From edaa556a5ee00b777d1e7a7fc4134698b2ddf5da Mon Sep 17 00:00:00 2001 From: Vassiliy Yegorov Date: Wed, 8 Jul 2020 16:03:52 +0700 Subject: [PATCH] init commit --- 1.Docker/ansible.cfg | 11 +++ 1.Docker/docker-init.sh | 3 + 1.Docker/docker-init.yml | 17 ++++ 1.Docker/hosts | 3 + 1.Docker/requirements.yml | 3 + .../roles/vasyakrg.docker_install/.travis.yml | 24 +++++ .../roles/vasyakrg.docker_install/LICENSE.txt | 21 +++++ .../roles/vasyakrg.docker_install/README.md | 59 ++++++++++++ .../vasyakrg.docker_install/defaults/main.yml | 5 + .../vasyakrg.docker_install/handlers/main.yml | 12 +++ .../meta/.galaxy_install_info | 1 + .../vasyakrg.docker_install/meta/main.yml | 16 ++++ .../vasyakrg.docker_install/tasks/main.yml | 91 +++++++++++++++++++ .../vasyakrg.docker_install/tests/role.yml | 30 ++++++ 2.Preinstall/docker-compose.yaml | 10 ++ 2.Preinstall/install-addons.sh | 4 + 3.Traefik/DOMAINS.md | 7 ++ 3.Traefik/data/.gitignore | 2 + 3.Traefik/data/custom/allow-redirect.yml | 19 ++++ 3.Traefik/data/custom/nginx-docker-node1.yml | 46 ++++++++++ 3.Traefik/data/traefik.yml | 65 +++++++++++++ 3.Traefik/docker-compose.yml | 39 ++++++++ 3.Traefik/start-traefik.sh | 6 ++ 4.Addons/.env.example | 4 + 4.Addons/.gitignore | 1 + 4.Addons/docker-compose.yml | 68 ++++++++++++++ 4.Addons/mon-init.sh | 5 + 4.Addons/prometheus/prometheus.yml | 42 +++++++++ 4.Addons/prometheus/traefik-exporter.yml | 5 + README.md | 14 +++ 30 files changed, 633 insertions(+) create mode 100644 1.Docker/ansible.cfg create mode 100755 1.Docker/docker-init.sh create mode 100644 1.Docker/docker-init.yml create mode 100644 1.Docker/hosts create mode 100644 1.Docker/requirements.yml create mode 100644 1.Docker/roles/vasyakrg.docker_install/.travis.yml create mode 100644 1.Docker/roles/vasyakrg.docker_install/LICENSE.txt create mode 100644 1.Docker/roles/vasyakrg.docker_install/README.md create mode 100644 1.Docker/roles/vasyakrg.docker_install/defaults/main.yml create mode 100644 1.Docker/roles/vasyakrg.docker_install/handlers/main.yml create mode 100644 1.Docker/roles/vasyakrg.docker_install/meta/.galaxy_install_info create mode 100644 1.Docker/roles/vasyakrg.docker_install/meta/main.yml create mode 100644 1.Docker/roles/vasyakrg.docker_install/tasks/main.yml create mode 100644 1.Docker/roles/vasyakrg.docker_install/tests/role.yml create mode 100644 2.Preinstall/docker-compose.yaml create mode 100755 2.Preinstall/install-addons.sh create mode 100644 3.Traefik/DOMAINS.md create mode 100644 3.Traefik/data/.gitignore create mode 100644 3.Traefik/data/custom/allow-redirect.yml create mode 100644 3.Traefik/data/custom/nginx-docker-node1.yml create mode 100644 3.Traefik/data/traefik.yml create mode 100644 3.Traefik/docker-compose.yml create mode 100755 3.Traefik/start-traefik.sh create mode 100644 4.Addons/.env.example create mode 100644 4.Addons/.gitignore create mode 100644 4.Addons/docker-compose.yml create mode 100755 4.Addons/mon-init.sh create mode 100644 4.Addons/prometheus/prometheus.yml create mode 100644 4.Addons/prometheus/traefik-exporter.yml create mode 100644 README.md diff --git a/1.Docker/ansible.cfg b/1.Docker/ansible.cfg new file mode 100644 index 0000000..840a2c9 --- /dev/null +++ b/1.Docker/ansible.cfg @@ -0,0 +1,11 @@ +[defaults] +inventory = hosts +remote_user = root +private_key_file = ~/.ssh/id_rsa +host_key_checking = False +retry_files_enabled = False +roles_path = ./roles + +[diff] +always = false +context = 5 diff --git a/1.Docker/docker-init.sh b/1.Docker/docker-init.sh new file mode 100755 index 0000000..1c6086e --- /dev/null +++ b/1.Docker/docker-init.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +ansible-playbook docker-init.yml -l main diff --git a/1.Docker/docker-init.yml b/1.Docker/docker-init.yml new file mode 100644 index 0000000..17c1045 --- /dev/null +++ b/1.Docker/docker-init.yml @@ -0,0 +1,17 @@ +- hosts: all + roles: + - role: vasyakrg.docker_install + tags: docker + become: true + + vars: + docker_user: "root" + docker_additional_service_opts: | + { + "exec-opts": ["native.cgroupdriver=systemd"], + "log-driver": "json-file", + "log-opts": { + "max-size": "100m" + }, + "storage-driver": "overlay2" + } diff --git a/1.Docker/hosts b/1.Docker/hosts new file mode 100644 index 0000000..7958475 --- /dev/null +++ b/1.Docker/hosts @@ -0,0 +1,3 @@ +[main] +web ansible_ssh_host=95.217.182.112 +node1 ansible_ssh_host=95.216.205.111 diff --git a/1.Docker/requirements.yml b/1.Docker/requirements.yml new file mode 100644 index 0000000..306b9e4 --- /dev/null +++ b/1.Docker/requirements.yml @@ -0,0 +1,3 @@ +- name: vasyakrg.docker_install + src: git+https://github.com/vasyakrg/docker_install.git + version: origin/master \ No newline at end of file diff --git a/1.Docker/roles/vasyakrg.docker_install/.travis.yml b/1.Docker/roles/vasyakrg.docker_install/.travis.yml new file mode 100644 index 0000000..93dd7c5 --- /dev/null +++ b/1.Docker/roles/vasyakrg.docker_install/.travis.yml @@ -0,0 +1,24 @@ +--- +language: python +python: "2.7" +sudo: required +dist: trusty + +before_install: + - sudo apt-get update -qq + - sudo apt-get install -qq python-apt python-pycurl + +install: + - sudo pip install ansible + - echo -e 'localhost ansible_connection=local' > tests/inventory + - echo -e '[defaults]\nroles_path = ../\nhostfile = ./tests/inventory' > ansible.cfg + +script: + - ansible-playbook --syntax-check tests/role.yml + - ansible-playbook -v --diff tests/role.yml + - ansible-playbook -v --diff tests/role.yml + - > + ansible-playbook tests/role.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) diff --git a/1.Docker/roles/vasyakrg.docker_install/LICENSE.txt b/1.Docker/roles/vasyakrg.docker_install/LICENSE.txt new file mode 100644 index 0000000..f20c2c9 --- /dev/null +++ b/1.Docker/roles/vasyakrg.docker_install/LICENSE.txt @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2016 Marvin Pinto + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/1.Docker/roles/vasyakrg.docker_install/README.md b/1.Docker/roles/vasyakrg.docker_install/README.md new file mode 100644 index 0000000..40da339 --- /dev/null +++ b/1.Docker/roles/vasyakrg.docker_install/README.md @@ -0,0 +1,59 @@ +docker +====== +This Ansible role enables people to install the latest Docker on an Ubuntu-like +system. It also provides a handy library function to validate that the Docker +daemon is running and functional. + +Requirements +------------ + +This role will only work on an Ubuntu-like system. + +Role Variables +-------------- + +```yaml +# Any additional docker service options +# Example: '--dns 8.8.8.8 --dns 8.8.4.4 --userns-remap=default' +# docker_additional_service_opts: | +# { +# "userns-remap": "default", +# "dns": [ +# "8.8.8.8", +# "8.8.4.4" +# ] +# } +docker_additional_service_opts: | + {} +``` + +Examples +-------- + +Install this module from Ansible Galaxy into the './roles' directory: +```bash +- name: vasyakrg.docker_install + src: git+https://github.com/vasyakrg/docker_install.git + version: origin/master +``` + +Use it in a playbook as follows: +```yaml +- hosts: all + roles: + - role: vasyakrg.docker_install + tags: docker + become: true + + vars: + docker_user: "vasyansk" + docker_additional_service_opts: | + { + "exec-opts": ["native.cgroupdriver=systemd"], + "log-driver": "json-file", + "log-opts": { + "max-size": "100m" + }, + "storage-driver": "overlay2" + } +``` diff --git a/1.Docker/roles/vasyakrg.docker_install/defaults/main.yml b/1.Docker/roles/vasyakrg.docker_install/defaults/main.yml new file mode 100644 index 0000000..4bd3906 --- /dev/null +++ b/1.Docker/roles/vasyakrg.docker_install/defaults/main.yml @@ -0,0 +1,5 @@ +--- +docker_user: ubuntu +docker_version_docker_compose: 1.25.4 +docker_additional_service_opts: | + {} diff --git a/1.Docker/roles/vasyakrg.docker_install/handlers/main.yml b/1.Docker/roles/vasyakrg.docker_install/handlers/main.yml new file mode 100644 index 0000000..05ecdee --- /dev/null +++ b/1.Docker/roles/vasyakrg.docker_install/handlers/main.yml @@ -0,0 +1,12 @@ +--- +- name: 'docker-apt-get-update' + become: true + apt: + update_cache: true + +- name: 'docker-restart-service' + become: true + service: + name: 'docker' + state: 'restarted' + enabled: 'yes' diff --git a/1.Docker/roles/vasyakrg.docker_install/meta/.galaxy_install_info b/1.Docker/roles/vasyakrg.docker_install/meta/.galaxy_install_info new file mode 100644 index 0000000..b48f14a --- /dev/null +++ b/1.Docker/roles/vasyakrg.docker_install/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Sep 27 07:53:51 2019', version: origin/master} diff --git a/1.Docker/roles/vasyakrg.docker_install/meta/main.yml b/1.Docker/roles/vasyakrg.docker_install/meta/main.yml new file mode 100644 index 0000000..c981d7e --- /dev/null +++ b/1.Docker/roles/vasyakrg.docker_install/meta/main.yml @@ -0,0 +1,16 @@ +galaxy_info: + author: Vassiliy Yegorov + description: | + This Ansible role enables people to install the latest Docker on an Ubuntu-like + system. It also provides a handy library function to validate that the Docker + daemon is running and functional. + license: MIT + min_ansible_version: 1.4 + platforms: + - name: Ubuntu + versions: + - trusty + galaxy_tags: + - docker + - ubuntu +dependencies: [] diff --git a/1.Docker/roles/vasyakrg.docker_install/tasks/main.yml b/1.Docker/roles/vasyakrg.docker_install/tasks/main.yml new file mode 100644 index 0000000..a97ebe2 --- /dev/null +++ b/1.Docker/roles/vasyakrg.docker_install/tasks/main.yml @@ -0,0 +1,91 @@ +--- +- name: Install aptitude using apt + apt: + name: 'aptitude' + state: 'latest' + update_cache: 'yes' + force_apt_get: 'yes' + +- name: 'Install prerequisites' + apt: + name: + - 'apt-transport-https' + - 'ca-certificates' + - 'curl' + - 'software-properties-common' + - 'gnupg2' + state: 'present' + update_cache: yes + +- name: 'Add the docker apt signing key' + apt_key: + url: 'https://download.docker.com/linux/ubuntu/gpg' + +- name: 'Add the official docker repo' + apt_repository: + repo: 'deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable' + state: 'present' + +- name: 'Install docker' + apt: + name: + - 'docker-ce' + - 'docker-ce-cli' + - 'containerd.io' + state: 'present' + update_cache: yes + +- name: 'Create the /etc/docker directory' + file: + path: '/etc/docker' + state: 'directory' + mode: '0700' + +- name: 'Add any additional docker startup options via the daemon.json config file' + copy: + content: "{{ docker_additional_service_opts }}" + dest: '/etc/docker/daemon.json' + owner: 'root' + group: 'root' + mode: '0600' + notify: 'docker-restart-service' + +- name: 'Start the docker service' + service: + name: 'docker' + state: 'started' + enabled: 'yes' + +- name: 'Add current user to docker group' + become: yes + user: + name: "{{ docker_user }}" + groups: 'docker' + append: yes + +- name: 'Check that the docker.pid exists' + stat: + path: /run/docker.pid + register: stat_result + failed_when: not stat_result.stat.exists + tags: docker_check + +- name: 'Result of check docker.pid' + debug: + msg: 'Docker started' + when: stat_result.stat.exists + tags: docker_check + +- name: 'Install Docker-compose' + get_url: + url: 'https://github.com/docker/compose/releases/download/{{ docker_version_docker_compose }}/docker-compose-Linux-x86_64' + dest: /usr/local/bin/docker-compose + mode: 'a+x' + tags: docker_compose_only + +- name: 'Create symlink to docker-compose' + file: + src: '/usr/local/bin/docker-compose' + dest: '/usr/bin/docker-compose' + state: 'link' + tags: docker_compose_only diff --git a/1.Docker/roles/vasyakrg.docker_install/tests/role.yml b/1.Docker/roles/vasyakrg.docker_install/tests/role.yml new file mode 100644 index 0000000..0073073 --- /dev/null +++ b/1.Docker/roles/vasyakrg.docker_install/tests/role.yml @@ -0,0 +1,30 @@ +--- +- hosts: 'localhost' + roles: + - role: 'docker_install' + become: true + tasks: + - name: 'Check that the docker.pid exists' + stat: + path: /run/docker.pid + register: stat_result + failed_when: stat_result.stat.exists != true + + - name: 'Result of check docker.pid' + debug: + msg: 'Docker started' + when: stat_result.stat.exists + + - name: 'Pull in the latest nginx container' + become: true + docker_image: + name: 'nginx:latest' + when: stat_result.stat.exists + + - name: 'Start the nginx container' + become: true + docker_container: + name: 'nginx' + image: 'nginx:latest' + state: 'started' + when: stat_result.stat.exists diff --git a/2.Preinstall/docker-compose.yaml b/2.Preinstall/docker-compose.yaml new file mode 100644 index 0000000..a653292 --- /dev/null +++ b/2.Preinstall/docker-compose.yaml @@ -0,0 +1,10 @@ +version: '3.7' +services: + dokuwiki: + image: bitnami/dokuwiki + ports: + - '8080:80' + environment: + - DOKUWIKI_USERNAME=admin + - DOKUWIKI_PASSWORD=admin + - DOKUWIKI_WIKI_NAME=amega-wiki diff --git a/2.Preinstall/install-addons.sh b/2.Preinstall/install-addons.sh new file mode 100755 index 0000000..4ed01a3 --- /dev/null +++ b/2.Preinstall/install-addons.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +echo "Start container in 8080 port" +docker-compose up -d diff --git a/3.Traefik/DOMAINS.md b/3.Traefik/DOMAINS.md new file mode 100644 index 0000000..1f74b45 --- /dev/null +++ b/3.Traefik/DOMAINS.md @@ -0,0 +1,7 @@ +# доменные зоны + +- test2.tfm.zone + +- traefik.tfm.zone +- grafana.tfm.zone +- prom.tfm.zone diff --git a/3.Traefik/data/.gitignore b/3.Traefik/data/.gitignore new file mode 100644 index 0000000..29da6c9 --- /dev/null +++ b/3.Traefik/data/.gitignore @@ -0,0 +1,2 @@ +acme.json +logs/* diff --git a/3.Traefik/data/custom/allow-redirect.yml b/3.Traefik/data/custom/allow-redirect.yml new file mode 100644 index 0000000..0a0f00c --- /dev/null +++ b/3.Traefik/data/custom/allow-redirect.yml @@ -0,0 +1,19 @@ +http: + routers: + redirs: + rule: hostregexp(`{host:.+}`) + entrypoints: + - http + middlewares: + - redirect-to-https + service: noop + middlewares: + redirect-to-https: + redirectScheme: + scheme: https + permanent: false + services: + noop: + loadBalancer: + servers: + - url: "http://127.0.0.1" diff --git a/3.Traefik/data/custom/nginx-docker-node1.yml b/3.Traefik/data/custom/nginx-docker-node1.yml new file mode 100644 index 0000000..c80f573 --- /dev/null +++ b/3.Traefik/data/custom/nginx-docker-node1.yml @@ -0,0 +1,46 @@ +http: + routers: + external-docker-route: + entryPoints: + - https + service: test2 + middlewares: + - test2-auth + - test-retry + # - test2-whitelist + # - testHeader + rule: Host(`test2.tfm.zone`) # "Host(`example.com`) || (Host(`example.org`) && Path(`/traefik`))" + tls: + certResolver: letsEncrypt +# middlewares + middlewares: + test2-auth: + basicAuth: + users: + - "admin:$2y$05$Ixy4UWIEe7z5/xyhMEerveBs7bOWQVUCJAIL.55ANTzlLJWHnaqJ6" # not escaped $$ ! + test2-whitelist: + ipWhiteList: + sourceRange: + - "127.0.0.1/32" + - "8.8.8.8/32" + test-retry: + retry: + attempts: 4 + testHeader: + headers: + accessControlAllowMethods: + - GET + - OPTIONS + - PUT + accessControlAllowOriginList: + - https://foo.bar.org + - https://example.org + accessControlMaxAge: 100 + addVaryHeader: true +# Services + services: + test2: + loadBalancer: + servers: + - url: http://95.216.205.111:8080 + passHostHeader: true diff --git a/3.Traefik/data/traefik.yml b/3.Traefik/data/traefik.yml new file mode 100644 index 0000000..5ee81d6 --- /dev/null +++ b/3.Traefik/data/traefik.yml @@ -0,0 +1,65 @@ +global: + checkNewVersion: true + +log: + filePath: /var/log/log.log + format: common # or json + level: "DEBUG" # DEBUG, PANIC, FATAL, ERROR, WARN, or INFO + +accessLog: + filePath: /var/log/access.log + format: common # or json + bufferingSize: 100 + filters: + statusCodes: + - "200" + - "300-302" + - "500-503" + retryAttempts: true + minDuration: "10ms" + +api: + dashboard: true + +entryPoints: + http: + address: ":80" + https: + address: ":443" + metrics: + address: ":8082" + +metrics: + prometheus: # datadog, statsD, influxDB + entryPoint: metrics + +http: + routers: + redirs-docker: + rule: hostregexp(`{host:.+}`) + entrypoints: + - http + middlewares: + - redirect-docker-to-https + middlewares: + redirect-docker-to-https: + redirectScheme: + scheme: https + permanent: false + +providers: + docker: + endpoint: "unix:///var/run/docker.sock" + exposedByDefault: false + file: + directory: /custom + watch: true + +certificatesResolvers: + letsEncrypt: + acme: + email: info@tfm.zone # Change e-mail ! + storage: acme.json + #caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" # for tests only + httpChallenge: + entryPoint: http diff --git a/3.Traefik/docker-compose.yml b/3.Traefik/docker-compose.yml new file mode 100644 index 0000000..8881c5c --- /dev/null +++ b/3.Traefik/docker-compose.yml @@ -0,0 +1,39 @@ +version: '3.7' +services: + traefik: + image: traefik + container_name: traefik + restart: unless-stopped + security_opt: + - no-new-privileges:true + ports: + - 80:80 + - 443:443 + volumes: + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./data/traefik.yml:/traefik.yml:ro + - ./data/custom/:/custom/:ro + - ./data/acme.json:/acme.json + - ./data/logs/:/var/log/ + labels: + - "traefik.enable=true" + - "traefik.docker.network=webproxy" + # - "traefik.http.routers.traefik-http.entrypoints=http" + # - "traefik.http.routers.traefik-http.rule=Host(`traefik.tfm.zone`)" + # - "traefik.http.routers.traefik-http.middlewares=traefik-redirectscheme,traefik-auth" + + - "traefik.http.routers.traefik.entrypoints=https" + - "traefik.http.routers.traefik.rule=Host(`traefik.tfm.zone`)" # change URL ! + - "traefik.http.routers.traefik.tls=true" + - "traefik.http.routers.traefik.tls.certresolver=letsEncrypt" + - "traefik.http.routers.traefik.service=api@internal" + - "traefik.http.services.traefik-traefik.loadbalancer.server.port=888" # not understand why :) + - "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$2y$$05$$7GBmuRxTR0T3IZ5rQO4iB.cj2p23RjIIkLB/l5bPn3gzkpfVahvKO" # admin \ admin in "echo $(htpasswd -nbB admin admin) | sed -e s/\\$/\\$\\$/g" + - "traefik.http.middlewares.traefik-redirectscheme.redirectscheme.scheme=https" + networks: + - webproxy + +networks: + webproxy: + name: webproxy diff --git a/3.Traefik/start-traefik.sh b/3.Traefik/start-traefik.sh new file mode 100755 index 0000000..6ea0c1a --- /dev/null +++ b/3.Traefik/start-traefik.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +touch data/acme.json +chmod 600 data/acme.json + +docker-compose up -d diff --git a/4.Addons/.env.example b/4.Addons/.env.example new file mode 100644 index 0000000..930f30f --- /dev/null +++ b/4.Addons/.env.example @@ -0,0 +1,4 @@ +APP_NAME=mon + +GF_SECURITY_ADMIN_USER=admin +GF_SECURITY_ADMIN_PASSWORD=admin diff --git a/4.Addons/.gitignore b/4.Addons/.gitignore new file mode 100644 index 0000000..4c49bd7 --- /dev/null +++ b/4.Addons/.gitignore @@ -0,0 +1 @@ +.env diff --git a/4.Addons/docker-compose.yml b/4.Addons/docker-compose.yml new file mode 100644 index 0000000..4d40243 --- /dev/null +++ b/4.Addons/docker-compose.yml @@ -0,0 +1,68 @@ +version: '3.7' +services: + grafana: + container_name: ${APP_NAME}-grafana + image: grafana/grafana:latest + restart: always + environment: + - GF_SECURITY_ADMIN_PASSWORD=${GF_SECURITY_ADMIN_PASSWORD} + - GF_SECURITY_ADMIN_USER=${GF_SECURITY_ADMIN_USER} + - GF_AUTH_ANONYMOUS_ENABLED=false + - GF_USERS_ALLOW_SIGN_UP=false + - GF_USERS_ALLOW_ORG_CREATE=false + labels: + - "traefik.enable=true" + - "traefik.docker.network=webproxy" + - "traefik.http.routers.grafana.entrypoints=https" + - "traefik.http.routers.grafana.rule=Host(`grafana.tfm.zone`)" # change URL ! + - "traefik.http.routers.grafana.tls=true" + - "traefik.http.routers.grafana.tls.certresolver=letsEncrypt" + - "traefik.http.routers.grafana.service=grafana-service" + - "traefik.http.services.grafana-service.loadbalancer.server.port=3000" + volumes: + - grafana:/var/lib/grafana/ + expose: + - 3000 + networks: + - monitor_net + - webproxy + + prometheus: + container_name: ${APP_NAME}-prometheus + image: prom/prometheus + restart: always + command: + - '--config.file=/etc/prometheus/prometheus.yml' + - '--storage.tsdb.path=/prometheus' + - '--web.console.libraries=/usr/share/prometheus/console_libraries' + - '--web.console.templates=/usr/share/prometheus/consoles' + labels: + - "traefik.enable=true" + - "traefik.docker.network=webproxy" + - "traefik.http.routers.prometheus.entrypoints=https" + - "traefik.http.routers.prometheus.rule=Host(`prom.tfm.zone`)" # change URL ! + - "traefik.http.routers.prometheus.tls=true" + - "traefik.http.routers.prometheus.tls.certresolver=letsEncrypt" + - "traefik.http.routers.prometheus.service=prometheus-service" + - "traefik.http.routers.prometheus.middlewares=prometheus-auth" + - "traefik.http.services.prometheus-service.loadbalancer.server.port=9090" + - "traefik.http.middlewares.prometheus-auth.basicauth.users=admin:$$2y$$05$$7GBmuRxTR0T3IZ5rQO4iB.cj2p23RjIIkLB/l5bPn3gzkpfVahvKO" # admin \ admin in "echo $(htpasswd -nbB admin admin) | sed -e s/\\$/\\$\\$/g" + volumes: + - ./prometheus/:/etc/prometheus/ + - prometheus_data:/prometheus + expose: + - 9090 + networks: + - monitor_net + - webproxy + +volumes: + prometheus_data: + grafana: + +networks: + webproxy: + external: + name: webproxy + monitor_net: + name: monitor_net diff --git a/4.Addons/mon-init.sh b/4.Addons/mon-init.sh new file mode 100755 index 0000000..26d9c8c --- /dev/null +++ b/4.Addons/mon-init.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +[[ ! -f .env ]] && cp .env.example .env + +docker-compose up -d diff --git a/4.Addons/prometheus/prometheus.yml b/4.Addons/prometheus/prometheus.yml new file mode 100644 index 0000000..8b1e3f9 --- /dev/null +++ b/4.Addons/prometheus/prometheus.yml @@ -0,0 +1,42 @@ +# my global config +global: + scrape_interval: 15s # By default, scrape targets every 15 seconds. + evaluation_interval: 15s # By default, scrape targets every 15 seconds. + # scrape_timeout is set to the global default (10s). + + # Attach these labels to any time series or alerts when communicating with + # external systems (federation, remote storage, Alertmanager). + external_labels: + monitor: 'my-project' + +# Load and evaluate rules in this file every 'evaluation_interval' seconds. +rule_files: + # - 'alert.rules' + # - "first.rules" + # - "second.rules" + +# alert +alerting: + # alertmanagers: + # - scheme: http + # static_configs: + # - targets: + # - "alertmanager:9093" + +# A scrape configuration containing exactly one endpoint to scrape: +# Here it's Prometheus itself. +scrape_configs: + # The job name is added as a label `job=` to any timeseries scraped from this config. + + - job_name: 'prometheus' + + # Override the global default and scrape targets from this job every 5 seconds. + scrape_interval: 5s + + static_configs: + - targets: ['localhost:9090'] + + - job_name: 'traefik-exporter' + file_sd_configs: + - files: + - /etc/prometheus/traefik-exporter.yml diff --git a/4.Addons/prometheus/traefik-exporter.yml b/4.Addons/prometheus/traefik-exporter.yml new file mode 100644 index 0000000..8ea325f --- /dev/null +++ b/4.Addons/prometheus/traefik-exporter.yml @@ -0,0 +1,5 @@ +- targets: + - traefik:8082 + labels: + env: test + job: traefik-exporter diff --git a/README.md b/README.md new file mode 100644 index 0000000..e773bba --- /dev/null +++ b/README.md @@ -0,0 +1,14 @@ +# Поднимаем Traefik для управления трафиком +- [презентация]() + +## Утилиты +- [docker](https://docs.docker.com/get-docker/) +- [docker-compose](https://docs.docker.com/compose/install/) +- +## Видео к курсу +- [видео]() + +##### Автор +- **Vassiliy Yegorov** - *Initial work* - [vasyakrg](https://github.com/vasyakrg) +- [сайт](vk.com/realmanual) +- [youtube](youtube.com/realmanual)