From 4f756e45b8393d4388af9bb3b7ee34d2ef79b46d Mon Sep 17 00:00:00 2001 From: Kristian Lyngstol Date: Tue, 22 Nov 2016 15:35:16 +0100 Subject: Use persistent postgres storage and make grafana use postgres backing Still need to fix session storage for Grafana. After that, the container is stateless. --- ansible/playbook-test.yml | 4 ++-- build/test/gondul-db-test.Dockerfile | 6 ++---- build/test/gondul-grafana-test.Dockerfile | 6 ++++++ build/test/pg_hba.tail | 1 + build/test/postgres.sh | 17 +++++++++++++++++ 5 files changed, 28 insertions(+), 6 deletions(-) create mode 100755 build/test/postgres.sh diff --git a/ansible/playbook-test.yml b/ansible/playbook-test.yml index c125160..6bb95ec 100644 --- a/ansible/playbook-test.yml +++ b/ansible/playbook-test.yml @@ -7,7 +7,7 @@ vars: - images: - name: "gondul-db-test" - volumes: [ "{{ pwd.stdout }}/:/opt/gondul" ] + volumes: [ "{{ pwd.stdout }}/:/opt/gondul", "{{ pwd.stdout }}/data/postgresql:/var/lib/postgresql" ] links: [] ports: [] - name: "gondul-graphite-test" @@ -16,7 +16,7 @@ ports: [] - name: "gondul-grafana-test" volumes: [ "{{ pwd.stdout }}/:/opt/gondul" , "{{ pwd.stdout }}/data/grafana:/var/lib/grafana" ] - links: ["gondul-graphite-test:graphite" ] + links: ["gondul-graphite-test:graphite","gondul-db-test:db" ] ports: [] - name: "gondul-front-test" volumes: [ "{{ pwd.stdout }}/:/opt/gondul" ] diff --git a/build/test/gondul-db-test.Dockerfile b/build/test/gondul-db-test.Dockerfile index b3d013b..38febc6 100644 --- a/build/test/gondul-db-test.Dockerfile +++ b/build/test/gondul-db-test.Dockerfile @@ -2,10 +2,8 @@ FROM debian:jessie RUN apt-get update && apt-get install -y postgresql-9.4 ADD build/test/pg_hba.tail /pg_hba.tail RUN cat /pg_hba.tail >> /etc/postgresql/9.4/main/pg_hba.conf -RUN service postgresql start && su postgres -c "psql --command=\"CREATE ROLE nms PASSWORD 'risbrod' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;\"" && su postgres -c "createdb -O nms nms" && service postgresql stop -ADD build/schema.sql /schema.sql -RUN service postgresql start && su postgres -c "cat /schema.sql | psql nms" && service postgresql stop ADD build/test/postgresql.conf /etc/postgresql/9.4/main/postgresql.conf RUN echo "listen_addresses = '*'" >> /etc/postgresql/9.4/main/postgresql.conf -CMD pg_ctlcluster --foreground 9.4 main start +CMD /opt/gondul/build/test/postgres.sh +VOLUME /var/lib/postgresql EXPOSE 5432 diff --git a/build/test/gondul-grafana-test.Dockerfile b/build/test/gondul-grafana-test.Dockerfile index 33c69b4..223f8db 100644 --- a/build/test/gondul-grafana-test.Dockerfile +++ b/build/test/gondul-grafana-test.Dockerfile @@ -2,6 +2,12 @@ FROM grafana/grafana:4.0.0-beta1 ENV GF_SERVER_ROOT_URL http://nms-dev.gathering.org/grafana/ ENV GF_METRICS_GRAPHITE_ADDRESS graphite:2003 ENV GF_METRICS_GRAPHITE_PREFIX grafana.%(instance_name)s. +ENV GF_DATABASE_TYPE postgres +ENV GF_DATABASE_HOST db:5432 +ENV GF_DATABASE_NAME grafana +ENV GF_DATABASE_USER grafana +ENV GF_DATABASE_PASSWORD grafana +ENV GF_DATABASE_SSL_MODE require ENV GF_EXTERNAL_IMAGE_STORAGE_PROVIDER internal ENV GF_EXTERNAL_IMAGE_STORAGE_S3_BUCKET_URL http://grafana.situla.bitbit.net/ ENV GF_EXTERNAL_IMAGE_STORAGE_S3_ACCESS_KEY 8KMMX9F3VZZ6MAZOGFF6 diff --git a/build/test/pg_hba.tail b/build/test/pg_hba.tail index 60b8c53..ecf6295 100644 --- a/build/test/pg_hba.tail +++ b/build/test/pg_hba.tail @@ -1 +1,2 @@ host nms nms 172.17.0.0/16 md5 +host grafana grafana 172.17.0.0/16 md5 diff --git a/build/test/postgres.sh b/build/test/postgres.sh new file mode 100755 index 0000000..1540d97 --- /dev/null +++ b/build/test/postgres.sh @@ -0,0 +1,17 @@ +#!/bin/bash +set -e +if [ ! -d /var/lib/postgresql/9.4/main ]; then + echo Bootstrapping DB + mkdir -p /var/lib/postgresql/9.4/main + chown -R postgres /var/lib/postgresql/9.4 + su postgres -c '/usr/lib/postgresql/9.4/bin/initdb /var/lib/postgresql/9.4/main' + service postgresql start + su postgres -c "psql --command=\"CREATE ROLE nms PASSWORD 'risbrod' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;\"" + su postgres -c "createdb -O nms nms" + su postgres -c "psql --command=\"CREATE ROLE grafana PASSWORD 'grafana' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;\"" + su postgres -c "createdb -O grafana grafana" + su postgres -c "cat /opt/gondul/build/schema.sql | psql nms" + service postgresql stop + echo Bootstrap done +fi +exec pg_ctlcluster --foreground 9.4 main start -- cgit v1.2.3 From 5976e67e48b332ff2dd1b3471307c1503cdddb25 Mon Sep 17 00:00:00 2001 From: Kristian Lyngstol Date: Wed, 23 Nov 2016 12:40:11 +0100 Subject: Use grafana 4.0.0-beta2 --- build/test/gondul-grafana-test.Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build/test/gondul-grafana-test.Dockerfile b/build/test/gondul-grafana-test.Dockerfile index 223f8db..9a433df 100644 --- a/build/test/gondul-grafana-test.Dockerfile +++ b/build/test/gondul-grafana-test.Dockerfile @@ -1,4 +1,4 @@ -FROM grafana/grafana:4.0.0-beta1 +FROM grafana/grafana:4.0.0-beta2 ENV GF_SERVER_ROOT_URL http://nms-dev.gathering.org/grafana/ ENV GF_METRICS_GRAPHITE_ADDRESS graphite:2003 ENV GF_METRICS_GRAPHITE_PREFIX grafana.%(instance_name)s. @@ -10,5 +10,5 @@ ENV GF_DATABASE_PASSWORD grafana ENV GF_DATABASE_SSL_MODE require ENV GF_EXTERNAL_IMAGE_STORAGE_PROVIDER internal ENV GF_EXTERNAL_IMAGE_STORAGE_S3_BUCKET_URL http://grafana.situla.bitbit.net/ -ENV GF_EXTERNAL_IMAGE_STORAGE_S3_ACCESS_KEY 8KMMX9F3VZZ6MAZOGFF6 -ENV GF_EXTERNAL_IMAGE_STORAGE_S3_SECRET_KEY dTuAqxPGE5SFbtEmJxoZ9Y3AHINOZ5ju0IPfoqfA +ENV GF_EXTERNAL_IMAGE_STORAGE_S3_ACCESS_KEY 8KMMX9F3VZZ6MAZOGFF6-yes-I-knw +ENV GF_EXTERNAL_IMAGE_STORAGE_S3_SECRET_KEY dTuAqxPGE5SFbtEmJxoZ9Y3AHINOZ5ju0IPfoqfA-no-it-doesnt-work -- cgit v1.2.3 From 1b44b20289dddd924fe79a042eec72b509ba025c Mon Sep 17 00:00:00 2001 From: Kristian Lyngstol Date: Wed, 23 Nov 2016 13:46:52 +0100 Subject: Use proxy for grafana-authentication --- build/test/gondul-grafana-test.Dockerfile | 2 ++ extras/misc/varnish-auth.vcl | 26 ++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 extras/misc/varnish-auth.vcl diff --git a/build/test/gondul-grafana-test.Dockerfile b/build/test/gondul-grafana-test.Dockerfile index 9a433df..be808d3 100644 --- a/build/test/gondul-grafana-test.Dockerfile +++ b/build/test/gondul-grafana-test.Dockerfile @@ -8,6 +8,8 @@ ENV GF_DATABASE_NAME grafana ENV GF_DATABASE_USER grafana ENV GF_DATABASE_PASSWORD grafana ENV GF_DATABASE_SSL_MODE require +ENV GF_AUTH_PROXY_ENABLED true +ENV GF_AUTH_DISABLE_LOGIN_FORM true ENV GF_EXTERNAL_IMAGE_STORAGE_PROVIDER internal ENV GF_EXTERNAL_IMAGE_STORAGE_S3_BUCKET_URL http://grafana.situla.bitbit.net/ ENV GF_EXTERNAL_IMAGE_STORAGE_S3_ACCESS_KEY 8KMMX9F3VZZ6MAZOGFF6-yes-I-knw diff --git a/extras/misc/varnish-auth.vcl b/extras/misc/varnish-auth.vcl new file mode 100644 index 0000000..c73e3ad --- /dev/null +++ b/extras/misc/varnish-auth.vcl @@ -0,0 +1,26 @@ +# Example auth-config for varnish + gondul +# Stick this in the data/ directory and Varnish will use it. +# Unless you set X-Webauth-User, grafana will not work. +# The username/password can be generated with echo -n foo:bar | base64 + +acl white { + "127.0.0.0"/8; + "172.16.0.0"/12; + "192.168.0.0"/16; + "10.0.0.0"/8; +} + +sub vcl_recv { + if (client.ip !~ white && req.http.Authorization != "Basic Zm9vOmJhcg==") { + return(synth(401)); + } else { + unset req.http.Authorization; + set req.http.X-Webauth-User = "admin"; + } +} + +sub vcl_synth { + if (resp.status == 401) { + set resp.http.WWW-Authenticate = {"Basic realm="WHAT .... is your favorite color?""}; + } +} -- cgit v1.2.3 From fdfb87ee3fe4166f49aae9349e57ab007bbe0932 Mon Sep 17 00:00:00 2001 From: Kristian Lyngstol Date: Thu, 24 Nov 2016 18:38:10 +0100 Subject: Add architecture diagram --- doc/Gondul.png | Bin 0 -> 177521 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 doc/Gondul.png diff --git a/doc/Gondul.png b/doc/Gondul.png new file mode 100644 index 0000000..9625f40 Binary files /dev/null and b/doc/Gondul.png differ -- cgit v1.2.3