Terraform для self-hosted Status200
Руководство для инсталляций Status200 у себя: версии, конфигурация и практики использования Terraform provider.
Важно
⚠️ Проекты через Terraform не создаются — сначала создайте проект в dashboard Status200 и используйте его project_id в Terraform.
⚠️ Главное правило: версия Terraform provider должна точно совпадать с версией установки Status200.
Структура ресурсов
У ресурсов Status200 в Terraform обычно:
name(обязательно) — имя;description(опционально) — описание;data(опционально) — сложная конфигурация в JSON.
Совместимость версий
⚠️ Снова: pin версии provider под версию Status200.
Зачем
- Provider генерируется из API Status200;
- Между версиями меняются эндпоинты и схемы;
- Несовпадение → ошибки и непредсказуемое поведение;
- Pin даёт предсказуемость.
Как узнать версию Status200
1. Dashboard
Settings → About (например, 7.0.123)
2. API
curl https://your-status200-instance.com/api/status3. Docker
docker images | grep status200
# тег образа, например status200/dashboard:7.0.1234. Helm
helm list -n status2005. Переменные окружения
grep -r "APP_VERSION\|IMAGE_TAG" /path/to/your/status200/configШаблоны provider
7.0.x
terraform {
required_providers {
status200 = {
source = "status200/status200"
version = "= 7.0.123" # ваш build
}
}
required_version = ">= 1.0"
}
provider "status200" {
status200_url = "https://status200.yourcompany.com"
api_key = var.status200_api_key
}7.1.x
terraform {
required_providers {
status200 = {
source = "status200/status200"
version = "= 7.1.45"
}
}
required_version = ">= 1.0"
}
provider "status200" {
status200_url = "https://status200.yourcompany.com"
api_key = var.status200_api_key
}Полный пример конфигурации
# versions.tf
terraform {
required_providers {
status200 = {
source = "status200/status200"
version = "= 7.0.123"
}
}
required_version = ">= 1.0"
# Опционально: remote state
backend "s3" {
bucket = "your-terraform-state-bucket"
key = "status200/terraform.tfstate"
region = "us-west-2"
}
}
# variables.tf
variable "status200_url" {
description = "URL инстанса Status200"
type = string
default = "https://status200.yourcompany.com"
}
variable "status200_api_key" {
description = "API key Status200"
type = string
sensitive = true
}
variable "environment" {
description = "Имя окружения"
type = string
default = "production"
}
# providers.tf
provider "status200" {
status200_url = var.status200_url
api_key = var.status200_api_key
}
variable "project_id" {
description = "ID проекта Status200 (создать вручную в dashboard)"
type = string
}
# main.tf
resource "status200_team" "infrastructure" {
name = "Infrastructure Team"
description = "Infrastructure and operations team"
}
resource "status200_team" "development" {
name = "Development Team"
description = "Application development team"
project_id = status200_project.main.id
}
resource "status200_monitor" "database" {
name = "${var.environment}-database"
project_id = status200_project.main.id
monitor_type = "port"
hostname = "db.internal.yourcompany.com"
port = 5432
interval = "2m"
timeout = "10s"
tags = {
team = "infrastructure"
service = "database"
environment = var.environment
criticality = "critical"
}
}
resource "status200_monitor" "application" {
name = "${var.environment}-application"
project_id = status200_project.main.id
monitor_type = "website"
url = "https://app.yourcompany.com/health"
interval = "1m"
timeout = "30s"
expected_status_codes = [200]
tags = {
team = "development"
service = "application"
environment = var.environment
criticality = "high"
}
}
resource "status200_on_call_policy" "infrastructure_oncall" {
name = "Infrastructure On-Call"
project_id = status200_project.main.id
team_id = status200_team.infrastructure.id
schedules {
name = "24x7 Infrastructure"
timezone = "America/New_York"
layers {
name = "Primary"
users = ["infra1@yourcompany.com", "infra2@yourcompany.com"]
rotation_type = "weekly"
start_time = "00:00"
end_time = "23:59"
days = ["monday", "tuesday", "wednesday", "thursday", "friday", "saturday", "sunday"]
}
}
}
resource "status200_alert_policy" "critical_infrastructure" {
name = "Critical Infrastructure Alerts"
project_id = status200_project.main.id
conditions {
monitor_id = status200_monitor.database.id
threshold = "down"
}
actions {
type = "email"
recipients = ["infrastructure@yourcompany.com"]
}
actions {
type = "oncall_escalation"
oncall_policy_id = status200_on_call_policy.infrastructure_oncall.id
}
}
resource "status200_status_page" "internal" {
name = "Internal Services Status"
project_id = status200_project.main.id
domain = "status.internal.yourcompany.com"
components {
name = "Database"
monitor_id = status200_monitor.database.id
}
components {
name = "Application"
monitor_id = status200_monitor.application.id
}
}
# outputs.tf
output "project_id" {
description = "Project ID"
value = status200_project.main.id
}
output "status_page_url" {
description = "URL status page"
value = "https://${status200_status_page.internal.domain}"
}Окружения
Development
# dev.tfvars
status200_url = "https://status200-dev.yourcompany.com"
environment = "development"Staging
# staging.tfvars
status200_url = "https://status200-staging.yourcompany.com"
environment = "staging"Production
# prod.tfvars
status200_url = "https://status200.yourcompany.com"
environment = "production"Обновление self-hosted
1. Перед апгрейдом
terraform state pull > backup-$(date +%Y%m%d).tfstate
curl https://status200.yourcompany.com/api/status | jq '.version'
terraform providers | grep status2002. Обновить Status200
По вашему процессу (Docker, Helm и т.д.)
3. Обновить provider
terraform {
required_providers {
status200 = {
source = "status200/status200"
version = "= 7.0.124"
}
}
}4. Проверка и apply
terraform init -upgrade
terraform plan
terraform applyСеть
Firewall
Terraform runner должен достучаться до:
- API Status200 (обычно HTTPS 443);
- внутренних целей мониторинга.
VPN / private network
provider "status200" {
status200_url = "https://10.0.1.100:443"
api_key = var.status200_api_key
}Безопасность
API key
export S200_API_KEY="your-api-key"
export S200_API_KEY=$(vault kv get -field=api_key secret/status200)Минимальные права ключа
Только нужные permissions: мониторы, алерты, команды и т.д.
Сеть и TLS
provider "status200" {
status200_url = "https://status200.yourcompany.com"
api_key = var.status200_api_key
verify_ssl = true
timeout = "30s"
}Мониторинг Terraform-автоматизации
resource "status200_monitor" "terraform_runner" {
name = "Terraform Runner Health"
project_id = status200_project.main.id
monitor_type = "heartbeat"
interval = "15m"
tags = {
automation = "terraform"
criticality = "medium"
}
}Проблемы
Connection refused
Проверить: инстанс запущен, URL верный, сеть/firewall, валидность TLS.
API version incompatible
Проверить: версия через /api/status, обновить provider, terraform init -upgrade.
Self-signed TLS
export S200_SKIP_TLS_VERIFY=trueЛучше добавить корпоративный CA в trust store.
Backup и DR
State
terraform state pull > backup-$(date +%Y%m%d-%H%M%S).tfstate
#!/bin/bash
DATE=$(date +%Y%m%d-%H%M%S)
terraform state pull > "backups/terraform-state-${DATE}.tfstate"
find backups/ -name "terraform-state-*.tfstate" -mtime +30 -deleteКонфигурация
tar -czf terraform-config-$(date +%Y%m%d).tar.gz *.tf *.tfvarsНесколько окружений
Workspaces
terraform workspace new dev
terraform workspace new staging
terraform workspace new prod
terraform workspace select prod
terraform apply -var-file="prod.tfvars"Отдельные каталоги
terraform/
├── environments/
│ ├── dev/
│ ├── staging/
│ └── prod/
└── modules/
└── status200/Так проще изолировать окружения и версии.