Add prometheus metrics to docker th

ooni · Sep 24, 2024 · 29d2b8b · 29d2b8b
1 parent ead1b48
commit 29d2b8b
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 2 deletions.
diff --git a/tf/environments/prod/main.tf b/tf/environments/prod/main.tf
@@ -261,6 +261,8 @@ module "ooni_th_droplet" {
  instance_location = "fra1"
  instance_size = "s-1vcpu-1gb"
  droplet_count = 2
+ deployer_key = module.adm_iam_roles.oonidevops_ssh_public_key
+ metrics_password = random_password.prometheus_metrics_password.result
  ssh_keys = [
  "3d:81:99:17:b5:d1:20:a5:fe:2b:14:96:67:93:d6:34",
  "f6:4b:8b:e2:0e:d2:97:c5:45:5c:07:a6:fe:54:60:0e"

diff --git a/tf/modules/adm_iam_roles/outputs.tf b/tf/modules/adm_iam_roles/outputs.tf
@@ -10,3 +10,6 @@ output "oonidevops_deploy_key_arn" {
  value = aws_secretsmanager_secret.oonidevops_deploy_key.id
 }
 
+output "oonidevops_ssh_public_key" {
+ value = trimspace(tls_private_key.oonidevops.public_key_openssh)
+}
diff --git a/tf/modules/ooni_th_droplet/templates/cloud-init-docker.yml b/tf/modules/ooni_th_droplet/templates/cloud-init-docker.yml
@@ -72,6 +72,7 @@ packages:
  - containerd.io
  - docker-buildx-plugin
  - docker-compose-plugin
+ - prometheus-node-exporter
  - nginx
 
 users:
@@ -111,6 +112,15 @@ write_files:
  server_name _;
  gzip on;
  resolver 127.0.0.1;
+
+ # test helper metrics
+ location / {
+ allow ${monitoring_ip};
+ deny all;
+
+ proxy_pass http://127.0.0.1:8080;
+ }
+
  # local test helper
  location / {
  proxy_set_header X-Forwarded-Proto $scheme;
@@ -130,6 +140,7 @@ write_files:
  proxy_cache_valid any 0;
  add_header X-Cache-Status $upstream_cache_status;
  }
+ }
 
  server {
  listen 9001;
@@ -139,7 +150,7 @@ write_files:
  deny all;
 
  location = /metrics {
- proxy_pass http://127.0.0.1:9091;
+ proxy_pass http://127.0.0.1:9100;
  }
  }
 
@@ -149,6 +160,7 @@ runcmd:
  - ufw allow 2222/tcp
  - ufw allow 80/tcp
  - ufw allow 443/tcp
- - ufw allow from ${monitoring_ip} proto tcp to any port 443
+ - ufw allow from ${monitoring_ip} proto tcp to any port 9001
  - ufw enable
  - service nginx restart
+ - docker run -d -e PROMETHEUS_METRICS_PASSWORD='${metrics_password}' -p 80:80 --restart unless-stopped --name oonith ooni/oonith-oohelperd:latest
diff --git a/tf/modules/ooni_th_droplet/variables.tf b/tf/modules/ooni_th_droplet/variables.tf
@@ -30,3 +30,7 @@ variable "ssh_keys" {
 variable "deployer_key" {
  type = string
 }
+
+variable "metrics_password" {
+ type = string
+}