gitlab: Add telegraf integration

This patch adds a telegraf client to the gitlab role, that can be
activated by defining `gitlab_telegraf`. It allows to collect all
prometheus metric with telegraf and store them in influxDB.

This is an experimental feature.

Authored by: Sheogorath
Co-authored-by: Sheogorath <sheogorath@shivering-isles.com>

roles/gitlab/defaults/main.yml

@@ -23,6 +23,7 @@ gitlab_install_location: /srv/gitlab
 gitlab_data_location: "{{ gitlab_install_location }}/data"
 gitlab_config_location: "{{ gitlab_install_location }}/config"
 gitlab_log_location: "{{ gitlab_install_location }}/log"
+gitlab_telegraf_location: "{{ gitlab_install_location }}/telegraf"
 
 # Put GitLab's logs in a tempfs instead to save headache with diskspace
 gitlab_log_tmpfs: false
@@ -39,6 +40,9 @@ gitlab_registry_domain: registry.gitlab.example.com
 # renovate: depName=gitlab/gitlab-ce
 gitlab_version: 13.10.0-ce.0
 
+# renovate: depName=docker.io/library/telegraf
+gitlab_telegraf_version: "1.18"
+
 # The port you want Gitlab to listen on for SSH connections
 gitlab_ssh_port: 22
 
@@ -99,6 +103,20 @@ gitlab_csp:
 gitlab_registry:
   enabled: false
 
+# Gitlab telegraf configuration, allows to configure a monitoring setup for Gitlab
+gitlab_telegraf:
+  enabled: false
+  # Your influxDB hosts
+  influxdb_endpoints:
+    - "influxdb.example.com"
+  influxdb_username: telegraf
+  influxdb_password: ""
+  influxdb_retention_policy: "gitlab"
+  influxdb_retention_policy_tag: ""
+  # Token provided by Gitlab on the admin page
+  # See https://docs.gitlab.com/ee/administration/monitoring/prometheus/gitlab_metrics.html
+  metrics_token: ""
+
 # Gitlab dependency proxy feature (see https://docs.gitlab.com/ee/administration/packages/dependency_proxy.html)
 gitlab_dependency_proxy:
   enabled: false

roles/gitlab/tasks/main.yml

@@ -27,6 +27,7 @@
     - "{{ gitlab_data_location }}"
     - "{{ gitlab_config_location }}"
     - "{{ gitlab_log_location }}"
+    - "{{ gitlab_telegraf_location }}"
   tags:
     - gitlab
   become: true
@@ -55,10 +56,25 @@
     - "{{ gitlab_data_location }}"
     - "{{ gitlab_config_location }}"
     - "{{ gitlab_log_location }}"
+    - "{{ gitlab_telegraf_location }}"
   tags:
     - gitlab
   become: true
 
+- name: Deploy telegraf.conf
+  template:
+    src: telegraf.conf
+    dest: "{{ gitlab_telegraf_location }}/telegraf.conf"
+    mode: '0600'
+    owner: 'root'
+    group: 'root'
+  tags:
+    - telegraf
+    - gitlab
+  become: true
+  when:
+    - gitlab_telegraf.enabled
+
 - name: Deploy docker-compose.yml
   template:
     src: docker-compose.yml

roles/gitlab/templates/docker-compose.yml

@@ -231,6 +231,18 @@ services:
 {% endif %}
 {% endif %}
 
+
+{% if gitlab_telegraf.enabled %}
+  telegraf:
+    image: docker.io/library/telegraf:{{ gitlab_telegraf_version }}
+    restart: always
+    mem_limit: 256mb
+    memswap_limit: 384mb
+    read_only: true
+    volumes:
+      - {{ gitlab_telegraf_location }}:/etc/telegraf/:ro
+{% endif %}
+
 {% if proxy_network is defined or gitlab_ipv6 is defined and gitlab_ipv6.enabled %}
 networks:
 {% if proxy_network is defined %}

roles/gitlab/templates/telegraf.conf

@@ -0,0 +1,26 @@
+{{ ansible_managed | comment }}
+[global_tags]
+
+[agent]
+  interval = "10s"
+  round_interval = true
+  metric_batch_size = 1000
+  metric_buffer_limit = 1000000
+  collection_jitter = "5s"
+  flush_interval = "10s"
+  flush_jitter = "5s"
+  precision = ""
+  hostname = "{{ ansible_fqdn }}"
+  omit_hostname = false
+
+[[outputs.influxdb]]
+  urls = ["https://{{ gitlab_telegraf.influxdb_endpoints | join('","https://') }}"]
+  database = "telegraf"
+  timeout = "5s"
+  retention_policy = "{{ gitlab_telegraf.influxdb_retention_policy }}"
+  retention_policy_tag = "{{ gitlab_telegraf.influxdb_retention_policy_tag }}"
+  username = "{{ gitlab_telegraf.influxdb_username }}"
+  password = "{{ gitlab_telegraf.influxdb_password }}"
+
+[[inputs.prometheus]]
+  urls = ["http://{{ gitlab_domain }}/-/metrics?token={{ gitlab_telegraf.metrics_token }}"]