2022-07-25 22:49:29 +00:00
|
|
|
resource "nomad_job" "exporters" {
|
2023-08-24 19:36:47 +00:00
|
|
|
jobspec = templatefile("${path.module}/exporters.nomad", {
|
|
|
|
use_wesher = var.use_wesher,
|
|
|
|
})
|
2022-07-25 22:49:29 +00:00
|
|
|
}
|
2022-03-03 17:37:49 +00:00
|
|
|
|
|
|
|
resource "nomad_job" "prometheus" {
|
2023-08-24 19:36:47 +00:00
|
|
|
jobspec = templatefile("${path.module}/prometheus.nomad", {
|
|
|
|
use_wesher = var.use_wesher,
|
|
|
|
})
|
2022-03-03 17:37:49 +00:00
|
|
|
}
|
2022-03-12 18:07:52 +00:00
|
|
|
|
|
|
|
resource "nomad_job" "grafana" {
|
2022-07-21 22:54:05 +00:00
|
|
|
jobspec = templatefile("${path.module}/grafana.nomad", {
|
2022-11-02 19:32:27 +00:00
|
|
|
module_path = path.module
|
2023-08-24 19:36:47 +00:00
|
|
|
use_wesher = var.use_wesher
|
2022-07-21 22:54:05 +00:00
|
|
|
})
|
2023-03-24 18:24:36 +00:00
|
|
|
|
2023-01-07 07:07:33 +00:00
|
|
|
depends_on = [nomad_job.prometheus]
|
2022-03-12 18:07:52 +00:00
|
|
|
}
|
2023-08-29 19:48:48 +00:00
|
|
|
|
2023-08-29 22:11:40 +00:00
|
|
|
resource "nomad_acl_policy" "grafana_smtp_secrets" {
|
|
|
|
name = "grafana-secrets-smtp"
|
|
|
|
description = "Give access to MySQL secrets"
|
|
|
|
rules_hcl = <<EOH
|
|
|
|
namespace "default" {
|
|
|
|
variables {
|
|
|
|
path "secrets/smtp" {
|
|
|
|
capabilities = ["read"]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
EOH
|
|
|
|
|
|
|
|
job_acl {
|
|
|
|
job_id = "grafana"
|
|
|
|
group = "grafana"
|
|
|
|
task = "grafana"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-08-29 19:48:48 +00:00
|
|
|
# Generate secrets and policies for access to MySQL
|
|
|
|
resource "nomad_acl_policy" "grafana_mysql_bootstrap_secrets" {
|
|
|
|
name = "grafana-secrets-mysql"
|
|
|
|
description = "Give access to MySQL secrets"
|
|
|
|
rules_hcl = <<EOH
|
|
|
|
namespace "default" {
|
|
|
|
variables {
|
|
|
|
path "secrets/mysql" {
|
|
|
|
capabilities = ["read"]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
EOH
|
|
|
|
|
|
|
|
job_acl {
|
|
|
|
job_id = "grafana"
|
|
|
|
group = "grafana"
|
|
|
|
task = "mysql-bootstrap"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "random_password" "grafana_mysql_psk" {
|
|
|
|
length = 32
|
|
|
|
override_special = "!@#%&*-_="
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "nomad_variable" "grafana_mysql_psk" {
|
|
|
|
path = "secrets/mysql/allowed_psks/grafana"
|
|
|
|
items = {
|
|
|
|
psk = "grafana:${resource.random_password.grafana_mysql_psk.result}"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "nomad_acl_policy" "grafana_mysql_psk" {
|
|
|
|
name = "grafana-secrets-mysql-psk"
|
|
|
|
description = "Give access to MySQL PSK secrets"
|
|
|
|
rules_hcl = <<EOH
|
|
|
|
namespace "default" {
|
|
|
|
variables {
|
|
|
|
path "secrets/mysql/allowed_psks/grafana" {
|
|
|
|
capabilities = ["read"]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
EOH
|
|
|
|
|
|
|
|
job_acl {
|
|
|
|
job_id = "grafana"
|
|
|
|
group = "grafana"
|
|
|
|
task = "stunnel"
|
|
|
|
}
|
|
|
|
}
|