feat: add database generation to grafana

- ensure a database, user and credential is created for each grafana node
- ensure all databases for a region are included in a mariadb cluster
- refine params with stdlib types
This commit is contained in:
2024-06-16 00:41:02 +10:00
parent 0fe05bb896
commit 62cac63f11
9 changed files with 163 additions and 17 deletions
+3
View File
@@ -117,6 +117,9 @@ lookup_options:
ssh::server::options:
merge:
strategy: deep
mysql::db:
merge:
strategy: deep
facts_path: '/opt/puppetlabs/facter/facts.d'
@@ -0,0 +1,2 @@
---
mysql::db::grafana::pass: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAozi1vFf9KfwsGSdxXvhOWRn9Vqbr9AZ+cVJuIOmmLVZMRP4AJkkNgCCly+o1pxtMiU8EISUQuBWCBHUi+u2Y1YAjIABzTa2K+PCU7qqkdrJaxvKqmmKS7C/CWFKp1stYvYIvIofyvl9Q854nMcpvxQKL0PBGh3rIaUHHV3L0PH1UDLqL5j6OPXaNvKL4UzwMDDIVAd7F5yMbtSx2PT23pBLbPYsbG1jRx7pUS/d1ZE9E8h3OA2jxW/CBf68Sb2Xlrh7IAB/6RiLLpIsUyRMv9zrbPrMuKg/q5lzO0i9fejh5z3Z3YkdnhH61doUT/RSjAjz3JrWDGxomOSK0y8TxjjBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCg1kVqFs/mf4r+6EI32b8qgCBm6cL3JhVzj3Btit9D8VYU8mQcrIaXJZ3qF31zJMzCkw==]
@@ -2,3 +2,14 @@
profiles::sql::galera_member::cluster_name: au-syd1
profiles::sql::galera_member::galera_master: ausyd1nxvm1027.main.unkin.net
profiles::sql::galera_member::innodb_buffer_pool_size: 256M
mysql::db:
grafana:
name: grafana
user: grafana
password: "%{alias('mysql::db::grafana::pass')}"
grant:
- SELECT
- INSERT
- UPDATE
- DELETE
+48 -1
View File
@@ -1,2 +1,49 @@
---
#profile::metrics::grafana
hiera_include:
- profiles::nginx::simpleproxy
profiles::metrics::grafana::mysql_host: "mariadb-%{facts.environment}.service.%{facts.country}-%{facts.region}.consul"
profiles::metrics::grafana::mysql_port: 3306
# additional altnames
profiles::pki::vault::alt_names:
- grafana.main.unkin.net
- grafana.service.consul
- grafana.query.consul
- "grafana.service.%{facts.country}-%{facts.region}.consul"
profiles::ssh::sign::principals:
- grafana.main.unkin.net
- grafana.service.consul
- grafana.query.consul
consul::services:
grafana:
service_name: 'grafana'
tags:
- 'grafana'
- 'metrics'
address: "%{facts.networking.ip}"
port: 443
checks:
- id: 'Grafana_https_check'
name: 'Grafana HTTPS Check'
http: "https://%{facts.networking.fqdn}:443"
method: 'GET'
tls_skip_verify: true
interval: '10s'
timeout: '1s'
profiles::consul::client::node_rules:
- resource: service
segment: grafana
disposition: write
# manage a simple nginx reverse proxy
profiles::nginx::simpleproxy::nginx_vhost: 'grafana.query.consul'
profiles::nginx::simpleproxy::nginx_aliases:
- grafana.main.unkin.net
- grafana.service.consul
- grafana.query.consul
- "grafana.service.%{facts.country}-%{facts.region}.consul"
profiles::nginx::simpleproxy::proxy_port: 8080
profiles::nginx::simpleproxy::proxy_path: '/'
@@ -83,3 +83,9 @@ profiles::consul::prepared_query::rules:
service_failover_n: 3
service_only_passing: true
ttl: 10
grafana:
ensure: 'present'
service_name: 'grafana'
service_failover_n: 3
service_only_passing: true
ttl: 10