add observability stack

This commit is contained in:
Denis Tarasov
2022-12-22 23:10:26 +03:00
parent 43850e90f5
commit 0e21ed3df3
29 changed files with 37408 additions and 0 deletions
+57
View File
@@ -0,0 +1,57 @@
name: 'Docker build'
description: 'Build docker in workdir'
inputs:
docker_name:
description: 'Name of creation docker image'
required: true
default: ''
builddir:
description: 'Name of creation docker image'
required: false
default: '.'
docker_login:
description: 'Login to docker hub'
required: true
default: ''
docker_password:
description: 'Password to docker hub'
required: true
default: ''
file:
description: 'Dockerfile name'
required: true
default: ''
runs:
using: "composite"
steps:
- name: Generate Docker tags
id: meta
uses: docker/metadata-action@v4
with:
images: |
docker.io/vxcontrol/${{ inputs.docker_name }}
tags: |
type=ref,event=branch
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }}
type=semver,pattern={{version}}
flavor: |
latest=false
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ inputs.docker_login }}
password: ${{ inputs.docker_password }}
- name: Build and push
uses: docker/build-push-action@v3
env:
DOCKER_BUILDKIT: 1
with:
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
context: ${{ inputs.builddir }}
file: ${{ inputs.file }}
@@ -0,0 +1,24 @@
name: VXControl elastic config build and push
on: workflow_call
jobs:
build_and_push_docker:
name: Docker Build and Publish
environment:
name: production
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Docker build soldr-elastic-config
uses: ./.github/actions/docker_build
with:
docker_name: "soldr-elastic-config"
docker_login: ${{ secrets.DOCKER_LOGIN }}
docker_password: ${{ secrets.DOCKER_PASSWORD }}
file: "Dockerfile_soldr_elastic_config"
@@ -0,0 +1,24 @@
name: VXControl observability stack build and push
on: workflow_call
jobs:
build_and_push_docker:
name: Docker Build and Publish
environment:
name: production
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Docker build soldr-observability-stack-config
uses: ./.github/actions/docker_build
with:
docker_name: "soldr-observability-stack-config"
docker_login: ${{ secrets.DOCKER_LOGIN }}
docker_password: ${{ secrets.DOCKER_PASSWORD }}
file: "Docker_soldr_obsevbility_stack_config"
+21
View File
@@ -0,0 +1,21 @@
name: Docker build and push
on:
push:
branches:
- master
tags:
- v[0-9]+.[0-9]+.[0-9]+
workflow_dispatch:
jobs:
# BUILD DOCKER
build_docker_soldr_elastic_config_image:
uses: vxcontrol/observability-config/.github/workflows/build-docker-soldr-elastic-config-image.yml@master
if: github.ref_name == 'master' || startsWith(github.ref, 'refs/tags')
secrets: inherit
build_docker_soldr_observability_stack_config_image:
uses: vxcontrol/observability-config/.github/workflows/build-docker-soldr-observability-stack-config-image.yml@master
if: github.ref_name == 'master' || startsWith(github.ref, 'refs/tags')
secrets: inherit
+16
View File
@@ -0,0 +1,16 @@
FROM debian:buster-slim
RUN mkdir -p /opt/soldr_observability
COPY config /opt/soldr_observability/config
COPY elastic_config_gen_password.sh /opt/soldr_observability
RUN chmod +x /opt/soldr_observability/elastic_config_gen_password.sh
RUN \
apt update && \
apt install -y ca-certificates && \
apt install -y curl
ENTRYPOINT ["/opt/soldr_observability/elastic_config_gen_password.sh"]
+18
View File
@@ -0,0 +1,18 @@
FROM debian:buster-slim
RUN mkdir -p /opt/soldr_observability
COPY config /opt/soldr_observability/config
COPY start_soldr_observability_stack.sh /opt/soldr_observability
RUN chmod +x /opt/soldr_observability/start_soldr_observability_stack.sh
RUN \
apt update && \
apt install -y ca-certificates && \
apt install -y curl && \
apt install -y jq
WORKDIR /opt/soldr_observability
ENTRYPOINT ["/opt/soldr_observability/start_soldr_observability_stack.sh"]
+15
View File
@@ -0,0 +1,15 @@
## Default Elasticsearch configuration from Elasticsearch base image.
## https://github.com/elastic/elasticsearch/blob/master/distribution/docker/src/docker/config/elasticsearch.yml
#
cluster.name: "soldr-observ-local"
network.host: 0.0.0.0
discovery.type: single-node
## X-Pack settings
## see https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-xpack.html
#
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.monitoring.collection.enabled: true
cluster.max_shards_per_node: 2000
+82
View File
@@ -0,0 +1,82 @@
################################################################
##
## JVM configuration
##
################################################################
##
## WARNING: DO NOT EDIT THIS FILE. If you want to override the
## JVM options in this file, or set any additional options, you
## should create one or more files in the jvm.options.d
## directory containing your adjustments.
##
## See https://www.elastic.co/guide/en/elasticsearch/reference/@project.minor.version@/jvm-options.html
## for more information.
##
################################################################
################################################################
## IMPORTANT: JVM heap size
################################################################
##
## The heap size is automatically configured by Elasticsearch
## based on the available memory in your system and the roles
## each node is configured to fulfill. If specifying heap is
## required, it should be done through a file in jvm.options.d,
## which should be named with .options suffix, and the min and
## max should be set to the same value. For example, to set the
## heap to 4 GB, create a new file in the jvm.options.d
## directory containing these lines:
##
## -Xms4g
## -Xmx4g
##
## See https://www.elastic.co/guide/en/elasticsearch/reference/@project.minor.version@/heap-size.html
## for more information
##
################################################################
################################################################
## Expert settings
################################################################
##
## All settings below here are considered expert settings. Do
## not adjust them unless you understand what you are doing. Do
## not edit them in this file; instead, create a new file in the
## jvm.options.d directory containing your adjustments.
##
################################################################
## GC configuration
8-13:-XX:+UseConcMarkSweepGC
8-13:-XX:CMSInitiatingOccupancyFraction=75
8-13:-XX:+UseCMSInitiatingOccupancyOnly
## G1GC Configuration
# to use G1GC, uncomment the next two lines and update the version on the
# following three lines to your version of the JDK
# 8-13:-XX:-UseConcMarkSweepGC
# 8-13:-XX:-UseCMSInitiatingOccupancyOnly
14-:-XX:+UseG1GC
## JVM temporary directory
-Djava.io.tmpdir=${ES_TMPDIR}
## heap dumps
# generate a heap dump when an allocation from the Java heap fails; heap dumps
# are created in the working directory of the JVM unless an alternative path is
# specified
-XX:+HeapDumpOnOutOfMemoryError
# specify an alternative path for heap dumps; ensure the directory exists and
# has sufficient space
#@heap.dump.path@
# specify an alternative path for JVM fatal error logs
#@error.file@
## GC logging
-Xlog:gc*,gc+age=trace,safepoint:file=@loggc@:utctime,pid,tags:filecount=32,filesize=64m
+131
View File
@@ -0,0 +1,131 @@
status = error
appender.console.type = Console
appender.console.name = console
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
######## Server JSON ############################
appender.rolling.type = RollingFile
appender.rolling.name = rolling
appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_server.json
appender.rolling.layout.type = ECSJsonLayout
appender.rolling.layout.dataset = elasticsearch.server
appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz
appender.rolling.policies.type = Policies
appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.rolling.policies.time.interval = 1
appender.rolling.policies.time.modulate = true
appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.rolling.policies.size.size = 128MB
appender.rolling.strategy.type = DefaultRolloverStrategy
appender.rolling.strategy.fileIndex = nomax
appender.rolling.strategy.action.type = Delete
appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path}
appender.rolling.strategy.action.condition.type = IfFileName
appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-*
appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize
appender.rolling.strategy.action.condition.nested_condition.exceeds = 2GB
################################################
######## Server - old style pattern ###########
appender.rolling_old.type = RollingFile
appender.rolling_old.name = rolling_old
appender.rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log
appender.rolling_old.layout.type = PatternLayout
appender.rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
appender.rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.log.gz
appender.rolling_old.policies.type = Policies
appender.rolling_old.policies.time.type = TimeBasedTriggeringPolicy
appender.rolling_old.policies.time.interval = 1
appender.rolling_old.policies.time.modulate = true
appender.rolling_old.policies.size.type = SizeBasedTriggeringPolicy
appender.rolling_old.policies.size.size = 128MB
appender.rolling_old.strategy.type = DefaultRolloverStrategy
appender.rolling_old.strategy.fileIndex = nomax
appender.rolling_old.strategy.action.type = Delete
appender.rolling_old.strategy.action.basepath = ${sys:es.logs.base_path}
appender.rolling_old.strategy.action.condition.type = IfFileName
appender.rolling_old.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-*
appender.rolling_old.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize
appender.rolling_old.strategy.action.condition.nested_condition.exceeds = 2GB
################################################
rootLogger.level = info
rootLogger.appenderRef.console.ref = console
rootLogger.appenderRef.rolling.ref = rolling
rootLogger.appenderRef.rolling_old.ref = rolling_old
######## Deprecation JSON #######################
appender.deprecation_rolling.type = RollingFile
appender.deprecation_rolling.name = deprecation_rolling
appender.deprecation_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.json
appender.deprecation_rolling.layout.type = ECSJsonLayout
# Intentionally follows a different pattern to above
appender.deprecation_rolling.layout.dataset = deprecation.elasticsearch
appender.deprecation_rolling.filter.rate_limit.type = RateLimitingFilter
appender.deprecation_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation-%i.json.gz
appender.deprecation_rolling.policies.type = Policies
appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.deprecation_rolling.policies.size.size = 1GB
appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy
appender.deprecation_rolling.strategy.max = 4
appender.header_warning.type = HeaderWarningAppender
appender.header_warning.name = header_warning
#################################################
logger.deprecation.name = org.elasticsearch.deprecation
logger.deprecation.level = WARN
logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling
logger.deprecation.appenderRef.header_warning.ref = header_warning
logger.deprecation.additivity = false
######## Search slowlog JSON ####################
appender.index_search_slowlog_rolling.type = RollingFile
appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling
appender.index_search_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs\
.cluster_name}_index_search_slowlog.json
appender.index_search_slowlog_rolling.layout.type = ECSJsonLayout
appender.index_search_slowlog_rolling.layout.dataset = elasticsearch.index_search_slowlog
appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs\
.cluster_name}_index_search_slowlog-%i.json.gz
appender.index_search_slowlog_rolling.policies.type = Policies
appender.index_search_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.index_search_slowlog_rolling.policies.size.size = 1GB
appender.index_search_slowlog_rolling.strategy.type = DefaultRolloverStrategy
appender.index_search_slowlog_rolling.strategy.max = 4
#################################################
#################################################
logger.index_search_slowlog_rolling.name = index.search.slowlog
logger.index_search_slowlog_rolling.level = trace
logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling
logger.index_search_slowlog_rolling.additivity = false
######## Indexing slowlog JSON ##################
appender.index_indexing_slowlog_rolling.type = RollingFile
appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling
appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\
_index_indexing_slowlog.json
appender.index_indexing_slowlog_rolling.layout.type = ECSJsonLayout
appender.index_indexing_slowlog_rolling.layout.dataset = elasticsearch.index_indexing_slowlog
appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\
_index_indexing_slowlog-%i.json.gz
appender.index_indexing_slowlog_rolling.policies.type = Policies
appender.index_indexing_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.index_indexing_slowlog_rolling.policies.size.size = 1GB
appender.index_indexing_slowlog_rolling.strategy.type = DefaultRolloverStrategy
appender.index_indexing_slowlog_rolling.strategy.max = 4
#################################################
logger.index_indexing_slowlog.name = index.indexing.slowlog.index
logger.index_indexing_slowlog.level = trace
logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling
logger.index_indexing_slowlog.additivity = false
File diff suppressed because it is too large Load Diff
File diff suppressed because it is too large Load Diff
File diff suppressed because it is too large Load Diff
+109
View File
@@ -0,0 +1,109 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "datasource",
"uid": "grafana"
},
"gridPos": {
"h": 15,
"w": 24,
"x": 0,
"y": 0
},
"id": 3,
"links": [],
"options": {
"folderId": 0,
"maxItems": 30,
"query": "",
"showHeadings": true,
"showRecentlyViewed": true,
"showSearch": false,
"showStarred": true,
"tags": []
},
"pluginVersion": "8.0.0",
"tags": [],
"targets": [
{
"datasource": {
"type": "datasource",
"uid": "grafana"
},
"refId": "A"
}
],
"title": "SOLDR Dashboards",
"type": "dashlist"
}
],
"schemaVersion": 37,
"style": "dark",
"tags": [],
"templating": {
"list": []
},
"time": {
"from": "now-6h",
"to": "now"
},
"timepicker": {
"hidden": true,
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
],
"type": "timepicker"
},
"timezone": "browser",
"title": "Home",
"version": 0,
"weekStart": ""
}
File diff suppressed because it is too large Load Diff
File diff suppressed because it is too large Load Diff
File diff suppressed because it is too large Load Diff
File diff suppressed because it is too large Load Diff
File diff suppressed because it is too large Load Diff
File diff suppressed because it is too large Load Diff
+10
View File
@@ -0,0 +1,10 @@
#################################### Server ###############################
[server]
protocol = https
cert_file = /etc/grafana/ssl/grafana.crt
cert_key = /etc/grafana/ssl/grafana.key
[security]
admin_user = admin
[dashboards]
# Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
default_home_dashboard_path = /var/lib/grafana/dashboards/home.json
+17
View File
@@ -0,0 +1,17 @@
apiVersion: 1
providers:
# <string> an unique provider name. Required
- name: 'dashboards'
type: file
# <bool> disable dashboard deletion
disableDeletion: false
# <int> how often Grafana will scan for changed dashboards
updateIntervalSeconds: 10
# <bool> allow updating provisioned dashboards from the UI
allowUiUpdates: false
options:
# <string, required> path to dashboard files on disk. Required when using the 'file' type
path: /var/lib/grafana/dashboards
# <bool> use folder names from filesystem to create folders in Grafana
foldersFromFilesStructure: true
+34
View File
@@ -0,0 +1,34 @@
# config file version
apiVersion: 1
# list of datasources that should be deleted from the database
deleteDatasources:
- name: victoriametrics
- name: Jaeger
# list of datasources to insert/update depending
# what's available in the database
datasources:
# <string, required> name of the datasource. Required
- name: VictoriaMetrics
# <string, required> datasource type. Required
type: prometheus
# <string, required> access mode. proxy or direct (Server or Browser in the UI). Required
access: Server
# <string> url
url: http://victoriametrics:8428
# <string> Deprecated, use secureJsonData.password
version: 1
# <bool> allow users to edit datasources from the UI.
editable: true
- name: Jaeger
# <string, required> datasource type. Required
type: jaeger
# <string, required> access mode. proxy or direct (Server or Browser in the UI). Required
access: Server
# <string> url
url: http://jaeger:16686
# <string> Deprecated, use secureJsonData.password
version: 1
# <bool> allow users to edit datasources from the UI.
editable: true
View File
+145
View File
@@ -0,0 +1,145 @@
admin:
http:
host-port: :14269
collector:
grpc:
tls:
cert: ""
client-ca: ""
enabled: false
key: ""
grpc-server:
host-port: :14250
max-message-size: 4194304
http:
tls:
cert: ""
client-ca: ""
enabled: false
key: ""
http-server:
host-port: :14268
num-workers: 100
queue-size: 5000
queue-size-memory: "0"
tags: ""
zipkin:
allowed-headers: content-type
allowed-origins: '*'
host-port: ""
config-file: ""
dir: ./
downsampling:
hashsalt: ""
ratio: "1"
es:
bulk:
actions: 1000
flush-interval: 200ms
size: 5000000
workers: 1000
create-index-templates: false
index-date-separator: '-'
index-prefix: ""
index-rollover-frequency-services: day
index-rollover-frequency-spans: day
log-level: error
max-doc-count: 10000
max-span-age: 72h0m0s
num-replicas: 1
num-shards: 5
password: PASSWORD-TEMPLATE
remote-read-clusters: ""
send-get-body-as: ""
server-urls: http://elasticsearch:9200
sniffer: false
sniffer-tls-enabled: false
tags-as-fields:
all: true
config-file: ""
dot-replacement: '@'
include: ""
timeout: 0s
tls:
ca: ""
cert: ""
enabled: false
key: ""
server-name: ""
skip-host-verify: false
token-file: ""
use-aliases: true
use-ilm: true
username: "elastic"
version: "0"
format: md
http-server:
host-port: :5778
log-level: info
metrics-backend: prometheus
metrics-http-route: /metrics
processor:
jaeger-binary:
server-host-port: :6832
server-max-packet-size: 65000
server-queue-size: 1000
server-socket-buffer-size: 0
workers: 10
jaeger-compact:
server-host-port: :6831
server-max-packet-size: 65000
server-queue-size: 1000
server-socket-buffer-size: 0
workers: 10
zipkin-compact:
server-host-port: :5775
server-max-packet-size: 65000
server-queue-size: 1000
server-socket-buffer-size: 0
workers: 10
query:
additional-headers: []
base-path: /
bearer-token-propagation: false
grpc:
tls:
cert: ""
client-ca: ""
enabled: false
key: ""
grpc-server:
host-port: :16685
http:
tls:
cert: ""
client-ca: ""
enabled: false
key: ""
http-server:
host-port: :16686
max-clock-skew-adjustment: 0s
static-files: ""
ui-config: ""
reporter:
grpc:
discovery:
min-peers: 3
host-port: ""
retry:
max: "3"
tls:
ca: ""
cert: ""
enabled: false
key: ""
server-name: ""
skip-host-verify: false
type: grpc
sampling:
strategies-file: ""
strategies-reload-interval: 0s
span-storage:
type: elasticsearch
status:
http:
host-port: :14269
+6
View File
@@ -0,0 +1,6 @@
{
"default_strategy": {
"type": "probabilistic",
"param": 1
}
}
+66
View File
@@ -0,0 +1,66 @@
extensions:
health_check:
pprof:
endpoint: 0.0.0.0:1777
zpages:
endpoint: 0.0.0.0:55679
receivers:
otlp:
protocols:
grpc:
endpoint: "0.0.0.0:8148"
http:
jaeger:
protocols:
thrift_compact:
endpoint: 0.0.0.0:6831
thrift_http:
endpoint: 0.0.0.0:14268
prometheus:
config:
scrape_configs:
- job_name: 'otel-collector'
scrape_interval: 10s
static_configs:
- targets: ['node-exporter:9100']
- job_name: 'otel-elastic'
scrape_interval: 10s
static_configs:
- targets: ['elasticsearch_exporter:9114']
- job_name: 'jaeger-collector'
scrape_interval: 10s
static_configs:
- targets: ['jaeger:14269']
processors:
batch:
timeout: 10s
send_batch_size: 1000
exporters:
logging:
loglevel: error
jaeger:
endpoint: "jaeger:14250"
tls:
insecure: true
prometheusremotewrite:
endpoint: "http://victoriametrics:8428/api/v1/write"
service:
pipelines:
traces:
receivers: [otlp]
processors: [batch]
exporters: [logging, jaeger]
logs:
receivers: [otlp]
processors: [batch]
exporters: [logging]
metrics:
receivers: [otlp, prometheus]
processors: [batch]
exporters: [logging, prometheusremotewrite]
extensions: [health_check, pprof, zpages]
+55
View File
@@ -0,0 +1,55 @@
#!/bin/bash
cp /opt/soldr_observability/config/elasticsearch/* /usr/share/elasticsearch/config/
chmod -R 0775 /usr/share/elasticsearch/config
while true; do
RETURNCODE=$(curl -s -o return_code.txt -w "%{http_code}" "http://elasticsearch:9200/")
if [ $RETURNCODE == "401" ]; then
echo "Connect to Elasticsearch was successful"
break
fi
echo "Failed to connect to Elasticsearch"
sleep 1
done
sleep 5
if [[ -f /usr/share/elasticsearch/config/passfile && $(cat /usr/share/elasticsearch/config/passfile) != "" ]]; then
ELASTIC_PASS=$(cat /usr/share/elasticsearch/config/passfile)
if [[ $MASTER_PASSWORD == $ELASTIC_PASS ]]; then
echo "MASTER_PASSWORD env and password in /usr/share/elasticsearch/config/passfile is equel"
RETURNCODE=$(curl -s -o return_code.txt -w "%{http_code}" -u "elastic:$ELASTIC_PASS" "http://elasticsearch:9200/_xpack/security/_authenticate")
if [[ $RETURNCODE != "200" ]]; then
echo "Password in /usr/share/elasticsearch/config/passfile is incorrect"
else
echo "Password in /usr/share/elasticsearch/config/passfile is correct"
fi
else
echo "Change password to MASTER_PASSWORD env"
RETURNCODE=$(curl -s -o return_code.txt -w "%{http_code}" -XPOST -u elastic:$ELASTIC_PASS 'http://elasticsearch:9200/_security/user/elastic/_password?pretty' -H 'Content-Type: application/json' -d '{"password": "'"$MASTER_PASSWORD"'"}')
if [[ $RETURNCODE != "200" ]]; then
echo "Change password failed"
else
echo "Successful password change"
echo $MASTER_PASSWORD > /usr/share/elasticsearch/config/passfile
fi
fi
else
echo "Generate new password and change default password"
if [[ $MASTER_PASSWORD != "" ]]; then
echo $MASTER_PASSWORD > /usr/share/elasticsearch/config/passfile
else
date +%s | sha256sum | base64 | head -c 20 > /usr/share/elasticsearch/config/passfile
fi
ELASTIC_PASS=$(cat /usr/share/elasticsearch/config/passfile)
RETURNCODE=$(curl -s -o return_code.txt -w "%{http_code}" -XPOST -u elastic:changeme 'http://elasticsearch:9200/_security/user/elastic/_password?pretty' -H 'Content-Type: application/json' -d '{"password": "'"$ELASTIC_PASS"'"}')
if [[ $RETURNCODE != "200" ]]; then
echo "Change password failed"
else
echo "Successful password change"
fi
fi
sleep infinity
+130
View File
@@ -0,0 +1,130 @@
#!/bin/bash
PASSWORD_FILE=/usr/share/elasticsearch/config/passfile
GRAFANA_KEY=/etc/grafana/ssl/grafana.key
GRAFANA_CRT=/etc/grafana/ssl/grafana.crt
if [[ -f "$GRAFANA_KEY" && -f "$GRAFANA_CRT" ]]; then
echo "Grafana crt and key already exist."
else
echo "Gen Grafana key and crt."
mkdir /etc/grafana/ssl/
mkdir ssl
openssl genrsa -out ssl/server_ca.key 4096
openssl req -new -x509 -days 391 -key ssl/server_ca.key \
-subj "/C=RU/L=MO/O=VXControl/CN=VXControl SOLDR OBSERV CA" \
-out ssl/server_ca.crt
openssl req -newkey rsa:4096 -sha256 -nodes -keyout $GRAFANA_KEY \
-subj "/C=RU/L=MO/O=VXControl/CN=soldr-observ.local" \
-out ssl/grafana.csr
openssl x509 -req -extfile <(printf "subjectAltName=DNS:soldr-observ.local, DNS:localhost\nkeyUsage=digitalSignature, nonRepudiation, keyEncipherment\nextendedKeyUsage=serverAuth") \
-days 390 -in ssl/grafana.csr \
-CA ssl/server_ca.crt \
-CAkey ssl/server_ca.key -CAcreateserial \
-out $GRAFANA_CRT
cat ssl/server_ca.crt >> $GRAFANA_CRT
chmod g+r $GRAFANA_KEY
rm -rf ssl
fi
if [[ -f "$PASSWORD_FILE" ]]; then
ELASTIC_PASS=$(cat /usr/share/elasticsearch/config/passfile)
if [[ -z "$ELASTIC_PASS" ]]; then
echo "Password not found in passfile"
exit 1
else
if grep -RFq 'PASSWORD-TEMPLATE' config/jaeger/config.yml ; then
echo "Firts deploy, replace PASSWORD-TEMPLATE to MASTER_PASSWORD"
sed -i 's/PASSWORD-TEMPLATE/'"$ELASTIC_PASS"'/g' config/jaeger/config.yml
else
echo "Change Elasticsearch password in Jaeger config.yml to new MASTER_PASSWORD"
OLD_PASSWORD=$(grep "admin_password" config/jaeger/config.yml | awk '{print $2}')
if [[ $OLD_PASSWORD == $ELASTIC_PASS ]]; then
echo "MASTER_PASSWORD the same"
else
echo "Update MASTER_PASSWORD in Jaeger config.yml"
if [[ $OLD_PASSWORD == * ]]; then
OLD_PASSWORD=$(echo $OLD_PASSWORD | sed 's|\*|\\\*|g')
fi
sed -i 's|'"$OLD_PASSWORD"'|'"$ELASTIC_PASS"'|g' config/jaeger/config.yml
fi
fi
fi
fi
echo "Copy config files to containers dst dirs"
cp -R config/grafana/* /etc/grafana/
cp -R config/grafana/dashboards/* /var/lib/grafana/dashboards/
cp -R config/jaeger/* /etc/jaeger/
cp -R config/otelcontribcol/* /etc/otel/
chown -R grafana /etc/grafana
chown -R grafana /var/lib/grafana
echo "Configs and secrets copied successful"
sleep 10
echo "Check Elasticsearch"
while true; do
RETURN_CODE=$(curl -s -o return_code -w "%{http_code}" \
-u elastic:$ELASTIC_PASS \
-k 'http://elasticsearch:9200/_cluster/health?wait_for_status=yellow&timeout=50s&pretty')
if [[ $RETURN_CODE != 200 ]]; then
echo "Waiting for Elasticsearch ..."
sleep 1
else
echo "Elasticsearch alive with correct config."
break
fi
done
echo "Check ILM policy for Jaeger"
ELASTIC_ILM_POLICY_RETURN_CODE=$(curl -u elastic:$ELASTIC_PASS -s 'http://elasticsearch:9200/_ilm/policy/jaeger-ilm-policy?pretty' | jq -r '.["jaeger-ilm-policy"].version')
if [[ $ELASTIC_ILM_POLICY_RETURN_CODE == null ]]; then
echo "Create ILM policy for Jaeger"
ELASTIC_CREATE_ILM_RETURN_CODE=$(curl -X PUT -u elastic:$ELASTIC_PASS -s 'http://elasticsearch:9200/_ilm/policy/jaeger-ilm-policy' \
-H 'Content-Type: application/json; charset=utf-8' \
-d '{"policy": {"phases": {"hot": {"min_age": "0ms","actions": {"rollover": {"max_age": "1d"},"set_priority": {"priority": 100}}},"delete": {"min_age": "14d","actions": {"delete": {}}}}}}' | jq -r '.acknowledged')
if [[ $ELASTIC_CREATE_ILM_RETURN_CODE == "true" ]]; then
echo "ILM policy for Jaeger created successfully"
echo "Create Jaeger index temptlate jaeger-span, jaeger-service, jaeger-dependencies"
JAEGER_SPAN_INDEX_TEMPLATE_RETURN_CODE=$(curl -X PUT -u elastic:$ELASTIC_PASS -s 'http://elasticsearch:9200/_template/jaeger-span' \
-H 'Content-Type: application/json; charset=utf-8' \
-d '{"index_patterns":["jaeger-span-*"],"settings":{"index":{"lifecycle":{"name":"jaeger-ilm-policy","rollover_alias":"jaeger-span-write"},"mapping":{"nested_fields":{"limit":"50"}},"requests":{"cache":{"enable":"true"}},"number_of_shards":"1","number_of_replicas":"0"}},"mappings":{"dynamic_templates":[{"span_tags_map":{"path_match":"tag.*","mapping":{"ignore_above":256,"type":"keyword"}}},{"process_tags_map":{"path_match":"process.tag.*","mapping":{"ignore_above":256,"type":"keyword"}}}],"properties":{"traceID":{"ignore_above":256,"type":"keyword"},"process":{"properties":{"tag":{"type":"object"},"serviceName":{"ignore_above":256,"type":"keyword"},"tags":{"dynamic":false,"type":"nested","properties":{"tagType":{"ignore_above":256,"type":"keyword"},"value":{"ignore_above":256,"type":"keyword"},"key":{"ignore_above":256,"type":"keyword"}}}}},"startTimeMillis":{"format":"epoch_millis","type":"date"},"references":{"dynamic":false,"type":"nested","properties":{"traceID":{"ignore_above":256,"type":"keyword"},"spanID":{"ignore_above":256,"type":"keyword"},"refType":{"ignore_above":256,"type":"keyword"}}},"flags":{"type":"integer"},"operationName":{"ignore_above":256,"type":"keyword"},"parentSpanID":{"ignore_above":256,"type":"keyword"},"tags":{"dynamic":false,"type":"nested","properties":{"tagType":{"ignore_above":256,"type":"keyword"},"value":{"ignore_above":256,"type":"keyword"},"key":{"ignore_above":256,"type":"keyword"}}},"spanID":{"ignore_above":256,"type":"keyword"},"duration":{"type":"long"},"startTime":{"type":"long"},"tag":{"type":"object"},"logs":{"dynamic":false,"type":"nested","properties":{"fields":{"dynamic":false,"type":"nested","properties":{"tagType":{"ignore_above":256,"type":"keyword"},"value":{"ignore_above":256,"type":"keyword"},"key":{"ignore_above":256,"type":"keyword"}}},"timestamp":{"type":"long"}}}}},"aliases":{"jaeger-span-read":{}}}' | jq -r '.acknowledged')
JAEGER_SERVICE_INDEX_TEMPLATE_RETURN_CODE=$(curl -X PUT -u elastic:$ELASTIC_PASS -s 'http://elasticsearch:9200/_template/jaeger-service' \
-H 'Content-Type: application/json; charset=utf-8' \
-d '{"index_patterns":["jaeger-service-*"],"settings":{"index":{"lifecycle":{"name":"jaeger-ilm-policy","rollover_alias":"jaeger-service-write"},"mapping":{"nested_fields":{"limit":"50"}},"requests":{"cache":{"enable":"true"}},"number_of_shards":"1","number_of_replicas":"0"}},"mappings":{"dynamic_templates":[{"span_tags_map":{"path_match":"tag.*","mapping":{"ignore_above":256,"type":"keyword"}}},{"process_tags_map":{"path_match":"process.tag.*","mapping":{"ignore_above":256,"type":"keyword"}}}],"properties":{"operationName":{"ignore_above":256,"type":"keyword"},"serviceName":{"ignore_above":256,"type":"keyword"}}},"aliases":{"jaeger-service-read":{}}}' | jq -r '.acknowledged')
if [[ $JAEGER_SPAN_INDEX_TEMPLATE_RETURN_CODE == "true" && $JAEGER_SERVICE_INDEX_TEMPLATE_RETURN_CODE == "true" ]]; then
echo "Jaeger index template created successfully"
echo "Create Jaeger indexes"
JAEGER_SPAN_INDEX_RETURN_CODE=$(curl -X PUT -u elastic:$ELASTIC_PASS -s 'http://elasticsearch:9200/jaeger-span-000001' \
-H 'Content-Type: application/json; charset=utf-8' \
-d '{"aliases" : {"jaeger-span-write": {"is_write_index": "true"}},"settings" : {"number_of_shards" : 1,"number_of_replicas" : 0}}' | jq -r '.acknowledged')
JAEGER_SERVICE_INDEX_RETURN_CODE=$(curl -X PUT -u elastic:$ELASTIC_PASS -s 'http://elasticsearch:9200/jaeger-service-000001' \
-H 'Content-Type: application/json; charset=utf-8' \
-d '{"aliases" : {"jaeger-service-write": {"is_write_index": "true"}},"settings" : {"number_of_shards" : 1,"number_of_replicas" : 0}}' | jq -r '.acknowledged')
if [[ $JAEGER_SPAN_INDEX_RETURN_CODE == "true" && $JAEGER_SERVICE_INDEX_RETURN_CODE == "true" ]];then
echo "Jaeger indexes created successfully"
touch /opt/soldr_observability/healthcheck
else
echo "Failed to create Jaeger indexes"
fi
else
echo "Failed to create Jaeger index templates"
fi
else
echo "Failed to create ILM policy for Jaeger"
fi
else
echo "ILM policy for Jaeger alrady exist"
touch /opt/soldr_observability/healthcheck
fi
sleep infinity