13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
# File 'modules/profile/manifests/thanos/rule.pp', line 13
class profile::thanos::rule (
Hash[Stdlib::Fqdn, Hash] $thanos_rule_hosts = lookup('profile::thanos::rule_hosts'),
Array $query_hosts = lookup('profile::thanos::frontends'),
Hash[String, String] $objstore_account = lookup('profile::thanos::objstore_account'),
String $objstore_password = lookup('profile::thanos::objstore_password'),
Array[Stdlib::Host] $alertmanagers = lookup('alertmanagers'),
String $public_domain = lookup('public_domain'),
) {
$http_port = 17902
$grpc_port = 17901
# XXX expose web interface like /bucket/ ?
class { 'thanos::rule':
alertmanagers => $alertmanagers,
# /etc/thanos-rule paths are reserved for puppet-deployed files, whereas /srv paths
# will receive automatically-deployed alerts.
rule_files => ['/etc/thanos-rule/rules/*.yaml',
'/etc/thanos-rule/alerts/*.yaml',
'/srv/alerts-thanos/*.yaml'],
rule_hosts => $thanos_rule_hosts,
objstore_account => $objstore_account,
objstore_password => $objstore_password,
http_port => $http_port,
grpc_port => $grpc_port,
query_url => "https://thanos.${public_domain}",
}
if $::fqdn in $thanos_rule_hosts {
class { 'thanos::rule::prometheus': }
}
# Allow access from query hosts
$query_hosts_ferm = join($query_hosts, ' ')
ferm::service { 'thanos_rule_query':
proto => 'tcp',
port => $grpc_port,
srange => "(@resolve((${query_hosts_ferm})) @resolve((${query_hosts_ferm}), AAAA))",
}
# Deploy Thanos recording rules
thanos::recording_rule { 'recording_rules.yaml':
source => 'puppet:///modules/profile/thanos/recording_rules.yaml',
}
}
|