bc67e9b21b
1 Wprowadzono implementację kluczowych funkcji z roadmapy, przekształcając AutoScript w kompletne rozwiązanie do wdrażania i
zarządzania platformą Mastodon.
2
3 Kluczowe zaimplementowane funkcje:
4
5 - **Automatyzacja Wdrożenia Mastodona**: Komenda `deploy_mastodon` została w pełni zaimplementowana. Automatyzuje ona cały
proces: od generowania sekretów i plików konfiguracyjnych, przez uruchomienie kontenerów, aż po wykonanie migracji bazy danych.
6
7 - **Dynamiczne Odkrywanie Usług**: Prometheus został skonfigurowany do automatycznego odkrywania i monitorowania kontenerów na
podstawie etykiet Docker. Eliminuje to potrzebę ręcznej edycji statycznej listy celów i upraszcza dodawanie nowych usług.
8
9 - **Centralne Logowanie Hosta**: Promtail zbiera teraz logi nie tylko z kontenerów Docker, ale również z kluczowych plików
systemowych w `/var/log`. Umożliwia to korelację zdarzeń aplikacyjnych i systemowych w jednym miejscu (Grafana/Loki).
10
11 - **Rozbudowa Architektury**: Dodano nowe szablony dla Mastodona oraz zaktualizowano istniejące dla stosu monitoringu. Skrypt
`start.sh` został rozbudowany o nową logikę i komendy.
12
13 Ta wersja stanowi kulminację dotychczasowych prac, dostarczając w pełni funkcjonalne, zautomatyzowane i gotowe do użycia
narzędzie.
218 lines
6.6 KiB
YAML
218 lines
6.6 KiB
YAML
networks:
|
|
monitoring:
|
|
traefik_proxy:
|
|
external: true
|
|
services:
|
|
prometheus:
|
|
image: prom/prometheus:${PROMETHEUS_VER}
|
|
container_name: prometheus
|
|
restart: unless-stopped
|
|
networks: [monitoring, traefik_proxy]
|
|
volumes:
|
|
- ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro
|
|
- ./prometheus/rules:/etc/prometheus/rules:ro
|
|
- prometheus_data:/prometheus
|
|
command:
|
|
- --config.file=/etc/prometheus/prometheus.yml
|
|
- --storage.tsdb.path=/prometheus
|
|
- --storage.tsdb.retention.time=30d
|
|
- --web.enable-lifecycle
|
|
- --web.external-url=https://prometheus.${PRIMARY_DOMAIN}
|
|
security_opt: [no-new-privileges:true]
|
|
read_only: true
|
|
tmpfs: ["/tmp:size=64m"]
|
|
cap_drop: [ALL]
|
|
healthcheck:
|
|
test: ["CMD","wget","-qO-","http://localhost:9090/-/healthy"]
|
|
interval: 30s
|
|
timeout: 3s
|
|
retries: 5
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.prom.rule=Host(`prometheus.social.ovh`)
|
|
- traefik.http.routers.prom.entrypoints=websecure
|
|
- traefik.http.routers.prom.tls.certresolver=le-dns
|
|
- traefik.http.routers.prom.middlewares=security-headers@file
|
|
|
|
node-exporter:
|
|
image: prom/node-exporter:${NODE_EXPORTER_VER}
|
|
container_name: node-exporter
|
|
restart: unless-stopped
|
|
networks: [monitoring]
|
|
pid: host
|
|
volumes:
|
|
- /proc:/host/proc:ro
|
|
- /sys:/host/sys:ro
|
|
- /:/rootfs:ro
|
|
command:
|
|
- --path.procfs=/host/proc
|
|
- --path.rootfs=/rootfs
|
|
- --path.sysfs=/host/sys
|
|
- --collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($|/)
|
|
security_opt: [no-new-privileges:true]
|
|
read_only: true
|
|
cap_drop: [ALL]
|
|
labels:
|
|
- prometheus.scrape=true
|
|
- prometheus.port=9100
|
|
|
|
cadvisor:
|
|
image: gcr.io/cadvisor/cadvisor:${CADVISOR_VER}
|
|
container_name: cadvisor
|
|
restart: unless-stopped
|
|
networks: [monitoring]
|
|
volumes:
|
|
- /:/rootfs:ro
|
|
- /var/run:/var/run:rw
|
|
- /sys:/sys:ro
|
|
- /var/lib/docker:/var/lib/docker:ro
|
|
privileged: true
|
|
devices: ["/dev/kmsg:/dev/kmsg"]
|
|
labels:
|
|
- prometheus.scrape=true
|
|
- prometheus.port=8080
|
|
|
|
blackbox-exporter:
|
|
image: prom/blackbox-exporter:${BLACKBOX_VER}
|
|
container_name: blackbox-exporter
|
|
restart: unless-stopped
|
|
networks: [monitoring]
|
|
volumes:
|
|
- ./blackbox/blackbox.yml:/etc/blackbox_exporter/config.yml:ro
|
|
security_opt: [no-new-privileges:true]
|
|
read_only: true
|
|
tmpfs: ["/tmp:size=64m"]
|
|
cap_drop: [ALL]
|
|
labels:
|
|
- prometheus.scrape=true
|
|
- prometheus.port=9115
|
|
|
|
promtail:
|
|
image: grafana/promtail:${PROMTAIL_VER}
|
|
container_name: promtail
|
|
restart: unless-stopped
|
|
volumes:
|
|
- /var/log:/var/log:ro
|
|
- /var/lib/docker/containers:/var/lib/docker/containers:ro
|
|
- ./promtail-config.yml:/etc/promtail/config-docker.yml:ro
|
|
command: -config.file=/etc/promtail/config-docker.yml
|
|
networks: [monitoring]
|
|
|
|
loki:
|
|
image: grafana/loki:${LOKI_VER}
|
|
container_name: loki
|
|
restart: unless-stopped
|
|
volumes:
|
|
- loki_data:/loki
|
|
networks: [monitoring]
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.loki.rule=Host(`loki.social.ovh`)
|
|
- traefik.http.routers.loki.entrypoints=websecure
|
|
- traefik.http.routers.loki.tls.certresolver=le-dns
|
|
- traefik.http.routers.loki.middlewares=security-headers@file
|
|
|
|
node-exporter:
|
|
image: prom/node-exporter:${NODE_EXPORTER_VER}
|
|
container_name: node-exporter
|
|
restart: unless-stopped
|
|
networks: [monitoring]
|
|
pid: host
|
|
volumes:
|
|
- /proc:/host/proc:ro
|
|
- /sys:/host/sys:ro
|
|
- /:/rootfs:ro
|
|
command:
|
|
- --path.procfs=/host/proc
|
|
- --path.rootfs=/rootfs
|
|
- --path.sysfs=/host/sys
|
|
- --collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)
|
|
security_opt: [no-new-privileges:true]
|
|
read_only: true
|
|
cap_drop: [ALL]
|
|
|
|
cadvisor:
|
|
image: gcr.io/cadvisor/cadvisor:${CADVISOR_VER}
|
|
container_name: cadvisor
|
|
restart: unless-stopped
|
|
networks: [monitoring]
|
|
volumes:
|
|
- /:/rootfs:ro
|
|
- /var/run:/var/run:rw
|
|
- /sys:/sys:ro
|
|
- /var/lib/docker:/var/lib/docker:ro
|
|
privileged: true
|
|
devices: ["/dev/kmsg:/dev/kmsg"]
|
|
|
|
blackbox-exporter:
|
|
image: prom/blackbox-exporter:${BLACKBOX_VER}
|
|
container_name: blackbox-exporter
|
|
restart: unless-stopped
|
|
networks: [monitoring]
|
|
volumes:
|
|
- ./blackbox/blackbox.yml:/etc/blackbox_exporter/config.yml:ro
|
|
security_opt: [no-new-privileges:true]
|
|
read_only: true
|
|
tmpfs: ["/tmp:size=64m"]
|
|
cap_drop: [ALL]
|
|
|
|
alertmanager:
|
|
image: prom/alertmanager:${ALERTMANAGER_VER}
|
|
container_name: alertmanager
|
|
restart: unless-stopped
|
|
networks: [monitoring, traefik_proxy]
|
|
volumes:
|
|
- ./alertmanager/alertmanager.yml:/etc/alertmanager/alertmanager.yml:ro
|
|
- alertmanager_data:/alertmanager
|
|
- ${ALERT_SMTP_PASS_PATH}:/etc/alertmanager/secrets/smtp_pass:ro
|
|
command:
|
|
- --config.file=/etc/alertmanager/alertmanager.yml
|
|
- --storage.path=/alertmanager
|
|
- --web.external-url=https://alertmanager.${PRIMARY_DOMAIN}
|
|
security_opt: [no-new-privileges:true]
|
|
read_only: true
|
|
tmpfs: ["/tmp:size=64m"]
|
|
cap_drop: [ALL]
|
|
healthcheck:
|
|
test: ["CMD","wget","-qO-","http://localhost:9093/-/healthy"]
|
|
interval: 30s
|
|
timeout: 3s
|
|
retries: 5
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.alert.rule=Host(`alertmanager.${PRIMARY_DOMAIN}`)
|
|
- traefik.http.routers.alert.entrypoints=websecure
|
|
- traefik.http.routers.alert.tls.certresolver=le-dns
|
|
- traefik.http.routers.alert.middlewares=security-headers@file
|
|
|
|
grafana:
|
|
image: grafana/grafana:${GRAFANA_VER}
|
|
container_name: grafana
|
|
user: "472"
|
|
restart: unless-stopped
|
|
networks: [monitoring, traefik_proxy]
|
|
volumes:
|
|
- grafana_data:/var/lib/grafana
|
|
- ./grafana/provisioning:/etc/grafana/provisioning:ro
|
|
environment:
|
|
GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_ADMIN_PASSWORD}
|
|
GF_USERS_ALLOW_SIGN_UP: "false"
|
|
GF_SERVER_ROOT_URL: https://grafana.${PRIMARY_DOMAIN}
|
|
security_opt: [no-new-privileges:true]
|
|
cap_drop: [ALL]
|
|
healthcheck:
|
|
test: ["CMD","wget","-qO-","http://localhost:3000/api/health"]
|
|
interval: 30s
|
|
timeout: 3s
|
|
retries: 5
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.grafana.rule=Host(`grafana.${PRIMARY_DOMAIN}`)
|
|
- traefik.http.routers.grafana.entrypoints=websecure
|
|
- traefik.http.routers.grafana.tls.certresolver=le-dns
|
|
- traefik.http.routers.grafana.middlewares=security-headers@file
|
|
|
|
volumes:
|
|
prometheus_data:
|
|
grafana_data:
|
|
alertmanager_data:
|