diff options
Diffstat (limited to 'terraform/telegraf/conflatorio/telegraf.tf')
| -rw-r--r-- | terraform/telegraf/conflatorio/telegraf.tf | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/terraform/telegraf/conflatorio/telegraf.tf b/terraform/telegraf/conflatorio/telegraf.tf new file mode 100644 index 0000000..669476a --- /dev/null +++ b/terraform/telegraf/conflatorio/telegraf.tf @@ -0,0 +1,105 @@ +#data "docker_network" "public" { +# name = "public" +#} + +data "docker_registry_image" "telegraf" { + name = "telegraf:1.28.3-alpine" +} + +locals { + docker_gid = 997 + entrypoint = <<EOT +#!/bin/sh +set -x + +setcap cap_net_raw+ep /usr/bin/telegraf +setcap cap_net_bind_service+ep /usr/bin/telegraf +setcap cap_net_admin+ep /usr/bin/telegraf + +su-exec telegraf:${local.docker_gid} \ + /usr/bin/telegraf --config /telegraf.conf +EOT +} + +resource "docker_image" "telegraf" { + name = data.docker_registry_image.telegraf.name + pull_triggers = [data.docker_registry_image.telegraf.sha256_digest] +} + +resource "docker_container" "telegraf" { + image = docker_image.telegraf.image_id + name = "telegraf" + + provisioner "local-exec" { + command = "ansible-playbook -l ${local.ansible_host} ansible-config.yml" + } + + network_mode = "host" + + mounts { + type = "bind" + source = "/" + target = "/hostfs" + read_only = true + } + + mounts { + type = "bind" + source = "/etc/trygvis/telegraf.conf" + target = "/telegraf.conf" + read_only = true + } + + mounts { + type = "bind" + source = "/var/run/docker.sock" + target = "/var/run/docker.sock" + read_only = true + } + + entrypoint = [ + "sh", + "-c", + local.entrypoint, + ] +# command = [ +# "--config", +# "/telegraf.conf" +# ] + + # Needed to get group_add to apply, if not entrypoint.sh drops the extra + # group. +# user = "telegraf:telegraf" +# group_add = [ +# "997" # for docker input +# ] + + capabilities { + add = [ + "CAP_NET_RAW", + "CAP_NET_BIND_SERVICE", + "CAP_NET_ADMIN", + ] + } + + # cmd = [ + # "sudo", + # "setcap", + # "CAP_NET_ADMIN+epi", + # "/usr/bin/telegraf" + # ] + + env = [ + "INFLUX_URL=${local.influx_url}", + "INFLUX_TOKEN=${local.influx_token}", + "INFLUX_ORGANIZATION=${local.influx_organization}", + "INFLUX_BUCKET=${local.influx_bucket}", + + "HOST_MOUNT_PREFIX=/hostfs", + "HOST_ETC=/hostfs/etc", + "HOST_PROC=/hostfs/proc", + "HOST_RUN=/hostfs/run", + "HOST_SYS=/hostfs/sys", + "HOST_VAR=/hostfs/var", + ] +} |