Compare commits

...

10 Commits

Author SHA1 Message Date
363754443d
Manage Prometheus firewall rules
Some checks failed
ci/lysergic/push/pipeline Pipeline failed
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 18:52:17 +01:00
76a51e490f
Moni: Read Blackbox targets as JSON
Use uniform JSON target files instead of a JSON/YAML mix.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 18:52:17 +01:00
fbc70ed8d1
p.node_exporter->p.prometheus.node_exporter
Since the last commit introduced a new Prometheus targets profile, it
makes sense to move node_exporter underneath the Prometheus tree as
well.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 18:52:17 +01:00
c5f06a6827
Manage Prometheus targets
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 18:52:17 +01:00
ebc66c73a8
Import Prometheus server configuration
* add new roles:
  - monitoring.prometheus
  - monitoring.prometheus-alertmanager
  - monitoring.prometheus-exporter-blackbox
* add common Prometheus and Prometheus Alertmanager pillar data
* add moni.lysergic.dev specific Prometheus pillar data

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 18:52:13 +01:00
a705925aa6 Merge pull request 'Commmit lint: allow pipeline + more characters' (#37) from commit-lint into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #37
2023-02-20 19:34:14 +01:00
0c8e3159d3
pipeline.gommit: allow pipeline + more characters
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
- allow pipeline.* prefix
- allow some special characters in summary

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-19 22:18:43 +01:00
6e43bbbe44 Merge pull request 'Enable commit message linting' (#36) from commit-lint into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #36
Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-02-19 20:54:59 +01:00
68e41ceab8
Enable commit linting
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-19 20:43:10 +01:00
d082729a66
Add commit linting
- add gommit configuration
- add wrapper script

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-19 20:43:09 +01:00
13 changed files with 287 additions and 2 deletions

23
.gommit.toml Normal file
View File

@ -0,0 +1,23 @@
[config]
exclude-merge-commits=true
check-summary-length=true
summary-length=50
[matchers]
all='^(?:(?:Add|Remove|Update|Enable|Disable) |(?:role|profile|id|pipeline)\.\w+: )[\w \.\+\-]+\n(?:(?:\n\- .*)+\n)?(?:\nSigned-off-by: \w+ \w+ <.*@.*>)'
[examples]
summary_variant_one="""
[Add|Remove|Update|Enable|Disable] this and that
"""
summary_variant_two="""
[role.$role|profile.$profile]: this and that
"""
body_message="""
- an optional body line
- another optional body line
Signed-off-by: Max Mandatory <required@example.com>
"""

View File

@ -3,7 +3,17 @@
skip_clone: true
pipeline:
lint:
commit_lint:
image: registry.opensuse.org/home/crameleon/libertacasa/containers/containerfile/libertacasa/pipeline-gommit:latest
secrets: [ci_netrc_username, ci_netrc_password, ci_netrc_machine]
when:
event: [push]
commands:
- git clone --single-branch -b $CI_COMMIT_BRANCH $CI_REPO_LINK ../salt-libertacasa-commit-linting
- cd ../salt-libertacasa-commit-linting
- bin/lint-commits.pl production
code_lint:
image: registry.opensuse.org/home/crameleon/libertacasa/containers/containerfile/libertacasa/pipeline-lint:latest
secrets: [ci_netrc_username, ci_netrc_password, ci_netrc_machine]
when:

39
bin/lint-commits.pl Executable file
View File

@ -0,0 +1,39 @@
#!/usr/bin/perl
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
use v5.26;
my ($branch_main) = @ARGV;
if(!$branch_main){
$branch_main = "master"
}
`git ls-remote origin $branch_main` =~ /([a-f0-9]{40})/;
my $refHead = `git rev-parse HEAD`;
my $refTail = $1;
chomp($refHead);
chomp($refTail);
if ($refHead eq $refTail) {
exit 0;
}
system "gommit check range $refTail $refHead";
if ($? > 0) {
exit 1;
}

View File

@ -0,0 +1,110 @@
prometheus:
pkg:
component:
prometheus:
config:
alerting:
alertmanagers:
- static_configs:
- targets:
- localhost:9093
rule_files:
- /etc/prometheus/alerts/lysergic/*.yml
scrape_configs:
- job_name: 'prometheus'
static_configs:
- targets: ['localhost:9090']
- job_name: 'node_exporters_lysergic'
scrape_timeout: 1m
scrape_interval: 5m
file_sd_configs:
- files:
- '/etc/prometheus/targets/node-lysergic.json'
- job_name: 'blackbox-2xx'
metrics_path: /probe
params:
module: [http_2xx]
file_sd_configs:
- files: ['/etc/prometheus/targets/blackbox-2xx*.json']
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9115
- job_name: 'blackbox-3xx'
metrics_path: /probe
params:
module: [http_3xx]
file_sd_configs:
- files: ['/etc/prometheus/targets/blackbox-3xx*.json']
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9115
- job_name: 'certificate_exporter'
static_configs:
- targets: ['therapon.rigel.lysergic.dev:9793']
alertmanager:
config:
route:
group_by: ['alertname']
group_wait: 10s
group_interval: 10s
repeat_interval: 1h
receiver: 'smtp-local'
routes:
- receiver: 'lysergic'
# continue: false
match:
project: LYSERGIC
- receiver: 'chillnet'
match:
project: CHILLNET
receivers:
- name: 'smtp-local'
email_configs:
- to: 'system@lysergic.dev'
from: 'alertmanager@moni.lysergic.dev'
require_tls: false
# !!! TO-DO
smarthost: 'zz0.email:465'
send_resolved: yes
- name: 'irc-libertacasa'
webhook_configs:
- url: 'http://127.0.0.1:2410/universe'
send_resolved: yes
- name: 'lysergic'
webhook_configs:
- url: 'http://127.0.0.1:2410/universe'
send_resolved: yes
- url: http://127.0.0.2:8081/prometheus/webhook
send_resolved: yes
email_configs:
- to: 'system@lysergic.dev'
from: 'alertmanager@moni.lysergic.dev'
require_tls: false
smarthost: 'zz0.email:465'
send_resolved: yes
- name: 'chillnet'
email_configs:
- to: 'team@chillnet.org'
from: 'alertmanager@moni.lysergic.dev'
require_tls: false
smarthost: 'zz0.email:465'
send_resolved: yes

View File

@ -0,0 +1,11 @@
prometheus:
wanted:
component:
- alertmanager
pkg:
component:
alertmanager:
config:
global:
resolve_timeout: 5m

View File

@ -0,0 +1,50 @@
prometheus:
wanted:
component:
- blackbox_exporter
pkg:
component:
blackbox_exporter:
config:
modules:
http_2xx:
prober: http
timeout: 15s
http_post_2xx:
prober: http
http:
method: POST
http_3xx:
prober: http
timeout: 5s
http:
method: HEAD
no_follow_redirects: true
valid_status_codes: [301, 302]
tcp_connect:
prober: tcp
ssh_banner:
prober: tcp
tcp:
query_response:
- expect: "^SSH-2.0-"
irc_banner:
prober: tcp
tcp:
query_response:
- send: "NICK prober"
- send: "USER prober prober prober :prober"
- expect: "PING :([^ ]+)"
send: "PONG ${1}"
- expect: "^:[^ ]+ 001"
icmp:
prober: icmp
firewalld:
zones:
internal:
ports:
- comment: 'Prometheus Blackbox Exporter'
port: 9115
protocol: tcp

View File

@ -0,0 +1,17 @@
prometheus:
wanted:
component:
- prometheus
pkg:
component:
prometheus:
config:
global:
scrape_interval: 15s
evaluation_interval: 1m
firewalld:
zones:
internal:
services:
- prometheus

View File

@ -2,7 +2,7 @@ include:
- firewalld
- profile.seccheck
- profile.zypp
- profile.node_exporter
- profile.prometheus.node_exporter
- users
- .ssh
- postfix.config

View File

@ -0,0 +1,18 @@
{%- set mypillar = salt['pillar.get']('profile:prometheus:targets') %}
{%- set targetsdir = '/etc/prometheus/targets' %}
{%- if mypillar | length %}
{{ targetsdir }}:
file.directory:
- group: prometheus
{%- for group, nodes in mypillar.items() %}
{{ targetsdir }}/{{ group }}.json:
file.serialize:
- dataset: {{ nodes }}
- serializer: json
{%- endfor %}
{%- else %}
{%- do salt.log.debug('profile.prometheus: no targets defined') %}
{%- endif %}

View File

@ -0,0 +1,2 @@
include:
- prometheus.config

View File

@ -0,0 +1,2 @@
include:
- prometheus.config

View File

@ -0,0 +1,3 @@
include:
- prometheus.config
- profile.prometheus.targets