diff options
| author | Carsten Feuls | 2019-02-14 16:20:07 +0100 |
|---|---|---|
| committer | Carsten Feuls | 2019-02-14 16:20:07 +0100 |
| commit | 04830907a7aac633f58011fc2b30a4dd4331481b (patch) | |
| tree | 7df44650fec4823e994e71030b0589b65e61b936 | |
| parent | 277f6ea8e978bd5e0ed33385b3acf1e67febfdc9 (diff) | |
| download | aur-04830907a7aac633f58011fc2b30a4dd4331481b.tar.gz | |
Rewrite Config Files an add separat Systemd Service for every part
| -rw-r--r-- | .SRCINFO | 28 | ||||
| -rw-r--r-- | .gitignore | 4 | ||||
| -rw-r--r-- | PKGBUILD | 51 | ||||
| -rw-r--r-- | thanos-compact.conf | 47 | ||||
| -rw-r--r-- | thanos-compact.service | 30 | ||||
| -rw-r--r-- | thanos-query.conf | 172 | ||||
| -rw-r--r-- | thanos-query.service | 54 | ||||
| -rw-r--r-- | thanos-rule.conf | 175 | ||||
| -rw-r--r-- | thanos-rule.service | 55 | ||||
| -rw-r--r-- | thanos-sidecar.conf | 97 | ||||
| -rw-r--r-- | thanos-sidecar.service | 44 | ||||
| -rw-r--r-- | thanos-store.conf | 120 | ||||
| -rw-r--r-- | thanos-store.service | 50 | ||||
| -rw-r--r-- | thanos.conf | 2 | ||||
| -rw-r--r-- | thanos.service | 21 |
15 files changed, 906 insertions, 44 deletions
@@ -1,9 +1,9 @@ # Generated by mksrcinfo v8 -# Tue Feb 12 19:06:57 UTC 2019 +# Thu Feb 14 15:18:52 UTC 2019 pkgbase = prometheus-thanos pkgdesc = Highly available Prometheus setup with long term storage capabilities. (binary, not built from source) pkgver = 0.3.0 - pkgrel = 1 + pkgrel = 2 url = https://github.com/improbable-eng/thanos arch = x86_64 license = Apache @@ -12,12 +12,28 @@ pkgbase = prometheus-thanos backup = etc/thanos/query.conf backup = etc/thanos/rule.conf backup = etc/thanos/compact.conf - source_x86_64 = thanos.service - source_x86_64 = thanos.conf + source_x86_64 = thanos-sidecar.service + source_x86_64 = thanos-store.service + source_x86_64 = thanos-query.service + source_x86_64 = thanos-rule.service + source_x86_64 = thanos-compact.service + source_x86_64 = thanos-sidecar.conf + source_x86_64 = thanos-store.conf + source_x86_64 = thanos-query.conf + source_x86_64 = thanos-rule.conf + source_x86_64 = thanos-compact.conf source_x86_64 = thanos.sysuser source_x86_64 = https://github.com/improbable-eng/thanos/releases/download/v0.3.0/thanos-0.3.0.linux-amd64.tar.gz - sha256sums_x86_64 = 3bb9ad1cc585cc69ce2177e5d219fb190823b076c7f8414a0ef07da2eea375cd - sha256sums_x86_64 = 97a2a76ded469808b7d086dc02a63a9f45c535831763fc33ebd99528dceb437e + sha256sums_x86_64 = b1b266f51d558b9ca6c9b726c697c72a91e6979ac841b4f5991ae17cd35ad2f2 + sha256sums_x86_64 = b48a1cdd78c56e010655a015bd89a06ae8b8ba9043aba7a518a9254a735b8f5d + sha256sums_x86_64 = f14e3dab682a4e2777ed4c02da1d2be677327f166588767047aa10e853f7d928 + sha256sums_x86_64 = 0e8b5a5be042c6bdb1f279bd835720007d13ea7624592aab0703fc1b8c871b75 + sha256sums_x86_64 = 03b829963a127cd8d65cd3da331a36cd8309517baad46aaed411ac16adb7f3f7 + sha256sums_x86_64 = ee773959c8a399ebef04c55bdef28767e3fe9618216515a9070489e587969721 + sha256sums_x86_64 = 5213e5e7187acddb5c2199782fdd0ca85aad93c221162c020c1cea1607b12a0c + sha256sums_x86_64 = 29b5dc83449240ecd9554cead75196e4e4843da3b2ce62db66c9bac04c847027 + sha256sums_x86_64 = f9eca0f9a2751255af2a1f3b992cd8a168851a296e0466c7c4a47ec804f46f74 + sha256sums_x86_64 = 572baa54d9191e7a26865efde62b9170cea41fdc5c94131ae2089b4b3961d3ab sha256sums_x86_64 = 0d2ee33fa0a91ea2a93c652fdcc8d50f2b69a3598bc6819f14c57239ce3fcc82 sha256sums_x86_64 = fe1cb7ed940dac645309bbf0ce99c278ded8727a6cab9842bd9f572d205f60a6 diff --git a/.gitignore b/.gitignore index 53be7b49c4d0..dd68b8693137 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,6 @@ !PKGBUILD !.SRCINFO !thanos -!thanos.service +!*.service !thanos.sysuser -!thanos.conf +!*.conf @@ -3,7 +3,7 @@ _pkgname=thanos pkgname=prometheus-$_pkgname pkgver=0.3.0 -pkgrel=1 +pkgrel=2 pkgdesc="Highly available Prometheus setup with long term storage capabilities. (binary, not built from source)" arch=("x86_64") url="https://github.com/improbable-eng/thanos" @@ -16,12 +16,28 @@ backup=("etc/thanos/sidecar.conf" "etc/thanos/rule.conf" "etc/thanos/compact.conf") -source_x86_64=("thanos.service" - "thanos.conf" +source_x86_64=("thanos-sidecar.service" + "thanos-store.service" + "thanos-query.service" + "thanos-rule.service" + "thanos-compact.service" + "thanos-sidecar.conf" + "thanos-store.conf" + "thanos-query.conf" + "thanos-rule.conf" + "thanos-compact.conf" "thanos.sysuser" "https://github.com/improbable-eng/$_pkgname/releases/download/v$pkgver/$_pkgname-$pkgver.linux-amd64.tar.gz") -sha256sums_x86_64=('3bb9ad1cc585cc69ce2177e5d219fb190823b076c7f8414a0ef07da2eea375cd' - '97a2a76ded469808b7d086dc02a63a9f45c535831763fc33ebd99528dceb437e' +sha256sums_x86_64=('b1b266f51d558b9ca6c9b726c697c72a91e6979ac841b4f5991ae17cd35ad2f2' + 'b48a1cdd78c56e010655a015bd89a06ae8b8ba9043aba7a518a9254a735b8f5d' + 'f14e3dab682a4e2777ed4c02da1d2be677327f166588767047aa10e853f7d928' + '0e8b5a5be042c6bdb1f279bd835720007d13ea7624592aab0703fc1b8c871b75' + '03b829963a127cd8d65cd3da331a36cd8309517baad46aaed411ac16adb7f3f7' + 'ee773959c8a399ebef04c55bdef28767e3fe9618216515a9070489e587969721' + '5213e5e7187acddb5c2199782fdd0ca85aad93c221162c020c1cea1607b12a0c' + '29b5dc83449240ecd9554cead75196e4e4843da3b2ce62db66c9bac04c847027' + 'f9eca0f9a2751255af2a1f3b992cd8a168851a296e0466c7c4a47ec804f46f74' + '572baa54d9191e7a26865efde62b9170cea41fdc5c94131ae2089b4b3961d3ab' '0d2ee33fa0a91ea2a93c652fdcc8d50f2b69a3598bc6819f14c57239ce3fcc82' 'fe1cb7ed940dac645309bbf0ce99c278ded8727a6cab9842bd9f572d205f60a6') @@ -32,17 +48,26 @@ package() { install -D -m0755 thanos "${pkgdir}/usr/bin/thanos" # Install SystemD Service File - install -D -m0644 "${srcdir}/thanos.service" "${pkgdir}/usr/lib/systemd/system/thanos@.service" + install -D -m0644 "${srcdir}/thanos-sidecar.service" "${pkgdir}/usr/lib/systemd/system/thanos-sidecar.service" + install -D -m0644 "${srcdir}/thanos-store.service" "${pkgdir}/usr/lib/systemd/system/thanos-store.service" + install -D -m0644 "${srcdir}/thanos-query.service" "${pkgdir}/usr/lib/systemd/system/thanos-query.service" + install -D -m0644 "${srcdir}/thanos-rule.service" "${pkgdir}/usr/lib/systemd/system/thanos-rule.service" + install -D -m0644 "${srcdir}/thanos-compact.service" "${pkgdir}/usr/lib/systemd/system/thanos-compact.service" install -D -m0644 "${srcdir}/thanos.sysuser" "${pkgdir}/usr/lib/sysusers.d/thanos.conf" - install -d -m0655 -o212 -g212 "${pkgdir}/etc/thanos/" - install -d -m0655 -o212 -g212 "${pkgdir}/var/lib/thanos" + install -d -m0755 -o212 -g212 "${pkgdir}/etc/thanos/" + install -d -m0755 -o212 -g212 "${pkgdir}/etc/thanos/rules/" + install -d -m0755 -o212 -g212 "${pkgdir}/var/lib/thanos/compact/" + install -d -m0755 -o212 -g212 "${pkgdir}/var/lib/thanos/rule/" + install -d -m0755 -o212 -g212 "${pkgdir}/var/lib/thanos/sidecar/" + install -d -m0755 -o212 -g212 "${pkgdir}/var/lib/thanos/sidecar/upload" + ln -s "/var/lib/prometheus/data/wal" "${pkgdir}/var/lib/thanos/sidecar/wal" # Install thanos config - install -D -m644 -o212 -g212 "${srcdir}/thanos.conf" "${pkgdir}/etc/thanos/sidecar.conf" - install -D -m644 -o212 -g212 "${srcdir}/thanos.conf" "${pkgdir}/etc/thanos/store.conf" - install -D -m644 -o212 -g212 "${srcdir}/thanos.conf" "${pkgdir}/etc/thanos/query.conf" - install -D -m644 -o212 -g212 "${srcdir}/thanos.conf" "${pkgdir}/etc/thanos/rule.conf" - install -D -m644 -o212 -g212 "${srcdir}/thanos.conf" "${pkgdir}/etc/thanos/compact.conf" + install -D -m644 -o212 -g212 "${srcdir}/thanos-sidecar.conf" "${pkgdir}/etc/thanos/sidecar.conf" + install -D -m644 -o212 -g212 "${srcdir}/thanos-store.conf" "${pkgdir}/etc/thanos/store.conf" + install -D -m644 -o212 -g212 "${srcdir}/thanos-query.conf" "${pkgdir}/etc/thanos/query.conf" + install -D -m644 -o212 -g212 "${srcdir}/thanos-rule.conf" "${pkgdir}/etc/thanos/rule.conf" + install -D -m644 -o212 -g212 "${srcdir}/thanos-compact.conf" "${pkgdir}/etc/thanos/compact.conf" } diff --git a/thanos-compact.conf b/thanos-compact.conf new file mode 100644 index 000000000000..5d858d31fe6f --- /dev/null +++ b/thanos-compact.conf @@ -0,0 +1,47 @@ +# Log filtering level. +LOG_LEVEL="--log.level=info" + +# Log format to use. +LOG_FORMAT="--log.format=logfmt" + +# GCP project to send Google Cloud Trace tracings to. +# If empty, tracing will be disabled. +#GCLOUDTRACE_PROJECT="--gcloudtrace.project=GCLOUDTRACE.PROJECT" + +# How often we send traces (1/<sample-factor>). +# If 0 no trace will be sent periodically, unless forced +# by baggage item. See `pkg/tracing/tracing.go` for details. +#GCLOUDTRACE_SAMPLE="--gcloudtrace.sample-factor=1" + +# Listen host:port for HTTP endpoints. +#HTTP_ADDRESS="--http-address=0.0.0.0:10902" + +# Data directory in which to cache blocks and process compactions. +DATA_DIR="--data-dir=/var/lib/thanos/compact/data" + +# Path to YAML file that contains object store configuration. +#OBJSTORE_CONFIG_FILE="--objstore.config-file=<bucket.config-yaml-path>" + +# Alternative to 'objstore.config-file' flag. Object +# store configuration in YAML. +#OBJSTORE_CONFIG"--objstore.config=<bucket.config-yaml>" + +# Minimum age of fresh (non-compacted) blocks before +# they are being processed. +#SYNC_DELAY="--sync-delay=30m" + +# How long to retain raw samples in bucket. +# 0d - disables this retention +RETENTION_RESOLUTION_RAW="--retention.resolution-raw=0d" + +# How long to retain samples of resolution 1 (5 +# minutes) in bucket. 0d - disables this retention +RETENTION_RESOLUTION_5M="--retention.resolution-5m=0d" + +# How long to retain samples of resolution 2 (1 hour) +# in bucket. 0d - disables this retention +RETENTION_RESOLUTION="--retention.resolution-1h=0d" + +# Do not exit after all compactions have been processed +# and wait for new work. +WAIT="--wait" diff --git a/thanos-compact.service b/thanos-compact.service new file mode 100644 index 000000000000..56bcbb809c63 --- /dev/null +++ b/thanos-compact.service @@ -0,0 +1,30 @@ +[Unit] +Description=Thanos Compact +Requires=network-online.target +After=network-online.target + +[Service] +User=thanos +Group=thanos +Restart=on-failure +EnvironmentFile=-/etc/thanos/compact.conf +ExecStart=/usr/bin/thanos comact \ + $LOG_LEVEL \ + $LOG_FORMAT \ + $GCLOUDTRACE_PROJECT \ + $GCLOUDTRACE_SAMPLE \ + $HTTP_ADDRESS \ + $DATA_DIR \ + $OBJSTORE_CONFIG_FILE \ + $OBJSTORE_CONFIG \ + $SYNC_DELAY \ + $RETENTION_RESOLUTION_RAW \ + $RETENTION_RESOLUTION_5M \ + $RETENTION_RESOLUTION \ + $WAIT +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target + + diff --git a/thanos-query.conf b/thanos-query.conf new file mode 100644 index 000000000000..77174ff953f6 --- /dev/null +++ b/thanos-query.conf @@ -0,0 +1,172 @@ +# Log filtering level. +LOG_LEVEL="--log.level=info" + +# Log format to use. +LOG_FORMAT="--log.format=logfmt" + +# GCP project to send Google Cloud Trace tracings to. +# If empty, tracing will be disabled. +#GCLOUDTRACE_PROJECT="--gcloudtrace.project=GCLOUDTRACE.PROJECT" + +# How often we send traces (1/<sample-factor>). +# If 0 no trace will be sent periodically, unless forced +# by baggage item. See `pkg/tracing/tracing.go` for details. +#GCLOUDTRACE_SAMPLE="--gcloudtrace.sample-factor=1" + +# Listen ip:port address for gRPC endpoints (StoreAPI). +# Make sure this address is routable from other components +# if you use gossip, 'grpc-advertise-address' +# is empty and you require cross-node connection. +#GRPC_ADDRESS="--grpc-address=0.0.0.0:10901" + +# Explicit (external) host:port address to advertise +# for gRPC StoreAPI in gossip cluster. If empty, 'grpc-address' will be used. +#GRPC_ADVERTISE_ADDRESS="--grpc-advertise-address=GRPC-ADVERTISE-ADDRESS" + +# TLS Certificate for gRPC server, leave blank to disable TLS +#GRPC_SERVER_TLS_CERT="--grpc-server-tls-cert=" + +# TLS Key for the gRPC server, leave blank to disable TLS +#GRPC_SERVER_TLS_KEY="--grpc-server-tls-key=" + +# TLS CA to verify clients against. If no client CA is specified, +# there is no client verification on server side. (tls.NoClientCert) +#GRPC_SERVER_TLS_CLIENT_CA="--grpc-server-tls-client-ca=" + +# Listen host:port for HTTP endpoints. +#HTTP_ADDRESS="--http-address=0.0.0.0:10902" + +# Listen ip:port address for gossip cluster. +#CLUSTER_ADDRESS="--cluster.address=0.0.0.0:10900" + +# Explicit (external) ip:port address to advertise for gossip +# in gossip cluster. Used internally for membership only. +#CLUSTER_ADVERTISE_ADDRESS="--cluster.advertise-address=" + +# Initial peers to join the cluster. It can be either <ip:port>, +# or <domain:port>. A lookup resolution is done only at the startup. +#CLUSTER_PEERS="--cluster.peers=" + +# Interval between sending gossip messages. +# By lowering this value (more frequent) gossip messages are propagated +# across the cluster more quickly at the expense of increased bandwidth. +# Default is used from a specified network-type. +#CLUSTER_GOSSIP_INTERVAL="--cluster.gossip-interval=" + +# Interval for gossip state syncs. Setting this interval lower (more frequent) +# will increase convergence speeds across larger clusters at the expense of +# increased bandwidth usage. Default is used from a specified network-type. +#CLUSTER_PUSHPULL_INTERVAL="--cluster.pushpull-interval=" + +# Interval for membership to refresh cluster.peers state, 0 disables refresh. +#CLUSTER_REFRESH_INTERVAL="--cluster.refresh-interval=1m" + +# Initial secret key to encrypt cluster gossip. +# Can be one of AES-128, AES-192, or AES-256 in hexadecimal format. +#CLUSTER_SECRET_KEY="--cluster.secret-key=CLUSTER.SECRET-KEY" + +# Network type with predefined peers configurations. +# Sets of configurations accounting the latency differences between network types: local, lan, wan. +CLUSTER_NETWORK_TYPE="--cluster.network-type=lan" + +# If true gossip will be disabled and no cluster related server will be started. +#CLUSTER_DISABLE="--cluster.disable" + +# Explicit (external) host:port address to +# advertise for HTTP QueryAPI in gossip cluster. +# If empty, 'http-address' will be used. +#HTTP_ADVERTISE_ADDRESS="--http-advertise-address=HTTP-ADVERTISE-ADDRESS" + +# Use TLS when talking to the gRPC server +#GRPC_CLIENT_TLS_SECURE="--grpc-client-tls-secure" + +# TLS Certificates to use to identify this client +# to the server +#GRPC_CLIENT_TLS_CERT="--grpc-client-tls-cert=" + +# TLS Key for the client's certificate +#GRPC_CLIENT_TLS_KEY="--grpc-client-tls-key=" + +# TLS CA Certificates to use to verify gRPC +# servers +#GRPC_CLIENT_TLS_CA="--grpc-client-tls-ca=" + +# Server name to verify the hostname on the +# returned gRPC certificates. See +# https://tools.ietf.org/html/rfc4366#section-3.1 +#GRPC_CLIENT_SERVER_NAME="--grpc-client-server-name=" + +# Prefix for API and UI endpoints. This allows +# thanos UI to be served on a sub-path. This +# option is analogous to --web.route-prefix of +# Promethus. +#WEB_ROUTE_PREFIX="--web.route-prefix=" + +# Static prefix for all HTML links and redirect +# URLs in the UI query web interface. Actual +# endpoints are still served on / or the +# web.route-prefix. This allows thanos UI to be +# served behind a reverse proxy that strips a URL +# sub-path. +#WEB_EXTERNAL_PREFIX="--web.external-prefix=" + +# Name of HTTP request header used for dynamic +# prefixing of UI links and redirects. This +# option is ignored if web.external-prefix +# argument is set. Security risk: enable this +# option only if a reverse proxy in front of +# thanos is resetting the header. The +# --web.prefix-header=X-Forwarded-Prefix option +# can be useful, for example, if Thanos UI is +# served via Traefik reverse proxy with +# PathPrefixStrip option enabled, which sends the +# stripped prefix value in X-Forwarded-Prefix +# header. This allows thanos UI to be served on a +# sub-path. +#WEB_PREFIX_HEADER="--web.prefix-header=" + +# Maximum time to process query by query node. +QUERY_TIMEOUT="--query.timeout=2m" + +# Maximum number of queries processed +# concurrently by query node. +QUERY_MAX_CONCURRENT="--query.max-concurrent=20" + +# Label to treat as a replica indicator along +# which data is deduplicated. Still you will be +# able to query without deduplication using +# 'dedup=false' parameter. +#QUERY_REPLICA_LABEL="--query.replica-label=QUERY.REPLICA-LABEL" + +# Query selector labels that will be exposed in +# info endpoint (repeated). +#SELECTOR_LABEL="--selector-label=<name>=<value>" + +# Addresses of statically configured store API +# servers (repeatable). The scheme may be +# prefixed with 'dns+' or 'dnssrv+' to detect +# store API servers through respective DNS +# lookups. +#STORE="--store=" + +# Path to files that contain addresses of store +# API servers. The path can be a glob pattern +# (repeatable). +#STORE_SD_FILES="--store.sd-files=<path>" + +# Refresh interval to re-read file SD files. +# It is used as a resync fallback. +#STORE_SD_INTERVAL="--store.sd-interval=5m" + +# Interval between DNS resolutions. +#STORE_SD_DNS_INTERVAL="--store.sd-dns-interval=30s" + +# Enable automatic adjustment (step / 5) to what +# source of data should be used in store gateways +# if no max_source_resolution param is specified. +QUERY_AUTO_DOWNSAMPLING="--query.auto-downsampling" + +# Enable partial response for queries if no +# partial_response param is specified. +QUERY_PARTIAL_RESPONSE="--query.partial-response" + diff --git a/thanos-query.service b/thanos-query.service new file mode 100644 index 000000000000..8fd9c68a12a6 --- /dev/null +++ b/thanos-query.service @@ -0,0 +1,54 @@ +[Unit] +Description=Thanos Query node exposing PromQL enabled Query API with data retrieved from multiple store nodes +Requires=network-online.target +After=network-online.target + +[Service] +User=thanos +Group=thanos +Restart=on-failure +EnvironmentFile=-/etc/thanos/query.conf +ExecStart=/usr/bin/thanos query \ + $LOG_LEVEL \ + $LOG_FORMAT \ + $GCLOUDTRACE_PROJECT \ + $GCLOUDTRACE_SAMPLE \ + $GRPC_ADDRESS \ + $GRPC_ADVERTISE_ADDRESS \ + $GRPC_SERVER_TLS_CERT \ + $GRPC_SERVER_TLS_KEY \ + $GRPC_SERVER_TLS_CLIENT_CA \ + $HTTP_ADDRESS \ + $CLUSTER_ADDRESS \ + $CLUSTER_ADVERTISE_ADDRESS \ + $CLUSTER_PEERS \ + $CLUSTER_GOSSIP_INTERVAL \ + $CLUSTER_PUSHPULL_INTERVAL \ + $CLUSTER_REFRESH_INTERVAL \ + $CLUSTER_SECRET_KEY \ + $CLUSTER_NETWORK_TYPE \ + $CLUSTER_DISABLE \ + $HTTP_ADVERTISE_ADDRESS \ + $GRPC_CLIENT_TLS_SECURE \ + $GRPC_CLIENT_TLS_CERT \ + $GRPC_CLIENT_TLS_KEY \ + $GRPC_CLIENT_TLS_CA \ + $GRPC_CLIENT_SERVER_NAME \ + $WEB_ROUTE_PREFIX \ + $WEB_EXTERNAL_PREFIX \ + $WEB_PREFIX_HEADER \ + $QUERY_TIMEOUT \ + $QUERY_MAX_CONCURRENT \ + $QUERY_REPLICA_LABEL \ + $SELECTOR_LABEL \ + $STORE \ + $STORE_SD_FILES \ + $STORE_SD_INTERVAL \ + $STORE_SD_DNS_INTERVAL \ + $QUERY_AUTO_DOWNSAMPLING \ + $QUERY_PARTIAL_RESPONSE +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target + diff --git a/thanos-rule.conf b/thanos-rule.conf new file mode 100644 index 000000000000..2c02bb93b201 --- /dev/null +++ b/thanos-rule.conf @@ -0,0 +1,175 @@ +# Log filtering level. +LOG_LEVEL="--log.level=info" + +# Log format to use. +LOG_FORMAT="--log.format=logfmt" + +# GCP project to send Google Cloud Trace tracings to. +# If empty, tracing will be disabled. +#GCLOUDTRACE_PROJECT="--gcloudtrace.project=GCLOUDTRACE.PROJECT" + +# How often we send traces (1/<sample-factor>). +# If 0 no trace will be sent periodically, unless forced +# by baggage item. See `pkg/tracing/tracing.go` for details. +#GCLOUDTRACE_SAMPLE="--gcloudtrace.sample-factor=1" + +# Listen ip:port address for gRPC endpoints (StoreAPI). +# Make sure this address is routable from other components +# if you use gossip, 'grpc-advertise-address' +# is empty and you require cross-node connection. +#GRPC_ADDRESS="--grpc-address=0.0.0.0:10901" + +# Explicit (external) host:port address to advertise +# for gRPC StoreAPI in gossip cluster. If empty, 'grpc-address' will be used. +#GRPC_ADVERTISE_ADDRESS="--grpc-advertise-address=GRPC-ADVERTISE-ADDRESS" + +# TLS Certificate for gRPC server, leave blank to disable TLS +#GRPC_SERVER_TLS_CERT="--grpc-server-tls-cert=" + +# TLS Key for the gRPC server, leave blank to disable TLS +#GRPC_SERVER_TLS_KEY="--grpc-server-tls-key=" + +# TLS CA to verify clients against. If no client CA is specified, +# there is no client verification on server side. (tls.NoClientCert) +#GRPC_SERVER_TLS_CLIENT_CA="--grpc-server-tls-client-ca=" + +# Listen host:port for HTTP endpoints. +#HTTP_ADDRESS="--http-address=0.0.0.0:10902" + +# Listen ip:port address for gossip cluster. +#CLUSTER_ADDRESS="--cluster.address=0.0.0.0:10900" + +# Explicit (external) ip:port address to advertise for gossip +# in gossip cluster. Used internally for membership only. +#CLUSTER_ADVERTISE_ADDRESS="--cluster.advertise-address=" + +# Initial peers to join the cluster. It can be either <ip:port>, +# or <domain:port>. A lookup resolution is done only at the startup. +#CLUSTER_PEERS="--cluster.peers=" + +# Interval between sending gossip messages. +# By lowering this value (more frequent) gossip messages are propagated +# across the cluster more quickly at the expense of increased bandwidth. +# Default is used from a specified network-type. +#CLUSTER_GOSSIP_INTERVAL="--cluster.gossip-interval=" + +# Interval for gossip state syncs. Setting this interval lower (more frequent) +# will increase convergence speeds across larger clusters at the expense of +# increased bandwidth usage. Default is used from a specified network-type. +#CLUSTER_PUSHPULL_INTERVAL="--cluster.pushpull-interval=" + +# Interval for membership to refresh cluster.peers state, 0 disables refresh. +#CLUSTER_REFRESH_INTERVAL="--cluster.refresh-interval=1m" + +# Initial secret key to encrypt cluster gossip. +# Can be one of AES-128, AES-192, or AES-256 in hexadecimal format. +#CLUSTER_SECRET_KEY="--cluster.secret-key=CLUSTER.SECRET-KEY" + +# Network type with predefined peers configurations. +# Sets of configurations accounting the latency differences between network types: local, lan, wan. +#CLUSTER_NETWORK_TYPE="--cluster.network-type=lan" + +# If true gossip will be disabled and no cluster related server will be started. +#CLUSTER_DISABLE="--cluster.disable" + +# Labels to be applied to all generated metrics +# (repeated). Similar to external labels for +# Prometheus, used to identify ruler and its +# blocks as unique source. +#LABEL="--label=<name>=<value>" + +# data directory +DATA="--data-dir=/var/lib/thanos/rule" + +# Rule files that should be used by rule manager. +# Can be in glob format (repeated). +#RULE_FILE"--rule-file=/etc/thanos/rules/" + +# The default evaluation interval to use. +#EVAL_INTERVAL="--eval-interval=30s" + +# Block duration for TSDB block. +TSDB_BLOCK="--tsdb.block-duration=2h" + +# Block retention time on local disk. +TSDB_RETENTION="--tsdb.retention=48h" + +# Alertmanager replica URLs to push firing +# alerts. Ruler claims success if push to at +# least one alertmanager from discovered +# succeeds. The scheme may be prefixed with +# 'dns+' or 'dnssrv+' to detect Alertmanager IPs +# through respective DNS lookups. The port +# defaults to 9093 or the SRV record's value. The +# URL path is used as a prefix for the regular +# Alertmanager API path. +#ALERTMANAGERS_URL="--alertmanagers.url=ALERTMANAGERS.URL" + +# Timeout for sending alerts to alertmanager +#ALERTMANAGERS_SEND="--alertmanagers.send-timeout=10s" + +# The external Thanos Query URL that would be set +# in all alerts 'Source' field +#ALERT_QUERY_URL="--alert.query-url=ALERT.QUERY-URL" + +# Labels by name to drop before sending to +# alertmanager. This allows alert to be +# deduplicated on replica label (repeated). +# Similar Prometheus alert relabelling +#ALERT_LABEL_DROP="--alert.label-drop=ALERT.LABEL-DROP" + +# Prefix for API and UI endpoints. This allows +# thanos UI to be served on a sub-path. This +# option is analogous to --web.route-prefix of +# Promethus. +#WEB_ROUTE_PREFIX="--web.route-prefix=" + +# Static prefix for all HTML links and redirect +# URLs in the UI query web interface. Actual +# endpoints are still served on / or the +# web.route-prefix. This allows thanos UI to be +# served behind a reverse proxy that strips a URL +# sub-path. +#WEB_EXTERNAL_PREFIX="--web.external-prefix=" + +# Name of HTTP request header used for dynamic +# prefixing of UI links and redirects. This +# option is ignored if web.external-prefix +# argument is set. Security risk: enable this +# option only if a reverse proxy in front of +# thanos is resetting the header. +# The--web.prefix-header=X-Forwarded-Prefix option +# can be useful, for example, if Thanos UI is +# served via Traefik reverse proxy with +# PathPrefixStrip option enabled, which sends the +# stripped prefix value in X-Forwarded-Prefix +# header. This allows thanos UI to be served on a +# sub-path. +#WEB_PREFIX_HEADERS="--web.prefix-header=" + +# Path to YAML file that contains object store +# configuration. +#OBJSTORE_CONFIG_FILE="--objstore.config-file=<bucket.config-yaml-path>" + +# Alternative to 'objstore.config-file' flag. +# Object store configuration in YAML. +#OBJSTORE_CONFIG="--objstore.config=<bucket.config-yaml>" + +# Addresses of statically configured query API +# servers (repeatable). The scheme may be +# prefixed with 'dns+' or 'dnssrv+' to detect +# query API servers through respective DNS lookups. +#QUERY="--query=<query>" + +# Path to file that contain addresses of query +# peers. The path can be a glob pattern +# (repeatable). +#QUERY_SD_FILES="--query.sd-files=<path>" + +# Refresh interval to re-read file SD files. +# (used as a fallback) +#QUERY_SD_INTERVAL="--query.sd-interval=5m" + +# Interval between DNS resolutions. +#QUERY_SD_DNS_INTERVAL="--query.sd-dns-interval=30s" + diff --git a/thanos-rule.service b/thanos-rule.service new file mode 100644 index 000000000000..99a75c9c0429 --- /dev/null +++ b/thanos-rule.service @@ -0,0 +1,55 @@ +[Unit] +Description=Thanos Ruler evaluating Prometheus rules against given Query nodes, exposing Store API and storing old blocks in bucket +Requires=network-online.target +After=network-online.target + +[Service] +User=thanos +Group=thanos +Restart=on-failure +EnvironmentFile=-/etc/thanos/rule.conf +ExecStart=/usr/bin/thanos rule \ + $LOG_LEVEL \ + $LOG_FORMAT \ + $GCLOUDTRACE_PROJECT \ + $GCLOUDTRACE_SAMPLE \ + $GRPC_ADDRESS \ + $GRPC_ADVERTISE_ADDRESS \ + $GRPC_SERVER_TLS_CERT \ + $GRPC_SERVER_TLS_KEY \ + $GRPC_SERVER_TLS_CLIENT_CA \ + $HTTP_ADDRESS \ + $CLUSTER_ADDRESS \ + $CLUSTER_ADVERTISE_ADDRESS \ + $CLUSTER_PEERS \ + $CLUSTER_GOSSIP_INTERVAL \ + $CLUSTER_PUSHPULL_INTERVAL \ + $CLUSTER_REFRESH_INTERVAL \ + $CLUSTER_SECRET_KEY \ + $CLUSTER_NETWORK_TYPE \ + $CLUSTER_DISABLE \ + $LABEL \ + $DATA \ + $RULE_FILE \ + $EVAL_INTERVAL \ + $TSDB_BLOCK \ + $TSDB_RETENTION \ + $ALERTMANAGERS_URL \ + $ALERTMANAGERS_SEND \ + $ALERT_QUERY_URL \ + $ALERT_LABEL_DROP \ + $WEB_ROUTE_PREFIX \ + $WEB_EXTERNAL_PREFIX \ + $WEB_PREFIX_HEADERS \ + $OBJSTORE_CONFIG_FILE \ + $OBJSTORE_CONFIG \ + $QUERY \ + $QUERY_SD_FILES \ + $QUERY_SD_INTERVAL \ + $QUERY_SD_DNS_INTERVAL +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target + + diff --git a/thanos-sidecar.conf b/thanos-sidecar.conf new file mode 100644 index 000000000000..0a0c23374c9b --- /dev/null +++ b/thanos-sidecar.conf @@ -0,0 +1,97 @@ +# Log filtering level. +LOG_LEVEL="--log.level=info" + +# Log format to use. +LOG_FORMAT="--log.format=logfmt" + +# GCP project to send Google Cloud Trace tracings to. +# If empty, tracing will be disabled. +#GCLOUDTRACE_PROJECT="--gcloudtrace.project=GCLOUDTRACE.PROJECT" + +# How often we send traces (1/<sample-factor>). +# If 0 no trace will be sent periodically, unless forced by baggage item. +# See `pkg/tracing/tracing.go` for details. +#GCLOUDTRACE_SAMPLE="--gcloudtrace.sample-factor=1" + +# Listen ip:port address for gRPC endpoints (StoreAPI). +# Make sure this address is routable from other components if you use gossip, +# 'grpc-advertise-address' is empty and you require cross-node connection. +#GRPC_ADDRESS="--grpc-address=0.0.0.0:10901" + +# Explicit (external) host:port address to advertise for gRPC StoreAPI +# in gossip cluster. If empty, 'grpc-address' will be used. +#GRPC_ADVERTISE_ADDRESS="--grpc-advertise-address=GRPC-ADVERTISE-ADDRESS" + +# TLS Certificate for gRPC server, leave blank to disable TLS +#GRPC_SERVER_TLS_CERT="--grpc-server-tls-cert=" + +# TLS Key for the gRPC server, leave blank to disable TLS +#GRPC_SERVER_TLS_KEY="--grpc-server-tls-key=" + +# TLS CA to verify clients against. If no client CA is specified, +# there is no client verification on server side. (tls.NoClientCert) +#GRPC_SERVER_TLS_CLIENT_CA="--grpc-server-tls-client-ca=" + +# Listen host:port for HTTP endpoints. +#HTTP_ADDRESS="--http-address=0.0.0.0:10902" + +# Listen ip:port address for gossip cluster. +#CLUSTER_ADDRESS="--cluster.address=0.0.0.0:10900" + +# Explicit (external) ip:port address to advertise for gossip in gossip cluster. +# Used internally for membership only. +#CLUSTER_ADVERTISE_ADDRESS="--cluster.advertise-address=" + +# Initial peers to join the cluster. +# It can be either <ip:port>, or <domain:port>. +# A lookup resolution is done only at the startup. +#CLUSTER_PEERS="--cluster.peers=" + +# Interval between sending gossip messages. +# By lowering this value (more frequent) gossip messages are propagated across +# the cluster more quickly at the expense of increased bandwidth. +# Default is used from a specified network-type. +#CLUSTER_GOSSIP_INTERVAL="--cluster.gossip-interval=" + +# Interval for gossip state syncs. Setting this interval lower (more frequent) +# will increase convergence speeds across larger clusters at the expense of +# increased bandwidth usage. Default is used from a specified network-type. +#CLUSTER_PUSHPULL_INTERVAL="--cluster.pushpull-interval=" + +# Interval for membership to refresh cluster.peers state, 0 disables refresh. +#CLUSTER_REFRESH_INTERVAL="--cluster.refresh-interval=1m" + +# Initial secret key to encrypt cluster gossip. +# Can be one of AES-128, AES-192, or AES-256 in hexadecimal format. +#CLUSTER_SECRET_KEY="--cluster.secret-key=CLUSTER.SECRET-KEY" + +# Network type with predefined peers configurations. +# Sets of configurations accounting the latency differences between network types: local, lan, wan. +CLUSTER_NETWORK_TYPE="--cluster.network-type=lan" + +# If true gossip will be disabled and no cluster related server will be started. +#CLUSTER_DISABLE="--cluster.disable" + +# URL at which to reach Prometheus's API. +# For better performance use local network. +#PROMETHEUS_URL="--prometheus.url=http://localhost:9090" + +# Data directory of TSDB. +TSDB_PATH="--tsdb.path=/var/lib/thanos/data" + +# Config file watched by the reloader. +#RELOADER_CONFIG="--reloader.config-file=" + +# Output file for environment variable substituted config file. +#RELOADER_CONFIG_ENVSUBST_FILE="--reloader.config-envsubst-file=" + +# Rule directories for the reloader to refresh (repeated field). +#RELOADER_RULE_DIR="--reloader.rule-dir=RELOADER.RULE-DIR" + +# Path to YAML file that contains object store configuration. +#OBJSTORE_CONFIG_FILE="--objstore.config-file=" + +# Alternative to 'objstore.config-file' flag. Object store configuration in YAML. +#OBJSTORE_CONFIG="--objstore.config=" + + diff --git a/thanos-sidecar.service b/thanos-sidecar.service new file mode 100644 index 000000000000..65af216d63d5 --- /dev/null +++ b/thanos-sidecar.service @@ -0,0 +1,44 @@ +[Unit] +Description=Thanos Sidecar for Prometheus server +Requires=network-online.target +After=network-online.target + +[Service] +User=thanos +Group=thanos +Restart=on-failure +EnvironmentFile=-/etc/thanos/sidecar.conf +ExecStart=/usr/bin/thanos sidecar \ + $LOG_LEVEL \ + $LOG_FORMAT \ + $GCLOUDTRACE_PROJECT \ + $GCLOUDTRACE_SAMPLE \ + $GRPC_ADDRESS \ + $GRPC_ADVERTISE_ADDRESS \ + $GRPC_SERVER_TLS_CERT \ + $GRPC_SERVER_TLS_KEY \ + $GRPC_SERVER_TLS_CLIENT_CA \ + $HTTP_ADDRESS \ + $CLUSTER_ADDRESS \ + $CLUSTER_ADVERTISE_ADDRESS \ + $CLUSTER_PEERS \ + $CLUSTER_GOSSIP_INTERVAL \ + $CLUSTER_PUSHPULL_INTERVAL \ + $CLUSTER_REFRESH_INTERVAL \ + $CLUSTER_SECRET_KEY \ + $CLUSTER_NETWORK_TYPE \ + $CLUSTER_DISABLE \ + $PROMETHEUS_URL \ + $TSDB_PATH \ + $RELOADER_CONFIG \ + $RELOADER_CONFIG_ENVSUBST_FILE \ + $RELOADER_RULE_DIR \ + $OBJSTORE_CONFIG_FILE \ + $OBJSTORE_CONFIG +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target + + + diff --git a/thanos-store.conf b/thanos-store.conf new file mode 100644 index 000000000000..a84de8564076 --- /dev/null +++ b/thanos-store.conf @@ -0,0 +1,120 @@ +# Log filtering level. +LOG_LEVEL="--log.level=info" + +# Log format to use. +LOG_FORMAT="--log.format=logfmt" + +# GCP project to send Google Cloud Trace tracings to. +# If empty, tracing will be disabled. +#GCLOUDTRACE_PROJECT="--gcloudtrace.project=GCLOUDTRACE.PROJECT" + +# How often we send traces (1/<sample-factor>). +# If 0 no trace will be sent periodically, unless forced by baggage item. +# See `pkg/tracing/tracing.go` for details. +#GCLOUDTRACE_SAMPLE="--gcloudtrace.sample-factor=1" + +# Listen ip:port address for gRPC endpoints (StoreAPI). +# Make sure this address is routable from other components if you use gossip, +# 'grpc-advertise-address' is empty and you require cross-node connection. +#GRPC_ADDRESS="--grpc-address=0.0.0.0:10901" + +# Explicit (external) host:port address to advertise for gRPC StoreAPI +# in gossip cluster. If empty, 'grpc-address' will be used. +#GRPC_ADVERTISE_ADDRESS="--grpc-advertise-address=GRPC-ADVERTISE-ADDRESS" + +# TLS Certificate for gRPC server, leave blank to disable TLS +#GRPC_SERVER_TLS_CERT="--grpc-server-tls-cert=" + +# TLS Key for the gRPC server, leave blank to disable TLS +#GRPC_SERVER_TLS_KEY="--grpc-server-tls-key=" + +# TLS CA to verify clients against. If no client CA is specified, +# there is no client verification on server side. (tls.NoClientCert) +#GRPC_SERVER_TLS_CLIENT_CA="--grpc-server-tls-client-ca=" + +# Listen host:port for HTTP endpoints. +#HTTP_ADDRESS="--http-address=0.0.0.0:10902" + +# Listen ip:port address for gossip cluster. +#CLUSTER_ADDRESS="--cluster.address=0.0.0.0:10900" + +# Explicit (external) ip:port address to advertise for gossip in gossip cluster. +# Used internally for membership only. +#CLUSTER_ADVERTISE_ADDRESS="--cluster.advertise-address=" + +# Initial peers to join the cluster. +# It can be either <ip:port>, or <domain:port>. +# A lookup resolution is done only at the startup. +#CLUSTER_PEERS="--cluster.peers=" + +# Interval between sending gossip messages. +# By lowering this value (more frequent) gossip messages are propagated across +# the cluster more quickly at the expense of increased bandwidth. +# Default is used from a specified network-type. +#CLUSTER_GOSSIP_INTERVAL="--cluster.gossip-interval=" + +# Interval for gossip state syncs. Setting this interval lower (more frequent) +# will increase convergence speeds across larger clusters at the expense of +# increased bandwidth usage. Default is used from a specified network-type. +#CLUSTER_PUSHPULL_INTERVAL="--cluster.pushpull-interval=" + +# Interval for membership to refresh cluster.peers state, 0 disables refresh. +#CLUSTER_REFRESH_INTERVAL="--cluster.refresh-interval=1m" + +# Initial secret key to encrypt cluster gossip. +# Can be one of AES-128, AES-192, or AES-256 in hexadecimal format. +#CLUSTER_SECRET_KEY="--cluster.secret-key=CLUSTER.SECRET-KEY" + +# Network type with predefined peers configurations. +# Sets of configurations accounting the latency differences between network types: local, lan, wan. +#CLUSTER_NETWORK_TYPE="--cluster.network-type=lan" + +# If true gossip will be disabled and no cluster related server will be started. +#CLUSTER_DISABLE="--cluster.disable" + +# URL at which to reach Prometheus's API. +# For better performance use local network. +#PROMETHEUS_URL="--prometheus.url=http://localhost:9090" + +# Data directory of TSDB. +TSDB_PATH="--tsdb.path=/var/lib/thanos/store/data" + +# Config file watched by the reloader. +#RELOADER_CONFIG="--reloader.config-file=" + +# Output file for environment variable substituted config file. +#RELOADER_CONFIG_ENVSUBST_FILE="--reloader.config-envsubst-file=" + +# Rule directories for the reloader to refresh (repeated field). +#RELOADER_RULE_DIR="--reloader.rule-dir=RELOADER.RULE-DIR" + +# Path to YAML file that contains object store configuration. +#OBJSTORE_CONFIG_FILE="--objstore.config-file=" + +# Alternative to 'objstore.config-file' flag. Object store configuration in YAML. +#OBJSTORE_CONFIG="--objstore.config=" + +# Data directory in which to cache remote blocks. +DATA_DIR="--data-dir=/var/lib/thanos/store/cache" + +# Maximum size of items held in the index cache. +INDEX_CACHE="--index-cache-size=250MB" + +# Maximum size of concurrently allocatable bytes for chunks. +CHUNK_POOL_SIZE="--chunk-pool-size=2GB" + +# Path to YAML file that contains object store configuration. +#OBJSTORE_CONFIG_FILE="--objstore.config-file=<bucket.config-yaml-path>" + +# Alternative to 'objstore.config-file' flag. +# Object store configuration in YAML. +#OBJSTORE_CONFIG="--objstore.config=<bucket.config-yaml>" + +# Repeat interval for syncing the blocks between +# local and remote view. +#SYNC_BLOCK_DURATION="--sync-block-duration=3m" + +# Number of goroutines to use when syncing blocks +# from object storage. +#SYNC_BLOCK_CONCURRENCY="--block-sync-concurrency=20" + diff --git a/thanos-store.service b/thanos-store.service new file mode 100644 index 000000000000..2f41002775fc --- /dev/null +++ b/thanos-store.service @@ -0,0 +1,50 @@ +[Unit] +Description=Thanos Store node giving access to blocks in a bucket provider. +Requires=network-online.target +After=network-online.target + +[Service] +User=thanos +Group=thanos +Restart=on-failure +EnvironmentFile=-/etc/thanos/store.conf +ExecStart=/usr/bin/thanos store \ + $LOG_LEVEL \ + $LOG_FORMAT \ + $GCLOUDTRACE_PROJECT \ + $GCLOUDTRACE_SAMPLE \ + $GRPC_ADDRESS \ + $GRPC_ADVERTISE_ADDRESS \ + $GRPC_SERVER_TLS_CERT \ + $GRPC_SERVER_TLS_KEY \ + $GRPC_SERVER_TLS_CLIENT_CA \ + $HTTP_ADDRESS \ + $CLUSTER_ADDRESS \ + $CLUSTER_ADVERTISE_ADDRESS \ + $CLUSTER_PEERS \ + $CLUSTER_GOSSIP_INTERVAL \ + $CLUSTER_PUSHPULL_INTERVAL \ + $CLUSTER_REFRESH_INTERVAL \ + $CLUSTER_SECRET_KEY \ + $CLUSTER_NETWORK_TYPE \ + $CLUSTER_DISABLE \ + $PROMETHEUS_URL \ + $TSDB_PATH \ + $RELOADER_CONFIG \ + $RELOADER_CONFIG_ENVSUBST_FILE \ + $RELOADER_RULE_DIR \ + $OBJSTORE_CONFIG_FILE \ + $OBJSTORE_CONFIG \ + $DATA_DIR \ + $INDEX_CACHE \ + $CHUNK_POOL_SIZE \ + $OBJSTORE_CONFIG_FILE \ + $OBJSTORE_CONFIG \ + $SYNC_BLOCK_DURATION \ + $SYNC_BLOCK_CONCURRENCY +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target + + diff --git a/thanos.conf b/thanos.conf deleted file mode 100644 index 82825d00008f..000000000000 --- a/thanos.conf +++ /dev/null @@ -1,2 +0,0 @@ -#THANOS_ARGS="--tsdb.path=/var/lib/prometheus/data" -#CLUSTER_ARGS="--cluster.address=0.0.0.0:10900 --cluster.network-type=lan" diff --git a/thanos.service b/thanos.service deleted file mode 100644 index 1340f503b0e2..000000000000 --- a/thanos.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=Thanos for Prometheus -Requires=network-online.target -After=network-online.target - -[Service] -User=thanos -Group=thanos -Restart=on-failure -EnvironmentFile=-/etc/thanos/%i.conf -ExecStart=/usr/bin/thanos %i $THANOS_ARGS $CLUSTER_ARGS -ExecReload=/bin/kill -HUP $MAINPID -NoNewPrivileges=true -ProtectHome=true -ProtectSystem=strict -ReadWritePaths=/var/lib/prometheus -ConfigurationDirectory=etc/thanos -StateDirectory=var/lib/thanos - -[Install] -WantedBy=multi-user.target |