Commit 2136ced8 authored by Jelle van der Waa's avatar Jelle van der Waa 🚧
Browse files

Merge branch 'add-dashboards' into 'master'

Add dashboards.archlinux.org for public Grafana dashboards

Closes #172

See merge request !368
parents 2cbfa2c0 9ef30adb
Pipeline #7296 passed with stage
in 33 seconds
# Grafana
Our Grafana is hosted on https://monitoring.archlinux.org and is accessible for
all Arch Linux Staff, editing rights are restricted to users with the Devops
all DevOps Staff, editing rights are restricted to users with the Devops
Role.
A public accessible instance is hosted on https://dashboards.archlinux.org with selected metrics.
Dashboards and datasources are automatically provisioned by Grafana with Grafana's built-in [provisioning configuration](https://grafana.com/docs/grafana/latest/administration/provisioning/).
## Adding a new Dashboard
......
......@@ -118,6 +118,14 @@ Medium-fast-ish packet.net Arch Linux box.
- [Grafana](https://monitoring.archlinux.org) and [docs/grafana.md](./docs/grafana.md)
- Prometheus
## dashboards.archlinux.org
Prometheus, and Grafana server which receives selected performance/metrics from monitoring.archlinux.org and make them public accessible.
### Services
- [Grafana](https://dashboards.archlinux.org) and [docs/grafana.md](./docs/grafana.md)
- Prometheus
## patchwork.archlinux.org
### Services
......
......@@ -26,6 +26,7 @@ root_ssh_keys:
- monitoring.archlinux.org
- runner1.archlinux.org
- runner2.archlinux.org
- dashboards.archlinux.org
# run playbook 'playbooks/tasks/reencrypt-vault-key.yml' when this changes
# before running it, make sure to gpg --lsign-key all of the below keys
......
---
filesystem: btrfs
ipv4_address: 157.90.255.107
......@@ -142,6 +142,7 @@ repro2.pkgbuild.com
runner1.archlinux.org
md.archlinux.org
man.archlinux.org
dashboards.archlinux.org
[kape_servers]
asia.mirror.pkgbuild.com
......
- name: setup public dashboards server
hosts: dashboards.archlinux.org
remote_user: root
roles:
- { role: firewalld }
- { role: common }
- { role: tools }
- { role: sshd }
- { role: root_ssh }
- { role: hardening }
- { role: borg_client, tags: ["borg"], when: "'borg_clients' in group_names" }
- { role: prometheus, prometheus_receive_only: true }
- { role: prometheus_exporters }
- { role: promtail }
- { role: certbot }
- { role: nginx }
- { role: grafana, grafana_anonymous_access: true, grafana_domain: 'dashboards.archlinux.org' }
- { role: fail2ban }
......@@ -10,6 +10,7 @@
- { role: hardening }
- { role: borg_client, tags: ["borg"], when: "'borg_clients' in group_names" }
- { role: prometheus }
- { role: alertmanager }
- { role: prometheus_exporters }
- { role: loki }
- { role: promtail }
......
---
- name: reload alertmanager
service: name=alertmanager state=reloaded
---
- name: install alertmanager server
pacman: name=alertmanager state=present
- name: install alertmanager configuration
template: src=alertmanager.yml.j2 dest=/etc/alertmanager/alertmanager.yml owner=root group=alertmanager mode=640
notify: reload alertmanager
- name: enable alertmanager server service
systemd: name=alertmanager enabled=yes daemon_reload=yes state=started
---
grafana_domain: "grafana.archlinux.org"
grafana_anonymous_access: false
../dashboards/archive.json
\ No newline at end of file
archive.json
\ No newline at end of file
../dashboards/rebuilderd.json
\ No newline at end of file
../dashboards/repository.json
\ No newline at end of file
......@@ -36,6 +36,10 @@
- name: copy grafana dashboards
copy: src=dashboards dest=/var/lib/grafana/dashboards owner=grafana group=grafana mode=0600
- name: copy (public) grafana dashboards
copy: src=public-dashboards dest=/var/lib/grafana/ owner=root group=grafana mode=0640
when: grafana_anonymous_access
- name: install grafana config
template: src=grafana.ini.j2 dest=/etc/grafana.ini owner=grafana group=root mode=0600
notify: restart grafana
......
......@@ -9,6 +9,10 @@ providers:
allowUiUpdates: false
type: file
options:
{% if grafana_anonymous_access %}
path: /var/lib/grafana/public-dashboards
{% else %}
path: /var/lib/grafana/dashboards
{% endif %}
foldersFromFilesStructure: true
apiVersion: 1
datasources:
{% if grafana_anonymous_access %}
- name: Prometheus
type: prometheus
access: proxy
basicAuth: true
basicAuthUser: {{ vault_prometheus_user }}
secureJsonData:
basicAuthPassword: {{ vault_prometheus_passwd }}
url: https://{{ prometheus_domain }}:9090
{% else %}
- name: Prometheus
type: prometheus
access: proxy
......@@ -9,4 +19,4 @@ datasources:
type: loki
access: proxy
url: http://localhost:3100
{% endif %}
......@@ -233,6 +233,11 @@ x_xss_protection = true
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
;min_refresh_interval =
{% if grafana_anonymous_access %}
# Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
default_home_dashboard_path = /var/lib/grafana/public-dashboards/home.json
{% endif %}
#################################### Users ###############################
[users]
# disable user signup / registration
......@@ -303,13 +308,15 @@ oauth_auto_login = true
#################################### Anonymous Auth ######################
[auth.anonymous]
# enable anonymous access
;enabled = false
{% if grafana_anonymous_access %}
enabled = true
{% endif %}
# specify organization name that should be used for unauthenticated users
;org_name = Main Org.
# specify role for unauthenticated users
;org_role = Viewer
org_role = Viewer
#################################### Github Auth ##########################
[auth.github]
......@@ -373,6 +380,7 @@ oauth_auto_login = true
;allowed_domains =
;allowed_groups =
{% if not grafana_anonymous_access %}
#################################### Generic OAuth ##########################
[auth.generic_oauth]
enabled = true
......@@ -394,6 +402,7 @@ role_attribute_path: contains(roles[*], 'DevOps') && 'Admin' || contains(roles[*
;tls_client_cert =
;tls_client_key =
;tls_client_ca =
{% endif %}
#################################### SAML Auth ###########################
[auth.saml] # Enterprise only
......
monitoring_domain: monitoring.archlinux.org
gitlab_runner_exporter_port: '9252'
prometheus_domain: dashboards.archlinux.org
prometheus_mysqld_exporter_port: '9104'
prometheus_receive_only: false
# for d in $(curl -sf "https://crt.sh/?q=archlinux.org&output=json" "https://crt.sh/?q=pkgbuild.com&output=json" | jq -r ".[].name_value" | sort -u); do if curl -o /dev/null -sS "https://$d"; then echo $d; fi; done | grep -v "\@" | sort | sed "s/^/ - https:\/\//"
blackbox_targets:
......@@ -17,6 +19,7 @@ blackbox_targets:
- https://bbs.archlinux.org
- https://bugs.archlinux.org
- https://conf.archlinux.org
- https://dashboards.archlinux.org/healthz
- https://dev.archlinux.org
- https://europe.archive.pkgbuild.com
- https://europe.mirror.pkgbuild.com
......@@ -56,6 +59,7 @@ blackbox_targets:
- mail.archlinux.org:465
- mail.archlinux.org:993
- mail.archlinux.org:995
- dashboards.archlinux.org:9090
smtp_starttls:
- mail.archlinux.org:25
- mail.archlinux.org:587
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment