From ce929bead2c5c2809a3f83d018fd60126450cd20 Mon Sep 17 00:00:00 2001 From: Yihau Chen Date: Tue, 20 Jun 2023 10:48:44 +0800 Subject: [PATCH] chore: remove unused code (#32195) --- metrics/influx-enterprise/README.md | 30 -- metrics/influx-enterprise/nginx/default | 102 ---- metrics/influx-enterprise/setup-data-nodes.sh | 70 --- metrics/influx-enterprise/setup-meta-nodes.sh | 64 --- metrics/influx-enterprise/status.sh | 70 --- metrics/metrics-internal/README.md | 16 - .../chronograf_8888_internal.sh | 56 --- .../chronograf_8889_internal.sh | 56 --- .../grafana-internal-metrics.solana.com.ini | 453 ----------------- metrics/metrics-internal/grafana_internal.sh | 53 -- metrics/metrics-internal/host.sh | 6 - metrics/metrics-internal/influxdb.conf | 142 ------ metrics/metrics-internal/influxdb_internal.sh | 50 -- metrics/metrics-internal/nginx/fastcgi.conf | 26 - metrics/metrics-internal/nginx/fastcgi_params | 25 - metrics/metrics-internal/nginx/koi-utf | 109 ----- metrics/metrics-internal/nginx/koi-win | 103 ---- metrics/metrics-internal/nginx/mime.types | 89 ---- .../50-mod-http-image-filter.conf | 1 - .../50-mod-http-xslt-filter.conf | 1 - .../nginx/modules-enabled/50-mod-mail.conf | 1 - .../nginx/modules-enabled/50-mod-stream.conf | 1 - metrics/metrics-internal/nginx/nginx.conf | 85 ---- metrics/metrics-internal/nginx/proxy_params | 4 - metrics/metrics-internal/nginx/scgi_params | 17 - .../nginx/sites-available/default | 107 ----- .../nginx/sites-available/default-back | 91 ---- .../nginx/sites-enabled/default | 37 -- .../nginx/sites-enabled/default.bck | 107 ----- .../nginx/snippets/fastcgi-php.conf | 13 - .../nginx/snippets/snakeoil.conf | 5 - metrics/metrics-internal/nginx/uwsgi_params | 17 - metrics/metrics-internal/nginx/win-utf | 125 ----- metrics/metrics-internal/start.sh | 125 ----- metrics/metrics-internal/status.sh | 47 -- metrics/metrics-main/README.md | 18 - metrics/metrics-main/alertmanager-discord.sh | 41 -- metrics/metrics-main/alertmanager.sh | 45 -- metrics/metrics-main/alertmanager.yml | 11 - metrics/metrics-main/chronograf.sh | 59 --- metrics/metrics-main/chronograf_8889.sh | 56 --- metrics/metrics-main/first_rules.yml | 101 ---- .../grafana-metrics.solana.com.ini | 454 ------------------ metrics/metrics-main/grafana.sh | 54 --- metrics/metrics-main/host.sh | 6 - metrics/metrics-main/kapacitor.conf | 354 -------------- metrics/metrics-main/kapacitor.sh | 51 -- metrics/metrics-main/prometheus.sh | 46 -- metrics/metrics-main/prometheus.yml | 91 ---- metrics/metrics-main/start.sh | 149 ------ metrics/metrics-main/status.sh | 47 -- 51 files changed, 3887 deletions(-) delete mode 100644 metrics/influx-enterprise/README.md delete mode 100644 metrics/influx-enterprise/nginx/default delete mode 100644 metrics/influx-enterprise/setup-data-nodes.sh delete mode 100644 metrics/influx-enterprise/setup-meta-nodes.sh delete mode 100755 metrics/influx-enterprise/status.sh delete mode 100644 metrics/metrics-internal/README.md delete mode 100644 metrics/metrics-internal/chronograf_8888_internal.sh delete mode 100644 metrics/metrics-internal/chronograf_8889_internal.sh delete mode 100644 metrics/metrics-internal/grafana-internal-metrics.solana.com.ini delete mode 100644 metrics/metrics-internal/grafana_internal.sh delete mode 100644 metrics/metrics-internal/host.sh delete mode 100644 metrics/metrics-internal/influxdb.conf delete mode 100644 metrics/metrics-internal/influxdb_internal.sh delete mode 100644 metrics/metrics-internal/nginx/fastcgi.conf delete mode 100644 metrics/metrics-internal/nginx/fastcgi_params delete mode 100644 metrics/metrics-internal/nginx/koi-utf delete mode 100644 metrics/metrics-internal/nginx/koi-win delete mode 100644 metrics/metrics-internal/nginx/mime.types delete mode 100644 metrics/metrics-internal/nginx/modules-enabled/50-mod-http-image-filter.conf delete mode 100644 metrics/metrics-internal/nginx/modules-enabled/50-mod-http-xslt-filter.conf delete mode 100644 metrics/metrics-internal/nginx/modules-enabled/50-mod-mail.conf delete mode 100644 metrics/metrics-internal/nginx/modules-enabled/50-mod-stream.conf delete mode 100644 metrics/metrics-internal/nginx/nginx.conf delete mode 100644 metrics/metrics-internal/nginx/proxy_params delete mode 100644 metrics/metrics-internal/nginx/scgi_params delete mode 100644 metrics/metrics-internal/nginx/sites-available/default delete mode 100644 metrics/metrics-internal/nginx/sites-available/default-back delete mode 100755 metrics/metrics-internal/nginx/sites-enabled/default delete mode 100644 metrics/metrics-internal/nginx/sites-enabled/default.bck delete mode 100644 metrics/metrics-internal/nginx/snippets/fastcgi-php.conf delete mode 100644 metrics/metrics-internal/nginx/snippets/snakeoil.conf delete mode 100644 metrics/metrics-internal/nginx/uwsgi_params delete mode 100644 metrics/metrics-internal/nginx/win-utf delete mode 100644 metrics/metrics-internal/start.sh delete mode 100644 metrics/metrics-internal/status.sh delete mode 100644 metrics/metrics-main/README.md delete mode 100644 metrics/metrics-main/alertmanager-discord.sh delete mode 100755 metrics/metrics-main/alertmanager.sh delete mode 100644 metrics/metrics-main/alertmanager.yml delete mode 100644 metrics/metrics-main/chronograf.sh delete mode 100644 metrics/metrics-main/chronograf_8889.sh delete mode 100644 metrics/metrics-main/first_rules.yml delete mode 100644 metrics/metrics-main/grafana-metrics.solana.com.ini delete mode 100644 metrics/metrics-main/grafana.sh delete mode 100644 metrics/metrics-main/host.sh delete mode 100644 metrics/metrics-main/kapacitor.conf delete mode 100644 metrics/metrics-main/kapacitor.sh delete mode 100644 metrics/metrics-main/prometheus.sh delete mode 100644 metrics/metrics-main/prometheus.yml delete mode 100755 metrics/metrics-main/start.sh delete mode 100755 metrics/metrics-main/status.sh diff --git a/metrics/influx-enterprise/README.md b/metrics/influx-enterprise/README.md deleted file mode 100644 index 71a8ad2cd..000000000 --- a/metrics/influx-enterprise/README.md +++ /dev/null @@ -1,30 +0,0 @@ -![image](https://user-images.githubusercontent.com/110216567/182764431-504557e4-92ac-41ff-82a5-b87c88c19c1d.png) -# Influxdb_Enterprise -[Influx_Enterprise](https://solana-labs.atlassian.net/wiki/spaces/DEVOPS/pages/25788425/Influx+Enterprise+Integration) - - -## Deploy an Influx Enterprise Cluster - -An influx enterprise cluster requires two type of nodes, meta nodes and data notes in order to operate properly: - -### Influxdb Meta Nodes - -Meta nodes are the ones that keep state about the cluster, including which servers, databases, users, continuous queries, retention policies, subscriptions, and blocks of time exist. -You need at least 3 meta nodes running at all times. To replace the meta nodes or add more you can use the `setup-meta-nodes.sh` script updating the requires variables: - -1. SERVERS="" -2. LICENSE_KEY="" -3. VERSION="" - -### Influxdb Data Nodes - -Data nodes are the ones that store all time series data and handles all writes and queries. You can have as many data nodes as possible that add up to the number on vCPU that your license allows. -To replace the data nodes or add more you can use the `setup-data-nodes.sh` script updating the requires variables: - -1. SERVERS="" -2. LICENSE_KEY="" -3. VERSION="" - -### Status Check - -The `status.sh` script runs periodically on BuildKite to make sure that both, the data and meta services are running properly in all the servers of the cluster. If it detects that the service is not running it will try to redeploy it and send an alert to Discord and PagerDuty in case it fails to do so. diff --git a/metrics/influx-enterprise/nginx/default b/metrics/influx-enterprise/nginx/default deleted file mode 100644 index e575ca350..000000000 --- a/metrics/influx-enterprise/nginx/default +++ /dev/null @@ -1,102 +0,0 @@ -## -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - -# Default server configuration -# -upstream backend { - server 145.40.69.29:8086 max_fails=0; - server 147.28.151.45:8086 max_fails=0; - server 147.28.151.201:8086 max_fails=0; - server 86.109.7.147:8086 max_fails=0; - server 147.28.151.73:8086 max_fails=0; - server 147.28.129.143:8086 max_fails=0; - } -server { - listen 8086 default_server; - listen [::]:8086 default_server; - - # SSL configuration - # - # listen 443 ssl default_server; - # listen [::]:443 ssl default_server; - # - # Note: You should disable gzip for SSL traffic. - # See: https://bugs.debian.org/773332 - # - # Read up on ssl_ciphers to ensure a secure configuration. - # See: https://bugs.debian.org/765782 - # - # Self signed certs generated by the ssl-cert package - # Don't use them in a production server! - # - # include snippets/snakeoil.conf; - - root /var/www/html; - - # Add index.php to the list if you are using PHP - index index.html index.htm index.nginx-debian.html; - - server_name _; - - location / { - proxy_connect_timeout 1200s; - proxy_send_timeout 1200s; - proxy_read_timeout 1200s; - proxy_pass http://backend; - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. -# try_files $uri $uri/ =404; - } - - # pass PHP scripts to FastCGI server - # - #location ~ \.php$ { - # include snippets/fastcgi-php.conf; - # - # # With php-fpm (or other unix sockets): - # fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; - # # With php-cgi (or other tcp sockets): - # fastcgi_pass 127.0.0.1:9000; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - -# Virtual Host configuration for example.com -# -# You can move that to a different file under sites-available/ and symlink that -# to sites-enabled/ to enable it. -# -#server { -# listen 80; -# listen [::]:80; -# -# server_name example.com; -# -# root /var/www/example.com; -# index index.html; -# -# location / { -# try_files $uri $uri/ =404; -# } -#} diff --git a/metrics/influx-enterprise/setup-data-nodes.sh b/metrics/influx-enterprise/setup-data-nodes.sh deleted file mode 100644 index c9c3852d0..000000000 --- a/metrics/influx-enterprise/setup-data-nodes.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash -ex - -# List of servers where you want to install the data node -SERVERS=( - "@" - "@" - # Add more servers if needed -) - -# Install InfluxDB data node -install_influxdb_data_node() { - echo "Setting up InfluxDB data node on $1..." - - # Install required packages - ssh "$1" "sudo apt-get update && sudo apt-get install -y wget" - - # Download InfluxDB Enterprise data node binary - ssh "$1" 'wget -q "'"${INFLUXDB_META_DOWNLOAD_URL}"'" -O /tmp/influxdb-data.tar.gz' - - # Extract and install InfluxDB Enterprise data node - ssh "$1" 'sudo mkdir -p "'"${INSTALL_DIR}"'" && sudo tar xf /tmp/influxdb-data.tar.gz -C "'"${INSTALL_DIR}"'" --strip-components=2' - - # Create configuration directory - ssh "$1" "sudo mkdir -p \"\$CONFIG_DIR\"" - - # Generate InfluxDB data node configuration file - ssh "$1" 'echo "reporting-disabled = false -hostname=\"$1\" -bind-address = \":8088\" -license-key = \"${LICENSE_KEY}\" - -[data] - dir = \"/var/lib/influxdb/data\" - wal-dir = \"/var/lib/influxdb/wal\" - series-id-set-cache-size = 100 - -[hinted-handoff] - dir = \"/var/lib/influxdb/hh\" - max-size = 1073741824 - max-age = 168h - retry-rate-limit = 0 -" | sudo tee "$CONFIG_DIR/influxdb.conf"' - - # Create InfluxDB user and directories - ssh "$1" "sudo useradd -rs /bin/false influxdb && sudo mkdir -p /var/lib/influxdb/{data,wal,hh} && sudo chown -R influxdb:influxdb /var/lib/influxdb" - - # Create systemd service file - ssh "$1" 'echo '\''[Unit] -Description=InfluxDB Enterprise data node -Documentation=https://docs.influxdata.com/enterprise_influxdb/v1.9/ -After=network-online.target - -[Service] -User=influxdb -Group=influxdb -ExecStart='\''"$INSTALL_DIR/influxd -config \$CONFIG_DIR/influxdb.conf"'\''" -Restart=on-failure - -[Install] -WantedBy=multi-user.target -'\'' | sudo tee /etc/systemd/system/influxdb-data.service' - - # Enable and start InfluxDB data node service - ssh "$1" "sudo systemctl daemon-reload && sudo systemctl enable influxdb-data.service && sudo systemctl start influxdb-data.service" -} - -# Iterate through the server list and install InfluxDB data node -for server in "${SERVERS[@]}"; do - install_influxdb_data_node "$server" -done diff --git a/metrics/influx-enterprise/setup-meta-nodes.sh b/metrics/influx-enterprise/setup-meta-nodes.sh deleted file mode 100644 index 7c3cb6c74..000000000 --- a/metrics/influx-enterprise/setup-meta-nodes.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/bash - -# List of servers where you want to install the meta node -SERVERS=( - "@" - "@" - # Add more servers if needed -) - -# Install InfluxDB meta node -install_influxdb_meta_node() { - echo "Setting up InfluxDB meta node on $1..." - - # Install required packages - ssh "$1" "sudo apt-get update && sudo apt-get install -y wget" - - # Download InfluxDB Enterprise meta node binary - ssh "$1" 'wget -q "'"${INFLUXDB_META_DOWNLOAD_URL}"'" -O /tmp/influxdb-meta.tar.gz' - - # Extract and install InfluxDB Enterprise meta node - ssh "$1" 'sudo mkdir -p "'"${INSTALL_DIR}"'" && sudo tar xf /tmp/influxdb-meta.tar.gz -C "'"${INSTALL_DIR}"'" --strip-components=2' - - # Create configuration directory - ssh "$1" "sudo mkdir -p \"\$CONFIG_DIR\"" - - # Generate InfluxDB meta node configuration file - ssh "$1" "echo \"reporting-disabled = false -hostname=\\\"\$1\\\" -bind-address = :8091 -license-key = - -[meta] - dir = /var/lib/influxdb/meta - retention-autocreate = true - logging-enabled = true -\" | sudo tee \"\$CONFIG_DIR/influxdb-meta.conf\"" - -# Create InfluxDB user and directories -ssh "$1" 'sudo useradd -rs /bin/false influxdb && sudo mkdir -p /var/lib/influxdb/meta && sudo chown -R influxdb:influxdb /var/lib/influxdb' - -# Create systemd service file -ssh "$1" "echo '[Unit] -Description=InfluxDB Enterprise meta node -Documentation=https://docs.influxdata.com/enterprise_influxdb/v1.9/ -After=network-online.target - -[Service] -User=influxdb -Group=influxdb -ExecStart=/influxd-meta -config /influxdb-meta.conf -Restart=on-failure - -[Install] -WantedBy=multi-user.target -' | sudo tee /etc/systemd/system/influxdb-meta.service" - - # Enable and start InfluxDB meta node service - ssh "$1" "sudo systemctl daemon-reload && sudo systemctl enable influxdb-meta.service && sudo systemctl start influxdb-meta.service" -} - -# Iterate through the server list and install InfluxDB meta node -for server in "${SERVERS[@]}"; do - install_influxdb_meta_node "$server" -done diff --git a/metrics/influx-enterprise/status.sh b/metrics/influx-enterprise/status.sh deleted file mode 100755 index ac8a9a397..000000000 --- a/metrics/influx-enterprise/status.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash -ex -# -# (Re)starts the InfluxDB services -# - -cd "$(dirname "$0")" - -if [[ -z $HOST ]]; then - HOST=metrics.solana.com -fi -echo "HOST: $HOST" - -servers_data=("dev-equinix-washington-27" "dev-equinix-washington-28" "dev-equinix-washington-29" "dev-equinix-washington-30" "dev-equinix-washington-31" "dev-equinix-washington-32" "dev-equinix-amsterdam-20" "dev-equinix-amsterdam-21" "dev-equinix-amsterdam-22" "dev-equinix-chicago-17" "dev-equinix-chicago-19" "dev-equinix-chicago-25" "dev-equinix-amsterdam-19" "dev-equinix-dallas-1" "dev-equinix-frankfurt-1" "dev-equinix-toronto-5") -servers_meta=("dev-equinix-washington-24" "dev-equinix-washington-25" "dev-equinix-washington-26") - -# Check the service on a list of servers -check_service() { - local service=$1 - shift - local servers=("$@") - local message="" - - # Loop through the servers - for server in "${servers[@]}"; do - local service_not_running=true - local retries=3 - for _ in $(seq 1 $retries); do - # Check if the service is running - if ssh -o StrictHostKeyChecking=no sol@"$server" sudo systemctl is-active "$service" >/dev/null; then - # Service is running - message="The $service service is running on $server." - echo "$message" - service_not_running=false - break - else - # Service is not running, wait for 10 seconds and check again - sleep 10 - fi - done - - if $service_not_running; then - # Service is not running, send alert and try to restart it - message="The $service service is not running on $server. Restarting..." - echo "$message" - curl -H "Content-Type: application/json" -d '{"content":"'"$message"'"}' "$DISCORD_WEBHOOK" - - ssh -o StrictHostKeyChecking=no sol@"$server" sudo systemctl restart "$service" - sleep 10 # Wait for the service to start - - if ssh -o StrictHostKeyChecking=no sol@"$server" sudo systemctl is-active "$service" >/dev/null; then - # Service restarted successfully - message="The $service service was restarted successfully on $server." - echo "$message" - curl -H "Content-Type: application/json" -d '{"content":"'"$message"'"}' "$DISCORD_WEBHOOK" - else - # Service failed to restart - message="ERROR: The $service service failed to restart on $server." - echo "$message" - curl -H "Content-Type: application/json" -d '{"content":"'"$message"', manual intervention is required."}' "$DISCORD_WEBHOOK" - curl -H "Content-Type: application/json" -d '{"routing_key":"","event_action":"trigger","payload":{"summary":"The '"$service"' service failed to restart on '"$server"'.","severity":"critical"}}' "$PAGERDUTY_WEBHOOK" - fi - fi - done -} - -# Check the influxdb service -check_service "influxdb" "${servers_data[@]}" - -# Check the influxdb-meta service -check_service "influxdb-meta" "${servers_meta[@]}" diff --git a/metrics/metrics-internal/README.md b/metrics/metrics-internal/README.md deleted file mode 100644 index eef8cd3ad..000000000 --- a/metrics/metrics-internal/README.md +++ /dev/null @@ -1,16 +0,0 @@ -![image](https://user-images.githubusercontent.com/110216567/182764431-504557e4-92ac-41ff-82a5-b87c88c19c1d.png) - - -Services : -1. Influxdb -2. Chronograf (on port 8888) -3. Chronograf_8889 (on port 8889) -4. Grafana - -To install all the services on the metrics-internal server you need to run the `start.sh` script. - -Install the Buildkite-agent to run the `status.sh` script to periodically check for the status of the containers. - -If any of the containers is not in running state or in exited state then it will try to redeploy the container, if it fails to do so an alert will be triggered to Discord and PagerDuty. - -**Note:** If you deleted or removed any of containers manually you need to run the `start.sh` script. diff --git a/metrics/metrics-internal/chronograf_8888_internal.sh b/metrics/metrics-internal/chronograf_8888_internal.sh deleted file mode 100644 index cf7cb2bb4..000000000 --- a/metrics/metrics-internal/chronograf_8888_internal.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash -ex -# -# (Re)starts the Chronograf containers -# -cd "$(dirname "$0")" - -if [[ -z $HOST ]]; then - HOST=internal-metrics.solana.com -fi -echo "HOST: $HOST" - -: "${CHRONOGRAF_IMAGE:=chronograf:1.8.8}" - -# Remove the container -container=chronograf_8888_internal -[[ -w /var/lib/$container ]] -[[ -x /var/lib/$container ]] - -( - set +e - sudo docker kill $container - sudo docker rm -f $container - exit 0 -) - -pwd -rm -rf certs -mkdir -p certs -chmod 700 certs -sudo cp /etc/letsencrypt/live/"$HOST"/fullchain.pem certs/ -sudo cp /etc/letsencrypt/live/"$HOST"/privkey.pem certs/ -sudo chmod 0444 certs/* -sudo chown buildkite-agent:buildkite-agent certs - - -# (Re)start the container -sudo docker run \ - --detach \ - --env AUTH_DURATION=24h \ - --env TLS_CERTIFICATE=/certs/fullchain.pem \ - --env TLS_PRIVATE_KEY=/certs/privkey.pem \ - --env GOOGLE_CLIENT_ID="$GOOGLE_CLIENT_ID_8888" \ - --env GOOGLE_CLIENT_SECRET="$GOOGLE_CLIENT_SECRET_8888" \ - --env GOOGLE_DOMAINS=solana.com,jito.wtf,jumpcrypto.com,certus.one,mango.markets \ - --env PUBLIC_URL=https://internal-metrics.solana.com:8888 \ - --env TOKEN_SECRET="$TOKEN_SECRET" \ - --env inactivity-duration=48h \ - --name=chronograf_8888_internal \ - --net=influxdb \ - --publish 8888:8888 \ - --user "$(id -u):$(id -g)" \ - --volume "$PWD"/certs:/certs \ - --volume /var/lib/chronograf:/var/lib/chronograf \ - --log-opt max-size=1g \ - --log-opt max-file="5" \ - $CHRONOGRAF_IMAGE --influxdb-url=https://"$HOST":8086 --influxdb-username="$INFLUXDB_USERNAME" --influxdb-password="$INLUXDB_PASSWORD" --auth-duration="720h" --inactivity-duration="48h" diff --git a/metrics/metrics-internal/chronograf_8889_internal.sh b/metrics/metrics-internal/chronograf_8889_internal.sh deleted file mode 100644 index 92f85c7be..000000000 --- a/metrics/metrics-internal/chronograf_8889_internal.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash -ex -# -# (Re)starts the Chronograf_8889 containers -# -cd "$(dirname "$0")" - -if [[ -z $HOST ]]; then - HOST=internal-metrics.solana.com -fi -echo "HOST: $HOST" - -: "${CHRONOGRAF_IMAGE:=chronograf:1.8.8}" - -# remove the container -container=chronograf_8889_internal -[[ -w /var/lib/$container ]] -[[ -x /var/lib/$container ]] - -( - set +e - sudo docker kill $container - sudo docker rm -f $container - exit 0 -) - -pwd -rm -rf certs -mkdir -p certs -chmod 700 certs -sudo cp /etc/letsencrypt/live/"$HOST"/fullchain.pem certs/ -sudo cp /etc/letsencrypt/live/"$HOST"/privkey.pem certs/ -sudo chmod 0444 certs/* -sudo chown buildkite-agent:buildkite-agent certs - - -# (Re)start the container -sudo docker run \ - --detach \ - --env AUTH_DURATION=24h \ - --env TLS_CERTIFICATE=/certs/fullchain.pem \ - --env TLS_PRIVATE_KEY=/certs/privkey.pem \ - --env GOOGLE_CLIENT_ID="$GOOGLE_CLIENT_ID_8889" \ - --env GOOGLE_CLIENT_SECRET="$GOOGLE_CLIENT_SECRET_8889" \ - --env GOOGLE_DOMAINS=solana.com,jito.wtf,jumpcrypto.com,certus.one,mango.markets \ - --env PUBLIC_URL=https://internal-metrics.solana.com:8889 \ - --env TOKEN_SECRET="$TOKEN_SECRET" \ - --env inactivity-duration=48h \ - --name=chronograf_8889_internal \ - --net=influxdb \ - --publish 8889:8888 \ - --user "$(id -u):$(id -g)" \ - --volume "$PWD"/certs:/certs \ - --volume /var/lib/chronograf_8889:/var/lib/chronograf \ - --log-opt max-size=1g \ - --log-opt max-file="5" \ - $CHRONOGRAF_IMAGE --influxdb-url=https://"$HOST":8086 --influxdb-username="$INFLUXDB_USERNAME" --influxdb-password="$INLUXDB_PASSWORD" --auth-duration="720h" --inactivity-duration="48h" diff --git a/metrics/metrics-internal/grafana-internal-metrics.solana.com.ini b/metrics/metrics-internal/grafana-internal-metrics.solana.com.ini deleted file mode 100644 index 25cc69673..000000000 --- a/metrics/metrics-internal/grafana-internal-metrics.solana.com.ini +++ /dev/null @@ -1,453 +0,0 @@ -##################### Grafana Configuration Example ##################### -# -# Everything has defaults so you only need to uncomment things you want to -# change - -# possible values : production, development -;app_mode = production - -# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty -;instance_name = ${HOSTNAME} - -#################################### Paths #################################### -[paths] -# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used) -;data = /var/lib/grafana - -# Directory where grafana can store logs -;logs = /var/log/grafana - -# Directory where grafana will automatically scan and look for plugins -;plugins = /var/lib/grafana/plugins - -# folder that contains provisioning config files that grafana will apply on startup and while running. -;provisioning = conf/provisioning - -#################################### Server #################################### -[server] -# Protocol (http, https, socket) -protocol = https - -# The ip address to bind to, empty will bind to all interfaces -;http_addr = - -# The http port to use -;http_port = 3000 - -# The public facing domain name used to access grafana from a browser -domain = internal-metrics.solana.com - -# Redirect to correct domain if host header does not match domain -# Prevents DNS rebinding attacks -;enforce_domain = false - -# The full public facing url you use in browser, used for redirects and emails -# If you use reverse proxy and sub path specify full url (with sub path) -;root_url = http://internal-metrics.solana.com:3000 - -# Log web requests -;router_logging = false - -# the path relative working path -;static_root_path = public - -# enable gzip -;enable_gzip = false - -# https certs & key file -cert_file = /certs/fullchain.pem -cert_key = /certs/privkey.pem - -# Unix socket path -;socket = - -#################################### Database #################################### -[database] -# You can configure the database connection by specifying type, host, name, user and password -# as separate properties or as on string using the url properties. - -# Either "mysql", "postgres" or "sqlite3", it's your choice -;type = sqlite3 -;host = 127.0.0.1:3306 -;name = grafana -;user = root -# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" -;password = - -# Use either URL or the previous fields to configure the database -# Example: mysql://user:secret@host:port/database -;url = - -# For "postgres" only, either "disable", "require" or "verify-full" -;ssl_mode = disable - -# For "sqlite3" only, path relative to data_path setting -;path = grafana.db - -# Max idle conn setting default is 2 -;max_idle_conn = 2 - -# Max conn setting default is 0 (mean not set) -;max_open_conn = - -# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours) -;conn_max_lifetime = 14400 - -# Set to true to log the sql calls and execution times. -log_queries = - -#################################### Session #################################### -[session] -# Either "memory", "file", "redis", "mysql", "postgres", default is "file" -;provider = file - -# Provider config options -# memory: not have any config yet -# file: session dir path, is relative to grafana data_path -# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana` -# mysql: go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1:3306)/database_name` -# postgres: user=a password=b host=localhost port=5432 dbname=c sslmode=disable -;provider_config = sessions - -# Session cookie name -;cookie_name = grafana_sess - -# If you use session in https only, default is false -;cookie_secure = false - -# Session life time, default is 86400 -;session_life_time = 86400 - -#################################### Data proxy ########################### -[dataproxy] - -# This enables data proxy logging, default is false -;logging = false - -#################################### Analytics #################################### -[analytics] -# Server reporting, sends usage counters to stats.grafana.org every 24 hours. -# No ip addresses are being tracked, only simple counters to track -# running instances, dashboard and error counts. It is very helpful to us. -# Change this option to false to disable reporting. -;reporting_enabled = true - -# Set to false to disable all checks to https://grafana.net -# for new vesions (grafana itself and plugins), check is used -# in some UI views to notify that grafana or plugin update exists -# This option does not cause any auto updates, nor send any information -# only a GET request to http://grafana.com to get latest versions -;check_for_updates = true - -# Google Analytics universal tracking code, only enabled if you specify an id here -;google_analytics_ua_id = - -#################################### Security #################################### -[security] -# default admin user, created on startup -admin_user = $ADMIN_USER_GRAFANA - -# default admin password, can be changed before first start of grafana, or in profile settings -admin_password = $ADMIN_PASSWORD_GRAFANA -# used for signing -;secret_key = SW2YcwTIb9zpOOhoPsMm - -# Auto-login remember days -;login_remember_days = 7 -;cookie_username = grafana_user -;cookie_remember_name = grafana_remember - -# disable gravatar profile images -;disable_gravatar = false - -# data source proxy whitelist (ip_or_domain:port separated by spaces) -;data_source_proxy_whitelist = - -# disable protection against brute force login attempts -;disable_brute_force_login_protection = false - -#################################### Snapshots ########################### -[snapshots] -# snapshot sharing options -;external_enabled = true -;external_snapshot_url = https://snapshots-origin.raintank.io -;external_snapshot_name = Publish to snapshot.raintank.io - -# remove expired snapshot -;snapshot_remove_expired = true - -#################################### Dashboards History ################## -[dashboards] -# Number dashboard versions to keep (per dashboard). Default: 20, Minimum: 1 -;versions_to_keep = 20 - -#################################### Users ############################### -[users] -# disable user signup / registration -;allow_sign_up = true - -# Allow non admin users to create organizations -;allow_org_create = true - -# Set to true to automatically assign new users to the default organization (id 1) -auto_assign_org = true - -# Default role new users will be automatically assigned (if disabled above is set to true) -auto_assign_org_role = Editor - -# Background text for the user field on the login page -;login_hint = email or username - -# Default UI theme ("dark" or "light") -;default_theme = dark - -# External user management, these options affect the organization users view -;external_manage_link_url = -;external_manage_link_name = -;external_manage_info = - -# Viewers can edit/inspect dashboard settings in the browser. But not save the dashboard. -viewers_can_edit = false - -[auth] -# Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false -;disable_login_form = false - -# Set to true to disable the signout link in the side menu. useful if you use auth.proxy, defaults to false -;disable_signout_menu = false - -# URL to redirect the user to after sign out -;signout_redirect_url = - -#################################### Anonymous Auth ########################## -[auth.anonymous] -# enable anonymous access -enabled = true - -# specify organization name that should be used for unauthenticated users -org_name = Solana Public - -# specify role for unauthenticated users -org_role = Viewer - -#################################### Github Auth ########################## -[auth.github] -#enabled = true -#allow_sign_up = true -#client_id = -#client_secret = -#scopes = user:email,read:org -#auth_url = https://github.com/login/oauth/authorize -#token_url = https://github.com/login/oauth/access_token -#api_url = https://api.github.com/user -;team_ids = -#allowed_organizations = solana-labs - -#################################### Google Auth ########################## -[auth.google] -enabled = true -allow_sign_up = true -client_id =$GOOGLE_CLIENT_ID -client_secret =$GOOGLE_CLIENT_SECRET -scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email -auth_url = https://accounts.google.com/o/oauth2/auth -token_url = https://accounts.google.com/o/oauth2/token -api_url = https://www.googleapis.com/oauth2/v1/userinfo -allowed_domains = solana.com,jito.wtf,jumpcrypto.com,certus.one -#################################### Generic OAuth ########################## -[auth.generic_oauth] -;enabled = false -;name = OAuth -;allow_sign_up = true -;client_id = some_id -;client_secret = some_secret -;scopes = user:email,read:org -;auth_url = https://foo.bar/login/oauth/authorize -;token_url = https://foo.bar/login/oauth/access_token -;api_url = https://foo.bar/user -;team_ids = -;allowed_organizations = - -#################################### Grafana.com Auth #################### -[auth.grafana_com] -;enabled = false -;allow_sign_up = true -;client_id = some_id -;client_secret = some_secret -;scopes = user:email -;allowed_organizations = - -#################################### Auth Proxy ########################## -[auth.proxy] -;enabled = false -;header_name = X-WEBAUTH-USER -;header_property = username -;auto_sign_up = true -;ldap_sync_ttl = 60 -;whitelist = 192.168.1.1, 192.168.2.1 - -#################################### Basic Auth ########################## -[auth.basic] -;enabled = true - -#################################### Auth LDAP ########################## -[auth.ldap] -;enabled = false -;config_file = /etc/grafana/ldap.toml -;allow_sign_up = true - -#################################### SMTP / Emailing ########################## -[smtp] -;enabled = false -;host = localhost:25 -;user = -# If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;""" -;password = -;cert_file = -;key_file = -;skip_verify = false -;from_address = admin@grafana.localhost -;from_name = Grafana -# EHLO identity in SMTP dialog (defaults to instance_name) -;ehlo_identity = dashboard.example.com - -[emails] -;welcome_email_on_sign_up = false - -#################################### Logging ########################## -[log] -# Either "console", "file", "syslog". Default is console and file -# Use space to separate multiple modes, e.g. "console file" -;mode = console file - -# Either "debug", "info", "warn", "error", "critical", default is "info" -;level = info - -# optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug -;filters = - -# For "console" mode only -[log.console] -;level = - -# log line format, valid options are text, console and json -;format = console - -# For "file" mode only -[log.file] -;level = - -# log line format, valid options are text, console and json -;format = text - -# This enables automated log rotate(switch of following options), default is true -;log_rotate = true - -# Max line number of single file, default is 1000000 -;max_lines = 1000000 - -# Max size shift of single file, default is 28 means 1 << 28, 256MB -;max_size_shift = 28 - -# Segment log daily, default is true -;daily_rotate = true - -# Expired days of log file(delete after max days), default is 7 -;max_days = 7 - -[log.syslog] -;level = - -# log line format, valid options are text, console and json -;format = text - -# Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used. -;network = -;address = - -# Syslog facility. user, daemon and local0 through local7 are valid. -;facility = - -# Syslog tag. By default, the process' argv[0] is used. -;tag = - -#################################### Alerting ############################ -[alerting] -# Disable alerting engine & UI features -;enabled = true -# Makes it possible to turn off alert rule execution but alerting UI is visible -;execute_alerts = true - -#################################### Explore ############################# -[explore] -# Enable the Explore section -enabled = false - -#################################### Internal Grafana Metrics ########################## -# Metrics available at HTTP API Url /metrics -[metrics] -# Disable / Enable internal metrics -;enabled = true - -# Publish interval -;interval_seconds = 10 - -# Send internal metrics to Graphite -[metrics.graphite] -# Enable by setting the address setting (ex localhost:2003) -;address = -;prefix = prod.grafana.%(instance_name)s. - -#################################### Distributed tracing ############ -[tracing.jaeger] -# Enable by setting the address sending traces to jaeger (ex localhost:6831) -;address = localhost:6831 -# Tag that will always be included in when creating new spans. ex (tag1:value1,tag2:value2) -;always_included_tag = tag1:value1 -# Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote -;sampler_type = const -# jaeger samplerconfig param -# for "const" sampler, 0 or 1 for always false/true respectively -# for "probabilistic" sampler, a probability between 0 and 1 -# for "rateLimiting" sampler, the number of spans per second -# for "remote" sampler, param is the same as for "probabilistic" -# and indicates the initial sampling rate before the actual one -# is received from the mothership -;sampler_param = 1 - -#################################### Grafana.com integration ########################## -# Url used to to import dashboards directly from Grafana.com -[grafana_com] -;url = https://grafana.com - -#################################### External image storage ########################## -[external_image_storage] -# Used for uploading images to public servers so they can be included in slack/email messages. -# you can choose between (s3, webdav, gcs, azure_blob, local) -;provider = - -[external_image_storage.s3] -;bucket = -;region = -;path = -;access_key = -;secret_key = - -[external_image_storage.webdav] -;url = -;public_url = -;username = -;password = - -[external_image_storage.gcs] -;key_file = -;bucket = -;path = - -[external_image_storage.azure_blob] -;account_name = -;account_key = -;container_name = - -[external_image_storage.local] -# does not require any configuration diff --git a/metrics/metrics-internal/grafana_internal.sh b/metrics/metrics-internal/grafana_internal.sh deleted file mode 100644 index 33b38590f..000000000 --- a/metrics/metrics-internal/grafana_internal.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash -ex -# -# (Re)starts the Grafana containers -# - -cd "$(dirname "$0")" - -if [[ -z $HOST ]]; then - HOST=internal-metrics.solana.com -fi -echo "HOST: $HOST" - -: "${GRAFANA_IMAGE:=grafana/grafana:9.4.7}" - -# remove the container -container=grafana_internal -[[ -w /var/lib/$container ]] -[[ -x /var/lib/$container ]] - -( - set +e - sudo docker kill $container - sudo docker rm -f $container - exit 0 -) - -pwd -rm -rf certs -mkdir -p certs -chmod 700 certs -sudo cp /etc/letsencrypt/live/"$HOST"/fullchain.pem certs/ -sudo cp /etc/letsencrypt/live/"$HOST"/privkey.pem certs/ -sudo chmod 0444 certs/* -sudo chown buildkite-agent:buildkite-agent certs - -#(Re)start the container -sudo docker run \ - --detach \ - --name=grafana_internal \ - --net=influxdb \ - --publish 3000:3000 \ - --user root:root \ - --env GF_PATHS_CONFIG=/grafana.ini \ - --env GF_AUTH_GOOGLE_CLIENT_ID="$GOOGLE_CLIENT_ID" \ - --env GF_AUTH_GOOGLE_CLIENT_SECRET="$GOOGLE_CLIENT_SECRET" \ - --env GF_SECURITY_ADMIN_USER="$ADMIN_USER_GRAFANA" \ - --env GF_SECURITY_ADMIN_PASSWORD="$ADMIN_PASSWORD_GRAFANA" \ - --volume "$PWD"/certs:/certs:ro \ - --volume "$PWD"/grafana-"$HOST".ini:/grafana.ini:ro \ - --volume /var/lib/grafana:/var/lib/grafana \ - --log-opt max-size=1g \ - --log-opt max-file=5 \ - $GRAFANA_IMAGE diff --git a/metrics/metrics-internal/host.sh b/metrics/metrics-internal/host.sh deleted file mode 100644 index 9575960b1..000000000 --- a/metrics/metrics-internal/host.sh +++ /dev/null @@ -1,6 +0,0 @@ -# |source| me - -if [[ -z $HOST ]]; then - HOST=internal-metrics.solana.com -fi -echo "HOST: $HOST" diff --git a/metrics/metrics-internal/influxdb.conf b/metrics/metrics-internal/influxdb.conf deleted file mode 100644 index c9ff9b026..000000000 --- a/metrics/metrics-internal/influxdb.conf +++ /dev/null @@ -1,142 +0,0 @@ -reporting-disabled = false -bind-address = "127.0.0.1:8088" - -[meta] - dir = "/var/lib/influxdb/meta" - retention-autocreate = true - logging-enabled = true - -[data] - dir = "/var/lib/influxdb/data" - index-version = "inmem" - wal-dir = "/var/lib/influxdb/wal" - wal-fsync-delay = "0s" - query-log-enabled = true - cache-max-memory-size = "50g" - cache-snapshot-memory-size = 26214400 - cache-snapshot-write-cold-duration = "10m0s" - compact-full-write-cold-duration = "4h0m0s" - max-series-per-database = 0 - max-values-per-tag = 0 - max-concurrent-compactions = 0 - max-index-log-file-size = 1048576 - trace-logging-enabled = false - -[coordinator] - write-timeout = "20s" - max-concurrent-queries = 0 - query-timeout = "120s" - log-queries-after = "10s" - max-select-point = 0 - max-select-series = 0 - max-select-buckets = 0 - -[retention] - enabled = true - check-interval = "30m0s" - -[shard-precreation] - enabled = true - check-interval = "10m0s" - advance-period = "30m0s" - -[monitor] - store-enabled = true - store-database = "_internal" - store-interval = "10s" - -[subscriber] - enabled = true - http-timeout = "30s" - insecure-skip-verify = false - ca-certs = "" - write-concurrency = 200 - write-buffer-size = 10000 - -[http] - enabled = true - bind-address = ":8086" - auth-enabled = true - log-enabled = true - write-tracing = false - pprof-enabled = true - debug-pprof-enabled = false - https-enabled = true - https-certificate = "/certs/fullchain.pem" - https-private-key = "/certs/privkey.pem" - max-row-limit = 0 - max-connection-limit = 0 - shared-secret = "" - realm = "Solana InfluxDB" - unix-socket-enabled = false - bind-socket = "/var/run/influxdb.sock" - max-body-size = 25000000 - access-log-path = "" - flux-enabled=true - -[logging] - format = "auto" - level = "info" - suppress-logo = false - -[ifql] - enabled = false - log-enabled = true - bind-address = ":8082" - -[[graphite]] - enabled = false - bind-address = ":2003" - database = "graphite" - retention-policy = "" - protocol = "tcp" - batch-size = 5000 - batch-pending = 10 - batch-timeout = "1s" - consistency-level = "one" - separator = "." - udp-read-buffer = 0 - -[[collectd]] - enabled = false - bind-address = ":25826" - database = "collectd" - retention-policy = "" - batch-size = 5000 - batch-pending = 10 - batch-timeout = "10s" - read-buffer = 0 - typesdb = "/usr/share/collectd/types.db" - security-level = "none" - auth-file = "/etc/collectd/auth_file" - parse-multivalue-plugin = "split" - -[[opentsdb]] - enabled = false - bind-address = ":4242" - database = "opentsdb" - retention-policy = "" - consistency-level = "one" - tls-enabled = false - certificate = "/etc/ssl/influxdb.pem" - batch-size = 1000 - batch-pending = 5 - batch-timeout = "1s" - log-point-errors = true - -[[udp]] - enabled = false - bind-address = ":8089" - database = "udp" - retention-policy = "" - batch-size = 5000 - batch-pending = 10 - read-buffer = 0 - batch-timeout = "1s" - precision = "" - -[continuous_queries] - log-enabled = true - enabled = true - query-stats-enabled = false - run-interval = "1s" diff --git a/metrics/metrics-internal/influxdb_internal.sh b/metrics/metrics-internal/influxdb_internal.sh deleted file mode 100644 index 44d816588..000000000 --- a/metrics/metrics-internal/influxdb_internal.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -ex -# -# (Re)starts the InfluxDB containers -# -cd "$(dirname "$0")" - -if [[ -z $HOST ]]; then - HOST=internal-metrics.solana.com -fi -echo "HOST: $HOST" - -: "${INFLUXDB_IMAGE:=influxdb:1.7}" - -# Remove the container -container=influxdb_internal -[[ -w /var/lib/$container ]] -[[ -x /var/lib/$container ]] - -( - set +e - sudo docker kill $container - sudo docker rm -f $container - exit 0 -) - -pwd -rm -rf certs -mkdir -p certs -chmod 700 certs -sudo cp /etc/letsencrypt/live/"$HOST"/fullchain.pem certs/ -sudo cp /etc/letsencrypt/live/"$HOST"/privkey.pem certs/ -sudo chmod 0444 certs/* -sudo chown buildkite-agent:buildkite-agent certs - -# (Re) start the container -sudo docker run \ - --detach \ - --name=influxdb_internal \ - --net=influxdb \ - --publish 8086:8086 \ - --user "$(id -u):$(id -g)" \ - --env INFLUXDB_ADMIN_USER="$INFLUXDB_USERNAME" \ - --env INFLUXDB_ADMIN_PASSWORD="$INLUXDB_PASSWORD" \ - --volume "$PWD"/certs:/certs \ - --volume "$PWD"/influxdb.conf:/etc/influxdb/influxdb.conf:ro \ - --volume /var/lib/influxdb:/var/lib/influxdb \ - --log-opt max-size=1g \ - --log-opt max-file=5 \ - --cpus=10 \ - $INFLUXDB_IMAGE -config /etc/influxdb/influxdb.conf diff --git a/metrics/metrics-internal/nginx/fastcgi.conf b/metrics/metrics-internal/nginx/fastcgi.conf deleted file mode 100644 index 091738c60..000000000 --- a/metrics/metrics-internal/nginx/fastcgi.conf +++ /dev/null @@ -1,26 +0,0 @@ - -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/metrics/metrics-internal/nginx/fastcgi_params b/metrics/metrics-internal/nginx/fastcgi_params deleted file mode 100644 index 28decb955..000000000 --- a/metrics/metrics-internal/nginx/fastcgi_params +++ /dev/null @@ -1,25 +0,0 @@ - -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/metrics/metrics-internal/nginx/koi-utf b/metrics/metrics-internal/nginx/koi-utf deleted file mode 100644 index e7974ff6a..000000000 --- a/metrics/metrics-internal/nginx/koi-utf +++ /dev/null @@ -1,109 +0,0 @@ - -# This map is not a full koi8-r <> utf8 map: it does not contain -# box-drawing and some other characters. Besides this map contains -# several koi8-u and Byelorussian letters which are not in koi8-r. -# If you need a full and standard map, use contrib/unicode2nginx/koi-utf -# map instead. - -charset_map koi8-r utf-8 { - - 80 E282AC ; # euro - - 95 E280A2 ; # bullet - - 9A C2A0 ; #   - - 9E C2B7 ; # · - - A3 D191 ; # small yo - A4 D194 ; # small Ukrainian ye - - A6 D196 ; # small Ukrainian i - A7 D197 ; # small Ukrainian yi - - AD D291 ; # small Ukrainian soft g - AE D19E ; # small Byelorussian short u - - B0 C2B0 ; # ° - - B3 D081 ; # capital YO - B4 D084 ; # capital Ukrainian YE - - B6 D086 ; # capital Ukrainian I - B7 D087 ; # capital Ukrainian YI - - B9 E28496 ; # numero sign - - BD D290 ; # capital Ukrainian soft G - BE D18E ; # capital Byelorussian short U - - BF C2A9 ; # (C) - - C0 D18E ; # small yu - C1 D0B0 ; # small a - C2 D0B1 ; # small b - C3 D186 ; # small ts - C4 D0B4 ; # small d - C5 D0B5 ; # small ye - C6 D184 ; # small f - C7 D0B3 ; # small g - C8 D185 ; # small kh - C9 D0B8 ; # small i - CA D0B9 ; # small j - CB D0BA ; # small k - CC D0BB ; # small l - CD D0BC ; # small m - CE D0BD ; # small n - CF D0BE ; # small o - - D0 D0BF ; # small p - D1 D18F ; # small ya - D2 D180 ; # small r - D3 D181 ; # small s - D4 D182 ; # small t - D5 D183 ; # small u - D6 D0B6 ; # small zh - D7 D0B2 ; # small v - D8 D18C ; # small soft sign - D9 D18B ; # small y - DA D0B7 ; # small z - DB D188 ; # small sh - DC D18D ; # small e - DD D189 ; # small shch - DE D187 ; # small ch - DF D18A ; # small hard sign - - E0 D0AE ; # capital YU - E1 D090 ; # capital A - E2 D091 ; # capital B - E3 D0A6 ; # capital TS - E4 D094 ; # capital D - E5 D095 ; # capital YE - E6 D0A4 ; # capital F - E7 D093 ; # capital G - E8 D0A5 ; # capital KH - E9 D098 ; # capital I - EA D099 ; # capital J - EB D09A ; # capital K - EC D09B ; # capital L - ED D09C ; # capital M - EE D09D ; # capital N - EF D09E ; # capital O - - F0 D09F ; # capital P - F1 D0AF ; # capital YA - F2 D0A0 ; # capital R - F3 D0A1 ; # capital S - F4 D0A2 ; # capital T - F5 D0A3 ; # capital U - F6 D096 ; # capital ZH - F7 D092 ; # capital V - F8 D0AC ; # capital soft sign - F9 D0AB ; # capital Y - FA D097 ; # capital Z - FB D0A8 ; # capital SH - FC D0AD ; # capital E - FD D0A9 ; # capital SHCH - FE D0A7 ; # capital CH - FF D0AA ; # capital hard sign -} diff --git a/metrics/metrics-internal/nginx/koi-win b/metrics/metrics-internal/nginx/koi-win deleted file mode 100644 index 72afabe89..000000000 --- a/metrics/metrics-internal/nginx/koi-win +++ /dev/null @@ -1,103 +0,0 @@ - -charset_map koi8-r windows-1251 { - - 80 88 ; # euro - - 95 95 ; # bullet - - 9A A0 ; #   - - 9E B7 ; # · - - A3 B8 ; # small yo - A4 BA ; # small Ukrainian ye - - A6 B3 ; # small Ukrainian i - A7 BF ; # small Ukrainian yi - - AD B4 ; # small Ukrainian soft g - AE A2 ; # small Byelorussian short u - - B0 B0 ; # ° - - B3 A8 ; # capital YO - B4 AA ; # capital Ukrainian YE - - B6 B2 ; # capital Ukrainian I - B7 AF ; # capital Ukrainian YI - - B9 B9 ; # numero sign - - BD A5 ; # capital Ukrainian soft G - BE A1 ; # capital Byelorussian short U - - BF A9 ; # (C) - - C0 FE ; # small yu - C1 E0 ; # small a - C2 E1 ; # small b - C3 F6 ; # small ts - C4 E4 ; # small d - C5 E5 ; # small ye - C6 F4 ; # small f - C7 E3 ; # small g - C8 F5 ; # small kh - C9 E8 ; # small i - CA E9 ; # small j - CB EA ; # small k - CC EB ; # small l - CD EC ; # small m - CE ED ; # small n - CF EE ; # small o - - D0 EF ; # small p - D1 FF ; # small ya - D2 F0 ; # small r - D3 F1 ; # small s - D4 F2 ; # small t - D5 F3 ; # small u - D6 E6 ; # small zh - D7 E2 ; # small v - D8 FC ; # small soft sign - D9 FB ; # small y - DA E7 ; # small z - DB F8 ; # small sh - DC FD ; # small e - DD F9 ; # small shch - DE F7 ; # small ch - DF FA ; # small hard sign - - E0 DE ; # capital YU - E1 C0 ; # capital A - E2 C1 ; # capital B - E3 D6 ; # capital TS - E4 C4 ; # capital D - E5 C5 ; # capital YE - E6 D4 ; # capital F - E7 C3 ; # capital G - E8 D5 ; # capital KH - E9 C8 ; # capital I - EA C9 ; # capital J - EB CA ; # capital K - EC CB ; # capital L - ED CC ; # capital M - EE CD ; # capital N - EF CE ; # capital O - - F0 CF ; # capital P - F1 DF ; # capital YA - F2 D0 ; # capital R - F3 D1 ; # capital S - F4 D2 ; # capital T - F5 D3 ; # capital U - F6 C6 ; # capital ZH - F7 C2 ; # capital V - F8 DC ; # capital soft sign - F9 DB ; # capital Y - FA C7 ; # capital Z - FB D8 ; # capital SH - FC DD ; # capital E - FD D9 ; # capital SHCH - FE D7 ; # capital CH - FF DA ; # capital hard sign -} diff --git a/metrics/metrics-internal/nginx/mime.types b/metrics/metrics-internal/nginx/mime.types deleted file mode 100644 index 89be9a4cd..000000000 --- a/metrics/metrics-internal/nginx/mime.types +++ /dev/null @@ -1,89 +0,0 @@ - -types { - text/html html htm shtml; - text/css css; - text/xml xml; - image/gif gif; - image/jpeg jpeg jpg; - application/javascript js; - application/atom+xml atom; - application/rss+xml rss; - - text/mathml mml; - text/plain txt; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/x-component htc; - - image/png png; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - image/svg+xml svg svgz; - image/webp webp; - - application/font-woff woff; - application/java-archive jar war ear; - application/json json; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.apple.mpegurl m3u8; - application/vnd.ms-excel xls; - application/vnd.ms-fontobject eot; - application/vnd.ms-powerpoint ppt; - application/vnd.wap.wmlc wmlc; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/x-7z-compressed 7z; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xspf+xml xspf; - application/zip zip; - - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream iso img; - application/octet-stream msi msp msm; - - application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; - application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; - - audio/midi mid midi kar; - audio/mpeg mp3; - audio/ogg ogg; - audio/x-m4a m4a; - audio/x-realaudio ra; - - video/3gpp 3gpp 3gp; - video/mp2t ts; - video/mp4 mp4; - video/mpeg mpeg mpg; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-m4v m4v; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; -} diff --git a/metrics/metrics-internal/nginx/modules-enabled/50-mod-http-image-filter.conf b/metrics/metrics-internal/nginx/modules-enabled/50-mod-http-image-filter.conf deleted file mode 100644 index dfa29399d..000000000 --- a/metrics/metrics-internal/nginx/modules-enabled/50-mod-http-image-filter.conf +++ /dev/null @@ -1 +0,0 @@ -load_module modules/ngx_http_image_filter_module.so; diff --git a/metrics/metrics-internal/nginx/modules-enabled/50-mod-http-xslt-filter.conf b/metrics/metrics-internal/nginx/modules-enabled/50-mod-http-xslt-filter.conf deleted file mode 100644 index a4f87ac30..000000000 --- a/metrics/metrics-internal/nginx/modules-enabled/50-mod-http-xslt-filter.conf +++ /dev/null @@ -1 +0,0 @@ -load_module modules/ngx_http_xslt_filter_module.so; diff --git a/metrics/metrics-internal/nginx/modules-enabled/50-mod-mail.conf b/metrics/metrics-internal/nginx/modules-enabled/50-mod-mail.conf deleted file mode 100644 index cfd4a4d23..000000000 --- a/metrics/metrics-internal/nginx/modules-enabled/50-mod-mail.conf +++ /dev/null @@ -1 +0,0 @@ -load_module modules/ngx_mail_module.so; diff --git a/metrics/metrics-internal/nginx/modules-enabled/50-mod-stream.conf b/metrics/metrics-internal/nginx/modules-enabled/50-mod-stream.conf deleted file mode 100644 index f2b265785..000000000 --- a/metrics/metrics-internal/nginx/modules-enabled/50-mod-stream.conf +++ /dev/null @@ -1 +0,0 @@ -load_module modules/ngx_stream_module.so; diff --git a/metrics/metrics-internal/nginx/nginx.conf b/metrics/metrics-internal/nginx/nginx.conf deleted file mode 100644 index a5834c4f9..000000000 --- a/metrics/metrics-internal/nginx/nginx.conf +++ /dev/null @@ -1,85 +0,0 @@ -user www-data; -worker_processes auto; -pid /run/nginx.pid; -include /etc/nginx/modules-enabled/*.conf; - -events { - worker_connections 768; - # multi_accept on; -} - -http { - - ## - # Basic Settings - ## - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - # server_tokens off; - - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - ## - # SSL Settings - ## - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE - ssl_prefer_server_ciphers on; - - ## - # Logging Settings - ## - - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; - - ## - # Gzip Settings - ## - - gzip on; - - # gzip_vary on; - # gzip_proxied any; - # gzip_comp_level 6; - # gzip_buffers 16 8k; - # gzip_http_version 1.1; - # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; - - ## - # Virtual Host Configs - ## - - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; -} - - -#mail { -# # See sample authentication script at: -# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript -# -# # auth_http localhost/auth.php; -# # pop3_capabilities "TOP" "USER"; -# # imap_capabilities "IMAP4rev1" "UIDPLUS"; -# -# server { -# listen localhost:110; -# protocol pop3; -# proxy on; -# } -# -# server { -# listen localhost:143; -# protocol imap; -# proxy on; -# } -#} diff --git a/metrics/metrics-internal/nginx/proxy_params b/metrics/metrics-internal/nginx/proxy_params deleted file mode 100644 index df75bc5d7..000000000 --- a/metrics/metrics-internal/nginx/proxy_params +++ /dev/null @@ -1,4 +0,0 @@ -proxy_set_header Host $http_host; -proxy_set_header X-Real-IP $remote_addr; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto $scheme; diff --git a/metrics/metrics-internal/nginx/scgi_params b/metrics/metrics-internal/nginx/scgi_params deleted file mode 100644 index 6d4ce4f3e..000000000 --- a/metrics/metrics-internal/nginx/scgi_params +++ /dev/null @@ -1,17 +0,0 @@ - -scgi_param REQUEST_METHOD $request_method; -scgi_param REQUEST_URI $request_uri; -scgi_param QUERY_STRING $query_string; -scgi_param CONTENT_TYPE $content_type; - -scgi_param DOCUMENT_URI $document_uri; -scgi_param DOCUMENT_ROOT $document_root; -scgi_param SCGI 1; -scgi_param SERVER_PROTOCOL $server_protocol; -scgi_param REQUEST_SCHEME $scheme; -scgi_param HTTPS $https if_not_empty; - -scgi_param REMOTE_ADDR $remote_addr; -scgi_param REMOTE_PORT $remote_port; -scgi_param SERVER_PORT $server_port; -scgi_param SERVER_NAME $server_name; diff --git a/metrics/metrics-internal/nginx/sites-available/default b/metrics/metrics-internal/nginx/sites-available/default deleted file mode 100644 index 7a2aa47a8..000000000 --- a/metrics/metrics-internal/nginx/sites-available/default +++ /dev/null @@ -1,107 +0,0 @@ -## -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - -# Default server configuration -# -server { - listen 80 default_server; - listen [::]:80 default_server; - - # SSL configuration - # - # listen 443 ssl default_server; - # listen [::]:443 ssl default_server; - # - # Note: You should disable gzip for SSL traffic. - # See: https://bugs.debian.org/773332 - # - # Read up on ssl_ciphers to ensure a secure configuration. - # See: https://bugs.debian.org/765782 - # - # Self signed certs generated by the ssl-cert package - # Don't use them in a production server! - # - # include snippets/snakeoil.conf; - - root /var/www/html; - - # Add index.php to the list if you are using PHP - index index.html index.htm index.nginx-debian.html; - - server_name _; - - location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ =404; - } - - # pass PHP scripts to FastCGI server - # - #location ~ \.php$ { - # include snippets/fastcgi-php.conf; - # - # # With php-fpm (or other unix sockets): - # fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; - # # With php-cgi (or other tcp sockets): - # fastcgi_pass 127.0.0.1:9000; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - - -# Virtual Host configuration for example.com -# -# You can move that to a different file under sites-available/ and symlink that -# to sites-enabled/ to enable it. -# -#server { -# listen 80; -# listen [::]:80; -# -# server_name example.com; -# -# root /var/www/example.com; -# index index.html; -# -# location / { -# try_files $uri $uri/ =404; -# } -#} -server { - listen 80; - # root /usr/share/nginx/html; - # index index.html index.htm; - - server_name http://10.138.0.13; - location / { - proxy_pass http://10.138.0.13:3000; -# rewrite ^/(.*) /$1 break; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; -# proxy_cache_pass $http_upgrade; - } -} diff --git a/metrics/metrics-internal/nginx/sites-available/default-back b/metrics/metrics-internal/nginx/sites-available/default-back deleted file mode 100644 index 9117e378e..000000000 --- a/metrics/metrics-internal/nginx/sites-available/default-back +++ /dev/null @@ -1,91 +0,0 @@ -## -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - -# Default server configuration -# -server { - listen 80 default_server; - listen [::]:80 default_server; - - # SSL configuration - # - # listen 443 ssl default_server; - # listen [::]:443 ssl default_server; - # - # Note: You should disable gzip for SSL traffic. - # See: https://bugs.debian.org/773332 - # - # Read up on ssl_ciphers to ensure a secure configuration. - # See: https://bugs.debian.org/765782 - # - # Self signed certs generated by the ssl-cert package - # Don't use them in a production server! - # - # include snippets/snakeoil.conf; - - root /var/www/html; - - # Add index.php to the list if you are using PHP - index index.html index.htm index.nginx-debian.html; - - server_name _; - - location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ =404; - } - - # pass PHP scripts to FastCGI server - # - #location ~ \.php$ { - # include snippets/fastcgi-php.conf; - # - # # With php-fpm (or other unix sockets): - # fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; - # # With php-cgi (or other tcp sockets): - # fastcgi_pass 127.0.0.1:9000; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - - -# Virtual Host configuration for example.com -# -# You can move that to a different file under sites-available/ and symlink that -# to sites-enabled/ to enable it. -# -#server { -# listen 80; -# listen [::]:80; -# -# server_name example.com; -# -# root /var/www/example.com; -# index index.html; -# -# location / { -# try_files $uri $uri/ =404; -# } -#} diff --git a/metrics/metrics-internal/nginx/sites-enabled/default b/metrics/metrics-internal/nginx/sites-enabled/default deleted file mode 100755 index 7cd6f4491..000000000 --- a/metrics/metrics-internal/nginx/sites-enabled/default +++ /dev/null @@ -1,37 +0,0 @@ -server { - listen 80; - return 301 https://$host$request_uri; -} - -server { - - listen 443; - server_name internal-metrics.solana.com; - - # ssl_certificate /etc/nginx/cert.crt; - # ssl_certificate_key /etc/nginx/cert.key; - ssl_certificate /home/okcan/metrics-solana-com/certs/fullchain.pem; - ssl_certificate_key /home/okcan/metrics-solana-com/certs/privkey.pem; - - ssl on; - ssl_session_cache builtin:1000 shared:SSL:10m; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; - ssl_prefer_server_ciphers on; - - access_log /var/log/nginx/jenkins.access.log; - - location / { - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Fix the “It appears that your reverse proxy set up is broken" error. - proxy_pass https://internal-metrics.solana.com:3000; - proxy_read_timeout 90; - - proxy_redirect https://internal-metrics.solana.com:3000 https://internal-metrics.solana.com; - } - } diff --git a/metrics/metrics-internal/nginx/sites-enabled/default.bck b/metrics/metrics-internal/nginx/sites-enabled/default.bck deleted file mode 100644 index 7a2aa47a8..000000000 --- a/metrics/metrics-internal/nginx/sites-enabled/default.bck +++ /dev/null @@ -1,107 +0,0 @@ -## -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - -# Default server configuration -# -server { - listen 80 default_server; - listen [::]:80 default_server; - - # SSL configuration - # - # listen 443 ssl default_server; - # listen [::]:443 ssl default_server; - # - # Note: You should disable gzip for SSL traffic. - # See: https://bugs.debian.org/773332 - # - # Read up on ssl_ciphers to ensure a secure configuration. - # See: https://bugs.debian.org/765782 - # - # Self signed certs generated by the ssl-cert package - # Don't use them in a production server! - # - # include snippets/snakeoil.conf; - - root /var/www/html; - - # Add index.php to the list if you are using PHP - index index.html index.htm index.nginx-debian.html; - - server_name _; - - location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ =404; - } - - # pass PHP scripts to FastCGI server - # - #location ~ \.php$ { - # include snippets/fastcgi-php.conf; - # - # # With php-fpm (or other unix sockets): - # fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; - # # With php-cgi (or other tcp sockets): - # fastcgi_pass 127.0.0.1:9000; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - - -# Virtual Host configuration for example.com -# -# You can move that to a different file under sites-available/ and symlink that -# to sites-enabled/ to enable it. -# -#server { -# listen 80; -# listen [::]:80; -# -# server_name example.com; -# -# root /var/www/example.com; -# index index.html; -# -# location / { -# try_files $uri $uri/ =404; -# } -#} -server { - listen 80; - # root /usr/share/nginx/html; - # index index.html index.htm; - - server_name http://10.138.0.13; - location / { - proxy_pass http://10.138.0.13:3000; -# rewrite ^/(.*) /$1 break; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; -# proxy_cache_pass $http_upgrade; - } -} diff --git a/metrics/metrics-internal/nginx/snippets/fastcgi-php.conf b/metrics/metrics-internal/nginx/snippets/fastcgi-php.conf deleted file mode 100644 index 467a9e732..000000000 --- a/metrics/metrics-internal/nginx/snippets/fastcgi-php.conf +++ /dev/null @@ -1,13 +0,0 @@ -# regex to split $uri to $fastcgi_script_name and $fastcgi_path -fastcgi_split_path_info ^(.+?\.php)(/.*)$; - -# Check that the PHP script exists before passing it -try_files $fastcgi_script_name =404; - -# Bypass the fact that try_files resets $fastcgi_path_info -# see: http://trac.nginx.org/nginx/ticket/321 -set $path_info $fastcgi_path_info; -fastcgi_param PATH_INFO $path_info; - -fastcgi_index index.php; -include fastcgi.conf; diff --git a/metrics/metrics-internal/nginx/snippets/snakeoil.conf b/metrics/metrics-internal/nginx/snippets/snakeoil.conf deleted file mode 100644 index ad26c3e21..000000000 --- a/metrics/metrics-internal/nginx/snippets/snakeoil.conf +++ /dev/null @@ -1,5 +0,0 @@ -# Self signed certificates generated by the ssl-cert package -# Don't use them in a production server! - -ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; -ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; diff --git a/metrics/metrics-internal/nginx/uwsgi_params b/metrics/metrics-internal/nginx/uwsgi_params deleted file mode 100644 index 09c732cd6..000000000 --- a/metrics/metrics-internal/nginx/uwsgi_params +++ /dev/null @@ -1,17 +0,0 @@ - -uwsgi_param QUERY_STRING $query_string; -uwsgi_param REQUEST_METHOD $request_method; -uwsgi_param CONTENT_TYPE $content_type; -uwsgi_param CONTENT_LENGTH $content_length; - -uwsgi_param REQUEST_URI $request_uri; -uwsgi_param PATH_INFO $document_uri; -uwsgi_param DOCUMENT_ROOT $document_root; -uwsgi_param SERVER_PROTOCOL $server_protocol; -uwsgi_param REQUEST_SCHEME $scheme; -uwsgi_param HTTPS $https if_not_empty; - -uwsgi_param REMOTE_ADDR $remote_addr; -uwsgi_param REMOTE_PORT $remote_port; -uwsgi_param SERVER_PORT $server_port; -uwsgi_param SERVER_NAME $server_name; diff --git a/metrics/metrics-internal/nginx/win-utf b/metrics/metrics-internal/nginx/win-utf deleted file mode 100644 index 774fd9fc9..000000000 --- a/metrics/metrics-internal/nginx/win-utf +++ /dev/null @@ -1,125 +0,0 @@ -# This map is not a full windows-1251 <> utf8 map: it does not -# contain Serbian and Macedonian letters. If you need a full map, -# use contrib/unicode2nginx/win-utf map instead. - -charset_map windows-1251 utf-8 { - - 82 E2809A; # single low-9 quotation mark - - 84 E2809E; # double low-9 quotation mark - 85 E280A6; # ellipsis - 86 E280A0; # dagger - 87 E280A1; # double dagger - 88 E282AC; # euro - 89 E280B0; # per mille - - 91 E28098; # left single quotation mark - 92 E28099; # right single quotation mark - 93 E2809C; # left double quotation mark - 94 E2809D; # right double quotation mark - 95 E280A2; # bullet - 96 E28093; # en dash - 97 E28094; # em dash - - 99 E284A2; # trade mark sign - - A0 C2A0; #   - A1 D18E; # capital Byelorussian short U - A2 D19E; # small Byelorussian short u - - A4 C2A4; # currency sign - A5 D290; # capital Ukrainian soft G - A6 C2A6; # borken bar - A7 C2A7; # section sign - A8 D081; # capital YO - A9 C2A9; # (C) - AA D084; # capital Ukrainian YE - AB C2AB; # left-pointing double angle quotation mark - AC C2AC; # not sign - AD C2AD; # soft hypen - AE C2AE; # (R) - AF D087; # capital Ukrainian YI - - B0 C2B0; # ° - B1 C2B1; # plus-minus sign - B2 D086; # capital Ukrainian I - B3 D196; # small Ukrainian i - B4 D291; # small Ukrainian soft g - B5 C2B5; # micro sign - B6 C2B6; # pilcrow sign - B7 C2B7; # · - B8 D191; # small yo - B9 E28496; # numero sign - BA D194; # small Ukrainian ye - BB C2BB; # right-pointing double angle quotation mark - - BF D197; # small Ukrainian yi - - C0 D090; # capital A - C1 D091; # capital B - C2 D092; # capital V - C3 D093; # capital G - C4 D094; # capital D - C5 D095; # capital YE - C6 D096; # capital ZH - C7 D097; # capital Z - C8 D098; # capital I - C9 D099; # capital J - CA D09A; # capital K - CB D09B; # capital L - CC D09C; # capital M - CD D09D; # capital N - CE D09E; # capital O - CF D09F; # capital P - - D0 D0A0; # capital R - D1 D0A1; # capital S - D2 D0A2; # capital T - D3 D0A3; # capital U - D4 D0A4; # capital F - D5 D0A5; # capital KH - D6 D0A6; # capital TS - D7 D0A7; # capital CH - D8 D0A8; # capital SH - D9 D0A9; # capital SHCH - DA D0AA; # capital hard sign - DB D0AB; # capital Y - DC D0AC; # capital soft sign - DD D0AD; # capital E - DE D0AE; # capital YU - DF D0AF; # capital YA - - E0 D0B0; # small a - E1 D0B1; # small b - E2 D0B2; # small v - E3 D0B3; # small g - E4 D0B4; # small d - E5 D0B5; # small ye - E6 D0B6; # small zh - E7 D0B7; # small z - E8 D0B8; # small i - E9 D0B9; # small j - EA D0BA; # small k - EB D0BB; # small l - EC D0BC; # small m - ED D0BD; # small n - EE D0BE; # small o - EF D0BF; # small p - - F0 D180; # small r - F1 D181; # small s - F2 D182; # small t - F3 D183; # small u - F4 D184; # small f - F5 D185; # small kh - F6 D186; # small ts - F7 D187; # small ch - F8 D188; # small sh - F9 D189; # small shch - FA D18A; # small hard sign - FB D18B; # small y - FC D18C; # small soft sign - FD D18D; # small e - FE D18E; # small yu - FF D18F; # small ya -} diff --git a/metrics/metrics-internal/start.sh b/metrics/metrics-internal/start.sh deleted file mode 100644 index f93b07518..000000000 --- a/metrics/metrics-internal/start.sh +++ /dev/null @@ -1,125 +0,0 @@ -#!/bin/bash -ex -# -# (Re)starts the InfluxDB/Chronograf containers -# - -cd "$(dirname "$0")" - -if [[ -z $HOST ]]; then - HOST=internal-metrics.solana.com -fi -echo "HOST: $HOST" - -: "${INFLUXDB_IMAGE:=influxdb:1.7}" -: "${CHRONOGRAF_IMAGE:=chronograf:1.8.8}" -: "${GRAFANA_IMAGE:=grafana/grafana:8.3.1}" - -docker pull $INFLUXDB_IMAGE -docker pull $CHRONOGRAF_IMAGE -docker pull $GRAFANA_IMAGE - -for container in influxdb_internal chronograf_8888_internal chronograf_8889_internal grafana_internal; do - [[ -w /var/lib/$container ]] - [[ -x /var/lib/$container ]] - - ( - set +e - sudo docker kill $container - sudo docker rm -f $container - exit 0 - ) -done - -sudo docker network remove influxdb || true -sudo docker network create influxdb -pwd -rm -rf certs -mkdir -p certs -chmod 700 certs -sudo cp /etc/letsencrypt/live/"$HOST"/fullchain.pem certs/ -sudo cp /etc/letsencrypt/live/"$HOST"/privkey.pem certs/ -sudo chmod 0444 certs/* -sudo chown buildkite-agent:buildkite-agent certs - -sudo docker run \ - --detach \ - --name=grafana_internal \ - --net=influxdb \ - --publish 3000:3000 \ - --user root:root \ - --env GF_PATHS_CONFIG=/grafana.ini \ - --env GF_AUTH_GOOGLE_CLIENT_ID="$GOOGLE_CLIENT_ID" \ - --env GF_AUTH_GOOGLE_CLIENT_SECRET="$GOOGLE_CLIENT_SECRET" \ - --env GF_SECURITY_ADMIN_USER="$ADMIN_USER_GRAFANA" \ - --env GF_SECURITY_ADMIN_PASSWORD="$ADMIN_PASSWORD_GRAFANA" \ - --volume "$PWD"/certs:/certs:ro \ - --volume "$PWD"/grafana-"$HOST".ini:/grafana.ini:ro \ - --volume /var/lib/grafana:/var/lib/grafana \ - --log-opt max-size=1g \ - --log-opt max-file=5 \ - $GRAFANA_IMAGE - -sudo docker run \ - --detach \ - --name=influxdb_internal \ - --net=influxdb \ - --publish 8086:8086 \ - --user "$(id -u):$(id -g)" \ - --env INFLUXDB_ADMIN_USER="$INFLUXDB_USERNAME" \ - --env INFLUXDB_ADMIN_PASSWORD="$INLUXDB_PASSWORD" \ - --volume "$PWD"/certs:/certs \ - --volume "$PWD"/influxdb.conf:/etc/influxdb/influxdb.conf:ro \ - --volume /var/lib/influxdb:/var/lib/influxdb \ - --log-opt max-size=1g \ - --log-opt max-file=5 \ - --cpus=10 \ - $INFLUXDB_IMAGE -config /etc/influxdb/influxdb.conf - -sleep 20s - -sudo docker run \ - --detach \ - --env AUTH_DURATION=24h \ - --env TLS_CERTIFICATE=/certs/fullchain.pem \ - --env TLS_PRIVATE_KEY=/certs/privkey.pem \ - --env GOOGLE_CLIENT_ID="$GOOGLE_CLIENT_ID_8889" \ - --env GOOGLE_CLIENT_SECRET="$GOOGLE_CLIENT_SECRET_8889" \ - --env GOOGLE_DOMAINS=solana.com,jito.wtf,jumpcrypto.com,certus.one,mango.markets \ - --env PUBLIC_URL=https://internal-metrics.solana.com:8889 \ - --env TOKEN_SECRET="$TOKEN_SECRET" \ - --env inactivity-duration=48h \ - --name=chronograf_8889_internal \ - --net=influxdb \ - --publish 8889:8888 \ - --user "$(id -u):$(id -g)" \ - --volume "$PWD"/certs:/certs \ - --volume /var/lib/chronograf_8889:/var/lib/chronograf \ - --log-opt max-size=1g \ - --log-opt max-file="5" \ - $CHRONOGRAF_IMAGE --influxdb-url=https://"$HOST":8086 --influxdb-username="$INFLUXDB_USERNAME" --influxdb-password="$INLUXDB_PASSWORD" --auth-duration="720h" --inactivity-duration="48h" - -sudo docker run \ - --detach \ - --env AUTH_DURATION=24h \ - --env TLS_CERTIFICATE=/certs/fullchain.pem \ - --env TLS_PRIVATE_KEY=/certs/privkey.pem \ - --env GOOGLE_CLIENT_ID="$GOOGLE_CLIENT_ID_8888" \ - --env GOOGLE_CLIENT_SECRET="$GOOGLE_CLIENT_SECRET_8888" \ - --env GOOGLE_DOMAINS=solana.com,jito.wtf,jumpcrypto.com,certus.one,mango.markets \ - --env PUBLIC_URL=https://internal-metrics.solana.com:8888 \ - --env TOKEN_SECRET="$TOKEN_SECRET" \ - --env inactivity-duration=48h \ - --name=chronograf_8888_internal \ - --net=influxdb \ - --publish 8888:8888 \ - --user "$(id -u):$(id -g)" \ - --volume "$PWD"/certs:/certs \ - --volume /var/lib/chronograf:/var/lib/chronograf \ - --log-opt max-size=1g \ - --log-opt max-file="5" \ - $CHRONOGRAF_IMAGE --influxdb-url=https://"$HOST":8086 --influxdb-username="$INFLUXDB_USERNAME" --influxdb-password="$INLUXDB_PASSWORD" --auth-duration="720h" --inactivity-duration="48h" - -curl -h | sed -ne '/--tlsv/p' -curl --retry 10 --retry-delay 5 -v --head https://"$HOST":8086/ping - -exit 0 diff --git a/metrics/metrics-internal/status.sh b/metrics/metrics-internal/status.sh deleted file mode 100644 index 902439dac..000000000 --- a/metrics/metrics-internal/status.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash - -cd "$(dirname "$0")" || exit - -if [[ -z $HOST ]]; then - HOST=internal-metrics.solana.com -fi -echo "HOST: $HOST" - -# List of containers -containers=("influxdb_internal" "chronograf_8889_internal" "chronograf_8888_internal" "grafana_internal") - -# Send a message to Discord -send_discord_message() { - local message="$1" - curl -sS -H "Content-Type: application/json" -X POST -d "{\"content\": \"$message\"}" "$DISCORD_WEBHOOK" -} - -# Send a critical alert to PagerDuty -send_pagerduty_alert() { - local description="$1" - curl -sS -H "Content-Type: application/json" -X POST -d "{\"event_action\": \"trigger\", \"payload\": {\"summary\": \"$description\", \"source\": \"Docker Monitor\", \"severity\": \"critical\"}}" "$PAGERDUTY_WEBHOOK" -} - -# Iterate over the containers and check their status -for container in "${containers[@]}"; do - container_status=$(docker inspect --format '{{.State.Status}}' "$container" 2>/dev/null) - - if [ "$container_status" != "running" ]; then - send_discord_message "$container is down and it's being redeployed..." - - # Run the container.sh script to redeploy the container - chmod +x "$container.sh" - ./"$container.sh" - sleep 10 - - # Check the container status again - container_status=$(docker inspect --format '{{.State.Status}}' "$container" 2>/dev/null) - - if [ "$container_status" != "running" ]; then - send_discord_message "$container failed to redeploy and manual intervention is required" - send_pagerduty_alert "$container failed to redeploy and manual intervention is required." - else - send_discord_message "$container has been redeployed successfully" - fi - fi -done diff --git a/metrics/metrics-main/README.md b/metrics/metrics-main/README.md deleted file mode 100644 index 632bb26d7..000000000 --- a/metrics/metrics-main/README.md +++ /dev/null @@ -1,18 +0,0 @@ -![image](https://user-images.githubusercontent.com/110216567/184346286-94e0b45f-19e9-4fc9-a1a3-2e50c6f12bf8.png) - -Services: -1. Prometheus -2. AlertManager -3. Chronograf (on port 8888) -4. Chronograf_8889 (on port 8889) -5. Grafana (on port 3000) -6. AlertManager_Discord -7. Kapacitor - -To install all the services on the metrics-main server you need to run the `start.sh` script. - -Install the Buildkite-agent to run the `status.sh` script to periodically check for the status of the containers. - -If any of the containers is not in running state or in exited state then it will try to redeploy the container, if it fails to do so an alert will be triggered to Discord and PagerDuty. - -**Note:** If you deleted or removed any of containers manually you need to run the `start.sh` script. diff --git a/metrics/metrics-main/alertmanager-discord.sh b/metrics/metrics-main/alertmanager-discord.sh deleted file mode 100644 index 6fb3d38c8..000000000 --- a/metrics/metrics-main/alertmanager-discord.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -ex -# -# (Re)starts the Alertmanager containers -# - -cd "$(dirname "$0")" - -if [[ -z $HOST ]]; then - HOST=metrics.solana.com -fi -echo "HOST: $HOST" - -: "${ALERTMANAGER_DISCORD_IMAGE:=benjojo/alertmanager-discord:latest}" - -# remove the container -container=alertmanager-discord -[[ -w /var/lib/$container ]] -[[ -x /var/lib/$container ]] - -( - set +e - sudo docker kill $container - sudo docker rm -f $container - exit 0 -) - -pwd -rm -rf certs -mkdir -p certs -chmod 700 certs -sudo cp /etc/letsencrypt/live/"$HOST"/fullchain.pem certs/ -sudo cp /etc/letsencrypt/live/"$HOST"/privkey.pem certs/ -sudo chmod 0444 certs/* - -# (Re) start the Alertmanager container -sudo docker run -it -d \ - --memory=10g \ - --publish 9094:9094 \ - --name=alertmanager-discord \ - --env DISCORD_WEBHOOK="$DISCORD_WEBHOOK_ALERTMANAGER" \ - $ALERTMANAGER_DISCORD_IMAGE diff --git a/metrics/metrics-main/alertmanager.sh b/metrics/metrics-main/alertmanager.sh deleted file mode 100755 index 05e983c76..000000000 --- a/metrics/metrics-main/alertmanager.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash -ex -# -# (Re)starts the Alertmanager containers -# - -cd "$(dirname "$0")" - -if [[ -z $HOST ]]; then - HOST=metrics.solana.com -fi -echo "HOST: $HOST" - -: "${ALERTMANAGER_IMAGE:=prom/alertmanager:v0.23.0}" - -# remove the container -container=alertmanager -[[ -w /var/lib/$container ]] -[[ -x /var/lib/$container ]] - -( - set +e - sudo docker kill $container - sudo docker rm -f $container - exit 0 -) - -pwd -rm -rf certs -mkdir -p certs -chmod 700 certs -sudo cp /etc/letsencrypt/live/"$HOST"/fullchain.pem certs/ -sudo cp /etc/letsencrypt/live/"$HOST"/privkey.pem certs/ -sudo chmod 0444 certs/* -sudo chown buildkite-agent:buildkite-agent certs - - -# (Re) start the Alertmanager container -sudo docker run -it -d \ - --memory=10g \ - --user root:root \ - --publish 9093:9093 \ - --name=alertmanager \ - --volume "$PWD"/alertmanager.yml:/etc/alertmanager/alertmanager.yml \ - --volume /etc/hosts:/etc/hosts \ - $ALERTMANAGER_IMAGE diff --git a/metrics/metrics-main/alertmanager.yml b/metrics/metrics-main/alertmanager.yml deleted file mode 100644 index e15a8f2f1..000000000 --- a/metrics/metrics-main/alertmanager.yml +++ /dev/null @@ -1,11 +0,0 @@ -route: - group_by: [AlertMe] - # If an alert isn't caught by a route, send it to the pager. - receiver: discord_webhook - -receivers: -- name: 'discord_webhook' - #pagerduty_configs: - #- service_key: cde8232f1c6d4f09c0884c5b0e5d5f86 - webhook_configs: - - url: 'http://10.128.0.11:9094' diff --git a/metrics/metrics-main/chronograf.sh b/metrics/metrics-main/chronograf.sh deleted file mode 100644 index 224920b6e..000000000 --- a/metrics/metrics-main/chronograf.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/bash -ex -# -# (Re)starts the Chronograf containers -# - -cd "$(dirname "$0")" - -if [[ -z $HOST ]]; then - HOST=metrics.solana.com -fi -echo "HOST: $HOST" - -: "${CHRONOGRAF_IMAGE:=chronograf:1.9.4}" - -# remove the container -container=chronograf -[[ -w /var/lib/$container ]] -[[ -x /var/lib/$container ]] - -( - set +e - sudo docker kill $container - sudo docker rm -f $container - exit 0 -) - -pwd -rm -rf certs -mkdir -p certs -chmod 700 certs -sudo cp /etc/letsencrypt/live/"$HOST"/fullchain.pem certs/ -sudo cp /etc/letsencrypt/live/"$HOST"/privkey.pem certs/ -sudo chmod 0444 certs/* -sudo chown buildkite-agent:buildkite-agent certs - - - -#(Re) start the container -sudo docker run \ - --memory=10g \ - --detach \ - --env AUTH_DURATION=24h \ - --env inactivity-duration=48h \ - --env GOOGLE_CLIENT_ID="$GOOGLE_CLIENT_ID_8888" \ - --env GOOGLE_CLIENT_SECRET="$GOOGLE_CLIENT_SECRET_8888" \ - --env PUBLIC_URL=https://metrics.solana.com:8888 \ - --env GOOGLE_DOMAINS=solana.com,jito.wtf,jumpcrypto.com,certus.one,mango.markets,influxdata.com,solana.org \ - --env TLS_CERTIFICATE=/certs/fullchain.pem \ - --env TLS_PRIVATE_KEY=/certs/privkey.pem \ - --env TOKEN_SECRET="$TOKEN_SECRET" \ - --name=chronograf \ - --net=influxdb \ - --publish 8888:8888 \ - --user 0:0 \ - --volume "$PWD"/certs:/certs \ - --volume /var/lib/chronograf:/var/lib/chronograf \ - --log-opt max-size=1g \ - --log-opt max-file=5 \ - $CHRONOGRAF_IMAGE --influxdb-url=https://metrics.solana.com:8086 --auth-duration="720h" --inactivity-duration="48h" diff --git a/metrics/metrics-main/chronograf_8889.sh b/metrics/metrics-main/chronograf_8889.sh deleted file mode 100644 index 928555b22..000000000 --- a/metrics/metrics-main/chronograf_8889.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash -ex -# -# (Re)starts the Chronograf_8889 containers -# - -cd "$(dirname "$0")" - -if [[ -z $HOST ]]; then - HOST=metrics.solana.com -fi -echo "HOST: $HOST" - -: "${CHRONOGRAF_IMAGE:=chronograf:1.9.4}" - -# remove the container -container=chronograf_8889 -[[ -w /var/lib/$container ]] -[[ -x /var/lib/$container ]] - -( - set +e - sudo docker kill $container - sudo docker rm -f $container - exit 0 -) - -pwd -rm -rf certs -mkdir -p certs -chmod 700 certs -sudo cp /etc/letsencrypt/live/"$HOST"/fullchain.pem certs/ -sudo cp /etc/letsencrypt/live/"$HOST"/privkey.pem certs/ -sudo chmod 0444 certs/* -sudo chown buildkite-agent:buildkite-agent certs - -# (Re) start the container -sudo docker run \ - --memory=10g \ - --detach \ - --name=chronograf_8889 \ - --env AUTH_DURATION=24h \ - --env GOOGLE_CLIENT_ID="$GOOGLE_CLIENT_ID_8889" \ - --env GOOGLE_CLIENT_SECRET="$GOOGLE_CLIENT_SECRET_8889" \ - --env PUBLIC_URL=https://metrics.solana.com:8889 \ - --env GOOGLE_DOMAINS=solana.com,jito.wtf,jumpcrypto.com,certus.one,mango.markets,influxdata.com,solana.org \ - --env TOKEN_SECRET="$TOKEN_SECRET" \ - --env TLS_PRIVATE_KEY=/certs/privkey.pem \ - --env TLS_CERTIFICATE=/certs/fullchain.pem \ - --env inactivity-duration=48h \ - --publish 8889:8888 \ - --user "$(id -u):$(id -g)" \ - --volume "$PWD"/certs:/certs \ - --volume /var/lib/chronograf_8889:/var/lib/chronograf \ - --log-opt max-size=1g \ - --log-opt max-file="5" \ - $CHRONOGRAF_IMAGE --influxdb-url=https://"$HOST":8086 --influxdb-username="$INFLUXDB_USERNAME" --influxdb-password="$INLUXDB_PASSWORD" --auth-duration="720h" --inactivity-duration="48h" diff --git a/metrics/metrics-main/first_rules.yml b/metrics/metrics-main/first_rules.yml deleted file mode 100644 index 2ac99f36c..000000000 --- a/metrics/metrics-main/first_rules.yml +++ /dev/null @@ -1,101 +0,0 @@ -groups: - - name: AllInstances - rules: - - alert: InstanceDown - expr: up == 0 - for: 1m - annotations: - title: 'Instance {{ $labels.instance }} down' - description: '{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 1 minute.' - labels: - severity: critical - - - alert: CpuLoad Warning - expr: node_load15 / (count without (cpu, mode) (node_cpu_seconds_total{mode="system"})) > 1 - for: 10m - labels: - severity: warning - annotations: - title: 'Instance {{ $labels.instance }} Warning' - summary: "CPU load (instance {{ $labels.instance }})" - description: "CPU load (15m) is high\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" - - - alert: CpuLoad Critical - expr: node_load15 / (count without (cpu, mode) (node_cpu_seconds_total{mode="system"})) > 2 - for: 10m - labels: - severity: critical - annotations: - title: 'Instance {{ $labels.instance }} CpuLoad is Critical' - summary: "CPU load (instance {{ $labels.instance }})" - description: "CPU load (15m) is high\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" - - - alert: OutOfMemory - expr: (node_memory_MemFree_bytes + node_memory_Cached_bytes + node_memory_Buffers_bytes) / node_memory_MemTotal_bytes * 100 < 20 - for: 10m - labels: - severity: warning - annotations: - title: 'Instance {{ $labels.instance }} OutOfMemory warning' - summary: "Out of memory (instance {{ $labels.instance }})" - description: "Node memory is filling up (< 20% left)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" - - - alert: OutOfMemory - expr: (node_memory_MemFree_bytes + node_memory_Cached_bytes + node_memory_Buffers_bytes) / node_memory_MemTotal_bytes * 100 < 10 - for: 10m - labels: - severity: critical - annotations: - title: 'Instance {{ $labels.instance }} OutOfMemory critical' - summary: "Out of memory (instance {{ $labels.instance }})" - description: "Node memory is filling up (< 10% left)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" - - - alert: OutOfDiskSpace>80 - expr: node_filesystem_free_bytes{mountpoint ="/"} / node_filesystem_size_bytes{mountpoint ="/"} * 100 < 20 - for: 10m - labels: - severity: warning - annotations: - title: 'Instance {{ $labels.instance }} Disk space more than 80%' - summary: "Out of disk space (instance {{ $labels.instance }})" - description: "Disk is almost full (< 20% left)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" - - - alert: OutOfDiskSpace>90 - expr: node_filesystem_free_bytes{mountpoint ="/"} / node_filesystem_size_bytes{mountpoint ="/"} * 100 < 10 - for: 10m - labels: - severity: critical - annotations: - title: 'Instance {{ $labels.instance }} Disk space more than 90%' - summary: "Out of disk space (instance {{ $labels.instance }})" - description: "Disk is almost full (< 10% left)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" - - - alert: InfluxdbOutOfDiskSpace>80 - expr: (node_filesystem_avail_bytes{job=~"Influx-Data|Influx-Meta", mountpoint="/var/lib/influxdb"} * 100) / node_filesystem_size_bytes{job=~"Influx-Data|Influx-Meta", mountpoint="/var/lib/influxdb"} < 20 and ON (instance, device, mountpoint) node_filesystem_readonly{job=~"Influx-Data|Influx-Meta", mountpoint="/var/lib/influxdb"} == 0 - for: 10m - labels: - severity: critical - annotations: - title: 'Influxdb Instance {{ $labels.instance }} Disk space more than 80%' - summary: "Out of disk space (instance {{ $labels.instance }})" - description: "Disk is almost full (< 20% left)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" - - - alert: InfluxdbOutOfMemory>80 - expr: node_memory_MemAvailable_bytes{job=~"Influx-Data|Influx-Meta"} / node_memory_MemTotal_bytes{job=~"Influx-Data|Influx-Meta"} * 100 < 20 - for: 10m - labels: - severity: critical - annotations: - title: 'Influxdb Instance {{ $labels.instance }} OutOfMemory critical' - summary: "Out of memory (instance {{ $labels.instance }})" - description: "Node memory is filling up (< 20% left)\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" - - - alert: InfluxdbServiceInactive - expr: node_systemd_unit_state{job=~"Influx-Data|Influx-Meta",name=~"influxdb-meta.service|influxdb.service",state="active"} == 0 - for: 10m - labels: - severity: critical - annotations: - title: 'Service {{ $labels.name }} is inactive in the Instance {{ $labels.instance }} ' - summary: "Inactive Service (instance {{ $labels.instance }})" - description: "Service is Inactive \n VALUE = {{ $value }}\n LABELS: {{ $labels }}" diff --git a/metrics/metrics-main/grafana-metrics.solana.com.ini b/metrics/metrics-main/grafana-metrics.solana.com.ini deleted file mode 100644 index e9d294b80..000000000 --- a/metrics/metrics-main/grafana-metrics.solana.com.ini +++ /dev/null @@ -1,454 +0,0 @@ -##################### Grafana Configuration Example ##################### -# -# Everything has defaults so you only need to uncomment things you want to -# change - -# possible values : production, development -;app_mode = production - -# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty -;instance_name = ${HOSTNAME} - -#################################### Paths #################################### -[paths] -# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used) -;data = /var/lib/grafana - -# Directory where grafana can store logs -;logs = /var/log/grafana - -# Directory where grafana will automatically scan and look for plugins -;plugins = /var/lib/grafana/plugins - -# folder that contains provisioning config files that grafana will apply on startup and while running. -;provisioning = conf/provisioning - -#################################### Server #################################### -[server] -# Protocol (http, https, socket) -protocol = https - -# The ip address to bind to, empty will bind to all interfaces -;http_addr = - -# The http port to use -;http_port = 3000 - -# The public facing domain name used to access grafana from a browser -domain = metrics.solana.com - -# Redirect to correct domain if host header does not match domain -# Prevents DNS rebinding attacks -;enforce_domain = false - -# The full public facing url you use in browser, used for redirects and emails -# If you use reverse proxy and sub path specify full url (with sub path) -;root_url = http://metrics.solana.com:3000 - -# Log web requests -;router_logging = false - -# the path relative working path -;static_root_path = public - -# enable gzip -;enable_gzip = false - -# https certs & key file -cert_file = /certs/fullchain.pem -cert_key = /certs/privkey.pem - -# Unix socket path -;socket = - -#################################### Database #################################### -[database] -# You can configure the database connection by specifying type, host, name, user and password -# as separate properties or as on string using the url properties. - -# Either "mysql", "postgres" or "sqlite3", it's your choice -;type = sqlite3 -;host = 127.0.0.1:3306 -;name = grafana -;user = root -# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" -;password = - -# Use either URL or the previous fields to configure the database -# Example: mysql://user:secret@host:port/database -;url = - -# For "postgres" only, either "disable", "require" or "verify-full" -;ssl_mode = disable - -# For "sqlite3" only, path relative to data_path setting -;path = grafana.db - -# Max idle conn setting default is 2 -;max_idle_conn = 2 - -# Max conn setting default is 0 (mean not set) -;max_open_conn = - -# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours) -;conn_max_lifetime = 14400 - -# Set to true to log the sql calls and execution times. -log_queries = - -#################################### Session #################################### -[session] -# Either "memory", "file", "redis", "mysql", "postgres", default is "file" -;provider = file - -# Provider config options -# memory: not have any config yet -# file: session dir path, is relative to grafana data_path -# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana` -# mysql: go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1:3306)/database_name` -# postgres: user=a password=b host=localhost port=5432 dbname=c sslmode=disable -;provider_config = sessions - -# Session cookie name -;cookie_name = grafana_sess - -# If you use session in https only, default is false -;cookie_secure = false - -# Session life time, default is 86400 -;session_life_time = 86400 - -#################################### Data proxy ########################### -[dataproxy] - -# This enables data proxy logging, default is false -;logging = false - -#################################### Analytics #################################### -[analytics] -# Server reporting, sends usage counters to stats.grafana.org every 24 hours. -# No ip addresses are being tracked, only simple counters to track -# running instances, dashboard and error counts. It is very helpful to us. -# Change this option to false to disable reporting. -;reporting_enabled = true - -# Set to false to disable all checks to https://grafana.net -# for new vesions (grafana itself and plugins), check is used -# in some UI views to notify that grafana or plugin update exists -# This option does not cause any auto updates, nor send any information -# only a GET request to http://grafana.com to get latest versions -;check_for_updates = true - -# Google Analytics universal tracking code, only enabled if you specify an id here -;google_analytics_ua_id = - -#################################### Security #################################### -[security] -# default admin user, created on startup -admin_user = $ADMIN_USER_GRAFANA - -# default admin password, can be changed before first start of grafana, or in profile settings -admin_password = $ADMIN_PASSWORD_GRAFANA -# used for signing -;secret_key = SW2YcwTIb9zpOOhoPsMm - -# Auto-login remember days -;login_remember_days = 7 -;cookie_username = grafana_user -;cookie_remember_name = grafana_remember - -# disable gravatar profile images -;disable_gravatar = false - -# data source proxy whitelist (ip_or_domain:port separated by spaces) -;data_source_proxy_whitelist = - -# disable protection against brute force login attempts -;disable_brute_force_login_protection = false - -#################################### Snapshots ########################### -[snapshots] -# snapshot sharing options -;external_enabled = true -;external_snapshot_url = https://snapshots-origin.raintank.io -;external_snapshot_name = Publish to snapshot.raintank.io - -# remove expired snapshot -;snapshot_remove_expired = true - -#################################### Dashboards History ################## -[dashboards] -# Number dashboard versions to keep (per dashboard). Default: 20, Minimum: 1 -;versions_to_keep = 20 - -#################################### Users ############################### -[users] -# disable user signup / registration -;allow_sign_up = true - -# Allow non admin users to create organizations -;allow_org_create = true - -# Set to true to automatically assign new users to the default organization (id 1) -auto_assign_org = true - -# Default role new users will be automatically assigned (if disabled above is set to true) -auto_assign_org_role = Editor - -# Background text for the user field on the login page -;login_hint = email or username - -# Default UI theme ("dark" or "light") -;default_theme = dark - -# External user management, these options affect the organization users view -;external_manage_link_url = -;external_manage_link_name = -;external_manage_info = - -# Viewers can edit/inspect dashboard settings in the browser. But not save the dashboard. -viewers_can_edit = false - -[auth] -# Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false -;disable_login_form = false - -# Set to true to disable the signout link in the side menu. useful if you use auth.proxy, defaults to false -;disable_signout_menu = false - -# URL to redirect the user to after sign out -;signout_redirect_url = - -#################################### Anonymous Auth ########################## -[auth.anonymous] -# enable anonymous access -enabled = true - -# specify organization name that should be used for unauthenticated users -org_name = Solana Public - -# specify role for unauthenticated users -org_role = Viewer - -#################################### Github Auth ########################## -[auth.github] -enabled = true -allow_sign_up = true -client_id = $GITHUB_CLIENT_ID -client_secret = $GITHUB_CLIENT_SECRET -scopes = user:email,read:org -auth_url = https://github.com/login/oauth/authorize -token_url = https://github.com/login/oauth/access_token -api_url = https://api.github.com/user -;team_ids = -allowed_organizations = solana-labs - -#################################### Google Auth ########################## -[auth.google] -;enabled = false -;allow_sign_up = true -;client_id = some_client_id -;client_secret = some_client_secret -;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email -;auth_url = https://accounts.google.com/o/oauth2/auth -;token_url = https://accounts.google.com/o/oauth2/token -;api_url = https://www.googleapis.com/oauth2/v1/userinfo -;allowed_domains = - -#################################### Generic OAuth ########################## -[auth.generic_oauth] -;enabled = false -;name = OAuth -;allow_sign_up = true -;client_id = some_id -;client_secret = some_secret -;scopes = user:email,read:org -;auth_url = https://foo.bar/login/oauth/authorize -;token_url = https://foo.bar/login/oauth/access_token -;api_url = https://foo.bar/user -;team_ids = -;allowed_organizations = - -#################################### Grafana.com Auth #################### -[auth.grafana_com] -;enabled = false -;allow_sign_up = true -;client_id = some_id -;client_secret = some_secret -;scopes = user:email -;allowed_organizations = - -#################################### Auth Proxy ########################## -[auth.proxy] -;enabled = false -;header_name = X-WEBAUTH-USER -;header_property = username -;auto_sign_up = true -;ldap_sync_ttl = 60 -;whitelist = 192.168.1.1, 192.168.2.1 - -#################################### Basic Auth ########################## -[auth.basic] -;enabled = true - -#################################### Auth LDAP ########################## -[auth.ldap] -;enabled = false -;config_file = /etc/grafana/ldap.toml -;allow_sign_up = true - -#################################### SMTP / Emailing ########################## -[smtp] -;enabled = false -;host = localhost:25 -;user = -# If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;""" -;password = -;cert_file = -;key_file = -;skip_verify = false -;from_address = admin@grafana.localhost -;from_name = Grafana -# EHLO identity in SMTP dialog (defaults to instance_name) -;ehlo_identity = dashboard.example.com - -[emails] -;welcome_email_on_sign_up = false - -#################################### Logging ########################## -[log] -# Either "console", "file", "syslog". Default is console and file -# Use space to separate multiple modes, e.g. "console file" -;mode = console file - -# Either "debug", "info", "warn", "error", "critical", default is "info" -;level = info - -# optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug -;filters = - -# For "console" mode only -[log.console] -;level = - -# log line format, valid options are text, console and json -;format = console - -# For "file" mode only -[log.file] -;level = - -# log line format, valid options are text, console and json -;format = text - -# This enables automated log rotate(switch of following options), default is true -;log_rotate = true - -# Max line number of single file, default is 1000000 -;max_lines = 1000000 - -# Max size shift of single file, default is 28 means 1 << 28, 256MB -;max_size_shift = 28 - -# Segment log daily, default is true -;daily_rotate = true - -# Expired days of log file(delete after max days), default is 7 -;max_days = 7 - -[log.syslog] -;level = - -# log line format, valid options are text, console and json -;format = text - -# Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used. -;network = -;address = - -# Syslog facility. user, daemon and local0 through local7 are valid. -;facility = - -# Syslog tag. By default, the process' argv[0] is used. -;tag = - -#################################### Alerting ############################ -[alerting] -# Disable alerting engine & UI features -;enabled = true -# Makes it possible to turn off alert rule execution but alerting UI is visible -;execute_alerts = true - -#################################### Explore ############################# -[explore] -# Enable the Explore section -enabled = false - -#################################### Internal Grafana Metrics ########################## -# Metrics available at HTTP API Url /metrics -[metrics] -# Disable / Enable internal metrics -;enabled = true - -# Publish interval -;interval_seconds = 10 - -# Send internal metrics to Graphite -[metrics.graphite] -# Enable by setting the address setting (ex localhost:2003) -;address = -;prefix = prod.grafana.%(instance_name)s. - -#################################### Distributed tracing ############ -[tracing.jaeger] -# Enable by setting the address sending traces to jaeger (ex localhost:6831) -;address = localhost:6831 -# Tag that will always be included in when creating new spans. ex (tag1:value1,tag2:value2) -;always_included_tag = tag1:value1 -# Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote -;sampler_type = const -# jaeger samplerconfig param -# for "const" sampler, 0 or 1 for always false/true respectively -# for "probabilistic" sampler, a probability between 0 and 1 -# for "rateLimiting" sampler, the number of spans per second -# for "remote" sampler, param is the same as for "probabilistic" -# and indicates the initial sampling rate before the actual one -# is received from the mothership -;sampler_param = 1 - -#################################### Grafana.com integration ########################## -# Url used to to import dashboards directly from Grafana.com -[grafana_com] -;url = https://grafana.com - -#################################### External image storage ########################## -[external_image_storage] -# Used for uploading images to public servers so they can be included in slack/email messages. -# you can choose between (s3, webdav, gcs, azure_blob, local) -;provider = - -[external_image_storage.s3] -;bucket = -;region = -;path = -;access_key = -;secret_key = - -[external_image_storage.webdav] -;url = -;public_url = -;username = -;password = - -[external_image_storage.gcs] -;key_file = -;bucket = -;path = - -[external_image_storage.azure_blob] -;account_name = -;account_key = -;container_name = - -[external_image_storage.local] -# does not require any configuration diff --git a/metrics/metrics-main/grafana.sh b/metrics/metrics-main/grafana.sh deleted file mode 100644 index 0ca9877f0..000000000 --- a/metrics/metrics-main/grafana.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -ex -# -# (Re)starts the Grafana containers -# - -cd "$(dirname "$0")" - -if [[ -z $HOST ]]; then - HOST=metrics.solana.com -fi -echo "HOST: $HOST" - -: "${GRAFANA_IMAGE:=grafana/grafana:9.4.7}" - -# remove the container -container=grafana -[[ -w /var/lib/$container ]] -[[ -x /var/lib/$container ]] - -( - set +e - sudo docker kill $container - sudo docker rm -f $container - exit 0 -) - -pwd -rm -rf certs -mkdir -p certs -chmod 700 certs -sudo cp /etc/letsencrypt/live/"$HOST"/fullchain.pem certs/ -sudo cp /etc/letsencrypt/live/"$HOST"/privkey.pem certs/ -sudo chmod 0444 certs/* - - -# (Re) start the container -sudo docker run \ - --memory=10g \ - --detach \ - --name=grafana \ - --net=influxdb \ - --publish 3000:3000 \ - --user root:root \ - --env GF_PATHS_CONFIG=/grafana.ini \ - --env GF_AUTH_GITHUB_CLIENT_ID="$GITHUB_CLIENT_ID" \ - --env GF_AUTH_GITHUB_CLIENT_SECRET="$GITHUB_CLIENT_SECRET" \ - --env GF_SECURITY_ADMIN_USER="$ADMIN_USER_GRAFANA" \ - --env GF_SECURITY_ADMIN_PASSWORD="$ADMIN_PASSWORD_GRAFANA" \ - --volume "$PWD"/certs:/certs:ro \ - --volume "$PWD"/grafana-"$HOST".ini:/grafana.ini:ro \ - --volume /var/lib/grafana:/var/lib/grafana \ - --log-opt max-size=1g \ - --log-opt max-file=5 \ - $GRAFANA_IMAGE diff --git a/metrics/metrics-main/host.sh b/metrics/metrics-main/host.sh deleted file mode 100644 index 291be4928..000000000 --- a/metrics/metrics-main/host.sh +++ /dev/null @@ -1,6 +0,0 @@ -# |source| me - -if [[ -z $HOST ]]; then - HOST=metrics.solana.com -fi -echo "HOST: $HOST" diff --git a/metrics/metrics-main/kapacitor.conf b/metrics/metrics-main/kapacitor.conf deleted file mode 100644 index 262fb502a..000000000 --- a/metrics/metrics-main/kapacitor.conf +++ /dev/null @@ -1,354 +0,0 @@ -hostname = "cbb0e482c7a5" -data_dir = "/var/lib/kapacitor" -skip-config-overrides = false -default-retention-policy = "" - -[auth] - enabled = true - cache-expiration = "1h" - bcrypt-cost = 4 - meta-addr = "" - meta-username = "" - meta-password = "" - meta-use-tls = false - meta-ca = "" - meta-cert = "" - meta-key = "" - meta-insecure-skip-verify = false - -[http] - bind-address = ":9092" - auth-enabled = true - log-enabled = true - write-tracing = false - pprof-enabled = false - https-enabled = false - https-certificate = "/etc/ssl/kapacitor.pem" - https-private-key = "" - shutdown-timeout = "10s" - shared-secret = "" - -[replay] - dir = "/var/lib/kapacitor/replay" - -[storage] - boltdb = "/var/lib/kapacitor/kapacitor.db" - -[task] - dir = "/root/.kapacitor/tasks" - snapshot-interval = "1m0s" - -[load] - enabled = false - dir = "/root/.kapacitor/load" - -[[influxdb]] - enabled = true - name = "default" - default = false - # urls = ["https://metrics.solana.com:8089"] - urls = ["http://35.224.128.87:8086"] - username = "$KAPACITOR_USERNAME" - password = "$KAPACITOR_PASSWORD" - ssl-ca = "" - ssl-cert = "" - ssl-key = "" - insecure-skip-verify = false - timeout = "0s" - disable-subscriptions = false - subscription-protocol = "http" - subscription-mode = "cluster" - kapacitor-hostname = "" - http-port = 0 - udp-bind = "" - udp-buffer = 1000 - udp-read-buffer = 0 - startup-timeout = "5m0s" - subscriptions-sync-interval = "1m0s" - [influxdb.excluded-subscriptions] - _kapacitor = ["autogen"] - - -[fluxtask] - # Configure flux tasks for kapacitor - enabled = true - # The InfluxDB instance name (from the [[influxdb]] config section) - # to store historical task run data in - # Not recommended: use "none" to turn off historical task run data storage. - task-run-influxdb = "default" - # Bucket to store historical task run data in. We recommend leaving this empty; by default, data is written to the `kapacitor_fluxtask_logs` bucket or database. - # If you have multiple Kapacitor instances and want to keep your data separate, specify the InfluxDB 2.x bucket or InfluxDB 1.x database to write to. For InfluxDB 1.x, use the `"mydb"` convention--the `"mydb/rp"` convention with the retention policy is not supported. - task-run-bucket="kapacitor_fluxtask_logs" - # The organization name or ID if storing historical task run data - # in InfluxDB 2.x or InfluxDB Cloud - task-run-org = "" - task-run-orgid = "" - # The measurement name for the historical task run data - task-run-measurement = "runs" - -[logging] - file = "STDERR" - level = "DEBUG" - -[config-override] - enabled = true - -[collectd] - enabled = false - bind-address = ":25826" - database = "collectd" - retention-policy = "" - batch-size = 5000 - batch-pending = 10 - batch-timeout = "10s" - read-buffer = 0 - typesdb = "/usr/share/collectd/types.db" - -[opentsdb] - enabled = false - bind-address = ":4242" - database = "opentsdb" - retention-policy = "" - consistency-level = "one" - tls-enabled = false - certificate = "/etc/ssl/influxdb.pem" - batch-size = 1000 - batch-pending = 5 - batch-timeout = "1s" - log-point-errors = true - -[alerta] - enabled = false - url = "" - insecure-skip-verify = false - token = "" - token-prefix = "" - environment = "" - origin = "" - timeout = "0s" - -[hipchat] - enabled = false - url = "" - token = "" - room = "" - global = false - state-changes-only = false - -[[kafka]] - enabled = false - id = "default" - timeout = "0s" - batch-size = 0 - batch-timeout = "0s" - use-ssl = false - ssl-ca = "" - ssl-cert = "" - ssl-key = "" - insecure-skip-verify = false - -[[mqtt]] - enabled = false - name = "default" - default = false - url = "" - ssl-ca = "" - ssl-cert = "" - ssl-key = "" - insecure-skip-verify = false - client-id = "" - username = "" - password = "" - -[opsgenie] - enabled = false - api-key = "" - url = "https://api.opsgenie.com/v1/json/alert" - recovery_url = "https://api.opsgenie.com/v1/json/alert/note" - global = false - -[opsgenie2] - enabled = false - api-key = "" - url = "https://api.opsgenie.com/v2/alerts" - recovery_action = "notes" - global = false - -[pagerduty] - enabled = false - url = "https://events.pagerduty.com/generic/2010-04-15/create_event.json" - service-key = "" - global = false - -[pagerduty2] - enabled = false - url = "https://events.pagerduty.com/v2/enqueue" - routing-key = "" - global = false - -[pushover] - enabled = false - token = "" - user-key = "" - url = "https://api.pushover.net/1/messages.json" - -[[httppost]] - endpoint = "discord-canaries-monitoring" - url = "$DISCORD_WEBHOOK_CANARIES_MONITORING" - headers = { "Content-Type" = "application/json" } - alert-template = "{ \"username\": \"kapacitor\", \"content\": \"{{.Message}}\"}" - -[[httppost]] - endpoint = "discord-canaries-monitoring-panic-check" - url = "$DISCORD_WEBHOOK_CANARIES_MONITORING" - headers = { "Content-Type" = "application/json" } - alert-template = "{ \"username\": \"kapacitor\", \"content\": \"{{range .Data.Series}}{{$columns := .Columns}}{{range .Values}}⚠️\\n`{{index . 1}}`\\n{{index . 2}}){{end}}{{end}}\" }" - -[[httppost]] - endpoint = "discord-mb-pager-duty" - url = "$DISCORD_WEBHOOK_MB_PAGER_DUTY" - headers = { "Content-Type" = "application/json" } - alert-template = "{ \"username\": \"kapacitor\", \"content\": \"{{.Message}}\"}" - -[[httppost]] - endpoint = "discord-testnet-pager-duty" - url = "$DISCORD_WEBHOOK_TESTNET_PAGER_DUTY" - headers = { "Content-Type" = "application/json" } - alert-template = "{ \"username\": \"kapacitor\", \"content\": \"{{.Message}}\"}" - -[[httppost]] - endpoint = "discord-devnet-pager-duty" - url = "$DISCORD_WEBHOOK_DEVNET_PAGER_DUTY" - headers = { "Content-Type" = "application/json" } - alert-template = "{ \"username\": \"kapacitor\", \"content\": \"{{.Message}}\"}" - -[smtp] - enabled = false - host = "localhost" - port = 25 - username = "" - password = "" - no-verify = false - global = false - state-changes-only = false - from = "" - idle-timeout = "30s" - -[snmptrap] - enabled = false - addr = "localhost:162" - community = "kapacitor" - retries = 1 - -[sensu] - enabled = false - addr = "" - source = "Kapacitor" - -[[slack]] - enabled = false - default = true - workspace = "" - url = "" - channel = "" - username = "kapacitor" - icon-emoji = "" - global = false - state-changes-only = false - ssl-ca = "" - ssl-cert = "" - ssl-key = "" - insecure-skip-verify = false - -[talk] - enabled = false - url = "" - author_name = "" - -[telegram] - enabled = false - url = "https://api.telegram.org/bot" - token = "" - chat-id = "" - parse-mode = "" - disable-web-page-preview = false - disable-notification = false - global = false - state-changes-only = false - -[victorops] - enabled = false - api-key = "" - routing-key = "" - url = "https://alert.victorops.com/integrations/generic/20131114/alert" - global = false - json-data = false - -[[discord]] - enabled = true - default = false - url = "$CANARIES-MONITORING" - workspace = "canaries-monitoring" - timestamp = true - username = "canaries-bot" - avatar-url = "https://influxdata.github.io/branding/img/downloads/influxdata-logo--symbol--pool-alpha.png" - embed-title = "Alert" - global = false - state-changes-only = false - -[[discord]] - enabled = true - default = true - url = "$MB-PAGER-DUTY" - workspace = "mb-pager-duty" - timestamp = true - username = "cluster-bot" - avatar-url = "https://influxdata.github.io/branding/img/downloads/influxdata-logo--symbol--pool-alpha.png" - embed-title = "Alert" - global = false - state-changes-only = false - -[[discord]] - enabled = true - default = false - url = "$TESNET-PAGER-DUTY" - workspace = "testnet-pager-duty" - timestamp = true - username = "cluster-bot-testnet" - avatar-url = "https://influxdata.github.io/branding/img/downloads/influxdata-logo--symbol--pool-alpha.png" - embed-title = "Alert" - global = false - state-changes-only = false - -[[discord]] - enabled = true - default = false - url = "$DEVNET-PAGER-DUTY" - workspace = "devnet-pager-duty" - timestamp = true - username = "cluster-bot-devnet" - avatar-url = "https://influxdata.github.io/branding/img/downloads/influxdata-logo--symbol--pool-alpha.png" - embed-title = "Alert" - global = false - state-changes-only = false - -[reporting] - enabled = true - url = "https://usage.influxdata.com" - -[stats] - enabled = true - stats-interval = "10s" - database = "_kapacitor" - retention-policy = "autogen" - timing-sample-rate = 0.1 - timing-movavg-size = 1000 - -[udf] - -[deadman] - interval = "10s" - threshold = 0.0 - id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'" - message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL." - global = false diff --git a/metrics/metrics-main/kapacitor.sh b/metrics/metrics-main/kapacitor.sh deleted file mode 100644 index 79e2b514b..000000000 --- a/metrics/metrics-main/kapacitor.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -ex -# -# (Re)starts the Kapacitor container -# - -here=$(dirname "$0") - -if [[ -z $HOST ]]; then - HOST=metrics.solana.com -fi -echo "HOST: $HOST" - -: "${KAPACITOR_IMAGE:=kapacitor:1.6.5}" - -# remove the container -container=kapacitor -[[ -w /var/lib/$container ]] -[[ -x /var/lib/$container ]] - -( - set +e - sudo docker kill $container - sudo docker rm -f $container - exit 0 -) - -here_pwd="$(realpath "$here")" - -# shellcheck disable=SC2016 -sed -i 's|$DISCORD_WEBHOOK_CANARIES_MONITORING|'"$DISCORD_WEBHOOK_CANARIES_MONITORING"'|g' "$here_pwd"/kapacitor.conf -# shellcheck disable=SC2016 -sed -i 's|$DISCORD_WEBHOOK_MB_PAGER_DUTY|'"$DISCORD_WEBHOOK_MB_PAGER_DUTY"'|g' "$here_pwd"/kapacitor.conf -# shellcheck disable=SC2016 -sed -i 's|$DISCORD_WEBHOOK_TESTNET_PAGER_DUTY|'"$DISCORD_WEBHOOK_TESTNET_PAGER_DUTY"'|g' "$here_pwd"/kapacitor.conf -# shellcheck disable=SC2016 -sed -i 's|$DISCORD_WEBHOOK_DEVNET_PAGER_DUTY|'"$DISCORD_WEBHOOK_DEVNET_PAGER_DUTY"'|g' "$here_pwd"/kapacitor.conf - -#running influx kapacitor service -sudo docker run \ - --memory=30g \ - --detach \ - --name=kapacitor \ - --env KAPACITOR_USERNAME="$KAPACITOR_USERNAME" \ - --env KAPACITOR_PASSWORD="$KAPACITOR_PASSWORD" \ - --publish 9092:9092 \ - --volume "$here_pwd"/kapacitor.conf:/etc/kapacitor/kapacitor.conf \ - --volume /var/lib/kapacitor:/var/lib/kapacitor \ - --user "$(id -u):$(id -g)" \ - --log-opt max-size=1g \ - --log-opt max-file=5 \ - $KAPACITOR_IMAGE diff --git a/metrics/metrics-main/prometheus.sh b/metrics/metrics-main/prometheus.sh deleted file mode 100644 index 562682837..000000000 --- a/metrics/metrics-main/prometheus.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -ex -# -# (Re)starts the Prometheus containers -# - -cd "$(dirname "$0")" - -if [[ -z $HOST ]]; then - HOST=metrics.solana.com -fi -echo "HOST: $HOST" - -: "${PROMETHEUS_IMAGE:=prom/prometheus:v2.28.0}" - -# remove the container -container=prometheus -[[ -w /var/lib/$container ]] -[[ -x /var/lib/$container ]] - -( - set +e - sudo docker kill $container - sudo docker rm -f $container - exit 0 -) - -pwd -rm -rf certs -mkdir -p certs -chmod 700 certs -sudo cp /etc/letsencrypt/live/"$HOST"/fullchain.pem certs/ -sudo cp /etc/letsencrypt/live/"$HOST"/privkey.pem certs/ -sudo chmod 0444 certs/* - - -# (Re) start prometheus container -sudo docker run -it -d \ - --memory=10g \ - --user root:root \ - --publish 9090:9090 \ - --name=prometheus \ - --volume "$PWD"/prometheus.yml:/etc/prometheus/prometheus.yml \ - --volume "$PWD"/first_rules.yml:/etc/prometheus/first_rules.yml \ - --volume /prometheus/prometheus/data:/prometheus \ - --volume /etc/hosts:/etc/hosts \ - $PROMETHEUS_IMAGE diff --git a/metrics/metrics-main/prometheus.yml b/metrics/metrics-main/prometheus.yml deleted file mode 100644 index 951dd8c0b..000000000 --- a/metrics/metrics-main/prometheus.yml +++ /dev/null @@ -1,91 +0,0 @@ -# my global config -global: - scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. - evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute. - # scrape_timeout is set to the global default (10s). - -# Alertmanager configuration -alerting: - alertmanagers: - - static_configs: - - targets: - - '35.206.116.166:9093' - - '10.128.0.11:9093' - -# Load rules once and periodically evaluate them according to the global 'evaluation_interval'. -rule_files: - - "first_rules.yml" - # - "second_rules.yml" - -# A scrape configuration containing exactly one endpoint to scrape: -# Here it's Prometheus itself. -scrape_configs: - # The job name is added as a label `job=` to any timeseries scraped from this config. - # metrics_path defaults to '/metrics' - # scheme defaults to 'http'. - - - job_name: 'Devnet' - scrape_interval: 15s - scrape_timeout: 14s - static_configs: - - targets: ['devnet-watchtower:9100','devnet-entrypoint:9100','devnet-validator-asia-sg1:9100','devnet-validator-europe-fr2:9100','devnet-validator-us-da11:9100','devnet-validator-us-ny5:9100','devnet-warehouse-us-ny5:9100','devnet-warehouse-asia-ty11:9100'] - - - job_name: 'Testnet' - scrape_interval: 15s - scrape_timeout: 14s - static_configs: - - targets: ['testnet-watchtower:9100','testnet-entrypoint:9100','testnet-validator-us-sv15:9100','testnet-warehouse-us-sv15:9100','testnet-warehouse-asia-ty11:9100'] - - - job_name: 'Mainnet-Beta' - scrape_interval: 15s - scrape_timeout: 14s - static_configs: - - targets: ['mainnet-watchtower:9100','mainnet-entrypoint:9100','beta-validator-us-ny5:9100','edge-validator-us-sv15:9100','validator-asia-sg1:9100','validator-europe-fr2:9100','validator-us-ny5:9100','validator-us-sv15:9100','warehouse-asia-sg1:9100','warehouse-europe-fr2:9100','warehouse-us-ny5:9100','warehouse-eu-ld7-aws:9100','warehouse-us-da11-aws:9100','warehouse-eu-ld7-azure:9100','warehouse-us-da11-azure:9100'] - - - job_name: 'Non-Staked-Canaries' - scrape_interval: 15s - scrape_timeout: 14s - static_configs: - - targets: ['edge-validator-us-sv15:9100','beta-validator-us-ny5:9100','canary-am6-1:9100','canary-am6-2:9100','canary-da11-1:9100','canary-ny5-1:9100','canary-ny5-2:9100','canary-sg1-1:9100','canary-sv15-1:9100','canary-helsinki-1:9100','canary-helsinki-2:9100','canary-sv16-1:9100','canary-am6-3:9100','canary-fr2-1:9100','canary-am6-4:9100','canary-chicago-3:9100','canary-chicago-4:9100','canary-fr2-2:9100','canary-hk2-1:9100','canary-hk2-2:9100','canary-ny5-3:9100','canary-sg1-2:9100','canary-tokyo-2:9100','canary-tokyo-1:9100'] - - - job_name: 'Staked-Canaries' - scrape_interval: 15s - scrape_timeout: 14s - static_configs: - - targets: ['canary-chicago-1:9100','canary-chicago-2:9100','canary-newyork-1:9100','canary-newyork-2:9100','canary-dallas-1:9100','canary-dallas-2:9100','canary-washington-1:9100'] - - - job_name: 'Shared-Development' - scrape_interval: 15s - scrape_timeout: 14s - static_configs: - - targets: ['dev-server-us-da11:9100','dev-server-us-ny5:9100','dev-server-us-sv15:9100','dev-server-eu-am6:9100','dev-server-asia-sg1:9100','dev-server-us-da11-2:9100','dev-server-us-da11-3:9100','dev-server-us-da11-4:9100','dev-server-us-da11-5:9100','dev-server-asia-hk2:9100','dev-server-asia-sg1-2:9100','dev-server-eu-am6-2:9100','dev-server-asia-sg1-2:9100','dev-server-us-sv15-2:9100','dev-server-us-da11-6:9100','dev-server-us-da11-7:9100','dev-server-eu-ld7-1:9100','dev-server-us-da11-8:9100','dev-server-eu-ld7-2:9100'] - - - job_name: 'Development' - scrape_interval: 15s - scrape_timeout: 14s - static_configs: - - targets: ['dev-equinix-washington-36:9100','dev-equinix-washington-35:9100','dev-equinix-washington-34:9100','dev-equinix-washington-33:9100','dev-equinix-washington-32:9100','dev-equinix-washington-31:9100','dev-equinix-washington-30:9100','dev-equinix-washington-29:9100','dev-equinix-washington-28:9100','dev-equinix-washington-27:9100','dev-equinix-washington-26:9100','dev-equinix-washington-25:9100','dev-equinix-washington-24:9100','dev-equinix-washington-23:9100','dev-equinix-washington-22:9100','dev-equinix-washington-21:9100','dev-equinix-washington-20:9100','dev-equinix-washington-19:9100','dev-equinix-washington-18:9100','dev-equinix-washington-17:9100','dev-equinix-washington-16:9100','dev-equinix-washington-15:9100','dev-equinix-washington-14:9100','dev-equinix-washington-13:9100','dev-equinix-washington-12:9100','dev-equinix-washington-11:9100','dev-equinix-washington-10:9100','dev-equinix-washington-9:9100','dev-equinix-washington-8:9100','dev-equinix-washington-7:9100','dev-equinix-washington-6:9100','dev-equinix-washington-5:9100','dev-equinix-washington-4:9100','dev-equinix-washington-3:9100','dev-equinix-washington-2:9100','dev-equinix-washington-1:9100','dev-equinix-toronto-35:9100','dev-equinix-toronto-34:9100','dev-equinix-toronto-33:9100','dev-equinix-toronto-32:9100','dev-equinix-toronto-31:9100','dev-equinix-toronto-30:9100','dev-equinix-toronto-29:9100','dev-equinix-toronto-28:9100','dev-equinix-toronto-27:9100','dev-equinix-toronto-26:9100','dev-equinix-tokyo-14:9100','dev-equinix-tokyo-13:9100','dev-equinix-tokyo-12:9100','dev-equinix-tokyo-11:9100','dev-equinix-tokyo-10:9100','dev-equinix-tokyo-9:9100','dev-equinix-singapore-2:9100','dev-equinix-new-york-8:9100','dev-equinix-new-york-7:9100','dev-equinix-new-york-6:9100','dev-equinix-new-york-5:9100','dev-equinix-hong-kong-2:9100','dev-equinix-hong-kong-1:9100','dev-equinix-toronto-12:9100','dev-equinix-toronto-11:9100','dev-equinix-toronto-10:9100','dev-equinix-toronto-9:9100','dev-equinix-toronto-8:9100','dev-equinix-toronto-7:9100','dev-equinix-toronto-6:9100','dev-equinix-toronto-5:9100','dev-equinix-toronto-4:9100','dev-equinix-toronto-3:9100','dev-equinix-toronto-2:9100','dev-equinix-toronto-1:9100','dev-equinix-frankfurt-10:9100','dev-equinix-frankfurt-9:9100','dev-equinix-frankfurt-8:9100','dev-equinix-frankfurt-7:9100','dev-equinix-frankfurt-6:9100','dev-equinix-frankfurt-5:9100','dev-equinix-tokyo-8:9100','dev-equinix-tokyo-7:9100','dev-equinix-tokyo-6:9100','dev-equinix-tokyo-5:9100','dev-equinix-tokyo-4:9100','dev-equinix-tokyo-3:9100','dev-equinix-tokyo-2:9100','dev-equinix-tokyo-1:9100','dev-equinix-singapore-3:9100','dev-equinix-dallas-8:9100','dev-equinix-singapore-1:9100','dev-equinix-dallas-2:9100','dev-equinix-chicago-25:9100','dev-equinix-chicago-24:9100','dev-equinix-chicago-23:9100','dev-equinix-new-york-4:9100','dev-equinix-new-york-3:9100','dev-equinix-new-york-2:9100','dev-equinix-new-york-1:9100','dev-equinix-paris-1:9100','dev-equinix-chicago-22:9100','dev-equinix-chicago-21:9100','dev-equinix-chicago-20:9100','dev-equinix-chicago-19:9100','dev-equinix-chicago-18:9100','dev-equinix-chicago-17:9100','dev-equinix-chicago-16:9100','dev-equinix-chicago-15:9100','dev-equinix-frankfurt-4:9100','dev-equinix-frankfurt-3:9100','dev-equinix-frankfurt-2:9100','dev-equinix-frankfurt-1:9100','dev-equinix-chicago-14:9100','dev-equinix-dallas-7:9100','dev-equinix-dallas-6:9100','dev-equinix-dallas-5:9100','dev-equinix-dallas-4:9100','dev-equinix-dallas-3:9100','dev-equinix-chicago-13:9100','dev-equinix-dallas-1:9100','dev-equinix-chicago-12:9100','dev-equinix-chicago-11:9100','dev-equinix-amsterdam-21:9100','dev-equinix-amsterdam-20:9100','dev-equinix-amsterdam-19:9100','dev-equinix-amsterdam-18:9100','dev-equinix-amsterdam-17:9100','dev-equinix-toronto-25:9100','dev-equinix-toronto-24:9100','dev-equinix-toronto-23:9100','dev-equinix-toronto-22:9100','dev-equinix-toronto-21:9100','dev-equinix-toronto-20:9100','dev-equinix-toronto-19:9100','dev-equinix-chicago-10:9100','dev-equinix-chicago-9:9100','dev-equinix-chicago-8:9100','dev-equinix-chicago-7:9100','dev-equinix-chicago-6:9100','dev-equinix-chicago-5:9100','dev-equinix-chicago-4:9100','dev-equinix-chicago-3:9100','dev-equinix-chicago-2:9100','dev-equinix-chicago-1:9100','dev-equinix-toronto-18:9100','dev-equinix-toronto-17:9100','dev-equinix-toronto-16:9100','dev-equinix-toronto-15:9100','dev-equinix-toronto-14:9100','dev-equinix-toronto-13:9100','dev-equinix-amsterdam-16:9100','dev-equinix-amsterdam-15:9100','dev-equinix-amsterdam-14:9100','dev-equinix-amsterdam-13:9100','dev-equinix-amsterdam-12:9100','dev-equinix-amsterdam-11:9100','dev-equinix-amsterdam-10:9100','dev-equinix-amsterdam-9:9100','dev-equinix-amsterdam-8:9100','dev-equinix-amsterdam-7:9100','dev-equinix-amsterdam-6:9100','dev-equinix-amsterdam-5:9100','dev-equinix-amsterdam-4:9100','dev-equinix-amsterdam-3:9100','dev-equinix-amsterdam-1:9100'] - - - job_name: 'Influx-Meta' - scrape_interval: 15s - scrape_timeout: 14s - static_configs: - - targets: ['dev-equinix-washington-24:9100','dev-equinix-washington-25:9100','dev-equinix-washington-26:9100'] - - - job_name: 'Influx-Data' - scrape_interval: 15s - scrape_timeout: 14s - static_configs: - - targets: ['dev-equinix-washington-27:9100','dev-equinix-washington-28:9100','dev-equinix-washington-29:9100','dev-equinix-washington-30:9100','dev-equinix-washington-31:9100','dev-equinix-washington-32:9100','dev-equinix-amsterdam-19:9100','dev-equinix-amsterdam-20:9100','dev-equinix-amsterdam-21:9100','dev-equinix-amsterdam-22:9100','dev-equinix-chicago-17:9100','dev-equinix-chicago-19:9100','dev-equinix-chicago-25:9100','dev-equinix-dallas-1:9100','dev-equinix-frankfurt-1:9100','dev-equinix-toronto-5:9100'] - - - job_name: 'Kin' - scrape_interval: 15s - scrape_timeout: 14s - static_configs: - - targets: ['kin-rpc-am6-1:9100','kin-rpc-da11-1:9100','kin-validator-am6-1:9100','kin-validator-da11-1:9100','kin-validator-ny5-1:9100','kin-validator-sg1-1:9100','kin-spare-sg1-1:9100'] - - - job_name: 'Metrics' - scrape_interval: 15s - scrape_timeout: 14s - static_configs: - - targets: ['metrics-main:9100'] diff --git a/metrics/metrics-main/start.sh b/metrics/metrics-main/start.sh deleted file mode 100755 index 5f5c1b89f..000000000 --- a/metrics/metrics-main/start.sh +++ /dev/null @@ -1,149 +0,0 @@ -#!/bin/bash -ex -# -# (Re)starts the InfluxDB/Chronograf containers -# - -here=$(dirname "$0") - -if [[ -z $HOST ]]; then - HOST=metrics.solana.com -fi -echo "HOST: $HOST" - -: "${INFLUXDB_IMAGE:=influxdb:1.7}" -: "${CHRONOGRAF_IMAGE:=chronograf:1.9.4}" -: "${GRAFANA_IMAGE:=grafana/grafana:9.4.7}" -: "${PROMETHEUS_IMAGE:=prom/prometheus:v2.28.0}" -: "${ALERTMANAGER_IMAGE:=prom/alertmanager:v0.23.0}" -: "${ALERTMANAGER_DISCORD_IMAGE:=benjojo/alertmanager-discord:latest}" - -docker pull $INFLUXDB_IMAGE -docker pull $CHRONOGRAF_IMAGE -docker pull $GRAFANA_IMAGE -docker pull $PROMETHEUS_IMAGE -docker pull $ALERTMANAGER_IMAGE -docker pull $ALERTMANAGER_DISCORD_IMAGE - -for container in chronograf chronograf_8889 prometheus alertmanager alertmanager-discord grafana kapacitor; do - [[ -w /var/lib/$container ]] - [[ -x /var/lib/$container ]] - - ( - set +e - docker kill $container - docker rm -f $container - exit 0 - ) -done - -docker network remove influxdb || true -docker network create influxdb -pwd -rm -rf "$here/certs" -mkdir -p "$here/certs" -chmod 700 "$here/certs" -sudo cp /etc/letsencrypt/live/"$HOST"/fullchain.pem "$here/certs/" -sudo cp /etc/letsencrypt/live/"$HOST"/privkey.pem "$here/certs/" -sudo chmod 0444 "$here"/certs/* -sudo chown buildkite-agent:buildkite-agent "$here"/certs - -here_pwd="$(realpath "$here")" - -sudo docker run -it -d \ - --memory=10g \ - --user root:root \ - --publish 9090:9090 \ - --name=prometheus \ - --volume "$here_pwd"/prometheus.yml:/etc/prometheus/prometheus.yml \ - --volume "$here_pwd"/first_rules.yml:/etc/prometheus/first_rules.yml \ - --volume /prometheus/prometheus/data:/prometheus \ - --volume /etc/hosts:/etc/hosts \ - $PROMETHEUS_IMAGE - -sudo docker run -it -d \ - --memory=10g \ - --user root:root \ - --publish 9093:9093 \ - --name=alertmanager \ - --volume "$here_pwd"/alertmanager.yml:/etc/alertmanager/alertmanager.yml \ - --volume /etc/hosts:/etc/hosts \ - $ALERTMANAGER_IMAGE - -sudo docker run -it -d \ - --memory=10g \ - --publish 9094:9094 \ - --name=alertmanager-discord \ - --env DISCORD_WEBHOOK="$DISCORD_WEBHOOK_ALERTMANAGER" \ - $ALERTMANAGER_DISCORD_IMAGE - -sudo docker run \ - --memory=10g \ - --detach \ - --name=grafana \ - --net=influxdb \ - --publish 3000:3000 \ - --user root:root \ - --env GF_PATHS_CONFIG=/grafana.ini \ - --env GF_AUTH_GITHUB_CLIENT_ID="$GITHUB_CLIENT_ID" \ - --env GF_AUTH_GITHUB_CLIENT_SECRET="$GITHUB_CLIENT_SECRET" \ - --env GF_SECURITY_ADMIN_USER="$ADMIN_USER_GRAFANA" \ - --env GF_SECURITY_ADMIN_PASSWORD="$ADMIN_PASSWORD_GRAFANA" \ - --volume "$here_pwd"/certs:/certs:ro \ - --volume "$here_pwd"/grafana-"$HOST".ini:/grafana.ini:ro \ - --volume /var/lib/grafana:/var/lib/grafana \ - --log-opt max-size=1g \ - --log-opt max-file=5 \ - $GRAFANA_IMAGE - -sleep 20s - -sudo docker run \ - --memory=10g \ - --detach \ - --name=chronograf_8889 \ - --env AUTH_DURATION=24h \ - --env GOOGLE_CLIENT_ID="$GOOGLE_CLIENT_ID_8889" \ - --env GOOGLE_CLIENT_SECRET="$GOOGLE_CLIENT_SECRET_8889" \ - --env PUBLIC_URL=https://metrics.solana.com:8889 \ - --env GOOGLE_DOMAINS=solana.com,jito.wtf,jumpcrypto.com,certus.one,mango.markets,influxdata.com,solana.org \ - --env TOKEN_SECRET="$TOKEN_SECRET" \ - --env TLS_PRIVATE_KEY=/certs/privkey.pem \ - --env TLS_CERTIFICATE=/certs/fullchain.pem \ - --env inactivity-duration=48h \ - --publish 8889:8888 \ - --user "$(id -u):$(id -g)" \ - --volume "$here_pwd"/certs:/certs \ - --volume /var/lib/chronograf_8889:/var/lib/chronograf \ - --log-opt max-size=1g \ - --log-opt max-file="5" \ - $CHRONOGRAF_IMAGE --influxdb-url=https://"$HOST":8086 --influxdb-username="$INFLUXDB_USERNAME" --influxdb-password="$INLUXDB_PASSWORD" --auth-duration="720h" --inactivity-duration="48h" - -sudo docker run \ - --memory=10g \ - --detach \ - --env AUTH_DURATION=24h \ - --env inactivity-duration=48h \ - --env GOOGLE_CLIENT_ID="$GOOGLE_CLIENT_ID_8888" \ - --env GOOGLE_CLIENT_SECRET="$GOOGLE_CLIENT_SECRET_8888" \ - --env PUBLIC_URL=https://metrics.solana.com:8888 \ - --env GOOGLE_DOMAINS=solana.com,jito.wtf,jumpcrypto.com,certus.one,mango.markets,influxdata.com,solana.org \ - --env TLS_CERTIFICATE=/certs/fullchain.pem \ - --env TLS_PRIVATE_KEY=/certs/privkey.pem \ - --env TOKEN_SECRET="$TOKEN_SECRET" \ - --name=chronograf \ - --net=influxdb \ - --publish 8888:8888 \ - --user 0:0 \ - --volume "$here_pwd"/certs:/certs \ - --volume /var/lib/chronograf:/var/lib/chronograf \ - --log-opt max-size=1g \ - --log-opt max-file=5 \ - $CHRONOGRAF_IMAGE --influxdb-url=https://"$HOST":8086 --auth-duration="720h" --inactivity-duration="48h" - -#shellcheck source=metrics/metrics-main/kapacitor.sh -source "$here/kapacitor.sh" - -curl -h | sed -ne '/--tlsv/p' -curl --retry 10 --retry-delay 5 -v --head https://"$HOST":8086/ping - -exit 0 diff --git a/metrics/metrics-main/status.sh b/metrics/metrics-main/status.sh deleted file mode 100755 index 28c4eeaba..000000000 --- a/metrics/metrics-main/status.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash - -here=$(dirname "$0") - -if [[ -z $HOST ]]; then - HOST=metrics.solana.com -fi -echo "HOST: $HOST" - -# List of containers -containers=("chronograf_8889" "grafana" "alertmanager" "alertmanager-discord" "prometheus" "chronograf" "kapacitor") - -# Send a message to Discord -send_discord_message() { - local message="$1" - curl -sS -H "Content-Type: application/json" -X POST -d "{\"content\": \"$message\"}" "$DISCORD_WEBHOOK" -} - -# Send a critical alert to PagerDuty -send_pagerduty_alert() { - local description="$1" - curl -sS -H "Content-Type: application/json" -X POST -d "{\"event_action\": \"trigger\", \"payload\": {\"summary\": \"$description\", \"source\": \"Docker Monitor\", \"severity\": \"critical\"}}" "$PAGERDUTY_WEBHOOK" -} - -# Iterate over the containers and check their status -for container in "${containers[@]}"; do - container_status=$(docker inspect --format '{{.State.Status}}' "$container" 2>/dev/null) - - if [ "$container_status" != "running" ]; then - send_discord_message "$container is down and it's being redeployed..." - - # Run the container.sh script to redeploy the container - chmod +x "$here/$container.sh" - "$here/$container.sh" - sleep 10 - - # Check the container status again - container_status=$(docker inspect --format '{{.State.Status}}' "$container" 2>/dev/null) - - if [ "$container_status" != "running" ]; then - send_discord_message "$container failed to redeploy and manual intervention is required" - send_pagerduty_alert "$container failed to redeploy and manual intervention is required." - else - send_discord_message "$container has been redeployed successfully" - fi - fi -done