-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(metrics) add provision script for grafana
Signed-off-by: David Edler <david.edler@canonical.com>
- Loading branch information
Showing
2 changed files
with
115 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,113 @@ | ||
| #!/bin/bash | ||
|
|
||
| if [ "$#" -ne 2 ]; then | ||
| echo "Usage: $0 <instance> <project>" | ||
| echo "Error: Both 'instance' and 'project' arguments are required." | ||
| exit 1 | ||
| fi | ||
|
|
||
| INSTANCE=$1 | ||
| PROJECT=$2 | ||
|
|
||
| set -e | ||
| set -x | ||
|
|
||
| # upload server.crt to container | ||
| lxc info | sed -n "/BEGIN CERTIFICATE/,/END CERTIFICATE/p" | sed 's/^[ \t]*//;s/[ \t]*$//' > /tmp/server.crt | ||
| lxc file push /tmp/server.crt "$INSTANCE"/root/server.crt --project="$PROJECT" | ||
| rm /tmp/server.crt | ||
|
|
||
| # install and configure grafana and prometheus in container | ||
| CONTAINER_UPLINK_IP="$(lxc info "$INSTANCE" --project="$PROJECT" | grep inet: | grep "global" | head -n1 | cut -d ":" -f2 | cut -d " " -f3 | cut -d "/" -f1 | cut -d "." -f1,2,3).1" | ||
| lxc exec "$INSTANCE" --project="$PROJECT" bash <<EOF | ||
| set -x | ||
| set -e | ||
| # install grafana and prometheus | ||
| apt-get update | ||
| apt-get install -y apt-transport-https software-properties-common wget | ||
| mkdir -p /etc/apt/keyrings/ | ||
| wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/null | ||
| echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | sudo tee -a /etc/apt/sources.list.d/grafana.list | ||
| apt-get update | ||
| apt-get install -y grafana prometheus loki promtail | ||
| systemctl daemon-reload | ||
| systemctl start grafana-server | ||
| systemctl enable grafana-server.service | ||
| sed -ie '44d' /etc/loki/config.yml # fix the loki configuration | ||
| systemctl start loki | ||
| systemctl enable loki | ||
| systemctl start promtail | ||
| systemctl enable promtail | ||
| # generate ssl key for grafana to serve via https | ||
| openssl req -x509 -newkey rsa:4096 -keyout /etc/grafana/grafana.key -out /etc/grafana/grafana.crt -days 365 -nodes -subj "/CN=metrics.local" | ||
| sudo chown grafana:grafana /etc/grafana/grafana.crt | ||
| sudo chown grafana:grafana /etc/grafana/grafana.key | ||
| sudo chmod 400 /etc/grafana/grafana.key /etc/grafana/grafana.crt | ||
| sed -i "s#;protocol = http#protocol = https#" /etc/grafana/grafana.ini | ||
| cat <<EOT > /etc/grafana/provisioning/datasources/lxd-sources.yaml | ||
| apiVersion: 1 | ||
| datasources: | ||
| - name: prometheus | ||
| type: prometheus | ||
| access: proxy | ||
| url: http://localhost:9090 | ||
| - name: loki | ||
| type: loki | ||
| access: proxy | ||
| url: http://localhost:3100 | ||
| EOT | ||
| systemctl restart grafana-server | ||
| # generate certs for prometheus | ||
| openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -sha384 -keyout metrics.key -nodes -out metrics.crt -days 3650 -subj "/CN=metrics.local" | ||
| mkdir /etc/prometheus/tls | ||
| mv metrics.* /etc/prometheus/tls/ | ||
| mv server.crt /etc/prometheus/tls/ | ||
| chown -R prometheus /etc/prometheus/tls | ||
| # configure prometheus | ||
| cat <<EOT > /etc/prometheus/prometheus.yml | ||
| global: | ||
| scrape_interval: 15s | ||
| evaluation_interval: 15s | ||
| scrape_timeout: 15s | ||
| scrape_configs: | ||
| - job_name: lxd | ||
| scrape_interval: 15s | ||
| scrape_timeout: 15s | ||
| metrics_path: '/1.0/metrics' | ||
| scheme: 'https' | ||
| static_configs: | ||
| - targets: ['$CONTAINER_UPLINK_IP:8443'] | ||
| tls_config: | ||
| ca_file: '/etc/prometheus/tls/server.crt' | ||
| cert_file: '/etc/prometheus/tls/metrics.crt' | ||
| key_file: '/etc/prometheus/tls/metrics.key' | ||
| # XXX: server_name is required if the target name | ||
| # is not covered by the certificate (not in the SAN list) | ||
| server_name: '$HOSTNAME' | ||
| EOT | ||
| systemctl daemon-reload | ||
| systemctl start prometheus | ||
| systemctl enable prometheus.service | ||
| EOF | ||
|
|
||
| # download metrics.crt from container and add to host lxd trust store | ||
| lxc file pull "$INSTANCE"/etc/prometheus/tls/metrics.crt /tmp/metrics.crt --project="$PROJECT" | ||
| lxc config trust add /tmp/metrics.crt --type=metrics | ||
| rm /tmp/metrics.crt | ||
|
|
||
| # configure host lxd for loki and to link to grafana | ||
| CONTAINER_IP=$(lxc info "$INSTANCE" --project="$PROJECT" | grep inet: | grep "global" | head -n1 | cut -d ":" -f2 | cut -d " " -f3 | cut -d "/" -f1) | ||
| lxc config set loki.api.url=http://"$CONTAINER_IP":3100 & | ||
| lxc config set loki.instance=lxd & | ||
| lxc config set user.grafana_base_url=https://"$CONTAINER_IP":3000/d/bGY-LSB7k/lxd?orgId=1 | ||
|
|
||
| # restart container | ||
| lxc exec "$INSTANCE" --project="$PROJECT" reboot | ||
| sleep 5 | ||
|
|
||
| # print grafana url | ||
| echo "Successfully initialized grafana on https://$CONTAINER_IP:3000 sign in with admin/admin and change password, then create a dashboard" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters