Initial CommitHEAD master

author: Sam Chudnick <sam@chudnick.com> 2023-06-25 09:52:36 -0400
committer: Sam Chudnick <sam@chudnick.com> 2023-06-25 09:52:36 -0400
commit: 95b73daa36b23565a8566f71f9b202d3459b685f (patch)
tree: cb17b021be70e7868d0ec235a761f0ecdc80f3f2 /roles/services/monitoring/prometheus
8 files changed, 174 insertions, 0 deletions
diff --git a/roles/services/monitoring/prometheus/blackbox-exporter/tasks/main.yml b/roles/services/monitoring/prometheus/blackbox-exporter/tasks/main.yml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/roles/services/monitoring/prometheus/blackbox-exporter/tasks/main.yml
diff --git a/roles/services/monitoring/prometheus/nginx_exporter/defaults/main.yml b/roles/services/monitoring/prometheus/nginx_exporter/defaults/main.yml
new file mode 100644
index 0000000..9d2b8a5
--- /dev/null
+++ b/roles/services/monitoring/prometheus/nginx_exporter/defaults/main.yml
@@ -0,0 +1,4 @@
+nginx_exporter_debian_package: prometheus-nginx-exporter
+nginx_exporter_fedora_package: golang-github-prometheus-node-exporter
+prometheus_server_ip: 192.168.88.32
+nginx_exporter_port: '9113'
diff --git a/roles/services/monitoring/prometheus/nginx_exporter/handlers/main.yml b/roles/services/monitoring/prometheus/nginx_exporter/handlers/main.yml
new file mode 100644
index 0000000..fe9a90d
--- /dev/null
+++ b/roles/services/monitoring/prometheus/nginx_exporter/handlers/main.yml
@@ -0,0 +1,9 @@
+- name: restart nginx
+  service:
+    name: nginx
+    state: restarted
+- name: restart nginx-exporter
+  service:
+    name: prometheus-nginx-exporter
+    state: started
diff --git a/roles/services/monitoring/prometheus/nginx_exporter/tasks/main.yml b/roles/services/monitoring/prometheus/nginx_exporter/tasks/main.yml
new file mode 100644
index 0000000..819f71e
--- /dev/null
+++ b/roles/services/monitoring/prometheus/nginx_exporter/tasks/main.yml
@@ -0,0 +1,44 @@
+- name: install package (Debian)
+  when: ansible_facts['distribution'] == "Debian"
+  package:
+    name: "{{ nginx_exporter_debian_package }}"
+- name: allow port
+  ufw:
+    rule: allow
+    direction: in
+    proto: tcp
+    src: "{{ prometheus_server_ip }}"
+    to_port: "{{ nginx_exporter_port }}"
+- name: copy defaults file
+  notify: restart nginx-exporter
+  copy:
+    src: "{{ nginx_exporter_defaults }}"
+    dest: /etc/default/prometheus-nginx-exporter
+    owner: root
+    group: root
+    mode: '0644'
+- name: deploy nginx configuration
+  notify: restart nginx
+  copy:
+    src: "{{ nginx_exporter_config }}"
+    dest: /etc/nginx/sites-available/metrics.conf
+    owner: root
+    group: root
+    mode: '0644'
+- name: symlink site
+  file:
+    src: /etc/nginx/sites-available/metrics.conf
+    dest: /etc/nginx/sites-enabled/metrics.conf
+    owner: root
+    group: root
+    state: link
+- name: enable service
+  systemd:
+    name: prometheus-nginx-exporter
+    enabled: yes
+    masked: no
diff --git a/roles/services/monitoring/prometheus/node_exporter/defaults/main.yml b/roles/services/monitoring/prometheus/node_exporter/defaults/main.yml
new file mode 100644
index 0000000..e4ff351
--- /dev/null
+++ b/roles/services/monitoring/prometheus/node_exporter/defaults/main.yml
@@ -0,0 +1,4 @@
+node_exporter_debian_package: prometheus-node-exporter
+node_exporter_fedora_package: golang-github-prometheus-node-exporter
+prometheus_server_ip: 192.168.88.32
+node_exporter_port: '9100'
diff --git a/roles/services/monitoring/prometheus/node_exporter/tasks/main.yml b/roles/services/monitoring/prometheus/node_exporter/tasks/main.yml
new file mode 100644
index 0000000..6bbcc08
--- /dev/null
+++ b/roles/services/monitoring/prometheus/node_exporter/tasks/main.yml
@@ -0,0 +1,28 @@
+- name: install package (Debian)
+  when: ansible_facts['distribution'] == "Debian"
+  package:
+    name: "{{ node_exporter_debian_package }}"
+- name: install package (Fedora)
+  when: ansible_facts['distribution'] == "Fedora"
+  package:
+    name: "{{ node_exporter_fedora_package }}"
+- name: allow port
+  ufw:
+    rule: allow
+    direction: in
+    proto: tcp
+    src: "{{ prometheus_server_ip }}"
+    to_port: "{{ node_exporter_port }}"
+- name: enable service
+  systemd:
+    name: prometheus-node-exporter
+    enabled: yes
+    masked: no
+- name: restart service
+  service:
+    name: prometheus-node-exporter
+    state: restarted
diff --git a/roles/services/monitoring/prometheus/server/defaults/main.yml b/roles/services/monitoring/prometheus/server/defaults/main.yml
new file mode 100644
index 0000000..696e7cc
--- /dev/null
+++ b/roles/services/monitoring/prometheus/server/defaults/main.yml
@@ -0,0 +1,6 @@
+prometheus_package: prometheus
+management_ip: 192.168.88.254
+grafana_server_ip: 192.168.88.21
+prometheus_port: '9090'
+prometheus_config: files/prometheus.yml
+prometheus_defaults: files/prometheus
diff --git a/roles/services/monitoring/prometheus/server/tasks/main.yml b/roles/services/monitoring/prometheus/server/tasks/main.yml
new file mode 100644
index 0000000..06ecc10
--- /dev/null
+++ b/roles/services/monitoring/prometheus/server/tasks/main.yml
@@ -0,0 +1,79 @@
+- name: install package
+  package:
+    name: "{{ prometheus_package }}"
+- name: allow access to metrics from grafana
+  ufw:
+    rule: allow
+    direction: in
+    proto: tcp
+    src: "{{ grafana_server_ip }}"
+    to_port: "{{ prometheus_port }}"
+- name: allow access to metrics from management
+  ufw:
+    rule: allow
+    direction: in
+    proto: tcp
+    src: "{{ management_ip }}"
+    to_port: "{{ prometheus_port }}"
+- name: copy config file
+  copy:
+    src: "{{ prometheus_config }}"
+    dest: /etc/prometheus/prometheus.yml
+    owner: root
+    group: root
+    mode: '0644'
+- name: copy defaults file
+  copy:
+    src: "{{ prometheus_defaults }}"
+    dest: /etc/default/prometheus
+    owner: root
+    group: root
+    mode: '0644'
+- name: enable service
+  systemd:
+    name: prometheus
+    enabled: yes
+    masked: no
+- name: restart service
+  service:
+    name: prometheus
+    state: restarted
+- name: deploy nginx configuration
+  copy:
+    src: "{{ prometheus_nginx_config }}"
+    dest: /etc/nginx/sites-available/grafana.conf
+    owner: root
+    group: root
+    mode: '0644'
+- name: symlink site
+  file:
+    src: /etc/nginx/sites-available/grafana.conf
+    dest: /etc/nginx/sites-enabled/grafana.conf
+    owner: root
+    group: root
+    state: link
+- name: allow http (80/tcp) traffic
+  ufw:
+    rule: allow
+    port: '80'
+    proto: tcp
+- name: allow https (443/tcp) traffic
+  ufw:
+    rule: allow
+    port: '443'
+    proto: tcp
+- name: restart nginx
+  service:
+    name: nginx
+    state: restarted
author	Sam Chudnick <sam@chudnick.com>	2023-06-25 09:52:36 -0400
committer	Sam Chudnick <sam@chudnick.com>	2023-06-25 09:52:36 -0400
commit	95b73daa36b23565a8566f71f9b202d3459b685f (patch)
tree	cb17b021be70e7868d0ec235a761f0ecdc80f3f2 /roles/services/monitoring/prometheus

diff --git a/roles/services/monitoring/prometheus/blackbox-exporter/tasks/main.yml b/roles/services/monitoring/prometheus/blackbox-exporter/tasks/main.yml new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/roles/services/monitoring/prometheus/blackbox-exporter/tasks/main.yml


diff --git a/roles/services/monitoring/prometheus/nginx_exporter/defaults/main.yml b/roles/services/monitoring/prometheus/nginx_exporter/defaults/main.yml new file mode 100644 index 0000000..9d2b8a5 --- /dev/null +++ b/roles/services/monitoring/prometheus/nginx_exporter/defaults/main.yml
@@ -0,0 +1,4 @@
	1	nginx_exporter_debian_package: prometheus-nginx-exporter
	2	nginx_exporter_fedora_package: golang-github-prometheus-node-exporter
	3	prometheus_server_ip: 192.168.88.32
	4	nginx_exporter_port: '9113'


diff --git a/roles/services/monitoring/prometheus/nginx_exporter/handlers/main.yml b/roles/services/monitoring/prometheus/nginx_exporter/handlers/main.yml new file mode 100644 index 0000000..fe9a90d --- /dev/null +++ b/roles/services/monitoring/prometheus/nginx_exporter/handlers/main.yml
@@ -0,0 +1,9 @@
	1	- name: restart nginx
	2	service:
	3	name: nginx
	4	state: restarted
	5
	6	- name: restart nginx-exporter
	7	service:
	8	name: prometheus-nginx-exporter
	9	state: started


diff --git a/roles/services/monitoring/prometheus/nginx_exporter/tasks/main.yml b/roles/services/monitoring/prometheus/nginx_exporter/tasks/main.yml new file mode 100644 index 0000000..819f71e --- /dev/null +++ b/roles/services/monitoring/prometheus/nginx_exporter/tasks/main.yml
@@ -0,0 +1,44 @@
	1	- name: install package (Debian)
	2	when: ansible_facts['distribution'] == "Debian"
	3	package:
	4	name: "{{ nginx_exporter_debian_package }}"
	5
	6	- name: allow port
	7	ufw:
	8	rule: allow
	9	direction: in
	10	proto: tcp
	11	src: "{{ prometheus_server_ip }}"
	12	to_port: "{{ nginx_exporter_port }}"
	13
	14	- name: copy defaults file
	15	notify: restart nginx-exporter
	16	copy:
	17	src: "{{ nginx_exporter_defaults }}"
	18	dest: /etc/default/prometheus-nginx-exporter
	19	owner: root
	20	group: root
	21	mode: '0644'
	22
	23	- name: deploy nginx configuration
	24	notify: restart nginx
	25	copy:
	26	src: "{{ nginx_exporter_config }}"
	27	dest: /etc/nginx/sites-available/metrics.conf
	28	owner: root
	29	group: root
	30	mode: '0644'
	31
	32	- name: symlink site
	33	file:
	34	src: /etc/nginx/sites-available/metrics.conf
	35	dest: /etc/nginx/sites-enabled/metrics.conf
	36	owner: root
	37	group: root
	38	state: link
	39
	40	- name: enable service
	41	systemd:
	42	name: prometheus-nginx-exporter
	43	enabled: yes
	44	masked: no


diff --git a/roles/services/monitoring/prometheus/node_exporter/defaults/main.yml b/roles/services/monitoring/prometheus/node_exporter/defaults/main.yml new file mode 100644 index 0000000..e4ff351 --- /dev/null +++ b/roles/services/monitoring/prometheus/node_exporter/defaults/main.yml
@@ -0,0 +1,4 @@
	1	node_exporter_debian_package: prometheus-node-exporter
	2	node_exporter_fedora_package: golang-github-prometheus-node-exporter
	3	prometheus_server_ip: 192.168.88.32
	4	node_exporter_port: '9100'


diff --git a/roles/services/monitoring/prometheus/node_exporter/tasks/main.yml b/roles/services/monitoring/prometheus/node_exporter/tasks/main.yml new file mode 100644 index 0000000..6bbcc08 --- /dev/null +++ b/roles/services/monitoring/prometheus/node_exporter/tasks/main.yml
@@ -0,0 +1,28 @@
	1	- name: install package (Debian)
	2	when: ansible_facts['distribution'] == "Debian"
	3	package:
	4	name: "{{ node_exporter_debian_package }}"
	5
	6	- name: install package (Fedora)
	7	when: ansible_facts['distribution'] == "Fedora"
	8	package:
	9	name: "{{ node_exporter_fedora_package }}"
	10
	11	- name: allow port
	12	ufw:
	13	rule: allow
	14	direction: in
	15	proto: tcp
	16	src: "{{ prometheus_server_ip }}"
	17	to_port: "{{ node_exporter_port }}"
	18
	19	- name: enable service
	20	systemd:
	21	name: prometheus-node-exporter
	22	enabled: yes
	23	masked: no
	24
	25	- name: restart service
	26	service:
	27	name: prometheus-node-exporter
	28	state: restarted


diff --git a/roles/services/monitoring/prometheus/server/defaults/main.yml b/roles/services/monitoring/prometheus/server/defaults/main.yml new file mode 100644 index 0000000..696e7cc --- /dev/null +++ b/roles/services/monitoring/prometheus/server/defaults/main.yml
@@ -0,0 +1,6 @@
	1	prometheus_package: prometheus
	2	management_ip: 192.168.88.254
	3	grafana_server_ip: 192.168.88.21
	4	prometheus_port: '9090'
	5	prometheus_config: files/prometheus.yml
	6	prometheus_defaults: files/prometheus


diff --git a/roles/services/monitoring/prometheus/server/tasks/main.yml b/roles/services/monitoring/prometheus/server/tasks/main.yml new file mode 100644 index 0000000..06ecc10 --- /dev/null +++ b/roles/services/monitoring/prometheus/server/tasks/main.yml
@@ -0,0 +1,79 @@
	1	- name: install package
	2	package:
	3	name: "{{ prometheus_package }}"
	4
	5	- name: allow access to metrics from grafana
	6	ufw:
	7	rule: allow
	8	direction: in
	9	proto: tcp
	10	src: "{{ grafana_server_ip }}"
	11	to_port: "{{ prometheus_port }}"
	12
	13	- name: allow access to metrics from management
	14	ufw:
	15	rule: allow
	16	direction: in
	17	proto: tcp
	18	src: "{{ management_ip }}"
	19	to_port: "{{ prometheus_port }}"
	20
	21	- name: copy config file
	22	copy:
	23	src: "{{ prometheus_config }}"
	24	dest: /etc/prometheus/prometheus.yml
	25	owner: root
	26	group: root
	27	mode: '0644'
	28
	29	- name: copy defaults file
	30	copy:
	31	src: "{{ prometheus_defaults }}"
	32	dest: /etc/default/prometheus
	33	owner: root
	34	group: root
	35	mode: '0644'
	36
	37	- name: enable service
	38	systemd:
	39	name: prometheus
	40	enabled: yes
	41	masked: no
	42
	43	- name: restart service
	44	service:
	45	name: prometheus
	46	state: restarted
	47
	48	- name: deploy nginx configuration
	49	copy:
	50	src: "{{ prometheus_nginx_config }}"
	51	dest: /etc/nginx/sites-available/grafana.conf
	52	owner: root
	53	group: root
	54	mode: '0644'
	55
	56	- name: symlink site
	57	file:
	58	src: /etc/nginx/sites-available/grafana.conf
	59	dest: /etc/nginx/sites-enabled/grafana.conf
	60	owner: root
	61	group: root
	62	state: link
	63
	64	- name: allow http (80/tcp) traffic
	65	ufw:
	66	rule: allow
	67	port: '80'
	68	proto: tcp
	69
	70	- name: allow https (443/tcp) traffic
	71	ufw:
	72	rule: allow
	73	port: '443'
	74	proto: tcp
	75
	76	- name: restart nginx
	77	service:
	78	name: nginx
	79	state: restarted