add thanos role

2022-08-30 07:51:26 -05:00 · 2022-08-30 07:51:26 -05:00 · 4c64613a90
commit 4c64613a90
parent 04dfdbd399
14 changed files with 483 additions and 0 deletions
--- a/roles/thanos/defaults/main.yaml
+++ b/roles/thanos/defaults/main.yaml
@ -0,0 +1,113 @@
+---
+thanos_go_arch_map:
+  i386: '386'
+  x86_64: 'amd64'
+
+thanos_go_arch: "{{ thanos_go_arch_map[ansible_architecture] | default('amd64') }}"
+
+thanos_services:
+  - thanos-sidecar
+  - thanos-query
+  - thanos-store
+  - thanos-compact
+  - thanos-query-frontend
+
+thanos_ports:
+  sidecar:        { grpc: 10901, http: 10902 }
+  query:          { grpc: 10903, http: 10904 }
+  store:          { grpc: 10905, http: 10906 }
+  receive:        { grpc: 10907, http: 10909, http_remote_write: 10908 }
+  rule:           { grpc: 10910, http: 10911 }
+  compact:        { http: 10912 }
+  query_frontend: { http: 10913 }
+
+
+thanos_sidecar_service_name: thanos-sidecar.service
+thanos_sidecar_service_enabled: true
+thanos_sidecar_service_state: started
+
+thanos_query_service_name: thanos-query.service
+thanos_query_service_enabled: true
+thanos_query_service_state: started
+
+thanos_store_service_name: thanos-store.service
+thanos_store_service_enabled: true
+thanos_store_service_state: started
+
+thanos_compact_service_name: thanos-compact.service
+thanos_compact_service_enabled: true
+thanos_compact_service_state: started
+
+thanos_query_frontend_service_name: thanos-query-frontend.service
+thanos_query_frontend_service_enabled: true
+thanos_query_frontend_service_state: started
+
+thanos_version_regex: ^thanos, version ([\d.]+)
+
+thanos_checksum_algo: sha256
+thanos_github_rel_path: thanos-io/thanos
+thanos_github_project_url: "https://github.com/{{ thanos_github_rel_path }}"
+thanos_release_file: "thanos-{{ thanos_version }}.{{ ansible_system | lower }}-{{ thanos_go_arch }}.tar.gz"
+thanos_release_url: "{{ thanos_github_project_url }}/releases/download/v{{ thanos_version }}/{{ thanos_release_file }}"
+thanos_checksum_url: "{{ thanos_github_project_url }}/releases/download/v{{ thanos_version }}/{{ thanos_checksum_algo }}sums.txt"
+thanos_download_path: "/tmp/{{ thanos_release_file }}"
+thanos_unarchive_dest_path: /tmp
+thanos_extracted_path: "{{ thanos_download_path | replace('.tar.gz', '') }}"
+thanos_binaries:
+ - thanos
+
+thanos_user: thanos
+thanos_user_state: present
+thanos_user_shell: /usr/sbin/nologin
+
+thanos_group: thanos
+thanos_group_state: "{{ thanos_user_state | default('present') }}"
+
+thanos_etc_path: /etc/thanos
+thanos_etc_owner: root
+thanos_etc_group: root
+thanos_etc_mode: "0755"
+
+thanos_var_path: /var/lib/thanos
+thanos_var_owner: "{{ thanos_user }}"
+thanos_var_group: "{{ thanos_group }}"
+thanos_var_mode: "0755"
+
+thanos_bin_path: /usr/local/bin
+
+thanos_sidecar_tsdb_path: /var/lib/prometheus
+thanos_sidecar_objstore_config_file: "{{ thanos_etc_path }}/bucket.yaml"
+thanos_sidecar_objstore_config_file_owner: "{{ thanos_user }}"
+thanos_sidecar_objstore_config_file_group: "{{ thanos_group }}"
+thanos_sidecar_objstore_config_file_mode: "0600"
+thanos_sidecar_prometheus_url: http://localhost:9090
+thanos_sidecar_http_address: "0.0.0.0:{{ thanos_ports.sidecar.http }}"
+thanos_sidecar_grpc_address: "0.0.0.0:{{ thanos_ports.sidecar.grpc }}"
+
+thanos_query_http_address: "0.0.0.0:{{ thanos_ports.query.http }}"
+thanos_query_grpc_address: "0.0.0.0:{{ thanos_ports.query.grpc }}"
+thanos_query_store:
+  - "127.0.0.1:{{ thanos_ports.sidecar.grpc }}"
+  - "127.0.0.1:{{ thanos_ports.store.grpc }}"
+
+thanos_store_data_dir: "{{ thanos_var_path }}/store"
+thanos_store_objstore_config_file: "{{ thanos_sidecar_objstore_config_file }}"
+thanos_store_http_address: "0.0.0.0:{{ thanos_ports.store.http }}"
+thanos_store_grpc_address: "0.0.0.0:{{ thanos_ports.store.grpc }}"
+
+thanos_compact_data_dir: "{{ thanos_var_path }}/compact"
+thanos_compact_objstore_config_file: "{{ thanos_sidecar_objstore_config_file }}"
+thanos_compact_http_address: "0.0.0.0:{{ thanos_ports.compact.http }}"
+thanos_compact_wait: true
+
+thanos_query_frontend_http_address: "0.0.0.0:{{ thanos_ports.query_frontend.http }}"
+thanos_query_frontend_downstream_url: "http://127.0.0.1:{{ thanos_ports.query.http }}"
+thanos_query_frontend_cache_config:
+  type: IN-MEMORY
+  config:
+    max_size: 256M
+    max_size_items: 0
+    validity: 0s
+
+thanos_bucket_config: {}
+thanos_config: {}
--- a/roles/thanos/handlers/main.yaml
+++ b/roles/thanos/handlers/main.yaml
@ -0,0 +1,35 @@
+---
+- name: restart thanos sidecar
+  systemd:
+    name: "{{ thanos_sidecar_service_name }}"
+    daemon_reload: true
+    state: restarted
+  listen: restart thanos
+
+- name: restart thanos query
+  systemd:
+    name: "{{ thanos_query_service_name }}"
+    daemon_reload: true
+    state: restarted
+  listen: restart thanos
+
+- name: restart thanos store
+  systemd:
+    name: "{{ thanos_store_service_name }}"
+    daemon_reload: true
+    state: restarted
+  listen: restart thanos
+
+- name: restart thanos compact
+  systemd:
+    name: "{{ thanos_compact_service_name }}"
+    daemon_reload: true
+    state: restarted
+  listen: restart thanos
+
+- name: restart thanos query frontend
+  systemd:
+    name: "{{ thanos_query_frontend_service_name }}"
+    daemon_reload: true
+    state: restarted
+  listen: restart thanos
--- a/roles/thanos/tasks/configure-component.yaml
+++ b/roles/thanos/tasks/configure-component.yaml
@ -0,0 +1,15 @@
+---
+- name: "{{ item }}: configure systemd"
+  template:
+    src:  "{{ item }}.service.j2"
+    dest: "/etc/systemd/system/{{ item }}.service"
+    owner: root
+    group: root
+    mode: 0444
+  notify: "restart {{ item | replace('-', ' ')}}"
+
+- name: "{{ item }}: manage service"
+  service:
+    name: "{{ item }}.service"
+    enabled: "{{ lookup('vars', item | replace('-', '_') + '_service_enabled') }}"
+    state: "{{ lookup('vars', item | replace('-', '_') + '_service_state') }}"
--- a/roles/thanos/tasks/configure.yaml
+++ b/roles/thanos/tasks/configure.yaml
@ -0,0 +1,63 @@
+---
+- name: sysctl fs.protected_hardlinks
+  sysctl:
+    name: fs.protected_hardlinks
+    value: "0"
+    sysctl_set: yes
+    state: present
+
+- name: create group
+  group:
+    name: "{{ thanos_group }}"
+    system: true
+    state: "{{ thanos_group_state | default('present') }}"
+
+- name: create user
+  user:
+    name: "{{ thanos_user }}"
+    system: true
+    shell: "{{ thanos_user_shell }}"
+    group: "{{ thanos_group }}"
+    groups: "{{ prometheus_group }}"
+    createhome: false
+    home: "{{ thanos_var_path }}"
+    state: "{{ thanos_user_state | default('present') }}"
+    append: true
+
+- name: create etc path
+  file:
+    path: "{{ thanos_etc_path }}"
+    state: directory
+    owner: "{{ thanos_etc_owner }}"
+    group: "{{ thanos_etc_group }}"
+    mode: "{{ thanos_etc_mode }}"
+
+- name: create var path
+  file:
+    path: "{{ thanos_var_path }}"
+    state: directory
+    owner: "{{ thanos_var_owner }}"
+    group: "{{ thanos_var_group }}"
+    mode: "{{ thanos_var_mode }}"
+
+- name: configure bucket
+  copy:
+    dest: "{{ thanos_sidecar_objstore_config_file }}"
+    content: "{{ (thanos_bucket_config | default({})) | to_nice_yaml }}"
+    owner: "{{ thanos_sidecar_objstore_config_file_owner }}"
+    group: "{{ thanos_sidecar_objstore_config_file_group }}"
+    mode: "{{ thanos_sidecar_objstore_config_file_mode }}"
+  notify: restart thanos sidecar
+
+- name: configure thanos query frontend cache
+  copy:
+    dest: "{{ thanos_etc_path }}/cache.yaml"
+    content: "{{ (thanos_query_frontend_cache_config | default({})) | to_nice_yaml }}"
+    owner: "{{ thanos_user }}"
+    group: "{{ thanos_group }}"
+    mode: "0444"
+  notify: restart thanos query frontend
+
+- name: configure thanos components
+  include: configure-component.yaml
+  loop: "{{ thanos_services }}"
--- a/roles/thanos/tasks/default.yaml
+++ b/roles/thanos/tasks/default.yaml
--- a/roles/thanos/tasks/install.yaml
+++ b/roles/thanos/tasks/install.yaml
@ -0,0 +1,30 @@
+---
+- block:
+  - name: download tar
+    get_url:
+      url: "{{ thanos_release_url }}"
+      dest: "{{ thanos_download_path }}"
+      checksum: "{{ thanos_checksum }}"
+    register: dl
+    until: dl is success
+    retries: 5
+    delay: 10
+
+  - name: extract tar
+    unarchive:
+      src: "{{ thanos_download_path }}"
+      dest: "{{ thanos_unarchive_dest_path }}"
+      creates: "{{ thanos_extracted_path }}"
+      remote_src: true
+
+  - name: install binaries
+    copy:
+      src: "{{ thanos_extracted_path }}/{{ item }}"
+      dest: "{{ thanos_bin_path }}/{{ item }}"
+      owner: root
+      group: root
+      mode: 0755
+      remote_src: true
+    loop: "{{ thanos_binaries }}"
+    notify: restart thanos
+  when: thanos_version != thanos_local_version
--- a/roles/thanos/tasks/main.yaml
+++ b/roles/thanos/tasks/main.yaml
@ -0,0 +1,30 @@
+---
+- name: gather os specific variables
+  include_vars: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
+- name: include os specific tasks
+  include_tasks: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - tasks
+
+- include: pre.yaml
+
+- include: install.yaml
+
+- include: configure.yaml
--- a/roles/thanos/tasks/pre.yaml
+++ b/roles/thanos/tasks/pre.yaml
@ -0,0 +1,54 @@
+---
+- name: determine if installed
+  stat:
+    path: "{{ thanos_bin_path }}/thanos"
+  register: st
+
+- name: set thanos_installed
+  set_fact:
+    thanos_installed: "{{ st.stat.exists | bool }}"
+
+- block:
+  - name: determine latest version
+    uri:
+      url: "https://api.github.com/repos/{{ thanos_github_rel_path }}/releases/latest"
+      return_content: true
+      body_format: json
+    register: _latest_version
+    until: _latest_version.status == 200
+    retries: 3
+
+  - name: set thanos_version
+    set_fact:
+      thanos_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
+
+- block:
+  - name: determine installed version
+    command: "{{ thanos_bin_path }}/thanos --version"
+    register: _installed_version_string
+    changed_when: false
+
+  - name: set thanos_local_version
+    set_fact:
+      thanos_local_version: "{{ _installed_version_string.stdout | regex_search(thanos_version_regex, '\\1') | first }}"
+  rescue:
+  - name: set thanos_local_version
+    set_fact:
+      thanos_local_version: "{{ _installed_version_string.stderr | regex_search(thanos_version_regex, '\\1') | first }}"
+  when: thanos_installed
+
+- name: set thanos_local_version to 0
+  set_fact:
+    thanos_local_version: "0"
+  when: not thanos_installed
+
+- block:
+  - name: get checksums
+    set_fact:
+      _checksums: "{{ lookup('url', thanos_checksum_url, wantlist=True) }}"
+
+  - name: set thanos_checksum
+    set_fact:
+      thanos_checksum: "{{ thanos_checksum_algo }}:{{ item.split(' ') | first }}"
+    loop: "{{ _checksums }}"
+    when: "thanos_release_file in item"
--- a/roles/thanos/templates/thanos-compact.service.j2
+++ b/roles/thanos/templates/thanos-compact.service.j2
@ -0,0 +1,29 @@
+{{ ansible_managed | comment }}
+
+[Unit]
+Description=Thanos Store Compactor
+Wants=network-online.target
+After=network-online.target
+After=prometheus.service
+ 
+[Service]
+Type=simple
+User={{ thanos_user }}
+Group={{ thanos_group }}
+SyslogIdentifier=thanos-compact
+ExecStart={{ thanos_bin_path }}/thanos compact \
+{% if thanos_compact_data_dir %}
+  --data-dir={{ thanos_compact_data_dir }} \
+{% endif %}
+{% if thanos_compact_objstore_config_file %}
+  --objstore.config-file={{ thanos_compact_objstore_config_file }} \
+{% endif %}
+{% if thanos_compact_http_address %}
+  --http-address={{ thanos_compact_http_address }} \
+{% endif %}
+{% if thanos_compact_wait %}
+  --wait \
+{% endif %}
+ 
+[Install]
+WantedBy=multi-user.target
--- a/roles/thanos/templates/thanos-query-frontend.service.j2
+++ b/roles/thanos/templates/thanos-query-frontend.service.j2
@ -0,0 +1,25 @@
+{{ ansible_managed | comment }}
+
+[Unit]
+Description=Thanos Query Frontend
+Wants=network-online.target
+After=network-online.target
+After=prometheus.service
+ 
+[Service]
+Type=simple
+User={{ thanos_user }}
+Group={{ thanos_group }}
+SyslogIdentifier=thanos-query-frontend
+ExecStart={{ thanos_bin_path }}/thanos query-frontend \
+  --query-range.response-cache-config-file={{ thanos_etc_path }}/cache.yaml \
+  --labels.response-cache-config-file={{ thanos_etc_path }}/cache.yaml \
+{% if thanos_query_frontend_http_address %}
+  --http-address={{ thanos_query_frontend_http_address }} \
+{% endif %}
+{% if thanos_query_frontend_downstream_url %}
+  --query-frontend.downstream-url={{ thanos_query_frontend_downstream_url }} \
+{% endif %}
+ 
+[Install]
+WantedBy=multi-user.target
--- a/roles/thanos/templates/thanos-query.service.j2
+++ b/roles/thanos/templates/thanos-query.service.j2
@ -0,0 +1,28 @@
+{{ ansible_managed | comment }}
+
+[Unit]
+Description=Thanos Query
+Wants=network-online.target
+After=network-online.target
+After=prometheus.service
+ 
+[Service]
+Type=simple
+User={{ thanos_user }}
+Group={{ thanos_group }}
+SyslogIdentifier=thanos-query
+ExecStart={{ thanos_bin_path }}/thanos query \
+{% if thanos_query_http_address %}
+  --http-address={{ thanos_query_http_address }} \
+{% endif %}
+{% if thanos_query_grpc_address %}
+  --grpc-address={{ thanos_query_grpc_address }} \
+{% endif %}
+{% if thanos_query_store %}
+{% for s in thanos_query_store %}
+  --store={{ s }} \
+{% endfor %}
+{% endif %}
+ 
+[Install]
+WantedBy=multi-user.target
--- a/roles/thanos/templates/thanos-sidecar.service.j2
+++ b/roles/thanos/templates/thanos-sidecar.service.j2
@ -0,0 +1,32 @@
+{{ ansible_managed | comment }}
+
+[Unit]
+Description=Thanos Sidecar
+Wants=network-online.target
+After=network-online.target
+After=prometheus.service
+ 
+[Service]
+Type=simple
+User={{ thanos_user }}
+Group={{ thanos_group }}
+SyslogIdentifier=thanos-sidecar
+ExecStart={{ thanos_bin_path }}/thanos sidecar \
+{% if thanos_sidecar_tsdb_path %}
+  --tsdb.path={{ thanos_sidecar_tsdb_path }} \
+{% endif %}
+{% if thanos_sidecar_objstore_config_file %}
+  --objstore.config-file={{ thanos_sidecar_objstore_config_file }} \
+{% endif %}
+{% if thanos_sidecar_prometheus_url %}
+  --prometheus.url={{ thanos_sidecar_prometheus_url }} \
+{% endif %}
+{% if thanos_sidecar_http_address %}
+  --http-address={{ thanos_sidecar_http_address }} \
+{% endif %}
+{% if thanos_sidecar_grpc_address %}
+  --grpc-address={{ thanos_sidecar_grpc_address }} \
+{% endif %}
+ 
+[Install]
+WantedBy=multi-user.target
--- a/roles/thanos/templates/thanos-store.service.j2
+++ b/roles/thanos/templates/thanos-store.service.j2
@ -0,0 +1,29 @@
+{{ ansible_managed | comment }}
+
+[Unit]
+Description=Thanos Store Gateway
+Wants=network-online.target
+After=network-online.target
+After=prometheus.service
+ 
+[Service]
+Type=simple
+User={{ thanos_user }}
+Group={{ thanos_group }}
+SyslogIdentifier=thanos-store
+ExecStart={{ thanos_bin_path }}/thanos store \
+{% if thanos_store_data_dir %}
+  --data-dir={{ thanos_store_data_dir }} \
+{% endif %}
+{% if thanos_store_objstore_config_file %}
+  --objstore.config-file={{ thanos_store_objstore_config_file }} \
+{% endif %}
+{% if thanos_store_http_address %}
+  --http-address={{ thanos_store_http_address }} \
+{% endif %}
+{% if thanos_store_grpc_address %}
+  --grpc-address={{ thanos_store_grpc_address }} \
+{% endif %}
+ 
+[Install]
+WantedBy=multi-user.target
--- a/roles/thanos/vars/default.yaml
+++ b/roles/thanos/vars/default.yaml