Add containerized Prometheus/Grafana stack deployment #214
Conversation
| [Container] | ||
| Label=app=alertmanager | ||
| ContainerName=alertmanager | ||
| Image=registry.opensuse.org/devel/bci/sle-15-sp6/containerfile/suse/alertmanager:0.26.0 |
There was a problem hiding this comment.
Do you want images from opensuse registry for SUMA as well?
There was a problem hiding this comment.
That is the point I wanted to discuss. For now I have just hard-coded them here.
There was a problem hiding this comment.
I checked that monitoring images are not being published to registry.suse.com. Please let me know if we want to have them there for our purposes.
There was a problem hiding this comment.
From my point of view we cannot have opensuse images delivered for SUMA. We have a special SKU so we must have SUSE delivered images through registry.suse.com with special access control matching the needed SKU.
There was a problem hiding this comment.
Correct! We must use the images through registry.suse.com
Minor fixes for Prometheus formula
witekest
changed the title
There was a problem hiding this comment.
Just took a superficial view. I saw that the formula interacts with the service state and execution modules. These won't work when targetting SLE Micro. With SUMA 5.0 itself running on SLE Micro 5.5, I would expect that our formula can deploy onto a SLE Micro system.
I only commented on the first two instances, but there have been more.
| module.run: | ||
| - name: service.systemctl_reload | ||
| service.running: | ||
| - name: grafana | ||
| - enable: true | ||
| - watch: | ||
| - file: /etc/containers/systemd/grafana.* | ||
| - file: /etc/grafana/provisioning/datasources/datasources.yml |
There was a problem hiding this comment.
The service state/execution module calls won't work on SLE Micro.
There was a problem hiding this comment.
What are the limitations here? I read in the documentation that Podman integrates with systemd on SLE Micro.
There was a problem hiding this comment.
state.apply is executed inside a transaction (think: transactional-update run salt-call state.apply ...) and there is no dbus access inside the transaction. At least not as of today, but enabling it also comes with problems...
We have a card to enable SUMA to avoid the transactional-update wrapping, but it's not picked up yet.
Just to be clear, systemd and podman work together. Controlling that with Salt won't work when targeting transactional systems.
There was a problem hiding this comment.
Thanks. That's a good point.
| service.dead: | ||
| - name: grafana | ||
| - enable: false | ||
| file.absent: | ||
| - names: | ||
| - /etc/containers/systemd/grafana.container | ||
| - /etc/containers/systemd/grafana.volume | ||
| module.run: | ||
| - name: service.systemctl_reload |
There was a problem hiding this comment.
The service state/execution module calls won't work on SLE Micro.
| [Container] | ||
| Label=app=grafana | ||
| ContainerName=grafana | ||
| Image=registry.opensuse.org/devel/bci/sle-15-sp6/containerfile/suse/grafana:9.5.8 |
There was a problem hiding this comment.
The same as the other images, it needs to be configurable and for suse manager it needs to come from suse.registry.com with proper authentication
| Label=app=grafana | ||
| ContainerName=grafana | ||
| Image=registry.opensuse.org/devel/bci/sle-15-sp6/containerfile/suse/grafana:9.5.8 | ||
| Volume=/etc/grafana:/etc/grafana:ro |
There was a problem hiding this comment.
this means the grafana config files must exist on the Host OS will be mounted as read-only on the container? To adapt the configuration users should change the config files on the host OS?
There was a problem hiding this comment.
Yes, the formula takes care of providing the config files.
And yes, users can modify these using the formula or manually.
| Label=app=alertmanager | ||
| ContainerName=alertmanager | ||
| Image=registry.opensuse.org/devel/bci/sle-15-sp6/containerfile/suse/alertmanager:0.26.0 | ||
| Volume=/etc/prometheus:/etc/prometheus:ro |
There was a problem hiding this comment.
same question as before, it will be set on the host os, and mount as read-only on the container, right?
| [Container] | ||
| Label=app=blackbox_exporter | ||
| ContainerName=blackbox_exporter | ||
| Image=registry.opensuse.org/devel/bci/sle-15-sp6/containerfile/suse/blackbox_exporter:0.24.0 |
There was a problem hiding this comment.
same question about the image coming from registry.suse.com
| [Container] | ||
| Label=app=prometheus | ||
| ContainerName=prometheus | ||
| Image=registry.opensuse.org/devel/bci/sle-15-sp6/containerfile/suse/prometheus:2.37.6 |
Install and configure Prometheus, Alertmanager, Grafana and Blackbox exporter containers with Podman.
Implements SUSE/spacewalk#19509