From e9d18147843c377014c9528ba777f55a8b35967a Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sat, 15 Feb 2025 19:49:26 -0500 Subject: [PATCH] Removing Grafana stack; adding Jinja templates for Vector and Gitea Runner. --- .../gitea_act-runner_config.yaml.j2 | 101 +++++++ ansible/app-configs/vector.yaml.j2 | 32 +++ docker-compose.yml | 260 ------------------ 3 files changed, 133 insertions(+), 260 deletions(-) create mode 100644 ansible/app-configs/gitea_act-runner_config.yaml.j2 create mode 100644 ansible/app-configs/vector.yaml.j2 diff --git a/ansible/app-configs/gitea_act-runner_config.yaml.j2 b/ansible/app-configs/gitea_act-runner_config.yaml.j2 new file mode 100644 index 00000000..d13e3588 --- /dev/null +++ b/ansible/app-configs/gitea_act-runner_config.yaml.j2 @@ -0,0 +1,101 @@ +# Example configuration file, it's safe to copy this as the default config file without any modification. + +# You don't have to copy this file to your instance, +# just run `./act_runner generate-config > config.yaml` to generate a config file. + +log: + # The level of logging, can be trace, debug, info, warn, error, fatal + level: info + +runner: + # Where to store the registration result. + file: .runner + # Execute how many tasks concurrently at the same time. + capacity: 2 + # Extra environment variables to run jobs. + envs: + A_TEST_ENV_NAME_1: a_test_env_value_1 + A_TEST_ENV_NAME_2: a_test_env_value_2 + # Extra environment variables to run jobs from a file. + # It will be ignored if it's empty or the file doesn't exist. + env_file: .env + # The timeout for a job to be finished. + # Please note that the Gitea instance also has a timeout (3h by default) for the job. + # So the job could be stopped by the Gitea instance if it's timeout is shorter than this. + timeout: 3h + # The timeout for the runner to wait for running jobs to finish when shutting down. + # Any running jobs that haven't finished after this timeout will be cancelled. + shutdown_timeout: 0s + # Whether skip verifying the TLS certificate of the Gitea instance. + insecure: false + # The timeout for fetching the job from the Gitea instance. + fetch_timeout: 5s + # The interval for fetching the job from the Gitea instance. + fetch_interval: 2s + # The labels of a runner are used to determine which jobs the runner can run, and how to run them. + # Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest" + # Find more images provided by Gitea at https://gitea.com/gitea/runner-images . + # If it's empty when registering, it will ask for inputting labels. + # If it's empty when execute `daemon`, will use labels in `.runner` file. + labels: + - "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest" + - "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04" + - "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04" + +cache: + # Enable cache server to use actions/cache. + enabled: true + # The directory to store the cache data. + # If it's empty, the cache data will be stored in $HOME/.cache/actcache. + dir: "" + # The host of the cache server. + # It's not for the address to listen, but the address to connect from job containers. + # So 0.0.0.0 is a bad choice, leave it empty to detect automatically. + host: "192.168.1.254" + # The port of the cache server. + # 0 means to use a random available port. + port: 63604 + # The external cache server URL. Valid only when enable is true. + # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself. + # The URL should generally end with "/". + external_server: "" + +container: + # Specifies the network to which the container will connect. + # Could be host, bridge or the name of a custom network. + # If it's empty, act_runner will create a network automatically. + network: "compose_default" + # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker). + privileged: false + # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway). + options: + # The parent directory of a job's working directory. + # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. + # If the path starts with '/', the '/' will be trimmed. + # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir + # If it's empty, /workspace will be used. + workdir_parent: + # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob + # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. + # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to: + # valid_volumes: + # - data + # - /src/*.json + # If you want to allow any volume, please use the following configuration: + # valid_volumes: + # - '**' + valid_volumes: [] + # overrides the docker client host with the specified one. + # If it's empty, act_runner will find an available docker host automatically. + # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers. + # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work. + docker_host: "" + # Pull docker image(s) even if already present + force_pull: false + # Rebuild docker image(s) even if already present + force_rebuild: false + +host: + # The parent directory of a job's working directory. + # If it's empty, $HOME/.cache/act/ will be used. + workdir_parent: diff --git a/ansible/app-configs/vector.yaml.j2 b/ansible/app-configs/vector.yaml.j2 new file mode 100644 index 00000000..9a4e5376 --- /dev/null +++ b/ansible/app-configs/vector.yaml.j2 @@ -0,0 +1,32 @@ + sources: + rinoa_docker_logs: + type: docker_logs + exclude_containers: + - zammad-init + - vector + + sinks: + parseable: + type: http + method: post + batch: + max_bytes: 10485760 + max_events: 1000 + timeout_secs: 10 + compression: gzip + inputs: + - rinoa_docker_logs + encoding: + codec: json + uri: http://parseable:8000/api/v1/ingest' + auth: + strategy: basic + user: admin + password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PARSEABLE_PASSWORD'] }} + request: + headers: + X-P-Stream: vectordemo + healthcheck: + enabled: true + path: 'http://parseable:8000/api/v1/liveness' + port: 80 \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index da153a3d..42a42e2a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1469,266 +1469,6 @@ services: type: bind bind: create_host_path: true -# grafana: -# container_name: grafana -# depends_on: -# grafana-alloy: -# condition: service_started -# required: true -# environment: -# GF_INSTALL_PLUGINS: grafana-piechart-panel -# TZ: America/New_York -# hostname: Rinoa -# image: grafana/grafana-enterprise:latest -# labels: -# homepage.group: Infrastructure/App Performance Monitoring -# homepage.name: Grafana (LGTM) -# homepage.href: https://mon.${MY_TLD} -# homepage.description: Monitoring Dashboard for metrics, logs, traces, & profiles -# homepage.icon: grafana.png -# homepage.widget.type: grafana -# homepage.widget.url: http://grafana:3000 -# homepage.widget.username: admin -# homepage.widget.password: ${GRAFANA_ADMIN_PASSWORD} -# swag: enable -# swag_proto: http -# swag_url: mon.${MY_TLD} -# swag.uptime-kuma.enabled: true -# swag.uptime-kuma.monitor.url: https://mon.${MY_TLD} -# networks: -# default: null -# ports: -# - mode: ingress -# protocol: tcp -# published: "3006" -# target: 3000 -# restart: unless-stopped -# user: 1000:1000 -# volumes: -# - bind: -# create_host_path: true -# read_only: true -# source: /etc/localtime -# target: /etc/localtime -# type: bind -# - source: ${DOCKER_VOLUME_CONFIG}/grafana/data -# target: /var/lib/grafana -# type: bind -# bind: -# create_host_path: true -# - bind: -# create_host_path: true -# source: /rinoa-storage -# target: /storage -# type: bind -# grafana-alloy: -# cap_add: -# - SYS_ADMIN -# - SYS_TIME -# - BPF -# - SYSLOG -# command: run --disable-reporting=true --stability.level=public-preview --server.http.listen-addr=0.0.0.0:12345 /etc/alloy/config.alloy -# container_name: grafana-alloy -# environment: -# DOCKER_HOST: tcp://dockerproxy:2375 -# image: grafana/alloy:latest -# labels: -# homepage.group: Infrastructure/App Performance Monitoring -# homepage.name: Grafana Alloy -# homepage.description: Agent for metric/log/trace/profile collection and writing -# homepage.href: http://192.168.1.254:12345 -# homepage.icon: sh-grafana-alloy.svg -# networks: -# default: null -# ports: -# - mode: ingress -# protocol: tcp -# published: "12345" -# target: 12345 -# privileged: true -# restart: always -# volumes: -# - source: ${DOCKER_VOLUME_CONFIG}/grafana/alloy/config.alloy -# target: /etc/alloy/config.alloy -# type: bind -# bind: -# create_host_path: true -# - source: ${DOCKER_VOLUME_CONFIG}/grafana/alloy/endpoints.json -# target: /etc/alloy/endpoints.json -# type: bind -# bind: -# create_host_path: true -# - bind: -# create_host_path: true -# read_only: true -# source: /proc -# target: /host/proc -# type: bind -# - bind: -# create_host_path: true -# read_only: true -# source: /sys -# target: /host/sys -# type: bind -# - bind: -# create_host_path: true -# read_only: true -# source: / -# target: /rootfs -# type: bind -# grafana-loki: -# command: -config.file=/etc/loki/loki-config.yaml -# container_name: grafana-loki -# depends_on: -# grafana-alloy: -# condition: service_started -# required: true -# image: grafana/loki:latest -# networks: -# default: null -# ports: -# - mode: ingress -# protocol: tcp -# published: "3100" -# target: 3100 -# restart: unless-stopped -# volumes: -# - source: ${DOCKER_VOLUME_CONFIG}/grafana/loki/loki-config.yaml -# target: /etc/loki/loki-config.yaml -# type: bind -# bind: -# create_host_path: true -# grafana-mimir: -# command: -# - -ingester.native-histograms-ingestion-enabled=true -# - -config.file=/etc/mimir.yaml -# container_name: grafana-mimir -# depends_on: -# grafana-alloy: -# condition: service_started -# required: true -# image: grafana/mimir:latest -# labels: -# homepage.group: Infrastructure/App Performance Monitoring -# homepage.name: Grafana Mimir -# homepage.href: http://192.168.1.254:9009 -# homepage.description: Long-term metrics storage -# homepage.icon: /icons/grafana-mimir.png -# networks: -# default: null -# ports: -# - mode: ingress -# protocol: tcp -# published: "9009" -# target: 9009 -# restart: unless-stopped -# volumes: -# - source: grafana-mimir-data -# target: /data -# type: volume -# volume: {} -# - source: ${DOCKER_VOLUME_CONFIG}/grafana/mimir/mimir.yaml -# target: /etc/mimir.yaml -# type: bind -# bind: -# create_host_path: true -# grafana-mimir-memcached: -# container_name: grafana-mimir-memcached -# depends_on: -# grafana-alloy: -# condition: service_started -# required: true -# environment: -# MEMCACHED_MEMORY_LIMIT: 1g -# MEMCACHED_THREADS: 4 -# MEMCACHED_MAX_CONNECTIONS: 2048 -# MEMCACHED_TCP_PORT: 11211 -# MEMCACHED_UDP_PORT: 11211 -# image: memcached -# networks: -# default: null -# ports: -# - mode: ingress -# protocol: tcp -# published: "11211" -# target: 11211 -# restart: unless-stopped -# grafana-pyroscope: -# command: -# - -config.file=/etc/pyroscope.yml -# container_name: grafana-pyroscope -# depends_on: -# grafana-alloy: -# condition: service_started -# required: true -# image: grafana/pyroscope:latest -# labels: -# homepage.group: Infrastructure/App Performance Monitoring -# homepage.name: Grafana Pyroscope -# homepage.description: Profiling for applications -# homepage.href: http://192.168.1.254:4040 -# homepage.icon: /icons/grafana-pyroscope.svg -# networks: -# default: null -# ports: -# - mode: ingress -# protocol: tcp -# published: "4040" -# target: 4040 -# restart: unless-stopped -# volumes: -# - source: ${DOCKER_VOLUME_CONFIG}/grafana/pyroscope/config.yaml -# target: /etc/pyroscope.yml -# type: bind -# bind: -# create_host_path: true -# grafana-tempo: -# command: -# - -config.file=/etc/tempo.yaml -# container_name: grafana-tempo -# depends_on: -# grafana-alloy: -# condition: service_started -# required: true -# image: grafana/tempo:latest -# networks: -# default: null -# ports: -# - mode: ingress -# protocol: tcp -# published: "14268" -# target: 14268 -# - mode: ingress -# protocol: tcp -# published: "3200" -# target: 3200 -# - mode: ingress -# protocol: tcp -# published: "9095" -# target: 9095 -# - mode: ingress -# protocol: tcp -# published: "4317" -# target: 4317 -# - mode: ingress -# protocol: tcp -# published: "4318" -# target: 4318 -# - mode: ingress -# protocol: tcp -# published: "9411" -# target: 9411 -# restart: unless-stopped -# volumes: -# - source: grafana-tempo-data -# target: /var/tempo -# type: volume -# volume: {} -# - source: ${DOCKER_VOLUME_CONFIG}/grafana/tempo/tempo.yaml -# target: /etc/tempo.yaml -# type: bind -# bind: -# create_host_path: true guacamole: container_name: guacamole environment: