Puppet Class: profile::thanos::rule

Defined in:
modules/profile/manifests/thanos/rule.pp

Overview

Parameters:

  • thanos_rule_hosts (Hash[Stdlib::Fqdn, Hash]) (defaults to: lookup('profile::thanos::rule_hosts'))
  • query_hosts (Array) (defaults to: lookup('profile::thanos::frontends'))
  • objstore_account (Hash[String, String]) (defaults to: lookup('profile::thanos::objstore_account'))
  • objstore_password (String) (defaults to: lookup('profile::thanos::objstore_password'))
  • alertmanagers (Array[Stdlib::Host]) (defaults to: lookup('alertmanagers'))
  • public_domain (String) (defaults to: lookup('public_domain')) 


14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
# File 'modules/profile/manifests/thanos/rule.pp', line 14

class profile::thanos::rule (
    Hash[Stdlib::Fqdn, Hash] $thanos_rule_hosts = lookup('profile::thanos::rule_hosts'),
    Array $query_hosts = lookup('profile::thanos::frontends'),
    Hash[String, String] $objstore_account = lookup('profile::thanos::objstore_account'),
    String $objstore_password = lookup('profile::thanos::objstore_password'),
    Array[Stdlib::Host] $alertmanagers = lookup('alertmanagers'),
    String $public_domain = lookup('public_domain'),
) {
    $http_port = 17902
    $grpc_port = 17901

    class { 'thanos::rule':
        alertmanagers     => $alertmanagers,
        # /etc/thanos-rule paths are reserved for puppet-deployed files, whereas /srv paths
        # will receive automatically-deployed alerts.
        rule_files        => ['/etc/thanos-rule/rules/*.yaml',
                              '/etc/thanos-rule/alerts/*.yaml',
                              '/srv/alerts-thanos/*.yaml',
                              '/etc/pyrra/output-rules/*.yaml'],
        rule_hosts        => $thanos_rule_hosts,
        use_objstore      => true,
        objstore_account  => $objstore_account,
        objstore_password => $objstore_password,
        http_port         => $http_port,
        grpc_port         => $grpc_port,
        query_url         => "https://thanos.${public_domain}",
    }

    if $::fqdn in $thanos_rule_hosts {
        # placeholder class to be able to fetch thanos-rule hosts
        # as Prometheus job targets
        class { 'thanos::rule::prometheus': }

        prometheus::pint::source { 'thanos-query-frontend':
            port       => 16902,
            url_path   => '',
            all_alerts => true,
        }

        # promql/rate needs to read Prometheus config via
        # /api/v1/status/config which Thanos doesn't expose or proxy
        prometheus::pint::config { 'disable-checks':
            content => @(CONFIG)
                checks {
                    disabled = ["promql/rate"]
                }
                |- CONFIG
        }
    } else {
        class { 'prometheus::pint':
            ensure => absent,
        }
    }

    # Allow grpc access from query hosts
    $query_hosts_ferm = join($query_hosts, ' ')
    ferm::service { 'thanos_rule_query':
        proto  => 'tcp',
        port   => $grpc_port,
        srange => "(@resolve((${query_hosts_ferm})) @resolve((${query_hosts_ferm}), AAAA))",
    }

    # Allow http access to reverse-proxy /rule
    ferm::service { 'thanos_rule_web':
        proto  => 'tcp',
        port   => $http_port,
        srange => "(@resolve((${query_hosts_ferm})) @resolve((${query_hosts_ferm}), AAAA))",
    }

    # Deploy Thanos recording rules
    thanos::recording_rule { 'recording_rules.yaml':
        source   => 'puppet:///modules/profile/thanos/recording_rules.yaml',
    }
}