From 4d6d6b4b38b9a0a31fa69fe4fdb0ff3b0f76d936 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Wed, 3 Dec 2025 06:57:07 -0500 Subject: [PATCH 1/6] Benedikta updates and Ultima config for Hivemind. --- .../ultima/hivemind/config/server.json.j2 | 49 +++++++++++++++++++ host_vars/benedikta.yml | 2 +- 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 app-configs/ultima/hivemind/config/server.json.j2 diff --git a/app-configs/ultima/hivemind/config/server.json.j2 b/app-configs/ultima/hivemind/config/server.json.j2 new file mode 100644 index 0000000..4a532ca --- /dev/null +++ b/app-configs/ultima/hivemind/config/server.json.j2 @@ -0,0 +1,49 @@ +{ + "binarize": true, + "allowed_encodings": [ + "JSON-B64", + "JSON-URLSAFE-B64", + "JSON-B91", + "JSON-Z85B", + "JSON-Z85P", + "JSON-B32", + "JSON-HEX" + ], + "allowed_ciphers": [ + "CHACHA20-POLY1305", + "AES-GCM" + ], + "agent_protocol": { + "module": "hivemind-ovos-agent-plugin", + "hivemind-ovos-agent-plugin": { + "host": "127.0.0.1", + "port": 8181 + } + }, + "binary_protocol": { + "module": null + }, + "network_protocol": { + "hivemind-websocket-plugin": { + "host": "0.0.0.0", + "port": 5678, + "ssl": false, + "cert_dir": "/home/hivemind/.local/share/hivemind", + "cert_name": "hivemind" + }, + "hivemind-http-plugin": { + "host": "0.0.0.0", + "port": 5679, + "ssl": false, + "cert_dir": "/home/hivemind/.local/share/hivemind", + "cert_name": "hivemind" + } + }, + "database": { + "module": "hivemind-json-db-plugin", + "hivemind-json-db-plugin": { + "name": "clients", + "subfolder": "hivemind-core" + } + } +} \ No newline at end of file diff --git a/host_vars/benedikta.yml b/host_vars/benedikta.yml index 6e74d89..e7d4d1e 100644 --- a/host_vars/benedikta.yml +++ b/host_vars/benedikta.yml @@ -1,2 +1,2 @@ -appdata_base_path: /home/ovos/ovos/config +appdata_base_path: /home/ovos/.config/docker secrets_path: benedikta-docker/env -- 2.52.0 From 160bca4f508b85ed4828f6c87d6a1f473723c3dc Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Wed, 3 Dec 2025 06:58:54 -0500 Subject: [PATCH 2/6] Adding Ultima to general workflow. --- .gitea/workflows/gitea_tar-valon_ansible_deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/gitea_tar-valon_ansible_deploy.yml b/.gitea/workflows/gitea_tar-valon_ansible_deploy.yml index b178c49..68437f8 100644 --- a/.gitea/workflows/gitea_tar-valon_ansible_deploy.yml +++ b/.gitea/workflows/gitea_tar-valon_ansible_deploy.yml @@ -68,7 +68,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - host: [rinoa, rikku, benedikta] + host: [rinoa, rikku, benedikta, ultima] env: VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }} VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} @@ -174,7 +174,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - host: [rinoa, rikku, benedikta] + host: [rinoa, rikku, benedikta, ultima] env: VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }} VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} -- 2.52.0 From 44d706b891a8829b63da1de7aea0600df8bc903f Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Wed, 3 Dec 2025 10:39:59 -0500 Subject: [PATCH 3/6] Forgot to add Ultima to list of hosts in config playbook. --- tar-valon_config_deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tar-valon_config_deploy.yml b/tar-valon_config_deploy.yml index 08c80fb..c691936 100644 --- a/tar-valon_config_deploy.yml +++ b/tar-valon_config_deploy.yml @@ -4,6 +4,7 @@ - rinoa - rikku - benedikta + - ultima gather_facts: false become: true become_method: sudo -- 2.52.0 From 9ab66a7be1c7879e55b79386ea6e71670ec28eaf Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Wed, 3 Dec 2025 11:57:08 -0500 Subject: [PATCH 4/6] Updating Vault password for Ultima creds. --- host_vars/ultima.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/host_vars/ultima.yml b/host_vars/ultima.yml index eedb702..ede2ff7 100644 --- a/host_vars/ultima.yml +++ b/host_vars/ultima.yml @@ -1,9 +1,9 @@ appdata_base_path: /home/charish/.config/docker ansible_become_password: !vault | $ANSIBLE_VAULT;1.1;AES256 - 35623531633464343532353539366432373931633465363832383735643665636534646131313135 - 3535376663383166343933373463643862316635663531610a646565346335313932323566386330 - 64356164313763666663393034343435353633313963306437613333356266303761313863396166 - 6530663063363831630a376466623331346364306163626438666339666563323332623738336464 - 37643137656336373230613737343530306131663039303630623063333937653333 + 37363634303539386437373433653834326537613239373539383731333364316461373436646233 + 3965616330356537666537323433666339653166616361370a616639363432643964343131636265 + 64623239343238363763386466626632383230633062383263323433353634373539373861383038 + 3837383436363138330a653566653731653065343538363733353432646136336335643666376133 + 31623634636561636635396136636538613338313862396439376435613337373637 secrets_path: ultima-docker/env -- 2.52.0 From 7ad9d1ed7da4c3c43c7969c895541cb6d810812c Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Wed, 3 Dec 2025 13:04:29 -0500 Subject: [PATCH 5/6] ..... --- group_vars/all.yml | 18 +++++++++--------- host_vars/rinoa.yml | 10 +++++----- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index 92ccd86..46f97bc 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -5,12 +5,12 @@ template_base_path: "{{ playbook_dir }}/app-configs" vault_addr: "https://vault.trez.wtf" vault_token: !vault | $ANSIBLE_VAULT;1.1;AES256 - 37653866643538383634623965613234353864386336623939383233633265633130366239626439 - 3932353431313731343232393165343836633433346339310a643430326235393162643337643565 - 32666334383863313961393866616135653464653862336434643832663038643737376165653837 - 3065653661316564620a343363613662633031336235396534616635373734393361353461363131 - 36383131363339343134313835663536323865663761356236356638366662653165626665393036 - 64393361643938393432626439656432643966316466643739623339666538643862333263323733 - 39393832643537386537396230663931316562633736643732643630623632313537383561376639 - 39643164343938396432393231393263376230323530623761636261323630636535356339666433 - 6138 + 35303736333161356439393866306637366433336638633638323763656263346561656635626339 + 3264373965633564316365323166366637636535623163340a386366356630326233326434316165 + 35633434643864653339313937656330626538343031313461373833636365363866393965613434 + 6366383839363737640a646331303039353639326239333737383137633036626436623166633935 + 31363666633164326131356634626633336130666530323338616461383339333435393864393938 + 32393265366534326564333730323935313631306531633739623961333436336238653065336665 + 36656334303634363037666561353731633664306461353131663032376632626331303932343135 + 31383638623035373466623236346533326433653766613231396637306665373366636335646465 + 3739 diff --git a/host_vars/rinoa.yml b/host_vars/rinoa.yml index a4fec08..449e6de 100644 --- a/host_vars/rinoa.yml +++ b/host_vars/rinoa.yml @@ -1,11 +1,11 @@ appdata_base_path: /home/charish/.docker/config/appdata ansible_become_password: !vault | $ANSIBLE_VAULT;1.1;AES256 - 33393031336537653965343539636434613066326131653737396561653031336665633430353837 - 3166363261623634363162626161633831316539643339620a326538663930396335646631356335 - 39643539313531646566353034313734646432626462646530303762323939613833663237316631 - 3134383462306432630a626163356437336331356339353332613265366564323234613732626331 - 64333464306531303163376566393065643136633165373364373733323838616437 + 30646333393563333364333935396530353265616233323839616266653938396561343539336337 + 6531313061626132636362373833356631336161626435660a643539353930396532653234393663 + 31623863633966303738643733643633353265396264613734333461643862663965663230663437 + 6136373035303834630a653263626365623838363236303931643565656232326536643239653238 + 64313034313663653332343464383565383964373438663661346538366636323162 secrets_path: rinoa-docker/env file_metadata: "hashicorp-vault/config/vault-config.hcl.j2": -- 2.52.0 From 5c23f4cbeaeaa0d62d01fa1ac6d596fb1ca99bd4 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Wed, 3 Dec 2025 13:23:33 -0500 Subject: [PATCH 6/6] Nuking Grafana as it's no longer in use. --- .../rinoa/grafana/alloy/alloy_config.alloy | 404 --------- .../grafana/alloy/alloy_endpoints.json.j2 | 34 - app-configs/rinoa/grafana/beyla/beyla.yml.j2 | 7 - app-configs/rinoa/grafana/mimir/mimir.yaml.j2 | 77 -- .../rinoa/grafana/pyroscope/config.yaml.j2 | 12 - app-configs/rinoa/grafana/tempo/config.yml.j2 | 787 ------------------ app-configs/rinoa/grafana/tempo/tempo.yaml.j2 | 54 -- 7 files changed, 1375 deletions(-) delete mode 100644 app-configs/rinoa/grafana/alloy/alloy_config.alloy delete mode 100644 app-configs/rinoa/grafana/alloy/alloy_endpoints.json.j2 delete mode 100644 app-configs/rinoa/grafana/beyla/beyla.yml.j2 delete mode 100644 app-configs/rinoa/grafana/mimir/mimir.yaml.j2 delete mode 100644 app-configs/rinoa/grafana/pyroscope/config.yaml.j2 delete mode 100644 app-configs/rinoa/grafana/tempo/config.yml.j2 delete mode 100644 app-configs/rinoa/grafana/tempo/tempo.yaml.j2 diff --git a/app-configs/rinoa/grafana/alloy/alloy_config.alloy b/app-configs/rinoa/grafana/alloy/alloy_config.alloy deleted file mode 100644 index a6441e3..0000000 --- a/app-configs/rinoa/grafana/alloy/alloy_config.alloy +++ /dev/null @@ -1,404 +0,0 @@ -{% set vault_addr = 'https://vault.trez.wtf' %} -{% set secrets_path = 'rinoa-docker/env' %} - -///////////////////////////////////////////////////////////////////////////////////////////////////////////// -// Agent globals -///////////////////////////////////////////////////////////////////////////////////////////////////////////// -local.file "endpoints" { - // The endpoints file is used to define the endpoints, credentials and options - // for the Agent export to. - filename = "/etc/alloy/endpoints.json" -} - -discovery.docker "rinoadocker" { - host = env("DOCKER_HOST") -} - -tracing { - write_to = [otelcol.exporter.otlp.tempo.input] -} -///////////////////////////////////////////////////////////////////////////////////////////////////////////// -// Metrics -///////////////////////////////////////////////////////////////////////////////////////////////////////////// -prometheus.remote_write "mimir" { - endpoint { - url = json_path(local.file.endpoints.content, ".metrics.url")[0] - basic_auth { - username = json_path(local.file.endpoints.content, ".metrics.basicAuth.username")[0] - password = json_path(local.file.endpoints.content, ".metrics.basicAuth.password")[0] - } - } -} - -prometheus.scrape "prometheus" { - targets = [{ - __address__ = "localhost:12345", - }] - forward_to = [prometheus.remote_write.mimir.receiver] - job_name = "prometheus" -} - -prometheus.exporter.unix "rinoa" { - procfs_path = "/host/proc" - sysfs_path = "/host/sys" - rootfs_path = "/rootfs" -} - -prometheus.scrape "rinoa" { - targets = prometheus.exporter.unix.rinoa.targets - forward_to = [prometheus.remote_write.mimir.receiver] - job_name = "rinoa_host" -} - -prometheus.exporter.cadvisor "docker" { - docker_host = env("DOCKER_HOST") - storage_duration = "5m" -} - -prometheus.scrape "docker" { - targets = prometheus.exporter.cadvisor.docker.targets - forward_to = [prometheus.remote_write.mimir.receiver] - job_name = "docker_stats" -} -///////////////////////////////////////////////////////////////////////////////////////////////////////////// -// Logging -///////////////////////////////////////////////////////////////////////////////////////////////////////////// -loki.write "loki" { - endpoint { - url = json_path(local.file.endpoints.content, ".logs.url")[0] - basic_auth { - username = json_path(local.file.endpoints.content, ".logs.basicAuth.username")[0] - password = json_path(local.file.endpoints.content, ".logs.basicAuth.password")[0] - } - } - external_labels = {} -} - -loki.source.journal "hostjournal" { - forward_to = [loki.write.loki.receiver] - max_age = "24h" - path = "/rootfs/var/log/journal/" - labels = { - job = "host-journal", - } -} - -local.file_match "system" { - path_targets = [{ - __address__ = "localhost", - __path__ = "/rootfs/var/log/*log", - job = "varlogs", - }] -} - -loki.source.file "system" { - targets = local.file_match.system.targets - forward_to = [loki.write.loki.receiver] -} - -loki.source.docker "containers" { - host = env("DOCKER_HOST") - targets = discovery.docker.rinoadocker.targets - forward_to = [loki.write.loki.receiver] - labels = { - job = "containerlogs", - } -} - -loki.process "containers" { - forward_to = [loki.write.loki.receiver] - // stage.docker {} - stage.json { - expressions = { - attrs = "", - output = "log", - stream = "stream", - } - } - - stage.json { - expressions = { - tag = "", - } - source = "attrs" - } - - stage.regex { - expression = "(?P(?:[^|]*[^|])).(?P(?:[^|]*[^|])).(?P(?:[^|]*[^|])).(?P(?:[^|]*[^|]))" - source = "tag" - } - - stage.timestamp { - source = "time" - format = "RFC3339Nano" - } - - stage.labels { - values = { - container_id = null, - container_name = null, - image_id = null, - image_name = null, - stream = null, - tag = null, - } - } - - stage.output { - source = "output" - } -} - -///////////////////////////////////////////////////////////////////////////////////////////////////////////// -// Traces -///////////////////////////////////////////////////////////////////////////////////////////////////////////// -beyla.ebpf "rinoadocker" { - open_port = "80-65535" - routes { - unmatched = "heauristic" - } - output { - traces = [ - otelcol.connector.servicegraph.tracemetrics.input, - otelcol.connector.spanmetrics.tracemetrics.input, - otelcol.processor.batch.default.input, - otelcol.connector.spanlogs.autologging.input, - ] - } -} - -prometheus.scrape "beyla" { - targets = beyla.ebpf.rinoadocker.targets - forward_to = [prometheus.remote_write.mimir.receiver] -} - -otelcol.auth.headers "tempo" { - header { - key = "Authorization" - value = join(["Basic ", json_path(local.file.endpoints.content, ".traces.basicAuthToken")[0]], "") - } -} - -otelcol.processor.batch "default" { - // Wait until we've received 16K of data. - send_batch_size = 16384 - send_batch_max_size = 16384 - // Or until 2 seconds have elapsed. - timeout = "2s" - // When the Agent has enough batched data, send it to the OpenTelemetry exporter named 'tempo'. - output { - traces = [otelcol.exporter.otlp.tempo.input] - } -} - -otelcol.exporter.otlp "tempo" { - // Define the client for exporting. - client { - // Authentication block. - auth = otelcol.auth.headers.tempo.handler - - // Send to the locally running Tempo instance, on port 4317 (OTLP gRPC). - endpoint = json_path(local.file.endpoints.content, ".traces.url")[0] - - // Configure TLS settings for communicating with the endpoint. - tls { - // The connection is insecure. - insecure = json_path(local.file.endpoints.content, ".traces.tls.insecure")[0] - // Do not verify TLS certificates when connecting. - insecure_skip_verify = json_path(local.file.endpoints.content, ".traces.tls.insecureSkipVerify")[0] - } - } -} - -otelcol.connector.spanlogs "autologging" { - // We only want to output a line for each root span (ie. every single trace), and not for every - // process or span (outputting a line for every span would be extremely verbose). - spans = false - roots = true - processes = false - // We want to ensure that the following three span attributes are included in the log line, if - // present. - span_attributes = [ "http.method", "http.target", "http.status_code" ] - - // Overrides the default key in the log line to be `traceId`, which is then used by Grafana to - // identify the trace ID for correlation with the Tempo datasource. - overrides { - trace_id_key = "traceId" - } - // Send to the OpenTelemetry Loki exporter. - output { - logs = [otelcol.exporter.loki.autologging.input] - } -} - -// Simply forwards the incoming OpenTelemetry log format out as a Loki log. -// We need this stage to ensure we can then process the logline as a Loki object. -otelcol.exporter.loki "autologging" { - forward_to = [loki.process.autologging.receiver] -} - -// The Loki processor allows us to accept a correctly formatted Loki log and mutate it into -// a set of fields for output. -loki.process "autologging" { - // The JSON stage simply extracts the `body` (the actual logline) from the Loki log, ignoring - // all other fields. - stage.json { - expressions = { "body" = "" } - } - // The output stage takes the body (the main logline) and uses this as the source for the output - // logline. In this case, it essentially turns it into logfmt. - stage.output { - source = "body" - } - - // Finally send the processed logline onto the Loki exporter. - forward_to = [loki.write.autologging.receiver] -} - -// The Loki writer receives a processed Loki log and then writes it to a Loki instance. -loki.write "autologging" { - // Add the `agent` value to the `job` label, so we can identify it as having been generated - // by Grafana Agent when querying. - external_labels = { - job = "agent", - } - - // Output the Loki log to the local Loki instance. - endpoint { - url = json_path(local.file.endpoints.content, ".logs.url")[0] - - // The basic auth credentials for the Loki instance. - basic_auth { - username = json_path(local.file.endpoints.content, ".logs.basicAuth.username")[0] - password = json_path(local.file.endpoints.content, ".logs.basicAuth.password")[0] - } - } -} - -// The Tail Sampling processor will use a set of policies to determine which received traces to keep -// and send to Tempo. -otelcol.processor.tail_sampling "errors" { - // Total wait time from the start of a trace before making a sampling decision. Note that smaller time - // periods can potentially cause a decision to be made before the end of a trace has occurred. - decision_wait = "30s" - - // The following policies follow a logical OR pattern, meaning that if any of the policies match, - // the trace will be kept. For logical AND, you can use the `and` policy. Every span of a trace is - // examined by each policy in turn. A match will cause a short-circuit. - - // This policy defines that traces that contain errors should be kept. - policy { - // The name of the policy can be used for logging purposes. - name = "sample-erroring-traces" - // The type must match the type of policy to be used, in this case examing the status code - // of every span in the trace. - type = "status_code" - // This block determines the error codes that should match in order to keep the trace, - // in this case the OpenTelemetry 'ERROR' code. - status_code { - status_codes = [ "ERROR" ] - } - } - - // This policy defines that only traces that are longer than 200ms in total should be kept. - policy { - // The name of the policy can be used for logging purposes. - name = "sample-long-traces" - // The type must match the policy to be used, in this case the total latency of the trace. - type = "latency" - // This block determines the total length of the trace in milliseconds. - latency { - threshold_ms = 200 - } - } - - // The output block forwards the kept traces onto the batch processor, which will marshall them - // for exporting to Tempo. - output { - traces = [otelcol.processor.batch.default.input] - } -} - -// The Spanmetrics Connector will generate RED metrics based on the incoming trace span data. -otelcol.connector.spanmetrics "tracemetrics" { - // The namespace explicit adds a prefix to all the generated span metrics names. - // In this case, we'll ensure they match as closely as possible those generated by Tempo. - namespace = "traces.spanmetrics" - - // Each extra dimension (metrics label) to be added to the generated metrics from matching span attributes. These - // need to be defined with a name and optionally a default value (in the following cases, we do not want a default - // value if the span attribute is not present). - dimension { - name = "http.method" - } - dimension { - name = "http.target" - } - dimension { - name = "http.status_code" - } - dimension { - name = "service.version" - } - - // A histogram block must be present, either explicitly defining bucket values or via an exponential block. - // We do the latter here. - histogram { - explicit { - } - } - - // The exemplar block is added to ensure we generate exemplars for traces on relevant metric values. - exemplars { - enabled = true - } - - // Generated metrics data is in OTLP format. We send this data to the OpenTelemetry Prometheus exporter to ensure - // it gets transformed into Prometheus format data. - output { - metrics = [otelcol.exporter.prometheus.tracemetrics.input] - } -} - -// The Servicegraph Connector will generate service graph metrics (edges and nodes) based on incoming trace spans. -otelcol.connector.servicegraph "tracemetrics" { - // Extra dimensions (metrics labels) to be added to the generated metrics from matching span attributes. - // For this component, this is defined as an array. There are no default values and the labels will not be generated - // for missing span attributes. - dimensions = [ - "http.method", - "http.target", - "http.status_code", - "service.version", - ] - - // Generated metrics data is in OTLP format. We send this data to the OpenTelemetry Prometheus exporter to ensure - // it gets transformed into Prometheus format data. - output { - metrics = [otelcol.exporter.prometheus.tracemetrics.input] - } -} - -otelcol.exporter.prometheus "tracemetrics" { - // Forward to our local Prometheus remote writer which will send the metrics to Mimir. - forward_to = [prometheus.remote_write.mimir.receiver] -} -///////////////////////////////////////////////////////////////////////////////////////////////////////////// -// Profiling -///////////////////////////////////////////////////////////////////////////////////////////////////////////// - -pyroscope.write "pyroscope" { - endpoint { - url = json_path(local.file.endpoints.content, ".profiles.url")[0] - basic_auth { - username = json_path(local.file.endpoints.content, ".profiles.basicAuth.username")[0] - password = json_path(local.file.endpoints.content, ".profiles.basicAuth.password")[0] - } - } - external_labels = {} -} - -pyroscope.ebpf "rinoadocker" { - forward_to = [pyroscope.write.pyroscope.receiver] - targets = discovery.docker.rinoadocker.targets -} \ No newline at end of file diff --git a/app-configs/rinoa/grafana/alloy/alloy_endpoints.json.j2 b/app-configs/rinoa/grafana/alloy/alloy_endpoints.json.j2 deleted file mode 100644 index d50b71a..0000000 --- a/app-configs/rinoa/grafana/alloy/alloy_endpoints.json.j2 +++ /dev/null @@ -1,34 +0,0 @@ -{% set vault_addr = 'https://vault.trez.wtf' %} -{% set secrets_path = 'rinoa-docker/env' %} - -{ - "metrics": { - "url": "http://grafana-mimir:9009/api/v1/push", - "basicAuth": { - "username": "", - "password": "" - } - }, - "logs": { - "url": "http://grafana-loki:3100/loki/api/v1/push", - "basicAuth": { - "username": "", - "password": "" - } - }, - "traces": { - "url": "http://grafana-tempo:4317", - "basicAuthToken": "", - "tls": { - "insecure": true, - "insecureSkipVerify": true - } - }, - "profiles": { - "url": "http://grafana-pyroscope:4040", - "basicAuth": { - "username": "", - "password": "" - } - } -} \ No newline at end of file diff --git a/app-configs/rinoa/grafana/beyla/beyla.yml.j2 b/app-configs/rinoa/grafana/beyla/beyla.yml.j2 deleted file mode 100644 index 5fa9bfa..0000000 --- a/app-configs/rinoa/grafana/beyla/beyla.yml.j2 +++ /dev/null @@ -1,7 +0,0 @@ -{% set vault_addr = 'https://vault.trez.wtf' %} -{% set secrets_path = 'rinoa-docker/env' %} - -routes: - patterns: - - /* - unmatched: heuristic diff --git a/app-configs/rinoa/grafana/mimir/mimir.yaml.j2 b/app-configs/rinoa/grafana/mimir/mimir.yaml.j2 deleted file mode 100644 index 80825a1..0000000 --- a/app-configs/rinoa/grafana/mimir/mimir.yaml.j2 +++ /dev/null @@ -1,77 +0,0 @@ -{% set vault_addr = 'https://vault.trez.wtf' %} -{% set secrets_path = 'rinoa-docker/env' %} - -multitenancy_enabled: false -no_auth_tenant: rinoa_mimir -# target: query-frontend -# api: -# prometheus_http_prefix: '/prometheus' -server: - http_listen_port: 9009 -# frontend: -# split_queries_by_interval: 24h -# align_queries_with_step: true - # cache_results: true - # results_cache: - # backend: "memcached" - # memcached: - # addresses: "memcached-mimir:11211" -# downstream_url: http://grafana-agent:12345 - -common: - storage: - backend: s3 - s3: - endpoint: minio:9000 - access_key_id: "Q8KAihuXtGgmretKNh7C" - secret_access_key: "hOlRODtnvFlNlL26Bj3GizZG6Ys3rlpG8p6Vo3NX" - bucket_name: "mimir" - insecure: true - -blocks_storage: - storage_prefix: rinoa - tsdb: - dir: /tmp/mimir/tsdb - -memberlist: - tls_enabled: false - -compactor: - # Directory to temporarily store blocks underdoing compaction. - data_dir: /tmp/mimir/compactor - # The sharding ring type used to share the hashed ring for the compactor. - sharding_ring: - # Use memberlist backend store (the default). - kvstore: - store: memberlist - -# The distributor receives incoming metrics data for the system. -distributor: - # The ring to share hash ring data across instances. - ring: - # The address advertised in the ring. Localhost. - instance_addr: 127.0.0.1 - # Use memberlist backend store (the default). - kvstore: - store: memberlist - -# The ingester receives data from the distributor and processes it into indices and blocks. -ingester: - # The ring to share hash ring data across instances. - ring: - # The address advertised in the ring. Localhost. - instance_addr: 127.0.0.1 - # Use memberlist backend store (the default). - kvstore: - store: memberlist - # Only run one instance of the ingesters. - # Note: It is highly recommended to run more than one ingester in production, the default is an RF of 3. - replication_factor: 1 - -# The store gateway block configures gateway storage. -store_gateway: - # Configuration for the hash ring. - sharding_ring: - # Only run a single instance. In production setups, the replication factor must - # be set on the querier and ruler as well. - replication_factor: 1 diff --git a/app-configs/rinoa/grafana/pyroscope/config.yaml.j2 b/app-configs/rinoa/grafana/pyroscope/config.yaml.j2 deleted file mode 100644 index 9b67c11..0000000 --- a/app-configs/rinoa/grafana/pyroscope/config.yaml.j2 +++ /dev/null @@ -1,12 +0,0 @@ -storage: - backend: s3 - s3: - bucket_name: pyroscope - endpoint: minio:9000 - region: us-east-fh-pln - access_key_id: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MINIO_PYROSCOPE_STORAGE_ACCESS_KEY'] }} - secret_access_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MINIO_PYROSCOPE_STORAGE_SECRET_KEY'] }} - insecure: true - -analytics: - reporting_enabled: false \ No newline at end of file diff --git a/app-configs/rinoa/grafana/tempo/config.yml.j2 b/app-configs/rinoa/grafana/tempo/config.yml.j2 deleted file mode 100644 index 690b60b..0000000 --- a/app-configs/rinoa/grafana/tempo/config.yml.j2 +++ /dev/null @@ -1,787 +0,0 @@ -{% set vault_addr = 'https://vault.trez.wtf' %} -{% set secrets_path = 'rinoa-docker/env' %} - -target: all -http_api_prefix: "" -autocomplete_filtering_enabled: true -server: - http_listen_network: tcp - http_listen_address: "" - http_listen_port: 80 - http_listen_conn_limit: 0 - grpc_listen_network: tcp - grpc_listen_address: "" - grpc_listen_port: 9095 - grpc_listen_conn_limit: 0 - tls_cipher_suites: "" - tls_min_version: "" - http_tls_config: - cert: "" - key: null - client_ca: "" - cert_file: "" - key_file: "" - client_auth_type: "" - client_ca_file: "" - grpc_tls_config: - cert: "" - key: null - client_ca: "" - cert_file: "" - key_file: "" - client_auth_type: "" - client_ca_file: "" - register_instrumentation: true - report_grpc_codes_in_instrumentation_label_enabled: false - graceful_shutdown_timeout: 30s - http_server_read_timeout: 30s - http_server_read_header_timeout: 0s - http_server_write_timeout: 30s - http_server_idle_timeout: 2m0s - http_log_closed_connections_without_response_enabled: false - grpc_server_max_recv_msg_size: 16777216 - grpc_server_max_send_msg_size: 16777216 - grpc_server_max_concurrent_streams: 100 - grpc_server_max_connection_idle: 2562047h47m16.854775807s - grpc_server_max_connection_age: 2562047h47m16.854775807s - grpc_server_max_connection_age_grace: 2562047h47m16.854775807s - grpc_server_keepalive_time: 2h0m0s - grpc_server_keepalive_timeout: 20s - grpc_server_min_time_between_pings: 10s - grpc_server_ping_without_stream_allowed: true - grpc_server_num_workers: 0 - log_format: logfmt - log_level: info - log_source_ips_enabled: false - log_source_ips_header: "" - log_source_ips_regex: "" - log_request_headers: false - log_request_at_info_level_enabled: false - log_request_exclude_headers_list: "" - http_path_prefix: "" -internal_server: - http_listen_network: tcp - http_listen_address: "" - http_listen_port: 3101 - http_listen_conn_limit: 0 - grpc_listen_network: "" - grpc_listen_address: "" - grpc_listen_port: 0 - grpc_listen_conn_limit: 0 - tls_cipher_suites: "" - tls_min_version: "" - http_tls_config: - cert: "" - key: null - client_ca: "" - cert_file: "" - key_file: "" - client_auth_type: "" - client_ca_file: "" - grpc_tls_config: - cert: "" - key: null - client_ca: "" - cert_file: "" - key_file: "" - client_auth_type: "" - client_ca_file: "" - register_instrumentation: false - report_grpc_codes_in_instrumentation_label_enabled: false - graceful_shutdown_timeout: 30s - http_server_read_timeout: 30s - http_server_read_header_timeout: 0s - http_server_write_timeout: 30s - http_server_idle_timeout: 2m0s - http_log_closed_connections_without_response_enabled: false - grpc_server_max_recv_msg_size: 0 - grpc_server_max_send_msg_size: 0 - grpc_server_max_concurrent_streams: 0 - grpc_server_max_connection_idle: 0s - grpc_server_max_connection_age: 0s - grpc_server_max_connection_age_grace: 0s - grpc_server_keepalive_time: 0s - grpc_server_keepalive_timeout: 0s - grpc_server_min_time_between_pings: 0s - grpc_server_ping_without_stream_allowed: false - grpc_server_num_workers: 0 - log_format: logfmt - log_level: info - log_source_ips_enabled: false - log_source_ips_header: "" - log_source_ips_regex: "" - log_request_headers: false - log_request_at_info_level_enabled: false - log_request_exclude_headers_list: "" - http_path_prefix: "" - enable: false -distributor: - ring: - kvstore: - store: memberlist - prefix: collectors/ - consul: - host: localhost:8500 - acl_token: "" - http_client_timeout: 20s - consistent_reads: false - watch_rate_limit: 1 - watch_burst_size: 1 - cas_retry_delay: 1s - etcd: - endpoints: [] - dial_timeout: 10s - max_retries: 10 - tls_enabled: false - tls_cert_path: "" - tls_key_path: "" - tls_ca_path: "" - tls_server_name: "" - tls_insecure_skip_verify: false - tls_cipher_suites: "" - tls_min_version: "" - username: "" - password: "" - multi: - primary: "" - secondary: "" - mirror_enabled: false - mirror_timeout: 2s - heartbeat_period: 5s - heartbeat_timeout: 5m0s - instance_id: local-instance - instance_interface_names: - - eth0 - - en0 - instance_port: 0 - instance_addr: "" - receivers: {} - override_ring_key: distributor - forwarders: [] - extend_writes: true - retry_after_on_resource_exhausted: 0s -ingester_client: - pool_config: - checkinterval: 15s - healthcheckenabled: true - healthchecktimeout: 1s - maxconcurrenthealthchecks: 0 - remote_timeout: 5s - grpc_client_config: - max_recv_msg_size: 104857600 - max_send_msg_size: 104857600 - grpc_compression: snappy - rate_limit: 0 - rate_limit_burst: 0 - backoff_on_ratelimits: false - backoff_config: - min_period: 100ms - max_period: 10s - max_retries: 10 - initial_stream_window_size: 63KiB1023B - initial_connection_window_size: 63KiB1023B - tls_enabled: false - tls_cert_path: "" - tls_key_path: "" - tls_ca_path: "" - tls_server_name: "" - tls_insecure_skip_verify: false - tls_cipher_suites: "" - tls_min_version: "" - connect_timeout: 5s - connect_backoff_base_delay: 1s - connect_backoff_max_delay: 5s -metrics_generator_client: - pool_config: - checkinterval: 15s - healthcheckenabled: true - healthchecktimeout: 1s - maxconcurrenthealthchecks: 0 - remote_timeout: 5s - grpc_client_config: - max_recv_msg_size: 104857600 - max_send_msg_size: 104857600 - grpc_compression: snappy - rate_limit: 0 - rate_limit_burst: 0 - backoff_on_ratelimits: false - backoff_config: - min_period: 100ms - max_period: 10s - max_retries: 10 - initial_stream_window_size: 63KiB1023B - initial_connection_window_size: 63KiB1023B - tls_enabled: false - tls_cert_path: "" - tls_key_path: "" - tls_ca_path: "" - tls_server_name: "" - tls_insecure_skip_verify: false - tls_cipher_suites: "" - tls_min_version: "" - connect_timeout: 5s - connect_backoff_base_delay: 1s - connect_backoff_max_delay: 5s -querier: - search: - query_timeout: 30s - prefer_self: 10 - external_hedge_requests_at: 8s - external_hedge_requests_up_to: 2 - external_backend: "" - google_cloud_run: null - external_endpoints: [] - trace_by_id: - query_timeout: 10s - max_concurrent_queries: 20 - frontend_worker: - frontend_address: 127.0.0.1:9095 - dns_lookup_duration: 10s - parallelism: 2 - match_max_concurrent: true - id: "" - grpc_client_config: - max_recv_msg_size: 104857600 - max_send_msg_size: 16777216 - grpc_compression: gzip - rate_limit: 0 - rate_limit_burst: 0 - backoff_on_ratelimits: false - backoff_config: - min_period: 100ms - max_period: 1s - max_retries: 5 - initial_stream_window_size: 0B - initial_connection_window_size: 0B - tls_enabled: false - tls_cert_path: "" - tls_key_path: "" - tls_ca_path: "" - tls_server_name: "" - tls_insecure_skip_verify: false - tls_cipher_suites: "" - tls_min_version: "" - connect_timeout: 0s - connect_backoff_base_delay: 0s - connect_backoff_max_delay: 0s - query_relevant_ingesters: false -query_frontend: - max_outstanding_per_tenant: 2000 - querier_forget_delay: 0s - max_batch_size: 5 - max_retries: 2 - search: - concurrent_jobs: 1000 - target_bytes_per_job: 104857600 - default_result_limit: 20 - max_result_limit: 0 - max_duration: 168h0m0s - query_backend_after: 15m0s - query_ingesters_until: 30m0s - trace_by_id: - query_shards: 50 - hedge_requests_at: 2s - hedge_requests_up_to: 2 - metrics: - concurrent_jobs: 1000 - target_bytes_per_job: 104857600 - max_duration: 0s - query_backend_after: 1h0m0s - interval: 5m0s - multi_tenant_queries_enabled: true -compactor: - ring: - kvstore: - store: "" - prefix: collectors/ - consul: - host: localhost:8500 - acl_token: "" - http_client_timeout: 20s - consistent_reads: false - watch_rate_limit: 1 - watch_burst_size: 1 - cas_retry_delay: 1s - etcd: - endpoints: [] - dial_timeout: 10s - max_retries: 10 - tls_enabled: false - tls_cert_path: "" - tls_key_path: "" - tls_ca_path: "" - tls_server_name: "" - tls_insecure_skip_verify: false - tls_cipher_suites: "" - tls_min_version: "" - username: "" - password: "" - multi: - primary: "" - secondary: "" - mirror_enabled: false - mirror_timeout: 2s - heartbeat_period: 5s - heartbeat_timeout: 1m0s - wait_stability_min_duration: 1m0s - wait_stability_max_duration: 5m0s - instance_id: local-instance - instance_interface_names: - - eth0 - - en0 - instance_port: 0 - instance_addr: "" - enable_inet6: false - wait_active_instance_timeout: 10m0s - compaction: - v2_in_buffer_bytes: 5242880 - v2_out_buffer_bytes: 20971520 - v2_prefetch_traces_count: 1000 - compaction_window: 1h0m0s - max_compaction_objects: 6000000 - max_block_bytes: 107374182400 - block_retention: 336h0m0s - compacted_block_retention: 1h0m0s - retention_concurrency: 10 - max_time_per_tenant: 5m0s - compaction_cycle: 30s - override_ring_key: compactor -ingester: - lifecycler: - ring: - kvstore: - store: inmemory - prefix: collectors/ - consul: - host: localhost:8500 - acl_token: "" - http_client_timeout: 20s - consistent_reads: false - watch_rate_limit: 1 - watch_burst_size: 1 - cas_retry_delay: 1s - etcd: - endpoints: [] - dial_timeout: 10s - max_retries: 10 - tls_enabled: false - tls_cert_path: "" - tls_key_path: "" - tls_ca_path: "" - tls_server_name: "" - tls_insecure_skip_verify: false - tls_cipher_suites: "" - tls_min_version: "" - username: "" - password: "" - multi: - primary: "" - secondary: "" - mirror_enabled: false - mirror_timeout: 2s - heartbeat_timeout: 5m0s - replication_factor: 1 - zone_awareness_enabled: false - excluded_zones: "" - num_tokens: 128 - heartbeat_period: 5s - heartbeat_timeout: 1m0s - observe_period: 0s - join_after: 0s - min_ready_duration: 15s - interface_names: - - en0 - - bridge100 - enable_inet6: false - final_sleep: 0s - tokens_file_path: "" - availability_zone: "" - unregister_on_shutdown: true - readiness_check_ring_health: true - address: 127.0.0.1 - port: 0 - id: local-instance - concurrent_flushes: 4 - flush_check_period: 10s - flush_op_timeout: 5m0s - trace_idle_period: 10s - max_block_duration: 30m0s - max_block_bytes: 524288000 - complete_block_timeout: 15m0s - override_ring_key: ring - flush_all_on_shutdown: false -metrics_generator: - ring: - kvstore: - store: inmemory - prefix: collectors/ - consul: - host: localhost:8500 - acl_token: "" - http_client_timeout: 20s - consistent_reads: false - watch_rate_limit: 1 - watch_burst_size: 1 - cas_retry_delay: 1s - etcd: - endpoints: [] - dial_timeout: 10s - max_retries: 10 - tls_enabled: false - tls_cert_path: "" - tls_key_path: "" - tls_ca_path: "" - tls_server_name: "" - tls_insecure_skip_verify: false - tls_cipher_suites: "" - tls_min_version: "" - username: "" - password: "" - multi: - primary: "" - secondary: "" - mirror_enabled: false - mirror_timeout: 2s - heartbeat_period: 5s - heartbeat_timeout: 1m0s - instance_id: local-instance - instance_interface_names: - - eth0 - - en0 - instance_addr: 127.0.0.1 - instance_port: 0 - enable_inet6: false - processor: - service_graphs: - wait: 10s - max_items: 10000 - workers: 10 - histogram_buckets: - - 0.1 - - 0.2 - - 0.4 - - 0.8 - - 1.6 - - 3.2 - - 6.4 - - 12.8 - dimensions: [] - enable_client_server_prefix: false - peer_attributes: - - peer.service - - db.name - - db.system - span_multiplier_key: "" - span_metrics: - histogram_buckets: - - 0.002 - - 0.004 - - 0.008 - - 0.016 - - 0.032 - - 0.064 - - 0.128 - - 0.256 - - 0.512 - - 1.024 - - 2.048 - - 4.096 - - 8.192 - - 16.384 - intrinsic_dimensions: - service: true - span_name: true - span_kind: true - status_code: true - dimensions: [] - dimension_mappings: [] - enable_target_info: false - span_multiplier_key: "" - subprocessors: - 0: true - 1: true - 2: true - filter_policies: [] - target_info_excluded_dimensions: [] - local_blocks: - block: - bloom_filter_false_positive: 0.01 - bloom_filter_shard_size_bytes: 102400 - version: vParquet3 - search_encoding: snappy - search_page_size_bytes: 1048576 - v2_index_downsample_bytes: 1048576 - v2_index_page_size_bytes: 256000 - v2_encoding: zstd - parquet_row_group_size_bytes: 100000000 - parquet_dedicated_columns: [] - search: - chunk_size_bytes: 1000000 - prefetch_trace_count: 1000 - read_buffer_count: 32 - read_buffer_size_bytes: 1048576 - cache_control: - footer: false - column_index: false - offset_index: false - flush_check_period: 10s - trace_idle_period: 10s - max_block_duration: 1m0s - max_block_bytes: 500000000 - complete_block_timeout: 1h0m0s - max_live_traces: 0 - concurrent_blocks: 10 - filter_server_spans: true - registry: - collection_interval: 15s - stale_duration: 15m0s - max_label_name_length: 1024 - max_label_value_length: 2048 - storage: - path: "" - wal: - wal_segment_size: 134217728 - wal_compression: none - stripe_size: 16384 - truncate_frequency: 2h0m0s - min_wal_time: 300000 - max_wal_time: 14400000 - no_lockfile: false - remote_write_flush_deadline: 1m0s - remote_write_add_org_id_header: true - traces_storage: - path: "" - completedfilepath: "" - blocksfilepath: "" - v2_encoding: none - search_encoding: none - ingestion_time_range_slack: 0s - version: vParquet3 - metrics_ingestion_time_range_slack: 30s - query_timeout: 30s - override_ring_key: metrics-generator -storage: - trace: - pool: - max_workers: 400 - queue_depth: 20000 - wal: - path: /tmp/tempo/wal - completedfilepath: /tmp/tempo/wal/completed - blocksfilepath: /tmp/tempo/wal/blocks - v2_encoding: snappy - search_encoding: none - ingestion_time_range_slack: 2m0s - version: vParquet3 - block: - bloom_filter_false_positive: 0.01 - bloom_filter_shard_size_bytes: 102400 - version: vParquet3 - search_encoding: snappy - search_page_size_bytes: 1048576 - v2_index_downsample_bytes: 1048576 - v2_index_page_size_bytes: 256000 - v2_encoding: zstd - parquet_row_group_size_bytes: 100000000 - parquet_dedicated_columns: [] - search: - chunk_size_bytes: 1000000 - prefetch_trace_count: 1000 - read_buffer_count: 32 - read_buffer_size_bytes: 1048576 - cache_control: - footer: false - column_index: false - offset_index: false - blocklist_poll: 5m0s - blocklist_poll_concurrency: 50 - blocklist_poll_fallback: true - blocklist_poll_tenant_index_builders: 2 - blocklist_poll_stale_tenant_index: 0s - blocklist_poll_jitter_ms: 0 - blocklist_poll_tolerate_consecutive_errors: 1 - backend: local - local: - path: /tmp/tempo/traces - gcs: - bucket_name: "" - prefix: "" - chunk_buffer_size: 10485760 - endpoint: "" - hedge_requests_at: 0s - hedge_requests_up_to: 2 - insecure: false - object_cache_control: "" - object_metadata: {} - list_blocks_concurrency: 3 - s3: - tls_cert_path: "" - tls_key_path: "" - tls_ca_path: "" - tls_server_name: "" - tls_insecure_skip_verify: false - tls_cipher_suites: "" - tls_min_version: VersionTLS12 - bucket: "" - prefix: "" - endpoint: "" - region: "" - access_key: "" - secret_key: "" - session_token: "" - insecure: false - part_size: 0 - hedge_requests_at: 0s - hedge_requests_up_to: 2 - signature_v2: false - forcepathstyle: false - bucket_lookup_type: 0 - tags: {} - storage_class: "" - metadata: {} - native_aws_auth_enabled: false - list_blocks_concurrency: 3 - azure: - storage_account_name: "" - storage_account_key: "" - use_managed_identity: false - use_federated_token: false - user_assigned_id: "" - container_name: "" - prefix: "" - endpoint_suffix: blob.core.windows.net - max_buffers: 4 - buffer_size: 3145728 - hedge_requests_at: 0s - hedge_requests_up_to: 2 - use_v2_sdk: false - cache: "" - background_cache: - writeback_goroutines: 10 - writeback_buffer: 10000 - memcached: null - redis: null - cache_min_compaction_level: 0 - cache_max_block_age: 0s -overrides: - defaults: - ingestion: - rate_strategy: local - rate_limit_bytes: 15000000 - burst_size_bytes: 20000000 - max_traces_per_user: 10000 - read: - max_bytes_per_tag_values_query: 5000000 - global: - max_bytes_per_trace: 5000000 - per_tenant_override_config: "" - per_tenant_override_period: 10s - user_configurable_overrides: - enabled: false - poll_interval: 1m0s - client: - backend: "" - confirm_versioning: true - local: - path: "" - gcs: - bucket_name: "" - prefix: "" - chunk_buffer_size: 10485760 - endpoint: "" - hedge_requests_at: 0s - hedge_requests_up_to: 2 - insecure: false - object_cache_control: "" - object_metadata: {} - list_blocks_concurrency: 3 - s3: - tls_cert_path: "" - tls_key_path: "" - tls_ca_path: "" - tls_server_name: "" - tls_insecure_skip_verify: false - tls_cipher_suites: "" - tls_min_version: VersionTLS12 - bucket: "" - prefix: "" - endpoint: "" - region: "" - access_key: "" - secret_key: "" - session_token: "" - insecure: false - part_size: 0 - hedge_requests_at: 0s - hedge_requests_up_to: 2 - signature_v2: false - forcepathstyle: false - bucket_lookup_type: 0 - tags: {} - storage_class: "" - metadata: {} - native_aws_auth_enabled: false - list_blocks_concurrency: 3 - azure: - storage_account_name: "" - storage_account_key: "" - use_managed_identity: false - use_federated_token: false - user_assigned_id: "" - container_name: "" - prefix: "" - endpoint_suffix: blob.core.windows.net - max_buffers: 4 - buffer_size: 3145728 - hedge_requests_at: 0s - hedge_requests_up_to: 2 - use_v2_sdk: false - api: - check_for_conflicting_runtime_overrides: false -memberlist: - node_name: "" - randomize_node_name: true - stream_timeout: 2s - retransmit_factor: 2 - pull_push_interval: 30s - gossip_interval: 1s - gossip_nodes: 2 - gossip_to_dead_nodes_time: 30s - dead_node_reclaim_time: 0s - compression_enabled: false - advertise_addr: "" - advertise_port: 7946 - cluster_label: "" - cluster_label_verification_disabled: false - join_members: [] - min_join_backoff: 1s - max_join_backoff: 1m0s - max_join_retries: 10 - abort_if_cluster_join_fails: false - rejoin_interval: 0s - left_ingesters_timeout: 5m0s - leave_timeout: 20s - message_history_buffer_bytes: 0 - bind_addr: [] - bind_port: 7946 - packet_dial_timeout: 2s - packet_write_timeout: 5s - tls_enabled: false - tls_cert_path: "" - tls_key_path: "" - tls_ca_path: "" - tls_server_name: "" - tls_insecure_skip_verify: false - tls_cipher_suites: "" - tls_min_version: "" -usage_report: - reporting_enabled: true - backoff: - min_period: 100ms - max_period: 10s - max_retries: 0 -cache: - background: - writeback_goroutines: 10 - writeback_buffer: 10000 - caches: [] \ No newline at end of file diff --git a/app-configs/rinoa/grafana/tempo/tempo.yaml.j2 b/app-configs/rinoa/grafana/tempo/tempo.yaml.j2 deleted file mode 100644 index dc61795..0000000 --- a/app-configs/rinoa/grafana/tempo/tempo.yaml.j2 +++ /dev/null @@ -1,54 +0,0 @@ -{% set vault_addr = 'https://vault.trez.wtf' %} -{% set secrets_path = 'rinoa-docker/env' %} - - -server: - http_listen_port: 3200 - -distributor: - receivers: # this configuration will listen on all ports and protocols that tempo is capable of. - jaeger: # the receives all come from the OpenTelemetry collector. more configuration information can - protocols: # be found there: https://github.com/open-telemetry/opentelemetry-collector/tree/main/receiver - thrift_http: # - grpc: # for a production deployment you should only enable the receivers you need! - thrift_binary: - thrift_compact: - zipkin: - otlp: - protocols: - http: - grpc: - opencensus: - -ingester: - max_block_duration: 5m # cut the headblock when this much time passes. this is being set for demo purposes and should probably be left alone normally - -compactor: - compaction: - block_retention: 1h # overall Tempo trace retention. set for demo purposes - -# metrics_generator: -# registry: -# external_labels: -# source: tempo -# cluster: docker-compose -# storage: -# path: /tmp/tempo/generator/wal -# remote_write: -# - url: http://grafana-alloy:12345/api/v1/write -# send_exemplars: true - -storage: - trace: - backend: s3 # backend configuration to use - wal: - path: /tmp/tempo/wal # where to store the the wal locally - s3: - bucket: tempo # how to store data in s3 - endpoint: minio:9000 - access_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MINIO_TEMPO_STORAGE_ACCESS_KEY'] }} - secret_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MINIO_TEMPO_STORAGE_SECRET_KEY'] }} - insecure: true - -usage_report: - reporting_enabled: false \ No newline at end of file -- 2.52.0