126 lines
4.0 KiB
Bash
126 lines
4.0 KiB
Bash
#!/bin/bash -ex
|
|
#
|
|
# (Re)starts the InfluxDB/Chronograf containers
|
|
#
|
|
|
|
cd "$(dirname "$0")"
|
|
|
|
if [[ -z $HOST ]]; then
|
|
HOST=internal-metrics.solana.com
|
|
fi
|
|
echo "HOST: $HOST"
|
|
|
|
: "${INFLUXDB_IMAGE:=influxdb:1.7}"
|
|
: "${CHRONOGRAF_IMAGE:=chronograf:1.8.8}"
|
|
: "${GRAFANA_IMAGE:=grafana/grafana:8.3.1}"
|
|
|
|
docker pull $INFLUXDB_IMAGE
|
|
docker pull $CHRONOGRAF_IMAGE
|
|
docker pull $GRAFANA_IMAGE
|
|
|
|
for container in influxdb_internal chronograf_8888_internal chronograf_8889_internal grafana_internal; do
|
|
[[ -w /var/lib/$container ]]
|
|
[[ -x /var/lib/$container ]]
|
|
|
|
(
|
|
set +e
|
|
sudo docker kill $container
|
|
sudo docker rm -f $container
|
|
exit 0
|
|
)
|
|
done
|
|
|
|
sudo docker network remove influxdb || true
|
|
sudo docker network create influxdb
|
|
pwd
|
|
rm -rf certs
|
|
mkdir -p certs
|
|
chmod 700 certs
|
|
sudo cp /etc/letsencrypt/live/"$HOST"/fullchain.pem certs/
|
|
sudo cp /etc/letsencrypt/live/"$HOST"/privkey.pem certs/
|
|
sudo chmod 0444 certs/*
|
|
sudo chown buildkite-agent:buildkite-agent certs
|
|
|
|
sudo docker run \
|
|
--detach \
|
|
--name=grafana_internal \
|
|
--net=influxdb \
|
|
--publish 3000:3000 \
|
|
--user root:root \
|
|
--env GF_PATHS_CONFIG=/grafana.ini \
|
|
--env GF_AUTH_GOOGLE_CLIENT_ID="$GOOGLE_CLIENT_ID" \
|
|
--env GF_AUTH_GOOGLE_CLIENT_SECRET="$GOOGLE_CLIENT_SECRET" \
|
|
--env GF_SECURITY_ADMIN_USER="$ADMIN_USER_GRAFANA" \
|
|
--env GF_SECURITY_ADMIN_PASSWORD="$ADMIN_PASSWORD_GRAFANA" \
|
|
--volume "$PWD"/certs:/certs:ro \
|
|
--volume "$PWD"/grafana-"$HOST".ini:/grafana.ini:ro \
|
|
--volume /var/lib/grafana:/var/lib/grafana \
|
|
--log-opt max-size=1g \
|
|
--log-opt max-file=5 \
|
|
$GRAFANA_IMAGE
|
|
|
|
sudo docker run \
|
|
--detach \
|
|
--name=influxdb_internal \
|
|
--net=influxdb \
|
|
--publish 8086:8086 \
|
|
--user "$(id -u):$(id -g)" \
|
|
--env INFLUXDB_ADMIN_USER="$INFLUXDB_USERNAME" \
|
|
--env INFLUXDB_ADMIN_PASSWORD="$INLUXDB_PASSWORD" \
|
|
--volume "$PWD"/certs:/certs \
|
|
--volume "$PWD"/influxdb.conf:/etc/influxdb/influxdb.conf:ro \
|
|
--volume /var/lib/influxdb:/var/lib/influxdb \
|
|
--log-opt max-size=1g \
|
|
--log-opt max-file=5 \
|
|
--cpus=10 \
|
|
$INFLUXDB_IMAGE -config /etc/influxdb/influxdb.conf
|
|
|
|
sleep 20s
|
|
|
|
sudo docker run \
|
|
--detach \
|
|
--env AUTH_DURATION=24h \
|
|
--env TLS_CERTIFICATE=/certs/fullchain.pem \
|
|
--env TLS_PRIVATE_KEY=/certs/privkey.pem \
|
|
--env GOOGLE_CLIENT_ID="$GOOGLE_CLIENT_ID_8889" \
|
|
--env GOOGLE_CLIENT_SECRET="$GOOGLE_CLIENT_SECRET_8889" \
|
|
--env GOOGLE_DOMAINS=solana.com,jito.wtf,jumpcrypto.com,certus.one,mango.markets \
|
|
--env PUBLIC_URL=https://internal-metrics.solana.com:8889 \
|
|
--env TOKEN_SECRET="$TOKEN_SECRET" \
|
|
--env inactivity-duration=48h \
|
|
--name=chronograf_8889_internal \
|
|
--net=influxdb \
|
|
--publish 8889:8888 \
|
|
--user "$(id -u):$(id -g)" \
|
|
--volume "$PWD"/certs:/certs \
|
|
--volume /var/lib/chronograf_8889:/var/lib/chronograf \
|
|
--log-opt max-size=1g \
|
|
--log-opt max-file="5" \
|
|
$CHRONOGRAF_IMAGE --influxdb-url=https://"$HOST":8086 --influxdb-username="$INFLUXDB_USERNAME" --influxdb-password="$INLUXDB_PASSWORD" --auth-duration="720h" --inactivity-duration="48h"
|
|
|
|
sudo docker run \
|
|
--detach \
|
|
--env AUTH_DURATION=24h \
|
|
--env TLS_CERTIFICATE=/certs/fullchain.pem \
|
|
--env TLS_PRIVATE_KEY=/certs/privkey.pem \
|
|
--env GOOGLE_CLIENT_ID="$GOOGLE_CLIENT_ID_8888" \
|
|
--env GOOGLE_CLIENT_SECRET="$GOOGLE_CLIENT_SECRET_8888" \
|
|
--env GOOGLE_DOMAINS=solana.com,jito.wtf,jumpcrypto.com,certus.one,mango.markets \
|
|
--env PUBLIC_URL=https://internal-metrics.solana.com:8888 \
|
|
--env TOKEN_SECRET="$TOKEN_SECRET" \
|
|
--env inactivity-duration=48h \
|
|
--name=chronograf_8888_internal \
|
|
--net=influxdb \
|
|
--publish 8888:8888 \
|
|
--user "$(id -u):$(id -g)" \
|
|
--volume "$PWD"/certs:/certs \
|
|
--volume /var/lib/chronograf:/var/lib/chronograf \
|
|
--log-opt max-size=1g \
|
|
--log-opt max-file="5" \
|
|
$CHRONOGRAF_IMAGE --influxdb-url=https://"$HOST":8086 --influxdb-username="$INFLUXDB_USERNAME" --influxdb-password="$INLUXDB_PASSWORD" --auth-duration="720h" --inactivity-duration="48h"
|
|
|
|
curl -h | sed -ne '/--tlsv/p'
|
|
curl --retry 10 --retry-delay 5 -v --head https://"$HOST":8086/ping
|
|
|
|
exit 0
|