put networks into .env and added monitoring hosts

2021-12-20 20:03:14 +01:00
parent 47b0325d7e
commit c527e48804
3 changed files with 143 additions and 13 deletions
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ Tested on Ubuntu 20.04.3 LTS
 docker <br />
 docker-compose <br />
 DNS A-Record pointing to your server <br />
-Paste wireguard wg0.conf from wireguard-server to wireguard/config/wg0.conf
+Wireguard-Server: Paste wireguard wg0.conf from wireguard-server to wireguard/config/wg0.conf <br />

 #### Usage

@@ -63,6 +63,7 @@ Check if there is a file here /traefic/letsencrypt/acme.json if yes, you have to
 Otherwise traefik will not issue the certificate for an existing domain. <br />

 #### TODO !!!! 
+alles uebr traefik aufen lassen?
 mal alle geth clients mit erigon vergleichen

 General Monitoring <br />
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,6 +2,7 @@ version: '3.1'

 services:

+### TRAEFIK
 #  Basic Auth not working. Problems with parsing var from .env
 #  traefik:
 #    image: traefik:latest
@@ -11,7 +12,7 @@ services:
 #      - "443:443"
 #      - "127.0.0.1:8080:8080"
 #    networks:
-#      - pocket
+#      - $NET_POKT
 #    command:
 #      - "--api=true"
 #      - "--api.insecure=true"
@@ -32,6 +33,7 @@ services:
 #      - "traefik.enable=true"
 #      - 'traefik.http.middlewares.auth.basicauth.users=$AUTH_HTTP'

+### NODES
  geth-goerli:
    image: ethereum/client-go:latest
    expose:
@@ -42,7 +44,7 @@ services:
      - geth-goerli:/.goerli
    command: "--goerli --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .goerli --verbosity 3"
    networks:
-      - pocket
+      - $NET_POKT

  geth-rinkeby:
    image: ethereum/client-go:latest
@@ -54,7 +56,7 @@ services:
      - geth-rinkeby:/.rinkeby
    command: "--rinkeby --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .rinkeby --verbosity 3"
    networks:
-      - pocket
+      - $NET_POKT
    restart: unless-stopped

  geth-ropsten:
@@ -67,7 +69,7 @@ services:
      - geth-ropsten:/.ropsten
    command: "--ropsten --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .ropsten --verbosity 3"
    networks:
-      - pocket
+      - $NET_POKT
    restart: unless-stopped

  geth-mainnet:
@@ -80,7 +82,7 @@ services:
      - geth-mainnet:/.mainnet
    command: "--http  --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .mainnet --verbosity 3"
    networks:
-      - pocket
+      - $NET_POKT
    restart: unless-stopped

  erigon-trace:
@@ -92,7 +94,7 @@ services:
      - erigon-trace:/home/erigon/.local/share/erigon
    command: erigon --chain mainnet --metrics --metrics.addr=0.0.0.0 --metrics.port=6060 --private.api.addr=0.0.0.0:9090 --pprof --pprof.addr=0.0.0.0 --pprof.port=6061
    networks:
-      - pocket
+      - $NET_POKT
    restart: unless-stopped

  rpcdaemon:
@@ -106,6 +108,8 @@ services:
    restart: unless-stopped
    depends_on:
      - "erigon-trace"
+    networks:
+      - $NET_POKT

  avalanche:
    image: avaplatform/avalanchego
@@ -117,7 +121,7 @@ services:
      - avalanche:/root/.avalanche
    command: "/avalanchego/build/avalanchego --http-host="
    networks:
-      - pocket
+      - $NET_POKT
    restart: unless-stopped

  pocket-testnet:
@@ -137,7 +141,7 @@ services:
      - ./chains/chains_testnet.json:/home/app/.pocket/config/chains.json
      - pocket-testnet:/home/app/.pocket
    networks:
-      - pocket
+      - $NET_POKT
    restart: unless-stopped

  pocket-mainnet:
@@ -159,7 +163,7 @@ services:
      - ./bootstrap_skript/pokt_mainnet.sh:/home/app/.pocket/pokt_mainnet.sh
      - pocket-mainnet:/home/app/.pocket
    networks:
-      - pocket
+      - $NET_POKT
 #    labels:
 #      - "traefik.enable=true"
 #      - "traefik.http.services.myservice.loadbalancer.server.port=8081"
@@ -169,6 +173,9 @@ services:
 #      - "traefik.http.routers.pocket-mainnet.middlewares=auth"
    restart: unless-stopped

+
+### WIREGUARD
+
  wireguard:
    image: lscr.io/linuxserver/wireguard
    container_name: wireguard
@@ -179,15 +186,91 @@ services:
      - PUID=$PUID
      - PGID=$PGID
    volumes:
-      - .wireguard/config:/config
+      - ./wireguard/config/wg0.conf:/config/wg0.conf
      - /lib/modules:/lib/modules
    ports:
      - $SERVERPORT:$SERVERPORT/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped
+    networks:
+      - $NET_MONITOR

+### MONITORING

+  prometheus:
+    image: prom/prometheus:v2.30.3
+    container_name: prometheus
+    volumes:
+      - ./prometheus:/etc/prometheus
+      - prometheus_data:/prometheus
+    command:
+      - '--config.file=/etc/prometheus/prometheus.yml'
+      - '--storage.tsdb.path=/prometheus'
+      - '--web.console.libraries=/etc/prometheus/console_libraries'
+      - '--web.console.templates=/etc/prometheus/consoles'
+      - '--storage.tsdb.retention.time=200h'
+      - '--web.enable-lifecycle'
+    restart: unless-stopped
+    expose:
+      - 9090
+    networks:
+      - $NET_MONITOR
+    labels:
+      org.label-schema.group: "monitoring"
+
+  nodeexporter:
+    image: prom/node-exporter:v1.2.2
+    container_name: nodeexporter
+    volumes:
+      - /proc:/host/proc:ro
+      - /sys:/host/sys:ro
+      - /:/rootfs:ro
+    command:
+      - '--path.procfs=/host/proc'
+      - '--path.rootfs=/rootfs'
+      - '--path.sysfs=/host/sys'
+      - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
+    restart: unless-stopped
+    expose:
+      - 9100
+    networks:
+      - $NET_MONITOR
+    labels:
+      org.label-schema.group: "monitoring"
+
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor:v0.42.0
+    container_name: cadvisor
+    privileged: true
+    devices:
+      - /dev/kmsg:/dev/kmsg
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:ro
+      - /sys:/sys:ro
+      - /var/lib/docker:/var/lib/docker:ro
+      #- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux
+    restart: unless-stopped
+    expose:
+      - 8080
+    networks:
+      - $NET_MONITOR
+    labels:
+      org.label-schema.group: "monitoring"
+
+  pushgateway:
+    image: prom/pushgateway:v1.4.2
+    container_name: pushgateway
+    restart: unless-stopped
+    expose:
+      - 9091
+    networks:
+      - $NET_MONITOR
+    labels:
+      org.label-schema.group: "monitoring"
+
+### VOLUMES

 volumes:
  geth-goerli:
@@ -198,8 +281,12 @@ volumes:
  avalanche:
  pocket-testnet:
  pocket-mainnet:
+  prometheus_data:
+
+### NETWORKS

 networks:
-  pocket:
+  $NET_MONITOR:
+    driver: bridge
+  $NET_POKT:
    driver: bridge
-
--- a/prometheus/prometheus.yml
+++ b/prometheus/prometheus.yml
@@ -0,0 +1,42 @@
+global:
+  scrape_interval:     15s
+  evaluation_interval: 15s
+
+  # Attach these labels to any time series or alerts when communicating with
+  # external systems (federation, remote storage, Alertmanager).
+  external_labels:
+      monitor: 'docker-host-alpha'
+
+# Load and evaluate rules in this file every 'evaluation_interval' seconds.
+rule_files:
+  - "alert.rules"
+
+# A scrape configuration containing exactly one endpoint to scrape.
+scrape_configs:
+  - job_name: 'nodeexporter'
+    scrape_interval: 5s
+    static_configs:
+      - targets: ['nodeexporter:9100']
+
+  - job_name: 'cadvisor'
+    scrape_interval: 5s
+    static_configs:
+      - targets: ['cadvisor:8080']
+
+  - job_name: 'prometheus'
+    scrape_interval: 10s
+    static_configs:
+      - targets: ['localhost:9090']
+
+  - job_name: 'pushgateway'
+    scrape_interval: 10s
+    honor_labels: true
+    static_configs:
+      - targets: ['pushgateway:9091']
+
+alerting:
+  alertmanagers:
+  - scheme: http
+    static_configs:
+    - targets:
+      - 'alertmanager:9093'