/
cloud.conf
120 lines (111 loc) · 4.24 KB
/
cloud.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#cloud-config
package_update: true
package_upgrade: true
packages: ['prometheus', 'prometheus-node-exporter', 'awscli', 'inotify-tools', 'nginx']
write_files:
- owner: root:root
path: /etc/default/prometheus
permissions: 0444
content: 'ARGS="--storage.tsdb.path=\"/mnt/\" --web.external-url=${prom_external_url} --storage.tsdb.retention=60d"'
- owner: root:root
path: /etc/cron.d/config_pull
permissions: 0755
content: |
* * * * * root aws s3 sync s3://${config_bucket}/prometheus/ /etc/prometheus/ --region=${region}
@reboot root mount /dev/xvdh /mnt
@reboot root /root/watch_prometheus_dir
- owner: root:root
path: /etc/cron.d/targets_pull
permissions: 0755
content: |
# if targets bucket exists then sync it, otherwise this cron runs but has no effect
* * * * * root [ "${targets_bucket}" != "" ] && aws s3 sync s3://${targets_bucket}/active/ /etc/prometheus/targets --region=${region} --delete
- owner: root:root
path: /etc/cron.d/alerts_pull
permissions: 0755
content: |
# if alerts bucket exists then sync it, otherwise this cron runs but has no effect
* * * * * root [ "${alerts_bucket}" != "" ] && aws s3 sync s3://${alerts_bucket}/prometheus/alerts/ /etc/prometheus/alerts --region=${region} --delete
- content: |
#!/bin/bash
if file -s /dev/xvdh | grep -q "/dev/xvdh: data"; then
mkfs -t 'ext4' -L 'prometheus_disk' '/dev/xvdh'
else
echo "disk already formated"
fi
path: /root/format_disk.sh
permissions: 0755
- content: |
#!/bin/bash
inotifywait -e modify,create,delete,move -m -r /etc/prometheus |
while read -r directory events; do
systemctl reload prometheus
done
path: /root/watch_prometheus_dir
permissions: 0755
- content: |
#!/bin/bash
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.4.2-amd64.deb && sudo dpkg -i filebeat-6.4.2-amd64.deb
aws s3 sync s3://${config_bucket}/filebeat/ /etc/filebeat/ --region=${region}
update-rc.d filebeat defaults
update-rc.d filebeat enable 5
path: /root/setup_filebeat.sh
permissions: 0755
- content: |
server {
listen 8080;
location / {
set $cleaned_header $arg_cf_app_instance;
if ($arg_cf_app_instance ~* "^(.*)%3A(.*)$") {
set $cleaned_header $1:$2;
}
proxy_pass https://$host$uri;
proxy_ssl_server_name on;
proxy_set_header X-CF-APP-INSTANCE $cleaned_header;
proxy_set_header XX-CF-APP-INSTANCE $cleaned_header;
proxy_set_header Authorization "Bearer $arg_cf_app_guid";
}
location /health {
return 200 "Static health check";
}
resolver 10.0.0.2 valid=10s;
}
path: /etc/nginx/sites-enabled/paas-proxy
permissions: 0644
- content: |
${prometheus_htpasswd}
path: /etc/nginx/conf.d/.htpasswd
owner: www-data:www-data
permissions: 0600
- content: |
server {
listen 80 default_server;
location /health {
# This location is not protected by basic auth because of
# https://stackoverflow.com/questions/40447376/auth-basic-within-location-block-doesnt-work-when-return-is-specified
return 200 "Static health check";
}
location / {
proxy_pass http://localhost:9090;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
satisfy any;
auth_basic "Prometheus";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
real_ip_header X-Forwarded-For;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 127.0.0.1/32;
${allowed_cidrs}
deny all;
}
path: /etc/nginx/sites-enabled/auth-proxy
runcmd:
- rm /etc/nginx/sites-enabled/default
- "if [ -n '${logstash_host}' ]; then /root/setup_filebeat.sh; fi"
- [bash, -c, "/root/format_disk.sh"]
- [bash, -c, "mount /dev/xvdh /mnt"]
- [bash, -c, "chown -R prometheus /mnt/"]
- [bash, -c, "echo \"node_creation_time `date +%s`\" > /var/lib/prometheus/node-exporter/node-creation-time.prom"]
- [reboot]