diff --git a/ops-compose-stack/.gitignore b/ops-compose-stack/.gitignore index 4c49bd7..446675d 100644 --- a/ops-compose-stack/.gitignore +++ b/ops-compose-stack/.gitignore @@ -1 +1,5 @@ .env +*.crt +*.key +/data/prometheus/data/ +/data/grafana/ \ No newline at end of file diff --git a/ops-compose-stack/data/prometheus/config/prometheus.yml b/ops-compose-stack/data/prometheus/config/prometheus.yml new file mode 100644 index 0000000..1645d82 --- /dev/null +++ b/ops-compose-stack/data/prometheus/config/prometheus.yml @@ -0,0 +1,46 @@ +global: + scrape_interval: 120s # By default, scrape targets every 15 seconds. + evaluation_interval: 120s # By default, scrape targets every 15 seconds. + # scrape_timeout is set to the global default (10s). + + # Attach these labels to any time series or alerts when communicating with + # external systems (federation, remote storage, Alertmanager). + external_labels: + monitor: 'YACS' + +# Load and evaluate rules in this file every 'evaluation_interval' seconds. +rule_files: + # - "alert.rules" + # - "first.rules" + # - "second.rules" + +# A scrape configuration containing exactly one endpoint to scrape: +# Here it's Prometheus itself. +scrape_configs: + # The job name is added as a label `job=` to any timeseries scraped from this config. + - job_name: 'prometheus' + + # Override the global default and scrape targets from this job every 5 seconds. + scrape_interval: 5s + + # metrics_path defaults to '/metrics' + # scheme defaults to 'http'. + + static_configs: + - targets: ['monitoring_prometheus:9090'] + + - job_name: 'yacs_web' + scrape_interval: 5s + static_configs: + - targets: ['yacs_web:8080', 'yacs_web:8443'] + + - job_name: 'yacs_db' + scrape_interval: 5s + static_configs: + - targets: ['yacs_db:5432'] + +alerting: + alertmanagers: + - static_configs: + - targets: + - alertmanager:9093 \ No newline at end of file diff --git a/ops-compose-stack/docker-compose.yml b/ops-compose-stack/docker-compose.yml index e08c66f..44af83a 100644 --- a/ops-compose-stack/docker-compose.yml +++ b/ops-compose-stack/docker-compose.yml @@ -8,68 +8,19 @@ volumes: ackee-storage: services: - pgadmin: restart: unless-stopped image: dpage/pgadmin4 environment: - - PGADMIN_DEFAULT_EMAIL=${YX_ADMIN_EMAIL} - - PGADMIN_DEFAULT_PASSWORD=${YX_PG_PASS} + - PGADMIN_DEFAULT_EMAIL=yacsrpi@gmail.com + - PGADMIN_DEFAULT_PASSWORD=${GRAFANA_PASSWORD} - PGADMIN_ENABLE_TLS=True volumes: - ../ssl/cert.pem:/certs/server.cert - ../ssl/privkey.pem:/certs/server.key ports: - "${YX_PG_PORT:-7001}:443" - - grafana: - restart: unless-stopped - image: grafana/grafana - volumes: - - grafana-storage:/var/lib/grafana - - ${YX_SSL_CERT_LOCATION}:/certs/server.cert - - ${YX_SSL_KEY_LOCATION}:/certs/server.key - environment: - - GF_SERVER_PROTOCOL=https - - GF_SERVER_ENABLE_GZIP=${YX_GF_GZIP:-true} - - GF_SERVER_CERT_FILE=/certs/server.cert - - GF_SERVER_CERT_KEY=/certs/server.key - ports: - - "${YX_GF_PORT:-7002}:3000" - - bunker_dozzle: - image: bunkerity/bunkerized-nginx - restart: always - volumes: - - ${YX_SSL_CERT_LOCATION}:/certs/server.cert - - ${YX_SSL_KEY_LOCATION}:/certs/server.key - environment: - - USE_REVERSE_PROXY=yes - - REVERSE_PROXY_URL=/ - - REVERSE_PROXY_HOST=http://dozzle:8080 - - USE_CUSTOM_HTTPS=yes - - CUSTOM_HTTPS_CERT=/certs/server.cert - - CUSTOM_HTTPS_KEY=/certs/server.key - - USE_AUTH_BASIC=yes - - USE_DNSBL=no - - USE_FAILBAN=no - - LIMIT_REQ=no - - USE_CLAMAV_SCAN=no - - USE_CLAMAV_UPLOAD=no - - USE_MODSECURITY=no - - USE_MODSECURITY_CRS=no - - BLOCK_USER_AGENT=no - - AUTH_BASIC_USER=${YX_BNK_DL_USER:-bnk_user} - - AUTH_BASIC_PASSWORD=${YX_BNK_DL_PASS:-bnk_pass} - ports: - - "${YX_BNK_DL_PORT:-7003}:8443" - - dozzle: - container_name: dozzle - image: amir20/dozzle:latest - volumes: - - /var/run/docker.sock:/var/run/docker.sock - + ackee: image: electerious/ackee container_name: ackee @@ -81,34 +32,64 @@ services: - ACKEE_PASSWORD=${YX_ACKEE_PASS:-ackee_pass} depends_on: - ackee_mongo - - bunker_ackee: - image: bunkerity/bunkerized-nginx - restart: always - volumes: - - ${YX_SSL_CERT_LOCATION}:/certs/server.cert - - ${YX_SSL_KEY_LOCATION}:/certs/server.key - environment: - - USE_REVERSE_PROXY=yes - - REVERSE_PROXY_URL=/ - - REVERSE_PROXY_HOST=http://ackee:3000 - - USE_CUSTOM_HTTPS=yes - - CUSTOM_HTTPS_CERT=/certs/server.cert - - CUSTOM_HTTPS_KEY=/certs/server.key - - USE_DNSBL=no - - USE_FAILBAN=no - - LIMIT_REQ=no - - USE_CLAMAV_SCAN=no - - USE_CLAMAV_UPLOAD=no - - USE_MODSECURITY=no - - USE_MODSECURITY_CRS=no - - BLOCK_USER_AGENT=no - ports: - - "${YX_BNK_ACKEE_PORT:-7004}:8443" - + ackee_mongo: image: mongo container_name: ackee_mongo restart: always volumes: - ackee-storage:/data/db + + prometheus: + image: prom/prometheus:latest + user: root + container_name: monitoring_prometheus + restart: unless-stopped + volumes: + - ./data/prometheus/config/:/etc/prometheus/ + - ./data/prometheus/data/:/prometheus + command: + - '--config.file=/etc/prometheus/prometheus.yml' + - '--storage.tsdb.path=/prometheus' + expose: + - 9090 + ports: + - 9090:9090 + links: + - cadvisor:cadvisor + - node-exporter:node-exporter + + node-exporter: + image: prom/node-exporter:latest + container_name: monitoring_node_exporter + restart: unless-stopped + expose: + - 9100 + + cadvisor: + image: google/cadvisor:latest + container_name: monitoring_cadvisor + restart: unless-stopped + volumes: + - /:/rootfs:ro + - /var/run:/var/run:rw + - /sys:/sys:ro + - /var/lib/docker/:/var/lib/docker:ro + ports: + - 9999:8080 + + grafana: + image: grafana/grafana:latest + container_name: monitoring_grafana + restart: unless-stopped + links: + - prometheus:prometheus + environment: + - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD} + - GF_USERS_ALLOW_SIGN_UP=false + - GF_SERVER_DOMAIN=yacs.cs.rpi.edu + - GF_SMTP_ENABLED=false + expose: + - 4000 + ports: + - 4000:4000 \ No newline at end of file