From 4a853065db4f4a46ced319067a4cca313690aa50 Mon Sep 17 00:00:00 2001
From: Tobias Reisinger <tobias@msrg.cc>
Date: Tue, 6 May 2025 16:04:53 +0200
Subject: [PATCH] Remove telegraf service (replaced with grafana alloy)
---
playbooks/for-ansible-lint.yml | 2 +-
playbooks/roles/lgtm_stack/vars/main.yml | 11 ++--
playbooks/roles/telegraf/tasks/main.yml | 27 ----------
.../roles/telegraf/templates/telegraf.conf.j2 | 54 -------------------
playbooks/roles/telegraf/vars/main.yml | 42 ---------------
services.auto.tfvars | 15 +++---
6 files changed, 16 insertions(+), 135 deletions(-)
delete mode 100644 playbooks/roles/telegraf/tasks/main.yml
delete mode 100644 playbooks/roles/telegraf/templates/telegraf.conf.j2
delete mode 100644 playbooks/roles/telegraf/vars/main.yml
diff --git a/playbooks/for-ansible-lint.yml b/playbooks/for-ansible-lint.yml
index 58d6fe3..5b9edeb 100644
--- a/playbooks/for-ansible-lint.yml
+++ b/playbooks/for-ansible-lint.yml
@@ -20,6 +20,7 @@
- influxdb
- jellyfin
- lego
+ - lgtm_stack
- mailcowdockerized
- minecraft_2
- minio
@@ -31,7 +32,6 @@
- synapse
- tandoor
- teamspeak_fallback
- - telegraf
- tinytinyrss
- umami
- vikunja
diff --git a/playbooks/roles/lgtm_stack/vars/main.yml b/playbooks/roles/lgtm_stack/vars/main.yml
index 2603252..c416844 100644
--- a/playbooks/roles/lgtm_stack/vars/main.yml
+++ b/playbooks/roles/lgtm_stack/vars/main.yml
@@ -57,7 +57,10 @@ lgtm_stack_env:
GF_AUTH_GENERIC_OAUTH_ENABLED: true
GF_AUTH_GENERIC_OAUTH_NAME: "auth.serguzim.me"
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: true
- GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups, 'Grafana GrafanaAdmins') && 'GrafanaAdmin' || contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'"
+ GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "\
+ contains(groups, 'Grafana GrafanaAdmins') && 'GrafanaAdmin'
+ || contains(groups, 'Grafana Admins') && 'Admin'
+ || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'"
GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN: true
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "{{ opentofu.authentik_data.lgtm_stack.client_id }}"
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "{{ opentofu.authentik_data.lgtm_stack.client_secret }}"
@@ -101,7 +104,7 @@ lgtm_stack_mimir_yml:
storage:
backend: s3
s3:
- endpoint: "{{ opentofu.scaleway_data.mimir_blocks.api_endpoint | regex_replace('^https://', '') }}"
+ endpoint: "{{ opentofu.scaleway_data.mimir_blocks.api_endpoint | regex_replace('^https://', '') }}"
region: "{{ opentofu.scaleway_data.mimir_blocks.region }}"
access_key_id: "{{ opentofu.scaleway_data.mimir_blocks.access_key }}"
secret_access_key: "{{ opentofu.scaleway_data.mimir_blocks.secret_key }}"
@@ -149,7 +152,7 @@ lgtm_stack_compose:
networks:
apps:
aliases:
- - lgtm_stack_alloy
+ - lgtm_stack_alloy
default:
mimir:
@@ -163,6 +166,6 @@ lgtm_stack_compose:
default:
apps:
aliases:
- - lgtm_stack_mimir
+ - lgtm_stack_mimir
volumes:
grafana-data:
diff --git a/playbooks/roles/telegraf/tasks/main.yml b/playbooks/roles/telegraf/tasks/main.yml
deleted file mode 100644
index 3869e0f..0000000
--- a/playbooks/roles/telegraf/tasks/main.yml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-- name: Set common facts
- ansible.builtin.import_tasks: tasks/set-default-facts.yml
-
-- name: Deploy {{ role_name }}
- vars:
- svc: "{{ telegraf_svc }}"
- env: "{{ telegraf_env }}"
- compose: "{{ telegraf_compose }}"
- block:
- - name: Import prepare tasks for common service
- ansible.builtin.import_tasks: tasks/prepare-common-service.yml
-
- - name: Template config
- ansible.builtin.template:
- src: telegraf.conf.j2
- dest: "{{ (service_path, 'telegraf.conf') | path_join }}"
- mode: "0664"
- register: cmd_result
-
- - name: Set the docker force-recreate flag
- ansible.builtin.set_fact:
- docker_force_recreate: --force-recreate
- when: cmd_result.changed # noqa: no-handler We need to handle the restart per service. Handlers don't support variables.
-
- - name: Import start tasks for common service
- ansible.builtin.import_tasks: tasks/start-common-service.yml
diff --git a/playbooks/roles/telegraf/templates/telegraf.conf.j2 b/playbooks/roles/telegraf/templates/telegraf.conf.j2
deleted file mode 100644
index 04b44c1..0000000
--- a/playbooks/roles/telegraf/templates/telegraf.conf.j2
+++ /dev/null
@@ -1,54 +0,0 @@
-[agent]
- interval = "60s"
- round_interval = true
- metric_batch_size = 1000
- metric_buffer_limit = 10000
- collection_jitter = "0s"
- flush_interval = "10s"
- flush_jitter = "0s"
- precision = ""
- hostname = "{{ inventory_hostname }}"
- omit_hostname = false
-
-[[outputs.influxdb_v2]]
- urls = ["{{ svc.influxdb.url }}"]
- token = "{{ svc.influxdb.token }}"
- organization = "{{ svc.influxdb.organization }}"
- bucket = "{{ svc.influxdb.bucket }}"
-
-[[inputs.prometheus]]
- urls = [
- {%- for host_data in opentofu.hosts.values() -%}
- "https://{{ host_data.fqdn_vpn }}:2019/metrics",
- {%- endfor -%}
- ]
-
-[[inputs.prometheus]]
- urls = [
- {%- for url in svc.prometheus_unprotected.urls -%}
- "{{ url }}",
- {%- endfor -%}
- ]
-
-[[inputs.prometheus]]
- urls = [
- {%- for url in svc.prometheus_protected.urls -%}
- "{{ url }}",
- {%- endfor -%}
- ]
-
- bearer_token_string = "{{ svc.prometheus_protected.bearer_token }}"
-
-[[inputs.postgresql]]
- address = "postgres://{{ svc.postgresql.user }}:{{ svc.postgresql.pass }}@{{ svc.postgresql.host }}:{{ svc.postgresql.port }}/{{ svc.postgresql.database }}?sslmode=verify-full"
- ignored_databases = ["postgres", "template0", "template1"]
- prepared_statements = true
-
-[[inputs.docker_log]]
- endpoint = "{{ svc.docker_log.endpoint }}"
-
- docker_label_include = [
- "com.influxdata.telegraf.enable"
- ]
-
- source_tag = {{ svc.docker_log.source_tag|lower }}
diff --git a/playbooks/roles/telegraf/vars/main.yml b/playbooks/roles/telegraf/vars/main.yml
deleted file mode 100644
index 3a864b8..0000000
--- a/playbooks/roles/telegraf/vars/main.yml
+++ /dev/null
@@ -1,42 +0,0 @@
----
-telegraf_svc:
- influxdb:
- url: https://tick.serguzim.me
- token: "{{ vault_telegraf.influxdb_token }}"
- organization: serguzim.net
- bucket: metrics
- prometheus_unprotected:
- urls:
- - https://matrix.serguzim.me/_synapse/metrics
- - https://push.serguzim.me/metrics
- - https://tick.serguzim.me/metrics
- - https://todo.serguzim.me/api/v1/metrics
- prometheus_protected:
- urls:
- - https://ci.serguzim.me/metrics
- - https://git.serguzim.me/metrics
- bearer_token: "{{ vault_metrics_token }}"
- postgresql:
- host: "{{ postgres.host }}"
- port: "{{ postgres.port }}"
- user: "{{ opentofu.postgresql_data.telegraf.user }}"
- pass: "{{ opentofu.postgresql_data.telegraf.pass }}"
- database: "{{ opentofu.postgresql_data.telegraf.database }}"
- docker_log:
- endpoint: unix:///var/run/docker.sock
- source_tag: false
-
-telegraf_compose:
- watchtower: false
- image: telegraf:1.28
- volumes:
- - /var/run/docker.sock:/var/run/docker.sock
- - ./telegraf.conf:/etc/telegraf/telegraf.conf:ro
- file:
- services:
- app:
- user: telegraf
- group_add:
- - "972" # docker group on host
- volumes:
- data:
diff --git a/services.auto.tfvars b/services.auto.tfvars
index 678c781..5861848 100644
--- a/services.auto.tfvars
+++ b/services.auto.tfvars
@@ -427,6 +427,14 @@ services = {
vpn = true
}
]
+ monitoring = {
+ url = "/api/health"
+ group = "7-support"
+ conditions = [
+ "DEFAULT",
+ "[BODY].database == ok"
+ ]
+ }
auth = true
auth_redirects = ["https://monitoring.serguzim.me/login/generic_oauth"]
database = true
@@ -701,13 +709,6 @@ services = {
s3 = false
}
- "telegraf" = {
- host = "node001"
- auth = false
- database = true
- s3 = false
- },
-
"tinytinyrss" = {
host = "node001"
dns = [{