys" - } - - volumes { - host_path = "/" - container_path = "/rootfs" - read_only = true - } - - volumes { - host_path = "/mnt/xwing" - container_path = "/host/mnt" - read_only = true - } + volumes = [ + { + host_path = "/proc" + container_path = "/host/proc" + }, + { + host_path = "/sys" + container_path = "/host/sys" + }, + { + host_path = "/" + container_path = "/rootfs" + read_only = true + }, + { + host_path = "/mnt/xwing" + container_path = "/host/mnt" + read_only = true + }, + ] command = [ "--path.procfs=/host/proc", @@ -30,7 +30,9 @@ resource "docker_container" "nodeexporter" { "--collector.filesystem.ignored-mount-points=\"^/(sys|proc|dev|host|etc)($$|/)\"", ] - networks = ["${docker_network.monitoring.id}"] + networks = [ + "${docker_network.monitoring.id}", + ] restart = "unless-stopped" destroy_grace_seconds = 10 diff --git a/monitoring/speedtest.tf b/monitoring/speedtest.tf index bcbc9de..0a0c11c 100644 --- a/monitoring/speedtest.tf +++ b/monitoring/speedtest.tf @@ -1,17 +1,25 @@ # Transmission Exporter for speedtest results # https://hub.docker.com/r/stefanwalther/speedtest-exporter/ # Built against Alpine: https://github.com/stefanwalther/speedtest-exporter/pull/7 -resource "docker_container" "speedtest" { - name = "speedtest" - image = "${docker_image.speedtest.latest}" - networks_advanced { - name = "monitoring" - aliases = ["speedtest", "speedtest.docker"] - } +module "speedtest" { + name = "speedtest" + image = "captn3m0/speedtest-exporter:alpine" + source = "../modules/container" - networks_advanced { - name = "bridge" + networks_advanced = [ + { + name = "monitoring" + aliases = ["speedtest", "speedtest.docker"] + }, + { + name = "bridge" + }, + ] + + resource { + memory = 256 + memory_swap = 256 } restart = "unless-stopped" diff --git a/variables.tf b/variables.tf index efddf05..938927f 100644 --- a/variables.tf +++ b/variables.tf @@ -2,10 +2,11 @@ variable "ips" { type = "map" default = { - eth0 = "192.168.1.111" - tun0 = "10.8.0.14" - dovpn = "10.8.0.1" - static = "139.59.48.222" + eth0 = "192.168.1.111" + tun0 = "10.8.0.14" + dovpn = "10.8.0.1" + static = "139.59.48.222" + droplet = "139.59.22.234" } }