├── .gitignore
├── LICENSE
├── README.md
├── consul
    └── config
    │   └── server.json
├── dc.sh
├── dlogs.sh
├── docker-compose.primary.yml
├── docker-compose.yml
├── dr
    ├── consul
    │   └── config
    │   │   └── server.json
    ├── docker-compose.dr.yml
    ├── grafana
    │   ├── config.monitoring
    │   └── provisioning
    │   │   ├── dashboards
    │   │       ├── Docker Prometheus Monitoring-1571332751387.json
    │   │       └── dashboard.yml
    │   │   └── datasources
    │   │       └── datasource.yml
    ├── prometheus
    │   ├── alert.rules
    │   ├── prometheus.yml
    │   └── vault-metrics.hcl
    └── vault
    │   ├── api
    │       └── .keep
    │   └── config
    │       ├── vault01.hcl
    │       ├── vault02.hcl
    │       └── vault03.hcl
├── grafana
    ├── config.monitoring
    └── provisioning
    │   ├── dashboards
    │       ├── Docker Prometheus Monitoring-1571332751387.json
    │       └── dashboard.yml
    │   └── datasources
    │       └── datasource.yml
├── pki
    └── config
    │   └── vault-pki.hcl
├── prem
    └── Dockerfile
├── prometheus
    ├── alert.rules
    ├── prometheus.yml
    └── vault-metrics.hcl
├── proxy
    ├── docker-compose.yml
    └── haproxy.cfg
├── secondary
    ├── consul
    │   └── config
    │   │   └── server.json
    ├── docker-compose.secondary.yml
    ├── grafana
    │   ├── config.monitoring
    │   └── provisioning
    │   │   ├── dashboards
    │   │       ├── Docker Prometheus Monitoring-1571332751387.json
    │   │       └── dashboard.yml
    │   │   └── datasources
    │   │       └── datasource.yml
    ├── prometheus
    │   ├── alert.rules
    │   ├── prometheus.yml
    │   └── vault-metrics.hcl
    └── vault
    │   ├── api
    │       └── .keep
    │   └── config
    │       ├── vault01.hcl
    │       ├── vault02.hcl
    │       └── vault03.hcl
├── vault
    ├── api
    │   └── .keep
    └── config
    │   ├── vault01.hcl
    │   ├── vault02.hcl
    │   └── vault03.hcl
└── yapi
    ├── consul
        ├── agent-token-policy.json
        ├── test_01-acl-token.tavern.yaml
        └── vault-token-policy.json
    ├── pki
        ├── 01-enable-pki.yaml
        ├── 02-vault-certificates.yaml
        └── test_pki_consul.tavern.yaml
    ├── tickets
        ├── test_control_group_20201.tavern.yaml
        ├── test_ldap_20163.tavern.yaml
        └── test_ldap_anon.tavern.yaml
    └── vault
        ├── 01-init.yaml
        ├── 02-unseal.yaml
        ├── 03-replication_enable_primary.yaml
        ├── 04-replication_secondary_token.yaml
        ├── 05-replication_activate_secondary.yaml
        ├── 06-replication_generate_root_secondary.yaml
        ├── 07-dr-enable.yaml
        └── optional-revoke-secondary.yaml


/.gitignore:
--------------------------------------------------------------------------------
 1 | .vagrant
 2 | *~
 3 | prem/vault
 4 | data/
 5 | .pytest_cache
 6 | yapi/__pycache__
 7 | __pycache__
 8 | .vscode
 9 | secondary/consul/data
10 | secondary/vault/logs
11 | secondary/vault/api/*.json
12 | dr/consul/data
13 | dr/vault/logs
14 | dr/vault/api/*.json
15 | vault/logs
16 | vault/api/*.json
17 | consul/data
18 | pki/ca/*.pem
19 | pki/ca/*.csr


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2019 Rodrigo D. L.
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | - [What](#what)
  2 | - [Why](#why)
  3 | - [How](#how)
  4 |   - [Requirements](#requirements)
  5 |   - [Networks or Regions](#networks-or-regions)
  6 |   - [Communication between them](#communication-between-them)
  7 |   - [Initial configuration](#initial-configuration)
  8 |   - [Install yapi](#install-yapi)
  9 |   - [Start the clusters](#start-the-clusters)
 10 |   - [Start replication](#start-replication)
 11 |   - [Check that replication is up](#check-that-replication-is-up)
 12 |     - [Commands supported](#commands-supported)
 13 |   - [How `dc.sh` works](#how-dcsh-works)
 14 |   - [How to manually configure performance replication](#how-to-manually-configure-performance-replication)
 15 |     - [View the full compose template for a given cluster](#view-the-full-compose-template-for-a-given-cluster)
 16 |     - [Initialization of Vault](#initialization-of-vault)
 17 |     - [Unsealing](#unsealing)
 18 |   - [Troubleshooting](#troubleshooting)
 19 |   - [Useful commands](#useful-commands)
 20 |   - [Exposed ports: local -> container](#exposed-ports-local---container)
 21 |     - [Primary](#primary)
 22 |     - [Secondary (DR primary)](#secondary-dr-primary)
 23 |     - [DR Secondary](#dr-secondary)
 24 |     - [Proxy](#proxy)
 25 | - [TODO](#todo)
 26 | - [Done](#done)
 27 | # What
 28 | A way to create multiple Vault clusters and setup different types of Replication between them as close as possible to the "Vault reference architecture" https://learn.hashicorp.com/vault/operations/ops-reference-architecture
 29 | 
 30 | Using the 3 Region setup architecture:
 31 | 
 32 | ![3 regions](https://d33wubrfki0l68.cloudfront.net/f4320f807477cdda5df25f904eaf3d7c9cfd761d/e6047/static/img/vault-ra-full-replication_no_region.png)
 33 | 
 34 | Each `Region` is composed of a docker network and has a set of Vault and Consul clusters.
 35 | 
 36 | They can only communicate with each other using a `proxy` (sometimes incorrectly called Load Balancer) in this case `HAProxy`.
 37 | - Region 1 contains the `Primary` Vault cluster, configured following the [Deployment Guide](https://learn.hashicorp.com/vault/day-one/ops-deployment-guide)  
 38 | - Region 2 contains the `Secondary` Vault cluster, configured as [Performance Replication](https://learn.hashicorp.com/vault/operations/ops-replication)
 39 | - Region 3 will contain a `DR` Vault cluster configured as [Disaster Recovery](https://learn.hashicorp.com/vault/operations/ops-disaster-recovery)
 40 |   
 41 | All regions have a Consul cluster for storage and every Vault node has a `Consul Agent` in a different container.
 42 | 
 43 | # Why 
 44 | To be able to easily setup and test different configuration and features of a full fledge Vault and Consul cluster setup.
 45 | 
 46 | # How 
 47 | 
 48 | ## Requirements 
 49 | * Docker 
 50 | * Docker-compose:
 51 |   *  Scheduling of containers
 52 |   *  Overlaying of configuration to avoid duplication
 53 | * [Yapi-ci](https://github.com/bruj0/yapi)
 54 |   * Initialization
 55 |   * API management
 56 | * Access to Premium or Pro version of Vault
 57 | * `vault` and `jq` binaries installed in the $PATH
 58 |  
 59 |      
 60 | To talk to Vault we will use `Yapi-ci`, this is a yaml file where we define how the API call will look like.
 61 | 
 62 | The benefits over a bash script using `curl` is that we can manipulate the response and its very clear what the call does.
 63 | 
 64 | You can take a look at them under `yapi/vault`, for example:
 65 | ```yaml
 66 | ---
 67 | test_name: 01-Enable primary
 68 | stages:
 69 |   - name: 01-Enable primary
 70 |     request:
 71 |       url: "{env_vars.VAULT_ADDR}/v1/sys/replication/performance/primary/enable"
 72 |       method: POST
 73 |       headers:
 74 |         X-Vault-Token: "{env_vars.VAULT_TOKEN}"      
 75 |       json:
 76 |         primary_cluster_addr: "{env_vars.PRIMARY_HAPROXY_ADDR}"
 77 |     response:
 78 |       status_code: 200
 79 | ```
 80 | 
 81 | 
 82 | ## Networks or Regions
 83 | It uses 3 networks:
 84 | * vault_primary
 85 | * vault_secondary
 86 | * vault_dr
 87 |   
 88 | Each network hosts this configuration of servers (currently only 3 Consul nodes):
 89 | 
 90 | ![Single availability zone](https://d33wubrfki0l68.cloudfront.net/177ba67519ffb1c802f5cb699c0b70cb40533ab6/63838/static/img/vault-ra-1-az.png)
 91 | 
 92 | ## Communication between them
 93 | 
 94 | It uses an HAProxy instance in TCP mode by accessing the IP trough consul SRV DNS record but this can be changed to any type of service discovery supported by HAProxy.
 95 | 
 96 | ![proxy](https://d33wubrfki0l68.cloudfront.net/b2d787641bf2dda0a8a1abf691cd9723a9c0ed8c/7b419/static/img/vault-ref-arch-9.png)
 97 | 
 98 | 
 99 | ## Initial configuration
100 | 
101 | - Create the docker networks
102 | ```bash
103 | $ docker network create {vault_primary,vault_secondary,vault_dr}
104 | ```
105 | ## Install yapi
106 | 
107 | ```bash
108 | $ pip install -U yapi-ci
109 | $ yapi --version
110 | 0.1.6
111 | ```
112 | 
113 | ## Start the clusters
114 | ```bash
115 | $ CLUSTER=primary ./dc.sh up
116 | $ ./dc.sh proxy start
117 | $ CLUSTER=secondary ./dc.sh up
118 | ```
119 | 
120 | ## Start replication
121 | If you want to do it manually go [here](#how-to-manually-configure-performance-replication): 
122 | 
123 | ```bash
124 | $ CLUSTER=primary ./dc.sh enable_secondary
125 | ```
126 | ## Check that replication is up
127 | ```bash
128 | $ env CLUSTER=primary ./dc.sh cli vault read sys/replication/performance/status
129 | Key                     Value
130 | ---                     -----
131 | cluster_id              2cc7aad6-026a-9620-6f0d-1e8fa939a11e
132 | known_secondaries       [secondary]
133 | last_reindex_epoch      0
134 | last_wal                247
135 | merkle_root             d85e48c2ec44b1e6ba6671773ea26d836b64ed09
136 | mode                    primary
137 | primary_cluster_addr    https://172.25.0.2:8201
138 | state                   running
139 | 
140 | $ env CLUSTER=secondary ./dc.sh cli vault read sys/replication/performance/status
141 | Key                            Value
142 | ---                            -----
143 | cluster_id                     2cc7aad6-026a-9620-6f0d-1e8fa939a11e
144 | known_primary_cluster_addrs    [https://172.24.0.8:8201 https://172.24.0.9:8201 https://172.24.0.10:8201]
145 | last_reindex_epoch             1574351423
146 | last_remote_wal                0
147 | merkle_root                    d85e48c2ec44b1e6ba6671773ea26d836b64ed09
148 | mode                           secondary
149 | primary_cluster_addr           https://172.25.0.2:8201
150 | secondary_id                   secondary
151 | state                          stream-wals
152 | ```
153 | 
154 | ### Commands supported
155 | All the commands read the `CLUSTER` variable to determine where is the operation going to run on.
156 | 
157 | Example:
158 | ```bash
159 | $ env CLUSTER=primary ./dc.sh cli vars                                                                                        Exporting variables for primary
160 | export VAULT_ADDR="http://127.0.0.1:9201"
161 | export VAULT_DATA="./vault/api"
162 | export VAULT_TOKEN="s.YFfiUgyPCZAtJIQ55NtvVa2K"
163 | ```
164 | - `help` : This help
165 | - `config`: Will execute `docker-compose config` with the proper templates 
166 | - `up`: This will start the Vault and Consul cluster up for the specified type of cluster by doing a `docker-compose up -d`
167 | 
168 | - `down`: It will do a `docker-compose down` with the correct template
169 | 
170 | - `wipe`: Will wipe ALL the consul data files, make sure to do it after `down`
171 | 
172 | - `restart`
173 |   - vault
174 |   - consul
175 |   - proxy
176 | 
177 | - `cli`: This will set the variables `VAULT_TOKEN` from `vault/api/init.json` and `VAULT_ADDR` to the port of the first node of the selected cluster.
178 |   - `vars`: Prints variables for the given cluster 
179 |   - `vault <command>`
180 |   - `yapi <template file>[--debug]`
181 | 
182 | - `unseal`
183 |   - replication: if this argument is given the primary unseal key will be used instead
184 | 
185 | - `proxy`
186 |   - start
187 | 
188 | ## How `dc.sh` works
189 | *This is all automated with the `up` command and its here for documentation purposes.*
190 | 
191 | - Each cluster has its own directory:
192 |   * Primary -> /
193 |   * Secondary -> secondary
194 |   * DR -> dr
195 | - Each directory has this structure:
196 |   - `consul`
197 |     - `data`
198 | 
199 | This will contain the directories where each consul server will store its data:
200 | `consul01 consul02 consul03`.
201 | 
202 | Each of this directories are mount at `/consul/data` inside the respective container
203 | 
204 |   - `config` : This is mounted inside the containers as /consul/config
205 |   - `vault`
206 |     - `config`: Mounted at `/vault/config` 
207 |     - `api`: Where the response from the API is stored, ie unseal keys and root token
208 |     - `logs`: Where the audit logs will be stored.
209 | 
210 | ## How to manually configure performance replication
211 | 
212 | 1. Set the correct environmental variables, you can get them from the output of this command.
213 | ```bash
214 | $ env CLUSTER=primary ./dc.sh cli vars
215 | Exporting variables for primary
216 | export VAULT_ADDR="http://127.0.0.1:9201"
217 | export VAULT_DATA="./vault/api"
218 | export VAULT_TOKEN="s.YFfiUgyPCZAtJIQ55NtvVa2K"
219 | ```
220 | 2. Enable replication
221 |   
222 | `SECONDARY_HAPROXY_ADDR` is the IP of the network card in the `proxy` container that is connected to the network `vault_secondary`.
223 | 
224 | We need this IP so that the secondary cluster can contact the primary trough the proxy.
225 | 
226 | It will be configured as the `primary_cluster_addr` variable in Vault.
227 | 
228 | ```bash
229 | $ export SECONDARY_HAPROXY_ADDR=(docker network inspect vault_secondary | jq -r '.[] .Containers | with_entries(select(.value.Name=="haproxy"))| .[] .IPv4Address' | awk -F "/" '{print $1}')
230 | $ CLUSTER=primary ./dc.sh cli yapi yapi/vault/03-replication_enable_primary.yaml
231 | ```
232 | 3. Check that the replication was configured correctly:
233 | 
234 | ```json
235 | $ CLUSTER=primary ./dc.sh cli vault read sys/replication/status -format=json
236 | {
237 |   "request_id": "c2e75241-9d82-7d32-41dc-f68998d58610",
238 |   "lease_id": "",
239 |   "lease_duration": 0,
240 |   "renewable": false,
241 |   "data": {
242 |     "dr": {
243 |       "mode": "disabled"
244 |     },
245 |     "performance": {
246 |       "cluster_id": "2cc7aad6-026a-9620-6f0d-1e8fa939a11e",
247 |       "known_secondaries": [
248 |         "secondary"
249 |       ],
250 |       "last_reindex_epoch": "0",
251 |       "last_wal": 63,
252 |       "merkle_root": "ef70ddb8948f4dbbd90980f418195d30acddb0d2",
253 |       "mode": "primary",
254 |       "primary_cluster_addr": "https://172.25.0.2:8201",
255 |       "state": "running"
256 |     }
257 |   },
258 |   "warnings": null
259 | }
260 | ```
261 | 
262 | 4. Create secondary token
263 |   
264 | This will save the token to `vault/api/secondary-token.json` and create it with the `id=secondary`
265 | 
266 | ```bash
267 | $ CLUSTER=primary ./dc.sh cli yapi yapi/vault/04-replication_secondary_token.yaml
268 | ```
269 | 
270 | 5. Enable replication on the secondary cluster
271 | 
272 | We dont use `cli yapi` because we are mixing the Vault address of the secondary with the data of the primary.
273 | 
274 | ```bash
275 | $ export VAULT_TOKEN=$(cat secondary/vault/api/init.json | jq -r '.root_token')
276 | $ export VAULT_DATA="vault/api"
277 | $ export VAULT_ADDR="http://127.0.0.1:9301"
278 | $ yapi yapi/vault/05-replication_activate_secondary.yaml
279 | ```
280 | This will save the response to `vault/api/enable-secondary-resp.json`
281 | 
282 | 6. Check that the replication is working on the secondary
283 | 
284 | ```json
285 | $ env DEBUG=false CLUSTER=secondary ./dc.sh cli vault read sys/replication/status -format=json
286 | {
287 |   "request_id": "af4cd82c-9b57-0061-1fe1-09f06166bed7",
288 |   "lease_id": "",
289 |   "lease_duration": 0,
290 |   "renewable": false,
291 |   "data": {
292 |     "dr": {
293 |       "mode": "disabled"
294 |     },
295 |     "performance": {
296 |       "cluster_id": "2cc7aad6-026a-9620-6f0d-1e8fa939a11e",
297 |       "known_primary_cluster_addrs": [
298 |         "https://172.24.0.8:8201",
299 |         "https://172.24.0.9:8201",
300 |         "https://172.24.0.10:8201"
301 |       ],
302 |       "last_reindex_epoch": "1573144926",
303 |       "last_remote_wal": 0,
304 |       "merkle_root": "ef70ddb8948f4dbbd90980f418195d30acddb0d2",
305 |       "mode": "secondary",
306 |       "primary_cluster_addr": "https://172.25.0.2:8201",
307 |       "secondary_id": "secondary",
308 |       "state": "stream-wals"
309 |     }
310 |   },
311 |   "warnings": null
312 | }
313 | ```
314 | 
315 | ### View the full compose template for a given cluster
316 | ```bash
317 | $ export CLUSTER=primary|secondary|dr
318 | $ export VAULT_CLUSTER=${CLUSTER}
319 | $ export CONSUL_CLUSTER=${CLUSTER}
320 | $ export COMPOSE_PROJECT_NAME=${CLUSTER}
321 | $ docker-compose -f docker-compose.${CLUSTER}.yml -f docker-compose.yml up -d 
322 | ```
323 | 
324 | ### Initialization of Vault
325 | This will save the unseal keys and root token under the directory ```$CLUSTER_DIR}/vault/api```  as json files.
326 | 
327 | ```bash
328 | $ export VAULT_ADDR=http://127.0.0.1:XXXX
329 | $ export VAULT_data=$CLUSTER_DIR}/vault/api
330 | $ yapi yapi/vault/01-init.yaml
331 | ```
332 | 
333 | ### Unsealing
334 | ```bash
335 | $ export VAULT_ADDR=http://127.0.0.1:XXXX
336 | $ export VAULT_data=$CLUSTER_DIR}/vault/api
337 | $ yapi yapi/vault/02-unseal.yaml
338 | ```
339 | ## Troubleshooting
340 | 
341 | - Make sure the consul cluster is up and running:
342 | ```bash
343 | $ CONSUL_HTTP_ADDR=http://127.0.0.1:8500 consul members
344 | $ CONSUL_HTTP_ADDR=http://127.0.0.1:8500 consul operator raft list-peers
345 | $ docker logs -f primary_consul_server_bootstrap_1
346 | ```
347 | - Check `haproxy` logs
348 | ```bash
349 | $ docker logs -f haproxy
350 | ```
351 | 
352 | ## Useful commands
353 | 
354 | * How to use set the correct VAULT_TOKEN
355 | 
356 | ```bash
357 | $ export VAULT_TOKEN=(cat $CLUSTER_DIR}/vault/api/init.json | jq -r '.root_token')
358 | ```
359 | 
360 | * How to get the network IP of a container
361 | 
362 | ```bash
363 | $ docker network inspect vault_${CLUSTER} | jq -r '.[] .Containers | with_entries(select(.value.Name=="CONTAINER_NAME"))| .[] .IPv4Address' | awk -F "/" '{print $1}'
364 | ```
365 | 
366 | 
367 | ## Exposed ports: local -> container
368 | ### Primary
369 | - 8500 -> 8500 (Consul bootstrap server UI)
370 | - 9201 -> 8200 (Vault01 API and UI)
371 | - 9202 -> 8200 (Vault02 API and UI)
372 | - 9203 -> 8200 (Vault03 API and UI)
373 | - 9204 -> 9090 (Prometheus)
374 | - 9205 -> 3000 (Grafana)
375 | ### Secondary (DR primary)
376 | - 8502 -> 8500 (Consul bootstrap server UI)
377 | - 9301 -> 8200 (Vault01 API and UI)
378 | - 9302 -> 8200 (Vault02 API and UI)
379 | - 9303 -> 8200 (Vault03 API and UI)
380 | ### DR Secondary
381 | - 8503 -> 8500 (Consul bootstrap server UI)
382 | - 9401 -> 8200 (Vault01 API and UI)
383 | - 9402 -> 8200 (Vault01 API and UI)
384 | - 9403 -> 8200 (Vault01 API and UI)
385 | ### Proxy
386 | - 8801 -> 8200 ( Primary cluster, Active Vault node API )
387 | - 8901 -> 8200 ( DR Primary, Secondary cluster, Active Vault node API)
388 | - 8819 -> 1936 (HAProxy stats)
389 | 
390 | # TODO
391 | - [ ] Docker image build documentation
392 | - [ ] Configure Monitoring
393 | - [ ] Generate PKI certificates and use them
394 | - [ ] HSM auto unsealing
395 | 
396 | # Done
397 | - [X] Add Vault container for PKI
398 | - [X] Configure DR cluster
399 | - [x] Initialization and Unsealing with `yapi`
400 | - [X] Configure primary as Performance replication
401 | - [X] Create replacement for Tavern
402 | - [X] Better startup handling
403 | 


--------------------------------------------------------------------------------
/consul/config/server.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "datacenter": "vault-primary",
 3 |     "data_dir": "/consul/data",
 4 |     "encrypt": "PuuF+Ue09aZ8b37UxgUkLw6eplprsNQXyWnLd2Q1znY=",
 5 |     "log_level": "DEBUG",
 6 |     "enable_syslog": false,
 7 |     "enable_debug": true,
 8 |     "leave_on_terminate": false,
 9 |     "skip_leave_on_interrupt": true,
10 |     "rejoin_after_leave": true,
11 |     "acl" : {
12 |         "enabled": true,
13 |         "default_policy":  "allow",
14 |         "down_policy":   "allow"
15 |     },
16 |     "acl_master_token": "49792521-8362-f878-5a32-7405f1783838"
17 | }


--------------------------------------------------------------------------------
/dc.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash -e
  2 | # To enable debug: export DEBUG=true
  3 | 
  4 | #Functions
  5 | function vault_unseal {
  6 |     echo "Unsealing it"
  7 |     eval var=( \${VAULT_${VAULT_CLUSTER}_PORTS[@]} ) ;
  8 |     if [[ "$1" == "secondary" ]]; then
  9 |         export VAULT_DATA="vault/api"
 10 |     fi
 11 |     for port in "${var[@]}"; do
 12 |         VAULT_ADDR="http://127.0.0.1:${port}" yapi yapi/vault/02-unseal.yaml
 13 |     done
 14 | }
 15 | # Enable debug if the env variable DEBUG is set to true
 16 | if [[ "$DEBUG" == "true" ]];then
 17 |     set -x
 18 | fi
 19 | 
 20 | case $1 in
 21 |     "proxy")
 22 |     ;;
 23 |     "wipe")
 24 |     ;;
 25 |     *)
 26 |         # Initial checking
 27 |         if [[ -z "${CLUSTER}" ]]; then
 28 |             echo "Error: CLUSTER is not set"
 29 |             exit 0
 30 |         fi
 31 |     ;;
 32 | esac
 33 | 
 34 | #External variables used by other scripts
 35 | export VAULT_CLUSTER=${CLUSTER}
 36 | export CONSUL_CLUSTER=${CLUSTER}
 37 | export COMPOSE_PROJECT_NAME=${CLUSTER}
 38 | 
 39 | #Internal variables
 40 | typeset -a VAULT_primary_PORTS=("9201" "9202" "9203")
 41 | typeset -a VAULT_secondary_PORTS=("9301" "9302" "9303")
 42 | typeset -a VAULT_dr_PORTS=("9401" "9402" "9403")
 43 | ROOT=$(pwd)
 44 | SLEEP_TIME=1
 45 | CLUSTER_DIR=${CLUSTER}
 46 | 
 47 | case $CLUSTER in
 48 |     "primary")
 49 |         CLUSTER_DIR="."
 50 |         export VAULT_ADDR=http://127.0.0.1:9201
 51 |     ;;
 52 |     "secondary")
 53 |         export VAULT_ADDR=http://127.0.0.1:9301
 54 |     ;;
 55 |     "dr")
 56 |         export VAULT_ADDR=http://127.0.0.1:9401
 57 |     ;;
 58 | esac
 59 | 
 60 | export VAULT_DATA="${CLUSTER_DIR}/vault/api"
 61 | COMPOSE_CMD="docker-compose -f ${CLUSTER_DIR}/docker-compose.${CLUSTER}.yml -f docker-compose.yml"
 62 | bold=$(tput bold)
 63 | normal=$(tput sgr0)
 64 | 
 65 | 
 66 | #Main logic
 67 | #wipe command
 68 | #deletes consul data directories
 69 | case "$1" in
 70 |     "help")
 71 |         echo "${bold}Usage: dc.sh <command> <subcommand>${normal}"
 72 |         echo ""
 73 |         echo "${bold}config${normal}: Will execute docker-compose config with the proper templates "
 74 |         echo "${bold}up${normal}: This will start the Vault and Consul cluster up for the specified type of cluster by doing a docker-compose up -d"
 75 |         echo "${bold}down${normal}: It will do a docker-compose down with the correct template"
 76 |         echo "${bold}wipe${normal}: Will wipe ALL the consul data files, make sure to do it after down"
 77 |         echo "${bold}restart${normal}: Restart the service"
 78 |         echo "   Subcommands: vault | consul | proxy"
 79 |         echo "${bold}cli${normal}: This will set the variables VAULT_TOKEN from vault/api/init.json and VAULT_ADDR to the port of the first node of the selected cluster."
 80 |         echo "       Subcommands: vars Prints variables for the given cluster "
 81 |         echo "${bold}vault${normal} <command>"
 82 |         echo "${bold}yapi${normal} <template file>[--debug]"
 83 |         echo "${bold}unseal${normal}"
 84 |         echo "   Subcommands:  replication if this argument is given the primary unseal key will be used instead"
 85 |     ;;
 86 |     "config")
 87 |         ${COMPOSE_CMD} config
 88 |     ;;
 89 |     "wipe")
 90 |         echo "Wiping consul data.."
 91 |         rm -r consul/data/
 92 |         rm -r secondary/consul/data/
 93 |         rm -r dr/consul/data/
 94 |     ;;
 95 |     "up")
 96 | #up command
 97 | #also initializes if there is no init.json under yapi/vault/$CLUSTER
 98 |         echo "Starting up $CLUSTER"
 99 |         if [ "$1" == "recreate" ]; then
100 |             RECREATE="--force-recreate"
101 |             echo "* Forcing recreate"
102 |         fi
103 |         echo "Starting consul server bootstrap"
104 |         ${COMPOSE_CMD} up -d consul_server_bootstrap ${RECREATE}
105 |         echo "Waiting for startup"
106 |         sleep ${SLEEP_TIME}
107 | 
108 |         echo "Starting consul server 1"
109 |         ${COMPOSE_CMD} up -d consul_server_1 ${RECREATE}
110 |         echo "Waiting for startup"
111 |         sleep ${SLEEP_TIME}
112 | 
113 |         echo "Starting consul server 2"
114 |         ${COMPOSE_CMD} up -d consul_server_2 ${RECREATE}
115 |         echo "Waiting for startup"
116 |         sleep ${SLEEP_TIME}
117 | 
118 |         echo "Starting consul agent 1"
119 |         ${COMPOSE_CMD} up -d consul_agent_1 ${RECREATE}
120 |         echo "Waiting for startup"
121 |         sleep ${SLEEP_TIME}
122 | 
123 |         echo "Starting consul agent 2"
124 |         ${COMPOSE_CMD} up -d consul_agent_2 ${RECREATE}
125 |         echo "Waiting for startup"
126 |         sleep ${SLEEP_TIME}
127 | 
128 |         echo "Starting consul agent 3"
129 |         ${COMPOSE_CMD} up -d consul_agent_3 ${RECREATE}
130 |         echo "Waiting for startup"
131 |         sleep ${SLEEP_TIME}
132 | 
133 |         echo "Starting consul agent 3"
134 |         ${COMPOSE_CMD} up -d consul_agent_3 ${RECREATE}
135 |         echo "Waiting for startup"
136 |         sleep ${SLEEP_TIME}
137 | 
138 |         echo "Starting consul agent 3"
139 |         ${COMPOSE_CMD} up -d pki ${RECREATE}
140 |         echo "Waiting for startup"
141 |         sleep ${SLEEP_TIME}
142 | 
143 |         echo "TODO: PKI provisioning"
144 |         #exit 1
145 | 
146 |         SLEEP_TIME=$(( $SLEEP_TIME + ( $SLEEP_TIME * 2) ))
147 |         echo "Starting Vault server 1"
148 |         ${COMPOSE_CMD} up -d vault01 ${RECREATE}
149 |         echo "Waiting for startup"
150 |         sleep ${SLEEP_TIME}
151 | 
152 |         echo "Starting Vault server 2"
153 |         ${COMPOSE_CMD} up -d vault02 ${RECREATE}
154 |         echo "Waiting for startup"
155 |         sleep ${SLEEP_TIME}
156 | 
157 |         echo "Starting Vault server 3"
158 |         ${COMPOSE_CMD} up -d vault03 ${RECREATE}
159 |         echo "Waiting for startup"
160 |         sleep ${SLEEP_TIME}
161 | 
162 |         echo "Starting Prometheus"
163 |         ${COMPOSE_CMD} up -d prometheus ${RECREATE}
164 |         echo "Waiting for startup"
165 |         sleep ${SLEEP_TIME}
166 | 
167 |         echo "Starting Grafana"
168 |         ${COMPOSE_CMD} up -d grafana ${RECREATE}
169 |         echo "Waiting for startup"
170 |         sleep ${SLEEP_TIME}        
171 | 
172 |         # Initializaing and Unsealing
173 |         if [ ! -f "$VAULT_DATA/init.json" ]; then
174 |             echo "Initializing Vault cluster ${CLUSTER} at ${VAULT_ADDR}, files stored in ${VAULT_DATA}"
175 |             yapi yapi/vault/01-init.yaml 
176 |         fi
177 | 
178 |         vault_unseal
179 |     ;;
180 | 
181 |     "enable_secondary")
182 |         export VAULT_TOKEN=$(cat ${VAULT_DATA}/init.json | jq -r '.root_token')
183 |         export SECONDARY_HAPROXY_ADDR=$(docker network inspect vault_secondary | jq -r '.[] .Containers | with_entries(select(.value.Name=="haproxy"))| .[] .IPv4Address' | awk -F "/" '{print $1}')
184 | 
185 |         echo "Enabling replication in primary"
186 |         yapi yapi/vault/03-replication_enable_primary.yaml 
187 | 
188 |         echo "Creating secondary JWT token id=secondary"
189 |         yapi yapi/vault/04-replication_secondary_token.yaml 
190 |         
191 |         echo "Enabling secondary replication to primary"
192 |         VAULT_TOKEN_SEC=$(cat secondary/${VAULT_DATA}/init.json | jq -r '.root_token')
193 |         VAULT_ADDR=http://127.0.0.1:9301 VAULT_TOKEN=${VAULT_TOKEN_SEC} \
194 |         yapi yapi/vault/05-replication_activate_secondary.yaml 
195 | 
196 |         echo "Creating a root token for secondary with the new unseal keys"
197 |         VAULT_ADDR=http://127.0.0.1:9301 VAULT_DATA_KEYS="vault/api" \
198 |         yapi yapi/vault/06-replication_generate_root_secondary.yaml 
199 |     
200 |     ;;
201 |     "down")
202 | #down command
203 | #also initializes if there is no init.json under yapi/vault/$CLUSTER
204 |         ${COMPOSE_CMD} down
205 |     ;;
206 | 
207 |     "proxy")
208 | # proxy command
209 |         if [[ $2 == "start" ]]; then
210 |             pwd=$(pwd)
211 |             cd proxy
212 |             docker-compose up -d
213 |         fi
214 |     ;;
215 |     "restart")
216 | # Restart command
217 | # if service start with vault then run vaul_seal func.
218 |         case "$2" in
219 |             "vault")
220 |                 ${COMPOSE_CMD} restart vault01 vault02 vault03
221 |                 #pwd=$(pwd)
222 |                 #cd ${ROOT}/yapi/vault
223 |                 vault_unseal
224 |                 #cd ${pwd}
225 |             ;;
226 |             "proxy")
227 |                 cd proxy
228 |                 docker-compose restart
229 |             ;;
230 |             *)
231 |                 ${COMPOSE_CMD} restart $2
232 |             ;;
233 |         esac
234 |     ;;
235 |     "unseal")
236 | # unseal command
237 | # if replication is given as a parameter the primary unsealing key will be used
238 |         if [[ $2 == "replication" ]]; then
239 |             vault_unseal primary
240 |         else
241 |             vault_unseal
242 |         fi
243 |     ;;
244 |     "cli")
245 | # Cli command
246 | # $2 vault or consul or show
247 | # $3 command
248 |         export VAULT_TOKEN=$(cat ${VAULT_DATA}/init.json | jq -r '.root_token')
249 |         case "$2" in
250 |             "vault")
251 |                 vault ${@:3}
252 |                 ;;
253 |             "yapi")
254 |                  yapi ${@:3}
255 |                 ;;
256 |             "vars")
257 |                 set +x
258 |                 echo "Exporting variables for ${CLUSTER}"
259 |                 echo "export VAULT_ADDR=\"${VAULT_ADDR}\""
260 |                 echo "export VAULT_DATA=\"${VAULT_DATA}\""
261 |                 echo "export VAULT_TOKEN=\"${VAULT_TOKEN}\""
262 |                 ;;
263 |             *)
264 |             echo "Cli not implemented: $2"
265 |             exit 1   
266 |             esac
267 |     ;;
268 |     *)
269 |     echo "Unknown command: $1"
270 |     cd ${ROOT}
271 |     exit 1
272 | esac
273 | 
274 | cd ${ROOT}
275 | 
276 | 


--------------------------------------------------------------------------------
/dlogs.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | docker logs -f $@
3 | 


--------------------------------------------------------------------------------
/docker-compose.primary.yml:
--------------------------------------------------------------------------------
 1 | version: '3'
 2 | networks:
 3 |   vault_primary:
 4 |     external: true
 5 | 
 6 | services:
 7 |   consul_agent_1: &consul_agent
 8 |     networks:
 9 |       - vault_primary
10 |   
11 |   consul_agent_2:
12 |     networks:
13 |       - vault_primary
14 | 
15 |   consul_agent_3:
16 |     networks:
17 |       - vault_primary
18 |       
19 |   consul_server_1: &consul_server
20 |     networks:
21 |       - vault_primary
22 | 
23 |   consul_server_2:
24 |     networks:
25 |       - vault_primary
26 | 
27 |   consul_server_bootstrap:
28 |     networks:
29 |       - vault_primary
30 |     ports:
31 |       - "8400:8400"
32 |       - "8500:8500"
33 |       - "8600:8600"
34 |       - "8600:8600/udp"
35 | 
36 | ## VAULT cluster configuration
37 |   vault01: &vault_server
38 |     networks:
39 |       - vault_primary    
40 |     ports:
41 |       - 9201:8200
42 |   
43 |   vault02: 
44 |     networks:
45 |       - vault_primary  
46 |     ports:
47 |       - 9202:8200
48 |       
49 |   vault03:
50 |     networks:
51 |       - vault_primary  
52 |     ports:
53 |       - 9203:8200
54 | 
55 | # Prometheus stack configuration
56 |   prometheus: &prometheus
57 |     ports:
58 |       - 9204:9090
59 |     networks:
60 |       - vault_primary
61 | 
62 |   grafana: &grafana
63 |     ports:
64 |       - 9205:3000
65 |     networks:
66 |       - vault_primary


--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
  1 | version: '3'
  2 | volumes:
  3 |   prometheus_data: {}
  4 |   grafana_data: {}
  5 |   
  6 | services:
  7 |   consul_agent_1: &consul_agent
  8 |     image: consul:1.6.1
  9 |     command: "agent -retry-join ${CONSUL_CLUSTER}_consul_server_bootstrap_1 -client 0.0.0.0"
 10 |     volumes:
 11 |         - ./consul/config:/consul/config
 12 |         
 13 |   consul_agent_2:
 14 |     <<: *consul_agent
 15 | 
 16 |   consul_agent_3:
 17 |     <<: *consul_agent
 18 | 
 19 |   consul_server_1: &consul_server
 20 |     <<: *consul_agent
 21 |     command: "agent -server -retry-join ${CONSUL_CLUSTER}_consul_server_bootstrap_1 -client 0.0.0.0"
 22 |     volumes:
 23 |         - ./consul/config:/consul/config
 24 |         - ./consul/data/consul01:/consul/data
 25 | 
 26 |   consul_server_2:
 27 |     <<: *consul_server
 28 |     volumes:
 29 |         - ./consul/config:/consul/config
 30 |         - ./consul/data/consul02:/consul/data
 31 | 
 32 |   consul_server_bootstrap:
 33 |     <<: *consul_agent
 34 |     image: consul:1.6.1
 35 |     command: "agent -server -bootstrap-expect 3 -ui -client 0.0.0.0"
 36 |     volumes:
 37 |         - ./consul/config:/consul/config
 38 |         - ./consul/data/consul03:/consul/data
 39 | 
 40 | ## VAULT cluster configuration
 41 |   pki: &pki
 42 |     image: vault-prem:1.2.3
 43 |     volumes:
 44 |       - ./pki/ca:/vault/ca
 45 |       - ./pki/config:/vault/config
 46 |       - ./pki/logs/:/vault/logs
 47 |     environment:
 48 |       - VAULT_REDIRECT_INTERFACE=eth0
 49 |       - VAULT_LOG_LEVEL=debug
 50 |     command: vault server -config=/vault/config/vault-pki.hcl
 51 |     cap_add:
 52 |       - IPC_LOCK
 53 |     depends_on:
 54 |       - consul_agent_1
 55 |   vault01: &vault_server
 56 |     image: vault-prem:1.2.3
 57 |     volumes:
 58 |       - ./vault/config:/vault/config
 59 |       - ./vault/logs/vault01:/vault/logs
 60 |     environment:
 61 |       #- VAULT_CLUSTER_INTERFACE=eth0
 62 |       - VAULT_REDIRECT_INTERFACE=eth0
 63 |       #- VAULT_API_ADDR=http://vault01:8200
 64 |       - VAULT_LOG_LEVEL=debug
 65 |     command: vault server -config=/vault/config/vault01.hcl
 66 |     cap_add:
 67 |       - IPC_LOCK
 68 |     depends_on:
 69 |       - consul_agent_1
 70 |   
 71 |   vault02:
 72 |     <<: *vault_server
 73 |     volumes:
 74 |       - ./vault/config:/vault/config/
 75 |       - ./vault/logs/vault02:/vault/logs
 76 |     depends_on:
 77 |       - consul_agent_2
 78 |     command: vault server -config=/vault/config/vault02.hcl
 79 |       
 80 |   vault03:
 81 |     <<: *vault_server
 82 |     volumes:
 83 |       - ./vault/config:/vault/config
 84 |       - ./vault/logs/vault02:/vault/logs
 85 |     depends_on:
 86 |       - consul_agent_3   
 87 |     command: vault server -config=/vault/config/vault03.hcl 
 88 | ## Prometheus Stack
 89 | ## Based on https://github.com/vegasbrianc/prometheus
 90 |   prometheus: &prometheus
 91 |     image: prom/prometheus:v2.14.0
 92 |     volumes:
 93 |       - ./prometheus/:/etc/prometheus/
 94 |       - prometheus_data:/prometheus
 95 |     command:
 96 |       - '--config.file=/etc/prometheus/prometheus.yml'
 97 |       - '--storage.tsdb.path=/prometheus'
 98 |       - '--log.level=debug'
 99 |     # ports:
100 |     #   - 9090:9090
101 |     restart: always
102 |   
103 |   # cadvisor: &cadvisor
104 |   #   image: gcr.io/google-containers/cadvisor:v0.34.0
105 |   #   volumes:
106 |   #     - /:/rootfs:ro
107 |   #     - /var/run:/var/run:rw
108 |   #     - /sys:/sys:ro
109 |   #     - /var/lib/docker/:/var/lib/docker:ro
110 |   #     - /dev/disk/:/dev/disk:ro
111 |   #   # ports:
112 |   #   #   - 8080:8080
113 |   #   restart: always
114 | 
115 |   grafana: &grafana
116 |     image: grafana/grafana:6.5.2
117 |     user: "104"
118 |     depends_on:
119 |        - prometheus
120 |     # ports:
121 |     #   - 3000:3000
122 |     volumes:
123 |       - grafana_data:/var/lib/grafana
124 |       - ./grafana/provisioning/:/etc/grafana/provisioning/
125 |     env_file:
126 |       - ./grafana/config.monitoring
127 |     restart: always


--------------------------------------------------------------------------------
/dr/consul/config/server.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "datacenter": "vault-dr",
 3 |     "data_dir": "/consul/data",
 4 |     "encrypt": "N2VHEv3OFEU+jx10efNTkOqDUuEj6/14hNLYvcZaGgk=",
 5 |     "log_level": "DEBUG",
 6 |     "enable_syslog": false,
 7 |     "enable_debug": true,
 8 |     "leave_on_terminate": false,
 9 |     "skip_leave_on_interrupt": true,
10 |     "rejoin_after_leave": true,
11 |     "acl" : {
12 |         "enabled": true,
13 |         "default_policy":  "allow",
14 |         "down_policy":   "allow"
15 |     },
16 |     "acl_master_token": "50792521-8362-f878-5a32-7405f1783899"
17 | }


--------------------------------------------------------------------------------
/dr/docker-compose.dr.yml:
--------------------------------------------------------------------------------
 1 | version: '3'
 2 | networks:
 3 |   vault_dr:
 4 |     external: true
 5 | 
 6 | services:
 7 |   consul_agent_1: &consul-agent
 8 |     networks:
 9 |       - vault_dr
10 |   
11 |   consul_agent_2:
12 |     networks:
13 |       - vault_dr
14 | 
15 |   consul_agent_3:
16 |     networks:
17 |       - vault_dr
18 | 
19 |   consul_server_1: &consul_server
20 |     networks:
21 |       - vault_dr
22 | 
23 |   consul_server_2:
24 |     networks:
25 |       - vault_dr
26 | 
27 |   consul_server_bootstrap:
28 |     networks:
29 |       - vault_dr
30 |     ports:
31 |       - "8403:8400"
32 |       - "8503:8500"
33 |       - "8603:8600"
34 |       - "8603:8600/udp"
35 | 
36 | ## VAULT cluster configuration
37 |   vault01: &vault-server
38 |     networks:
39 |       - vault_dr    
40 |     ports:
41 |       - 9401:8200
42 |   
43 |   vault02: 
44 |     networks:
45 |       - vault_dr  
46 |     ports:
47 |       - 9402:8200
48 |       
49 |   vault03:
50 |     networks:
51 |       - vault_dr  
52 |     ports:
53 |       - 9403:8200
54 | 


--------------------------------------------------------------------------------
/dr/grafana/config.monitoring:
--------------------------------------------------------------------------------
1 | GF_SECURITY_ADMIN_PASSWORD=foobar
2 | GF_USERS_ALLOW_SIGN_UP=false
3 | 


--------------------------------------------------------------------------------
/dr/grafana/provisioning/dashboards/Docker Prometheus Monitoring-1571332751387.json:
--------------------------------------------------------------------------------
   1 | {
   2 |   "annotations": {
   3 |     "list": [
   4 |       {
   5 |         "builtIn": 1,
   6 |         "datasource": "-- Grafana --",
   7 |         "enable": true,
   8 |         "hide": true,
   9 |         "iconColor": "rgba(0, 211, 255, 1)",
  10 |         "name": "Annotations & Alerts",
  11 |         "type": "dashboard"
  12 |       }
  13 |     ]
  14 |   },
  15 |   "description": "Docker Monitoring Template",
  16 |   "editable": true,
  17 |   "gnetId": 179,
  18 |   "graphTooltip": 1,
  19 |   "id": 1,
  20 |   "iteration": 1571330223815,
  21 |   "links": [],
  22 |   "panels": [
  23 |     {
  24 |       "collapsed": false,
  25 |       "datasource": null,
  26 |       "gridPos": {
  27 |         "h": 1,
  28 |         "w": 24,
  29 |         "x": 0,
  30 |         "y": 0
  31 |       },
  32 |       "id": 17,
  33 |       "panels": [],
  34 |       "title": "Host Info",
  35 |       "type": "row"
  36 |     },
  37 |     {
  38 |       "cacheTimeout": null,
  39 |       "colorBackground": false,
  40 |       "colorValue": false,
  41 |       "colors": [
  42 |         "#299c46",
  43 |         "rgba(237, 129, 40, 0.89)",
  44 |         "#d44a3a"
  45 |       ],
  46 |       "datasource": "Prometheus",
  47 |       "decimals": null,
  48 |       "format": "s",
  49 |       "gauge": {
  50 |         "maxValue": 100,
  51 |         "minValue": 0,
  52 |         "show": false,
  53 |         "thresholdLabels": false,
  54 |         "thresholdMarkers": true
  55 |       },
  56 |       "gridPos": {
  57 |         "h": 7,
  58 |         "w": 3,
  59 |         "x": 0,
  60 |         "y": 1
  61 |       },
  62 |       "id": 15,
  63 |       "interval": null,
  64 |       "links": [],
  65 |       "mappingType": 1,
  66 |       "mappingTypes": [
  67 |         {
  68 |           "name": "value to text",
  69 |           "value": 1
  70 |         },
  71 |         {
  72 |           "name": "range to text",
  73 |           "value": 2
  74 |         }
  75 |       ],
  76 |       "maxDataPoints": 100,
  77 |       "nullPointMode": "connected",
  78 |       "nullText": null,
  79 |       "options": {},
  80 |       "postfix": "",
  81 |       "postfixFontSize": "50%",
  82 |       "prefix": "",
  83 |       "prefixFontSize": "50%",
  84 |       "rangeMaps": [
  85 |         {
  86 |           "from": "null",
  87 |           "text": "N/A",
  88 |           "to": "null"
  89 |         }
  90 |       ],
  91 |       "sparkline": {
  92 |         "fillColor": "rgba(31, 118, 189, 0.18)",
  93 |         "full": false,
  94 |         "lineColor": "rgb(31, 120, 193)",
  95 |         "show": false
  96 |       },
  97 |       "tableColumn": "",
  98 |       "targets": [
  99 |         {
 100 |           "expr": "time() - process_start_time_seconds{job=\"prometheus\"}",
 101 |           "format": "time_series",
 102 |           "intervalFactor": 1,
 103 |           "refId": "A"
 104 |         }
 105 |       ],
 106 |       "thresholds": "",
 107 |       "title": "Uptime",
 108 |       "type": "singlestat",
 109 |       "valueFontSize": "80%",
 110 |       "valueMaps": [
 111 |         {
 112 |           "op": "=",
 113 |           "text": "N/A",
 114 |           "value": "null"
 115 |         }
 116 |       ],
 117 |       "valueName": "current"
 118 |     },
 119 |     {
 120 |       "cacheTimeout": null,
 121 |       "colorBackground": false,
 122 |       "colorValue": false,
 123 |       "colors": [
 124 |         "#299c46",
 125 |         "rgba(237, 129, 40, 0.89)",
 126 |         "#d44a3a"
 127 |       ],
 128 |       "datasource": "Prometheus",
 129 |       "format": "short",
 130 |       "gauge": {
 131 |         "maxValue": 100,
 132 |         "minValue": 0,
 133 |         "show": false,
 134 |         "thresholdLabels": false,
 135 |         "thresholdMarkers": true
 136 |       },
 137 |       "gridPos": {
 138 |         "h": 4,
 139 |         "w": 3,
 140 |         "x": 3,
 141 |         "y": 1
 142 |       },
 143 |       "id": 35,
 144 |       "interval": null,
 145 |       "links": [],
 146 |       "mappingType": 1,
 147 |       "mappingTypes": [
 148 |         {
 149 |           "name": "value to text",
 150 |           "value": 1
 151 |         },
 152 |         {
 153 |           "name": "range to text",
 154 |           "value": 2
 155 |         }
 156 |       ],
 157 |       "maxDataPoints": 100,
 158 |       "nullPointMode": "connected",
 159 |       "nullText": null,
 160 |       "options": {},
 161 |       "postfix": "",
 162 |       "postfixFontSize": "50%",
 163 |       "prefix": "",
 164 |       "prefixFontSize": "50%",
 165 |       "rangeMaps": [
 166 |         {
 167 |           "from": "null",
 168 |           "text": "N/A",
 169 |           "to": "null"
 170 |         }
 171 |       ],
 172 |       "sparkline": {
 173 |         "fillColor": "rgba(31, 118, 189, 0.18)",
 174 |         "full": false,
 175 |         "lineColor": "rgb(31, 120, 193)",
 176 |         "show": false,
 177 |         "ymax": null,
 178 |         "ymin": null
 179 |       },
 180 |       "tableColumn": "",
 181 |       "targets": [
 182 |         {
 183 |           "expr": "count(count(node_cpu_seconds_total{instance=~\"$node\", mode='system'}) by (cpu))",
 184 |           "instant": true,
 185 |           "refId": "A"
 186 |         }
 187 |       ],
 188 |       "thresholds": "",
 189 |       "timeFrom": null,
 190 |       "timeShift": null,
 191 |       "title": "CPU Cores",
 192 |       "type": "singlestat",
 193 |       "valueFontSize": "80%",
 194 |       "valueMaps": [
 195 |         {
 196 |           "op": "=",
 197 |           "text": "N/A",
 198 |           "value": "null"
 199 |         }
 200 |       ],
 201 |       "valueName": "current"
 202 |     },
 203 |     {
 204 |       "cacheTimeout": null,
 205 |       "colorBackground": true,
 206 |       "colorValue": false,
 207 |       "colors": [
 208 |         "#299c46",
 209 |         "rgba(237, 129, 40, 0.89)",
 210 |         "#d44a3a"
 211 |       ],
 212 |       "datasource": "Prometheus",
 213 |       "format": "none",
 214 |       "gauge": {
 215 |         "maxValue": 100,
 216 |         "minValue": 0,
 217 |         "show": false,
 218 |         "thresholdLabels": false,
 219 |         "thresholdMarkers": true
 220 |       },
 221 |       "gridPos": {
 222 |         "h": 7,
 223 |         "w": 5,
 224 |         "x": 6,
 225 |         "y": 1
 226 |       },
 227 |       "id": 13,
 228 |       "interval": null,
 229 |       "links": [],
 230 |       "mappingType": 1,
 231 |       "mappingTypes": [
 232 |         {
 233 |           "name": "value to text",
 234 |           "value": 1
 235 |         },
 236 |         {
 237 |           "name": "range to text",
 238 |           "value": 2
 239 |         }
 240 |       ],
 241 |       "maxDataPoints": 100,
 242 |       "nullPointMode": "connected",
 243 |       "nullText": null,
 244 |       "options": {},
 245 |       "postfix": "",
 246 |       "postfixFontSize": "50%",
 247 |       "prefix": "",
 248 |       "prefixFontSize": "50%",
 249 |       "rangeMaps": [
 250 |         {
 251 |           "from": "null",
 252 |           "text": "N/A",
 253 |           "to": "null"
 254 |         }
 255 |       ],
 256 |       "sparkline": {
 257 |         "fillColor": "rgba(31, 118, 189, 0.18)",
 258 |         "full": false,
 259 |         "lineColor": "rgb(31, 120, 193)",
 260 |         "show": false
 261 |       },
 262 |       "tableColumn": "",
 263 |       "targets": [
 264 |         {
 265 |           "expr": "sum(ALERTS)",
 266 |           "format": "time_series",
 267 |           "intervalFactor": 1,
 268 |           "refId": "A"
 269 |         }
 270 |       ],
 271 |       "thresholds": "0,1",
 272 |       "title": "Alerts",
 273 |       "type": "singlestat",
 274 |       "valueFontSize": "80%",
 275 |       "valueMaps": [
 276 |         {
 277 |           "op": "=",
 278 |           "text": "N/A",
 279 |           "value": "0"
 280 |         }
 281 |       ],
 282 |       "valueName": "avg"
 283 |     },
 284 |     {
 285 |       "cacheTimeout": null,
 286 |       "colorBackground": true,
 287 |       "colorValue": false,
 288 |       "colors": [
 289 |         "#d44a3a",
 290 |         "rgba(237, 129, 40, 0.89)",
 291 |         "#299c46"
 292 |       ],
 293 |       "datasource": "Prometheus",
 294 |       "format": "none",
 295 |       "gauge": {
 296 |         "maxValue": 100,
 297 |         "minValue": 0,
 298 |         "show": false,
 299 |         "thresholdLabels": false,
 300 |         "thresholdMarkers": true
 301 |       },
 302 |       "gridPos": {
 303 |         "h": 7,
 304 |         "w": 4,
 305 |         "x": 11,
 306 |         "y": 1
 307 |       },
 308 |       "id": 11,
 309 |       "interval": null,
 310 |       "links": [],
 311 |       "mappingType": 1,
 312 |       "mappingTypes": [
 313 |         {
 314 |           "name": "value to text",
 315 |           "value": 1
 316 |         },
 317 |         {
 318 |           "name": "range to text",
 319 |           "value": 2
 320 |         }
 321 |       ],
 322 |       "maxDataPoints": 100,
 323 |       "nullPointMode": "connected",
 324 |       "nullText": null,
 325 |       "options": {},
 326 |       "postfix": "",
 327 |       "postfixFontSize": "50%",
 328 |       "prefix": "",
 329 |       "prefixFontSize": "50%",
 330 |       "rangeMaps": [
 331 |         {
 332 |           "from": "null",
 333 |           "text": "N/A",
 334 |           "to": "null"
 335 |         }
 336 |       ],
 337 |       "sparkline": {
 338 |         "fillColor": "rgba(31, 118, 189, 0.18)",
 339 |         "full": false,
 340 |         "lineColor": "rgb(31, 120, 193)",
 341 |         "show": false
 342 |       },
 343 |       "tableColumn": "",
 344 |       "targets": [
 345 |         {
 346 |           "expr": "sum(up)",
 347 |           "format": "time_series",
 348 |           "intervalFactor": 1,
 349 |           "refId": "A"
 350 |         }
 351 |       ],
 352 |       "thresholds": "0,1",
 353 |       "title": "Targets Online",
 354 |       "type": "singlestat",
 355 |       "valueFontSize": "80%",
 356 |       "valueMaps": [
 357 |         {
 358 |           "op": "=",
 359 |           "text": "N/A",
 360 |           "value": "null"
 361 |         }
 362 |       ],
 363 |       "valueName": "current"
 364 |     },
 365 |     {
 366 |       "cacheTimeout": null,
 367 |       "colorBackground": false,
 368 |       "colorValue": false,
 369 |       "colors": [
 370 |         "#d44a3a",
 371 |         "rgba(237, 129, 40, 0.89)",
 372 |         "#299c46"
 373 |       ],
 374 |       "datasource": "Prometheus",
 375 |       "format": "none",
 376 |       "gauge": {
 377 |         "maxValue": 100,
 378 |         "minValue": 0,
 379 |         "show": false,
 380 |         "thresholdLabels": false,
 381 |         "thresholdMarkers": true
 382 |       },
 383 |       "gridPos": {
 384 |         "h": 7,
 385 |         "w": 4,
 386 |         "x": 15,
 387 |         "y": 1
 388 |       },
 389 |       "id": 31,
 390 |       "interval": null,
 391 |       "links": [],
 392 |       "mappingType": 1,
 393 |       "mappingTypes": [
 394 |         {
 395 |           "name": "value to text",
 396 |           "value": 1
 397 |         },
 398 |         {
 399 |           "name": "range to text",
 400 |           "value": 2
 401 |         }
 402 |       ],
 403 |       "maxDataPoints": 100,
 404 |       "nullPointMode": "connected",
 405 |       "nullText": null,
 406 |       "options": {},
 407 |       "postfix": "",
 408 |       "postfixFontSize": "50%",
 409 |       "prefix": "",
 410 |       "prefixFontSize": "50%",
 411 |       "rangeMaps": [
 412 |         {
 413 |           "from": "null",
 414 |           "text": "N/A",
 415 |           "to": "null"
 416 |         }
 417 |       ],
 418 |       "sparkline": {
 419 |         "fillColor": "rgba(31, 118, 189, 0.18)",
 420 |         "full": false,
 421 |         "lineColor": "rgb(31, 120, 193)",
 422 |         "show": true
 423 |       },
 424 |       "tableColumn": "",
 425 |       "targets": [
 426 |         {
 427 |           "expr": "count(rate(container_last_seen{job=\"cadvisor\", name!=\"\"}[5m]))",
 428 |           "format": "time_series",
 429 |           "intervalFactor": 1,
 430 |           "refId": "A"
 431 |         }
 432 |       ],
 433 |       "thresholds": "0,1",
 434 |       "title": "Running Containers",
 435 |       "type": "singlestat",
 436 |       "valueFontSize": "80%",
 437 |       "valueMaps": [
 438 |         {
 439 |           "op": "=",
 440 |           "text": "N/A",
 441 |           "value": "null"
 442 |         }
 443 |       ],
 444 |       "valueName": "current"
 445 |     },
 446 |     {
 447 |       "cacheTimeout": null,
 448 |       "colorBackground": false,
 449 |       "colorValue": false,
 450 |       "colors": [
 451 |         "#299c46",
 452 |         "rgba(237, 129, 40, 0.89)",
 453 |         "#d44a3a"
 454 |       ],
 455 |       "datasource": null,
 456 |       "decimals": null,
 457 |       "format": "decbytes",
 458 |       "gauge": {
 459 |         "maxValue": 100,
 460 |         "minValue": 0,
 461 |         "show": false,
 462 |         "thresholdLabels": false,
 463 |         "thresholdMarkers": true
 464 |       },
 465 |       "gridPos": {
 466 |         "h": 3,
 467 |         "w": 3,
 468 |         "x": 3,
 469 |         "y": 5
 470 |       },
 471 |       "id": 37,
 472 |       "interval": null,
 473 |       "links": [],
 474 |       "mappingType": 1,
 475 |       "mappingTypes": [
 476 |         {
 477 |           "name": "value to text",
 478 |           "value": 1
 479 |         },
 480 |         {
 481 |           "name": "range to text",
 482 |           "value": 2
 483 |         }
 484 |       ],
 485 |       "maxDataPoints": 100,
 486 |       "nullPointMode": "connected",
 487 |       "nullText": null,
 488 |       "options": {},
 489 |       "postfix": "",
 490 |       "postfixFontSize": "50%",
 491 |       "prefix": "",
 492 |       "prefixFontSize": "50%",
 493 |       "rangeMaps": [
 494 |         {
 495 |           "from": "null",
 496 |           "text": "N/A",
 497 |           "to": "null"
 498 |         }
 499 |       ],
 500 |       "sparkline": {
 501 |         "fillColor": "rgba(31, 118, 189, 0.18)",
 502 |         "full": false,
 503 |         "lineColor": "rgb(31, 120, 193)",
 504 |         "show": false,
 505 |         "ymax": null,
 506 |         "ymin": null
 507 |       },
 508 |       "tableColumn": "",
 509 |       "targets": [
 510 |         {
 511 |           "expr": "node_memory_MemTotal_bytes{instance=~\"$node\"}",
 512 |           "refId": "A"
 513 |         }
 514 |       ],
 515 |       "thresholds": "",
 516 |       "timeFrom": null,
 517 |       "timeShift": null,
 518 |       "title": "Host Memory",
 519 |       "type": "singlestat",
 520 |       "valueFontSize": "80%",
 521 |       "valueMaps": [
 522 |         {
 523 |           "op": "=",
 524 |           "text": "N/A",
 525 |           "value": "null"
 526 |         }
 527 |       ],
 528 |       "valueName": "current"
 529 |     },
 530 |     {
 531 |       "cacheTimeout": null,
 532 |       "colorBackground": false,
 533 |       "colorValue": false,
 534 |       "colors": [
 535 |         "rgba(50, 172, 45, 0.97)",
 536 |         "rgba(237, 129, 40, 0.89)",
 537 |         "rgba(245, 54, 54, 0.9)"
 538 |       ],
 539 |       "datasource": "Prometheus",
 540 |       "editable": true,
 541 |       "error": false,
 542 |       "format": "percent",
 543 |       "gauge": {
 544 |         "maxValue": 100,
 545 |         "minValue": 0,
 546 |         "show": true,
 547 |         "thresholdLabels": false,
 548 |         "thresholdMarkers": true
 549 |       },
 550 |       "gridPos": {
 551 |         "h": 6,
 552 |         "w": 6,
 553 |         "x": 0,
 554 |         "y": 8
 555 |       },
 556 |       "id": 4,
 557 |       "interval": null,
 558 |       "isNew": true,
 559 |       "links": [],
 560 |       "mappingType": 1,
 561 |       "mappingTypes": [
 562 |         {
 563 |           "name": "value to text",
 564 |           "value": 1
 565 |         },
 566 |         {
 567 |           "name": "range to text",
 568 |           "value": 2
 569 |         }
 570 |       ],
 571 |       "maxDataPoints": 100,
 572 |       "nullPointMode": "connected",
 573 |       "nullText": null,
 574 |       "options": {},
 575 |       "postfix": "",
 576 |       "postfixFontSize": "50%",
 577 |       "prefix": "",
 578 |       "prefixFontSize": "50%",
 579 |       "rangeMaps": [
 580 |         {
 581 |           "from": "null",
 582 |           "text": "N/A",
 583 |           "to": "null"
 584 |         }
 585 |       ],
 586 |       "sparkline": {
 587 |         "fillColor": "rgba(31, 118, 189, 0.18)",
 588 |         "full": false,
 589 |         "lineColor": "rgb(31, 120, 193)",
 590 |         "show": false
 591 |       },
 592 |       "tableColumn": "",
 593 |       "targets": [
 594 |         {
 595 |           "expr": "(sum(node_memory_MemTotal_bytes) - sum(node_memory_MemFree_bytes +node_memory_Buffers_bytes + node_memory_Cached_bytes) ) / sum(node_memory_MemTotal_bytes) * 100",
 596 |           "format": "time_series",
 597 |           "interval": "10s",
 598 |           "intervalFactor": 1,
 599 |           "refId": "A",
 600 |           "step": 10
 601 |         }
 602 |       ],
 603 |       "thresholds": "65, 90",
 604 |       "title": "Memory usage",
 605 |       "type": "singlestat",
 606 |       "valueFontSize": "80%",
 607 |       "valueMaps": [
 608 |         {
 609 |           "op": "=",
 610 |           "text": "N/A",
 611 |           "value": "null"
 612 |         }
 613 |       ],
 614 |       "valueName": "current"
 615 |     },
 616 |     {
 617 |       "cacheTimeout": null,
 618 |       "colorBackground": false,
 619 |       "colorValue": false,
 620 |       "colors": [
 621 |         "rgba(50, 172, 45, 0.97)",
 622 |         "rgba(237, 129, 40, 0.89)",
 623 |         "rgba(245, 54, 54, 0.9)"
 624 |       ],
 625 |       "datasource": "Prometheus",
 626 |       "decimals": 2,
 627 |       "editable": true,
 628 |       "error": false,
 629 |       "format": "percent",
 630 |       "gauge": {
 631 |         "maxValue": 100,
 632 |         "minValue": 0,
 633 |         "show": true,
 634 |         "thresholdLabels": false,
 635 |         "thresholdMarkers": true
 636 |       },
 637 |       "gridPos": {
 638 |         "h": 6,
 639 |         "w": 6,
 640 |         "x": 6,
 641 |         "y": 8
 642 |       },
 643 |       "id": 6,
 644 |       "interval": null,
 645 |       "isNew": true,
 646 |       "links": [],
 647 |       "mappingType": 1,
 648 |       "mappingTypes": [
 649 |         {
 650 |           "name": "value to text",
 651 |           "value": 1
 652 |         },
 653 |         {
 654 |           "name": "range to text",
 655 |           "value": 2
 656 |         }
 657 |       ],
 658 |       "maxDataPoints": 100,
 659 |       "nullPointMode": "connected",
 660 |       "nullText": null,
 661 |       "options": {},
 662 |       "postfix": "",
 663 |       "postfixFontSize": "50%",
 664 |       "prefix": "",
 665 |       "prefixFontSize": "50%",
 666 |       "rangeMaps": [
 667 |         {
 668 |           "from": "null",
 669 |           "text": "N/A",
 670 |           "to": "null"
 671 |         }
 672 |       ],
 673 |       "sparkline": {
 674 |         "fillColor": "rgba(31, 118, 189, 0.18)",
 675 |         "full": false,
 676 |         "lineColor": "rgb(31, 120, 193)",
 677 |         "show": false
 678 |       },
 679 |       "tableColumn": "",
 680 |       "targets": [
 681 |         {
 682 |           "expr": "100 - (avg(irate(node_cpu_seconds_total{instance=~\"$node\",mode=\"idle\"}[5m])) * 100)",
 683 |           "format": "time_series",
 684 |           "interval": "1m",
 685 |           "intervalFactor": 1,
 686 |           "legendFormat": "",
 687 |           "refId": "A",
 688 |           "step": 10
 689 |         }
 690 |       ],
 691 |       "thresholds": "65, 90",
 692 |       "title": "CPU usage",
 693 |       "type": "singlestat",
 694 |       "valueFontSize": "80%",
 695 |       "valueMaps": [
 696 |         {
 697 |           "op": "=",
 698 |           "text": "N/A",
 699 |           "value": "null"
 700 |         }
 701 |       ],
 702 |       "valueName": "current"
 703 |     },
 704 |     {
 705 |       "cacheTimeout": null,
 706 |       "colorBackground": false,
 707 |       "colorValue": false,
 708 |       "colors": [
 709 |         "rgba(50, 172, 45, 0.97)",
 710 |         "rgba(237, 129, 40, 0.89)",
 711 |         "rgba(245, 54, 54, 0.9)"
 712 |       ],
 713 |       "datasource": "Prometheus",
 714 |       "decimals": 2,
 715 |       "editable": true,
 716 |       "error": false,
 717 |       "format": "percent",
 718 |       "gauge": {
 719 |         "maxValue": 100,
 720 |         "minValue": 0,
 721 |         "show": true,
 722 |         "thresholdLabels": false,
 723 |         "thresholdMarkers": true
 724 |       },
 725 |       "gridPos": {
 726 |         "h": 6,
 727 |         "w": 7,
 728 |         "x": 12,
 729 |         "y": 8
 730 |       },
 731 |       "id": 7,
 732 |       "interval": null,
 733 |       "isNew": true,
 734 |       "links": [],
 735 |       "mappingType": 1,
 736 |       "mappingTypes": [
 737 |         {
 738 |           "name": "value to text",
 739 |           "value": 1
 740 |         },
 741 |         {
 742 |           "name": "range to text",
 743 |           "value": 2
 744 |         }
 745 |       ],
 746 |       "maxDataPoints": 100,
 747 |       "nullPointMode": "connected",
 748 |       "nullText": null,
 749 |       "options": {},
 750 |       "postfix": "",
 751 |       "postfixFontSize": "50%",
 752 |       "prefix": "",
 753 |       "prefixFontSize": "50%",
 754 |       "rangeMaps": [
 755 |         {
 756 |           "from": "null",
 757 |           "text": "N/A",
 758 |           "to": "null"
 759 |         }
 760 |       ],
 761 |       "sparkline": {
 762 |         "fillColor": "rgba(31, 118, 189, 0.18)",
 763 |         "full": false,
 764 |         "lineColor": "rgb(31, 120, 193)",
 765 |         "show": false
 766 |       },
 767 |       "tableColumn": "",
 768 |       "targets": [
 769 |         {
 770 |           "expr": "avg( node_filesystem_avail_bytes {mountpoint=\"/\"} / node_filesystem_size_bytes{mountpoint=\"/\"})",
 771 |           "interval": "10s",
 772 |           "intervalFactor": 1,
 773 |           "metric": "",
 774 |           "refId": "A",
 775 |           "step": 10
 776 |         }
 777 |       ],
 778 |       "thresholds": "65, 90",
 779 |       "title": "Filesystem usage",
 780 |       "type": "singlestat",
 781 |       "valueFontSize": "80%",
 782 |       "valueMaps": [
 783 |         {
 784 |           "op": "=",
 785 |           "text": "N/A",
 786 |           "value": "null"
 787 |         }
 788 |       ],
 789 |       "valueName": "current"
 790 |     },
 791 |     {
 792 |       "aliasColors": {
 793 |         "RECEIVE": "#ea6460",
 794 |         "SENT": "#1f78c1",
 795 |         "TRANSMIT": "#1f78c1"
 796 |       },
 797 |       "bars": false,
 798 |       "dashLength": 10,
 799 |       "dashes": false,
 800 |       "datasource": "Prometheus",
 801 |       "fill": 4,
 802 |       "fillGradient": 0,
 803 |       "gridPos": {
 804 |         "h": 9,
 805 |         "w": 6,
 806 |         "x": 0,
 807 |         "y": 14
 808 |       },
 809 |       "id": 25,
 810 |       "legend": {
 811 |         "avg": false,
 812 |         "current": false,
 813 |         "max": false,
 814 |         "min": false,
 815 |         "show": true,
 816 |         "total": false,
 817 |         "values": false
 818 |       },
 819 |       "lines": true,
 820 |       "linewidth": 1,
 821 |       "links": [],
 822 |       "nullPointMode": "null",
 823 |       "options": {
 824 |         "dataLinks": []
 825 |       },
 826 |       "percentage": false,
 827 |       "pointradius": 5,
 828 |       "points": false,
 829 |       "renderer": "flot",
 830 |       "seriesOverrides": [],
 831 |       "spaceLength": 10,
 832 |       "stack": false,
 833 |       "steppedLine": false,
 834 |       "targets": [
 835 |         {
 836 |           "expr": "sum(rate(container_network_receive_bytes_total{id=\"/\"}[$interval])) by (id)",
 837 |           "format": "time_series",
 838 |           "interval": "2m",
 839 |           "intervalFactor": 2,
 840 |           "legendFormat": "RECEIVE",
 841 |           "refId": "A"
 842 |         },
 843 |         {
 844 |           "expr": "- sum(rate(container_network_transmit_bytes_total{id=\"/\"}[$interval])) by (id)",
 845 |           "format": "time_series",
 846 |           "interval": "2m",
 847 |           "intervalFactor": 2,
 848 |           "legendFormat": "TRANSMIT",
 849 |           "refId": "B"
 850 |         }
 851 |       ],
 852 |       "thresholds": [],
 853 |       "timeFrom": null,
 854 |       "timeRegions": [],
 855 |       "timeShift": null,
 856 |       "title": "Node Network Traffic",
 857 |       "tooltip": {
 858 |         "shared": true,
 859 |         "sort": 0,
 860 |         "value_type": "cumulative"
 861 |       },
 862 |       "type": "graph",
 863 |       "xaxis": {
 864 |         "buckets": null,
 865 |         "mode": "time",
 866 |         "name": null,
 867 |         "show": true,
 868 |         "values": []
 869 |       },
 870 |       "yaxes": [
 871 |         {
 872 |           "format": "Bps",
 873 |           "label": null,
 874 |           "logBase": 1,
 875 |           "max": null,
 876 |           "min": null,
 877 |           "show": true
 878 |         },
 879 |         {
 880 |           "format": "s",
 881 |           "label": null,
 882 |           "logBase": 1,
 883 |           "max": null,
 884 |           "min": null,
 885 |           "show": true
 886 |         }
 887 |       ],
 888 |       "yaxis": {
 889 |         "align": false,
 890 |         "alignLevel": null
 891 |       }
 892 |     },
 893 |     {
 894 |       "aliasColors": {
 895 |         "Available Memory": "#508642",
 896 |         "Used Memory": "#bf1b00"
 897 |       },
 898 |       "bars": false,
 899 |       "dashLength": 10,
 900 |       "dashes": false,
 901 |       "datasource": "Prometheus",
 902 |       "fill": 3,
 903 |       "fillGradient": 0,
 904 |       "gridPos": {
 905 |         "h": 9,
 906 |         "w": 6,
 907 |         "x": 6,
 908 |         "y": 14
 909 |       },
 910 |       "id": 27,
 911 |       "legend": {
 912 |         "avg": false,
 913 |         "current": false,
 914 |         "max": false,
 915 |         "min": false,
 916 |         "show": true,
 917 |         "total": false,
 918 |         "values": false
 919 |       },
 920 |       "lines": true,
 921 |       "linewidth": 1,
 922 |       "links": [],
 923 |       "nullPointMode": "null",
 924 |       "options": {
 925 |         "dataLinks": []
 926 |       },
 927 |       "percentage": false,
 928 |       "pointradius": 5,
 929 |       "points": false,
 930 |       "renderer": "flot",
 931 |       "seriesOverrides": [],
 932 |       "spaceLength": 10,
 933 |       "stack": true,
 934 |       "steppedLine": false,
 935 |       "targets": [
 936 |         {
 937 |           "expr": "sum(node_memory_MemTotal_bytes) - sum(node_memory_MemAvailable_bytes)",
 938 |           "format": "time_series",
 939 |           "interval": "2m",
 940 |           "intervalFactor": 2,
 941 |           "legendFormat": "Used Memory",
 942 |           "refId": "B"
 943 |         },
 944 |         {
 945 |           "expr": "sum(node_memory_MemAvailable_bytes)",
 946 |           "format": "time_series",
 947 |           "interval": "2m",
 948 |           "intervalFactor": 2,
 949 |           "legendFormat": "Available Memory",
 950 |           "refId": "A"
 951 |         }
 952 |       ],
 953 |       "thresholds": [],
 954 |       "timeFrom": null,
 955 |       "timeRegions": [],
 956 |       "timeShift": null,
 957 |       "title": "Node Mermory",
 958 |       "tooltip": {
 959 |         "shared": true,
 960 |         "sort": 0,
 961 |         "value_type": "individual"
 962 |       },
 963 |       "type": "graph",
 964 |       "xaxis": {
 965 |         "buckets": null,
 966 |         "mode": "time",
 967 |         "name": null,
 968 |         "show": true,
 969 |         "values": []
 970 |       },
 971 |       "yaxes": [
 972 |         {
 973 |           "format": "decbytes",
 974 |           "label": null,
 975 |           "logBase": 1,
 976 |           "max": null,
 977 |           "min": null,
 978 |           "show": true
 979 |         },
 980 |         {
 981 |           "format": "s",
 982 |           "label": null,
 983 |           "logBase": 1,
 984 |           "max": null,
 985 |           "min": null,
 986 |           "show": true
 987 |         }
 988 |       ],
 989 |       "yaxis": {
 990 |         "align": false,
 991 |         "alignLevel": null
 992 |       }
 993 |     },
 994 |     {
 995 |       "aliasColors": {
 996 |         "Available Memory": "#508642",
 997 |         "Free Storage": "#447ebc",
 998 |         "Total Storage Available": "#508642",
 999 |         "Used Memory": "#bf1b00",
1000 |         "Used Storage": "#bf1b00"
1001 |       },
1002 |       "bars": false,
1003 |       "dashLength": 10,
1004 |       "dashes": false,
1005 |       "datasource": "Prometheus",
1006 |       "fill": 3,
1007 |       "fillGradient": 0,
1008 |       "gridPos": {
1009 |         "h": 9,
1010 |         "w": 7,
1011 |         "x": 12,
1012 |         "y": 14
1013 |       },
1014 |       "id": 28,
1015 |       "legend": {
1016 |         "avg": false,
1017 |         "current": false,
1018 |         "max": false,
1019 |         "min": false,
1020 |         "show": true,
1021 |         "total": false,
1022 |         "values": false
1023 |       },
1024 |       "lines": true,
1025 |       "linewidth": 1,
1026 |       "links": [],
1027 |       "nullPointMode": "null",
1028 |       "options": {
1029 |         "dataLinks": []
1030 |       },
1031 |       "percentage": false,
1032 |       "pointradius": 5,
1033 |       "points": false,
1034 |       "renderer": "flot",
1035 |       "seriesOverrides": [],
1036 |       "spaceLength": 10,
1037 |       "stack": true,
1038 |       "steppedLine": false,
1039 |       "targets": [
1040 |         {
1041 |           "expr": "sum(node_filesystem_free_bytes {job=\"node-exporter\", instance=~\".*9100\", device=~\"/dev/.*\", mountpoint!=\"/var/lib/docker/aufs\"}) ",
1042 |           "format": "time_series",
1043 |           "interval": "2m",
1044 |           "intervalFactor": 2,
1045 |           "legendFormat": "Free Storage",
1046 |           "refId": "A"
1047 |         }
1048 |       ],
1049 |       "thresholds": [],
1050 |       "timeFrom": null,
1051 |       "timeRegions": [],
1052 |       "timeShift": null,
1053 |       "title": "Filesystem Available",
1054 |       "tooltip": {
1055 |         "shared": true,
1056 |         "sort": 0,
1057 |         "value_type": "individual"
1058 |       },
1059 |       "type": "graph",
1060 |       "xaxis": {
1061 |         "buckets": null,
1062 |         "mode": "time",
1063 |         "name": null,
1064 |         "show": true,
1065 |         "values": []
1066 |       },
1067 |       "yaxes": [
1068 |         {
1069 |           "decimals": null,
1070 |           "format": "decbytes",
1071 |           "label": null,
1072 |           "logBase": 1,
1073 |           "max": null,
1074 |           "min": null,
1075 |           "show": true
1076 |         },
1077 |         {
1078 |           "format": "s",
1079 |           "label": null,
1080 |           "logBase": 1,
1081 |           "max": null,
1082 |           "min": null,
1083 |           "show": true
1084 |         }
1085 |       ],
1086 |       "yaxis": {
1087 |         "align": false,
1088 |         "alignLevel": null
1089 |       }
1090 |     },
1091 |     {
1092 |       "collapsed": false,
1093 |       "datasource": null,
1094 |       "gridPos": {
1095 |         "h": 1,
1096 |         "w": 24,
1097 |         "x": 0,
1098 |         "y": 23
1099 |       },
1100 |       "id": 19,
1101 |       "panels": [],
1102 |       "repeat": null,
1103 |       "title": "Container Performance",
1104 |       "type": "row"
1105 |     },
1106 |     {
1107 |       "aliasColors": {},
1108 |       "bars": false,
1109 |       "dashLength": 10,
1110 |       "dashes": false,
1111 |       "datasource": "Prometheus",
1112 |       "decimals": 3,
1113 |       "editable": true,
1114 |       "error": false,
1115 |       "fill": 0,
1116 |       "fillGradient": 0,
1117 |       "grid": {},
1118 |       "gridPos": {
1119 |         "h": 10,
1120 |         "w": 6,
1121 |         "x": 0,
1122 |         "y": 24
1123 |       },
1124 |       "id": 3,
1125 |       "isNew": true,
1126 |       "legend": {
1127 |         "alignAsTable": true,
1128 |         "avg": true,
1129 |         "current": true,
1130 |         "max": false,
1131 |         "min": false,
1132 |         "rightSide": false,
1133 |         "show": true,
1134 |         "sort": "current",
1135 |         "sortDesc": true,
1136 |         "total": false,
1137 |         "values": true
1138 |       },
1139 |       "lines": true,
1140 |       "linewidth": 2,
1141 |       "links": [],
1142 |       "nullPointMode": "connected",
1143 |       "options": {
1144 |         "dataLinks": []
1145 |       },
1146 |       "percentage": false,
1147 |       "pointradius": 5,
1148 |       "points": false,
1149 |       "renderer": "flot",
1150 |       "seriesOverrides": [],
1151 |       "spaceLength": 10,
1152 |       "stack": false,
1153 |       "steppedLine": false,
1154 |       "targets": [
1155 |         {
1156 |           "expr": "sum(rate(container_cpu_usage_seconds_total{image!=\"\"}[1m])) by (id,name)",
1157 |           "format": "time_series",
1158 |           "interval": "10s",
1159 |           "intervalFactor": 1,
1160 |           "legendFormat": "{{ name }}",
1161 |           "metric": "container_cpu_user_seconds_total",
1162 |           "refId": "A",
1163 |           "step": 10
1164 |         }
1165 |       ],
1166 |       "thresholds": [],
1167 |       "timeFrom": null,
1168 |       "timeRegions": [],
1169 |       "timeShift": null,
1170 |       "title": "Container CPU usage",
1171 |       "tooltip": {
1172 |         "msResolution": true,
1173 |         "shared": true,
1174 |         "sort": 0,
1175 |         "value_type": "cumulative"
1176 |       },
1177 |       "type": "graph",
1178 |       "xaxis": {
1179 |         "buckets": null,
1180 |         "mode": "time",
1181 |         "name": null,
1182 |         "show": true,
1183 |         "values": []
1184 |       },
1185 |       "yaxes": [
1186 |         {
1187 |           "format": "percentunit",
1188 |           "label": null,
1189 |           "logBase": 1,
1190 |           "max": null,
1191 |           "min": null,
1192 |           "show": true
1193 |         },
1194 |         {
1195 |           "format": "short",
1196 |           "label": null,
1197 |           "logBase": 1,
1198 |           "max": null,
1199 |           "min": null,
1200 |           "show": true
1201 |         }
1202 |       ],
1203 |       "yaxis": {
1204 |         "align": false,
1205 |         "alignLevel": null
1206 |       }
1207 |     },
1208 |     {
1209 |       "aliasColors": {},
1210 |       "bars": false,
1211 |       "dashLength": 10,
1212 |       "dashes": false,
1213 |       "datasource": "Prometheus",
1214 |       "decimals": 2,
1215 |       "editable": true,
1216 |       "error": false,
1217 |       "fill": 0,
1218 |       "fillGradient": 0,
1219 |       "grid": {},
1220 |       "gridPos": {
1221 |         "h": 10,
1222 |         "w": 6,
1223 |         "x": 6,
1224 |         "y": 24
1225 |       },
1226 |       "id": 2,
1227 |       "isNew": true,
1228 |       "legend": {
1229 |         "alignAsTable": true,
1230 |         "avg": true,
1231 |         "current": true,
1232 |         "max": false,
1233 |         "min": false,
1234 |         "rightSide": false,
1235 |         "show": true,
1236 |         "sort": "current",
1237 |         "sortDesc": true,
1238 |         "total": false,
1239 |         "values": true
1240 |       },
1241 |       "lines": true,
1242 |       "linewidth": 2,
1243 |       "links": [],
1244 |       "nullPointMode": "connected",
1245 |       "options": {
1246 |         "dataLinks": []
1247 |       },
1248 |       "percentage": false,
1249 |       "pointradius": 5,
1250 |       "points": false,
1251 |       "renderer": "flot",
1252 |       "seriesOverrides": [],
1253 |       "spaceLength": 10,
1254 |       "stack": false,
1255 |       "steppedLine": false,
1256 |       "targets": [
1257 |         {
1258 |           "expr": "container_memory_max_usage_bytes{image!=\"\"}",
1259 |           "format": "time_series",
1260 |           "interval": "10s",
1261 |           "intervalFactor": 1,
1262 |           "legendFormat": "{{ name }}",
1263 |           "metric": "container_memory_usage:sort_desc",
1264 |           "refId": "A",
1265 |           "step": 10
1266 |         }
1267 |       ],
1268 |       "thresholds": [],
1269 |       "timeFrom": null,
1270 |       "timeRegions": [],
1271 |       "timeShift": null,
1272 |       "title": "Container Memory Usage",
1273 |       "tooltip": {
1274 |         "msResolution": false,
1275 |         "shared": true,
1276 |         "sort": 0,
1277 |         "value_type": "cumulative"
1278 |       },
1279 |       "type": "graph",
1280 |       "xaxis": {
1281 |         "buckets": null,
1282 |         "mode": "time",
1283 |         "name": null,
1284 |         "show": true,
1285 |         "values": []
1286 |       },
1287 |       "yaxes": [
1288 |         {
1289 |           "format": "bytes",
1290 |           "label": null,
1291 |           "logBase": 1,
1292 |           "max": null,
1293 |           "min": null,
1294 |           "show": true
1295 |         },
1296 |         {
1297 |           "format": "short",
1298 |           "label": null,
1299 |           "logBase": 1,
1300 |           "max": null,
1301 |           "min": null,
1302 |           "show": true
1303 |         }
1304 |       ],
1305 |       "yaxis": {
1306 |         "align": false,
1307 |         "alignLevel": null
1308 |       }
1309 |     },
1310 |     {
1311 |       "columns": [],
1312 |       "datasource": "Prometheus",
1313 |       "fontSize": "100%",
1314 |       "gridPos": {
1315 |         "h": 13,
1316 |         "w": 10,
1317 |         "x": 12,
1318 |         "y": 24
1319 |       },
1320 |       "id": 23,
1321 |       "links": [],
1322 |       "options": {},
1323 |       "pageSize": null,
1324 |       "scroll": true,
1325 |       "showHeader": true,
1326 |       "sort": {
1327 |         "col": 0,
1328 |         "desc": true
1329 |       },
1330 |       "styles": [
1331 |         {
1332 |           "alias": "Time",
1333 |           "dateFormat": "YYYY-MM-DD HH:mm:ss",
1334 |           "pattern": "Time",
1335 |           "type": "date"
1336 |         },
1337 |         {
1338 |           "alias": "",
1339 |           "colorMode": null,
1340 |           "colors": [
1341 |             "rgba(245, 54, 54, 0.9)",
1342 |             "rgba(237, 129, 40, 0.89)",
1343 |             "rgba(50, 172, 45, 0.97)"
1344 |           ],
1345 |           "decimals": 2,
1346 |           "pattern": "/.*/",
1347 |           "thresholds": [],
1348 |           "type": "number",
1349 |           "unit": "short"
1350 |         }
1351 |       ],
1352 |       "targets": [
1353 |         {
1354 |           "expr": "ALERTS",
1355 |           "format": "table",
1356 |           "intervalFactor": 1,
1357 |           "refId": "A"
1358 |         }
1359 |       ],
1360 |       "title": "Alerts",
1361 |       "transform": "table",
1362 |       "type": "table"
1363 |     },
1364 |     {
1365 |       "aliasColors": {},
1366 |       "bars": false,
1367 |       "dashLength": 10,
1368 |       "dashes": false,
1369 |       "datasource": "Prometheus",
1370 |       "decimals": 2,
1371 |       "editable": true,
1372 |       "error": false,
1373 |       "fill": 0,
1374 |       "fillGradient": 0,
1375 |       "grid": {},
1376 |       "gridPos": {
1377 |         "h": 14,
1378 |         "w": 6,
1379 |         "x": 0,
1380 |         "y": 34
1381 |       },
1382 |       "id": 8,
1383 |       "isNew": true,
1384 |       "legend": {
1385 |         "alignAsTable": true,
1386 |         "avg": true,
1387 |         "current": true,
1388 |         "max": false,
1389 |         "min": false,
1390 |         "rightSide": false,
1391 |         "show": true,
1392 |         "sort": "current",
1393 |         "sortDesc": true,
1394 |         "total": false,
1395 |         "values": true
1396 |       },
1397 |       "lines": true,
1398 |       "linewidth": 2,
1399 |       "links": [],
1400 |       "nullPointMode": "connected",
1401 |       "options": {
1402 |         "dataLinks": []
1403 |       },
1404 |       "percentage": false,
1405 |       "pointradius": 5,
1406 |       "points": false,
1407 |       "renderer": "flot",
1408 |       "seriesOverrides": [],
1409 |       "spaceLength": 10,
1410 |       "stack": false,
1411 |       "steppedLine": false,
1412 |       "targets": [
1413 |         {
1414 |           "expr": "sort_desc(sum by (name) (rate(container_network_receive_bytes_total{image!=\"\"}[1m] ) ))",
1415 |           "interval": "10s",
1416 |           "intervalFactor": 1,
1417 |           "legendFormat": "{{ name }}",
1418 |           "metric": "container_network_receive_bytes_total",
1419 |           "refId": "A",
1420 |           "step": 10
1421 |         }
1422 |       ],
1423 |       "thresholds": [],
1424 |       "timeFrom": null,
1425 |       "timeRegions": [],
1426 |       "timeShift": null,
1427 |       "title": "Container Network Input",
1428 |       "tooltip": {
1429 |         "msResolution": false,
1430 |         "shared": true,
1431 |         "sort": 0,
1432 |         "value_type": "cumulative"
1433 |       },
1434 |       "type": "graph",
1435 |       "xaxis": {
1436 |         "buckets": null,
1437 |         "mode": "time",
1438 |         "name": null,
1439 |         "show": true,
1440 |         "values": []
1441 |       },
1442 |       "yaxes": [
1443 |         {
1444 |           "format": "bytes",
1445 |           "label": null,
1446 |           "logBase": 1,
1447 |           "max": null,
1448 |           "min": null,
1449 |           "show": true
1450 |         },
1451 |         {
1452 |           "format": "short",
1453 |           "label": null,
1454 |           "logBase": 1,
1455 |           "max": null,
1456 |           "min": null,
1457 |           "show": true
1458 |         }
1459 |       ],
1460 |       "yaxis": {
1461 |         "align": false,
1462 |         "alignLevel": null
1463 |       }
1464 |     },
1465 |     {
1466 |       "aliasColors": {},
1467 |       "bars": false,
1468 |       "dashLength": 10,
1469 |       "dashes": false,
1470 |       "datasource": "Prometheus",
1471 |       "decimals": 2,
1472 |       "editable": true,
1473 |       "error": false,
1474 |       "fill": 0,
1475 |       "fillGradient": 0,
1476 |       "grid": {},
1477 |       "gridPos": {
1478 |         "h": 14,
1479 |         "w": 6,
1480 |         "x": 6,
1481 |         "y": 34
1482 |       },
1483 |       "id": 9,
1484 |       "isNew": true,
1485 |       "legend": {
1486 |         "alignAsTable": true,
1487 |         "avg": true,
1488 |         "current": true,
1489 |         "max": false,
1490 |         "min": false,
1491 |         "rightSide": false,
1492 |         "show": true,
1493 |         "sort": "current",
1494 |         "sortDesc": true,
1495 |         "total": false,
1496 |         "values": true
1497 |       },
1498 |       "lines": true,
1499 |       "linewidth": 2,
1500 |       "links": [],
1501 |       "nullPointMode": "connected",
1502 |       "options": {
1503 |         "dataLinks": []
1504 |       },
1505 |       "percentage": false,
1506 |       "pointradius": 5,
1507 |       "points": false,
1508 |       "renderer": "flot",
1509 |       "seriesOverrides": [],
1510 |       "spaceLength": 10,
1511 |       "stack": false,
1512 |       "steppedLine": false,
1513 |       "targets": [
1514 |         {
1515 |           "expr": "sort_desc(sum by (name) (rate(container_network_transmit_bytes_total{image!=\"\"}[1m] ) ))",
1516 |           "format": "time_series",
1517 |           "intervalFactor": 2,
1518 |           "legendFormat": "{{ name }}",
1519 |           "metric": "container_network_transmit_bytes_total",
1520 |           "refId": "B",
1521 |           "step": 4
1522 |         }
1523 |       ],
1524 |       "thresholds": [],
1525 |       "timeFrom": null,
1526 |       "timeRegions": [],
1527 |       "timeShift": null,
1528 |       "title": "Container Network Output",
1529 |       "tooltip": {
1530 |         "msResolution": false,
1531 |         "shared": true,
1532 |         "sort": 0,
1533 |         "value_type": "cumulative"
1534 |       },
1535 |       "type": "graph",
1536 |       "xaxis": {
1537 |         "buckets": null,
1538 |         "mode": "time",
1539 |         "name": null,
1540 |         "show": true,
1541 |         "values": []
1542 |       },
1543 |       "yaxes": [
1544 |         {
1545 |           "format": "bytes",
1546 |           "label": null,
1547 |           "logBase": 1,
1548 |           "max": null,
1549 |           "min": null,
1550 |           "show": true
1551 |         },
1552 |         {
1553 |           "format": "short",
1554 |           "label": null,
1555 |           "logBase": 1,
1556 |           "max": null,
1557 |           "min": null,
1558 |           "show": false
1559 |         }
1560 |       ],
1561 |       "yaxis": {
1562 |         "align": false,
1563 |         "alignLevel": null
1564 |       }
1565 |     },
1566 |     {
1567 |       "columns": [],
1568 |       "datasource": "Prometheus",
1569 |       "fontSize": "100%",
1570 |       "gridPos": {
1571 |         "h": 10,
1572 |         "w": 10,
1573 |         "x": 12,
1574 |         "y": 37
1575 |       },
1576 |       "id": 30,
1577 |       "links": [],
1578 |       "options": {},
1579 |       "pageSize": 10,
1580 |       "scroll": true,
1581 |       "showHeader": true,
1582 |       "sort": {
1583 |         "col": 0,
1584 |         "desc": true
1585 |       },
1586 |       "styles": [
1587 |         {
1588 |           "alias": "Time",
1589 |           "dateFormat": "YYYY-MM-DD HH:mm:ss",
1590 |           "link": false,
1591 |           "linkUrl": "",
1592 |           "pattern": "Time",
1593 |           "type": "date"
1594 |         },
1595 |         {
1596 |           "alias": "",
1597 |           "colorMode": null,
1598 |           "colors": [
1599 |             "rgba(245, 54, 54, 0.9)",
1600 |             "rgba(237, 129, 40, 0.89)",
1601 |             "rgba(50, 172, 45, 0.97)"
1602 |           ],
1603 |           "decimals": 2,
1604 |           "pattern": "/.*/",
1605 |           "thresholds": [],
1606 |           "type": "number",
1607 |           "unit": "short"
1608 |         }
1609 |       ],
1610 |       "targets": [
1611 |         {
1612 |           "expr": "cadvisor_version_info",
1613 |           "format": "table",
1614 |           "instant": false,
1615 |           "interval": "15m",
1616 |           "intervalFactor": 2,
1617 |           "legendFormat": "cAdvisor  Version: {{cadvisorVersion}}",
1618 |           "refId": "A"
1619 |         },
1620 |         {
1621 |           "expr": "prometheus_build_info",
1622 |           "format": "table",
1623 |           "interval": "15m",
1624 |           "intervalFactor": 2,
1625 |           "legendFormat": "Prometheus Version: {{version}}",
1626 |           "refId": "B"
1627 |         },
1628 |         {
1629 |           "expr": "node_exporter_build_info",
1630 |           "format": "table",
1631 |           "interval": "15m",
1632 |           "intervalFactor": 2,
1633 |           "legendFormat": "Node-Exporter Version: {{version}}",
1634 |           "refId": "C"
1635 |         }
1636 |       ],
1637 |       "title": "Running Versions",
1638 |       "transform": "table",
1639 |       "type": "table"
1640 |     }
1641 |   ],
1642 |   "refresh": "10s",
1643 |   "schemaVersion": 20,
1644 |   "style": "dark",
1645 |   "tags": [
1646 |     "docker",
1647 |     "prometheus, ",
1648 |     "node-exporter",
1649 |     "cadvisor"
1650 |   ],
1651 |   "templating": {
1652 |     "list": [
1653 |       {
1654 |         "auto": false,
1655 |         "auto_count": 30,
1656 |         "auto_min": "10s",
1657 |         "current": {
1658 |           "text": "1m",
1659 |           "value": "1m"
1660 |         },
1661 |         "hide": 0,
1662 |         "label": "interval",
1663 |         "name": "interval",
1664 |         "options": [
1665 |           {
1666 |             "selected": true,
1667 |             "text": "1m",
1668 |             "value": "1m"
1669 |           },
1670 |           {
1671 |             "selected": false,
1672 |             "text": "10m",
1673 |             "value": "10m"
1674 |           },
1675 |           {
1676 |             "selected": false,
1677 |             "text": "30m",
1678 |             "value": "30m"
1679 |           },
1680 |           {
1681 |             "selected": false,
1682 |             "text": "1h",
1683 |             "value": "1h"
1684 |           },
1685 |           {
1686 |             "selected": false,
1687 |             "text": "6h",
1688 |             "value": "6h"
1689 |           },
1690 |           {
1691 |             "selected": false,
1692 |             "text": "12h",
1693 |             "value": "12h"
1694 |           },
1695 |           {
1696 |             "selected": false,
1697 |             "text": "1d",
1698 |             "value": "1d"
1699 |           },
1700 |           {
1701 |             "selected": false,
1702 |             "text": "7d",
1703 |             "value": "7d"
1704 |           },
1705 |           {
1706 |             "selected": false,
1707 |             "text": "14d",
1708 |             "value": "14d"
1709 |           },
1710 |           {
1711 |             "selected": false,
1712 |             "text": "30d",
1713 |             "value": "30d"
1714 |           }
1715 |         ],
1716 |         "query": "1m,10m,30m,1h,6h,12h,1d,7d,14d,30d",
1717 |         "refresh": 2,
1718 |         "skipUrlSync": false,
1719 |         "type": "interval"
1720 |       },
1721 |       {
1722 |         "allValue": null,
1723 |         "current": {
1724 |           "text": "All",
1725 |           "value": "$__all"
1726 |         },
1727 |         "datasource": "Prometheus",
1728 |         "definition": "label_values(node_exporter_build_info{name=~'$name'},instance)",
1729 |         "hide": 0,
1730 |         "includeAll": true,
1731 |         "label": "IP",
1732 |         "multi": true,
1733 |         "name": "node",
1734 |         "options": [],
1735 |         "query": "label_values(node_exporter_build_info{name=~'$name'},instance)",
1736 |         "refresh": 2,
1737 |         "regex": "",
1738 |         "skipUrlSync": false,
1739 |         "sort": 1,
1740 |         "tagValuesQuery": "",
1741 |         "tags": [],
1742 |         "tagsQuery": "",
1743 |         "type": "query",
1744 |         "useTags": false
1745 |       },
1746 |       {
1747 |         "allValue": null,
1748 |         "current": {
1749 |           "text": "All",
1750 |           "value": "$__all"
1751 |         },
1752 |         "datasource": "Prometheus",
1753 |         "definition": "label_values(node_exporter_build_info,env)",
1754 |         "hide": 0,
1755 |         "includeAll": true,
1756 |         "label": "Env",
1757 |         "multi": true,
1758 |         "name": "env",
1759 |         "options": [],
1760 |         "query": "label_values(node_exporter_build_info,env)",
1761 |         "refresh": 2,
1762 |         "regex": "",
1763 |         "skipUrlSync": false,
1764 |         "sort": 0,
1765 |         "tagValuesQuery": "",
1766 |         "tags": [],
1767 |         "tagsQuery": "",
1768 |         "type": "query",
1769 |         "useTags": false
1770 |       },
1771 |       {
1772 |         "allValue": null,
1773 |         "current": {
1774 |           "text": "All",
1775 |           "value": "$__all"
1776 |         },
1777 |         "datasource": "Prometheus",
1778 |         "definition": "label_values(node_exporter_build_info{env=~'$env'},name)",
1779 |         "hide": 0,
1780 |         "includeAll": true,
1781 |         "label": "CPU Name",
1782 |         "multi": true,
1783 |         "name": "name",
1784 |         "options": [],
1785 |         "query": "label_values(node_exporter_build_info{env=~'$env'},name)",
1786 |         "refresh": 2,
1787 |         "regex": "",
1788 |         "skipUrlSync": false,
1789 |         "sort": 0,
1790 |         "tagValuesQuery": "",
1791 |         "tags": [],
1792 |         "tagsQuery": "",
1793 |         "type": "query",
1794 |         "useTags": false
1795 |       }
1796 |     ]
1797 |   },
1798 |   "time": {
1799 |     "from": "now-5m",
1800 |     "to": "now"
1801 |   },
1802 |   "timepicker": {
1803 |     "refresh_intervals": [
1804 |       "5s",
1805 |       "10s",
1806 |       "30s",
1807 |       "1m",
1808 |       "5m",
1809 |       "15m",
1810 |       "30m",
1811 |       "1h",
1812 |       "2h",
1813 |       "1d"
1814 |     ],
1815 |     "time_options": [
1816 |       "5m",
1817 |       "15m",
1818 |       "1h",
1819 |       "6h",
1820 |       "12h",
1821 |       "24h",
1822 |       "2d",
1823 |       "7d",
1824 |       "30d"
1825 |     ]
1826 |   },
1827 |   "timezone": "browser",
1828 |   "title": "Docker Prometheus Monitoring",
1829 |   "uid": "64nrElFmk",
1830 |   "version": 2
1831 | }


--------------------------------------------------------------------------------
/dr/grafana/provisioning/dashboards/dashboard.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: 1
 2 | 
 3 | providers:
 4 | - name: 'Prometheus'
 5 |   orgId: 1
 6 |   folder: ''
 7 |   type: file
 8 |   disableDeletion: false
 9 |   editable: true
10 |   options:
11 |     path: /etc/grafana/provisioning/dashboards
12 | 


--------------------------------------------------------------------------------
/dr/grafana/provisioning/datasources/datasource.yml:
--------------------------------------------------------------------------------
 1 | # config file version
 2 | apiVersion: 1
 3 | 
 4 | # list of datasources that should be deleted from the database
 5 | deleteDatasources:
 6 |   - name: Prometheus
 7 |     orgId: 1
 8 | 
 9 | # list of datasources to insert/update depending
10 | # whats available in the database
11 | datasources:
12 |   # <string, required> name of the datasource. Required
13 | - name: Prometheus
14 |   # <string, required> datasource type. Required
15 |   type: prometheus
16 |   # <string, required> access mode. direct or proxy. Required
17 |   access: proxy
18 |   # <int> org id. will default to orgId 1 if not specified
19 |   orgId: 1
20 |   # <string> url
21 |   url: http://prometheus:9090
22 |   # <string> database password, if used
23 |   password:
24 |   # <string> database user, if used
25 |   user:
26 |   # <string> database name, if used
27 |   database:
28 |   # <bool> enable/disable basic auth
29 |   basicAuth: false
30 |   # <string> basic auth username, if used
31 |   basicAuthUser:
32 |   # <string> basic auth password, if used
33 |   basicAuthPassword:
34 |   # <bool> enable/disable with credentials headers
35 |   withCredentials:
36 |   # <bool> mark as default datasource. Max one per org
37 |   isDefault: true
38 |   # <map> fields that will be converted to json and stored in json_data
39 |   jsonData:
40 |      graphiteVersion: "1.1"
41 |      tlsAuth: false
42 |      tlsAuthWithCACert: false
43 |   # <string> json object of data that will be encrypted.
44 |   secureJsonData:
45 |     tlsCACert: "..."
46 |     tlsClientCert: "..."
47 |     tlsClientKey: "..."
48 |   version: 1
49 |   # <bool> allow users to edit datasources from the UI.
50 |   editable: true
51 | 


--------------------------------------------------------------------------------
/dr/prometheus/alert.rules:
--------------------------------------------------------------------------------
 1 | groups:
 2 | - name: example
 3 |   rules:
 4 | 
 5 |   # Alert for any instance that is unreachable for >2 minutes.
 6 |   - alert: service_down
 7 |     expr: up == 0
 8 |     for: 2m
 9 |     labels:
10 |       severity: page
11 |     annotations:
12 |       summary: "Instance {{ $labels.instance }} down"
13 |       description: "{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 2 minutes."
14 | 
15 |   - alert: high_load
16 |     expr: node_load1 > 0.5
17 |     for: 2m
18 |     labels:
19 |       severity: page
20 |     annotations:
21 |       summary: "Instance {{ $labels.instance }} under high load"
22 |       description: "{{ $labels.instance }} of job {{ $labels.job }} is under high load."
23 | 


--------------------------------------------------------------------------------
/dr/prometheus/prometheus.yml:
--------------------------------------------------------------------------------
 1 | # my global config
 2 | global:
 3 |   scrape_interval:     15s # By default, scrape targets every 15 seconds.
 4 |   evaluation_interval: 15s # By default, scrape targets every 15 seconds.
 5 |   # scrape_timeout is set to the global default (10s).
 6 | 
 7 |   # Attach these labels to any time series or alerts when communicating with
 8 |   # external systems (federation, remote storage, Alertmanager).
 9 |   external_labels:
10 |       monitor: 'my-project'
11 | 
12 | # Load and evaluate rules in this file every 'evaluation_interval' seconds.
13 | rule_files:
14 |   - 'alert.rules'
15 |   # - "first.rules"
16 |   # - "second.rules"
17 | 
18 | # alert
19 | alerting:
20 |   alertmanagers:
21 |   - scheme: http
22 |     static_configs:
23 |     - targets:
24 |       - "alertmanager:9093"
25 | 
26 | # A scrape configuration containing exactly one endpoint to scrape:
27 | # Here it's Prometheus itself.
28 | scrape_configs:
29 |   # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
30 | 
31 |   - job_name: 'prometheus'
32 | 
33 |     # Override the global default and scrape targets from this job every 5 seconds.
34 |     scrape_interval: 5s
35 | 
36 |     static_configs:
37 |          - targets: ['localhost:9090']
38 | 
39 | 
40 |   - job_name: 'cadvisor'
41 | 
42 |     # Override the global default and scrape targets from this job every 5 seconds.
43 |     scrape_interval: 5s
44 | 
45 |     dns_sd_configs:
46 |     - names:
47 |       - 'tasks.cadvisor'
48 |       type: 'A'
49 |       port: 8080
50 | 
51 | #     static_configs:
52 | #          - targets: ['cadvisor:8080']
53 | 
54 |   - job_name: 'node-exporter'
55 | 
56 |     # Override the global default and scrape targets from this job every 5 seconds.
57 |     scrape_interval: 5s
58 | 
59 |     dns_sd_configs:
60 |     - names:
61 |       - 'tasks.node-exporter'
62 |       type: 'A'
63 |       port: 9100
64 |     
65 | #     static_configs:
66 | #          - targets: ['node-exporter:9100']
67 |   - job_name: 'vault'
68 |     static_configs:
69 |       - targets: ['primary_vault01_1:8200', 'primary_vault02_1:8200', 'primary_vault03_1:8200']
70 |     scheme: "http"
71 |     bearer_token: s.e8qY1qUtNDldNDmi9ER3xavT
72 |     tls_config:
73 |       insecure_skip_verify: true
74 |     metrics_path: "/v1/sys/metrics"
75 |     params:
76 |       format: ['prometheus']
77 | 
78 | 


--------------------------------------------------------------------------------
/dr/prometheus/vault-metrics.hcl:
--------------------------------------------------------------------------------
1 | path "sys/metrics*"
2 | {
3 |   capabilities = ["read", "list"]
4 | }
5 | 


--------------------------------------------------------------------------------
/dr/vault/api/.keep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bruj0/vault-docker-compose/e6d4db74c72b216b4131c843f374a12e0f6106a9/dr/vault/api/.keep


--------------------------------------------------------------------------------
/dr/vault/config/vault01.hcl:
--------------------------------------------------------------------------------
 1 | # Vault OSS v1.2.3
 2 | 
 3 | # -----------------------------------------------------------------------
 4 | # Global configuration
 5 | # set via env variables
 6 | # -----------------------------------------------------------------------
 7 | 
 8 | # -----------------------------------------------------------------------
 9 | # Listener configuration
10 | # -----------------------------------------------------------------------
11 | 
12 | listener "tcp" {
13 |   address       = "0.0.0.0:8200"
14 |   tls_disable  = "true"
15 | #   #tls_cert_file = "/etc/ssl/certs/vault-server.crt"
16 | #   #tls_key_file  = "/etc/ssl/vault-server.key"
17 | }
18 | ui = "true"
19 | cluster_address = "0.0.0.0:8201"
20 | cluster_name = "dr"
21 | # -----------------------------------------------------------------------
22 | # Storage configuration
23 | # -----------------------------------------------------------------------
24 | storage "consul" {
25 |   address            = "dr_consul_agent_1_1:8500"
26 |   scheme             = "http"
27 | #  tls_ca_file        = "/etc/ssl/certs/ca.pem"
28 |   token = "50792521-8362-f878-5a32-7405f1783899"
29 |   path               = "vault/"
30 | # disable_clustering = "${disable_clustering}"
31 | # service_tags       = "${service_tags}"
32 | # service_address    = "vault01-service"
33 | }
34 | 
35 | # -----------------------------------------------------------------------
36 | # Optional cloud seal configuration
37 | # -----------------------------------------------------------------------
38 | 
39 | # GCPKMS
40 | 
41 | # -----------------------------------------------------------------------
42 | # Enable Prometheus metrics by default
43 | # -----------------------------------------------------------------------
44 | 
45 | telemetry {
46 |   prometheus_retention_time = "30s"
47 |   disable_hostname          = false
48 | }


--------------------------------------------------------------------------------
/dr/vault/config/vault02.hcl:
--------------------------------------------------------------------------------
 1 | # Vault OSS v1.2.3
 2 | 
 3 | # -----------------------------------------------------------------------
 4 | # Global configuration
 5 | # set via env variables
 6 | # -----------------------------------------------------------------------
 7 | 
 8 | # -----------------------------------------------------------------------
 9 | # Listener configuration
10 | # -----------------------------------------------------------------------
11 | 
12 | listener "tcp" {
13 |   address       = "0.0.0.0:8200"
14 |   tls_disable  = "true"
15 | #   #tls_cert_file = "/etc/ssl/certs/vault-server.crt"
16 | #   #tls_key_file  = "/etc/ssl/vault-server.key"
17 | }
18 | ui = "true"
19 | cluster_address = "0.0.0.0:8201"
20 | cluster_name = "dr"
21 | # -----------------------------------------------------------------------
22 | # Storage configuration
23 | # -----------------------------------------------------------------------
24 | storage "consul" {
25 |   address            = "dr_consul_agent_2_1:8500"
26 |   scheme             = "http"
27 | #  tls_ca_file        = "/etc/ssl/certs/ca.pem"
28 |   token = "50792521-8362-f878-5a32-7405f1783899"
29 |   path               = "vault/"
30 | # disable_clustering = "${disable_clustering}"
31 | # service_tags       = "${service_tags}"
32 | # service_address    = "vault01-service"
33 | }
34 | 
35 | # -----------------------------------------------------------------------
36 | # Optional cloud seal configuration
37 | # -----------------------------------------------------------------------
38 | 
39 | # GCPKMS
40 | 
41 | # -----------------------------------------------------------------------
42 | # Enable Prometheus metrics by default
43 | # -----------------------------------------------------------------------
44 | 
45 | telemetry {
46 |   prometheus_retention_time = "30s"
47 |   disable_hostname          = false
48 | }


--------------------------------------------------------------------------------
/dr/vault/config/vault03.hcl:
--------------------------------------------------------------------------------
 1 | # Vault OSS v1.2.3
 2 | 
 3 | # -----------------------------------------------------------------------
 4 | # Global configuration
 5 | # set via env variables
 6 | # -----------------------------------------------------------------------
 7 | 
 8 | # -----------------------------------------------------------------------
 9 | # Listener configuration
10 | # -----------------------------------------------------------------------
11 | 
12 | listener "tcp" {
13 |   address       = "0.0.0.0:8200"
14 |   tls_disable  = "true"
15 | #   #tls_cert_file = "/etc/ssl/certs/vault-server.crt"
16 | #   #tls_key_file  = "/etc/ssl/vault-server.key"
17 | }
18 | ui = "true"
19 | cluster_address = "0.0.0.0:8201"
20 | cluster_name = "dr"
21 | # -----------------------------------------------------------------------
22 | # Storage configuration
23 | # -----------------------------------------------------------------------
24 | storage "consul" {
25 |   address            = "dr_consul_agent_1_1:8500"
26 |   scheme             = "http"
27 | #  tls_ca_file        = "/etc/ssl/certs/ca.pem"
28 |   token = "50792521-8362-f878-5a32-7405f1783899"
29 |   path               = "vault/"
30 | # disable_clustering = "${disable_clustering}"
31 | # service_tags       = "${service_tags}"
32 | # service_address    = "vault01-service"
33 | }
34 | 
35 | # -----------------------------------------------------------------------
36 | # Optional cloud seal configuration
37 | # -----------------------------------------------------------------------
38 | 
39 | # GCPKMS
40 | 
41 | # -----------------------------------------------------------------------
42 | # Enable Prometheus metrics by default
43 | # -----------------------------------------------------------------------
44 | 
45 | telemetry {
46 |   prometheus_retention_time = "30s"
47 |   disable_hostname          = false
48 | }


--------------------------------------------------------------------------------
/grafana/config.monitoring:
--------------------------------------------------------------------------------
1 | GF_SECURITY_ADMIN_PASSWORD=foobar
2 | GF_USERS_ALLOW_SIGN_UP=false
3 | 


--------------------------------------------------------------------------------
/grafana/provisioning/dashboards/Docker Prometheus Monitoring-1571332751387.json:
--------------------------------------------------------------------------------
   1 | {
   2 |   "annotations": {
   3 |     "list": [
   4 |       {
   5 |         "builtIn": 1,
   6 |         "datasource": "-- Grafana --",
   7 |         "enable": true,
   8 |         "hide": true,
   9 |         "iconColor": "rgba(0, 211, 255, 1)",
  10 |         "name": "Annotations & Alerts",
  11 |         "type": "dashboard"
  12 |       }
  13 |     ]
  14 |   },
  15 |   "description": "Docker Monitoring Template",
  16 |   "editable": true,
  17 |   "gnetId": 179,
  18 |   "graphTooltip": 1,
  19 |   "id": 1,
  20 |   "iteration": 1571330223815,
  21 |   "links": [],
  22 |   "panels": [
  23 |     {
  24 |       "collapsed": false,
  25 |       "datasource": null,
  26 |       "gridPos": {
  27 |         "h": 1,
  28 |         "w": 24,
  29 |         "x": 0,
  30 |         "y": 0
  31 |       },
  32 |       "id": 17,
  33 |       "panels": [],
  34 |       "title": "Host Info",
  35 |       "type": "row"
  36 |     },
  37 |     {
  38 |       "cacheTimeout": null,
  39 |       "colorBackground": false,
  40 |       "colorValue": false,
  41 |       "colors": [
  42 |         "#299c46",
  43 |         "rgba(237, 129, 40, 0.89)",
  44 |         "#d44a3a"
  45 |       ],
  46 |       "datasource": "Prometheus",
  47 |       "decimals": null,
  48 |       "format": "s",
  49 |       "gauge": {
  50 |         "maxValue": 100,
  51 |         "minValue": 0,
  52 |         "show": false,
  53 |         "thresholdLabels": false,
  54 |         "thresholdMarkers": true
  55 |       },
  56 |       "gridPos": {
  57 |         "h": 7,
  58 |         "w": 3,
  59 |         "x": 0,
  60 |         "y": 1
  61 |       },
  62 |       "id": 15,
  63 |       "interval": null,
  64 |       "links": [],
  65 |       "mappingType": 1,
  66 |       "mappingTypes": [
  67 |         {
  68 |           "name": "value to text",
  69 |           "value": 1
  70 |         },
  71 |         {
  72 |           "name": "range to text",
  73 |           "value": 2
  74 |         }
  75 |       ],
  76 |       "maxDataPoints": 100,
  77 |       "nullPointMode": "connected",
  78 |       "nullText": null,
  79 |       "options": {},
  80 |       "postfix": "",
  81 |       "postfixFontSize": "50%",
  82 |       "prefix": "",
  83 |       "prefixFontSize": "50%",
  84 |       "rangeMaps": [
  85 |         {
  86 |           "from": "null",
  87 |           "text": "N/A",
  88 |           "to": "null"
  89 |         }
  90 |       ],
  91 |       "sparkline": {
  92 |         "fillColor": "rgba(31, 118, 189, 0.18)",
  93 |         "full": false,
  94 |         "lineColor": "rgb(31, 120, 193)",
  95 |         "show": false
  96 |       },
  97 |       "tableColumn": "",
  98 |       "targets": [
  99 |         {
 100 |           "expr": "time() - process_start_time_seconds{job=\"prometheus\"}",
 101 |           "format": "time_series",
 102 |           "intervalFactor": 1,
 103 |           "refId": "A"
 104 |         }
 105 |       ],
 106 |       "thresholds": "",
 107 |       "title": "Uptime",
 108 |       "type": "singlestat",
 109 |       "valueFontSize": "80%",
 110 |       "valueMaps": [
 111 |         {
 112 |           "op": "=",
 113 |           "text": "N/A",
 114 |           "value": "null"
 115 |         }
 116 |       ],
 117 |       "valueName": "current"
 118 |     },
 119 |     {
 120 |       "cacheTimeout": null,
 121 |       "colorBackground": false,
 122 |       "colorValue": false,
 123 |       "colors": [
 124 |         "#299c46",
 125 |         "rgba(237, 129, 40, 0.89)",
 126 |         "#d44a3a"
 127 |       ],
 128 |       "datasource": "Prometheus",
 129 |       "format": "short",
 130 |       "gauge": {
 131 |         "maxValue": 100,
 132 |         "minValue": 0,
 133 |         "show": false,
 134 |         "thresholdLabels": false,
 135 |         "thresholdMarkers": true
 136 |       },
 137 |       "gridPos": {
 138 |         "h": 4,
 139 |         "w": 3,
 140 |         "x": 3,
 141 |         "y": 1
 142 |       },
 143 |       "id": 35,
 144 |       "interval": null,
 145 |       "links": [],
 146 |       "mappingType": 1,
 147 |       "mappingTypes": [
 148 |         {
 149 |           "name": "value to text",
 150 |           "value": 1
 151 |         },
 152 |         {
 153 |           "name": "range to text",
 154 |           "value": 2
 155 |         }
 156 |       ],
 157 |       "maxDataPoints": 100,
 158 |       "nullPointMode": "connected",
 159 |       "nullText": null,
 160 |       "options": {},
 161 |       "postfix": "",
 162 |       "postfixFontSize": "50%",
 163 |       "prefix": "",
 164 |       "prefixFontSize": "50%",
 165 |       "rangeMaps": [
 166 |         {
 167 |           "from": "null",
 168 |           "text": "N/A",
 169 |           "to": "null"
 170 |         }
 171 |       ],
 172 |       "sparkline": {
 173 |         "fillColor": "rgba(31, 118, 189, 0.18)",
 174 |         "full": false,
 175 |         "lineColor": "rgb(31, 120, 193)",
 176 |         "show": false,
 177 |         "ymax": null,
 178 |         "ymin": null
 179 |       },
 180 |       "tableColumn": "",
 181 |       "targets": [
 182 |         {
 183 |           "expr": "count(count(node_cpu_seconds_total{instance=~\"$node\", mode='system'}) by (cpu))",
 184 |           "instant": true,
 185 |           "refId": "A"
 186 |         }
 187 |       ],
 188 |       "thresholds": "",
 189 |       "timeFrom": null,
 190 |       "timeShift": null,
 191 |       "title": "CPU Cores",
 192 |       "type": "singlestat",
 193 |       "valueFontSize": "80%",
 194 |       "valueMaps": [
 195 |         {
 196 |           "op": "=",
 197 |           "text": "N/A",
 198 |           "value": "null"
 199 |         }
 200 |       ],
 201 |       "valueName": "current"
 202 |     },
 203 |     {
 204 |       "cacheTimeout": null,
 205 |       "colorBackground": true,
 206 |       "colorValue": false,
 207 |       "colors": [
 208 |         "#299c46",
 209 |         "rgba(237, 129, 40, 0.89)",
 210 |         "#d44a3a"
 211 |       ],
 212 |       "datasource": "Prometheus",
 213 |       "format": "none",
 214 |       "gauge": {
 215 |         "maxValue": 100,
 216 |         "minValue": 0,
 217 |         "show": false,
 218 |         "thresholdLabels": false,
 219 |         "thresholdMarkers": true
 220 |       },
 221 |       "gridPos": {
 222 |         "h": 7,
 223 |         "w": 5,
 224 |         "x": 6,
 225 |         "y": 1
 226 |       },
 227 |       "id": 13,
 228 |       "interval": null,
 229 |       "links": [],
 230 |       "mappingType": 1,
 231 |       "mappingTypes": [
 232 |         {
 233 |           "name": "value to text",
 234 |           "value": 1
 235 |         },
 236 |         {
 237 |           "name": "range to text",
 238 |           "value": 2
 239 |         }
 240 |       ],
 241 |       "maxDataPoints": 100,
 242 |       "nullPointMode": "connected",
 243 |       "nullText": null,
 244 |       "options": {},
 245 |       "postfix": "",
 246 |       "postfixFontSize": "50%",
 247 |       "prefix": "",
 248 |       "prefixFontSize": "50%",
 249 |       "rangeMaps": [
 250 |         {
 251 |           "from": "null",
 252 |           "text": "N/A",
 253 |           "to": "null"
 254 |         }
 255 |       ],
 256 |       "sparkline": {
 257 |         "fillColor": "rgba(31, 118, 189, 0.18)",
 258 |         "full": false,
 259 |         "lineColor": "rgb(31, 120, 193)",
 260 |         "show": false
 261 |       },
 262 |       "tableColumn": "",
 263 |       "targets": [
 264 |         {
 265 |           "expr": "sum(ALERTS)",
 266 |           "format": "time_series",
 267 |           "intervalFactor": 1,
 268 |           "refId": "A"
 269 |         }
 270 |       ],
 271 |       "thresholds": "0,1",
 272 |       "title": "Alerts",
 273 |       "type": "singlestat",
 274 |       "valueFontSize": "80%",
 275 |       "valueMaps": [
 276 |         {
 277 |           "op": "=",
 278 |           "text": "N/A",
 279 |           "value": "0"
 280 |         }
 281 |       ],
 282 |       "valueName": "avg"
 283 |     },
 284 |     {
 285 |       "cacheTimeout": null,
 286 |       "colorBackground": true,
 287 |       "colorValue": false,
 288 |       "colors": [
 289 |         "#d44a3a",
 290 |         "rgba(237, 129, 40, 0.89)",
 291 |         "#299c46"
 292 |       ],
 293 |       "datasource": "Prometheus",
 294 |       "format": "none",
 295 |       "gauge": {
 296 |         "maxValue": 100,
 297 |         "minValue": 0,
 298 |         "show": false,
 299 |         "thresholdLabels": false,
 300 |         "thresholdMarkers": true
 301 |       },
 302 |       "gridPos": {
 303 |         "h": 7,
 304 |         "w": 4,
 305 |         "x": 11,
 306 |         "y": 1
 307 |       },
 308 |       "id": 11,
 309 |       "interval": null,
 310 |       "links": [],
 311 |       "mappingType": 1,
 312 |       "mappingTypes": [
 313 |         {
 314 |           "name": "value to text",
 315 |           "value": 1
 316 |         },
 317 |         {
 318 |           "name": "range to text",
 319 |           "value": 2
 320 |         }
 321 |       ],
 322 |       "maxDataPoints": 100,
 323 |       "nullPointMode": "connected",
 324 |       "nullText": null,
 325 |       "options": {},
 326 |       "postfix": "",
 327 |       "postfixFontSize": "50%",
 328 |       "prefix": "",
 329 |       "prefixFontSize": "50%",
 330 |       "rangeMaps": [
 331 |         {
 332 |           "from": "null",
 333 |           "text": "N/A",
 334 |           "to": "null"
 335 |         }
 336 |       ],
 337 |       "sparkline": {
 338 |         "fillColor": "rgba(31, 118, 189, 0.18)",
 339 |         "full": false,
 340 |         "lineColor": "rgb(31, 120, 193)",
 341 |         "show": false
 342 |       },
 343 |       "tableColumn": "",
 344 |       "targets": [
 345 |         {
 346 |           "expr": "sum(up)",
 347 |           "format": "time_series",
 348 |           "intervalFactor": 1,
 349 |           "refId": "A"
 350 |         }
 351 |       ],
 352 |       "thresholds": "0,1",
 353 |       "title": "Targets Online",
 354 |       "type": "singlestat",
 355 |       "valueFontSize": "80%",
 356 |       "valueMaps": [
 357 |         {
 358 |           "op": "=",
 359 |           "text": "N/A",
 360 |           "value": "null"
 361 |         }
 362 |       ],
 363 |       "valueName": "current"
 364 |     },
 365 |     {
 366 |       "cacheTimeout": null,
 367 |       "colorBackground": false,
 368 |       "colorValue": false,
 369 |       "colors": [
 370 |         "#d44a3a",
 371 |         "rgba(237, 129, 40, 0.89)",
 372 |         "#299c46"
 373 |       ],
 374 |       "datasource": "Prometheus",
 375 |       "format": "none",
 376 |       "gauge": {
 377 |         "maxValue": 100,
 378 |         "minValue": 0,
 379 |         "show": false,
 380 |         "thresholdLabels": false,
 381 |         "thresholdMarkers": true
 382 |       },
 383 |       "gridPos": {
 384 |         "h": 7,
 385 |         "w": 4,
 386 |         "x": 15,
 387 |         "y": 1
 388 |       },
 389 |       "id": 31,
 390 |       "interval": null,
 391 |       "links": [],
 392 |       "mappingType": 1,
 393 |       "mappingTypes": [
 394 |         {
 395 |           "name": "value to text",
 396 |           "value": 1
 397 |         },
 398 |         {
 399 |           "name": "range to text",
 400 |           "value": 2
 401 |         }
 402 |       ],
 403 |       "maxDataPoints": 100,
 404 |       "nullPointMode": "connected",
 405 |       "nullText": null,
 406 |       "options": {},
 407 |       "postfix": "",
 408 |       "postfixFontSize": "50%",
 409 |       "prefix": "",
 410 |       "prefixFontSize": "50%",
 411 |       "rangeMaps": [
 412 |         {
 413 |           "from": "null",
 414 |           "text": "N/A",
 415 |           "to": "null"
 416 |         }
 417 |       ],
 418 |       "sparkline": {
 419 |         "fillColor": "rgba(31, 118, 189, 0.18)",
 420 |         "full": false,
 421 |         "lineColor": "rgb(31, 120, 193)",
 422 |         "show": true
 423 |       },
 424 |       "tableColumn": "",
 425 |       "targets": [
 426 |         {
 427 |           "expr": "count(rate(container_last_seen{job=\"cadvisor\", name!=\"\"}[5m]))",
 428 |           "format": "time_series",
 429 |           "intervalFactor": 1,
 430 |           "refId": "A"
 431 |         }
 432 |       ],
 433 |       "thresholds": "0,1",
 434 |       "title": "Running Containers",
 435 |       "type": "singlestat",
 436 |       "valueFontSize": "80%",
 437 |       "valueMaps": [
 438 |         {
 439 |           "op": "=",
 440 |           "text": "N/A",
 441 |           "value": "null"
 442 |         }
 443 |       ],
 444 |       "valueName": "current"
 445 |     },
 446 |     {
 447 |       "cacheTimeout": null,
 448 |       "colorBackground": false,
 449 |       "colorValue": false,
 450 |       "colors": [
 451 |         "#299c46",
 452 |         "rgba(237, 129, 40, 0.89)",
 453 |         "#d44a3a"
 454 |       ],
 455 |       "datasource": null,
 456 |       "decimals": null,
 457 |       "format": "decbytes",
 458 |       "gauge": {
 459 |         "maxValue": 100,
 460 |         "minValue": 0,
 461 |         "show": false,
 462 |         "thresholdLabels": false,
 463 |         "thresholdMarkers": true
 464 |       },
 465 |       "gridPos": {
 466 |         "h": 3,
 467 |         "w": 3,
 468 |         "x": 3,
 469 |         "y": 5
 470 |       },
 471 |       "id": 37,
 472 |       "interval": null,
 473 |       "links": [],
 474 |       "mappingType": 1,
 475 |       "mappingTypes": [
 476 |         {
 477 |           "name": "value to text",
 478 |           "value": 1
 479 |         },
 480 |         {
 481 |           "name": "range to text",
 482 |           "value": 2
 483 |         }
 484 |       ],
 485 |       "maxDataPoints": 100,
 486 |       "nullPointMode": "connected",
 487 |       "nullText": null,
 488 |       "options": {},
 489 |       "postfix": "",
 490 |       "postfixFontSize": "50%",
 491 |       "prefix": "",
 492 |       "prefixFontSize": "50%",
 493 |       "rangeMaps": [
 494 |         {
 495 |           "from": "null",
 496 |           "text": "N/A",
 497 |           "to": "null"
 498 |         }
 499 |       ],
 500 |       "sparkline": {
 501 |         "fillColor": "rgba(31, 118, 189, 0.18)",
 502 |         "full": false,
 503 |         "lineColor": "rgb(31, 120, 193)",
 504 |         "show": false,
 505 |         "ymax": null,
 506 |         "ymin": null
 507 |       },
 508 |       "tableColumn": "",
 509 |       "targets": [
 510 |         {
 511 |           "expr": "node_memory_MemTotal_bytes{instance=~\"$node\"}",
 512 |           "refId": "A"
 513 |         }
 514 |       ],
 515 |       "thresholds": "",
 516 |       "timeFrom": null,
 517 |       "timeShift": null,
 518 |       "title": "Host Memory",
 519 |       "type": "singlestat",
 520 |       "valueFontSize": "80%",
 521 |       "valueMaps": [
 522 |         {
 523 |           "op": "=",
 524 |           "text": "N/A",
 525 |           "value": "null"
 526 |         }
 527 |       ],
 528 |       "valueName": "current"
 529 |     },
 530 |     {
 531 |       "cacheTimeout": null,
 532 |       "colorBackground": false,
 533 |       "colorValue": false,
 534 |       "colors": [
 535 |         "rgba(50, 172, 45, 0.97)",
 536 |         "rgba(237, 129, 40, 0.89)",
 537 |         "rgba(245, 54, 54, 0.9)"
 538 |       ],
 539 |       "datasource": "Prometheus",
 540 |       "editable": true,
 541 |       "error": false,
 542 |       "format": "percent",
 543 |       "gauge": {
 544 |         "maxValue": 100,
 545 |         "minValue": 0,
 546 |         "show": true,
 547 |         "thresholdLabels": false,
 548 |         "thresholdMarkers": true
 549 |       },
 550 |       "gridPos": {
 551 |         "h": 6,
 552 |         "w": 6,
 553 |         "x": 0,
 554 |         "y": 8
 555 |       },
 556 |       "id": 4,
 557 |       "interval": null,
 558 |       "isNew": true,
 559 |       "links": [],
 560 |       "mappingType": 1,
 561 |       "mappingTypes": [
 562 |         {
 563 |           "name": "value to text",
 564 |           "value": 1
 565 |         },
 566 |         {
 567 |           "name": "range to text",
 568 |           "value": 2
 569 |         }
 570 |       ],
 571 |       "maxDataPoints": 100,
 572 |       "nullPointMode": "connected",
 573 |       "nullText": null,
 574 |       "options": {},
 575 |       "postfix": "",
 576 |       "postfixFontSize": "50%",
 577 |       "prefix": "",
 578 |       "prefixFontSize": "50%",
 579 |       "rangeMaps": [
 580 |         {
 581 |           "from": "null",
 582 |           "text": "N/A",
 583 |           "to": "null"
 584 |         }
 585 |       ],
 586 |       "sparkline": {
 587 |         "fillColor": "rgba(31, 118, 189, 0.18)",
 588 |         "full": false,
 589 |         "lineColor": "rgb(31, 120, 193)",
 590 |         "show": false
 591 |       },
 592 |       "tableColumn": "",
 593 |       "targets": [
 594 |         {
 595 |           "expr": "(sum(node_memory_MemTotal_bytes) - sum(node_memory_MemFree_bytes +node_memory_Buffers_bytes + node_memory_Cached_bytes) ) / sum(node_memory_MemTotal_bytes) * 100",
 596 |           "format": "time_series",
 597 |           "interval": "10s",
 598 |           "intervalFactor": 1,
 599 |           "refId": "A",
 600 |           "step": 10
 601 |         }
 602 |       ],
 603 |       "thresholds": "65, 90",
 604 |       "title": "Memory usage",
 605 |       "type": "singlestat",
 606 |       "valueFontSize": "80%",
 607 |       "valueMaps": [
 608 |         {
 609 |           "op": "=",
 610 |           "text": "N/A",
 611 |           "value": "null"
 612 |         }
 613 |       ],
 614 |       "valueName": "current"
 615 |     },
 616 |     {
 617 |       "cacheTimeout": null,
 618 |       "colorBackground": false,
 619 |       "colorValue": false,
 620 |       "colors": [
 621 |         "rgba(50, 172, 45, 0.97)",
 622 |         "rgba(237, 129, 40, 0.89)",
 623 |         "rgba(245, 54, 54, 0.9)"
 624 |       ],
 625 |       "datasource": "Prometheus",
 626 |       "decimals": 2,
 627 |       "editable": true,
 628 |       "error": false,
 629 |       "format": "percent",
 630 |       "gauge": {
 631 |         "maxValue": 100,
 632 |         "minValue": 0,
 633 |         "show": true,
 634 |         "thresholdLabels": false,
 635 |         "thresholdMarkers": true
 636 |       },
 637 |       "gridPos": {
 638 |         "h": 6,
 639 |         "w": 6,
 640 |         "x": 6,
 641 |         "y": 8
 642 |       },
 643 |       "id": 6,
 644 |       "interval": null,
 645 |       "isNew": true,
 646 |       "links": [],
 647 |       "mappingType": 1,
 648 |       "mappingTypes": [
 649 |         {
 650 |           "name": "value to text",
 651 |           "value": 1
 652 |         },
 653 |         {
 654 |           "name": "range to text",
 655 |           "value": 2
 656 |         }
 657 |       ],
 658 |       "maxDataPoints": 100,
 659 |       "nullPointMode": "connected",
 660 |       "nullText": null,
 661 |       "options": {},
 662 |       "postfix": "",
 663 |       "postfixFontSize": "50%",
 664 |       "prefix": "",
 665 |       "prefixFontSize": "50%",
 666 |       "rangeMaps": [
 667 |         {
 668 |           "from": "null",
 669 |           "text": "N/A",
 670 |           "to": "null"
 671 |         }
 672 |       ],
 673 |       "sparkline": {
 674 |         "fillColor": "rgba(31, 118, 189, 0.18)",
 675 |         "full": false,
 676 |         "lineColor": "rgb(31, 120, 193)",
 677 |         "show": false
 678 |       },
 679 |       "tableColumn": "",
 680 |       "targets": [
 681 |         {
 682 |           "expr": "100 - (avg(irate(node_cpu_seconds_total{instance=~\"$node\",mode=\"idle\"}[5m])) * 100)",
 683 |           "format": "time_series",
 684 |           "interval": "1m",
 685 |           "intervalFactor": 1,
 686 |           "legendFormat": "",
 687 |           "refId": "A",
 688 |           "step": 10
 689 |         }
 690 |       ],
 691 |       "thresholds": "65, 90",
 692 |       "title": "CPU usage",
 693 |       "type": "singlestat",
 694 |       "valueFontSize": "80%",
 695 |       "valueMaps": [
 696 |         {
 697 |           "op": "=",
 698 |           "text": "N/A",
 699 |           "value": "null"
 700 |         }
 701 |       ],
 702 |       "valueName": "current"
 703 |     },
 704 |     {
 705 |       "cacheTimeout": null,
 706 |       "colorBackground": false,
 707 |       "colorValue": false,
 708 |       "colors": [
 709 |         "rgba(50, 172, 45, 0.97)",
 710 |         "rgba(237, 129, 40, 0.89)",
 711 |         "rgba(245, 54, 54, 0.9)"
 712 |       ],
 713 |       "datasource": "Prometheus",
 714 |       "decimals": 2,
 715 |       "editable": true,
 716 |       "error": false,
 717 |       "format": "percent",
 718 |       "gauge": {
 719 |         "maxValue": 100,
 720 |         "minValue": 0,
 721 |         "show": true,
 722 |         "thresholdLabels": false,
 723 |         "thresholdMarkers": true
 724 |       },
 725 |       "gridPos": {
 726 |         "h": 6,
 727 |         "w": 7,
 728 |         "x": 12,
 729 |         "y": 8
 730 |       },
 731 |       "id": 7,
 732 |       "interval": null,
 733 |       "isNew": true,
 734 |       "links": [],
 735 |       "mappingType": 1,
 736 |       "mappingTypes": [
 737 |         {
 738 |           "name": "value to text",
 739 |           "value": 1
 740 |         },
 741 |         {
 742 |           "name": "range to text",
 743 |           "value": 2
 744 |         }
 745 |       ],
 746 |       "maxDataPoints": 100,
 747 |       "nullPointMode": "connected",
 748 |       "nullText": null,
 749 |       "options": {},
 750 |       "postfix": "",
 751 |       "postfixFontSize": "50%",
 752 |       "prefix": "",
 753 |       "prefixFontSize": "50%",
 754 |       "rangeMaps": [
 755 |         {
 756 |           "from": "null",
 757 |           "text": "N/A",
 758 |           "to": "null"
 759 |         }
 760 |       ],
 761 |       "sparkline": {
 762 |         "fillColor": "rgba(31, 118, 189, 0.18)",
 763 |         "full": false,
 764 |         "lineColor": "rgb(31, 120, 193)",
 765 |         "show": false
 766 |       },
 767 |       "tableColumn": "",
 768 |       "targets": [
 769 |         {
 770 |           "expr": "avg( node_filesystem_avail_bytes {mountpoint=\"/\"} / node_filesystem_size_bytes{mountpoint=\"/\"})",
 771 |           "interval": "10s",
 772 |           "intervalFactor": 1,
 773 |           "metric": "",
 774 |           "refId": "A",
 775 |           "step": 10
 776 |         }
 777 |       ],
 778 |       "thresholds": "65, 90",
 779 |       "title": "Filesystem usage",
 780 |       "type": "singlestat",
 781 |       "valueFontSize": "80%",
 782 |       "valueMaps": [
 783 |         {
 784 |           "op": "=",
 785 |           "text": "N/A",
 786 |           "value": "null"
 787 |         }
 788 |       ],
 789 |       "valueName": "current"
 790 |     },
 791 |     {
 792 |       "aliasColors": {
 793 |         "RECEIVE": "#ea6460",
 794 |         "SENT": "#1f78c1",
 795 |         "TRANSMIT": "#1f78c1"
 796 |       },
 797 |       "bars": false,
 798 |       "dashLength": 10,
 799 |       "dashes": false,
 800 |       "datasource": "Prometheus",
 801 |       "fill": 4,
 802 |       "fillGradient": 0,
 803 |       "gridPos": {
 804 |         "h": 9,
 805 |         "w": 6,
 806 |         "x": 0,
 807 |         "y": 14
 808 |       },
 809 |       "id": 25,
 810 |       "legend": {
 811 |         "avg": false,
 812 |         "current": false,
 813 |         "max": false,
 814 |         "min": false,
 815 |         "show": true,
 816 |         "total": false,
 817 |         "values": false
 818 |       },
 819 |       "lines": true,
 820 |       "linewidth": 1,
 821 |       "links": [],
 822 |       "nullPointMode": "null",
 823 |       "options": {
 824 |         "dataLinks": []
 825 |       },
 826 |       "percentage": false,
 827 |       "pointradius": 5,
 828 |       "points": false,
 829 |       "renderer": "flot",
 830 |       "seriesOverrides": [],
 831 |       "spaceLength": 10,
 832 |       "stack": false,
 833 |       "steppedLine": false,
 834 |       "targets": [
 835 |         {
 836 |           "expr": "sum(rate(container_network_receive_bytes_total{id=\"/\"}[$interval])) by (id)",
 837 |           "format": "time_series",
 838 |           "interval": "2m",
 839 |           "intervalFactor": 2,
 840 |           "legendFormat": "RECEIVE",
 841 |           "refId": "A"
 842 |         },
 843 |         {
 844 |           "expr": "- sum(rate(container_network_transmit_bytes_total{id=\"/\"}[$interval])) by (id)",
 845 |           "format": "time_series",
 846 |           "interval": "2m",
 847 |           "intervalFactor": 2,
 848 |           "legendFormat": "TRANSMIT",
 849 |           "refId": "B"
 850 |         }
 851 |       ],
 852 |       "thresholds": [],
 853 |       "timeFrom": null,
 854 |       "timeRegions": [],
 855 |       "timeShift": null,
 856 |       "title": "Node Network Traffic",
 857 |       "tooltip": {
 858 |         "shared": true,
 859 |         "sort": 0,
 860 |         "value_type": "cumulative"
 861 |       },
 862 |       "type": "graph",
 863 |       "xaxis": {
 864 |         "buckets": null,
 865 |         "mode": "time",
 866 |         "name": null,
 867 |         "show": true,
 868 |         "values": []
 869 |       },
 870 |       "yaxes": [
 871 |         {
 872 |           "format": "Bps",
 873 |           "label": null,
 874 |           "logBase": 1,
 875 |           "max": null,
 876 |           "min": null,
 877 |           "show": true
 878 |         },
 879 |         {
 880 |           "format": "s",
 881 |           "label": null,
 882 |           "logBase": 1,
 883 |           "max": null,
 884 |           "min": null,
 885 |           "show": true
 886 |         }
 887 |       ],
 888 |       "yaxis": {
 889 |         "align": false,
 890 |         "alignLevel": null
 891 |       }
 892 |     },
 893 |     {
 894 |       "aliasColors": {
 895 |         "Available Memory": "#508642",
 896 |         "Used Memory": "#bf1b00"
 897 |       },
 898 |       "bars": false,
 899 |       "dashLength": 10,
 900 |       "dashes": false,
 901 |       "datasource": "Prometheus",
 902 |       "fill": 3,
 903 |       "fillGradient": 0,
 904 |       "gridPos": {
 905 |         "h": 9,
 906 |         "w": 6,
 907 |         "x": 6,
 908 |         "y": 14
 909 |       },
 910 |       "id": 27,
 911 |       "legend": {
 912 |         "avg": false,
 913 |         "current": false,
 914 |         "max": false,
 915 |         "min": false,
 916 |         "show": true,
 917 |         "total": false,
 918 |         "values": false
 919 |       },
 920 |       "lines": true,
 921 |       "linewidth": 1,
 922 |       "links": [],
 923 |       "nullPointMode": "null",
 924 |       "options": {
 925 |         "dataLinks": []
 926 |       },
 927 |       "percentage": false,
 928 |       "pointradius": 5,
 929 |       "points": false,
 930 |       "renderer": "flot",
 931 |       "seriesOverrides": [],
 932 |       "spaceLength": 10,
 933 |       "stack": true,
 934 |       "steppedLine": false,
 935 |       "targets": [
 936 |         {
 937 |           "expr": "sum(node_memory_MemTotal_bytes) - sum(node_memory_MemAvailable_bytes)",
 938 |           "format": "time_series",
 939 |           "interval": "2m",
 940 |           "intervalFactor": 2,
 941 |           "legendFormat": "Used Memory",
 942 |           "refId": "B"
 943 |         },
 944 |         {
 945 |           "expr": "sum(node_memory_MemAvailable_bytes)",
 946 |           "format": "time_series",
 947 |           "interval": "2m",
 948 |           "intervalFactor": 2,
 949 |           "legendFormat": "Available Memory",
 950 |           "refId": "A"
 951 |         }
 952 |       ],
 953 |       "thresholds": [],
 954 |       "timeFrom": null,
 955 |       "timeRegions": [],
 956 |       "timeShift": null,
 957 |       "title": "Node Mermory",
 958 |       "tooltip": {
 959 |         "shared": true,
 960 |         "sort": 0,
 961 |         "value_type": "individual"
 962 |       },
 963 |       "type": "graph",
 964 |       "xaxis": {
 965 |         "buckets": null,
 966 |         "mode": "time",
 967 |         "name": null,
 968 |         "show": true,
 969 |         "values": []
 970 |       },
 971 |       "yaxes": [
 972 |         {
 973 |           "format": "decbytes",
 974 |           "label": null,
 975 |           "logBase": 1,
 976 |           "max": null,
 977 |           "min": null,
 978 |           "show": true
 979 |         },
 980 |         {
 981 |           "format": "s",
 982 |           "label": null,
 983 |           "logBase": 1,
 984 |           "max": null,
 985 |           "min": null,
 986 |           "show": true
 987 |         }
 988 |       ],
 989 |       "yaxis": {
 990 |         "align": false,
 991 |         "alignLevel": null
 992 |       }
 993 |     },
 994 |     {
 995 |       "aliasColors": {
 996 |         "Available Memory": "#508642",
 997 |         "Free Storage": "#447ebc",
 998 |         "Total Storage Available": "#508642",
 999 |         "Used Memory": "#bf1b00",
1000 |         "Used Storage": "#bf1b00"
1001 |       },
1002 |       "bars": false,
1003 |       "dashLength": 10,
1004 |       "dashes": false,
1005 |       "datasource": "Prometheus",
1006 |       "fill": 3,
1007 |       "fillGradient": 0,
1008 |       "gridPos": {
1009 |         "h": 9,
1010 |         "w": 7,
1011 |         "x": 12,
1012 |         "y": 14
1013 |       },
1014 |       "id": 28,
1015 |       "legend": {
1016 |         "avg": false,
1017 |         "current": false,
1018 |         "max": false,
1019 |         "min": false,
1020 |         "show": true,
1021 |         "total": false,
1022 |         "values": false
1023 |       },
1024 |       "lines": true,
1025 |       "linewidth": 1,
1026 |       "links": [],
1027 |       "nullPointMode": "null",
1028 |       "options": {
1029 |         "dataLinks": []
1030 |       },
1031 |       "percentage": false,
1032 |       "pointradius": 5,
1033 |       "points": false,
1034 |       "renderer": "flot",
1035 |       "seriesOverrides": [],
1036 |       "spaceLength": 10,
1037 |       "stack": true,
1038 |       "steppedLine": false,
1039 |       "targets": [
1040 |         {
1041 |           "expr": "sum(node_filesystem_free_bytes {job=\"node-exporter\", instance=~\".*9100\", device=~\"/dev/.*\", mountpoint!=\"/var/lib/docker/aufs\"}) ",
1042 |           "format": "time_series",
1043 |           "interval": "2m",
1044 |           "intervalFactor": 2,
1045 |           "legendFormat": "Free Storage",
1046 |           "refId": "A"
1047 |         }
1048 |       ],
1049 |       "thresholds": [],
1050 |       "timeFrom": null,
1051 |       "timeRegions": [],
1052 |       "timeShift": null,
1053 |       "title": "Filesystem Available",
1054 |       "tooltip": {
1055 |         "shared": true,
1056 |         "sort": 0,
1057 |         "value_type": "individual"
1058 |       },
1059 |       "type": "graph",
1060 |       "xaxis": {
1061 |         "buckets": null,
1062 |         "mode": "time",
1063 |         "name": null,
1064 |         "show": true,
1065 |         "values": []
1066 |       },
1067 |       "yaxes": [
1068 |         {
1069 |           "decimals": null,
1070 |           "format": "decbytes",
1071 |           "label": null,
1072 |           "logBase": 1,
1073 |           "max": null,
1074 |           "min": null,
1075 |           "show": true
1076 |         },
1077 |         {
1078 |           "format": "s",
1079 |           "label": null,
1080 |           "logBase": 1,
1081 |           "max": null,
1082 |           "min": null,
1083 |           "show": true
1084 |         }
1085 |       ],
1086 |       "yaxis": {
1087 |         "align": false,
1088 |         "alignLevel": null
1089 |       }
1090 |     },
1091 |     {
1092 |       "collapsed": false,
1093 |       "datasource": null,
1094 |       "gridPos": {
1095 |         "h": 1,
1096 |         "w": 24,
1097 |         "x": 0,
1098 |         "y": 23
1099 |       },
1100 |       "id": 19,
1101 |       "panels": [],
1102 |       "repeat": null,
1103 |       "title": "Container Performance",
1104 |       "type": "row"
1105 |     },
1106 |     {
1107 |       "aliasColors": {},
1108 |       "bars": false,
1109 |       "dashLength": 10,
1110 |       "dashes": false,
1111 |       "datasource": "Prometheus",
1112 |       "decimals": 3,
1113 |       "editable": true,
1114 |       "error": false,
1115 |       "fill": 0,
1116 |       "fillGradient": 0,
1117 |       "grid": {},
1118 |       "gridPos": {
1119 |         "h": 10,
1120 |         "w": 6,
1121 |         "x": 0,
1122 |         "y": 24
1123 |       },
1124 |       "id": 3,
1125 |       "isNew": true,
1126 |       "legend": {
1127 |         "alignAsTable": true,
1128 |         "avg": true,
1129 |         "current": true,
1130 |         "max": false,
1131 |         "min": false,
1132 |         "rightSide": false,
1133 |         "show": true,
1134 |         "sort": "current",
1135 |         "sortDesc": true,
1136 |         "total": false,
1137 |         "values": true
1138 |       },
1139 |       "lines": true,
1140 |       "linewidth": 2,
1141 |       "links": [],
1142 |       "nullPointMode": "connected",
1143 |       "options": {
1144 |         "dataLinks": []
1145 |       },
1146 |       "percentage": false,
1147 |       "pointradius": 5,
1148 |       "points": false,
1149 |       "renderer": "flot",
1150 |       "seriesOverrides": [],
1151 |       "spaceLength": 10,
1152 |       "stack": false,
1153 |       "steppedLine": false,
1154 |       "targets": [
1155 |         {
1156 |           "expr": "sum(rate(container_cpu_usage_seconds_total{image!=\"\"}[1m])) by (id,name)",
1157 |           "format": "time_series",
1158 |           "interval": "10s",
1159 |           "intervalFactor": 1,
1160 |           "legendFormat": "{{ name }}",
1161 |           "metric": "container_cpu_user_seconds_total",
1162 |           "refId": "A",
1163 |           "step": 10
1164 |         }
1165 |       ],
1166 |       "thresholds": [],
1167 |       "timeFrom": null,
1168 |       "timeRegions": [],
1169 |       "timeShift": null,
1170 |       "title": "Container CPU usage",
1171 |       "tooltip": {
1172 |         "msResolution": true,
1173 |         "shared": true,
1174 |         "sort": 0,
1175 |         "value_type": "cumulative"
1176 |       },
1177 |       "type": "graph",
1178 |       "xaxis": {
1179 |         "buckets": null,
1180 |         "mode": "time",
1181 |         "name": null,
1182 |         "show": true,
1183 |         "values": []
1184 |       },
1185 |       "yaxes": [
1186 |         {
1187 |           "format": "percentunit",
1188 |           "label": null,
1189 |           "logBase": 1,
1190 |           "max": null,
1191 |           "min": null,
1192 |           "show": true
1193 |         },
1194 |         {
1195 |           "format": "short",
1196 |           "label": null,
1197 |           "logBase": 1,
1198 |           "max": null,
1199 |           "min": null,
1200 |           "show": true
1201 |         }
1202 |       ],
1203 |       "yaxis": {
1204 |         "align": false,
1205 |         "alignLevel": null
1206 |       }
1207 |     },
1208 |     {
1209 |       "aliasColors": {},
1210 |       "bars": false,
1211 |       "dashLength": 10,
1212 |       "dashes": false,
1213 |       "datasource": "Prometheus",
1214 |       "decimals": 2,
1215 |       "editable": true,
1216 |       "error": false,
1217 |       "fill": 0,
1218 |       "fillGradient": 0,
1219 |       "grid": {},
1220 |       "gridPos": {
1221 |         "h": 10,
1222 |         "w": 6,
1223 |         "x": 6,
1224 |         "y": 24
1225 |       },
1226 |       "id": 2,
1227 |       "isNew": true,
1228 |       "legend": {
1229 |         "alignAsTable": true,
1230 |         "avg": true,
1231 |         "current": true,
1232 |         "max": false,
1233 |         "min": false,
1234 |         "rightSide": false,
1235 |         "show": true,
1236 |         "sort": "current",
1237 |         "sortDesc": true,
1238 |         "total": false,
1239 |         "values": true
1240 |       },
1241 |       "lines": true,
1242 |       "linewidth": 2,
1243 |       "links": [],
1244 |       "nullPointMode": "connected",
1245 |       "options": {
1246 |         "dataLinks": []
1247 |       },
1248 |       "percentage": false,
1249 |       "pointradius": 5,
1250 |       "points": false,
1251 |       "renderer": "flot",
1252 |       "seriesOverrides": [],
1253 |       "spaceLength": 10,
1254 |       "stack": false,
1255 |       "steppedLine": false,
1256 |       "targets": [
1257 |         {
1258 |           "expr": "container_memory_max_usage_bytes{image!=\"\"}",
1259 |           "format": "time_series",
1260 |           "interval": "10s",
1261 |           "intervalFactor": 1,
1262 |           "legendFormat": "{{ name }}",
1263 |           "metric": "container_memory_usage:sort_desc",
1264 |           "refId": "A",
1265 |           "step": 10
1266 |         }
1267 |       ],
1268 |       "thresholds": [],
1269 |       "timeFrom": null,
1270 |       "timeRegions": [],
1271 |       "timeShift": null,
1272 |       "title": "Container Memory Usage",
1273 |       "tooltip": {
1274 |         "msResolution": false,
1275 |         "shared": true,
1276 |         "sort": 0,
1277 |         "value_type": "cumulative"
1278 |       },
1279 |       "type": "graph",
1280 |       "xaxis": {
1281 |         "buckets": null,
1282 |         "mode": "time",
1283 |         "name": null,
1284 |         "show": true,
1285 |         "values": []
1286 |       },
1287 |       "yaxes": [
1288 |         {
1289 |           "format": "bytes",
1290 |           "label": null,
1291 |           "logBase": 1,
1292 |           "max": null,
1293 |           "min": null,
1294 |           "show": true
1295 |         },
1296 |         {
1297 |           "format": "short",
1298 |           "label": null,
1299 |           "logBase": 1,
1300 |           "max": null,
1301 |           "min": null,
1302 |           "show": true
1303 |         }
1304 |       ],
1305 |       "yaxis": {
1306 |         "align": false,
1307 |         "alignLevel": null
1308 |       }
1309 |     },
1310 |     {
1311 |       "columns": [],
1312 |       "datasource": "Prometheus",
1313 |       "fontSize": "100%",
1314 |       "gridPos": {
1315 |         "h": 13,
1316 |         "w": 10,
1317 |         "x": 12,
1318 |         "y": 24
1319 |       },
1320 |       "id": 23,
1321 |       "links": [],
1322 |       "options": {},
1323 |       "pageSize": null,
1324 |       "scroll": true,
1325 |       "showHeader": true,
1326 |       "sort": {
1327 |         "col": 0,
1328 |         "desc": true
1329 |       },
1330 |       "styles": [
1331 |         {
1332 |           "alias": "Time",
1333 |           "dateFormat": "YYYY-MM-DD HH:mm:ss",
1334 |           "pattern": "Time",
1335 |           "type": "date"
1336 |         },
1337 |         {
1338 |           "alias": "",
1339 |           "colorMode": null,
1340 |           "colors": [
1341 |             "rgba(245, 54, 54, 0.9)",
1342 |             "rgba(237, 129, 40, 0.89)",
1343 |             "rgba(50, 172, 45, 0.97)"
1344 |           ],
1345 |           "decimals": 2,
1346 |           "pattern": "/.*/",
1347 |           "thresholds": [],
1348 |           "type": "number",
1349 |           "unit": "short"
1350 |         }
1351 |       ],
1352 |       "targets": [
1353 |         {
1354 |           "expr": "ALERTS",
1355 |           "format": "table",
1356 |           "intervalFactor": 1,
1357 |           "refId": "A"
1358 |         }
1359 |       ],
1360 |       "title": "Alerts",
1361 |       "transform": "table",
1362 |       "type": "table"
1363 |     },
1364 |     {
1365 |       "aliasColors": {},
1366 |       "bars": false,
1367 |       "dashLength": 10,
1368 |       "dashes": false,
1369 |       "datasource": "Prometheus",
1370 |       "decimals": 2,
1371 |       "editable": true,
1372 |       "error": false,
1373 |       "fill": 0,
1374 |       "fillGradient": 0,
1375 |       "grid": {},
1376 |       "gridPos": {
1377 |         "h": 14,
1378 |         "w": 6,
1379 |         "x": 0,
1380 |         "y": 34
1381 |       },
1382 |       "id": 8,
1383 |       "isNew": true,
1384 |       "legend": {
1385 |         "alignAsTable": true,
1386 |         "avg": true,
1387 |         "current": true,
1388 |         "max": false,
1389 |         "min": false,
1390 |         "rightSide": false,
1391 |         "show": true,
1392 |         "sort": "current",
1393 |         "sortDesc": true,
1394 |         "total": false,
1395 |         "values": true
1396 |       },
1397 |       "lines": true,
1398 |       "linewidth": 2,
1399 |       "links": [],
1400 |       "nullPointMode": "connected",
1401 |       "options": {
1402 |         "dataLinks": []
1403 |       },
1404 |       "percentage": false,
1405 |       "pointradius": 5,
1406 |       "points": false,
1407 |       "renderer": "flot",
1408 |       "seriesOverrides": [],
1409 |       "spaceLength": 10,
1410 |       "stack": false,
1411 |       "steppedLine": false,
1412 |       "targets": [
1413 |         {
1414 |           "expr": "sort_desc(sum by (name) (rate(container_network_receive_bytes_total{image!=\"\"}[1m] ) ))",
1415 |           "interval": "10s",
1416 |           "intervalFactor": 1,
1417 |           "legendFormat": "{{ name }}",
1418 |           "metric": "container_network_receive_bytes_total",
1419 |           "refId": "A",
1420 |           "step": 10
1421 |         }
1422 |       ],
1423 |       "thresholds": [],
1424 |       "timeFrom": null,
1425 |       "timeRegions": [],
1426 |       "timeShift": null,
1427 |       "title": "Container Network Input",
1428 |       "tooltip": {
1429 |         "msResolution": false,
1430 |         "shared": true,
1431 |         "sort": 0,
1432 |         "value_type": "cumulative"
1433 |       },
1434 |       "type": "graph",
1435 |       "xaxis": {
1436 |         "buckets": null,
1437 |         "mode": "time",
1438 |         "name": null,
1439 |         "show": true,
1440 |         "values": []
1441 |       },
1442 |       "yaxes": [
1443 |         {
1444 |           "format": "bytes",
1445 |           "label": null,
1446 |           "logBase": 1,
1447 |           "max": null,
1448 |           "min": null,
1449 |           "show": true
1450 |         },
1451 |         {
1452 |           "format": "short",
1453 |           "label": null,
1454 |           "logBase": 1,
1455 |           "max": null,
1456 |           "min": null,
1457 |           "show": true
1458 |         }
1459 |       ],
1460 |       "yaxis": {
1461 |         "align": false,
1462 |         "alignLevel": null
1463 |       }
1464 |     },
1465 |     {
1466 |       "aliasColors": {},
1467 |       "bars": false,
1468 |       "dashLength": 10,
1469 |       "dashes": false,
1470 |       "datasource": "Prometheus",
1471 |       "decimals": 2,
1472 |       "editable": true,
1473 |       "error": false,
1474 |       "fill": 0,
1475 |       "fillGradient": 0,
1476 |       "grid": {},
1477 |       "gridPos": {
1478 |         "h": 14,
1479 |         "w": 6,
1480 |         "x": 6,
1481 |         "y": 34
1482 |       },
1483 |       "id": 9,
1484 |       "isNew": true,
1485 |       "legend": {
1486 |         "alignAsTable": true,
1487 |         "avg": true,
1488 |         "current": true,
1489 |         "max": false,
1490 |         "min": false,
1491 |         "rightSide": false,
1492 |         "show": true,
1493 |         "sort": "current",
1494 |         "sortDesc": true,
1495 |         "total": false,
1496 |         "values": true
1497 |       },
1498 |       "lines": true,
1499 |       "linewidth": 2,
1500 |       "links": [],
1501 |       "nullPointMode": "connected",
1502 |       "options": {
1503 |         "dataLinks": []
1504 |       },
1505 |       "percentage": false,
1506 |       "pointradius": 5,
1507 |       "points": false,
1508 |       "renderer": "flot",
1509 |       "seriesOverrides": [],
1510 |       "spaceLength": 10,
1511 |       "stack": false,
1512 |       "steppedLine": false,
1513 |       "targets": [
1514 |         {
1515 |           "expr": "sort_desc(sum by (name) (rate(container_network_transmit_bytes_total{image!=\"\"}[1m] ) ))",
1516 |           "format": "time_series",
1517 |           "intervalFactor": 2,
1518 |           "legendFormat": "{{ name }}",
1519 |           "metric": "container_network_transmit_bytes_total",
1520 |           "refId": "B",
1521 |           "step": 4
1522 |         }
1523 |       ],
1524 |       "thresholds": [],
1525 |       "timeFrom": null,
1526 |       "timeRegions": [],
1527 |       "timeShift": null,
1528 |       "title": "Container Network Output",
1529 |       "tooltip": {
1530 |         "msResolution": false,
1531 |         "shared": true,
1532 |         "sort": 0,
1533 |         "value_type": "cumulative"
1534 |       },
1535 |       "type": "graph",
1536 |       "xaxis": {
1537 |         "buckets": null,
1538 |         "mode": "time",
1539 |         "name": null,
1540 |         "show": true,
1541 |         "values": []
1542 |       },
1543 |       "yaxes": [
1544 |         {
1545 |           "format": "bytes",
1546 |           "label": null,
1547 |           "logBase": 1,
1548 |           "max": null,
1549 |           "min": null,
1550 |           "show": true
1551 |         },
1552 |         {
1553 |           "format": "short",
1554 |           "label": null,
1555 |           "logBase": 1,
1556 |           "max": null,
1557 |           "min": null,
1558 |           "show": false
1559 |         }
1560 |       ],
1561 |       "yaxis": {
1562 |         "align": false,
1563 |         "alignLevel": null
1564 |       }
1565 |     },
1566 |     {
1567 |       "columns": [],
1568 |       "datasource": "Prometheus",
1569 |       "fontSize": "100%",
1570 |       "gridPos": {
1571 |         "h": 10,
1572 |         "w": 10,
1573 |         "x": 12,
1574 |         "y": 37
1575 |       },
1576 |       "id": 30,
1577 |       "links": [],
1578 |       "options": {},
1579 |       "pageSize": 10,
1580 |       "scroll": true,
1581 |       "showHeader": true,
1582 |       "sort": {
1583 |         "col": 0,
1584 |         "desc": true
1585 |       },
1586 |       "styles": [
1587 |         {
1588 |           "alias": "Time",
1589 |           "dateFormat": "YYYY-MM-DD HH:mm:ss",
1590 |           "link": false,
1591 |           "linkUrl": "",
1592 |           "pattern": "Time",
1593 |           "type": "date"
1594 |         },
1595 |         {
1596 |           "alias": "",
1597 |           "colorMode": null,
1598 |           "colors": [
1599 |             "rgba(245, 54, 54, 0.9)",
1600 |             "rgba(237, 129, 40, 0.89)",
1601 |             "rgba(50, 172, 45, 0.97)"
1602 |           ],
1603 |           "decimals": 2,
1604 |           "pattern": "/.*/",
1605 |           "thresholds": [],
1606 |           "type": "number",
1607 |           "unit": "short"
1608 |         }
1609 |       ],
1610 |       "targets": [
1611 |         {
1612 |           "expr": "cadvisor_version_info",
1613 |           "format": "table",
1614 |           "instant": false,
1615 |           "interval": "15m",
1616 |           "intervalFactor": 2,
1617 |           "legendFormat": "cAdvisor  Version: {{cadvisorVersion}}",
1618 |           "refId": "A"
1619 |         },
1620 |         {
1621 |           "expr": "prometheus_build_info",
1622 |           "format": "table",
1623 |           "interval": "15m",
1624 |           "intervalFactor": 2,
1625 |           "legendFormat": "Prometheus Version: {{version}}",
1626 |           "refId": "B"
1627 |         },
1628 |         {
1629 |           "expr": "node_exporter_build_info",
1630 |           "format": "table",
1631 |           "interval": "15m",
1632 |           "intervalFactor": 2,
1633 |           "legendFormat": "Node-Exporter Version: {{version}}",
1634 |           "refId": "C"
1635 |         }
1636 |       ],
1637 |       "title": "Running Versions",
1638 |       "transform": "table",
1639 |       "type": "table"
1640 |     }
1641 |   ],
1642 |   "refresh": "10s",
1643 |   "schemaVersion": 20,
1644 |   "style": "dark",
1645 |   "tags": [
1646 |     "docker",
1647 |     "prometheus, ",
1648 |     "node-exporter",
1649 |     "cadvisor"
1650 |   ],
1651 |   "templating": {
1652 |     "list": [
1653 |       {
1654 |         "auto": false,
1655 |         "auto_count": 30,
1656 |         "auto_min": "10s",
1657 |         "current": {
1658 |           "text": "1m",
1659 |           "value": "1m"
1660 |         },
1661 |         "hide": 0,
1662 |         "label": "interval",
1663 |         "name": "interval",
1664 |         "options": [
1665 |           {
1666 |             "selected": true,
1667 |             "text": "1m",
1668 |             "value": "1m"
1669 |           },
1670 |           {
1671 |             "selected": false,
1672 |             "text": "10m",
1673 |             "value": "10m"
1674 |           },
1675 |           {
1676 |             "selected": false,
1677 |             "text": "30m",
1678 |             "value": "30m"
1679 |           },
1680 |           {
1681 |             "selected": false,
1682 |             "text": "1h",
1683 |             "value": "1h"
1684 |           },
1685 |           {
1686 |             "selected": false,
1687 |             "text": "6h",
1688 |             "value": "6h"
1689 |           },
1690 |           {
1691 |             "selected": false,
1692 |             "text": "12h",
1693 |             "value": "12h"
1694 |           },
1695 |           {
1696 |             "selected": false,
1697 |             "text": "1d",
1698 |             "value": "1d"
1699 |           },
1700 |           {
1701 |             "selected": false,
1702 |             "text": "7d",
1703 |             "value": "7d"
1704 |           },
1705 |           {
1706 |             "selected": false,
1707 |             "text": "14d",
1708 |             "value": "14d"
1709 |           },
1710 |           {
1711 |             "selected": false,
1712 |             "text": "30d",
1713 |             "value": "30d"
1714 |           }
1715 |         ],
1716 |         "query": "1m,10m,30m,1h,6h,12h,1d,7d,14d,30d",
1717 |         "refresh": 2,
1718 |         "skipUrlSync": false,
1719 |         "type": "interval"
1720 |       },
1721 |       {
1722 |         "allValue": null,
1723 |         "current": {
1724 |           "text": "All",
1725 |           "value": "$__all"
1726 |         },
1727 |         "datasource": "Prometheus",
1728 |         "definition": "label_values(node_exporter_build_info{name=~'$name'},instance)",
1729 |         "hide": 0,
1730 |         "includeAll": true,
1731 |         "label": "IP",
1732 |         "multi": true,
1733 |         "name": "node",
1734 |         "options": [],
1735 |         "query": "label_values(node_exporter_build_info{name=~'$name'},instance)",
1736 |         "refresh": 2,
1737 |         "regex": "",
1738 |         "skipUrlSync": false,
1739 |         "sort": 1,
1740 |         "tagValuesQuery": "",
1741 |         "tags": [],
1742 |         "tagsQuery": "",
1743 |         "type": "query",
1744 |         "useTags": false
1745 |       },
1746 |       {
1747 |         "allValue": null,
1748 |         "current": {
1749 |           "text": "All",
1750 |           "value": "$__all"
1751 |         },
1752 |         "datasource": "Prometheus",
1753 |         "definition": "label_values(node_exporter_build_info,env)",
1754 |         "hide": 0,
1755 |         "includeAll": true,
1756 |         "label": "Env",
1757 |         "multi": true,
1758 |         "name": "env",
1759 |         "options": [],
1760 |         "query": "label_values(node_exporter_build_info,env)",
1761 |         "refresh": 2,
1762 |         "regex": "",
1763 |         "skipUrlSync": false,
1764 |         "sort": 0,
1765 |         "tagValuesQuery": "",
1766 |         "tags": [],
1767 |         "tagsQuery": "",
1768 |         "type": "query",
1769 |         "useTags": false
1770 |       },
1771 |       {
1772 |         "allValue": null,
1773 |         "current": {
1774 |           "text": "All",
1775 |           "value": "$__all"
1776 |         },
1777 |         "datasource": "Prometheus",
1778 |         "definition": "label_values(node_exporter_build_info{env=~'$env'},name)",
1779 |         "hide": 0,
1780 |         "includeAll": true,
1781 |         "label": "CPU Name",
1782 |         "multi": true,
1783 |         "name": "name",
1784 |         "options": [],
1785 |         "query": "label_values(node_exporter_build_info{env=~'$env'},name)",
1786 |         "refresh": 2,
1787 |         "regex": "",
1788 |         "skipUrlSync": false,
1789 |         "sort": 0,
1790 |         "tagValuesQuery": "",
1791 |         "tags": [],
1792 |         "tagsQuery": "",
1793 |         "type": "query",
1794 |         "useTags": false
1795 |       }
1796 |     ]
1797 |   },
1798 |   "time": {
1799 |     "from": "now-5m",
1800 |     "to": "now"
1801 |   },
1802 |   "timepicker": {
1803 |     "refresh_intervals": [
1804 |       "5s",
1805 |       "10s",
1806 |       "30s",
1807 |       "1m",
1808 |       "5m",
1809 |       "15m",
1810 |       "30m",
1811 |       "1h",
1812 |       "2h",
1813 |       "1d"
1814 |     ],
1815 |     "time_options": [
1816 |       "5m",
1817 |       "15m",
1818 |       "1h",
1819 |       "6h",
1820 |       "12h",
1821 |       "24h",
1822 |       "2d",
1823 |       "7d",
1824 |       "30d"
1825 |     ]
1826 |   },
1827 |   "timezone": "browser",
1828 |   "title": "Docker Prometheus Monitoring",
1829 |   "uid": "64nrElFmk",
1830 |   "version": 2
1831 | }


--------------------------------------------------------------------------------
/grafana/provisioning/dashboards/dashboard.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: 1
 2 | 
 3 | providers:
 4 | - name: 'Prometheus'
 5 |   orgId: 1
 6 |   folder: ''
 7 |   type: file
 8 |   disableDeletion: false
 9 |   editable: true
10 |   options:
11 |     path: /etc/grafana/provisioning/dashboards
12 | 


--------------------------------------------------------------------------------
/grafana/provisioning/datasources/datasource.yml:
--------------------------------------------------------------------------------
 1 | # config file version
 2 | apiVersion: 1
 3 | 
 4 | # list of datasources that should be deleted from the database
 5 | deleteDatasources:
 6 |   - name: Prometheus
 7 |     orgId: 1
 8 | 
 9 | # list of datasources to insert/update depending
10 | # whats available in the database
11 | datasources:
12 |   # <string, required> name of the datasource. Required
13 | - name: Prometheus
14 |   # <string, required> datasource type. Required
15 |   type: prometheus
16 |   # <string, required> access mode. direct or proxy. Required
17 |   access: proxy
18 |   # <int> org id. will default to orgId 1 if not specified
19 |   orgId: 1
20 |   # <string> url
21 |   url: http://prometheus:9090
22 |   # <string> database password, if used
23 |   password:
24 |   # <string> database user, if used
25 |   user:
26 |   # <string> database name, if used
27 |   database:
28 |   # <bool> enable/disable basic auth
29 |   basicAuth: false
30 |   # <string> basic auth username, if used
31 |   basicAuthUser:
32 |   # <string> basic auth password, if used
33 |   basicAuthPassword:
34 |   # <bool> enable/disable with credentials headers
35 |   withCredentials:
36 |   # <bool> mark as default datasource. Max one per org
37 |   isDefault: true
38 |   # <map> fields that will be converted to json and stored in json_data
39 |   jsonData:
40 |      graphiteVersion: "1.1"
41 |      tlsAuth: false
42 |      tlsAuthWithCACert: false
43 |   # <string> json object of data that will be encrypted.
44 |   secureJsonData:
45 |     tlsCACert: "..."
46 |     tlsClientCert: "..."
47 |     tlsClientKey: "..."
48 |   version: 1
49 |   # <bool> allow users to edit datasources from the UI.
50 |   editable: true
51 | 


--------------------------------------------------------------------------------
/pki/config/vault-pki.hcl:
--------------------------------------------------------------------------------
 1 | # Vault OSS v1.2.3
 2 | 
 3 | # -----------------------------------------------------------------------
 4 | # Global configuration
 5 | # set via env variables
 6 | # -----------------------------------------------------------------------
 7 | 
 8 | # -----------------------------------------------------------------------
 9 | # Listener configuration
10 | # -----------------------------------------------------------------------
11 | 
12 | listener "tcp" {
13 |   address       = "0.0.0.0:8200"
14 |   tls_disable  = "false"
15 |   tls_cert_file = "/vault/ca/primary.pem"
16 |   tls_key_file  = "/vault/ca/primary-key.pem"
17 | }
18 | ui = "true"
19 | cluster_address = "0.0.0.0:8201"
20 | cluster_name = "Primary"
21 | # -----------------------------------------------------------------------
22 | # Storage configuration
23 | # -----------------------------------------------------------------------
24 | storage "consul" {
25 |   address            = "primary_consul_agent_1_1:8500"
26 |   scheme             = "http"
27 | #  tls_ca_file        = "/etc/ssl/certs/ca.pem"
28 |   token = "49792521-8362-f878-5a32-7405f1783838"
29 |   path               = "vault/"
30 | # disable_clustering = "${disable_clustering}"
31 | # service_tags       = "${service_tags}"
32 |   service   	     = "pki"
33 | }
34 | 
35 | # -----------------------------------------------------------------------
36 | # Optional cloud seal configuration
37 | # -----------------------------------------------------------------------
38 | 
39 | # GCPKMS
40 | 
41 | # -----------------------------------------------------------------------
42 | # Enable Prometheus metrics by default
43 | # -----------------------------------------------------------------------
44 | 
45 | telemetry {
46 |   prometheus_retention_time = "30s"
47 |   disable_hostname          = true
48 | }


--------------------------------------------------------------------------------
/prem/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM vault:1.3.2
2 | COPY vault /bin/vault
3 | RUN chmod a+x /bin/vault
4 | 


--------------------------------------------------------------------------------
/prometheus/alert.rules:
--------------------------------------------------------------------------------
 1 | groups:
 2 | - name: example
 3 |   rules:
 4 | 
 5 |   # Alert for any instance that is unreachable for >2 minutes.
 6 |   - alert: service_down
 7 |     expr: up == 0
 8 |     for: 2m
 9 |     labels:
10 |       severity: page
11 |     annotations:
12 |       summary: "Instance {{ $labels.instance }} down"
13 |       description: "{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 2 minutes."
14 | 
15 |   - alert: high_load
16 |     expr: node_load1 > 0.5
17 |     for: 2m
18 |     labels:
19 |       severity: page
20 |     annotations:
21 |       summary: "Instance {{ $labels.instance }} under high load"
22 |       description: "{{ $labels.instance }} of job {{ $labels.job }} is under high load."
23 | 


--------------------------------------------------------------------------------
/prometheus/prometheus.yml:
--------------------------------------------------------------------------------
 1 | # my global config
 2 | global:
 3 |   scrape_interval:     15s # By default, scrape targets every 15 seconds.
 4 |   evaluation_interval: 15s # By default, scrape targets every 15 seconds.
 5 |   # scrape_timeout is set to the global default (10s).
 6 | 
 7 |   # Attach these labels to any time series or alerts when communicating with
 8 |   # external systems (federation, remote storage, Alertmanager).
 9 |   external_labels:
10 |       monitor: 'my-project'
11 | 
12 | # Load and evaluate rules in this file every 'evaluation_interval' seconds.
13 | rule_files:
14 |   - 'alert.rules'
15 |   # - "first.rules"
16 |   # - "second.rules"
17 | 
18 | # alert
19 | alerting:
20 |   alertmanagers:
21 |   - scheme: http
22 |     static_configs:
23 |     - targets:
24 |       - "alertmanager:9093"
25 | 
26 | # A scrape configuration containing exactly one endpoint to scrape:
27 | # Here it's Prometheus itself.
28 | scrape_configs:
29 |   # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
30 | 
31 |   - job_name: 'prometheus'
32 | 
33 |     # Override the global default and scrape targets from this job every 5 seconds.
34 |     scrape_interval: 5s
35 | 
36 |     static_configs:
37 |          - targets: ['localhost:9090']
38 | 
39 | 
40 |   - job_name: 'cadvisor'
41 | 
42 |     # Override the global default and scrape targets from this job every 5 seconds.
43 |     scrape_interval: 5s
44 | 
45 |     dns_sd_configs:
46 |     - names:
47 |       - 'tasks.cadvisor'
48 |       type: 'A'
49 |       port: 8080
50 | 
51 | #     static_configs:
52 | #          - targets: ['cadvisor:8080']
53 | 
54 |   - job_name: 'node-exporter'
55 | 
56 |     # Override the global default and scrape targets from this job every 5 seconds.
57 |     scrape_interval: 5s
58 | 
59 |     dns_sd_configs:
60 |     - names:
61 |       - 'tasks.node-exporter'
62 |       type: 'A'
63 |       port: 9100
64 |     
65 | #     static_configs:
66 | #          - targets: ['node-exporter:9100']
67 |   - job_name: 'vault'
68 |     static_configs:
69 |       - targets: ['primary_vault01_1:8200', 'primary_vault02_1:8200', 'primary_vault03_1:8200']
70 |     scheme: "http"
71 |     bearer_token: s.e8qY1qUtNDldNDmi9ER3xavT
72 |     tls_config:
73 |       insecure_skip_verify: true
74 |     metrics_path: "/v1/sys/metrics"
75 |     params:
76 |       format: ['prometheus']
77 | 
78 | 


--------------------------------------------------------------------------------
/prometheus/vault-metrics.hcl:
--------------------------------------------------------------------------------
1 | path "sys/metrics*"
2 | {
3 |   capabilities = ["read", "list"]
4 | }
5 | 


--------------------------------------------------------------------------------
/proxy/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '3'
 2 | networks:
 3 |   vault_primary:
 4 |     external: true
 5 |   vault_secondary:
 6 |     external: true
 7 |   vault_dr:
 8 |     external: true    
 9 | 
10 | services:
11 |   haproxy:
12 |     image: haproxy:2.0
13 |     container_name: haproxy
14 |     networks:
15 |       - vault_primary
16 |       - vault_secondary
17 |       - vault_dr
18 |     environment:
19 |       - LOG_LEVEL=debug
20 |     ports:
21 |       - "8801:8200"
22 |       - "8901:9200"
23 |       - "8819:1936"
24 |     volumes:
25 |     - "./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro"
26 | 


--------------------------------------------------------------------------------
/proxy/haproxy.cfg:
--------------------------------------------------------------------------------
  1 | defaults
  2 |     timeout connect 3000ms
  3 |     timeout server 10000ms
  4 |     timeout client 10000ms
  5 |     default-server init-addr none
  6 | 
  7 | frontend stats
  8 |    bind *:1936
  9 |    stats enable
 10 |    stats uri /
 11 |    stats show-legends
 12 |    monitor-uri /haproxy
 13 |    mode http
 14 |     #   no log
 15 | global
 16 |     log stdout  format raw  local0  debug
 17 |     maxconn 2000
 18 | 
 19 | frontend primary_cluster_port
 20 |    mode tcp
 21 |    bind *:8201
 22 |    log global
 23 |    timeout client 30000
 24 |    default_backend primary_cluster_active_port
 25 |    option tcplog
 26 | 
 27 | backend primary_cluster_active_port
 28 |     mode tcp
 29 |     timeout check 5000
 30 |     timeout server 30000
 31 |     timeout connect 5000
 32 |     #option httpchk GET /v1/sys/health
 33 |     # add 'check check-ssl' when its enabled
 34 |     server vault-active active.vault.service.consul:8201 check verify none inter 5000 resolvers primary_consul
 35 |     #server vault02 vault02:8200 check verify none inter 5000 resolvers primary_consul
 36 |     #server vault03 vault03:8200 check verify none inter 5000 resolvers primary_consul
 37 |     #server-template vault 1 _vault._tcp.service.consul resolvers primary_consul resolve-opts allow-dup-ip resolve-prefer ipv4 check
 38 | 
 39 | frontend primary_cluster_api
 40 |    mode tcp
 41 |    bind *:8200
 42 |    log global
 43 |    timeout client 30000
 44 |    default_backend primary_cluster_active_api
 45 |    option tcplog
 46 | 
 47 | backend primary_cluster_active_api
 48 |     mode tcp
 49 |     timeout check 5000
 50 |     timeout server 30000
 51 |     timeout connect 5000
 52 |     option httpchk GET /v1/sys/health
 53 |     # add 'check check-ssl' when its enabled
 54 |     server vault-active active.vault.service.consul:8200 check verify none inter 5000 resolvers primary_consul
 55 |     #server vault02 vault02:8200 check verify none inter 5000 resolvers primary_consul
 56 |     #server vault03 vault03:8200 check verify none inter 5000 resolvers primary_consul
 57 |     #server-template vault 1 _vault._tcp.service.consul resolvers primary_consul resolve-opts allow-dup-ip resolve-prefer ipv4 check
 58 | 
 59 | resolvers primary_consul
 60 |   nameserver consul primary_consul_server_bootstrap_1:8600
 61 |   accepted_payload_size 8192
 62 |   hold valid 5s
 63 | 
 64 | # DR primary cluster (replication secondary)
 65 | frontend dr_cluster_port
 66 |    mode tcp
 67 |    bind *:9201
 68 |    log global
 69 |    timeout client 30000
 70 |    default_backend dr_cluster_active_port
 71 |    option tcplog
 72 | 
 73 | backend dr_cluster_active_port
 74 |     mode tcp
 75 |     timeout check 5000
 76 |     timeout server 30000
 77 |     timeout connect 5000
 78 |     #option httpchk GET /v1/sys/health
 79 |     # add 'check check-ssl' when its enabled
 80 |     server vault-active active.vault.service.consul:8201 check verify none inter 5000 resolvers dr_consul
 81 |     #server vault02 vault02:8200 check verify none inter 5000 resolvers dr_consul
 82 |     #server vault03 vault03:8200 check verify none inter 5000 resolvers dr_consul
 83 |     #server-template vault 1 _vault._tcp.service.consul resolvers dr_consul resolve-opts allow-dup-ip resolve-prefer ipv4 check
 84 | 
 85 | frontend dr_cluster_api
 86 |    mode tcp
 87 |    bind *:9200
 88 |    log global
 89 |    timeout client 30000
 90 |    default_backend dr_cluster_active_api
 91 |    option tcplog
 92 | 
 93 | backend dr_cluster_active_api
 94 |     mode tcp
 95 |     timeout check 5000
 96 |     timeout server 30000
 97 |     timeout connect 5000
 98 |     option httpchk GET /v1/sys/health
 99 |     # add 'check check-ssl' when its enabled
100 |     server vault-active active.vault.service.consul:8200 check verify none inter 5000 resolvers dr_consul
101 |     #server vault02 vault02:8200 check verify none inter 5000 resolvers dr_consul
102 |     #server vault03 vault03:8200 check verify none inter 5000 resolvers dr_consul
103 |     #server-template vault 1 _vault._tcp.service.consul resolvers dr_consul resolve-opts allow-dup-ip resolve-prefer ipv4 check
104 | 
105 | resolvers dr_consul
106 |   nameserver consul secondary_consul_server_bootstrap_1:8600
107 |   accepted_payload_size 8192
108 |   hold valid 5s
109 | 
110 | 


--------------------------------------------------------------------------------
/secondary/consul/config/server.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "datacenter": "vault-secondary",
 3 |     "data_dir": "/consul/data",
 4 |     "encrypt": "N2VHEv3OFEU+jx10efNTkOqDUuEj6/14hNLYvcZaGgk=",
 5 |     "log_level": "DEBUG",
 6 |     "enable_syslog": false,
 7 |     "enable_debug": true,
 8 |     "leave_on_terminate": false,
 9 |     "skip_leave_on_interrupt": true,
10 |     "rejoin_after_leave": true,
11 |     "acl" : {
12 |         "enabled": true,
13 |         "default_policy":  "allow",
14 |         "down_policy":   "allow"
15 |     },
16 |     "acl_master_token": "50792521-8362-f878-5a32-7405f1783899"
17 | }


--------------------------------------------------------------------------------
/secondary/docker-compose.secondary.yml:
--------------------------------------------------------------------------------
 1 | version: '3'
 2 | networks:
 3 |   vault_secondary:
 4 |     external: true
 5 | 
 6 | services:
 7 |   consul_agent_1: &consul-agent
 8 |     networks:
 9 |       - vault_secondary
10 |   
11 |   consul_agent_2:
12 |     networks:
13 |       - vault_secondary
14 | 
15 |   consul_agent_3:
16 |     networks:
17 |       - vault_secondary
18 | 
19 |   consul_server_1: &consul_server
20 |     networks:
21 |       - vault_secondary
22 | 
23 |   consul_server_2:
24 |     networks:
25 |       - vault_secondary
26 | 
27 |   consul_server_bootstrap:
28 |     networks:
29 |       - vault_secondary
30 |     ports:
31 |       - "8402:8400"
32 |       - "8502:8500"
33 |       - "8602:8600"
34 |       - "8602:8600/udp"
35 | 
36 | ## VAULT cluster configuration
37 |   vault01: &vault-server
38 |     networks:
39 |       - vault_secondary    
40 |     ports:
41 |       - 9301:8200
42 |   
43 |   vault02: 
44 |     networks:
45 |       - vault_secondary  
46 |     ports:
47 |       - 9302:8200
48 |       
49 |   vault03:
50 |     networks:
51 |       - vault_secondary  
52 |     ports:
53 |       - 9303:8200
54 | 


--------------------------------------------------------------------------------
/secondary/grafana/config.monitoring:
--------------------------------------------------------------------------------
1 | GF_SECURITY_ADMIN_PASSWORD=foobar
2 | GF_USERS_ALLOW_SIGN_UP=false
3 | 


--------------------------------------------------------------------------------
/secondary/grafana/provisioning/dashboards/dashboard.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: 1
 2 | 
 3 | providers:
 4 | - name: 'Prometheus'
 5 |   orgId: 1
 6 |   folder: ''
 7 |   type: file
 8 |   disableDeletion: false
 9 |   editable: true
10 |   options:
11 |     path: /etc/grafana/provisioning/dashboards
12 | 


--------------------------------------------------------------------------------
/secondary/grafana/provisioning/datasources/datasource.yml:
--------------------------------------------------------------------------------
 1 | # config file version
 2 | apiVersion: 1
 3 | 
 4 | # list of datasources that should be deleted from the database
 5 | deleteDatasources:
 6 |   - name: Prometheus
 7 |     orgId: 1
 8 | 
 9 | # list of datasources to insert/update depending
10 | # whats available in the database
11 | datasources:
12 |   # <string, required> name of the datasource. Required
13 | - name: Prometheus
14 |   # <string, required> datasource type. Required
15 |   type: prometheus
16 |   # <string, required> access mode. direct or proxy. Required
17 |   access: proxy
18 |   # <int> org id. will default to orgId 1 if not specified
19 |   orgId: 1
20 |   # <string> url
21 |   url: http://prometheus:9090
22 |   # <string> database password, if used
23 |   password:
24 |   # <string> database user, if used
25 |   user:
26 |   # <string> database name, if used
27 |   database:
28 |   # <bool> enable/disable basic auth
29 |   basicAuth: false
30 |   # <string> basic auth username, if used
31 |   basicAuthUser:
32 |   # <string> basic auth password, if used
33 |   basicAuthPassword:
34 |   # <bool> enable/disable with credentials headers
35 |   withCredentials:
36 |   # <bool> mark as default datasource. Max one per org
37 |   isDefault: true
38 |   # <map> fields that will be converted to json and stored in json_data
39 |   jsonData:
40 |      graphiteVersion: "1.1"
41 |      tlsAuth: false
42 |      tlsAuthWithCACert: false
43 |   # <string> json object of data that will be encrypted.
44 |   secureJsonData:
45 |     tlsCACert: "..."
46 |     tlsClientCert: "..."
47 |     tlsClientKey: "..."
48 |   version: 1
49 |   # <bool> allow users to edit datasources from the UI.
50 |   editable: true
51 | 


--------------------------------------------------------------------------------
/secondary/prometheus/alert.rules:
--------------------------------------------------------------------------------
 1 | groups:
 2 | - name: example
 3 |   rules:
 4 | 
 5 |   # Alert for any instance that is unreachable for >2 minutes.
 6 |   - alert: service_down
 7 |     expr: up == 0
 8 |     for: 2m
 9 |     labels:
10 |       severity: page
11 |     annotations:
12 |       summary: "Instance {{ $labels.instance }} down"
13 |       description: "{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 2 minutes."
14 | 
15 |   - alert: high_load
16 |     expr: node_load1 > 0.5
17 |     for: 2m
18 |     labels:
19 |       severity: page
20 |     annotations:
21 |       summary: "Instance {{ $labels.instance }} under high load"
22 |       description: "{{ $labels.instance }} of job {{ $labels.job }} is under high load."
23 | 


--------------------------------------------------------------------------------
/secondary/prometheus/prometheus.yml:
--------------------------------------------------------------------------------
 1 | # my global config
 2 | global:
 3 |   scrape_interval:     15s # By default, scrape targets every 15 seconds.
 4 |   evaluation_interval: 15s # By default, scrape targets every 15 seconds.
 5 |   # scrape_timeout is set to the global default (10s).
 6 | 
 7 |   # Attach these labels to any time series or alerts when communicating with
 8 |   # external systems (federation, remote storage, Alertmanager).
 9 |   external_labels:
10 |       monitor: 'my-project'
11 | 
12 | # Load and evaluate rules in this file every 'evaluation_interval' seconds.
13 | rule_files:
14 |   - 'alert.rules'
15 |   # - "first.rules"
16 |   # - "second.rules"
17 | 
18 | # alert
19 | alerting:
20 |   alertmanagers:
21 |   - scheme: http
22 |     static_configs:
23 |     - targets:
24 |       - "alertmanager:9093"
25 | 
26 | # A scrape configuration containing exactly one endpoint to scrape:
27 | # Here it's Prometheus itself.
28 | scrape_configs:
29 |   # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
30 | 
31 |   - job_name: 'prometheus'
32 | 
33 |     # Override the global default and scrape targets from this job every 5 seconds.
34 |     scrape_interval: 5s
35 | 
36 |     static_configs:
37 |          - targets: ['localhost:9090']
38 | 
39 | 
40 |   - job_name: 'cadvisor'
41 | 
42 |     # Override the global default and scrape targets from this job every 5 seconds.
43 |     scrape_interval: 5s
44 | 
45 |     dns_sd_configs:
46 |     - names:
47 |       - 'tasks.cadvisor'
48 |       type: 'A'
49 |       port: 8080
50 | 
51 | #     static_configs:
52 | #          - targets: ['cadvisor:8080']
53 | 
54 |   - job_name: 'node-exporter'
55 | 
56 |     # Override the global default and scrape targets from this job every 5 seconds.
57 |     scrape_interval: 5s
58 | 
59 |     dns_sd_configs:
60 |     - names:
61 |       - 'tasks.node-exporter'
62 |       type: 'A'
63 |       port: 9100
64 |     
65 | #     static_configs:
66 | #          - targets: ['node-exporter:9100']
67 |   - job_name: 'vault'
68 |     static_configs:
69 |       - targets: ['primary_vault01_1:8200', 'primary_vault02_1:8200', 'primary_vault03_1:8200']
70 |     scheme: "http"
71 |     bearer_token: s.e8qY1qUtNDldNDmi9ER3xavT
72 |     tls_config:
73 |       insecure_skip_verify: true
74 |     metrics_path: "/v1/sys/metrics"
75 |     params:
76 |       format: ['prometheus']
77 | 
78 | 


--------------------------------------------------------------------------------
/secondary/prometheus/vault-metrics.hcl:
--------------------------------------------------------------------------------
1 | path "sys/metrics*"
2 | {
3 |   capabilities = ["read", "list"]
4 | }
5 | 


--------------------------------------------------------------------------------
/secondary/vault/api/.keep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bruj0/vault-docker-compose/e6d4db74c72b216b4131c843f374a12e0f6106a9/secondary/vault/api/.keep


--------------------------------------------------------------------------------
/secondary/vault/config/vault01.hcl:
--------------------------------------------------------------------------------
 1 | # Vault OSS v1.2.3
 2 | 
 3 | # -----------------------------------------------------------------------
 4 | # Global configuration
 5 | # set via env variables
 6 | # -----------------------------------------------------------------------
 7 | 
 8 | # -----------------------------------------------------------------------
 9 | # Listener configuration
10 | # -----------------------------------------------------------------------
11 | 
12 | listener "tcp" {
13 |   address       = "0.0.0.0:8200"
14 |   tls_disable  = "true"
15 | #   #tls_cert_file = "/etc/ssl/certs/vault-server.crt"
16 | #   #tls_key_file  = "/etc/ssl/vault-server.key"
17 | }
18 | ui = "true"
19 | cluster_address = "0.0.0.0:8201"
20 | cluster_name = "Secondary"
21 | # -----------------------------------------------------------------------
22 | # Storage configuration
23 | # -----------------------------------------------------------------------
24 | storage "consul" {
25 |   address            = "secondary_consul_agent_1_1:8500"
26 |   scheme             = "http"
27 | #  tls_ca_file        = "/etc/ssl/certs/ca.pem"
28 |   token = "50792521-8362-f878-5a32-7405f1783899"
29 |   path               = "vault/"
30 | # disable_clustering = "${disable_clustering}"
31 | # service_tags       = "${service_tags}"
32 | # service_address    = "vault01-service"
33 | }
34 | 
35 | # -----------------------------------------------------------------------
36 | # Optional cloud seal configuration
37 | # -----------------------------------------------------------------------
38 | 
39 | # GCPKMS
40 | 
41 | # -----------------------------------------------------------------------
42 | # Enable Prometheus metrics by default
43 | # -----------------------------------------------------------------------
44 | 
45 | telemetry {
46 |   prometheus_retention_time = "30s"
47 |   disable_hostname          = false
48 | }


--------------------------------------------------------------------------------
/secondary/vault/config/vault02.hcl:
--------------------------------------------------------------------------------
 1 | # Vault OSS v1.2.3
 2 | 
 3 | # -----------------------------------------------------------------------
 4 | # Global configuration
 5 | # set via env variables
 6 | # -----------------------------------------------------------------------
 7 | 
 8 | # -----------------------------------------------------------------------
 9 | # Listener configuration
10 | # -----------------------------------------------------------------------
11 | 
12 | listener "tcp" {
13 |   address       = "0.0.0.0:8200"
14 |   tls_disable  = "true"
15 | #   #tls_cert_file = "/etc/ssl/certs/vault-server.crt"
16 | #   #tls_key_file  = "/etc/ssl/vault-server.key"
17 | }
18 | ui = "true"
19 | cluster_address = "0.0.0.0:8201"
20 | cluster_name = "Secondary"
21 | # -----------------------------------------------------------------------
22 | # Storage configuration
23 | # -----------------------------------------------------------------------
24 | storage "consul" {
25 |   address            = "secondary_consul_agent_2_1:8500"
26 |   scheme             = "http"
27 | #  tls_ca_file        = "/etc/ssl/certs/ca.pem"
28 |   token = "50792521-8362-f878-5a32-7405f1783899"
29 |   path               = "vault/"
30 | # disable_clustering = "${disable_clustering}"
31 | # service_tags       = "${service_tags}"
32 | # service_address    = "vault01-service"
33 | }
34 | 
35 | # -----------------------------------------------------------------------
36 | # Optional cloud seal configuration
37 | # -----------------------------------------------------------------------
38 | 
39 | # GCPKMS
40 | 
41 | # -----------------------------------------------------------------------
42 | # Enable Prometheus metrics by default
43 | # -----------------------------------------------------------------------
44 | 
45 | telemetry {
46 |   prometheus_retention_time = "30s"
47 |   disable_hostname          = false
48 | }


--------------------------------------------------------------------------------
/secondary/vault/config/vault03.hcl:
--------------------------------------------------------------------------------
 1 | # Vault OSS v1.2.3
 2 | 
 3 | # -----------------------------------------------------------------------
 4 | # Global configuration
 5 | # set via env variables
 6 | # -----------------------------------------------------------------------
 7 | 
 8 | # -----------------------------------------------------------------------
 9 | # Listener configuration
10 | # -----------------------------------------------------------------------
11 | 
12 | listener "tcp" {
13 |   address       = "0.0.0.0:8200"
14 |   tls_disable  = "true"
15 | #   #tls_cert_file = "/etc/ssl/certs/vault-server.crt"
16 | #   #tls_key_file  = "/etc/ssl/vault-server.key"
17 | }
18 | ui = "true"
19 | cluster_address = "0.0.0.0:8201"
20 | cluster_name = "Secondary"
21 | # -----------------------------------------------------------------------
22 | # Storage configuration
23 | # -----------------------------------------------------------------------
24 | storage "consul" {
25 |   address            = "secondary_consul_agent_1_1:8500"
26 |   scheme             = "http"
27 | #  tls_ca_file        = "/etc/ssl/certs/ca.pem"
28 |   token = "50792521-8362-f878-5a32-7405f1783899"
29 |   path               = "vault/"
30 | # disable_clustering = "${disable_clustering}"
31 | # service_tags       = "${service_tags}"
32 | # service_address    = "vault01-service"
33 | }
34 | 
35 | # -----------------------------------------------------------------------
36 | # Optional cloud seal configuration
37 | # -----------------------------------------------------------------------
38 | 
39 | # GCPKMS
40 | 
41 | # -----------------------------------------------------------------------
42 | # Enable Prometheus metrics by default
43 | # -----------------------------------------------------------------------
44 | 
45 | telemetry {
46 |   prometheus_retention_time = "30s"
47 |   disable_hostname          = false
48 | }


--------------------------------------------------------------------------------
/vault/api/.keep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bruj0/vault-docker-compose/e6d4db74c72b216b4131c843f374a12e0f6106a9/vault/api/.keep


--------------------------------------------------------------------------------
/vault/config/vault01.hcl:
--------------------------------------------------------------------------------
 1 | # Vault OSS v1.2.3
 2 | 
 3 | # -----------------------------------------------------------------------
 4 | # Global configuration
 5 | # set via env variables
 6 | # -----------------------------------------------------------------------
 7 | 
 8 | # -----------------------------------------------------------------------
 9 | # Listener configuration
10 | # -----------------------------------------------------------------------
11 | 
12 | listener "tcp" {
13 |   address       = "0.0.0.0:8200"
14 |   tls_disable  = "true"
15 | #   #tls_cert_file = "/etc/ssl/certs/vault-server.crt"
16 | #   #tls_key_file  = "/etc/ssl/vault-server.key"
17 | }
18 | ui = "true"
19 | cluster_address = "0.0.0.0:8201"
20 | cluster_name = "Primary"
21 | # -----------------------------------------------------------------------
22 | # Storage configuration
23 | # -----------------------------------------------------------------------
24 | storage "consul" {
25 |   address            = "primary_consul_agent_1_1:8500"
26 |   scheme             = "http"
27 | #  tls_ca_file        = "/etc/ssl/certs/ca.pem"
28 |   token = "49792521-8362-f878-5a32-7405f1783838"
29 |   path               = "vault/"
30 | # disable_clustering = "${disable_clustering}"
31 | # service_tags       = "${service_tags}"
32 | #  service_address    = "vault01-service"
33 | }
34 | 
35 | # -----------------------------------------------------------------------
36 | # Optional cloud seal configuration
37 | # -----------------------------------------------------------------------
38 | 
39 | # GCPKMS
40 | 
41 | # -----------------------------------------------------------------------
42 | # Enable Prometheus metrics by default
43 | # -----------------------------------------------------------------------
44 | 
45 | telemetry {
46 |   prometheus_retention_time = "30s"
47 |   disable_hostname          = true
48 | }
49 | raw_storage_endpoint = true
50 | 


--------------------------------------------------------------------------------
/vault/config/vault02.hcl:
--------------------------------------------------------------------------------
 1 | # Vault OSS v1.2.3
 2 | 
 3 | # -----------------------------------------------------------------------
 4 | # Global configuration
 5 | # set via env variables
 6 | # -----------------------------------------------------------------------
 7 | 
 8 | # -----------------------------------------------------------------------
 9 | # Listener configuration
10 | # -----------------------------------------------------------------------
11 | 
12 | listener "tcp" {
13 |   address       = "0.0.0.0:8200"
14 |   tls_disable  = "true"
15 |   token = "49792521-8362-f878-5a32-7405f1783838"
16 | #   #tls_cert_file = "/etc/ssl/certs/vault-server.crt"
17 | #   #tls_key_file  = "/etc/ssl/vault-server.key"
18 | }
19 | ui = "true"
20 | cluster_address = "0.0.0.0:8201"
21 | cluster_name = "Primary"
22 | # -----------------------------------------------------------------------
23 | # Storage configuration
24 | # -----------------------------------------------------------------------
25 | 
26 | storage "consul" {
27 |   address            = "primary_consul_agent_2_1:8500"
28 |   scheme             = "http"
29 | #  tls_ca_file        = "/etc/ssl/certs/ca.pem"
30 |   token = "49792521-8362-f878-5a32-7405f1783838"
31 |   path               = "vault/"
32 | # disable_clustering = "${disable_clustering}"
33 | # service_tags       = "${service_tags}"
34 | }
35 | 
36 | # -----------------------------------------------------------------------
37 | # Optional cloud seal configuration
38 | # -----------------------------------------------------------------------
39 | 
40 | # GCPKMS
41 | 
42 | # -----------------------------------------------------------------------
43 | # Enable Prometheus metrics by default
44 | # -----------------------------------------------------------------------
45 | 
46 | telemetry {
47 |   prometheus_retention_time = "30s"
48 |   disable_hostname          = false
49 | }
50 | raw_storage_endpoint = true
51 | 


--------------------------------------------------------------------------------
/vault/config/vault03.hcl:
--------------------------------------------------------------------------------
 1 | # Vault OSS v1.2.3
 2 | 
 3 | # -----------------------------------------------------------------------
 4 | # Global configuration
 5 | # set via env variables
 6 | # -----------------------------------------------------------------------
 7 | 
 8 | # -----------------------------------------------------------------------
 9 | # Listener configuration
10 | # -----------------------------------------------------------------------
11 | 
12 | listener "tcp" {
13 |   address       = "0.0.0.0:8200"
14 |   tls_disable  = "true"
15 |   token = "49792521-8362-f878-5a32-7405f1783838"
16 | #   #tls_cert_file = "/etc/ssl/certs/vault-server.crt"
17 | #   #tls_key_file  = "/etc/ssl/vault-server.key"
18 | }
19 | ui = "true"
20 | cluster_address = "0.0.0.0:8201"
21 | cluster_name = "Primary"
22 | # -----------------------------------------------------------------------
23 | # Storage configuration
24 | # -----------------------------------------------------------------------
25 | 
26 | storage "consul" {
27 |   address            = "primary_consul_agent_3_1:8500"
28 |   scheme             = "http"
29 | #  tls_ca_file        = "/etc/ssl/certs/ca.pem"
30 |   token = "49792521-8362-f878-5a32-7405f1783838"
31 |   path               = "vault/"
32 | # disable_clustering = "${disable_clustering}"
33 | # service_tags       = "${service_tags}"
34 | }
35 | 
36 | # -----------------------------------------------------------------------
37 | # Optional cloud seal configuration
38 | # -----------------------------------------------------------------------
39 | 
40 | # GCPKMS
41 | 
42 | # -----------------------------------------------------------------------
43 | # Enable Prometheus metrics by default
44 | # -----------------------------------------------------------------------
45 | 
46 | telemetry {
47 |   prometheus_retention_time = "30s"
48 |   disable_hostname          = false
49 | }
50 | raw_storage_endpoint = true
51 | 


--------------------------------------------------------------------------------
/yapi/consul/agent-token-policy.json:
--------------------------------------------------------------------------------
1 | {
2 | "Name": "Agent Token",
3 | "Type": "client",
4 | "Rules": "node \"\" {{ policy = \"write\" }}  service \"\" {{ policy = \"read\" }}"
5 | }


--------------------------------------------------------------------------------
/yapi/consul/test_01-acl-token.tavern.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | test_name: 01-Generate bootstraping token
 3 | stages:
 4 |   - name: 01-Generate bootstraping token
 5 |     request:
 6 |       url: "{tavern.env_vars.CONSUL_ADDR}/v1/acl/bootstrap"
 7 |       method: PUT
 8 |     response:
 9 |       status_code: 200
10 |       save:
11 |         $ext:
12 |           function: myutils:save_response
13 |           extra_kwargs:
14 |             filename: consul-admin-token.json
15 |         body:
16 |           admin_token: SecretID
17 | 
18 | ---
19 | test_name: 02-Generate the Consul ACL agent token
20 | stages:
21 |   - name: 02-Generate the Consul ACL agent token
22 |     request:
23 |       url: "{tavern.env_vars.CONSUL_ADDR}/v1/acl/create"
24 |       method: PUT
25 |       headers:
26 |         X-Consul-Token: "{tavern.env_vars.CONSUL_TOKEN}" #"{admin_token}" 
27 |       json: !include consul-admin-token.json
28 |     response:
29 |       status_code: 200
30 |       save:
31 |         $ext:
32 |           function: myutils:save_response
33 |           extra_kwargs:
34 |             filename: consul-agent-token.json
35 |         body:
36 |           client-token: ID        
37 | ---
38 | test_name: 03-Generate the Vault ACL agent token
39 | stages:
40 |   - name: 03-Generate the Vault ACL agent token
41 |     request:
42 |       url: "{tavern.env_vars.CONSUL_ADDR}/v1/acl/create"
43 |       method: PUT
44 |       headers:
45 |         X-Consul-Token: "{tavern.env_vars.CONSUL_TOKEN}" #"{admin_token}" 
46 |       json: !include vault-token-policy.json
47 |     response:
48 |       status_code: 200
49 |       save:
50 |         $ext:
51 |           function: myutils:save_response
52 |           extra_kwargs:
53 |             filename: vault-consul-token.json
54 |         body:
55 |           vault-token: ID        
56 | 


--------------------------------------------------------------------------------
/yapi/consul/vault-token-policy.json:
--------------------------------------------------------------------------------
1 | {
2 | "Name": "Vault Token", 
3 | "Type": "client", 
4 | "Rules": "node \"\" {{ policy = \"write\" }} service \"vault\" {{ policy = \"write\" }} agent \"\" {{ policy = \"write\" }} key \"vault\" {{ policy = \"write\" }}  session \"\" {{ policy = \"write\" }} "
5 | }


--------------------------------------------------------------------------------
/yapi/pki/01-enable-pki.yaml:
--------------------------------------------------------------------------------
  1 | ---
  2 | test_name: 01-Enable PKI secret engine
  3 | 
  4 | stages:
  5 |   - name: Mount end at pki endpoint
  6 |     request:
  7 |       url: "{env_vars.VAULT_ADDR}/v1/sys/mounts/pki"
  8 |       method: POST
  9 |       headers:
 10 |         X-Vault-Token: "{env_vars.VAULT_TOKEN}"
 11 |       json:
 12 |         type: pki
 13 |     response:
 14 |       status_code: 404
 15 | 
 16 | ---
 17 | test_name: 02-Tune PKI secret engine
 18 | stages:
 19 |   - name: 02-Tune PKI secret engine
 20 |     request:
 21 |       url: "{env_vars.VAULT_ADDR}/v1/sys/mounts/pki/tune"
 22 |       method: POST
 23 |       headers:
 24 |         X-Vault-Token: "{env_vars.VAULT_TOKEN}"
 25 |       json:
 26 |         max_lease_ttl: "87600h"
 27 |     response:
 28 |       status_code: 204
 29 | ---
 30 | test_name: 03-Generate the CA cert
 31 | stages:
 32 |   - name: 03-Generate the CA cert
 33 |     request:
 34 |       url: "{env_vars.VAULT_ADDR}/v1/pki/root/generate/internal"
 35 |       method: POST
 36 |       headers:
 37 |         X-Vault-Token: "{env_vars.VAULT_TOKEN}"
 38 |       json:
 39 |         common_name: "dc1.consul"
 40 |         ttl: "87600h"
 41 |     response:
 42 |       status_code: 200
 43 |       save:
 44 |         $ext:
 45 |           function: myutils:save_response
 46 |           extra_kwargs:
 47 |             filenane: ca.json
 48 | ---
 49 | test_name: 04-Configure the CA and CRL URLs
 50 | stages:
 51 |   - name: 04-Configure the CA and CRL URLs
 52 |     request:
 53 |       url: "{env_vars.VAULT_ADDR}/v1/pki/config/urls"
 54 |       method: POST
 55 |       headers:
 56 |         X-Vault-Token: "{env_vars.VAULT_TOKEN}"
 57 |       json:
 58 |         issuing_certificates: "http://127.0.0.1:8200/v1/pki/ca"
 59 |         crl_distribution_points: "http://127.0.0.1:8200/v1/pki/crl"
 60 |     response:
 61 |       status_code: 204
 62 | 
 63 | ---
 64 | test_name: 05-Generate Intermediate CA
 65 | stages:
 66 |   - name: 05-Generate Intermediate CA
 67 |     request:
 68 |       url: "{env_vars.VAULT_ADDR}/v1/sys/mounts/pki_int"
 69 |       method: POST
 70 |       headers:
 71 |         X-Vault-Token: "{env_vars.VAULT_TOKEN}"
 72 |       json:
 73 |         type: "pki"
 74 |     response:
 75 |       status_code: 204
 76 | 
 77 | ---
 78 | test_name: 06-Tune PKI secret engine for Intermediate CA
 79 | stages:
 80 |   - name: 06-Tune PKI secret engine for Intermediate CA
 81 |     request:
 82 |       url: "{env_vars.VAULT_ADDR}/v1/sys/mounts/pki_int/tune"
 83 |       method: POST
 84 |       headers:
 85 |         X-Vault-Token: "{env_vars.VAULT_TOKEN}"
 86 |       json:
 87 |         max_lease_ttl: "87600h"
 88 |     response:
 89 |       status_code: 204
 90 | ---
 91 | test_name: 07-Generate the Intermediate CA csr and sing it
 92 | stages:
 93 |   - name: 07-Generate the Intermediate CA csr
 94 |     request:
 95 |       url: "{env_vars.VAULT_ADDR}/v1/pki_int/intermediate/generate/internal"
 96 |       method: POST
 97 |       headers:
 98 |         X-Vault-Token: "{env_vars.VAULT_TOKEN}"
 99 |       json:
100 |         common_name: "dc1.consul Intermediate Authority"
101 |     response:
102 |       status_code: 200
103 |       save:
104 |         $ext:
105 |           function: myutils:save_response
106 |           extra_kwargs:
107 |             filename: intermediate_ca.json
108 |         body:
109 |           csr: data.csr
110 |   - name: 08-Sign Intermediate CA
111 |     request:
112 |       url: "{env_vars.VAULT_ADDR}/v1/pki/root/sign-intermediate"
113 |       method: POST
114 |       headers:
115 |         X-Vault-Token: "{env_vars.VAULT_TOKEN}"
116 |       json:
117 |         csr: "{csr}"
118 |         format: pem_bundle
119 |         ttl: 43800h
120 |     response:
121 |       status_code: 200
122 |       save:
123 |         $ext:
124 |           function: myutils:save_response
125 |           extra_kwargs:
126 |             filename: signed_intermediate_ca.json
127 |         body:
128 |           inter_crt: data.certificate
129 | 
130 |   - name: 09-Import Intermediate CA into pki_int
131 |     request:
132 |       url: "{env_vars.VAULT_ADDR}/v1/pki_int/intermediate/set-signed"
133 |       method: POST
134 |       headers:
135 |         X-Vault-Token: "{env_vars.VAULT_TOKEN}"
136 |       json:
137 |         certificate: "{inter_crt}"
138 |     response:
139 |       status_code: 204
140 | ---
141 | test_name: 10- Create role for consul
142 | stages:
143 |   - name: 10-Create roles
144 |     request:
145 |       url: "{env_vars.VAULT_ADDR}/v1/pki/roles/dc1-consul"
146 |       method: POST
147 |       headers:
148 |         X-Vault-Token: "{env_vars.VAULT_TOKEN}"
149 |       json:
150 |         allowed_domains: "dc1.consul"
151 |         allow_subdomains: true
152 |         max_ttl: "720h"
153 |     response:
154 |       status_code: 204
155 | ---
156 | test_name: 11- Create role for vault
157 | stages:
158 |   - name: 10-Create roles
159 |     request:
160 |       url: "{env_vars.VAULT_ADDR}/v1/pki/roles/dc1-vault"
161 |       method: POST
162 |       headers:
163 |         X-Vault-Token: "{env_vars.VAULT_TOKEN}"
164 |       json:
165 |         allowed_domains: "dc1.vault"
166 |         allow_subdomains: true
167 |         max_ttl: "720h"
168 |     response:
169 |       status_code: 204      


--------------------------------------------------------------------------------
/yapi/pki/02-vault-certificates.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | test_name: 01-Create vault server certificate
 3 | stages:
 4 | 
 5 |   - name: 02-Create vault01 server certificate
 6 |     request:
 7 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/pki/issue/dc1-vault"
 8 |       method: POST
 9 |       headers:
10 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
11 |       json:
12 |         common_name: "vault01.dc1.vault"
13 |         ttl": "720h"
14 |     response:
15 |       status_code: 200
16 |       save:
17 |         $ext:
18 |           function: myutils:save_response
19 |           extra_kwargs:
20 |             filename: vault01-dc1-vault.json
21 |   - name: 03-Create vault02 server certificate
22 |     request:
23 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/pki/issue/dc1-vault"
24 |       method: POST
25 |       headers:
26 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
27 |       json:
28 |         common_name: "vault02.dc1.vault"
29 |         ttl": "720h"
30 |     response:
31 |       status_code: 200
32 |       save:
33 |         $ext:
34 |           function: myutils:save_response
35 |           extra_kwargs:
36 |             filename: vault02-dc1-vault.json
37 |   - name: 04-Create vault03 server certificate
38 |     request:
39 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/pki/issue/dc1-vault"
40 |       method: POST
41 |       headers:
42 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
43 |       json:
44 |         common_name: "vault03.dc1.vault"
45 |         ttl": "720h"
46 |     response:
47 |       status_code: 200
48 |       save:
49 |         $ext:
50 |           function: myutils:save_response
51 |           extra_kwargs:
52 |             filename: vault03-dc1-vault.json
53 | 


--------------------------------------------------------------------------------
/yapi/pki/test_pki_consul.tavern.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | test_name: 01-Create roles
 3 | stages:
 4 | 
 5 |   - name: 02-Create consul server certificate
 6 |     request:
 7 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/pki/issue/dc1-consul"
 8 |       method: POST
 9 |       headers:
10 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
11 |       json:
12 |         common_name: "server.dc1.consul"
13 |         ttl": "720h"
14 |     response:
15 |       status_code: 200
16 |       save:
17 |         $ext:
18 |           function: myutils:save_response
19 |           extra_kwargs:
20 |             filenane: server-dc1-consul.json
21 | 
22 | 
23 |   - name: 02-Create consul agent certificate
24 |     request:
25 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/pki/issue/dc1-consul"
26 |       method: POST
27 |       headers:
28 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
29 |       json:
30 |         common_name: "agent.dc1.consul"
31 |         ttl": "720h"
32 |     response:
33 |       status_code: 200
34 |       save:
35 |         $ext:
36 |           function: myutils:save_response
37 |           extra_kwargs:
38 |             filename: agent-dc1-consul.json
39 |   - name: 02-Create consul cli certificate
40 |     request:
41 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/pki/issue/dc1-consul"
42 |       method: POST
43 |       headers:
44 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
45 |       json:
46 |         common_name: "cli.dc1.consul"
47 |         ttl": "720h"
48 |     response:
49 |       status_code: 200
50 |       save:
51 |         $ext:
52 |           function: myutils:save_response
53 |           extra_kwargs:
54 |             filename: cli-dc1-consul.json
55 | 


--------------------------------------------------------------------------------
/yapi/tickets/test_control_group_20201.tavern.yaml:
--------------------------------------------------------------------------------
  1 | 
  2 | ---
  3 | test_name: 00-Enable userpass auth and secrets
  4 | stages:
  5 | 
  6 |   - name: 00-Enable userpass auth
  7 |     request:
  8 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/sys/auth/userpass"
  9 |       method: POST
 10 |       headers:
 11 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
 12 |       json:
 13 |         type: userpass
 14 | 
 15 |     response:
 16 |       status_code: 204
 17 |   - name: 00-Enable secret at gts_test_collection
 18 |     request:
 19 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/sys/mounts/gts_test_collection"
 20 |       method: POST
 21 |       headers:
 22 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
 23 |       json:
 24 |         type: kv
 25 |         options:
 26 |           version: '2'
 27 |     response:
 28 |       status_code: 204    
 29 | ---
 30 | test_name: 01-Create user requestor
 31 | stages:
 32 | 
 33 |   - name: 01-Create user requestor
 34 |     request:
 35 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/auth/userpass/users/requestor"
 36 |       method: POST
 37 |       headers:
 38 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
 39 |       json:
 40 |         password: "tavern"
 41 | 
 42 |     response:
 43 |       status_code: 204
 44 | ---
 45 | test_name: 02-Create user approver
 46 | stages:
 47 | 
 48 |   - name: 02-Create user approver
 49 |     request:
 50 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/auth/userpass/users/approver"
 51 |       method: POST
 52 |       headers:
 53 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
 54 |       json:
 55 |         password: "tavern"
 56 | 
 57 |     response:
 58 |       status_code: 204
 59 | ---
 60 | test_name: 03-Create policies
 61 | stages:
 62 |   - name: Create approver-policy
 63 |     request:
 64 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/sys/policy/approver-policy"
 65 |       method: POST
 66 |       headers:
 67 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
 68 |       json: !include control_group_20201.approver_policy.json
 69 | 
 70 |   - name: Create Requestor-policy
 71 |     request:
 72 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/sys/policy/requestor-policy"
 73 |       method: POST
 74 |       headers:
 75 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
 76 |       json: !include control_group_20201.requestor_policy.json
 77 |     response:
 78 |       status_code: 204
 79 | ---
 80 | test_name: 04-Create Entity and group
 81 | stages:
 82 |   - name: Retrieve userpass accessor
 83 |     request:
 84 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/sys/auth"
 85 |       method: GET
 86 |       headers:
 87 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
 88 | 
 89 |     response:
 90 |       status_code: 200
 91 |       save:
 92 |         body:
 93 |           accessor: data."userpass/".accessor
 94 | 
 95 |   - name: Create approver Entity
 96 |     request:
 97 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/identity/entity"
 98 |       method: PUT
 99 |       headers:
100 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
101 |       json:
102 |         metadata: team=Approver
103 |         name: approver
104 |         policies: approver-policy
105 |     response:
106 |       status_code: 
107 |         - 200
108 |         - 204
109 |       save:
110 |         body:
111 |           approver_identity_id: data.id
112 | 
113 |   - name: Create approver entity alias 
114 |     request:
115 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/identity/entity-alias"
116 |       method: POST
117 |       headers:
118 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
119 |       json:
120 |         name: approver
121 |         canonical_id: "{approver_identity_id}"
122 |         mount_accessor:  "{accessor}"
123 | 
124 |   - name: Create Requestor Entity
125 |     request:
126 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/identity/entity"
127 |       method: PUT
128 |       headers:
129 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
130 |       json:
131 |         metadata: team=Requestor
132 |         name: requestor
133 |         policies: requestor-policy
134 |     response:
135 |       status_code:
136 |         - 200
137 |         - 204
138 |       save:
139 |         body:
140 |           requestor_identity_id: data.id
141 | 
142 |   - name: Create requestor entity alias 
143 |     request:
144 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/identity/entity-alias"
145 |       method: POST
146 |       headers:
147 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
148 |       json:
149 |         name: requestor
150 |         canonical_id: "{requestor_identity_id}"
151 |         mount_accessor:  "{accessor}"
152 |     response:
153 |       status_code:
154 |         - 200
155 |         - 204
156 | 
157 |   - name: Create approver group
158 |     request:
159 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/identity/group"
160 |       method: POST
161 |       headers:
162 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
163 |       json:
164 |         name: approver-group
165 |         policies: approver-policy
166 |         member_entity_ids: "{approver_identity_id}"
167 |     response:
168 |       status_code:
169 |         - 200
170 |         - 204
171 |   


--------------------------------------------------------------------------------
/yapi/tickets/test_ldap_20163.tavern.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | test_name: 01-Enable ldap
 3 | stages:
 4 | 
 5 |   - name: 01-Enable ldap
 6 |     request:
 7 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/sys/auth/ldap"
 8 |       method: POST
 9 |       headers:
10 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
11 |       json:
12 |         type: "ldap"
13 | 
14 |     response:
15 |       status_code: 204
16 | ---
17 | test_name: 02-Configure ldap
18 | stages:
19 | 
20 |   - name: 02-Configure ldap
21 |     request:
22 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/auth/ldap/config"
23 |       method: POST
24 |       headers:
25 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
26 |       json:
27 |         url: "ldap://52.165.39.214:389"
28 |         userdn: "CN=Users,DC=example,DC=com"
29 |         discoverdn: false
30 |         deny_null_bind:  true
31 |         userattr:  "sAMAccountName"
32 | #        upndomain: "example.com"
33 | #        upndomain: ""
34 |         binddn: "CN=ldap-user,CN=Users,DC=example,DC=com"
35 |         bindpass: "!4dt3st32255"
36 |         groupfilter: "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"
37 |         groupattr: "memberOf"
38 |         groupdn: "OU=MyGroups,DC=example,DC=com"
39 |         use_token_groups : true
40 |         case_sensitive_names : true
41 |     response:
42 |       status_code: 204
43 | 
44 | ---
45 | test_name: 03-Create mysecret policy
46 | stages:
47 | 
48 |   - name: 03-Associate group
49 |     request:
50 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/sys/policy/mysecrets"
51 |       method: POST
52 |       headers:
53 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
54 |       json:
55 |         policy: "path \"secret/*\"\n{{\n  capabilities = [\"create\", \"read\", \"update\", \"delete\", \"list\", \"sudo\"]\n}}"
56 |     response:
57 |       status_code: 204
58 | 
59 | ---
60 | test_name: 04-Associate group
61 | stages:
62 | 
63 |   - name: 04-Associate group
64 |     request:
65 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/auth/ldap/groups/TestUsers"
66 |       method: POST
67 |       headers:
68 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
69 |       json:
70 |         policies: "mysecrets"
71 | 
72 |     response:
73 |       status_code: 204
74 | 
75 | 
76 | 
77 | 


--------------------------------------------------------------------------------
/yapi/tickets/test_ldap_anon.tavern.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | test_name: 01-Enable ldap
 3 | stages:
 4 | 
 5 |   - name: 01-Enable ldap
 6 |     request:
 7 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/sys/auth/ldap"
 8 |       method: POST
 9 |       headers:
10 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
11 |       json:
12 |         type: "ldap"
13 | 
14 |     response:
15 |       status_code: 200
16 | ---
17 | test_name: 02-Configure ldap
18 | stages:
19 | 
20 |   - name: 02-Configure ldap
21 |     request:
22 |       url: "{tavern.env_vars.VAULT_ADDR}/v1/auth/ldap/config"
23 |       method: POST
24 |       headers:
25 |         X-Vault-Token: "{tavern.env_vars.VAULT_TOKEN}"
26 |       json:
27 |         url: "ldap://52.165.39.214:389"
28 |         userdn: "CN=Users,DC=example,DC=com"
29 |         discoverdn: true
30 |         userattr: sAMAccountName
31 |     response:
32 |       status_code: 204


--------------------------------------------------------------------------------
/yapi/vault/01-init.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | test_name: Init Vault
 3 | stages:
 4 |   - name: Init Vault
 5 |     request:
 6 |       url: "{env_vars.VAULT_ADDR}/v1/sys/init"
 7 |       method: PUT
 8 |       json:
 9 |         secret_shares: 1
10 |         secret_threshold: 1
11 |     response:
12 |       status_code: 200
13 |       save:
14 |         $ext:
15 |           function: extensions.save_response
16 |           extra_kwargs:
17 |             path: "{env_vars.VAULT_DATA}/init.json"
18 | 


--------------------------------------------------------------------------------
/yapi/vault/02-unseal.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | test_name: Unseal Vault
 3 | stages:
 4 |   - name: Unseal Vault
 5 |     request:
 6 |       url: "{env_vars.VAULT_ADDR}/v1/sys/unseal"
 7 |       method: PUT
 8 |       json:
 9 |         $ext:
10 |           function: extensions.read_json
11 |           extra_kwargs:
12 |             path: "{env_vars.VAULT_DATA}/init.json"
13 |             sub_vars: True
14 |         key: "ext._keys.to_list()[0]"
15 |     response:
16 |       status_code: 200
17 |       save:
18 |         $ext:
19 |           function: extensions.save_response
20 |           extra_kwargs:
21 |             path: "{env_vars.VAULT_DATA}/unsealed_response.json"
22 | 


--------------------------------------------------------------------------------
/yapi/vault/03-replication_enable_primary.yaml:
--------------------------------------------------------------------------------
 1 | # To find out what IP to set to primary_cluster_addr 
 2 | # $ docker network inspect vault_secondary | jq -r '.[] .Containers | with_entries(select(.value.Name=="haproxy"))| .[] .IPv4Address' | awk -F "/" '{print $1}'
 3 | # To use this test case
 4 | # $ env VAULT_TOKEN=(cat primary/init.json | jq -r '.root_token') VAULT_ADDR=http://127.0.0.1:9201 SECONDARY_HAPROXY_ADDR=(docker network inspect vault_secondary | jq -r '.[] .Containers | with_entries(select(.value.Name=="haproxy"))| .[] .IPv4Address' | awk -F "/" '{print $1}') tavern-ci test_replication.tavern.yaml --debug
 5 | ---
 6 | test_name: Enable primary
 7 | stages:
 8 |   - name: Enable primary
 9 |     request:
10 |       url: "{env_vars.VAULT_ADDR}/v1/sys/replication/performance/primary/enable"
11 |       method: PUT
12 |       headers:
13 |         X-Vault-Token: "{env_vars.VAULT_TOKEN}"      
14 |       json:
15 |         primary_cluster_addr: "https://{env_vars.SECONDARY_HAPROXY_ADDR}:8201"
16 |     response:
17 |       status_code: 204
18 | 
19 | 


--------------------------------------------------------------------------------
/yapi/vault/04-replication_secondary_token.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | test_name: Create secondary-token
 3 | stages:
 4 |   - name: Create secondary-token
 5 |     request:
 6 |       url: "{env_vars.VAULT_ADDR}/v1/sys/replication/performance/primary/secondary-token"
 7 |       method: POST
 8 |       headers:
 9 |         X-Vault-Token: "{env_vars.VAULT_TOKEN}"      
10 |       json:
11 |         id: "secondary"
12 |         ttl: "24h"
13 |     response:
14 |       status_code: 200
15 |       save:
16 |         $ext:
17 |           function: extensions.save_response
18 |           extra_kwargs:
19 |             path: "{env_vars.VAULT_DATA}/secondary-token.json"
20 | 


--------------------------------------------------------------------------------
/yapi/vault/05-replication_activate_secondary.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | test_name: Activate Secondary
 3 | stages:
 4 |   - name: Activate Secondary
 5 |     request:
 6 |       url: "{env_vars.VAULT_ADDR}/v1/sys/replication/performance/secondary/enable"
 7 |       method: POST
 8 |       headers:
 9 |         X-Vault-Token: "{env_vars.VAULT_TOKEN}"      
10 |       json:
11 |         $ext:
12 |           function: extensions.read_json
13 |           extra_kwargs:
14 |             path: "{env_vars.VAULT_DATA}/secondary-token.json"
15 |             sub_vars: True
16 |         token: "ext.wrap_info.token"
17 |         primary_api_addr: "http://{env_vars.SECONDARY_HAPROXY_ADDR}:8200"
18 |     response:
19 |       status_code: 200
20 |       save:
21 |         $ext:
22 |           function: extensions.save_response
23 |           extra_kwargs:
24 |             path: "{env_vars.VAULT_DATA}/enable-secondary-resp.json"


--------------------------------------------------------------------------------
/yapi/vault/06-replication_generate_root_secondary.yaml:
--------------------------------------------------------------------------------
 1 | #https://www.vaultproject.io/api/system/generate-root.html
 2 | ---
 3 | test_name: Root token generation
 4 | stages:
 5 |   - name: 01-Start root token generation
 6 |     request:
 7 |       url: "{env_vars.VAULT_ADDR}/v1/sys/generate-root/attempt"
 8 |       method: PUT
 9 |     response:
10 |       status_code: 200
11 |       save:
12 |         $ext:
13 |           function: extensions.save_response
14 |           extra_kwargs:
15 |             path: "{env_vars.VAULT_DATA}/06-01-generate-root.json"
16 | #Save the nonce and otp for the next call
17 |       body:
18 |         nonce: nonce
19 |         otp: otp
20 |   - name: 02-Provide key share and nonce
21 |     request:
22 |       url: "{env_vars.VAULT_ADDR}/v1/sys/generate-root/update"
23 |       method: PUT
24 |       json:
25 |         $ext:
26 |           function: extensions.read_json
27 |           extra_kwargs:
28 |             path: "{env_vars.VAULT_DATA_KEYS}/init.json"
29 |             sub_vars: True
30 | # 'keys' is a reserved keyword in python so it gets renamed to _keys
31 |         key: "ext._keys.to_list()[0]"
32 |         nonce: resp.nonce
33 |     response:
34 |       status_code: 200
35 |       save:
36 |         $ext:
37 |           function: extensions.save_response
38 |           extra_kwargs:
39 |             path: "{env_vars.VAULT_DATA}/06-02-generate-root.json"
40 | #Save the nonce and otp for the next call
41 |       body:
42 |         encoded_token: encoded_token
43 |   - name: 03-Get decoded root token
44 |     request:
45 |       url: "{env_vars.VAULT_ADDR}/v1/sys/generate-root/attempt"
46 |       method: GET
47 |       headers:
48 |         X-Vault-Token: "{env_vars.VAULT_TOKEN}"
49 |     response:
50 |       status_code: 200
51 |       save:
52 |         $ext:
53 |           function: extensions.decode_vault_token
54 |           extra_kwargs:
55 |             path: "{env_vars.VAULT_DATA}/init.json" 
56 |             encoded: resp.encoded_token
57 |             otp: resp.otp
58 | 


--------------------------------------------------------------------------------
/yapi/vault/07-dr-enable.yaml:
--------------------------------------------------------------------------------
1 | # $ docker network inspect vault_dr | jq -r '.[] .Containers | with_entries(select(.value.Name=="haproxy"))| .[] .IPv4Address' | awk -F "/" '{print $1}'
2 | #dr primary) $ vault write -f sys/replication/dr/primary/enable primary_cluster_addr="https://172.18.0.11:9201"
3 | #dr primary) $ vault write sys/replication/dr/primary/secondary-token id="dr-secondary"
4 | #dr secondary) $ vault write sys/replication/dr/secondary/enable token="..." primary_api_addr="http://172.18.0.11:9200"
5 | 
6 | #
7 | #


--------------------------------------------------------------------------------
/yapi/vault/optional-revoke-secondary.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | test_name: Revoke secondary
 3 | stages:
 4 |   - name: Revoke secondary
 5 |     request:
 6 |       url: "{env_vars.VAULT_ADDR}/v1/sys/replication/performance/primary/revoke-secondary"
 7 |       method: POST
 8 |       headers:
 9 |         X-Vault-Token: "{env_vars.VAULT_TOKEN}"      
10 |       json:
11 |         id: "secondary"
12 |     response:
13 |       status_code: 200
14 | 
15 | 


--------------------------------------------------------------------------------