diff options
Diffstat (limited to 'terraform/telegraf/telegraf-os/telegraf.tf')
| -rw-r--r-- | terraform/telegraf/telegraf-os/telegraf.tf | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/terraform/telegraf/telegraf-os/telegraf.tf b/terraform/telegraf/telegraf-os/telegraf.tf new file mode 100644 index 0000000..5a135b1 --- /dev/null +++ b/terraform/telegraf/telegraf-os/telegraf.tf @@ -0,0 +1,101 @@ +data "docker_registry_image" "telegraf" { + name = "telegraf:1.28.3-alpine" +} + +locals { + docker_gid = 997 + entrypoint = <<EOT +#!/bin/sh +set -x + +setcap cap_net_raw+ep /usr/bin/telegraf +setcap cap_net_bind_service+ep /usr/bin/telegraf +setcap cap_net_admin+ep /usr/bin/telegraf + +su-exec telegraf:${var.docker_gid} \ + /usr/bin/telegraf --config /telegraf.conf +EOT +} + +resource "docker_image" "telegraf" { + name = data.docker_registry_image.telegraf.name + pull_triggers = [data.docker_registry_image.telegraf.sha256_digest] +} + +resource "docker_container" "telegraf" { + image = docker_image.telegraf.image_id + name = "telegraf-os" + + provisioner "local-exec" { + command = "ansible-playbook -l ${var.ansible_host} ${path.module}/ansible-config.yml" + } + + network_mode = "host" + + mounts { + type = "bind" + source = "/" + target = "/hostfs" + read_only = true + } + + mounts { + type = "bind" + source = "/etc/trygvis/telegraf.conf" + target = "/telegraf.conf" + read_only = true + } + + mounts { + type = "bind" + source = "/var/run/docker.sock" + target = "/var/run/docker.sock" + read_only = true + } + + entrypoint = [ + "sh", + "-c", + local.entrypoint, + ] + # command = [ + # "--config", + # "/telegraf.conf" + # ] + + # Needed to get group_add to apply, if not entrypoint.sh drops the extra + # group. + # user = "telegraf:telegraf" + # group_add = [ + # "997" # for docker input + # ] + + capabilities { + add = [ + "CAP_NET_RAW", + "CAP_NET_BIND_SERVICE", + "CAP_NET_ADMIN", + ] + } + + # cmd = [ + # "sudo", + # "setcap", + # "CAP_NET_ADMIN+epi", + # "/usr/bin/telegraf" + # ] + + env = [ + "INFLUX_URL=${var.influx_url}", + "INFLUX_TOKEN=${var.influx_token}", + "INFLUX_ORGANIZATION=${var.influx_organization}", + "INFLUX_BUCKET=${var.influx_bucket}", + + "HOST_MOUNT_PREFIX=/hostfs", + "HOST_ETC=/hostfs/etc", + "HOST_PROC=/hostfs/proc", + "HOST_RUN=/hostfs/run", + "HOST_SYS=/hostfs/sys", + "HOST_VAR=/hostfs/var", + ] +} |