diff --git a/roles/thanos/defaults/main.yaml b/roles/thanos/defaults/main.yaml new file mode 100644 index 0000000..c05cc72 --- /dev/null +++ b/roles/thanos/defaults/main.yaml @@ -0,0 +1,113 @@ +--- +thanos_go_arch_map: + i386: '386' + x86_64: 'amd64' + +thanos_go_arch: "{{ thanos_go_arch_map[ansible_architecture] | default('amd64') }}" + +thanos_services: + - thanos-sidecar + - thanos-query + - thanos-store + - thanos-compact + - thanos-query-frontend + +thanos_ports: + sidecar: { grpc: 10901, http: 10902 } + query: { grpc: 10903, http: 10904 } + store: { grpc: 10905, http: 10906 } + receive: { grpc: 10907, http: 10909, http_remote_write: 10908 } + rule: { grpc: 10910, http: 10911 } + compact: { http: 10912 } + query_frontend: { http: 10913 } + + +thanos_sidecar_service_name: thanos-sidecar.service +thanos_sidecar_service_enabled: true +thanos_sidecar_service_state: started + +thanos_query_service_name: thanos-query.service +thanos_query_service_enabled: true +thanos_query_service_state: started + +thanos_store_service_name: thanos-store.service +thanos_store_service_enabled: true +thanos_store_service_state: started + +thanos_compact_service_name: thanos-compact.service +thanos_compact_service_enabled: true +thanos_compact_service_state: started + +thanos_query_frontend_service_name: thanos-query-frontend.service +thanos_query_frontend_service_enabled: true +thanos_query_frontend_service_state: started + +thanos_version_regex: ^thanos, version ([\d.]+) + +thanos_checksum_algo: sha256 +thanos_github_rel_path: thanos-io/thanos +thanos_github_project_url: "https://github.com/{{ thanos_github_rel_path }}" +thanos_release_file: "thanos-{{ thanos_version }}.{{ ansible_system | lower }}-{{ thanos_go_arch }}.tar.gz" +thanos_release_url: "{{ thanos_github_project_url }}/releases/download/v{{ thanos_version }}/{{ thanos_release_file }}" +thanos_checksum_url: "{{ thanos_github_project_url }}/releases/download/v{{ thanos_version }}/{{ thanos_checksum_algo }}sums.txt" +thanos_download_path: "/tmp/{{ thanos_release_file }}" +thanos_unarchive_dest_path: /tmp +thanos_extracted_path: "{{ thanos_download_path | replace('.tar.gz', '') }}" +thanos_binaries: + - thanos + +thanos_user: thanos +thanos_user_state: present +thanos_user_shell: /usr/sbin/nologin + +thanos_group: thanos +thanos_group_state: "{{ thanos_user_state | default('present') }}" + +thanos_etc_path: /etc/thanos +thanos_etc_owner: root +thanos_etc_group: root +thanos_etc_mode: "0755" + +thanos_var_path: /var/lib/thanos +thanos_var_owner: "{{ thanos_user }}" +thanos_var_group: "{{ thanos_group }}" +thanos_var_mode: "0755" + +thanos_bin_path: /usr/local/bin + +thanos_sidecar_tsdb_path: /var/lib/prometheus +thanos_sidecar_objstore_config_file: "{{ thanos_etc_path }}/bucket.yaml" +thanos_sidecar_objstore_config_file_owner: "{{ thanos_user }}" +thanos_sidecar_objstore_config_file_group: "{{ thanos_group }}" +thanos_sidecar_objstore_config_file_mode: "0600" +thanos_sidecar_prometheus_url: http://localhost:9090 +thanos_sidecar_http_address: "0.0.0.0:{{ thanos_ports.sidecar.http }}" +thanos_sidecar_grpc_address: "0.0.0.0:{{ thanos_ports.sidecar.grpc }}" + +thanos_query_http_address: "0.0.0.0:{{ thanos_ports.query.http }}" +thanos_query_grpc_address: "0.0.0.0:{{ thanos_ports.query.grpc }}" +thanos_query_store: + - "127.0.0.1:{{ thanos_ports.sidecar.grpc }}" + - "127.0.0.1:{{ thanos_ports.store.grpc }}" + +thanos_store_data_dir: "{{ thanos_var_path }}/store" +thanos_store_objstore_config_file: "{{ thanos_sidecar_objstore_config_file }}" +thanos_store_http_address: "0.0.0.0:{{ thanos_ports.store.http }}" +thanos_store_grpc_address: "0.0.0.0:{{ thanos_ports.store.grpc }}" + +thanos_compact_data_dir: "{{ thanos_var_path }}/compact" +thanos_compact_objstore_config_file: "{{ thanos_sidecar_objstore_config_file }}" +thanos_compact_http_address: "0.0.0.0:{{ thanos_ports.compact.http }}" +thanos_compact_wait: true + +thanos_query_frontend_http_address: "0.0.0.0:{{ thanos_ports.query_frontend.http }}" +thanos_query_frontend_downstream_url: "http://127.0.0.1:{{ thanos_ports.query.http }}" +thanos_query_frontend_cache_config: + type: IN-MEMORY + config: + max_size: 256M + max_size_items: 0 + validity: 0s + +thanos_bucket_config: {} +thanos_config: {} diff --git a/roles/thanos/handlers/main.yaml b/roles/thanos/handlers/main.yaml new file mode 100644 index 0000000..4fe2dc1 --- /dev/null +++ b/roles/thanos/handlers/main.yaml @@ -0,0 +1,35 @@ +--- +- name: restart thanos sidecar + systemd: + name: "{{ thanos_sidecar_service_name }}" + daemon_reload: true + state: restarted + listen: restart thanos + +- name: restart thanos query + systemd: + name: "{{ thanos_query_service_name }}" + daemon_reload: true + state: restarted + listen: restart thanos + +- name: restart thanos store + systemd: + name: "{{ thanos_store_service_name }}" + daemon_reload: true + state: restarted + listen: restart thanos + +- name: restart thanos compact + systemd: + name: "{{ thanos_compact_service_name }}" + daemon_reload: true + state: restarted + listen: restart thanos + +- name: restart thanos query frontend + systemd: + name: "{{ thanos_query_frontend_service_name }}" + daemon_reload: true + state: restarted + listen: restart thanos diff --git a/roles/thanos/tasks/configure-component.yaml b/roles/thanos/tasks/configure-component.yaml new file mode 100644 index 0000000..b5e6dc6 --- /dev/null +++ b/roles/thanos/tasks/configure-component.yaml @@ -0,0 +1,15 @@ +--- +- name: "{{ item }}: configure systemd" + template: + src: "{{ item }}.service.j2" + dest: "/etc/systemd/system/{{ item }}.service" + owner: root + group: root + mode: 0444 + notify: "restart {{ item | replace('-', ' ')}}" + +- name: "{{ item }}: manage service" + service: + name: "{{ item }}.service" + enabled: "{{ lookup('vars', item | replace('-', '_') + '_service_enabled') }}" + state: "{{ lookup('vars', item | replace('-', '_') + '_service_state') }}" diff --git a/roles/thanos/tasks/configure.yaml b/roles/thanos/tasks/configure.yaml new file mode 100644 index 0000000..b8e7509 --- /dev/null +++ b/roles/thanos/tasks/configure.yaml @@ -0,0 +1,63 @@ +--- +- name: sysctl fs.protected_hardlinks + sysctl: + name: fs.protected_hardlinks + value: "0" + sysctl_set: yes + state: present + +- name: create group + group: + name: "{{ thanos_group }}" + system: true + state: "{{ thanos_group_state | default('present') }}" + +- name: create user + user: + name: "{{ thanos_user }}" + system: true + shell: "{{ thanos_user_shell }}" + group: "{{ thanos_group }}" + groups: "{{ prometheus_group }}" + createhome: false + home: "{{ thanos_var_path }}" + state: "{{ thanos_user_state | default('present') }}" + append: true + +- name: create etc path + file: + path: "{{ thanos_etc_path }}" + state: directory + owner: "{{ thanos_etc_owner }}" + group: "{{ thanos_etc_group }}" + mode: "{{ thanos_etc_mode }}" + +- name: create var path + file: + path: "{{ thanos_var_path }}" + state: directory + owner: "{{ thanos_var_owner }}" + group: "{{ thanos_var_group }}" + mode: "{{ thanos_var_mode }}" + +- name: configure bucket + copy: + dest: "{{ thanos_sidecar_objstore_config_file }}" + content: "{{ (thanos_bucket_config | default({})) | to_nice_yaml }}" + owner: "{{ thanos_sidecar_objstore_config_file_owner }}" + group: "{{ thanos_sidecar_objstore_config_file_group }}" + mode: "{{ thanos_sidecar_objstore_config_file_mode }}" + notify: restart thanos sidecar + +- name: configure thanos query frontend cache + copy: + dest: "{{ thanos_etc_path }}/cache.yaml" + content: "{{ (thanos_query_frontend_cache_config | default({})) | to_nice_yaml }}" + owner: "{{ thanos_user }}" + group: "{{ thanos_group }}" + mode: "0444" + notify: restart thanos query frontend + +- name: configure thanos components + include: configure-component.yaml + loop: "{{ thanos_services }}" \ No newline at end of file diff --git a/roles/thanos/tasks/default.yaml b/roles/thanos/tasks/default.yaml new file mode 100644 index 0000000..e69de29 diff --git a/roles/thanos/tasks/install.yaml b/roles/thanos/tasks/install.yaml new file mode 100644 index 0000000..5bb88ae --- /dev/null +++ b/roles/thanos/tasks/install.yaml @@ -0,0 +1,30 @@ +--- +- block: + - name: download tar + get_url: + url: "{{ thanos_release_url }}" + dest: "{{ thanos_download_path }}" + checksum: "{{ thanos_checksum }}" + register: dl + until: dl is success + retries: 5 + delay: 10 + + - name: extract tar + unarchive: + src: "{{ thanos_download_path }}" + dest: "{{ thanos_unarchive_dest_path }}" + creates: "{{ thanos_extracted_path }}" + remote_src: true + + - name: install binaries + copy: + src: "{{ thanos_extracted_path }}/{{ item }}" + dest: "{{ thanos_bin_path }}/{{ item }}" + owner: root + group: root + mode: 0755 + remote_src: true + loop: "{{ thanos_binaries }}" + notify: restart thanos + when: thanos_version != thanos_local_version diff --git a/roles/thanos/tasks/main.yaml b/roles/thanos/tasks/main.yaml new file mode 100644 index 0000000..89aed0c --- /dev/null +++ b/roles/thanos/tasks/main.yaml @@ -0,0 +1,30 @@ +--- +- name: gather os specific variables + include_vars: "{{ lookup('first_found', possible_files) }}" + vars: + possible_files: + files: + - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml" + - "{{ ansible_distribution }}.yaml" + - "{{ ansible_os_family }}.yaml" + - "default.yaml" + paths: + - vars + +- name: include os specific tasks + include_tasks: "{{ lookup('first_found', possible_files) }}" + vars: + possible_files: + files: + - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml" + - "{{ ansible_distribution }}.yaml" + - "{{ ansible_os_family }}.yaml" + - "default.yaml" + paths: + - tasks + +- include: pre.yaml + +- include: install.yaml + +- include: configure.yaml diff --git a/roles/thanos/tasks/pre.yaml b/roles/thanos/tasks/pre.yaml new file mode 100644 index 0000000..05f1637 --- /dev/null +++ b/roles/thanos/tasks/pre.yaml @@ -0,0 +1,54 @@ +--- +- name: determine if installed + stat: + path: "{{ thanos_bin_path }}/thanos" + register: st + +- name: set thanos_installed + set_fact: + thanos_installed: "{{ st.stat.exists | bool }}" + +- block: + - name: determine latest version + uri: + url: "https://api.github.com/repos/{{ thanos_github_rel_path }}/releases/latest" + return_content: true + body_format: json + register: _latest_version + until: _latest_version.status == 200 + retries: 3 + + - name: set thanos_version + set_fact: + thanos_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}" + +- block: + - name: determine installed version + command: "{{ thanos_bin_path }}/thanos --version" + register: _installed_version_string + changed_when: false + + - name: set thanos_local_version + set_fact: + thanos_local_version: "{{ _installed_version_string.stdout | regex_search(thanos_version_regex, '\\1') | first }}" + rescue: + - name: set thanos_local_version + set_fact: + thanos_local_version: "{{ _installed_version_string.stderr | regex_search(thanos_version_regex, '\\1') | first }}" + when: thanos_installed + +- name: set thanos_local_version to 0 + set_fact: + thanos_local_version: "0" + when: not thanos_installed + +- block: + - name: get checksums + set_fact: + _checksums: "{{ lookup('url', thanos_checksum_url, wantlist=True) }}" + + - name: set thanos_checksum + set_fact: + thanos_checksum: "{{ thanos_checksum_algo }}:{{ item.split(' ') | first }}" + loop: "{{ _checksums }}" + when: "thanos_release_file in item" diff --git a/roles/thanos/templates/thanos-compact.service.j2 b/roles/thanos/templates/thanos-compact.service.j2 new file mode 100644 index 0000000..e7b5d59 --- /dev/null +++ b/roles/thanos/templates/thanos-compact.service.j2 @@ -0,0 +1,29 @@ +{{ ansible_managed | comment }} + +[Unit] +Description=Thanos Store Compactor +Wants=network-online.target +After=network-online.target +After=prometheus.service + +[Service] +Type=simple +User={{ thanos_user }} +Group={{ thanos_group }} +SyslogIdentifier=thanos-compact +ExecStart={{ thanos_bin_path }}/thanos compact \ +{% if thanos_compact_data_dir %} + --data-dir={{ thanos_compact_data_dir }} \ +{% endif %} +{% if thanos_compact_objstore_config_file %} + --objstore.config-file={{ thanos_compact_objstore_config_file }} \ +{% endif %} +{% if thanos_compact_http_address %} + --http-address={{ thanos_compact_http_address }} \ +{% endif %} +{% if thanos_compact_wait %} + --wait \ +{% endif %} + +[Install] +WantedBy=multi-user.target diff --git a/roles/thanos/templates/thanos-query-frontend.service.j2 b/roles/thanos/templates/thanos-query-frontend.service.j2 new file mode 100644 index 0000000..08871e1 --- /dev/null +++ b/roles/thanos/templates/thanos-query-frontend.service.j2 @@ -0,0 +1,25 @@ +{{ ansible_managed | comment }} + +[Unit] +Description=Thanos Query Frontend +Wants=network-online.target +After=network-online.target +After=prometheus.service + +[Service] +Type=simple +User={{ thanos_user }} +Group={{ thanos_group }} +SyslogIdentifier=thanos-query-frontend +ExecStart={{ thanos_bin_path }}/thanos query-frontend \ + --query-range.response-cache-config-file={{ thanos_etc_path }}/cache.yaml \ + --labels.response-cache-config-file={{ thanos_etc_path }}/cache.yaml \ +{% if thanos_query_frontend_http_address %} + --http-address={{ thanos_query_frontend_http_address }} \ +{% endif %} +{% if thanos_query_frontend_downstream_url %} + --query-frontend.downstream-url={{ thanos_query_frontend_downstream_url }} \ +{% endif %} + +[Install] +WantedBy=multi-user.target diff --git a/roles/thanos/templates/thanos-query.service.j2 b/roles/thanos/templates/thanos-query.service.j2 new file mode 100644 index 0000000..59eba4d --- /dev/null +++ b/roles/thanos/templates/thanos-query.service.j2 @@ -0,0 +1,28 @@ +{{ ansible_managed | comment }} + +[Unit] +Description=Thanos Query +Wants=network-online.target +After=network-online.target +After=prometheus.service + +[Service] +Type=simple +User={{ thanos_user }} +Group={{ thanos_group }} +SyslogIdentifier=thanos-query +ExecStart={{ thanos_bin_path }}/thanos query \ +{% if thanos_query_http_address %} + --http-address={{ thanos_query_http_address }} \ +{% endif %} +{% if thanos_query_grpc_address %} + --grpc-address={{ thanos_query_grpc_address }} \ +{% endif %} +{% if thanos_query_store %} +{% for s in thanos_query_store %} + --store={{ s }} \ +{% endfor %} +{% endif %} + +[Install] +WantedBy=multi-user.target diff --git a/roles/thanos/templates/thanos-sidecar.service.j2 b/roles/thanos/templates/thanos-sidecar.service.j2 new file mode 100644 index 0000000..e46a5e8 --- /dev/null +++ b/roles/thanos/templates/thanos-sidecar.service.j2 @@ -0,0 +1,32 @@ +{{ ansible_managed | comment }} + +[Unit] +Description=Thanos Sidecar +Wants=network-online.target +After=network-online.target +After=prometheus.service + +[Service] +Type=simple +User={{ thanos_user }} +Group={{ thanos_group }} +SyslogIdentifier=thanos-sidecar +ExecStart={{ thanos_bin_path }}/thanos sidecar \ +{% if thanos_sidecar_tsdb_path %} + --tsdb.path={{ thanos_sidecar_tsdb_path }} \ +{% endif %} +{% if thanos_sidecar_objstore_config_file %} + --objstore.config-file={{ thanos_sidecar_objstore_config_file }} \ +{% endif %} +{% if thanos_sidecar_prometheus_url %} + --prometheus.url={{ thanos_sidecar_prometheus_url }} \ +{% endif %} +{% if thanos_sidecar_http_address %} + --http-address={{ thanos_sidecar_http_address }} \ +{% endif %} +{% if thanos_sidecar_grpc_address %} + --grpc-address={{ thanos_sidecar_grpc_address }} \ +{% endif %} + +[Install] +WantedBy=multi-user.target diff --git a/roles/thanos/templates/thanos-store.service.j2 b/roles/thanos/templates/thanos-store.service.j2 new file mode 100644 index 0000000..2466bc7 --- /dev/null +++ b/roles/thanos/templates/thanos-store.service.j2 @@ -0,0 +1,29 @@ +{{ ansible_managed | comment }} + +[Unit] +Description=Thanos Store Gateway +Wants=network-online.target +After=network-online.target +After=prometheus.service + +[Service] +Type=simple +User={{ thanos_user }} +Group={{ thanos_group }} +SyslogIdentifier=thanos-store +ExecStart={{ thanos_bin_path }}/thanos store \ +{% if thanos_store_data_dir %} + --data-dir={{ thanos_store_data_dir }} \ +{% endif %} +{% if thanos_store_objstore_config_file %} + --objstore.config-file={{ thanos_store_objstore_config_file }} \ +{% endif %} +{% if thanos_store_http_address %} + --http-address={{ thanos_store_http_address }} \ +{% endif %} +{% if thanos_store_grpc_address %} + --grpc-address={{ thanos_store_grpc_address }} \ +{% endif %} + +[Install] +WantedBy=multi-user.target diff --git a/roles/thanos/vars/default.yaml b/roles/thanos/vars/default.yaml new file mode 100644 index 0000000..e69de29