diff options
Diffstat (limited to 'roles/services/monitoring')
18 files changed, 624 insertions, 0 deletions
diff --git a/roles/services/monitoring/grafana/defaults/main.yml b/roles/services/monitoring/grafana/defaults/main.yml new file mode 100644 index 0000000..c346e54 --- /dev/null +++ b/roles/services/monitoring/grafana/defaults/main.yml | |||
@@ -0,0 +1,5 @@ | |||
1 | grafana_package: | ||
2 | - grafana | ||
3 | - nginx | ||
4 | grafana_config: files/grafana_config/ | ||
5 | grafana_data: files/grafana.db | ||
diff --git a/roles/services/monitoring/grafana/handlers/main.yml b/roles/services/monitoring/grafana/handlers/main.yml new file mode 100644 index 0000000..8026c6d --- /dev/null +++ b/roles/services/monitoring/grafana/handlers/main.yml | |||
@@ -0,0 +1,13 @@ | |||
1 | - name: update repos | ||
2 | apt: | ||
3 | update_cache: yes | ||
4 | |||
5 | - name: restart grafana | ||
6 | service: | ||
7 | name: grafana-server | ||
8 | state: restarted | ||
9 | |||
10 | - name: restart nginx | ||
11 | service: | ||
12 | name: nginx | ||
13 | state: restarted | ||
diff --git a/roles/services/monitoring/grafana/tasks/main.yml b/roles/services/monitoring/grafana/tasks/main.yml new file mode 100644 index 0000000..e9f824e --- /dev/null +++ b/roles/services/monitoring/grafana/tasks/main.yml | |||
@@ -0,0 +1,125 @@ | |||
1 | - name: install extrepo | ||
2 | package: | ||
3 | name: extrepo | ||
4 | state: latest | ||
5 | |||
6 | - name: add Grafana repo | ||
7 | register: result | ||
8 | changed_when: result.stdout | regex_search("skipped") | bool | ||
9 | notify: update repos | ||
10 | command: | ||
11 | cmd: extrepo enable grafana | ||
12 | creates: /etc/apt/sources.list.d/extrepo_grafana.sources | ||
13 | |||
14 | - meta: flush_handlers | ||
15 | |||
16 | - name: update Grafana repo | ||
17 | changed_when: false | ||
18 | command: | ||
19 | cmd: extrepo update grafana | ||
20 | |||
21 | - name: install grafana | ||
22 | package: | ||
23 | name: "{{ grafana_package }}" | ||
24 | |||
25 | - name: deploy grafana config | ||
26 | notify: restart grafana | ||
27 | template: | ||
28 | src: "{{ grafana_config }}" | ||
29 | dest: /etc/grafana/grafana.ini | ||
30 | owner: root | ||
31 | group: grafana | ||
32 | mode: '0640' | ||
33 | |||
34 | - name: deploy nginx configuration | ||
35 | notify: restart nginx | ||
36 | copy: | ||
37 | src: "{{ grafana_nginx_config }}" | ||
38 | dest: /etc/nginx/sites-available/grafana.conf | ||
39 | owner: root | ||
40 | group: root | ||
41 | mode: '0644' | ||
42 | |||
43 | - name: symlink site | ||
44 | notify: restart nginx | ||
45 | file: | ||
46 | src: /etc/nginx/sites-available/grafana.conf | ||
47 | dest: /etc/nginx/sites-enabled/grafana.conf | ||
48 | owner: root | ||
49 | group: root | ||
50 | state: link | ||
51 | |||
52 | - name: allow http (80/tcp) traffic | ||
53 | ufw: | ||
54 | rule: allow | ||
55 | port: '80' | ||
56 | proto: tcp | ||
57 | |||
58 | - name: allow https (443/tcp) traffic | ||
59 | ufw: | ||
60 | rule: allow | ||
61 | port: '443' | ||
62 | proto: tcp | ||
63 | |||
64 | - name: enable grafana | ||
65 | systemd: | ||
66 | daemon_reload: yes | ||
67 | enabled: yes | ||
68 | masked: no | ||
69 | name: grafana-server | ||
70 | |||
71 | - meta: flush_handlers | ||
72 | |||
73 | - name: add grafana user | ||
74 | ignore_errors: yes | ||
75 | community.grafana.grafana_user: | ||
76 | name: "{{ grafana_admin }}" | ||
77 | email: "{{ grafana_email }}" | ||
78 | url: "{{ grafana_url }}" | ||
79 | login: "{{ grafana_admin }}" | ||
80 | password: "{{ grafana_password }}" | ||
81 | is_admin: true | ||
82 | state: present | ||
83 | |||
84 | - name: add prometheus datasource | ||
85 | community.grafana.grafana_datasource: | ||
86 | grafana_url: "{{ grafana_url }}" | ||
87 | grafana_user: "{{ grafana_admin }}" | ||
88 | grafana_password: "{{ grafana_password }}" | ||
89 | name: "Prometheus" | ||
90 | ds_type: prometheus | ||
91 | ds_url: "{{ prometheus_url }}" | ||
92 | access: proxy | ||
93 | |||
94 | - name: add influxdb datasource | ||
95 | community.grafana.grafana_datasource: | ||
96 | grafana_url: "{{ grafana_url }}" | ||
97 | grafana_user: "{{ grafana_admin }}" | ||
98 | grafana_password: "{{ grafana_password }}" | ||
99 | name: "Proxmox InfluxDB" | ||
100 | ds_type: influxdb | ||
101 | ds_url: "{{ influxdb_url }}" | ||
102 | database: "{{ influx_database }}" | ||
103 | user: "{{ influx_user }}" | ||
104 | password: "{{ influx_password }}" | ||
105 | access: proxy | ||
106 | |||
107 | - name: add loki datasource | ||
108 | community.grafana.grafana_datasource: | ||
109 | grafana_url: "{{ grafana_url }}" | ||
110 | grafana_user: "{{ grafana_admin }}" | ||
111 | grafana_password: "{{ grafana_password }}" | ||
112 | name: "Loki" | ||
113 | ds_type: loki | ||
114 | ds_url: "{{ loki_url }}" | ||
115 | access: proxy | ||
116 | |||
117 | - name: import main custom dashboard | ||
118 | delegate_to: localhost | ||
119 | become: no | ||
120 | community.grafana.grafana_dashboard: | ||
121 | grafana_url: "{{ grafana_url }}" | ||
122 | grafana_user: "{{ grafana_admin }}" | ||
123 | grafana_password: "{{ grafana_password }}" | ||
124 | path: "{{ grafana_dashboard_main }}" | ||
125 | overwrite: yes | ||
diff --git a/roles/services/monitoring/influxdb/defaults/main.yml b/roles/services/monitoring/influxdb/defaults/main.yml new file mode 100644 index 0000000..180ad8e --- /dev/null +++ b/roles/services/monitoring/influxdb/defaults/main.yml | |||
@@ -0,0 +1,6 @@ | |||
1 | influxdb_packages: | ||
2 | - influxdb | ||
3 | - influxdb-client | ||
4 | |||
5 | influx_config: files/influxdb.conf | ||
6 | influx_data: files/influx_data/ | ||
diff --git a/roles/services/monitoring/influxdb/handlers/main.yml b/roles/services/monitoring/influxdb/handlers/main.yml new file mode 100644 index 0000000..765a040 --- /dev/null +++ b/roles/services/monitoring/influxdb/handlers/main.yml | |||
@@ -0,0 +1,4 @@ | |||
1 | - name: restart influxdb | ||
2 | service: | ||
3 | name: influxdb | ||
4 | state: restarted | ||
diff --git a/roles/services/monitoring/influxdb/tasks/main.yml b/roles/services/monitoring/influxdb/tasks/main.yml new file mode 100644 index 0000000..06d6e86 --- /dev/null +++ b/roles/services/monitoring/influxdb/tasks/main.yml | |||
@@ -0,0 +1,19 @@ | |||
1 | - name: install packages | ||
2 | package: | ||
3 | name: "{{ influxdb_packages }}" | ||
4 | state: latest | ||
5 | |||
6 | - name: copy config | ||
7 | notify: restart influxdb | ||
8 | copy: | ||
9 | src: "{{ influx_config }}" | ||
10 | dest: /etc/influxdb/influxdb.conf | ||
11 | owner: root | ||
12 | group: root | ||
13 | mode: '0644' | ||
14 | |||
15 | - name: enable influxdb | ||
16 | systemd: | ||
17 | name: influxdb | ||
18 | enabled: yes | ||
19 | masked: no | ||
diff --git a/roles/services/monitoring/loki/handlers/main.yml b/roles/services/monitoring/loki/handlers/main.yml new file mode 100644 index 0000000..e70412f --- /dev/null +++ b/roles/services/monitoring/loki/handlers/main.yml | |||
@@ -0,0 +1,8 @@ | |||
1 | - name: update repos | ||
2 | apt: | ||
3 | update_cache: yes | ||
4 | |||
5 | - name: restart nginx | ||
6 | service: | ||
7 | name: nginx | ||
8 | state: restarted | ||
diff --git a/roles/services/monitoring/loki/tasks/main.yml b/roles/services/monitoring/loki/tasks/main.yml new file mode 100644 index 0000000..31a7375 --- /dev/null +++ b/roles/services/monitoring/loki/tasks/main.yml | |||
@@ -0,0 +1,80 @@ | |||
1 | - name: install extrepo | ||
2 | package: | ||
3 | name: extrepo | ||
4 | state: latest | ||
5 | |||
6 | - name: add Grafana repo | ||
7 | register: result | ||
8 | changed_when: result.stdout | regex_search("skipped") | bool | ||
9 | notify: update repos | ||
10 | command: | ||
11 | cmd: extrepo enable grafana | ||
12 | creates: /etc/apt/sources.list.d/extrepo_grafana.sources | ||
13 | |||
14 | - meta: flush_handlers | ||
15 | |||
16 | - name: add Grafana repo | ||
17 | changed_when: false | ||
18 | command: | ||
19 | cmd: extrepo update grafana | ||
20 | |||
21 | - name: install loki | ||
22 | package: | ||
23 | name: loki | ||
24 | state: latest | ||
25 | |||
26 | - name: deploy loki configuration | ||
27 | copy: | ||
28 | src: "{{ loki_config }}" | ||
29 | dest: /etc/loki/config.yml | ||
30 | owner: root | ||
31 | group: root | ||
32 | mode: '0644' | ||
33 | |||
34 | - name: deploy nginx configuration | ||
35 | copy: | ||
36 | src: "{{ loki_nginx_config }}" | ||
37 | dest: /etc/nginx/sites-available/loki.conf | ||
38 | owner: root | ||
39 | group: root | ||
40 | mode: '0644' | ||
41 | register: nginxconfig | ||
42 | notify: restart nginx | ||
43 | |||
44 | - name: symlink site | ||
45 | file: | ||
46 | src: /etc/nginx/sites-available/loki.conf | ||
47 | dest: /etc/nginx/sites-enabled/loki.conf | ||
48 | owner: root | ||
49 | group: root | ||
50 | state: link | ||
51 | |||
52 | - name: allow http (80/tcp) traffic | ||
53 | ufw: | ||
54 | rule: allow | ||
55 | port: '80' | ||
56 | proto: tcp | ||
57 | |||
58 | - name: allow https (443/tcp) traffic | ||
59 | ufw: | ||
60 | rule: allow | ||
61 | port: '443' | ||
62 | proto: tcp | ||
63 | |||
64 | - name: allow loki log (3100/tcp) traffic | ||
65 | ufw: | ||
66 | rule: allow | ||
67 | port: '3100' | ||
68 | proto: tcp | ||
69 | |||
70 | - name: enable loki | ||
71 | systemd: | ||
72 | daemon_reload: yes | ||
73 | enabled: yes | ||
74 | masked: no | ||
75 | name: loki | ||
76 | |||
77 | - name: restart loki | ||
78 | systemd: | ||
79 | name: loki | ||
80 | state: restarted | ||
diff --git a/roles/services/monitoring/prometheus/blackbox-exporter/tasks/main.yml b/roles/services/monitoring/prometheus/blackbox-exporter/tasks/main.yml new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/roles/services/monitoring/prometheus/blackbox-exporter/tasks/main.yml | |||
diff --git a/roles/services/monitoring/prometheus/nginx_exporter/defaults/main.yml b/roles/services/monitoring/prometheus/nginx_exporter/defaults/main.yml new file mode 100644 index 0000000..9d2b8a5 --- /dev/null +++ b/roles/services/monitoring/prometheus/nginx_exporter/defaults/main.yml | |||
@@ -0,0 +1,4 @@ | |||
1 | nginx_exporter_debian_package: prometheus-nginx-exporter | ||
2 | nginx_exporter_fedora_package: golang-github-prometheus-node-exporter | ||
3 | prometheus_server_ip: 192.168.88.32 | ||
4 | nginx_exporter_port: '9113' | ||
diff --git a/roles/services/monitoring/prometheus/nginx_exporter/handlers/main.yml b/roles/services/monitoring/prometheus/nginx_exporter/handlers/main.yml new file mode 100644 index 0000000..fe9a90d --- /dev/null +++ b/roles/services/monitoring/prometheus/nginx_exporter/handlers/main.yml | |||
@@ -0,0 +1,9 @@ | |||
1 | - name: restart nginx | ||
2 | service: | ||
3 | name: nginx | ||
4 | state: restarted | ||
5 | |||
6 | - name: restart nginx-exporter | ||
7 | service: | ||
8 | name: prometheus-nginx-exporter | ||
9 | state: started | ||
diff --git a/roles/services/monitoring/prometheus/nginx_exporter/tasks/main.yml b/roles/services/monitoring/prometheus/nginx_exporter/tasks/main.yml new file mode 100644 index 0000000..819f71e --- /dev/null +++ b/roles/services/monitoring/prometheus/nginx_exporter/tasks/main.yml | |||
@@ -0,0 +1,44 @@ | |||
1 | - name: install package (Debian) | ||
2 | when: ansible_facts['distribution'] == "Debian" | ||
3 | package: | ||
4 | name: "{{ nginx_exporter_debian_package }}" | ||
5 | |||
6 | - name: allow port | ||
7 | ufw: | ||
8 | rule: allow | ||
9 | direction: in | ||
10 | proto: tcp | ||
11 | src: "{{ prometheus_server_ip }}" | ||
12 | to_port: "{{ nginx_exporter_port }}" | ||
13 | |||
14 | - name: copy defaults file | ||
15 | notify: restart nginx-exporter | ||
16 | copy: | ||
17 | src: "{{ nginx_exporter_defaults }}" | ||
18 | dest: /etc/default/prometheus-nginx-exporter | ||
19 | owner: root | ||
20 | group: root | ||
21 | mode: '0644' | ||
22 | |||
23 | - name: deploy nginx configuration | ||
24 | notify: restart nginx | ||
25 | copy: | ||
26 | src: "{{ nginx_exporter_config }}" | ||
27 | dest: /etc/nginx/sites-available/metrics.conf | ||
28 | owner: root | ||
29 | group: root | ||
30 | mode: '0644' | ||
31 | |||
32 | - name: symlink site | ||
33 | file: | ||
34 | src: /etc/nginx/sites-available/metrics.conf | ||
35 | dest: /etc/nginx/sites-enabled/metrics.conf | ||
36 | owner: root | ||
37 | group: root | ||
38 | state: link | ||
39 | |||
40 | - name: enable service | ||
41 | systemd: | ||
42 | name: prometheus-nginx-exporter | ||
43 | enabled: yes | ||
44 | masked: no | ||
diff --git a/roles/services/monitoring/prometheus/node_exporter/defaults/main.yml b/roles/services/monitoring/prometheus/node_exporter/defaults/main.yml new file mode 100644 index 0000000..e4ff351 --- /dev/null +++ b/roles/services/monitoring/prometheus/node_exporter/defaults/main.yml | |||
@@ -0,0 +1,4 @@ | |||
1 | node_exporter_debian_package: prometheus-node-exporter | ||
2 | node_exporter_fedora_package: golang-github-prometheus-node-exporter | ||
3 | prometheus_server_ip: 192.168.88.32 | ||
4 | node_exporter_port: '9100' | ||
diff --git a/roles/services/monitoring/prometheus/node_exporter/tasks/main.yml b/roles/services/monitoring/prometheus/node_exporter/tasks/main.yml new file mode 100644 index 0000000..6bbcc08 --- /dev/null +++ b/roles/services/monitoring/prometheus/node_exporter/tasks/main.yml | |||
@@ -0,0 +1,28 @@ | |||
1 | - name: install package (Debian) | ||
2 | when: ansible_facts['distribution'] == "Debian" | ||
3 | package: | ||
4 | name: "{{ node_exporter_debian_package }}" | ||
5 | |||
6 | - name: install package (Fedora) | ||
7 | when: ansible_facts['distribution'] == "Fedora" | ||
8 | package: | ||
9 | name: "{{ node_exporter_fedora_package }}" | ||
10 | |||
11 | - name: allow port | ||
12 | ufw: | ||
13 | rule: allow | ||
14 | direction: in | ||
15 | proto: tcp | ||
16 | src: "{{ prometheus_server_ip }}" | ||
17 | to_port: "{{ node_exporter_port }}" | ||
18 | |||
19 | - name: enable service | ||
20 | systemd: | ||
21 | name: prometheus-node-exporter | ||
22 | enabled: yes | ||
23 | masked: no | ||
24 | |||
25 | - name: restart service | ||
26 | service: | ||
27 | name: prometheus-node-exporter | ||
28 | state: restarted | ||
diff --git a/roles/services/monitoring/prometheus/server/defaults/main.yml b/roles/services/monitoring/prometheus/server/defaults/main.yml new file mode 100644 index 0000000..696e7cc --- /dev/null +++ b/roles/services/monitoring/prometheus/server/defaults/main.yml | |||
@@ -0,0 +1,6 @@ | |||
1 | prometheus_package: prometheus | ||
2 | management_ip: 192.168.88.254 | ||
3 | grafana_server_ip: 192.168.88.21 | ||
4 | prometheus_port: '9090' | ||
5 | prometheus_config: files/prometheus.yml | ||
6 | prometheus_defaults: files/prometheus | ||
diff --git a/roles/services/monitoring/prometheus/server/tasks/main.yml b/roles/services/monitoring/prometheus/server/tasks/main.yml new file mode 100644 index 0000000..06ecc10 --- /dev/null +++ b/roles/services/monitoring/prometheus/server/tasks/main.yml | |||
@@ -0,0 +1,79 @@ | |||
1 | - name: install package | ||
2 | package: | ||
3 | name: "{{ prometheus_package }}" | ||
4 | |||
5 | - name: allow access to metrics from grafana | ||
6 | ufw: | ||
7 | rule: allow | ||
8 | direction: in | ||
9 | proto: tcp | ||
10 | src: "{{ grafana_server_ip }}" | ||
11 | to_port: "{{ prometheus_port }}" | ||
12 | |||
13 | - name: allow access to metrics from management | ||
14 | ufw: | ||
15 | rule: allow | ||
16 | direction: in | ||
17 | proto: tcp | ||
18 | src: "{{ management_ip }}" | ||
19 | to_port: "{{ prometheus_port }}" | ||
20 | |||
21 | - name: copy config file | ||
22 | copy: | ||
23 | src: "{{ prometheus_config }}" | ||
24 | dest: /etc/prometheus/prometheus.yml | ||
25 | owner: root | ||
26 | group: root | ||
27 | mode: '0644' | ||
28 | |||
29 | - name: copy defaults file | ||
30 | copy: | ||
31 | src: "{{ prometheus_defaults }}" | ||
32 | dest: /etc/default/prometheus | ||
33 | owner: root | ||
34 | group: root | ||
35 | mode: '0644' | ||
36 | |||
37 | - name: enable service | ||
38 | systemd: | ||
39 | name: prometheus | ||
40 | enabled: yes | ||
41 | masked: no | ||
42 | |||
43 | - name: restart service | ||
44 | service: | ||
45 | name: prometheus | ||
46 | state: restarted | ||
47 | |||
48 | - name: deploy nginx configuration | ||
49 | copy: | ||
50 | src: "{{ prometheus_nginx_config }}" | ||
51 | dest: /etc/nginx/sites-available/grafana.conf | ||
52 | owner: root | ||
53 | group: root | ||
54 | mode: '0644' | ||
55 | |||
56 | - name: symlink site | ||
57 | file: | ||
58 | src: /etc/nginx/sites-available/grafana.conf | ||
59 | dest: /etc/nginx/sites-enabled/grafana.conf | ||
60 | owner: root | ||
61 | group: root | ||
62 | state: link | ||
63 | |||
64 | - name: allow http (80/tcp) traffic | ||
65 | ufw: | ||
66 | rule: allow | ||
67 | port: '80' | ||
68 | proto: tcp | ||
69 | |||
70 | - name: allow https (443/tcp) traffic | ||
71 | ufw: | ||
72 | rule: allow | ||
73 | port: '443' | ||
74 | proto: tcp | ||
75 | |||
76 | - name: restart nginx | ||
77 | service: | ||
78 | name: nginx | ||
79 | state: restarted | ||
diff --git a/roles/services/monitoring/promtail/handlers/main.yml b/roles/services/monitoring/promtail/handlers/main.yml new file mode 100644 index 0000000..97ea7d3 --- /dev/null +++ b/roles/services/monitoring/promtail/handlers/main.yml | |||
@@ -0,0 +1,39 @@ | |||
1 | - name: update repos - debian | ||
2 | apt: | ||
3 | update_cache: yes | ||
4 | |||
5 | - name: update repos - fedora | ||
6 | dnf: | ||
7 | name: "*" | ||
8 | state: latest | ||
9 | |||
10 | - name: build loki-docker-driver plugin for private repo | ||
11 | become: yes | ||
12 | become_user: "{{ docker_username }}" | ||
13 | environment: | ||
14 | LOKI_DOCKER_DRIVER: "{{ docker_registry_url }}/{{ docker_registry_username }}/loki-docker-driver" | ||
15 | community.general.make: | ||
16 | chdir: "{{ docker_home }}/plugins/loki" | ||
17 | target: docker-driver-push | ||
18 | |||
19 | - name: restart rootless docker | ||
20 | become: yes | ||
21 | become_user: "{{ docker_username }}" | ||
22 | systemd: | ||
23 | name: docker | ||
24 | enabled: yes | ||
25 | state: restarted | ||
26 | scope: user | ||
27 | environment: | ||
28 | XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" | ||
29 | |||
30 | - name: restart docker | ||
31 | service: | ||
32 | name: docker | ||
33 | state: restarted | ||
34 | |||
35 | - name: restart promtail | ||
36 | when: promtail_config.changed | ||
37 | service: | ||
38 | name: promtail | ||
39 | state: restarted | ||
diff --git a/roles/services/monitoring/promtail/tasks/main.yml b/roles/services/monitoring/promtail/tasks/main.yml new file mode 100644 index 0000000..f8b28cc --- /dev/null +++ b/roles/services/monitoring/promtail/tasks/main.yml | |||
@@ -0,0 +1,151 @@ | |||
1 | - name: install extrepo | ||
2 | when: ansible_facts['distribution'] == 'Debian' | ||
3 | package: | ||
4 | name: extrepo | ||
5 | state: latest | ||
6 | |||
7 | - name: add grafana repo | debian | ||
8 | when: ansible_facts['distribution'] == 'Debian' | ||
9 | register: result | ||
10 | changed_when: result.stdout | regex_search("skipped") | bool | ||
11 | notify: update repos - debian | ||
12 | command: | ||
13 | cmd: extrepo enable grafana | ||
14 | creates: /etc/apt/sources.list.d/extrepo_grafana.sources | ||
15 | |||
16 | - meta: flush_handlers | ||
17 | |||
18 | - name: update grafana extrepo data | debian | ||
19 | when: ansible_facts['distribution'] == 'Debian' | ||
20 | changed_when: false | ||
21 | command: | ||
22 | cmd: extrepo update grafana | ||
23 | |||
24 | - name: add Grafana repo | fedora | ||
25 | when: ansible_facts['distribution'] == 'Fedora' | ||
26 | notify: update repos - fedora | ||
27 | yum_repository: | ||
28 | name: grafana | ||
29 | file: grafna | ||
30 | description: "Grafana OSS Repo" | ||
31 | baseurl: "https://rpm.grafana.com" | ||
32 | repo_gpgcheck: yes | ||
33 | enabled: yes | ||
34 | gpgcheck: yes | ||
35 | gpgkey: https://rpm.grafana.com/gpg.key | ||
36 | sslverify: yes | ||
37 | sslcacert: /etc/pki/tls/certs/ca-bundle.crt | ||
38 | exclude: "*beta*" | ||
39 | |||
40 | - name: install promtail | ||
41 | package: | ||
42 | name: promtail | ||
43 | state: latest | ||
44 | |||
45 | - name: add promtail to adm group for log access (debian) | ||
46 | when: ansible_facts['distribution'] == 'Debian' | ||
47 | user: | ||
48 | name: promtail | ||
49 | groups: adm | ||
50 | append: yes | ||
51 | |||
52 | - name: add promtail to systemd-journal group for journal access | ||
53 | user: | ||
54 | name: promtail | ||
55 | groups: systemd-journal | ||
56 | append: yes | ||
57 | |||
58 | - name: create docker plugin directory | ||
59 | when: "'docker_hosts' in group_names" | ||
60 | become: yes | ||
61 | become_user: "{{ docker_username }}" | ||
62 | file: | ||
63 | path: "{{ docker_home }}/plugins" | ||
64 | state: directory | ||
65 | owner: "{{ docker_username }}" | ||
66 | group: "{{ docker_username }}" | ||
67 | mode: "0755" | ||
68 | |||
69 | - name: clone loki repo | ||
70 | when: "'docker_hosts' in group_names" | ||
71 | become: yes | ||
72 | become_user: "{{ docker_username }}" | ||
73 | git: | ||
74 | repo: "{{ loki_repo }}" | ||
75 | dest: "{{ docker_home }}/plugins/loki" | ||
76 | version: "{{ loki_version }}" | ||
77 | register: repo | ||
78 | notify: build loki-docker-driver plugin for private repo | ||
79 | |||
80 | - meta: flush_handlers | ||
81 | |||
82 | - name: login to docker registry | ||
83 | when: "'docker_hosts' in group_names" | ||
84 | become: yes | ||
85 | become_user: "{{ docker_username }}" | ||
86 | environment: | ||
87 | XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" | ||
88 | docker_login: | ||
89 | docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" | ||
90 | registry_url: "{{ docker_registry_url }}" | ||
91 | username: "{{ docker_registry_username }}" | ||
92 | password: "{{ docker_registry_password }}" | ||
93 | |||
94 | # docker driver rootless | ||
95 | |||
96 | - name: enable loki-docker-driver plugin | ||
97 | when: "'docker_hosts' in group_names" | ||
98 | become: yes | ||
99 | become_user: "{{ docker_username }}" | ||
100 | notify: restart rootless docker | ||
101 | community.docker.docker_plugin: | ||
102 | plugin_name: "{{ docker_registry_url }}/{{ docker_registry_username }}/loki-docker-driver:main" | ||
103 | state: enable | ||
104 | docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" | ||
105 | alias: loki | ||
106 | |||
107 | - name: deploy docker config | ||
108 | when: "'docker_hosts' in group_names" | ||
109 | notify: restart rootless docker | ||
110 | copy: | ||
111 | src: "{{ docker_config }}" | ||
112 | dest: "{{ docker_home }}/.config/docker/daemon.json" | ||
113 | owner: "{{ docker_username }}" | ||
114 | group: "{{ docker_username }}" | ||
115 | mode: '0644' | ||
116 | |||
117 | # docker driver root | ||
118 | |||
119 | - name: enable loki-docker-driver plugin | ||
120 | when: "'docker_hosts' in group_names" | ||
121 | notify: restart docker | ||
122 | community.docker.docker_plugin: | ||
123 | plugin_name: "{{ docker_registry_url }}/{{ docker_registry_username }}/loki-docker-driver:main" | ||
124 | state: enable | ||
125 | alias: loki | ||
126 | |||
127 | - name: deploy docker config | ||
128 | when: "'docker_hosts' in group_names" | ||
129 | notify: restart docker | ||
130 | copy: | ||
131 | src: "{{ docker_config }}" | ||
132 | dest: /etc/docker/daemon.json | ||
133 | owner: root | ||
134 | group: root | ||
135 | mode: '0644' | ||
136 | |||
137 | - name: deploy promtail configuration | ||
138 | notify: restart promtail | ||
139 | copy: | ||
140 | src: "{{ promtail_config }}" | ||
141 | dest: /etc/promtail/config.yml | ||
142 | owner: root | ||
143 | group: root | ||
144 | mode: '0644' | ||
145 | |||
146 | - name: enable promtail | ||
147 | systemd: | ||
148 | daemon_reload: yes | ||
149 | enabled: yes | ||
150 | masked: no | ||
151 | name: promtail | ||