Remove broken telegraf/grafana

2021-03-10 17:49:55 +01:00 · 2021-03-10 17:49:55 +01:00 · 9619b8956b
commit 9619b8956b
parent e5a82f7a07
7 changed files with 2 additions and 604 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 prod
 passwords/
 vault_pass
 .idea/
--- a/files/docker-compose.yml
+++ b/files/docker-compose.yml
@ -48,25 +48,6 @@ services:
      - redis
      - postfix
  grafana:
    image: grafana/grafana:7.2.2
    restart: always
    ports:
      - 127.0.0.1:3002:3000
    volumes:
      - ./volumes/grafana:/var/lib/grafana
    depends_on:
      - influxdb
  influxdb:
    image: influxdb:1.8-alpine
    restart: always
    ports:
      - 127.0.0.1:8086:8086
    volumes:
      - ./volumes/influxdb:/var/lib/influxdb
      - ./influxdb.conf:/etc/influxdb/influxdb.conf:ro
  postgres:
    image: postgres:12-alpine
    restart: always
--- a/playbooks/gitea.yml
+++ b/playbooks/gitea.yml
@ -22,16 +22,13 @@
        - { path: '/gitea/volumes/gitea/', owner: 'root' }
        - { path: '/gitea/volumes/redis/', owner: 'root' }
        - { path: '/gitea/volumes/weblate/', owner: '1000' }
        - { path: '/gitea/volumes/grafana/', owner: '472' }
        - { path: '/gitea/volumes/postgres/', owner: '70' }
        - { path: '/gitea/volumes/influxdb/', owner: 'root' }
    - name: add all templates
      template: src={{item.src}} dest={{item.dest}} mode={{item.mode}}
      with_items:
        - { src: '../templates/gitea.conf', dest: '/etc/nginx/sites-enabled/gitea.conf', mode: '0600' }
        - { src: '../templates/weblate.conf', dest: '/etc/nginx/sites-enabled/weblate.conf', mode: '0600' }
        - { src: '../templates/grafana.conf', dest: '/etc/nginx/sites-enabled/grafana.conf', mode: '0600' }
        - { src: '../templates/env', dest: '/gitea/.env', mode: '0600' }
    - name: copy all files
      copy: src={{item.src}} dest={{item.dest}} mode={{item.mode}}
@ -54,25 +51,10 @@
        state: present
        pull: yes
    - name: Create htpasswd file for influxdb reporting endpoint
      community.general.htpasswd:
        path: /gitea/influxdb_htpasswd
        name: telegraf
        password: '{{ influxdb_auth_password }}'
        owner: root
        group: www-data
        mode: 0640
    - name: request letsencrypt certificates
      shell: |
        certbot certonly --nginx --agree-tos -d '{{ domain }}' -m '{{ letsencrypt_contact_email }}' -n
        certbot certonly --nginx --agree-tos -d 'weblate.{{ domain }}' -m '{{ letsencrypt_contact_email }}' -n
        certbot certonly --nginx --agree-tos -d 'grafana.{{ domain }}' -m '{{ letsencrypt_contact_email }}' -n
        # keep old domain working for a while
        certbot certonly --nginx --agree-tos -d 'yerbamate.dev' -m '{{ letsencrypt_contact_email }}' -n
        certbot certonly --nginx --agree-tos -d 'weblate.yerbamate.dev' -m '{{ letsencrypt_contact_email }}' -n
        certbot certonly --nginx --agree-tos -d 'grafana.yerbamate.dev' -m '{{ letsencrypt_contact_email }}' -n
    - name: reload nginx config and certs
      shell: nginx -s reload
@ -90,10 +72,3 @@
        name=certbot-renew-weblate
        user=root
        job="certbot certonly --nginx -d weblate.{{ domain }} -n --deploy-hook 'nginx -s reload'"
    - name: renew grafana certificates
      cron:
        special_time=daily
        name=certbot-renew-grafana
        user=root
        job="certbot certonly --nginx -d grafana.{{ domain }} -n --deploy-hook 'nginx -s reload'"
--- a/playbooks/site.yml
+++ b/playbooks/site.yml
@ -1,3 +1,2 @@
 ---
 - import_playbook: gitea.yml
 - import_playbook: telegraf.yml
--- a/playbooks/telegraf.yml
+++ b/playbooks/telegraf.yml
@ -1,44 +0,0 @@
 ---
 - hosts: all
  tasks:
  - name: copy nginx files
    copy:
      src: '../files/nginx_status.conf'
      dest: '/etc/nginx/sites-enabled/nginx_status.conf'
  - name: add telegraf apt key
    apt_key:
      keyserver: https://repos.influxdata.com/influxdb.key
      id: 684A14CF2582E0C5
      state: present
  - name: add telegraf apt repository
    apt_repository:
      # Note: we need to adjust this manually for different ubuntu versions
      repo: 'deb https://repos.influxdata.com/ubuntu bionic stable'
      state: present
      filename: influxdb
      update_cache: yes
  - name: add telegraf to docker group
    action: user name=telegraf groups="docker" append=yes
  - name: install telegraf
    apt:
      name: telegraf
      state: present
  - name:  add telegraf config
    template:
      src: '../templates/telegraf.conf.j2'
      dest: '/etc/telegraf/telegraf.conf'
      owner: telegraf
      group: telegraf
      mode: '0600'
  - name: start and enable telegraf service
    systemd:
      state: reloaded
      name: telegraf
      enabled: true
--- a/templates/grafana.conf
+++ b/templates/grafana.conf
@ -1,69 +0,0 @@
 # forward from old domain
 server {
    listen 80;
    server_name grafana.yerbamate.dev;
    return https://grafana.yerbamate.ml$request_uri;
 }
 server {
    listen 443 ssl http2;
    server_name grafana.yerbamate.dev;
    ssl_certificate /etc/letsencrypt/live/grafana.yerbamate.dev/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/grafana.yerbamate.dev/privkey.pem;
    return https://grafana.yerbamate.ml$request_uri;
 }
 server {
    listen 80;
    server_name grafana.{{ domain }};
    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }
    location / {
        return 301 https://$host$request_uri;
    }
 }
 server {
    listen 443 ssl http2;
    server_name grafana.{{ domain }};
    ssl_certificate /etc/letsencrypt/live/grafana.{{ domain }}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/grafana.{{ domain }}/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Strict-Transport-Security "max-age=15768000";
    add_header Referrer-Policy "same-origin";
    fastcgi_hide_header X-Powered-By;
    server_tokens off;
    client_max_body_size 100M;
    # No compression for json to avoid BREACH attack.
    gzip on;
    gzip_types text/plain text/xml text/css application/xml application/javascript image/svg+xml image/svg;
    gzip_proxied any;
    gzip_vary on;
    location / {
        proxy_pass http://127.0.0.1:3002;
    }
    location /telegraf-input/ {
        auth_basic "telegraf input";
        auth_basic_user_file /gitea/influxdb_htpasswd;
        proxy_pass http://127.0.0.1:8086/;
    }
 }
--- a/templates/telegraf.conf.j2
+++ b/templates/telegraf.conf.j2
@ -1,445 +0,0 @@
 # Telegraf Configuration
 #
 # Telegraf is entirely plugin driven. All metrics are gathered from the
 # declared inputs, and sent to the declared outputs.
 #
 # Plugins must be declared in here to be active.
 # To deactivate a plugin, comment out the name and any variables.
 #
 # Use 'telegraf -config telegraf.conf -test' to see what metrics a config
 # file would generate.
 #
 # Environment variables can be used anywhere in this config file, simply surround
 # them with ${}. For strings the variable must be within quotes (ie, "${STR_VAR}"),
 # for numbers and booleans they should be plain (ie, ${INT_VAR}, ${BOOL_VAR})
 # Global tags can be specified here in key="value" format.
 [global_tags]
 # dc = "us-east-1" # will tag all metrics with dc=us-east-1
 # rack = "1a"
 ## Environment variables can be used as tags, and throughout the config file
 # user = "$USER"
 # Configuration for telegraf agent
 [agent]
 ## Default data collection interval for all inputs
 interval = "10s"
 ## Rounds collection interval to 'interval'
 ## ie, if interval="10s" then always collect on :00, :10, :20, etc.
 round_interval = true
 ## Telegraf will send metrics to outputs in batches of at most
 ## metric_batch_size metrics.
 ## This controls the size of writes that Telegraf sends to output plugins.
 metric_batch_size = 1000
 ## Maximum number of unwritten metrics per output.  Increasing this value
 ## allows for longer periods of output downtime without dropping metrics at the
 ## cost of higher maximum memory usage.
 metric_buffer_limit = 10000
 ## Collection jitter is used to jitter the collection by a random amount.
 ## Each plugin will sleep for a random time within jitter before collecting.
 ## This can be used to avoid many plugins querying things like sysfs at the
 ## same time, which can have a measurable effect on the system.
 collection_jitter = "0s"
 ## Default flushing interval for all outputs. Maximum flush_interval will be
 ## flush_interval + flush_jitter
 flush_interval = "10s"
 ## Jitter the flush interval by a random amount. This is primarily to avoid
 ## large write spikes for users running a large number of telegraf instances.
 ## ie, a jitter of 5s and interval 10s means flushes will happen every 10-15s
 flush_jitter = "0s"
 ## By default or when set to "0s", precision will be set to the same
 ## timestamp order as the collection interval, with the maximum being 1s.
 ##   ie, when interval = "10s", precision will be "1s"
 ##       when interval = "250ms", precision will be "1ms"
 ## Precision will NOT be used for service inputs. It is up to each individual
 ## service input to set the timestamp at the appropriate precision.
 ## Valid time units are "ns", "us" (or "µs"), "ms", "s".
 precision = ""
 ## Log at debug level.
 # debug = false
 ## Log only error level messages.
 # quiet = false
 ## Log target controls the destination for logs and can be one of "file",
 ## "stderr" or, on Windows, "eventlog".  When set to "file", the output file
 ## is determined by the "logfile" setting.
 # logtarget = "file"
 ## Name of the file to be logged to when using the "file" logtarget.  If set to
 ## the empty string then logs are written to stderr.
 # logfile = ""
 ## The logfile will be rotated after the time interval specified.  When set
 ## to 0 no time based rotation is performed.  Logs are rotated only when
 ## written to, if there is no log activity rotation may be delayed.
 # logfile_rotation_interval = "0d"
 ## The logfile will be rotated when it becomes larger than the specified
 ## size.  When set to 0 no size based rotation is performed.
 # logfile_rotation_max_size = "0MB"
 ## Maximum number of rotated archives to keep, any older logs are deleted.
 ## If set to -1, no archives are removed.
 # logfile_rotation_max_archives = 5
 ## Override default hostname, if empty use os.Hostname()
 hostname = ""
 ## If set to true, do no set the "host" tag in the telegraf agent.
 omit_hostname = false
 ###############################################################################
 #                            OUTPUT PLUGINS                                   #
 ###############################################################################
 # Configuration for sending metrics to InfluxDB
 [[outputs.influxdb]]
 ## The full HTTP or UDP URL for your InfluxDB instance.
 ##
 ## Multiple URLs can be specified for a single cluster, only ONE of the
 ## urls will be written to each interval.
 # urls = ["unix:///var/run/influxdb.sock"]
 # urls = ["udp://127.0.0.1:8089"]
 # urls = ["http://127.0.0.1:8086"]
 urls = ["https://grafana.yerbamate.dev/telegraf-input"]
 ## The target database for metrics; will be created as needed.
 ## For UDP url endpoint database needs to be configured on server side.
 database = "yerbamate"
 ## The value of this tag will be used to determine the database.  If this
 ## tag is not set the 'database' option is used as the default.
 # database_tag = ""
 ## If true, the 'database_tag' will not be included in the written metric.
 # exclude_database_tag = false
 ## If true, no CREATE DATABASE queries will be sent.  Set to true when using
 ## Telegraf with a user without permissions to create databases or when the
 ## database already exists.
 # skip_database_creation = false
 ## Name of existing retention policy to write to.  Empty string writes to
 ## the default retention policy.  Only takes effect when using HTTP.
 # retention_policy = ""
 ## The value of this tag will be used to determine the retention policy.  If this
 ## tag is not set the 'retention_policy' option is used as the default.
 # retention_policy_tag = ""
 ## If true, the 'retention_policy_tag' will not be included in the written metric.
 # exclude_retention_policy_tag = false
 ## Write consistency (clusters only), can be: "any", "one", "quorum", "all".
 ## Only takes effect when using HTTP.
 # write_consistency = "any"
 ## Timeout for HTTP messages.
 # timeout = "5s"
 ## HTTP Basic Auth
 username = "telegraf"
 password = "{{ influxdb_auth_password }}"
 ## HTTP User-Agent
 # user_agent = "telegraf"
 ## UDP payload size is the maximum packet size to send.
 # udp_payload = "512B"
 ## Optional TLS Config for use on HTTP connections.
 # tls_ca = "/etc/telegraf/ca.pem"
 # tls_cert = "/etc/telegraf/cert.pem"
 # tls_key = "/etc/telegraf/key.pem"
 ## Use TLS but skip chain & host verification
 # insecure_skip_verify = false
 ## HTTP Proxy override, if unset values the standard proxy environment
 ## variables are consulted to determine which proxy, if any, should be used.
 # http_proxy = "http://corporate.proxy:3128"
 ## Additional HTTP headers
 # http_headers = {"X-Special-Header" = "Special-Value"}
 ## HTTP Content-Encoding for write request body, can be set to "gzip" to
 ## compress body or "identity" to apply no encoding.
 # content_encoding = "identity"
 ## When true, Telegraf will output unsigned integers as unsigned values,
 ## i.e.: "42u".  You will need a version of InfluxDB supporting unsigned
 ## integer values.  Enabling this option will result in field type errors if
 ## existing data has been written.
 # influx_uint_support = false
 ###############################################################################
 #                            INPUT PLUGINS                                    #
 ###############################################################################
 # Read metrics about cpu usage
 [[inputs.cpu]]
 ## Whether to report per-cpu stats or not
 percpu = true
 ## Whether to report total system cpu stats or not
 totalcpu = true
 ## If true, collect raw CPU time metrics.
 collect_cpu_time = false
 ## If true, compute and report the sum of all non-idle CPU states.
 report_active = false
 # Read metrics about disk usage by mount point
 [[inputs.disk]]
 ## By default stats will be gathered for all mount points.
 ## Set mount_points will restrict the stats to only the specified mount points.
 # mount_points = ["/"]
 ## Ignore mount points by filesystem type.
 ignore_fs = ["tmpfs", "devtmpfs", "devfs", "iso9660", "overlay", "aufs", "squashfs"]
 # Read metrics about disk IO by device
 [[inputs.diskio]]
 ## By default, telegraf will gather stats for all devices including
 ## disk partitions.
 ## Setting devices will restrict the stats to the specified devices.
 # devices = ["sda", "sdb", "vd*"]
 ## Uncomment the following line if you need disk serial numbers.
 # skip_serial_number = false
 #
 ## On systems which support it, device metadata can be added in the form of
 ## tags.
 ## Currently only Linux is supported via udev properties. You can view
 ## available properties for a device by running:
 ## 'udevadm info -q property -n /dev/sda'
 ## Note: Most, but not all, udev properties can be accessed this way. Properties
 ## that are currently inaccessible include DEVTYPE, DEVNAME, and DEVPATH.
 # device_tags = ["ID_FS_TYPE", "ID_FS_USAGE"]
 #
 ## Using the same metadata source as device_tags, you can also customize the
 ## name of the device via templates.
 ## The 'name_templates' parameter is a list of templates to try and apply to
 ## the device. The template may contain variables in the form of '$PROPERTY' or
 ## '${PROPERTY}'. The first template which does not contain any variables not
 ## present for the device is used as the device name tag.
 ## The typical use case is for LVM volumes, to get the VG/LV name instead of
 ## the near-meaningless DM-0 name.
 # name_templates = ["$ID_FS_LABEL","$DM_VG_NAME/$DM_LV_NAME"]
 # Get kernel statistics from /proc/stat
 [[inputs.kernel]]
 # no configuration
 # Read metrics about memory usage
 [[inputs.mem]]
 # no configuration
 # Get the number of processes and group them by status
 [[inputs.processes]]
 # no configuration
 # Read metrics about swap memory usage
 [[inputs.swap]]
 # no configuration
 # Read metrics about system load & uptime
 [[inputs.system]]
 ## Uncomment to remove deprecated metrics.
 fielddrop = ["uptime_format"]
 [[inputs.net]]
 interfaces = ["eth0"]
 # Read metrics about docker containers
 [[inputs.docker]]
 ## Docker Endpoint
 ##   To use TCP, set endpoint = "tcp://[ip]:[port]"
 ##   To use environment variables (ie, docker-machine), set endpoint = "ENV"
 endpoint = "unix:///var/run/docker.sock"
 ## Set to true to collect Swarm metrics(desired_replicas, running_replicas)
 gather_services = false
 ## Only collect metrics for these containers, collect all if empty
 container_names = []
 ## Set the source tag for the metrics to the container ID hostname, eg first 12 chars
 source_tag = false
 ## Containers to include and exclude. Globs accepted.
 ## Note that an empty array for both will include all containers
 container_name_include = []
 container_name_exclude = []
 ## Container states to include and exclude. Globs accepted.
 ## When empty only containers in the "running" state will be captured.
 ## example: container_state_include = ["created", "restarting", "running", "removing", "paused", "exited", "dead"]
 ## example: container_state_exclude = ["created", "restarting", "running", "removing", "paused", "exited", "dead"]
 # container_state_include = []
 # container_state_exclude = []
 ## Timeout for docker list, info, and stats commands
 timeout = "5s"
 ## Whether to report for each container per-device blkio (8:0, 8:1...) and
 ## network (eth0, eth1, ...) stats or not
 perdevice = true
 ## Whether to report for each container total blkio and network stats or not
 total = false
 ## Which environment variables should we use as a tag
 ##tag_env = ["JAVA_HOME", "HEAP_SIZE"]
 ## docker labels to include and exclude as tags.  Globs accepted.
 ## Note that an empty array for both will include all labels as tags
 docker_label_include = []
 docker_label_exclude = []
 ## Optional TLS Config
 # tls_ca = "/etc/telegraf/ca.pem"
 # tls_cert = "/etc/telegraf/cert.pem"
 # tls_key = "/etc/telegraf/key.pem"
 ## Use TLS but skip chain & host verification
 # insecure_skip_verify = false
 # Read Nginx's basic status information (ngx_http_stub_status_module)
 [[inputs.nginx]]
 # An array of Nginx stub_status URI to gather stats.
 urls = ["http://localhost:8090/nginx_status"]
 ## Optional TLS Config
 # tls_ca = "/etc/telegraf/ca.pem"
 # tls_cert = "/etc/telegraf/cert.cer"
 # tls_key = "/etc/telegraf/key.key"
 ## Use TLS but skip chain & host verification
 # insecure_skip_verify = false
 # HTTP response timeout (default: 5s)
 # response_timeout = "5s"
 # # Read nginx_upstream_check module status information (https://github.com/yaoweibin/nginx_upstream_check_module)
 # [[inputs.nginx_upstream_check]]
 #   ## An URL where Nginx Upstream check module is enabled
 #   ## It should be set to return a JSON formatted response
 #   url = "http://127.0.0.1/status?format=json"
 #
 #   ## HTTP method
 #   # method = "GET"
 #
 #   ## Optional HTTP headers
 #   # headers = {"X-Special-Header" = "Special-Value"}
 #
 #   ## Override HTTP "Host" header
 #   # host_header = "check.example.com"
 #
 #   ## Timeout for HTTP requests
 #   timeout = "5s"
 #
 #   ## Optional HTTP Basic Auth credentials
 #   # username = "username"
 #   # password = "pa$$word"
 #
 #   ## Optional TLS Config
 #   # tls_ca = "/etc/telegraf/ca.pem"
 #   # tls_cert = "/etc/telegraf/cert.pem"
 #   # tls_key = "/etc/telegraf/key.pem"
 #   ## Use TLS but skip chain & host verification
 #   # insecure_skip_verify = false
 ###############################################################################
 #                            SERVICE INPUT PLUGINS                            #
 ###############################################################################
 # Read logging output from the Docker engine
 [[inputs.docker_log]]
 # Docker Endpoint
 #   To use TCP, set endpoint = "tcp://[ip]:[port]"
 #   To use environment variables (ie, docker-machine), set endpoint = "ENV"
 endpoint = "unix:///var/run/docker.sock"
 # When true, container logs are read from the beginning; otherwise
 # reading begins at the end of the log.
 from_beginning = false
 ## Timeout for Docker API calls.
 # timeout = "5s"
 ## Containers to include and exclude. Globs accepted.
 ## Note that an empty array for both will include all containers
 # container_name_include = []
 # container_name_exclude = []
 ## Container states to include and exclude. Globs accepted.
 ## When empty only containers in the "running" state will be captured.
 # container_state_include = []
 # container_state_exclude = []
 ## docker labels to include and exclude as tags.  Globs accepted.
 ## Note that an empty array for both will include all labels as tags
 # docker_label_include = []
 # docker_label_exclude = []
 ## Set the source tag for the metrics to the container ID hostname, eg first 12 chars
 source_tag = false
 ## Optional TLS Config
 # tls_ca = "/etc/telegraf/ca.pem"
 # tls_cert = "/etc/telegraf/cert.pem"
 # tls_key = "/etc/telegraf/key.pem"
 ## Use TLS but skip chain & host verification
 # insecure_skip_verify = false
 # # Read metrics from one or many postgresql servers
 # [[inputs.postgresql]]
 #   ## specify address via a url matching:
 #   ##   postgres://[pqgotest[:password]]@localhost[/dbname]\
 #   ##       ?sslmode=[disable|verify-ca|verify-full]
 #   ## or a simple string:
 #   ##   host=localhost user=pqotest password=... sslmode=... dbname=app_production
 #   ##
 #   ## All connection parameters are optional.
 #   ##
 #   ## Without the dbname parameter, the driver will default to a database
 #   ## with the same name as the user. This dbname is just for instantiating a
 #   ## connection with the server and doesn't restrict the databases we are trying
 #   ## to grab metrics for.
 #   ##
 #   address = "host=localhost user=postgres sslmode=disable"
 #   ## A custom name for the database that will be used as the "server" tag in the
 #   ## measurement output. If not specified, a default one generated from
 #   ## the connection address is used.
 #   # outputaddress = "db01"
 #
 #   ## connection configuration.
 #   ## maxlifetime - specify the maximum lifetime of a connection.
 #   ## default is forever (0s)
 #   max_lifetime = "0s"
 #
 #   ## A  list of databases to explicitly ignore.  If not specified, metrics for all
 #   ## databases are gathered.  Do NOT use with the 'databases' option.
 #   # ignored_databases = ["postgres", "template0", "template1"]
 #
 #   ## A list of databases to pull metrics about. If not specified, metrics for all
 #   ## databases are gathered.  Do NOT use with the 'ignored_databases' option.
 #   # databases = ["app_production", "testing"]