Kazuhiro MUSASHI
|
73f7ec44b7
|
Enable `Consul Connect` for client side.
|
2022-07-10 16:22:28 +09:00 |
Kazuhiro MUSASHI
|
37d51b5ed5
|
Create `/etc/vault.d/agent` & `/etc/vault.d/tokens` directory.
```
--- a/cookbooks/vault/default.rb
+++ b/cookbooks/vault/default.rb
@@ -2,6 +2,14 @@ include_recipe './attributes.rb'
include_recipe './install.rb'
+%w( agent tokens ).each do |d|
+ directory "/etc/vault.d/#{d}" do
+ owner 'vault'
+ group 'vault'
+ mode '0755'
+ end
+end
+
if node['vault']['manager']
include_recipe './setup.rb'
end
```
|
2022-07-10 16:22:28 +09:00 |
Kazuhiro MUSASHI
|
48702191fe
|
Allow `Consul` gcp port to communicate.
```
--- a/cookbooks/consul/setup.rb
+++ b/cookbooks/consul/setup.rb
@@ -44,7 +44,7 @@ service 'consul' do
end
# iptables settings here:
-%w( 8300/tcp 8301/tcp 8301/udp 8500/tcp ).each do |port|
+%w( 8300/tcp 8301/tcp 8301/udp 8500/tcp 8502/tcp ).each do |port|
execute "ufw allow #{port}" do
user 'root'
```
|
2022-07-10 16:22:28 +09:00 |
Kazuhiro MUSASHI
|
c15c2f3de8
|
Start `Consul` after `Vault` generates the jwt token.
```
--- a/cookbooks/consul/files/etc/systemd/system/consul.service
+++ b/cookbooks/consul/files/etc/systemd/system/consul.service
@@ -2,7 +2,7 @@
Description="HashiCorp Consul - A service mesh solution"
Documentation=https://www.consul.io/
Requires=network-online.target
-After=network-online.target
+After=network-online.target vault-agent-consul-jwt.target
ConditionFileNotEmpty=/etc/consul.d/consul.hcl
[Service]
```
|
2022-07-10 16:22:28 +09:00 |
Kazuhiro MUSASHI
|
94489f71d5
|
Modify `consul.hcl` template to support `Consul Connect`.
|
2022-07-10 16:22:28 +09:00 |
Kazuhiro MUSASHI
|
43fbbe1f18
|
Support `Ubuntu 22.04`.
|
2022-07-10 14:32:35 +09:00 |
Kazuhiro MUSASHI
|
ba7d01f16d
|
Modify the logic to decide the download URL.
|
2022-07-03 21:36:19 +09:00 |
Kazuhiro MUSASHI
|
8f09026fed
|
Modify Github repository URI from `git` to `https`.
|
2022-07-03 21:29:46 +09:00 |
Kazuhiro MUSASHI
|
4455fe6b62
|
Deploy `/etc/logrotate.d/vault`.
|
2022-07-02 11:40:31 +00:00 |
Kazuhiro MUSASHI
|
4a57c21614
|
Deploy example `Consul Connect` job.
|
2022-03-14 23:19:25 +09:00 |
Kazuhiro MUSASHI
|
ef40d3dc01
|
Create /etc/nomad.d/jobs
|
2022-03-14 23:19:25 +09:00 |
Kazuhiro MUSASHI
|
9a5a78d657
|
Deploy `/etc/nomad.d/policies/anonymous.hcl`.
|
2022-03-14 23:19:25 +09:00 |
Kazuhiro MUSASHI
|
ce7a80db7a
|
Create `/etc/nomad.d/policies/` directory.
|
2022-03-14 23:17:44 +09:00 |
Kazuhiro MUSASHI
|
a882f52b3f
|
Delete `shared_dir.rb`.
|
2022-03-14 23:17:32 +09:00 |
Kazuhiro MUSASHI
|
64066ab78f
|
Add `consul` stanza.
|
2022-03-14 23:17:12 +09:00 |
Kazuhiro MUSASHI
|
3bd4973c90
|
Deploy `Vault` policies.
|
2022-03-13 21:48:27 +09:00 |
Kazuhiro MUSASHI
|
cf79f30c4d
|
Create `/etc/vault.d/policies/`.
|
2022-03-13 21:46:00 +09:00 |
Kazuhiro MUSASHI
|
da78e76d19
|
Deploy `/etc/vault.d/vault.hcl`.
|
2022-03-13 21:45:36 +09:00 |
Kazuhiro MUSASHI
|
7681522b6b
|
Specify the default `Vault` managers.
```
--- a/cookbooks/vault/attributes.rb
+++ b/cookbooks/vault/attributes.rb
@@ -21,5 +21,6 @@ node.reverse_merge!({
'manager' => false,
'ipaddr' => ipaddr,
'hostname' => hostname,
+ 'ips' => ['192.168.10.141', '192.168.10.142', '192.168.10.143'],
}
})
```
|
2022-03-13 21:45:17 +09:00 |
Kazuhiro MUSASHI
|
67fab4951a
|
Retrieve hostname.
|
2022-03-13 21:45:01 +09:00 |
Kazuhiro MUSASHI
|
6fa35a923b
|
Retrieve IP address.
|
2022-03-13 21:44:18 +09:00 |
Kazuhiro MUSASHI
|
a917563b06
|
Conduct setup procedures, when explicitly requested.
|
2022-03-13 21:43:52 +09:00 |
Kazuhiro MUSASHI
|
28e3f21141
|
Install `Vault`.
|
2022-03-12 11:59:44 +00:00 |
Kazuhiro MUSASHI
|
2bec4d88f3
|
Do not deploy `docker-registry.hcl`.
|
2022-01-14 23:52:59 +09:00 |
Kazuhiro MUSASHI
|
8c712e6ffa
|
Delete `/etc/nomad.d/datadir.hcl`.
|
2022-01-14 23:52:59 +09:00 |
Kazuhiro MUSASHI
|
5e176ff230
|
Modify `/etc/nomad.d/client.hcl`:
```
--- a/cookbooks/nomad/files/etc/nomad.d/client.hcl
+++ b/cookbooks/nomad/files/etc/nomad.d/client.hcl
@@ -1,13 +1,3 @@
-# /etc/nomad.d/server.hcl
-
client {
- enabled = true
-}
-
-plugin "docker" {
- config {
- volumes {
- enabled = true
- }
- }
+ enabled = true
}
```
|
2022-01-14 23:52:58 +09:00 |
Kazuhiro MUSASHI
|
935f773bca
|
Deploy `csi` settings.
|
2022-01-14 23:52:58 +09:00 |
Kazuhiro MUSASHI
|
de06f5575c
|
Add `logrotated` config for `nomad` log files.
```
--- /dev/null
+++ b/cookbooks/nomad/files/etc/logrotate.d/nomad
@@ -0,0 +1,13 @@
+/var/log/nomad.log
+{
+ rotate 4
+ weekly
+ missingok
+ notifempty
+ compress
+ delaycompress
+ sharedscripts
+ postrotate
+ /usr/lib/rsyslog/rsyslog-rotate
+ endscript
+}
```
|
2022-01-10 15:29:00 +09:00 |
Kazuhiro MUSASHI
|
dffb57e2fc
|
Add `rsyslog` config for `nomad`.
|
2022-01-10 15:29:00 +09:00 |
Kazuhiro MUSASHI
|
9e6b05fbab
|
Specify `Loki` endpoint.
```
--- a/cookbooks/nomad/attributes.rb
+++ b/cookbooks/nomad/attributes.rb
@@ -4,6 +4,7 @@
node.reverse_merge!({
'nomad' => {
'manager' => false,
- 'client' => false
+ 'client' => false,
+ 'lokiendpoint' => 'loki.service.consul:3100'
}
})
```
|
2022-01-10 15:29:00 +09:00 |
Kazuhiro MUSASHI
|
d824d6afc8
|
Add `systemd` config for `Promtail` monitoring `nomad`.
|
2022-01-10 15:29:00 +09:00 |
Kazuhiro MUSASHI
|
a7363ef7b1
|
Add `Promtail` setting for `nomad`.
|
2022-01-10 15:29:00 +09:00 |
Kazuhiro MUSASHI
|
0d8b8f50a0
|
Add `embulk` plugins:
- `output-postgresql`
- `input-mysql`
- `filter-gsub`
|
2022-01-10 15:03:37 +09:00 |
Kazuhiro MUSASHI
|
96ba6e7757
|
Modify # of `nomad` servers:
```
--- a/cookbooks/nomad/files/etc/nomad.d/server.hcl
+++ b/cookbooks/nomad/files/etc/nomad.d/server.hcl
@@ -1,4 +1,4 @@
server {
enabled = true
- bootstrap_expect = 1
+ bootstrap_expect = 3
}
```
|
2021-11-03 12:39:44 +09:00 |
Kazuhiro MUSASHI
|
9eddfaf514
|
Execute `modprobe` for the necessary kernel parameer.
|
2021-11-03 12:36:33 +09:00 |
Kazuhiro MUSASHI
|
3d981799b6
|
Stop `vector` service.
|
2021-11-03 12:33:02 +09:00 |
Kazuhiro MUSASHI
|
a81dc16e90
|
Add template for the apt source.
|
2021-11-03 12:32:32 +09:00 |
Kazuhiro MUSASHI
|
93064a94d4
|
Use `.deb` package to install `vector`.
|
2021-11-03 12:31:31 +09:00 |
Kazuhiro MUSASHI
|
e113a42ade
|
Modify `syslog.toml` to directly sending logs to `Loki`.
|
2021-10-22 15:19:44 +09:00 |
Kazuhiro MUSASHI
|
a87e94d4ee
|
Change `vector` download URL.
```
diff --git a/cookbooks/vector/attributes.rb b/cookbooks/vector/attributes.rb
index c41aaf0..e48f7ef 100644
--- a/cookbooks/vector/attributes.rb
+++ b/cookbooks/vector/attributes.rb
@@ -16,7 +16,7 @@ ipaddr = run_command(cmd).stdout.chomp
node.reverse_merge!({
'vector' => {
- 'url' => 'https://github.com/timberio/vector/releases/download/',
+ 'url' => 'https://github.com/vectordotdev/vector/releases/download/',
'ipaddr' => ipaddr,
'debPrefix' => 'vector-',
'debPostfix' => '-amd64.deb'
```
```
diff --git a/cookbooks/vector/install.rb b/cookbooks/vector/install.rb
index 3def346..389ee76 100644
--- a/cookbooks/vector/install.rb
+++ b/cookbooks/vector/install.rb
@@ -8,7 +8,8 @@ vtag = ''
begin
require 'net/http'
- uri = URI.parse('https://github.com/timberio/vector/releases/latest')
+
+ uri = URI.parse('https://github.com/vectordotdev/vector/releases/latest')
Timeout.timeout(3) do
response = Net::HTTP.get_response(uri)
```
|
2021-09-23 19:19:38 +09:00 |
Kazuhiro MUSASHI
|
a0fef35f2f
|
Toggle `nginx` setup behavior.
|
2021-09-23 19:17:57 +09:00 |
Kazuhiro MUSASHI
|
5af9b0b416
|
Bump `nginx` version.
|
2021-09-23 19:12:45 +09:00 |
Kazuhiro MUSASHI
|
0d607fb1e9
|
Modify the path to the `Moments` directory.
|
2021-08-13 11:19:39 +09:00 |
Kazuhiro MUSASHI
|
5b4bcc8b81
|
Deploy the `mc` config file.
|
2021-06-19 20:29:44 +09:00 |
Kazuhiro MUSASHI
|
d69cb345af
|
Install `mc` for `root` user.
|
2021-06-19 20:27:20 +09:00 |
Kazuhiro MUSASHI
|
386d169530
|
Change `mount` behavior.
|
2021-06-19 20:20:15 +09:00 |
Kazuhiro MUSASHI
|
21f9bb8237
|
Install plugins for root
|
2021-06-19 20:19:42 +09:00 |
Kazuhiro MUSASHI
|
8d335a7bae
|
temp
|
2021-06-19 20:19:42 +09:00 |
Kazuhiro MUSASHI
|
00813e9f17
|
Overwrite `/usr/local/bin/embulk`.
|
2021-06-19 20:19:42 +09:00 |
Kazuhiro MUSASHI
|
8dadc5e2fd
|
Change the download URL.
|
2021-06-19 20:19:42 +09:00 |
Kazuhiro MUSASHI
|
2ac28d295f
|
Modify `/home/kazu634/.ssh/config` to connect to `gitea.kazu634.com`.
|
2021-06-19 20:06:35 +09:00 |
Kazuhiro MUSASHI
|
cb368a1445
|
Deploy `/etc/nomad.d/acl.hcl`.
|
2021-06-19 19:56:45 +09:00 |
Kazuhiro MUSASHI
|
531dde8bff
|
Deploy `/etc/nomad.d/server.hcl`.
|
2021-06-19 19:56:45 +09:00 |
Kazuhiro MUSASHI
|
bd4f65dcf5
|
Change the default config to install `nomad` only.
|
2021-06-19 19:56:45 +09:00 |
Kazuhiro MUSASHI
|
d5060f84f4
|
Install `nomad` even if the node is not `nomad` server/client.
|
2021-06-19 19:55:17 +09:00 |
Kazuhiro MUSASHI
|
3d7c8e2044
|
Unmonitor k8s.
|
2021-05-05 11:47:03 +09:00 |
Kazuhiro MUSASHI
|
2bc0b23eef
|
Bump `nginx` version.
|
2021-05-04 11:49:03 +09:00 |
Kazuhiro MUSASHI
|
bd359d8ec6
|
Modify the nginx deployment.
|
2021-05-04 11:36:52 +09:00 |
Kazuhiro MUSASHI
|
ff39013b2c
|
Install `alertmanager-webhook`.
|
2021-05-02 19:20:39 +09:00 |
Kazuhiro MUSASHI
|
2bcbc2f396
|
Modify the extention to `.zip`.
|
2021-05-02 19:19:38 +09:00 |
Kazuhiro MUSASHI
|
b87bdc899a
|
Delete the unnecessary attributes.
|
2021-05-02 19:19:00 +09:00 |
Kazuhiro MUSASHI
|
2cf998e0d7
|
Bump `embulk` version.
|
2021-05-02 19:14:31 +09:00 |
Kazuhiro MUSASHI
|
1701922c91
|
Execute deploy scripts for `nginx`.
|
2021-05-02 19:08:30 +09:00 |
Kazuhiro MUSASHI
|
f55682e5c3
|
Modify `nginx` deploy settings.
|
2021-05-02 19:08:30 +09:00 |
Kazuhiro MUSASHI
|
2eed57822c
|
Deploy `consul-template`.
|
2021-05-02 19:08:17 +09:00 |
Kazuhiro MUSASHI
|
010a53a58b
|
Deploy `nomad`.
|
2021-05-02 19:08:17 +09:00 |
Kazuhiro MUSASHI
|
70c90a18e2
|
Ensure to satisfy the prerequisites.
|
2021-05-02 19:07:36 +09:00 |
Kazuhiro MUSASHI
|
962307289b
|
Always make `/var/log/vector` directory.
|
2020-12-13 14:08:36 +09:00 |
Kazuhiro MUSASHI
|
a45572e521
|
Deploy `systemd` config for `vector-docker`.
|
2020-12-13 14:08:36 +09:00 |
Kazuhiro MUSASHI
|
cc9ce1806e
|
Deploy `vector` config for `Docker` logs.
|
2020-12-13 14:08:36 +09:00 |
Kazuhiro MUSASHI
|
f78ba5f134
|
Ignore "libcontainer container" message.
|
2020-12-10 15:52:48 +09:00 |
Kazuhiro MUSASHI
|
529d9adb7c
|
Specify the YYYY-MM-DD more explicitly.
|
2020-12-06 12:28:56 +09:00 |
Kazuhiro MUSASHI
|
6d19ebf31b
|
Ignore `rclone` error messages.
|
2020-12-06 12:28:23 +09:00 |
Kazuhiro MUSASHI
|
660420b10b
|
Ignore `consul` message from `syslog`.
|
2020-12-06 12:27:06 +09:00 |
Kazuhiro MUSASHI
|
7c9e1ed48c
|
Ignore "tmp-sanity" message.
|
2020-12-06 12:27:06 +09:00 |
Kazuhiro MUSASHI
|
90bfae99c9
|
Ignore "libcontainer container" message.
|
2020-12-06 12:27:06 +09:00 |
Kazuhiro MUSASHI
|
935b2e1732
|
Consolidate the `drop` stanzas.
|
2020-12-06 12:27:06 +09:00 |
Kazuhiro MUSASHI
|
8497937786
|
Ignore "Last log rotation time" message.
|
2020-12-06 12:27:06 +09:00 |
Kazuhiro MUSASHI
|
6822c916e6
|
Ignore "Calculated write I/O size" message.
|
2020-12-06 12:27:06 +09:00 |
Kazuhiro MUSASHI
|
bd1571e11c
|
Because of the download URL change, modify the formula to generate URL.
|
2020-12-06 12:04:40 +09:00 |
Kazuhiro MUSASHI
|
1b52f65c91
|
Because of the download URL change, modify attiributes.
|
2020-12-06 12:04:10 +09:00 |
Kazuhiro MUSASHI
|
bb93ae33f4
|
Change how to install `rclone` to guarantee idempotency.
|
2020-12-06 11:56:32 +09:00 |
Kazuhiro MUSASHI
|
797c0d50f4
|
`apt` keyの指定方法を修正
|
2020-12-06 11:51:56 +09:00 |
Kazuhiro MUSASHI
|
de2aab1bb8
|
Change the `consul` server IP addresses.
|
2020-11-28 16:19:00 +09:00 |
Kazuhiro MUSASHI
|
ccaaa81cb4
|
Modify owner and group for `consul` config from `root` to `consul`.
|
2020-11-28 16:18:46 +09:00 |
Kazuhiro MUSASHI
|
0d9e65359a
|
Modify `promtail` config for `consul`.
|
2020-11-28 16:18:46 +09:00 |
Kazuhiro MUSASHI
|
9af4fa19a6
|
Reload `consul` when deploying service config.
|
2020-11-28 16:18:46 +09:00 |
Kazuhiro MUSASHI
|
7270023c92
|
Overwrite the `systemd` config to rotate the log files.
|
2020-11-28 16:18:46 +09:00 |
Kazuhiro MUSASHI
|
0e6c2ad531
|
Create log directory for `consul`.
|
2020-11-28 16:18:46 +09:00 |
Kazuhiro MUSASHI
|
41f25a9a1c
|
Deploy `/etc/consul.d/config.hcl`.
|
2020-11-28 16:16:52 +09:00 |
Kazuhiro MUSASHI
|
39f8fc5bc1
|
Install from `deb` package.
|
2020-11-28 16:07:12 +09:00 |
Kazuhiro MUSASHI
|
5ee2a54599
|
Specify the `database.maximumPoolSize`.
|
2020-11-22 02:21:16 +09:00 |
Kazuhiro MUSASHI
|
2073c93d0c
|
Modify mount point setting.
|
2020-11-21 18:11:25 +09:00 |
Kazuhiro MUSASHI
|
999d111470
|
Deploy the `rclone` config to `kazu634` and `root`.
|
2020-11-14 16:39:15 +09:00 |
Kazuhiro MUSASHI
|
f442ed4e7a
|
Set up `rclone`.
|
2020-11-14 16:39:15 +09:00 |
Kazuhiro MUSASHI
|
6330f1e9b0
|
Install `rclone`.
|
2020-11-14 16:39:15 +09:00 |
Kazuhiro MUSASHI
|
d1240d43b0
|
Add attirbutes for `rclone`.
|
2020-11-14 16:36:57 +09:00 |
Kazuhiro MUSASHI
|
a018a86c4a
|
Modify `promtail` config for `digdag`.
|
2020-11-14 12:33:58 +09:00 |
Kazuhiro MUSASHI
|
940645f061
|
Change permission to `755` for `var/lib/grafana/provision/dashboards`.
|
2020-11-13 14:36:09 +09:00 |
Kazuhiro MUSASHI
|
dadd023571
|
Deploy `/etc/grafana/grafana.ini`.
|
2020-11-13 12:39:10 +09:00 |