Puppet Class: profile::thanos::rule

Defined in:
modules/profile/manifests/thanos/rule.pp

Overview

Parameters:

  • prometheus_nodes (Array) (defaults to: lookup('prometheus_nodes'))
  • thanos_rule_hosts (Hash[Stdlib::Fqdn, Hash]) (defaults to: lookup('profile::thanos::rule_hosts'))
  • query_hosts (Array) (defaults to: lookup('profile::thanos::frontends'))
  • objstore_account (Hash[String, String]) (defaults to: lookup('profile::thanos::objstore_account'))
  • objstore_password (String) (defaults to: lookup('profile::thanos::objstore_password'))
  • alertmanagers (Array[Stdlib::Host]) (defaults to: lookup('alertmanagers')) 


14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'modules/profile/manifests/thanos/rule.pp', line 14

class profile::thanos::rule (
    Array $prometheus_nodes = lookup('prometheus_nodes'),
    Hash[Stdlib::Fqdn, Hash] $thanos_rule_hosts = lookup('profile::thanos::rule_hosts'),
    Array $query_hosts = lookup('profile::thanos::frontends'),
    Hash[String, String] $objstore_account = lookup('profile::thanos::objstore_account'),
    String $objstore_password = lookup('profile::thanos::objstore_password'),
    Array[Stdlib::Host] $alertmanagers = lookup('alertmanagers'),
) {
    $http_port = 17902
    $grpc_port = 17901

    # XXX expose web interface like /bucket/ ?
    class { 'thanos::rule':
        alertmanagers     => $alertmanagers,
        # /etc/thanos-rule paths are reserved for puppet-deployed files, whereas /srv paths
        # will receive automatically-deployed alerts.
        rule_files        => ['/etc/thanos-rule/rules/*.yaml',
                              '/etc/thanos-rule/alerts/*.yaml',
                              '/srv/alerts-thanos/*.yaml'],
        rule_hosts        => $thanos_rule_hosts,
        objstore_account  => $objstore_account,
        objstore_password => $objstore_password,
        http_port         => $http_port,
        grpc_port         => $grpc_port,
    }

    if $::fqdn in $thanos_rule_hosts {
        class { 'thanos::rule::prometheus': }
    }

    # Allow access only to rule to scrape metrics
    $prometheus_nodes_ferm = join($prometheus_nodes, ' ')
    ferm::service { 'thanos_rule':
        proto  => 'tcp',
        port   => $http_port,
        srange => "(@resolve((${prometheus_nodes_ferm})) @resolve((${prometheus_nodes_ferm}), AAAA))",
    }

    # Allow access from query hosts
    $query_hosts_ferm = join($query_hosts, ' ')
    ferm::service { 'thanos_rule_query':
        proto  => 'tcp',
        port   => $grpc_port,
        srange => "(@resolve((${query_hosts_ferm})) @resolve((${query_hosts_ferm}), AAAA))",
    }

    # Deploy Thanos recording rules
    thanos::recording_rule { 'recording_rules.yaml':
        source   => 'puppet:///modules/profile/thanos/recording_rules.yaml',
    }
}