293 lines
12 KiB
YAML
293 lines
12 KiB
YAML
- name: Update default SELinux contexts
|
|
community.general.sefcontext:
|
|
target: "{{ item.target }}(/.*)?"
|
|
setype: "container_file_t"
|
|
selevel: "{{ item.selevel }}"
|
|
state: present
|
|
loop:
|
|
- target: "{{ monitoring_install_dir }}/grafana"
|
|
selevel: "{{ monitoring_grafana_selinux_level }}"
|
|
- target: "{{ monitoring_install_dir }}/loki"
|
|
selevel: "{{ monitoring_loki_selinux_level }}"
|
|
- target: "{{ monitoring_install_dir }}/prometheus"
|
|
selevel: "{{ monitoring_prometheus_selinux_level }}"
|
|
become: true
|
|
notify: "monitoring selinux context changed"
|
|
|
|
- name: Create monitoring directories.
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: "root"
|
|
group: "root"
|
|
state: directory
|
|
mode: "0700"
|
|
loop:
|
|
- "{{ monitoring_install_dir }}"
|
|
become: true
|
|
|
|
- name: Ensure monitoring directories and config files exist.
|
|
block:
|
|
- name: Stat grafana data directory.
|
|
ansible.builtin.stat:
|
|
path: "{{ monitoring_install_dir }}/grafana/data"
|
|
become: true
|
|
register: monitoring_grafana_stat_dir
|
|
|
|
- name: Stat loki data directory.
|
|
ansible.builtin.stat:
|
|
path: "{{ monitoring_install_dir }}/loki/data"
|
|
become: true
|
|
register: monitoring_loki_stat_dir
|
|
|
|
- name: Stat prometheus data directory.
|
|
ansible.builtin.stat:
|
|
path: "{{ monitoring_install_dir }}/prometheus/data"
|
|
become: true
|
|
register: monitoring_prometheus_stat_dir
|
|
|
|
- name: Create monitoring directories.
|
|
ansible.builtin.file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
owner: "{{ item.owner }}"
|
|
group: "{{ item.group }}"
|
|
mode: "0700"
|
|
loop:
|
|
- path: "{{ monitoring_install_dir }}/grafana"
|
|
owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
|
|
- path: "{{ monitoring_install_dir }}/grafana/data"
|
|
owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
|
|
- path: "{{ monitoring_install_dir }}/grafana/config"
|
|
owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
|
|
- path: "{{ monitoring_install_dir }}/grafana/config/provisioning"
|
|
owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
|
|
- path: "{{ monitoring_install_dir }}/grafana/config/provisioning/alerting"
|
|
owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
|
|
- path: "{{ monitoring_install_dir }}/grafana/config/provisioning/dashboards"
|
|
owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
|
|
- path: "{{ monitoring_install_dir }}/grafana/config/provisioning/datasources"
|
|
owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
|
|
- path: "{{ monitoring_install_dir }}/grafana/config/provisioning/notifiers"
|
|
owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
|
|
- path: "{{ monitoring_install_dir }}/grafana/config/provisioning/plugins"
|
|
owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
|
|
- path: "{{ monitoring_install_dir }}/loki"
|
|
owner: "{{ monitoring_loki_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_loki_stat_dir.stat.gid | default('root') }}"
|
|
- path: "{{ monitoring_install_dir }}/loki/data"
|
|
owner: "{{ monitoring_loki_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_loki_stat_dir.stat.gid | default('root') }}"
|
|
- path: "{{ monitoring_install_dir }}/loki/config"
|
|
owner: "{{ monitoring_loki_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_loki_stat_dir.stat.gid | default('root') }}"
|
|
- path: "{{ monitoring_install_dir }}/prometheus"
|
|
owner: "{{ monitoring_prometheus_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_prometheus_stat_dir.stat.gid | default('root') }}"
|
|
- path: "{{ monitoring_install_dir }}/prometheus/data"
|
|
owner: "{{ monitoring_prometheus_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_prometheus_stat_dir.stat.gid | default('root') }}"
|
|
- path: "{{ monitoring_install_dir }}/prometheus/config"
|
|
owner: "{{ monitoring_prometheus_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_prometheus_stat_dir.stat.gid | default('root') }}"
|
|
become: true
|
|
|
|
- name: Deploy grafana config.
|
|
ansible.builtin.template:
|
|
src: grafana/grafana.ini.j2
|
|
dest: "{{ monitoring_install_dir }}/grafana/config/grafana.ini"
|
|
owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
|
|
mode: "0600"
|
|
become: true
|
|
notify: "grafana config changed"
|
|
|
|
- name: Deploy loki config.
|
|
ansible.builtin.template:
|
|
src: loki/loki-config.yml.j2
|
|
dest: "{{ monitoring_install_dir }}/loki/config/loki-config.yaml"
|
|
owner: "{{ monitoring_loki_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_loki_stat_dir.stat.gid | default('root') }}"
|
|
mode: "0600"
|
|
become: true
|
|
notify: "loki config changed"
|
|
|
|
- name: Deploy prometheus config.
|
|
ansible.builtin.template:
|
|
src: prometheus/prometheus.yml.j2
|
|
dest: "{{ monitoring_install_dir }}/prometheus/config/prometheus.yml"
|
|
owner: "{{ monitoring_prometheus_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_prometheus_stat_dir.stat.gid | default('root') }}"
|
|
mode: "0600"
|
|
become: true
|
|
notify: "prometheus config changed"
|
|
|
|
- name: Create grafana datasource provisioning files.
|
|
ansible.builtin.template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
|
|
mode: "0600"
|
|
loop:
|
|
- src: loki/datasource.yml.j2
|
|
dest: "{{ monitoring_install_dir }}/grafana/config/provisioning/datasources/loki.yml"
|
|
- src: prometheus/datasource.yml.j2
|
|
dest: "{{ monitoring_install_dir }}/grafana/config/provisioning/datasources/prometheus.yml"
|
|
become: true
|
|
notify: "grafana datasources changed"
|
|
|
|
- name: Copy grafana alerting provisioning files.
|
|
ansible.builtin.copy:
|
|
src: "{{ item }}"
|
|
dest: "{{ monitoring_install_dir }}/grafana/config/provisioning/alerting/"
|
|
owner: "{{ monitoring_grafana_stat_dir.stat.uid | default('root') }}"
|
|
group: "{{ monitoring_grafana_stat_dir.stat.gid | default('root') }}"
|
|
mode: "0600"
|
|
loop: "{{ query('fileglob', inventory_hostname + '/monitoring/alerting/*.yml') }}"
|
|
become: true
|
|
notify: "grafana alert provisioning changed"
|
|
register: monitoring_grafana_managed_alerting_files
|
|
|
|
- name: Remove unmanaged grafana alert provisioning files
|
|
when: monitoring_grafana_remove_unmanaged_alerting_files
|
|
notify: "grafana alert provisioning changed"
|
|
block:
|
|
- name: Find all remote grafana alert provisioning files.
|
|
ansible.builtin.find:
|
|
paths: "{{ monitoring_install_dir }}/grafana/config/provisioning/alerting/"
|
|
become: true
|
|
register: monitoring_grafana_found_alerting_files
|
|
|
|
- name: Remove unmanaged grafana alert provisioning files.
|
|
ansible.builtin.file:
|
|
state: absent
|
|
path: "{{ item }}"
|
|
loop: "{{ monitoring_grafana_found_alerting_files.files | map(attribute='path') }}"
|
|
when: item not in monitoring_grafana_managed_alerting_files.results | map(attribute='dest')
|
|
become: true
|
|
|
|
- name: Ensure container images are present on the host.
|
|
containers.podman.podman_image:
|
|
name: "{{ item.name }}"
|
|
state: present
|
|
tag: "{{ item.tag }}"
|
|
loop:
|
|
- name: "{{ monitoring_grafana_containerimage }}"
|
|
tag: "{{ monitoring_grafana_image_tag }}"
|
|
- name: "{{ monitoring_image_renderer_containerimage }}"
|
|
tag: "{{ monitoring_image_renderer_image_tag }}"
|
|
- name: "{{ monitoring_loki_containerimage }}"
|
|
tag: "{{ monitoring_loki_image_tag }}"
|
|
- name: "{{ monitoring_prometheus_containerimage }}"
|
|
tag: "{{ monitoring_prometheus_image_tag }}"
|
|
become: true
|
|
|
|
- name: Add caddy config file.
|
|
block:
|
|
- name: Check caddy config dir.
|
|
ansible.builtin.stat:
|
|
path: "{{ caddy_install_dir }}/config"
|
|
become: true
|
|
register: caddy_stat_config_dir
|
|
|
|
- name: Template caddy config for monitoring.
|
|
ansible.builtin.template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
mode: "0600"
|
|
setype: "container_file_t"
|
|
selevel: "{{ caddy_selinux_level }}"
|
|
owner: "{{ caddy_stat_config_dir.stat.uid | default('root') }}"
|
|
group: "{{ caddy_stat_config_dir.stat.gid | default('root') }}"
|
|
loop:
|
|
- src: grafana/grafana.caddy.j2
|
|
dest: "{{ caddy_install_dir }}/config/grafana.caddy"
|
|
- src: loki/loki.caddy.j2
|
|
dest: "{{ caddy_install_dir }}/config/loki.caddy"
|
|
become: true
|
|
notify: "caddy config changed"
|
|
|
|
- name: Template prometheus caddy config.
|
|
ansible.builtin.template:
|
|
src: prometheus/prometheus.caddy.j2
|
|
dest: "{{ caddy_install_dir }}/config/prometheus.caddy"
|
|
mode: "0600"
|
|
setype: "container_file_t"
|
|
selevel: "{{ caddy_selinux_level }}"
|
|
owner: "{{ caddy_stat_config_dir.stat.uid | default('root') }}"
|
|
group: "{{ caddy_stat_config_dir.stat.gid | default('root') }}"
|
|
become: true
|
|
notify: "caddy config changed"
|
|
when: monitoring_prometheus_write_receiver_enable
|
|
|
|
- name: Remove unused prometheus caddy config.
|
|
ansible.builtin.file:
|
|
path: "{{ caddy_install_dir }}/config/prometheus.caddy"
|
|
state: absent
|
|
become: true
|
|
when: not monitoring_prometheus_write_receiver_enable
|
|
|
|
- name: Create grafana container definition file.
|
|
ansible.builtin.template:
|
|
src: grafana/grafana.container.j2
|
|
dest: "/etc/containers/systemd/grafana.container"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
become: true
|
|
notify: "grafana container definition changed"
|
|
|
|
- name: Create image-renderer container definition file.
|
|
ansible.builtin.template:
|
|
src: grafana/image-renderer.container.j2
|
|
dest: "/etc/containers/systemd/image-renderer.container"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
become: true
|
|
notify: "image-renderer container definition changed"
|
|
|
|
- name: Create loki container definition file.
|
|
ansible.builtin.template:
|
|
src: loki/loki.container.j2
|
|
dest: "/etc/containers/systemd/loki.container"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
become: true
|
|
notify: "loki container definition changed"
|
|
|
|
- name: Create prometheus container definition file.
|
|
ansible.builtin.template:
|
|
src: prometheus/prometheus.container.j2
|
|
dest: "/etc/containers/systemd/prometheus.container"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
become: true
|
|
notify: "prometheus container definition changed"
|
|
|
|
- name: Flush handlers
|
|
ansible.builtin.meta: flush_handlers
|
|
|
|
- name: Ensure monitoring services are started and enabled.
|
|
ansible.builtin.systemd:
|
|
state: started
|
|
enabled: true
|
|
name: "{{ item }}"
|
|
daemon_reload: true
|
|
loop:
|
|
- grafana.service
|
|
- image-renderer.service
|
|
- loki.service
|
|
- prometheus.service
|
|
become: true
|