diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2023-10-30 15:09:26 +0100 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2023-10-31 12:15:56 +0100 |
commit | 3a7734b21b69ae533fa069f0dfa8d7e98222d159 (patch) | |
tree | 30f9fd2e575b30e2f0b529e71bab738a2565f9d7 /terraform/telegraf/conflatorio/telegraf.tf | |
parent | adde3d92ecc77a9d1583a5c08d86216a0e1bc20d (diff) | |
download | infra-3a7734b21b69ae533fa069f0dfa8d7e98222d159.tar.gz infra-3a7734b21b69ae533fa069f0dfa8d7e98222d159.tar.bz2 infra-3a7734b21b69ae533fa069f0dfa8d7e98222d159.tar.xz infra-3a7734b21b69ae533fa069f0dfa8d7e98222d159.zip |
conflatorio/telegraf
Diffstat (limited to 'terraform/telegraf/conflatorio/telegraf.tf')
-rw-r--r-- | terraform/telegraf/conflatorio/telegraf.tf | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/terraform/telegraf/conflatorio/telegraf.tf b/terraform/telegraf/conflatorio/telegraf.tf new file mode 100644 index 0000000..669476a --- /dev/null +++ b/terraform/telegraf/conflatorio/telegraf.tf @@ -0,0 +1,105 @@ +#data "docker_network" "public" { +# name = "public" +#} + +data "docker_registry_image" "telegraf" { + name = "telegraf:1.28.3-alpine" +} + +locals { + docker_gid = 997 + entrypoint = <<EOT +#!/bin/sh +set -x + +setcap cap_net_raw+ep /usr/bin/telegraf +setcap cap_net_bind_service+ep /usr/bin/telegraf +setcap cap_net_admin+ep /usr/bin/telegraf + +su-exec telegraf:${local.docker_gid} \ + /usr/bin/telegraf --config /telegraf.conf +EOT +} + +resource "docker_image" "telegraf" { + name = data.docker_registry_image.telegraf.name + pull_triggers = [data.docker_registry_image.telegraf.sha256_digest] +} + +resource "docker_container" "telegraf" { + image = docker_image.telegraf.image_id + name = "telegraf" + + provisioner "local-exec" { + command = "ansible-playbook -l ${local.ansible_host} ansible-config.yml" + } + + network_mode = "host" + + mounts { + type = "bind" + source = "/" + target = "/hostfs" + read_only = true + } + + mounts { + type = "bind" + source = "/etc/trygvis/telegraf.conf" + target = "/telegraf.conf" + read_only = true + } + + mounts { + type = "bind" + source = "/var/run/docker.sock" + target = "/var/run/docker.sock" + read_only = true + } + + entrypoint = [ + "sh", + "-c", + local.entrypoint, + ] +# command = [ +# "--config", +# "/telegraf.conf" +# ] + + # Needed to get group_add to apply, if not entrypoint.sh drops the extra + # group. +# user = "telegraf:telegraf" +# group_add = [ +# "997" # for docker input +# ] + + capabilities { + add = [ + "CAP_NET_RAW", + "CAP_NET_BIND_SERVICE", + "CAP_NET_ADMIN", + ] + } + + # cmd = [ + # "sudo", + # "setcap", + # "CAP_NET_ADMIN+epi", + # "/usr/bin/telegraf" + # ] + + env = [ + "INFLUX_URL=${local.influx_url}", + "INFLUX_TOKEN=${local.influx_token}", + "INFLUX_ORGANIZATION=${local.influx_organization}", + "INFLUX_BUCKET=${local.influx_bucket}", + + "HOST_MOUNT_PREFIX=/hostfs", + "HOST_ETC=/hostfs/etc", + "HOST_PROC=/hostfs/proc", + "HOST_RUN=/hostfs/run", + "HOST_SYS=/hostfs/sys", + "HOST_VAR=/hostfs/var", + ] +} |