Merge pull request #143 from opentelekomcloud-infra/devel

Add graphite webapp

Author: gtema

inventory/service/groups.yaml

@@ -84,6 +84,9 @@ groups:
     - graphite3.apimon.eco.tsi-dev.otc-service.com
     - graphite1.eco.tsi-dev.otc-service.com
 
+  graphite-web:
+    - web3.eco.tsi-dev.otc-service.com
+
   memcached:
     - graphite1.apimon.eco.tsi-dev.otc-service.com
     - graphite2.apimon.eco.tsi-dev.otc-service.com

inventory/service/host_vars/web3.eco.tsi-dev.otc-service.com.yaml

@@ -1,5 +1,5 @@
-alerta_instance: production_vc
-grafana_instance: production_vc
+alerta_instance: "production_vc"
+grafana_instance: "production_vc"
 ssl_certs:
   web3:
     - "web3.eco.tsi-dev.otc-service.com"
@@ -13,5 +13,8 @@ ssl_certs:
   graphite:
     - "graphite.eco.tsi-dev.otc-service.com"
 
+graphite_instance_group: "graphite-apimon"
+graphite_cert: "graphite"
+
 firewalld_extra_services_enable: ['http', 'https']
 firewalld_extra_ports_enable: ['3000/tcp', '8080/tcp', '8081/tcp']

playbooks/roles/graphite/templates/docker-compose.yaml.j2

@@ -0,0 +1 @@
+Run Graphite

playbooks/roles/graphite_web/README.rst

@@ -0,0 +1,8 @@
+graphite_config_location: "/etc/graphite"
+
+# graphite_cluster_servers: "127.0.0.1:8080"
+
+graphite_image: "quay.io/opentelekomcloud/graphite-statsd:1.1.7-9"
+
+container_command: "podman"
+container_runtime: "/usr/bin/{{ container_command }}"

playbooks/roles/graphite_web/defaults/main.yaml

@@ -0,0 +1,6 @@
+- name: Restart graphite-web
+  ansible.builtin.systemd:
+    name: "graphite-web"
+    enabled: true
+    state: "restarted"
+    daemon_reload: true

playbooks/roles/graphite_web/handlers/main.yaml

@@ -0,0 +1,50 @@
+---
+- name: Include variables
+  include_vars: "{{ lookup('first_found', params) }}"
+  vars:
+    params:
+      files: "{{ distro_lookup_path }}"
+      paths:
+        - "vars"
+
+- name: Install required packages
+  become: true
+  ansible.builtin.package:
+    state: present
+    name: "{{ item }}"
+  loop:
+    - "{{ packages }}"
+  when: "ansible_facts.pkg_mgr != 'atomic_container'"
+  register: task_result
+  until: task_result is success
+  retries: 5
+
+- name: Ensure directories exist
+  become: true
+  ansible.builtin.file:
+    state: "directory"
+    path: "{{ item }}"
+    mode: "0755"
+  loop:
+    - "{{ graphite_config_location }}"
+    - "/var/log/graphite"
+
+- name: Write config files
+  become: true
+  ansible.builtin.template:
+    src: "{{ item }}.j2"
+    dest: "{{ graphite_config_location }}//{{ item }}"
+    mode: "0644"
+  loop:
+    - "graphite-statsd.conf"
+    - "env"
+  notify:
+    - Restart graphite-web
+
+- name: Write systemd unit file
+  become: true
+  ansible.builtin.template:
+    src: "graphite-web.service.j2"
+    dest: "/etc/systemd/system/graphite-web.service"
+  notify:
+    - Restart graphite-web

playbooks/roles/graphite_web/tasks/main.yaml

@@ -0,0 +1,6 @@
+{% if graphite_cluster_servers is defined and graphite_cluster_servers|length %}
+GRAPHITE_CLUSTER_SERVERS={{ graphite_cluster_servers }}
+{% endif %}
+{% if graphite_memcached_host is defined %}
+MEMCACHE_HOST={{ graphite_memcached_host }}
+{% endif %}

playbooks/roles/graphite_web/templates/env.j2

@@ -0,0 +1,62 @@
+server {
+  listen 80 default_server;
+  listen [::]:80 default_server;
+  server_name _;
+
+  return 301 https://$host$request_uri;
+}
+
+server {
+  listen 443 ssl;
+  listen [::]:443 ssl;
+  server_name {{ inventory_hostname }};
+
+  ssl_certificate /etc/ssl/{{ inventory_hostname }}/{{ graphite_cert }}.crt;
+  ssl_certificate_key /etc/ssl/{{ inventory_hostname }}/{{ graphite_cert }}.pem;
+  root /opt/graphite/static;
+  index index.html;
+
+  location /nginx_status {
+    stub_status on;
+    access_log   off;
+    allow 127.0.0.1;
+    deny all;
+  }
+
+  # No remote login
+  location /admin {
+    allow 127.0.0.1;
+    deny all;
+  }
+
+  location /account {
+    allow 127.0.0.1;
+    deny all;
+  }
+
+  location /media {
+    # django admin static files
+    alias /usr/local/lib/python3.6/dist-packages/django/contrib/admin/media/;
+  }
+
+  location /admin/auth/admin {
+    alias /usr/local/lib/python3.6/dist-packages/django/contrib/admin/static/admin;
+  }
+
+  location /admin/auth/user/admin {
+    alias /usr/local/lib/python3.6/dist-packages/django/contrib/admin/static/admin;
+  }
+
+  location / {
+    proxy_pass http://127.0.0.1:8080;
+    proxy_set_header  Host      $http_host;
+    proxy_set_header  X-Real-IP $remote_addr;
+    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    add_header 'Access-Control-Allow-Origin' '*';
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type';
+    add_header 'Access-Control-Allow-Credentials' 'true';
+  }
+
+}

playbooks/roles/graphite_web/templates/graphite-statsd.conf.j2

@@ -0,0 +1,27 @@
+[Unit]
+Description=Graphite Web Service
+After=syslog.target network.target
+
+[Service]
+Restart=always
+ExecStartPre=-{{ container_runtime }} kill graphite_web
+ExecStartPre=-{{ container_runtime }} rm graphite_web
+
+ExecStart={{ container_runtime }} run \
+    --name graphite_web \
+    --port 8081:80 \
+    --env-file /etc/graphite/env \
+{% if container_command == 'podman' %}
+    --log-opt=path=/dev/null \
+{% endif %}
+    -v /etc/ssl/{{ inventory_hostname }}/{{ graphite_cert }}.pem:/etc/ssl/{{
+    inventory_hostname }}/{{ graphite_cert }}.pem:ro,z \
+    -v /etc/ssl/{{ inventory_hostname }}/{{ graphite_cert }}.crt:/etc/ssl/{{
+    inventory_hostname }}/{{ graphite_cert }}.crt:ro,z \
+    -v /etc/graphite/graphite-statsd.conf:/etc/nginx/sites-enabled/graphite-statsd.conf:ro \
+    -v /var/log/graphite:/var/log:rw,z \
+    --tmpfs /tmp:rw,size=2g \
+    {{ graphite_image }}
+
+[Install]
+WantedBy=multi-user.target