18 files changed, 624 insertions, 0 deletions
diff --git a/roles/services/monitoring/grafana/defaults/main.yml b/roles/services/monitoring/grafana/defaults/main.yml
new file mode 100644
index 0000000..c346e54
--- /dev/null
+++ b/roles/services/monitoring/grafana/defaults/main.yml
@@ -0,0 +1,5 @@
+grafana_package:
+  - grafana
+  - nginx
+grafana_config: files/grafana_config/
+grafana_data: files/grafana.db
diff --git a/roles/services/monitoring/grafana/handlers/main.yml b/roles/services/monitoring/grafana/handlers/main.yml
new file mode 100644
index 0000000..8026c6d
--- /dev/null
+++ b/roles/services/monitoring/grafana/handlers/main.yml
@@ -0,0 +1,13 @@
+- name: update repos
+  apt:
+    update_cache: yes
+- name: restart grafana
+  service:
+    name: grafana-server
+    state: restarted
+- name: restart nginx
+  service:
+    name: nginx
+    state: restarted
diff --git a/roles/services/monitoring/grafana/tasks/main.yml b/roles/services/monitoring/grafana/tasks/main.yml
new file mode 100644
index 0000000..e9f824e
--- /dev/null
+++ b/roles/services/monitoring/grafana/tasks/main.yml
@@ -0,0 +1,125 @@
+- name: install extrepo
+  package:
+    name: extrepo
+    state: latest
+- name: add Grafana repo
+  register: result
+  changed_when: result.stdout | regex_search("skipped") | bool
+  notify: update repos
+  command:
+    cmd: extrepo enable grafana
+    creates: /etc/apt/sources.list.d/extrepo_grafana.sources
+- meta: flush_handlers
+- name: update Grafana repo
+  changed_when: false
+  command:
+    cmd: extrepo update grafana
+- name: install grafana
+  package:
+    name: "{{ grafana_package }}"
+- name: deploy grafana config
+  notify: restart grafana
+  template:
+    src: "{{ grafana_config }}"
+    dest: /etc/grafana/grafana.ini
+    owner: root
+    group: grafana
+    mode: '0640'
+- name: deploy nginx configuration
+  notify: restart nginx
+  copy:
+    src: "{{ grafana_nginx_config }}"
+    dest: /etc/nginx/sites-available/grafana.conf
+    owner: root
+    group: root
+    mode: '0644'
+- name: symlink site
+  notify: restart nginx
+  file:
+    src: /etc/nginx/sites-available/grafana.conf
+    dest: /etc/nginx/sites-enabled/grafana.conf
+    owner: root
+    group: root
+    state: link
+- name: allow http (80/tcp) traffic
+  ufw:
+    rule: allow
+    port: '80'
+    proto: tcp
+- name: allow https (443/tcp) traffic
+  ufw:
+    rule: allow
+    port: '443'
+    proto: tcp
+- name: enable grafana
+  systemd:
+    daemon_reload: yes
+    enabled: yes
+    masked: no
+    name: grafana-server
+- meta: flush_handlers
+- name: add grafana user
+  ignore_errors: yes
+  community.grafana.grafana_user:
+    name: "{{ grafana_admin }}"
+    email: "{{ grafana_email }}"
+    url: "{{ grafana_url }}"
+    login: "{{ grafana_admin }}"
+    password: "{{ grafana_password }}"
+    is_admin: true
+    state: present
+- name: add prometheus datasource
+  community.grafana.grafana_datasource:
+    grafana_url: "{{ grafana_url }}"
+    grafana_user: "{{ grafana_admin }}"
+    grafana_password: "{{ grafana_password }}"
+    name: "Prometheus"
+    ds_type: prometheus
+    ds_url: "{{ prometheus_url }}"
+    access: proxy
+- name: add influxdb datasource
+  community.grafana.grafana_datasource:
+    grafana_url: "{{ grafana_url }}"
+    grafana_user: "{{ grafana_admin }}"
+    grafana_password: "{{ grafana_password }}"
+    name: "Proxmox InfluxDB"
+    ds_type: influxdb
+    ds_url: "{{ influxdb_url }}"
+    database: "{{ influx_database }}"
+    user: "{{ influx_user }}"
+    password: "{{ influx_password }}"
+    access: proxy
+- name: add loki datasource
+  community.grafana.grafana_datasource:
+    grafana_url: "{{ grafana_url }}"
+    grafana_user: "{{ grafana_admin }}"
+    grafana_password: "{{ grafana_password }}"
+    name: "Loki"
+    ds_type: loki
+    ds_url: "{{ loki_url }}"
+    access: proxy
+- name: import main custom dashboard
+  delegate_to: localhost
+  become: no
+  community.grafana.grafana_dashboard:
+    grafana_url: "{{ grafana_url }}"
+    grafana_user: "{{ grafana_admin }}"
+    grafana_password: "{{ grafana_password }}"
+    path: "{{ grafana_dashboard_main }}"
+    overwrite: yes
diff --git a/roles/services/monitoring/influxdb/defaults/main.yml b/roles/services/monitoring/influxdb/defaults/main.yml
new file mode 100644
index 0000000..180ad8e
--- /dev/null
+++ b/roles/services/monitoring/influxdb/defaults/main.yml
@@ -0,0 +1,6 @@
+influxdb_packages:
+  - influxdb
+  - influxdb-client
+influx_config: files/influxdb.conf
+influx_data: files/influx_data/
diff --git a/roles/services/monitoring/influxdb/handlers/main.yml b/roles/services/monitoring/influxdb/handlers/main.yml
new file mode 100644
index 0000000..765a040
--- /dev/null
+++ b/roles/services/monitoring/influxdb/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart influxdb
+  service:
+    name: influxdb
+    state: restarted
diff --git a/roles/services/monitoring/influxdb/tasks/main.yml b/roles/services/monitoring/influxdb/tasks/main.yml
new file mode 100644
index 0000000..06d6e86
--- /dev/null
+++ b/roles/services/monitoring/influxdb/tasks/main.yml
@@ -0,0 +1,19 @@
+- name: install packages
+  package:
+    name: "{{ influxdb_packages }}"
+    state: latest
+- name: copy config
+  notify: restart influxdb
+  copy:
+    src: "{{ influx_config }}"
+    dest: /etc/influxdb/influxdb.conf
+    owner: root
+    group: root
+    mode: '0644'
+- name: enable influxdb
+  systemd:
+    name: influxdb
+    enabled: yes
+    masked: no
diff --git a/roles/services/monitoring/loki/handlers/main.yml b/roles/services/monitoring/loki/handlers/main.yml
new file mode 100644
index 0000000..e70412f
--- /dev/null
+++ b/roles/services/monitoring/loki/handlers/main.yml
@@ -0,0 +1,8 @@
+- name: update repos
+  apt:
+    update_cache: yes
+- name: restart nginx
+  service:
+    name: nginx
+    state: restarted
diff --git a/roles/services/monitoring/loki/tasks/main.yml b/roles/services/monitoring/loki/tasks/main.yml
new file mode 100644
index 0000000..31a7375
--- /dev/null
+++ b/roles/services/monitoring/loki/tasks/main.yml
@@ -0,0 +1,80 @@
+- name: install extrepo
+  package:
+    name: extrepo
+    state: latest
+- name: add Grafana repo
+  register: result
+  changed_when: result.stdout | regex_search("skipped") | bool
+  notify: update repos
+  command:
+    cmd: extrepo enable grafana
+    creates: /etc/apt/sources.list.d/extrepo_grafana.sources
+- meta: flush_handlers
+- name: add Grafana repo
+  changed_when: false
+  command:
+    cmd: extrepo update grafana
+- name: install loki
+  package:
+    name: loki
+    state: latest
+- name: deploy loki configuration
+  copy:
+    src: "{{ loki_config }}"
+    dest: /etc/loki/config.yml
+    owner: root
+    group: root
+    mode: '0644'
+- name: deploy nginx configuration
+  copy:
+    src: "{{ loki_nginx_config }}"
+    dest: /etc/nginx/sites-available/loki.conf
+    owner: root
+    group: root
+    mode: '0644'
+  register: nginxconfig
+  notify: restart nginx
+- name: symlink site
+  file:
+    src: /etc/nginx/sites-available/loki.conf
+    dest: /etc/nginx/sites-enabled/loki.conf
+    owner: root
+    group: root
+    state: link
+- name: allow http (80/tcp) traffic
+  ufw:
+    rule: allow
+    port: '80'
+    proto: tcp
+- name: allow https (443/tcp) traffic
+  ufw:
+    rule: allow
+    port: '443'
+    proto: tcp
+- name: allow loki log (3100/tcp) traffic
+  ufw:
+    rule: allow
+    port: '3100'
+    proto: tcp
+- name: enable loki
+  systemd:
+    daemon_reload: yes
+    enabled: yes
+    masked: no
+    name: loki
+- name: restart loki
+  systemd:
+    name: loki
+    state: restarted
diff --git a/roles/services/monitoring/prometheus/blackbox-exporter/tasks/main.yml b/roles/services/monitoring/prometheus/blackbox-exporter/tasks/main.yml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/roles/services/monitoring/prometheus/blackbox-exporter/tasks/main.yml
diff --git a/roles/services/monitoring/prometheus/nginx_exporter/defaults/main.yml b/roles/services/monitoring/prometheus/nginx_exporter/defaults/main.yml
new file mode 100644
index 0000000..9d2b8a5
--- /dev/null
+++ b/roles/services/monitoring/prometheus/nginx_exporter/defaults/main.yml
@@ -0,0 +1,4 @@
+nginx_exporter_debian_package: prometheus-nginx-exporter
+nginx_exporter_fedora_package: golang-github-prometheus-node-exporter
+prometheus_server_ip: 192.168.88.32
+nginx_exporter_port: '9113'
diff --git a/roles/services/monitoring/prometheus/nginx_exporter/handlers/main.yml b/roles/services/monitoring/prometheus/nginx_exporter/handlers/main.yml
new file mode 100644
index 0000000..fe9a90d
--- /dev/null
+++ b/roles/services/monitoring/prometheus/nginx_exporter/handlers/main.yml
@@ -0,0 +1,9 @@
+- name: restart nginx
+  service:
+    name: nginx
+    state: restarted
+- name: restart nginx-exporter
+  service:
+    name: prometheus-nginx-exporter
+    state: started
diff --git a/roles/services/monitoring/prometheus/nginx_exporter/tasks/main.yml b/roles/services/monitoring/prometheus/nginx_exporter/tasks/main.yml
new file mode 100644
index 0000000..819f71e
--- /dev/null
+++ b/roles/services/monitoring/prometheus/nginx_exporter/tasks/main.yml
@@ -0,0 +1,44 @@
+- name: install package (Debian)
+  when: ansible_facts['distribution'] == "Debian"
+  package:
+    name: "{{ nginx_exporter_debian_package }}"
+- name: allow port
+  ufw:
+    rule: allow
+    direction: in
+    proto: tcp
+    src: "{{ prometheus_server_ip }}"
+    to_port: "{{ nginx_exporter_port }}"
+- name: copy defaults file
+  notify: restart nginx-exporter
+  copy:
+    src: "{{ nginx_exporter_defaults }}"
+    dest: /etc/default/prometheus-nginx-exporter
+    owner: root
+    group: root
+    mode: '0644'
+- name: deploy nginx configuration
+  notify: restart nginx
+  copy:
+    src: "{{ nginx_exporter_config }}"
+    dest: /etc/nginx/sites-available/metrics.conf
+    owner: root
+    group: root
+    mode: '0644'
+- name: symlink site
+  file:
+    src: /etc/nginx/sites-available/metrics.conf
+    dest: /etc/nginx/sites-enabled/metrics.conf
+    owner: root
+    group: root
+    state: link
+- name: enable service
+  systemd:
+    name: prometheus-nginx-exporter
+    enabled: yes
+    masked: no
diff --git a/roles/services/monitoring/prometheus/node_exporter/defaults/main.yml b/roles/services/monitoring/prometheus/node_exporter/defaults/main.yml
new file mode 100644
index 0000000..e4ff351
--- /dev/null
+++ b/roles/services/monitoring/prometheus/node_exporter/defaults/main.yml
@@ -0,0 +1,4 @@
+node_exporter_debian_package: prometheus-node-exporter
+node_exporter_fedora_package: golang-github-prometheus-node-exporter
+prometheus_server_ip: 192.168.88.32
+node_exporter_port: '9100'
diff --git a/roles/services/monitoring/prometheus/node_exporter/tasks/main.yml b/roles/services/monitoring/prometheus/node_exporter/tasks/main.yml
new file mode 100644
index 0000000..6bbcc08
--- /dev/null
+++ b/roles/services/monitoring/prometheus/node_exporter/tasks/main.yml
@@ -0,0 +1,28 @@
+- name: install package (Debian)
+  when: ansible_facts['distribution'] == "Debian"
+  package:
+    name: "{{ node_exporter_debian_package }}"
+- name: install package (Fedora)
+  when: ansible_facts['distribution'] == "Fedora"
+  package:
+    name: "{{ node_exporter_fedora_package }}"
+- name: allow port
+  ufw:
+    rule: allow
+    direction: in
+    proto: tcp
+    src: "{{ prometheus_server_ip }}"
+    to_port: "{{ node_exporter_port }}"
+- name: enable service
+  systemd:
+    name: prometheus-node-exporter
+    enabled: yes
+    masked: no
+- name: restart service
+  service:
+    name: prometheus-node-exporter
+    state: restarted
diff --git a/roles/services/monitoring/prometheus/server/defaults/main.yml b/roles/services/monitoring/prometheus/server/defaults/main.yml
new file mode 100644
index 0000000..696e7cc
--- /dev/null
+++ b/roles/services/monitoring/prometheus/server/defaults/main.yml
@@ -0,0 +1,6 @@
+prometheus_package: prometheus
+management_ip: 192.168.88.254
+grafana_server_ip: 192.168.88.21
+prometheus_port: '9090'
+prometheus_config: files/prometheus.yml
+prometheus_defaults: files/prometheus
diff --git a/roles/services/monitoring/prometheus/server/tasks/main.yml b/roles/services/monitoring/prometheus/server/tasks/main.yml
new file mode 100644
index 0000000..06ecc10
--- /dev/null
+++ b/roles/services/monitoring/prometheus/server/tasks/main.yml
@@ -0,0 +1,79 @@
+- name: install package
+  package:
+    name: "{{ prometheus_package }}"
+- name: allow access to metrics from grafana
+  ufw:
+    rule: allow
+    direction: in
+    proto: tcp
+    src: "{{ grafana_server_ip }}"
+    to_port: "{{ prometheus_port }}"
+- name: allow access to metrics from management
+  ufw:
+    rule: allow
+    direction: in
+    proto: tcp
+    src: "{{ management_ip }}"
+    to_port: "{{ prometheus_port }}"
+- name: copy config file
+  copy:
+    src: "{{ prometheus_config }}"
+    dest: /etc/prometheus/prometheus.yml
+    owner: root
+    group: root
+    mode: '0644'
+- name: copy defaults file
+  copy:
+    src: "{{ prometheus_defaults }}"
+    dest: /etc/default/prometheus
+    owner: root
+    group: root
+    mode: '0644'
+- name: enable service
+  systemd:
+    name: prometheus
+    enabled: yes
+    masked: no
+- name: restart service
+  service:
+    name: prometheus
+    state: restarted
+- name: deploy nginx configuration
+  copy:
+    src: "{{ prometheus_nginx_config }}"
+    dest: /etc/nginx/sites-available/grafana.conf
+    owner: root
+    group: root
+    mode: '0644'
+- name: symlink site
+  file:
+    src: /etc/nginx/sites-available/grafana.conf
+    dest: /etc/nginx/sites-enabled/grafana.conf
+    owner: root
+    group: root
+    state: link
+- name: allow http (80/tcp) traffic
+  ufw:
+    rule: allow
+    port: '80'
+    proto: tcp
+- name: allow https (443/tcp) traffic
+  ufw:
+    rule: allow
+    port: '443'
+    proto: tcp
+- name: restart nginx
+  service:
+    name: nginx
+    state: restarted
diff --git a/roles/services/monitoring/promtail/handlers/main.yml b/roles/services/monitoring/promtail/handlers/main.yml
new file mode 100644
index 0000000..97ea7d3
--- /dev/null
+++ b/roles/services/monitoring/promtail/handlers/main.yml
@@ -0,0 +1,39 @@
+- name: update repos - debian
+  apt:
+    update_cache: yes
+- name: update repos - fedora
+  dnf:
+    name: "*"
+    state: latest
+- name: build loki-docker-driver plugin for private repo
+  become: yes
+  become_user: "{{ docker_username }}"
+  environment:
+    LOKI_DOCKER_DRIVER: "{{ docker_registry_url }}/{{ docker_registry_username }}/loki-docker-driver"
+  community.general.make:
+    chdir: "{{ docker_home }}/plugins/loki"
+    target: docker-driver-push
+- name: restart rootless docker
+  become: yes
+  become_user: "{{ docker_username }}"
+  systemd:
+    name: docker
+    enabled: yes
+    state: restarted
+    scope: user
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
+- name: restart docker
+  service:
+    name: docker
+    state: restarted
+- name: restart promtail
+  when: promtail_config.changed
+  service:
+    name: promtail
+    state: restarted
diff --git a/roles/services/monitoring/promtail/tasks/main.yml b/roles/services/monitoring/promtail/tasks/main.yml
new file mode 100644
index 0000000..f8b28cc
--- /dev/null
+++ b/roles/services/monitoring/promtail/tasks/main.yml
@@ -0,0 +1,151 @@
+- name: install extrepo
+  when: ansible_facts['distribution'] == 'Debian'
+  package:
+    name: extrepo
+    state: latest
+- name: add grafana repo | debian
+  when: ansible_facts['distribution'] == 'Debian'
+  register: result
+  changed_when: result.stdout | regex_search("skipped") | bool
+  notify: update repos - debian
+  command:
+    cmd: extrepo enable grafana
+    creates: /etc/apt/sources.list.d/extrepo_grafana.sources
+- meta: flush_handlers
+- name: update grafana extrepo data | debian
+  when: ansible_facts['distribution'] == 'Debian'
+  changed_when: false
+  command:
+    cmd: extrepo update grafana
+- name: add Grafana repo | fedora
+  when: ansible_facts['distribution'] == 'Fedora'
+  notify: update repos - fedora
+  yum_repository:
+    name: grafana
+    file: grafna
+    description: "Grafana OSS Repo"
+    baseurl: "https://rpm.grafana.com"
+    repo_gpgcheck: yes
+    enabled: yes
+    gpgcheck: yes
+    gpgkey: https://rpm.grafana.com/gpg.key
+    sslverify: yes
+    sslcacert: /etc/pki/tls/certs/ca-bundle.crt
+    exclude: "*beta*"
+- name: install promtail
+  package:
+    name: promtail
+    state: latest
+- name: add promtail to adm group for log access (debian)
+  when: ansible_facts['distribution'] == 'Debian'
+  user:
+    name: promtail
+    groups: adm
+    append: yes
+- name: add promtail to systemd-journal group for journal access
+  user:
+    name: promtail
+    groups: systemd-journal
+    append: yes
+- name: create docker plugin directory
+  when: "'docker_hosts' in group_names"
+  become: yes
+  become_user: "{{ docker_username }}"
+  file:
+    path: "{{ docker_home }}/plugins"
+    state: directory
+    owner: "{{ docker_username }}"
+    group: "{{ docker_username }}"
+    mode: "0755"
+- name: clone loki repo
+  when: "'docker_hosts' in group_names"
+  become: yes
+  become_user: "{{ docker_username }}"
+  git:
+    repo: "{{ loki_repo }}"
+    dest: "{{ docker_home }}/plugins/loki"
+    version: "{{ loki_version }}"
+  register: repo
+  notify: build loki-docker-driver plugin for private repo
+- meta: flush_handlers
+- name: login to docker registry
+  when: "'docker_hosts' in group_names"
+  become: yes
+  become_user: "{{ docker_username }}"
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
+  docker_login:
+    docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
+    registry_url: "{{ docker_registry_url }}"
+    username: "{{ docker_registry_username }}"
+    password: "{{ docker_registry_password }}"
+# docker driver rootless
+- name: enable loki-docker-driver plugin
+  when: "'docker_hosts' in group_names"
+  become: yes
+  become_user: "{{ docker_username }}"
+  notify: restart rootless docker
+  community.docker.docker_plugin:
+    plugin_name: "{{ docker_registry_url }}/{{ docker_registry_username }}/loki-docker-driver:main"
+    state: enable
+    docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
+    alias: loki
+- name: deploy docker config
+  when: "'docker_hosts' in group_names"
+  notify: restart rootless docker
+  copy:
+    src: "{{ docker_config }}"
+    dest: "{{ docker_home }}/.config/docker/daemon.json"
+    owner: "{{ docker_username }}"
+    group: "{{ docker_username }}"
+    mode: '0644'
+# docker driver root
+- name: enable loki-docker-driver plugin
+  when: "'docker_hosts' in group_names"
+  notify: restart docker
+  community.docker.docker_plugin:
+    plugin_name: "{{ docker_registry_url }}/{{ docker_registry_username }}/loki-docker-driver:main"
+    state: enable
+    alias: loki
+- name: deploy docker config
+  when: "'docker_hosts' in group_names"
+  notify: restart docker
+  copy:
+    src: "{{ docker_config }}"
+    dest: /etc/docker/daemon.json
+    owner: root
+    group: root
+    mode: '0644'
+- name: deploy promtail configuration
+  notify: restart promtail
+  copy:
+    src: "{{ promtail_config }}"
+    dest: /etc/promtail/config.yml
+    owner: root
+    group: root
+    mode: '0644'
+- name: enable promtail
+  systemd:
+    daemon_reload: yes
+    enabled: yes
+    masked: no
+    name: promtail

diff --git a/roles/services/monitoring/grafana/defaults/main.yml b/roles/services/monitoring/grafana/defaults/main.yml new file mode 100644 index 0000000..c346e54 --- /dev/null +++ b/roles/services/monitoring/grafana/defaults/main.yml
@@ -0,0 +1,5 @@
	1	grafana_package:
	2	- grafana
	3	- nginx
	4	grafana_config: files/grafana_config/
	5	grafana_data: files/grafana.db


diff --git a/roles/services/monitoring/grafana/handlers/main.yml b/roles/services/monitoring/grafana/handlers/main.yml new file mode 100644 index 0000000..8026c6d --- /dev/null +++ b/roles/services/monitoring/grafana/handlers/main.yml
@@ -0,0 +1,13 @@
	1	- name: update repos
	2	apt:
	3	update_cache: yes
	4
	5	- name: restart grafana
	6	service:
	7	name: grafana-server
	8	state: restarted
	9
	10	- name: restart nginx
	11	service:
	12	name: nginx
	13	state: restarted


diff --git a/roles/services/monitoring/grafana/tasks/main.yml b/roles/services/monitoring/grafana/tasks/main.yml new file mode 100644 index 0000000..e9f824e --- /dev/null +++ b/roles/services/monitoring/grafana/tasks/main.yml
@@ -0,0 +1,125 @@
	1	- name: install extrepo
	2	package:
	3	name: extrepo
	4	state: latest
	5
	6	- name: add Grafana repo
	7	register: result
	8	changed_when: result.stdout \| regex_search("skipped") \| bool
	9	notify: update repos
	10	command:
	11	cmd: extrepo enable grafana
	12	creates: /etc/apt/sources.list.d/extrepo_grafana.sources
	13
	14	- meta: flush_handlers
	15
	16	- name: update Grafana repo
	17	changed_when: false
	18	command:
	19	cmd: extrepo update grafana
	20
	21	- name: install grafana
	22	package:
	23	name: "{{ grafana_package }}"
	24
	25	- name: deploy grafana config
	26	notify: restart grafana
	27	template:
	28	src: "{{ grafana_config }}"
	29	dest: /etc/grafana/grafana.ini
	30	owner: root
	31	group: grafana
	32	mode: '0640'
	33
	34	- name: deploy nginx configuration
	35	notify: restart nginx
	36	copy:
	37	src: "{{ grafana_nginx_config }}"
	38	dest: /etc/nginx/sites-available/grafana.conf
	39	owner: root
	40	group: root
	41	mode: '0644'
	42
	43	- name: symlink site
	44	notify: restart nginx
	45	file:
	46	src: /etc/nginx/sites-available/grafana.conf
	47	dest: /etc/nginx/sites-enabled/grafana.conf
	48	owner: root
	49	group: root
	50	state: link
	51
	52	- name: allow http (80/tcp) traffic
	53	ufw:
	54	rule: allow
	55	port: '80'
	56	proto: tcp
	57
	58	- name: allow https (443/tcp) traffic
	59	ufw:
	60	rule: allow
	61	port: '443'
	62	proto: tcp
	63
	64	- name: enable grafana
	65	systemd:
	66	daemon_reload: yes
	67	enabled: yes
	68	masked: no
	69	name: grafana-server
	70
	71	- meta: flush_handlers
	72
	73	- name: add grafana user
	74	ignore_errors: yes
	75	community.grafana.grafana_user:
	76	name: "{{ grafana_admin }}"
	77	email: "{{ grafana_email }}"
	78	url: "{{ grafana_url }}"
	79	login: "{{ grafana_admin }}"
	80	password: "{{ grafana_password }}"
	81	is_admin: true
	82	state: present
	83
	84	- name: add prometheus datasource
	85	community.grafana.grafana_datasource:
	86	grafana_url: "{{ grafana_url }}"
	87	grafana_user: "{{ grafana_admin }}"
	88	grafana_password: "{{ grafana_password }}"
	89	name: "Prometheus"
	90	ds_type: prometheus
	91	ds_url: "{{ prometheus_url }}"
	92	access: proxy
	93
	94	- name: add influxdb datasource
	95	community.grafana.grafana_datasource:
	96	grafana_url: "{{ grafana_url }}"
	97	grafana_user: "{{ grafana_admin }}"
	98	grafana_password: "{{ grafana_password }}"
	99	name: "Proxmox InfluxDB"
	100	ds_type: influxdb
	101	ds_url: "{{ influxdb_url }}"
	102	database: "{{ influx_database }}"
	103	user: "{{ influx_user }}"
	104	password: "{{ influx_password }}"
	105	access: proxy
	106
	107	- name: add loki datasource
	108	community.grafana.grafana_datasource:
	109	grafana_url: "{{ grafana_url }}"
	110	grafana_user: "{{ grafana_admin }}"
	111	grafana_password: "{{ grafana_password }}"
	112	name: "Loki"
	113	ds_type: loki
	114	ds_url: "{{ loki_url }}"
	115	access: proxy
	116
	117	- name: import main custom dashboard
	118	delegate_to: localhost
	119	become: no
	120	community.grafana.grafana_dashboard:
	121	grafana_url: "{{ grafana_url }}"
	122	grafana_user: "{{ grafana_admin }}"
	123	grafana_password: "{{ grafana_password }}"
	124	path: "{{ grafana_dashboard_main }}"
	125	overwrite: yes


diff --git a/roles/services/monitoring/influxdb/defaults/main.yml b/roles/services/monitoring/influxdb/defaults/main.yml new file mode 100644 index 0000000..180ad8e --- /dev/null +++ b/roles/services/monitoring/influxdb/defaults/main.yml
@@ -0,0 +1,6 @@
	1	influxdb_packages:
	2	- influxdb
	3	- influxdb-client
	4
	5	influx_config: files/influxdb.conf
	6	influx_data: files/influx_data/


diff --git a/roles/services/monitoring/influxdb/handlers/main.yml b/roles/services/monitoring/influxdb/handlers/main.yml new file mode 100644 index 0000000..765a040 --- /dev/null +++ b/roles/services/monitoring/influxdb/handlers/main.yml
@@ -0,0 +1,4 @@
	1	- name: restart influxdb
	2	service:
	3	name: influxdb
	4	state: restarted


diff --git a/roles/services/monitoring/influxdb/tasks/main.yml b/roles/services/monitoring/influxdb/tasks/main.yml new file mode 100644 index 0000000..06d6e86 --- /dev/null +++ b/roles/services/monitoring/influxdb/tasks/main.yml
@@ -0,0 +1,19 @@
	1	- name: install packages
	2	package:
	3	name: "{{ influxdb_packages }}"
	4	state: latest
	5
	6	- name: copy config
	7	notify: restart influxdb
	8	copy:
	9	src: "{{ influx_config }}"
	10	dest: /etc/influxdb/influxdb.conf
	11	owner: root
	12	group: root
	13	mode: '0644'
	14
	15	- name: enable influxdb
	16	systemd:
	17	name: influxdb
	18	enabled: yes
	19	masked: no


diff --git a/roles/services/monitoring/loki/handlers/main.yml b/roles/services/monitoring/loki/handlers/main.yml new file mode 100644 index 0000000..e70412f --- /dev/null +++ b/roles/services/monitoring/loki/handlers/main.yml
@@ -0,0 +1,8 @@
	1	- name: update repos
	2	apt:
	3	update_cache: yes
	4
	5	- name: restart nginx
	6	service:
	7	name: nginx
	8	state: restarted


diff --git a/roles/services/monitoring/loki/tasks/main.yml b/roles/services/monitoring/loki/tasks/main.yml new file mode 100644 index 0000000..31a7375 --- /dev/null +++ b/roles/services/monitoring/loki/tasks/main.yml
@@ -0,0 +1,80 @@
	1	- name: install extrepo
	2	package:
	3	name: extrepo
	4	state: latest
	5
	6	- name: add Grafana repo
	7	register: result
	8	changed_when: result.stdout \| regex_search("skipped") \| bool
	9	notify: update repos
	10	command:
	11	cmd: extrepo enable grafana
	12	creates: /etc/apt/sources.list.d/extrepo_grafana.sources
	13
	14	- meta: flush_handlers
	15
	16	- name: add Grafana repo
	17	changed_when: false
	18	command:
	19	cmd: extrepo update grafana
	20
	21	- name: install loki
	22	package:
	23	name: loki
	24	state: latest
	25
	26	- name: deploy loki configuration
	27	copy:
	28	src: "{{ loki_config }}"
	29	dest: /etc/loki/config.yml
	30	owner: root
	31	group: root
	32	mode: '0644'
	33
	34	- name: deploy nginx configuration
	35	copy:
	36	src: "{{ loki_nginx_config }}"
	37	dest: /etc/nginx/sites-available/loki.conf
	38	owner: root
	39	group: root
	40	mode: '0644'
	41	register: nginxconfig
	42	notify: restart nginx
	43
	44	- name: symlink site
	45	file:
	46	src: /etc/nginx/sites-available/loki.conf
	47	dest: /etc/nginx/sites-enabled/loki.conf
	48	owner: root
	49	group: root
	50	state: link
	51
	52	- name: allow http (80/tcp) traffic
	53	ufw:
	54	rule: allow
	55	port: '80'
	56	proto: tcp
	57
	58	- name: allow https (443/tcp) traffic
	59	ufw:
	60	rule: allow
	61	port: '443'
	62	proto: tcp
	63
	64	- name: allow loki log (3100/tcp) traffic
	65	ufw:
	66	rule: allow
	67	port: '3100'
	68	proto: tcp
	69
	70	- name: enable loki
	71	systemd:
	72	daemon_reload: yes
	73	enabled: yes
	74	masked: no
	75	name: loki
	76
	77	- name: restart loki
	78	systemd:
	79	name: loki
	80	state: restarted


diff --git a/roles/services/monitoring/prometheus/blackbox-exporter/tasks/main.yml b/roles/services/monitoring/prometheus/blackbox-exporter/tasks/main.yml new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/roles/services/monitoring/prometheus/blackbox-exporter/tasks/main.yml


diff --git a/roles/services/monitoring/prometheus/nginx_exporter/defaults/main.yml b/roles/services/monitoring/prometheus/nginx_exporter/defaults/main.yml new file mode 100644 index 0000000..9d2b8a5 --- /dev/null +++ b/roles/services/monitoring/prometheus/nginx_exporter/defaults/main.yml
@@ -0,0 +1,4 @@
	1	nginx_exporter_debian_package: prometheus-nginx-exporter
	2	nginx_exporter_fedora_package: golang-github-prometheus-node-exporter
	3	prometheus_server_ip: 192.168.88.32
	4	nginx_exporter_port: '9113'


diff --git a/roles/services/monitoring/prometheus/nginx_exporter/handlers/main.yml b/roles/services/monitoring/prometheus/nginx_exporter/handlers/main.yml new file mode 100644 index 0000000..fe9a90d --- /dev/null +++ b/roles/services/monitoring/prometheus/nginx_exporter/handlers/main.yml
@@ -0,0 +1,9 @@
	1	- name: restart nginx
	2	service:
	3	name: nginx
	4	state: restarted
	5
	6	- name: restart nginx-exporter
	7	service:
	8	name: prometheus-nginx-exporter
	9	state: started


diff --git a/roles/services/monitoring/prometheus/nginx_exporter/tasks/main.yml b/roles/services/monitoring/prometheus/nginx_exporter/tasks/main.yml new file mode 100644 index 0000000..819f71e --- /dev/null +++ b/roles/services/monitoring/prometheus/nginx_exporter/tasks/main.yml
@@ -0,0 +1,44 @@
	1	- name: install package (Debian)
	2	when: ansible_facts['distribution'] == "Debian"
	3	package:
	4	name: "{{ nginx_exporter_debian_package }}"
	5
	6	- name: allow port
	7	ufw:
	8	rule: allow
	9	direction: in
	10	proto: tcp
	11	src: "{{ prometheus_server_ip }}"
	12	to_port: "{{ nginx_exporter_port }}"
	13
	14	- name: copy defaults file
	15	notify: restart nginx-exporter
	16	copy:
	17	src: "{{ nginx_exporter_defaults }}"
	18	dest: /etc/default/prometheus-nginx-exporter
	19	owner: root
	20	group: root
	21	mode: '0644'
	22
	23	- name: deploy nginx configuration
	24	notify: restart nginx
	25	copy:
	26	src: "{{ nginx_exporter_config }}"
	27	dest: /etc/nginx/sites-available/metrics.conf
	28	owner: root
	29	group: root
	30	mode: '0644'
	31
	32	- name: symlink site
	33	file:
	34	src: /etc/nginx/sites-available/metrics.conf
	35	dest: /etc/nginx/sites-enabled/metrics.conf
	36	owner: root
	37	group: root
	38	state: link
	39
	40	- name: enable service
	41	systemd:
	42	name: prometheus-nginx-exporter
	43	enabled: yes
	44	masked: no


diff --git a/roles/services/monitoring/prometheus/node_exporter/defaults/main.yml b/roles/services/monitoring/prometheus/node_exporter/defaults/main.yml new file mode 100644 index 0000000..e4ff351 --- /dev/null +++ b/roles/services/monitoring/prometheus/node_exporter/defaults/main.yml
@@ -0,0 +1,4 @@
	1	node_exporter_debian_package: prometheus-node-exporter
	2	node_exporter_fedora_package: golang-github-prometheus-node-exporter
	3	prometheus_server_ip: 192.168.88.32
	4	node_exporter_port: '9100'


diff --git a/roles/services/monitoring/prometheus/node_exporter/tasks/main.yml b/roles/services/monitoring/prometheus/node_exporter/tasks/main.yml new file mode 100644 index 0000000..6bbcc08 --- /dev/null +++ b/roles/services/monitoring/prometheus/node_exporter/tasks/main.yml
@@ -0,0 +1,28 @@
	1	- name: install package (Debian)
	2	when: ansible_facts['distribution'] == "Debian"
	3	package:
	4	name: "{{ node_exporter_debian_package }}"
	5
	6	- name: install package (Fedora)
	7	when: ansible_facts['distribution'] == "Fedora"
	8	package:
	9	name: "{{ node_exporter_fedora_package }}"
	10
	11	- name: allow port
	12	ufw:
	13	rule: allow
	14	direction: in
	15	proto: tcp
	16	src: "{{ prometheus_server_ip }}"
	17	to_port: "{{ node_exporter_port }}"
	18
	19	- name: enable service
	20	systemd:
	21	name: prometheus-node-exporter
	22	enabled: yes
	23	masked: no
	24
	25	- name: restart service
	26	service:
	27	name: prometheus-node-exporter
	28	state: restarted


diff --git a/roles/services/monitoring/prometheus/server/defaults/main.yml b/roles/services/monitoring/prometheus/server/defaults/main.yml new file mode 100644 index 0000000..696e7cc --- /dev/null +++ b/roles/services/monitoring/prometheus/server/defaults/main.yml
@@ -0,0 +1,6 @@
	1	prometheus_package: prometheus
	2	management_ip: 192.168.88.254
	3	grafana_server_ip: 192.168.88.21
	4	prometheus_port: '9090'
	5	prometheus_config: files/prometheus.yml
	6	prometheus_defaults: files/prometheus


diff --git a/roles/services/monitoring/prometheus/server/tasks/main.yml b/roles/services/monitoring/prometheus/server/tasks/main.yml new file mode 100644 index 0000000..06ecc10 --- /dev/null +++ b/roles/services/monitoring/prometheus/server/tasks/main.yml
@@ -0,0 +1,79 @@
	1	- name: install package
	2	package:
	3	name: "{{ prometheus_package }}"
	4
	5	- name: allow access to metrics from grafana
	6	ufw:
	7	rule: allow
	8	direction: in
	9	proto: tcp
	10	src: "{{ grafana_server_ip }}"
	11	to_port: "{{ prometheus_port }}"
	12
	13	- name: allow access to metrics from management
	14	ufw:
	15	rule: allow
	16	direction: in
	17	proto: tcp
	18	src: "{{ management_ip }}"
	19	to_port: "{{ prometheus_port }}"
	20
	21	- name: copy config file
	22	copy:
	23	src: "{{ prometheus_config }}"
	24	dest: /etc/prometheus/prometheus.yml
	25	owner: root
	26	group: root
	27	mode: '0644'
	28
	29	- name: copy defaults file
	30	copy:
	31	src: "{{ prometheus_defaults }}"
	32	dest: /etc/default/prometheus
	33	owner: root
	34	group: root
	35	mode: '0644'
	36
	37	- name: enable service
	38	systemd:
	39	name: prometheus
	40	enabled: yes
	41	masked: no
	42
	43	- name: restart service
	44	service:
	45	name: prometheus
	46	state: restarted
	47
	48	- name: deploy nginx configuration
	49	copy:
	50	src: "{{ prometheus_nginx_config }}"
	51	dest: /etc/nginx/sites-available/grafana.conf
	52	owner: root
	53	group: root
	54	mode: '0644'
	55
	56	- name: symlink site
	57	file:
	58	src: /etc/nginx/sites-available/grafana.conf
	59	dest: /etc/nginx/sites-enabled/grafana.conf
	60	owner: root
	61	group: root
	62	state: link
	63
	64	- name: allow http (80/tcp) traffic
	65	ufw:
	66	rule: allow
	67	port: '80'
	68	proto: tcp
	69
	70	- name: allow https (443/tcp) traffic
	71	ufw:
	72	rule: allow
	73	port: '443'
	74	proto: tcp
	75
	76	- name: restart nginx
	77	service:
	78	name: nginx
	79	state: restarted


diff --git a/roles/services/monitoring/promtail/handlers/main.yml b/roles/services/monitoring/promtail/handlers/main.yml new file mode 100644 index 0000000..97ea7d3 --- /dev/null +++ b/roles/services/monitoring/promtail/handlers/main.yml
@@ -0,0 +1,39 @@
	1	- name: update repos - debian
	2	apt:
	3	update_cache: yes
	4
	5	- name: update repos - fedora
	6	dnf:
	7	name: "*"
	8	state: latest
	9
	10	- name: build loki-docker-driver plugin for private repo
	11	become: yes
	12	become_user: "{{ docker_username }}"
	13	environment:
	14	LOKI_DOCKER_DRIVER: "{{ docker_registry_url }}/{{ docker_registry_username }}/loki-docker-driver"
	15	community.general.make:
	16	chdir: "{{ docker_home }}/plugins/loki"
	17	target: docker-driver-push
	18
	19	- name: restart rootless docker
	20	become: yes
	21	become_user: "{{ docker_username }}"
	22	systemd:
	23	name: docker
	24	enabled: yes
	25	state: restarted
	26	scope: user
	27	environment:
	28	XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
	29
	30	- name: restart docker
	31	service:
	32	name: docker
	33	state: restarted
	34
	35	- name: restart promtail
	36	when: promtail_config.changed
	37	service:
	38	name: promtail
	39	state: restarted


diff --git a/roles/services/monitoring/promtail/tasks/main.yml b/roles/services/monitoring/promtail/tasks/main.yml new file mode 100644 index 0000000..f8b28cc --- /dev/null +++ b/roles/services/monitoring/promtail/tasks/main.yml
@@ -0,0 +1,151 @@
	1	- name: install extrepo
	2	when: ansible_facts['distribution'] == 'Debian'
	3	package:
	4	name: extrepo
	5	state: latest
	6
	7	- name: add grafana repo \| debian
	8	when: ansible_facts['distribution'] == 'Debian'
	9	register: result
	10	changed_when: result.stdout \| regex_search("skipped") \| bool
	11	notify: update repos - debian
	12	command:
	13	cmd: extrepo enable grafana
	14	creates: /etc/apt/sources.list.d/extrepo_grafana.sources
	15
	16	- meta: flush_handlers
	17
	18	- name: update grafana extrepo data \| debian
	19	when: ansible_facts['distribution'] == 'Debian'
	20	changed_when: false
	21	command:
	22	cmd: extrepo update grafana
	23
	24	- name: add Grafana repo \| fedora
	25	when: ansible_facts['distribution'] == 'Fedora'
	26	notify: update repos - fedora
	27	yum_repository:
	28	name: grafana
	29	file: grafna
	30	description: "Grafana OSS Repo"
	31	baseurl: "https://rpm.grafana.com"
	32	repo_gpgcheck: yes
	33	enabled: yes
	34	gpgcheck: yes
	35	gpgkey: https://rpm.grafana.com/gpg.key
	36	sslverify: yes
	37	sslcacert: /etc/pki/tls/certs/ca-bundle.crt
	38	exclude: "beta"
	39
	40	- name: install promtail
	41	package:
	42	name: promtail
	43	state: latest
	44
	45	- name: add promtail to adm group for log access (debian)
	46	when: ansible_facts['distribution'] == 'Debian'
	47	user:
	48	name: promtail
	49	groups: adm
	50	append: yes
	51
	52	- name: add promtail to systemd-journal group for journal access
	53	user:
	54	name: promtail
	55	groups: systemd-journal
	56	append: yes
	57
	58	- name: create docker plugin directory
	59	when: "'docker_hosts' in group_names"
	60	become: yes
	61	become_user: "{{ docker_username }}"
	62	file:
	63	path: "{{ docker_home }}/plugins"
	64	state: directory
	65	owner: "{{ docker_username }}"
	66	group: "{{ docker_username }}"
	67	mode: "0755"
	68
	69	- name: clone loki repo
	70	when: "'docker_hosts' in group_names"
	71	become: yes
	72	become_user: "{{ docker_username }}"
	73	git:
	74	repo: "{{ loki_repo }}"
	75	dest: "{{ docker_home }}/plugins/loki"
	76	version: "{{ loki_version }}"
	77	register: repo
	78	notify: build loki-docker-driver plugin for private repo
	79
	80	- meta: flush_handlers
	81
	82	- name: login to docker registry
	83	when: "'docker_hosts' in group_names"
	84	become: yes
	85	become_user: "{{ docker_username }}"
	86	environment:
	87	XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
	88	docker_login:
	89	docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
	90	registry_url: "{{ docker_registry_url }}"
	91	username: "{{ docker_registry_username }}"
	92	password: "{{ docker_registry_password }}"
	93
	94	# docker driver rootless
	95
	96	- name: enable loki-docker-driver plugin
	97	when: "'docker_hosts' in group_names"
	98	become: yes
	99	become_user: "{{ docker_username }}"
	100	notify: restart rootless docker
	101	community.docker.docker_plugin:
	102	plugin_name: "{{ docker_registry_url }}/{{ docker_registry_username }}/loki-docker-driver:main"
	103	state: enable
	104	docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
	105	alias: loki
	106
	107	- name: deploy docker config
	108	when: "'docker_hosts' in group_names"
	109	notify: restart rootless docker
	110	copy:
	111	src: "{{ docker_config }}"
	112	dest: "{{ docker_home }}/.config/docker/daemon.json"
	113	owner: "{{ docker_username }}"
	114	group: "{{ docker_username }}"
	115	mode: '0644'
	116
	117	# docker driver root
	118
	119	- name: enable loki-docker-driver plugin
	120	when: "'docker_hosts' in group_names"
	121	notify: restart docker
	122	community.docker.docker_plugin:
	123	plugin_name: "{{ docker_registry_url }}/{{ docker_registry_username }}/loki-docker-driver:main"
	124	state: enable
	125	alias: loki
	126
	127	- name: deploy docker config
	128	when: "'docker_hosts' in group_names"
	129	notify: restart docker
	130	copy:
	131	src: "{{ docker_config }}"
	132	dest: /etc/docker/daemon.json
	133	owner: root
	134	group: root
	135	mode: '0644'
	136
	137	- name: deploy promtail configuration
	138	notify: restart promtail
	139	copy:
	140	src: "{{ promtail_config }}"
	141	dest: /etc/promtail/config.yml
	142	owner: root
	143	group: root
	144	mode: '0644'
	145
	146	- name: enable promtail
	147	systemd:
	148	daemon_reload: yes
	149	enabled: yes
	150	masked: no
	151	name: promtail