c074df4bc7
Working backup and restore
2022-07-27 22:04:22 -07:00
d175166045
Make traefik disk ephemeral and sticky
2022-07-27 17:30:35 -07:00
c8493b1fc5
Bump Traefik mem limit
...
We don't like this crashing
2022-07-27 17:26:13 -07:00
a3f59145bd
Skip dump of lldap db
2022-07-27 17:25:41 -07:00
9a315eb2f7
Add lldap backup and templatize backup job
...
Now oneoff and system jobs are all using the same template
2022-07-27 17:02:29 -07:00
6e074c55aa
Increase prometheus memory limit
2022-07-27 16:11:56 -07:00
ecaee6f8be
Add lldap
2022-07-27 15:57:28 -07:00
4213b322c1
Remove set hostname because that's now done in bootstrap
2022-07-27 15:57:12 -07:00
1dd131ba9a
Extend ttl for nomad tokens
2022-07-27 15:56:40 -07:00
bc040b4668
Add ddclient
2022-07-27 14:45:08 -07:00
9664802fb6
Clean up services template whitespace
2022-07-27 14:41:42 -07:00
547cd96e4c
Add vault stanza to levant services
2022-07-27 14:41:13 -07:00
e39fbc41a7
Add further todos for Nomad Vault
2022-07-27 13:40:21 -07:00
25ec582eaf
Update Nomad and Vault ACLs
...
Now nomad is read only and tokens can be retrieved from Vault
2022-07-27 13:13:11 -07:00
92a30e6709
Reduce memory for blocky sidecar
2022-07-27 11:22:02 -07:00
fb934f3b2f
Hide blocky API from non-traefik route
2022-07-27 11:21:11 -07:00
fe11b03a43
Get letsencrypt certs working with Traefik
2022-07-27 11:12:08 -07:00
85fccea867
Fix consul value bootstrap and hide secrets in log
2022-07-27 11:11:03 -07:00
d70dce8ab5
Add basic auth to traefik
2022-07-26 21:48:16 -07:00
963a863e2d
Make anonymous nomad read only
2022-07-26 20:20:43 -07:00
3033c581f3
Add userpass login to Vault
2022-07-26 20:09:52 -07:00
b4bb0f866e
Make metrics more readable
2022-07-25 21:45:01 -07:00
4508993068
Reduce task memory
2022-07-25 16:37:51 -07:00
4ea7947b1a
Fix mysql
2022-07-25 16:29:43 -07:00
465c2d9c29
WIP: Update oneoff backups
2022-07-25 16:29:35 -07:00
ee45e92534
Fix consul backup
2022-07-25 16:29:06 -07:00
3ec1d008e8
Move traefik connect intents to core
2022-07-25 15:54:23 -07:00
04bdef01b8
Allow bypass of healthcheck
2022-07-25 15:52:47 -07:00
157005ae7b
Get mysql root from vault
2022-07-25 15:52:47 -07:00
4a06f31f49
Tweak memory requirements for tasks
2022-07-25 15:52:47 -07:00
9d4cd68648
Add test consul backup
2022-07-25 15:52:47 -07:00
18807de608
Clean up Grafana and Loki bootstraps
2022-07-25 15:52:47 -07:00
de82205147
Remove packer stuff
2022-07-25 15:49:07 -07:00
96263d1e99
Update lockfile
2022-07-25 15:40:54 -07:00
9bb8b39fed
Add new playbook and make target for bootstrapping values to Consul and Vault
2022-07-25 15:40:22 -07:00
888b1236f1
Update playbook, move acls and comment for fixes
...
There are some items that I found are broken on first run and made some changes
2022-07-25 11:48:03 -07:00
a0aba7f2f0
Make acls module stand alone
2022-07-25 11:48:03 -07:00
fed875f852
Shorten pip installs
2022-07-25 11:48:03 -07:00
068da0d539
Add vault kv creation
2022-07-25 11:14:51 -07:00
464cdf7010
Add loki, promtail, and syslog-ng
2022-07-25 10:46:16 -07:00
391ad8dee6
Add sticky disk to service template
2022-07-25 10:44:37 -07:00
d386a839c4
Promethus: Use env for consul address rather than variable
2022-07-25 10:38:48 -07:00
af4324db6f
Move core services to new tf file
...
Precursor to moving to a module so it can be applied separately
2022-07-25 10:37:32 -07:00
a7e276c637
WIP: Write a consul backup job
2022-07-21 20:24:50 -07:00
842e656342
Add consul bootstrap and move vault to an example
2022-07-21 20:16:10 -07:00
47a74b6166
Fix consul address in levant
2022-07-21 20:11:21 -07:00
16813e8cb7
Deploy Nomad, Consul, and Vault using apt repo
2022-07-21 19:04:44 -07:00
60dd856666
Use vault for backups jobs
2022-07-21 19:03:40 -07:00
1b88593f88
Major grafana refactor to include automatic loading of provisioning files
2022-07-21 15:54:05 -07:00
5126f5f4d4
Go back to a single ingress node to simplify Traefik TLS
...
The open source version of Traefik doesn't natively support HA. Running
multiple instances means that the TLS certificates will have to be
managed outside of Traefik and distributed to running jobs via Vault and
Nomad. This is doable, but I've decided to reduce the scope for now to
simplify things and go to a single Ingress node so that Traefik cert
management can be used.
2022-07-21 15:50:13 -07:00