From 29d2b8b2c317ed26299417bf146ceafdc7d7e078 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arturo=20Filast=C3=B2?= <arturo@filasto.net>
Date: Tue, 24 Sep 2024 21:44:51 +0300
Subject: [PATCH] Add prometheus metrics to docker th

---
 tf/environments/prod/main.tf                     |  2 ++
 tf/modules/adm_iam_roles/outputs.tf              |  3 +++
 .../templates/cloud-init-docker.yml              | 16 ++++++++++++++--
 tf/modules/ooni_th_droplet/variables.tf          |  4 ++++
 4 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/tf/environments/prod/main.tf b/tf/environments/prod/main.tf
index eb495c6b..c1ba3501 100644
--- a/tf/environments/prod/main.tf
+++ b/tf/environments/prod/main.tf
@@ -261,6 +261,8 @@ module "ooni_th_droplet" {
   instance_location = "fra1"
   instance_size     = "s-1vcpu-1gb"
   droplet_count     = 2
+  deployer_key      = module.adm_iam_roles.oonidevops_ssh_public_key
+  metrics_password  = random_password.prometheus_metrics_password.result
   ssh_keys = [
     "3d:81:99:17:b5:d1:20:a5:fe:2b:14:96:67:93:d6:34",
     "f6:4b:8b:e2:0e:d2:97:c5:45:5c:07:a6:fe:54:60:0e"
diff --git a/tf/modules/adm_iam_roles/outputs.tf b/tf/modules/adm_iam_roles/outputs.tf
index a99f7905..609e22c4 100644
--- a/tf/modules/adm_iam_roles/outputs.tf
+++ b/tf/modules/adm_iam_roles/outputs.tf
@@ -10,3 +10,6 @@ output "oonidevops_deploy_key_arn" {
   value = aws_secretsmanager_secret.oonidevops_deploy_key.id
 }
 
+output "oonidevops_ssh_public_key" {
+  value = trimspace(tls_private_key.oonidevops.public_key_openssh)
+}
diff --git a/tf/modules/ooni_th_droplet/templates/cloud-init-docker.yml b/tf/modules/ooni_th_droplet/templates/cloud-init-docker.yml
index 8be24f49..c33aed95 100644
--- a/tf/modules/ooni_th_droplet/templates/cloud-init-docker.yml
+++ b/tf/modules/ooni_th_droplet/templates/cloud-init-docker.yml
@@ -72,6 +72,7 @@ packages:
   - containerd.io
   - docker-buildx-plugin
   - docker-compose-plugin
+  - prometheus-node-exporter
   - nginx
 
 users:
@@ -111,6 +112,15 @@ write_files:
         server_name _;
         gzip on;
         resolver 127.0.0.1;
+
+        # test helper metrics
+        location / {
+          allow ${monitoring_ip};
+          deny all;
+
+          proxy_pass http://127.0.0.1:8080;
+        }
+
         # local test helper
         location / {
             proxy_set_header X-Forwarded-Proto $scheme;
@@ -130,6 +140,7 @@ write_files:
             proxy_cache_valid any 0;
             add_header X-Cache-Status $upstream_cache_status;
         }
+      }
 
       server {
         listen 9001;
@@ -139,7 +150,7 @@ write_files:
         deny all;
 
         location = /metrics {
-          proxy_pass http://127.0.0.1:9091;
+          proxy_pass http://127.0.0.1:9100;
         }
       }
 
@@ -149,6 +160,7 @@ runcmd:
   - ufw allow 2222/tcp
   - ufw allow 80/tcp
   - ufw allow 443/tcp
-  - ufw allow from ${monitoring_ip} proto tcp to any port 443
+  - ufw allow from ${monitoring_ip} proto tcp to any port 9001
   - ufw enable
   - service nginx restart
+  - docker run -d -e PROMETHEUS_METRICS_PASSWORD='${metrics_password}' -p 80:80 --restart unless-stopped --name oonith ooni/oonith-oohelperd:latest
diff --git a/tf/modules/ooni_th_droplet/variables.tf b/tf/modules/ooni_th_droplet/variables.tf
index 87a56cac..7aea230b 100644
--- a/tf/modules/ooni_th_droplet/variables.tf
+++ b/tf/modules/ooni_th_droplet/variables.tf
@@ -30,3 +30,7 @@ variable "ssh_keys" {
 variable "deployer_key" {
   type = string
 }
+
+variable "metrics_password" {
+  type = string
+}