+ subscribes :reload, "template[/etc/prometheus/alert_rules.yml]"
+ subscribes :restart, "archive_file[#{cache_dir}/prometheus.linux.tar.gz]"
+end
+
+systemd_service "prometheus-alertmanager" do
+ description "Prometheus alert manager"
+ type "simple"
+ user "prometheus"
+ exec_start "/opt/prometheus-server/alertmanager/alertmanager --config.file=/etc/prometheus/alertmanager.yml --storage.path=/var/lib/prometheus/alertmanager --web.external-url=https://prometheus.openstreetmap.org/alertmanager"
+ exec_reload "/bin/kill -HUP $MAINPID"
+ timeout_stop_sec 20
+ restart "on-failure"
+ notifies :restart, "service[prometheus-alertmanager]"
+end
+
+link "/usr/local/bin/promtool" do
+ to "/opt/prometheus-server/prometheus/promtool"
+end
+
+template "/etc/prometheus/alertmanager.yml" do
+ source "alertmanager.yml.erb"
+ owner "root"
+ group "root"
+ mode "644"
+end
+
+directory "/var/lib/prometheus/alertmanager" do
+ owner "prometheus"
+ group "prometheus"
+ mode "755"
+end
+
+service "prometheus-alertmanager" do
+ action [:enable, :start]
+ subscribes :reload, "template[/etc/prometheus/alertmanager.yml]"
+ subscribes :restart, "systemd_service[prometheus-alertmanager]"
+ subscribes :restart, "archive_file[#{cache_dir}/alertmanager.linux.tar.gz]"
+end
+
+directory "/etc/amtool" do
+ owner "root"
+ group "root"
+ mode "755"
+end
+
+template "/etc/amtool/config.yml" do
+ source "amtool.yml.erb"
+ owner "root"
+ group "root"
+ mode "644"
+end
+
+link "/usr/local/bin/amtool" do
+ to "/opt/prometheus-server/alertmanager/amtool"
+end
+
+template "/etc/prometheus/karma.yml" do
+ source "karma.yml.erb"
+ owner "root"
+ group "root"
+ mode "644"
+end
+
+systemd_service "prometheus-karma" do
+ description "Alert dashboard for Prometheus Alertmanager"
+ user "prometheus"
+ exec_start "/opt/prometheus-server/karma/karma-linux-#{prometheus_arch} --config.file=/etc/prometheus/karma.yml"
+ sandbox :enable_network => true
+ restart "on-failure"
+end
+
+service "prometheus-karma" do
+ action [:enable, :start]
+ subscribes :restart, "template[/etc/prometheus/karma.yml]"
+ subscribes :restart, "archive_file[#{cache_dir}/karma-linux.tar.gz]"
+ subscribes :restart, "systemd_service[prometheus-karma]"
+end
+
+package "grafana-enterprise"
+
+template "/etc/grafana/grafana.ini" do
+ source "grafana.ini.erb"
+ owner "root"
+ group "grafana"
+ mode "640"
+ variables :passwords => passwords
+end
+
+service "grafana-server" do
+ action [:enable, :start]
+ subscribes :restart, "template[/etc/grafana/grafana.ini]"
+end
+
+apache_module "alias"
+apache_module "proxy_http"
+apache_module "proxy_wstunnel"
+
+ssl_certificate "prometheus.openstreetmap.org" do
+ domains ["prometheus.openstreetmap.org", "prometheus.osm.org"]
+ notifies :reload, "service[apache2]"
+end
+
+apache_site "prometheus.openstreetmap.org" do
+ template "apache.erb"
+ variables :admin_hosts => admins["hosts"]
+end
+
+template "/etc/cron.daily/prometheus-backup" do
+ source "backup.cron.erb"
+ owner "root"
+ group "root"
+ mode "750"
+end
+
+package %w[
+ curl
+ jq
+]
+
+directory "/var/lib/prometheus/.aws" do
+ user "prometheus"
+ group "prometheus"
+ mode "755"
+end
+
+template "/var/lib/prometheus/.aws/credentials" do
+ source "aws-credentials.erb"
+ user "prometheus"
+ group "prometheus"
+ mode "600"
+ variables :passwords => passwords
+end
+
+template "/usr/local/bin/prometheus-backup-data" do
+ source "backup-data.erb"
+ owner "root"
+ group "root"
+ mode "755"
+end
+
+systemd_service "prometheus-backup-data" do
+ description "Backup prometheus data to S3"
+ user "prometheus"
+ exec_start "/usr/local/bin/prometheus-backup-data"
+ read_write_paths %w[
+ /var/lib/prometheus/.aws
+ /var/lib/prometheus/metrics2/snapshots
+ ]
+ sandbox :enable_network => true
+end
+
+systemd_timer "prometheus-backup-data" do
+ description "Backup prometheus data to S3"
+ on_calendar "03:11"
+end
+
+service "prometheus-backup-data.timer" do
+ action [:enable, :start]