deploy tricot metrics on production

cluster/prod/app/core/deploy/core.hcl

@@ -75,13 +75,14 @@ EOH
     network {
       port "http_port" { static = 80 }
       port "https_port" { static = 443 }
+      port "metrics_port" { static = 9334 }
     }
 
     task "server" {
       driver = "docker"
 
       config {
-        image = "lxpz/amd64_tricot:42"
+        image = "lxpz/amd64_tricot:44"
         network_mode = "host"
         readonly_rootfs = true
         ports = [ "http_port", "https_port" ]
@@ -91,7 +92,7 @@ EOH
       }
 
       resources {
-        cpu = 500
+        cpu = 1000
         memory = 200
         memory_max = 500
       }
@@ -129,6 +130,7 @@ TRICOT_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt
 TRICOT_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key
 TRICOT_HTTP_BIND_ADDR=[::]:80
 TRICOT_HTTPS_BIND_ADDR=[::]:443
+TRICOT_METRICS_BIND_ADDR=[::]:9334
 RUST_LOG=tricot=debug
 EOH
         destination = "secrets/env"
@@ -148,6 +150,12 @@ EOH
         tags = [ "(diplonat (tcp_port 443))", "${meta.site}" ]
         address_mode = "host"
       }
+
+      service {
+        name = "tricot-metrics"
+        port = "metrics_port"
+        address_mode = "host"
+      }
     }
   }
 

cluster/prod/app/telemetry/config/prometheus.yml

@@ -16,6 +16,16 @@ scrape_configs:
         cert_file: /etc/prometheus/consul-client.crt
         key_file: /etc/prometheus/consul-client.key
 
+  - job_name: 'tricot'
+    consul_sd_configs:
+    - server: 'https://localhost:8501'
+      services:
+        - 'tricot-metrics'
+      tls_config:
+        ca_file: /etc/prometheus/consul.crt
+        cert_file: /etc/prometheus/consul-client.crt
+        key_file: /etc/prometheus/consul-client.key
+
   - job_name: 'garage'
     authorization:
       type: Bearer

cluster/staging/app/frontend/deploy/frontend-tricot.hcl

@@ -12,7 +12,7 @@ job "frontend" {
     network {
       port "http_port" { static = 80 }
       port "https_port" { static = 443 }
-      port "metrics_port" { static = 8334 }
+      port "metrics_port" { static = 9334 }
     }
 
     task "server" {
@@ -20,7 +20,7 @@ job "frontend" {
 
       config {
         packages = [
-          "git+https://git.deuxfleurs.fr/Deuxfleurs/tricot.git?ref=main&rev=ba5bf133f61c3a56728c2ab73e11abf47ef8348c"
+          "git+https://git.deuxfleurs.fr/Deuxfleurs/tricot.git?ref=main&rev=8d1162f20694d5d8551879e7ba9b34c817f0caed"
         ]
         command = "tricot"
         # cap_add = [ "net_bind_service" ]  # this doesn't work for whatever reason, so we need to put user = "root" instead
@@ -65,7 +65,7 @@ TRICOT_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt
 TRICOT_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key
 TRICOT_HTTP_BIND_ADDR=[::]:80
 TRICOT_HTTPS_BIND_ADDR=[::]:443
-TRICOT_METRICS_BIND_ADDR=[::]:8334
+TRICOT_METRICS_BIND_ADDR=[::]:9334
 RUST_LOG=tricot=debug
 EOH
         destination = "secrets/env"

doc/ports

@@ -46,4 +46,5 @@ ports so that we can avoid conflicts when adding services.
 8999    opendkim
 9090    prometheus
 9100    node_exporter
+9334    tricot metrics
 9991    guichet