From 749934f9e177a4a0306ca8f11e1e78a942c7902c Mon Sep 17 00:00:00 2001 From: Ryan Cavicchioni Date: Tue, 30 Aug 2022 07:49:57 -0500 Subject: [PATCH] add prometheus role --- roles/prometheus/defaults/main.yaml | 70 ++++++++++++++++ roles/prometheus/handlers/main.yaml | 11 +++ roles/prometheus/tasks/configure.yaml | 65 +++++++++++++++ roles/prometheus/tasks/default.yaml | 0 roles/prometheus/tasks/install.yaml | 32 ++++++++ roles/prometheus/tasks/main.yaml | 34 ++++++++ roles/prometheus/tasks/nginx.yaml | 9 +++ roles/prometheus/tasks/pre.yaml | 50 ++++++++++++ roles/prometheus/templates/nginx.conf.j2 | 79 +++++++++++++++++++ .../templates/prometheus.service.j2 | 35 ++++++++ roles/prometheus/templates/targets.yaml.j2 | 1 + roles/prometheus/vars/default.yaml | 0 roles/prometheus/vars/main.yaml | 1 + 13 files changed, 387 insertions(+) create mode 100644 roles/prometheus/defaults/main.yaml create mode 100644 roles/prometheus/handlers/main.yaml create mode 100644 roles/prometheus/tasks/configure.yaml create mode 100644 roles/prometheus/tasks/default.yaml create mode 100644 roles/prometheus/tasks/install.yaml create mode 100644 roles/prometheus/tasks/main.yaml create mode 100644 roles/prometheus/tasks/nginx.yaml create mode 100644 roles/prometheus/tasks/pre.yaml create mode 100644 roles/prometheus/templates/nginx.conf.j2 create mode 100644 roles/prometheus/templates/prometheus.service.j2 create mode 100644 roles/prometheus/templates/targets.yaml.j2 create mode 100644 roles/prometheus/vars/default.yaml create mode 100644 roles/prometheus/vars/main.yaml diff --git a/roles/prometheus/defaults/main.yaml b/roles/prometheus/defaults/main.yaml new file mode 100644 index 0000000..e504416 --- /dev/null +++ b/roles/prometheus/defaults/main.yaml @@ -0,0 +1,70 @@ +--- +prometheus_go_arch_map: + i386: '386' + x86_64: 'amd64' + +prometheus_go_arch: "{{ prometheus_go_arch_map[ansible_architecture] | default('amd64') }}" + +prometheus_service_name: prometheus.service +prometheus_service_enabled: true +prometheus_service_state: started + +prometheus_version_regex: ^prometheus, version ([\d.]+) + +prometheus_release_file: "prometheus-{{ prometheus_version }}.{{ ansible_system | lower }}-{{ prometheus_go_arch }}.tar.gz" +prometheus_release_url: "https://github.com/prometheus/prometheus/releases/download/v{{ prometheus_version }}/{{ prometheus_release_file }}" +prometheus_checksum_url: "https://github.com/prometheus/prometheus/releases/download/v{{ prometheus_version }}/sha256sums.txt" +prometheus_download_path: "/tmp/{{ prometheus_release_file }}" +prometheus_unarchive_dest_path: /tmp +prometheus_extracted_path: "{{ prometheus_download_path | replace('.tar.gz', '') }}" + +prometheus_user: prometheus +prometheus_user_state: present +prometheus_user_shell: /usr/sbin/nologin + +prometheus_group: prometheus +prometheus_group_state: "{{ prometheus_user_state | default('present') }}" + +prometheus_etc_path: /etc/prometheus +prometheus_etc_owner: root +prometheus_etc_group: root +prometheus_etc_mode: "0755" + +prometheus_var_path: /var/lib/prometheus +prometheus_var_owner: "{{ prometheus_user }}" +prometheus_var_group: "{{ prometheus_group }}" +prometheus_var_mode: "0775" + +prometheus_bin_path: /usr/local/bin + +prometheus_ssl_enabled: true +prometheus_hostname: "{{ prometheus_web_external_url | urlsplit('hostname') }}" +prometheus_ssl_certificate: "/etc/letsencrypt/live/{{ prometheus_hostname }}/fullchain.pem" +prometheus_ssl_certificate_key: "/etc/letsencrypt/live/{{ prometheus_hostname }}/privkey.pem" + +prometheus_alertmanager_enabled: true + +prometheus_web_listen_address: 0.0.0.0:9090 +prometheus_port: "{{ prometheus_web_listen_address.split(':')[1] }}" +prometheus_web_external_url: +prometheus_web_route_prefix: +prometheus_web_enable_lifecycle: true +prometheus_storage_tsdb_min_block_duration: 2h +prometheus_storage_tsdb_max_block_duration: 2h + +prometheus_htpasswd_path: "{{ nginx_etc_path }}/prometheus.htpasswd" + +prometheus_config: + global: + scrape_interval: 15s + scrape_configs: + - job_name: prometheus + scrape_interval: 5s + static_configs: + - targets: + - localhost:9090 + relabel_configs: + - source_labels: [__address__] + target_label: instance + regex: (.+):\d+ + replacement: $1 diff --git a/roles/prometheus/handlers/main.yaml b/roles/prometheus/handlers/main.yaml new file mode 100644 index 0000000..9a00a8f --- /dev/null +++ b/roles/prometheus/handlers/main.yaml @@ -0,0 +1,11 @@ +--- +- name: restart prometheus + systemd: + name: prometheus.service + daemon_reload: true + state: restarted + +- name: reload prometheus + service: + name: prometheus.service + state: reloaded diff --git a/roles/prometheus/tasks/configure.yaml b/roles/prometheus/tasks/configure.yaml new file mode 100644 index 0000000..cb0c615 --- /dev/null +++ b/roles/prometheus/tasks/configure.yaml @@ -0,0 +1,65 @@ +--- +- name: create group + group: + name: "{{ prometheus_group }}" + system: true + state: "{{ prometheus_group_state | default('present') }}" + +- name: create user + user: + name: "{{ prometheus_user }}" + system: true + shell: "{{ prometheus_user_shell }}" + group: "{{ prometheus_group }}" + createhome: false + home: "{{ prometheus_var_path }}" + state: "{{ prometheus_user_state | default('present') }}" + +- name: create etc path + file: + path: "{{ prometheus_etc_path }}" + state: directory + owner: "{{ prometheus_etc_owner }}" + group: "{{ prometheus_etc_group }}" + mode: "{{ prometheus_etc_mode }}" + +- name: create var path + file: + path: "{{ prometheus_var_path }}" + state: directory + owner: "{{ prometheus_var_owner }}" + group: "{{ prometheus_var_group }}" + mode: "{{ prometheus_var_mode }}" + +- name: configure + copy: + dest: "{{ prometheus_etc_path }}/prometheus.yaml" + content: "{{ (prometheus_config | default({})) | to_yaml }}" + owner: root + group: root + mode: 0444 + notify: restart prometheus + +- name: configure rules + copy: + dest: "{{ prometheus_etc_path }}/rules.yaml" + content: "{{ (prometheus_rules_config | default({})) | to_yaml }}" + owner: root + group: root + mode: 0444 + notify: reload prometheus + +- name: configure systemd template + template: + src: prometheus.service.j2 + dest: /etc/systemd/system/prometheus.service + owner: root + group: root + mode: 0444 + notify: restart prometheus + +- name: manage service + service: + name: "{{ prometheus_service_name }}" + enabled: "{{ prometheus_service_enabled }}" + state: "{{ prometheus_service_state }}" diff --git a/roles/prometheus/tasks/default.yaml b/roles/prometheus/tasks/default.yaml new file mode 100644 index 0000000..e69de29 diff --git a/roles/prometheus/tasks/install.yaml b/roles/prometheus/tasks/install.yaml new file mode 100644 index 0000000..630ea14 --- /dev/null +++ b/roles/prometheus/tasks/install.yaml @@ -0,0 +1,32 @@ +--- +- block: + - name: download tar + get_url: + url: "{{ prometheus_release_url }}" + dest: "{{ prometheus_download_path }}" + checksum: "{{ prometheus_checksum }}" + register: dl + until: dl is success + retries: 5 + delay: 10 + + - name: extract tar + unarchive: + src: "{{ prometheus_download_path }}" + dest: "{{ prometheus_unarchive_dest_path }}" + creates: "{{ prometheus_extracted_path }}/prometheus" + remote_src: true + + - name: install binaries + copy: + src: "{{ prometheus_extracted_path }}/{{ item }}" + dest: "{{ prometheus_bin_path }}/{{ item }}" + owner: root + group: root + mode: 0755 + remote_src: true + loop: + - promtool + - prometheus + notify: restart prometheus + when: prometheus_version != prometheus_local_version diff --git a/roles/prometheus/tasks/main.yaml b/roles/prometheus/tasks/main.yaml new file mode 100644 index 0000000..2f8ef4e --- /dev/null +++ b/roles/prometheus/tasks/main.yaml @@ -0,0 +1,34 @@ +--- +- name: gather os specific variables + include_vars: "{{ lookup('first_found', possible_files) }}" + vars: + possible_files: + files: + - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml" + - "{{ ansible_distribution }}.yaml" + - "{{ ansible_os_family }}.yaml" + - "default.yaml" + paths: + - vars + +- name: include os specific tasks + include_tasks: "{{ lookup('first_found', possible_files) }}" + vars: + possible_files: + files: + - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml" + - "{{ ansible_distribution }}.yaml" + - "{{ ansible_os_family }}.yaml" + - "default.yaml" + paths: + - tasks + +- include: pre.yaml + +- include: install.yaml + +- include: configure.yaml + notify: restart prometheus + +- include: nginx.yaml + when: '"nginx" in ansible_play_role_names' diff --git a/roles/prometheus/tasks/nginx.yaml b/roles/prometheus/tasks/nginx.yaml new file mode 100644 index 0000000..79164f4 --- /dev/null +++ b/roles/prometheus/tasks/nginx.yaml @@ -0,0 +1,9 @@ +--- +- name: configure nginx + template: + src: nginx.conf.j2 + dest: "{{ nginx_conf_d_path }}/prometheus.conf" + owner: root + group: root + mode: 0444 + notify: reload nginx diff --git a/roles/prometheus/tasks/pre.yaml b/roles/prometheus/tasks/pre.yaml new file mode 100644 index 0000000..86ca02d --- /dev/null +++ b/roles/prometheus/tasks/pre.yaml @@ -0,0 +1,50 @@ +--- +- name: determine if installed + stat: + path: "{{ prometheus_bin_path }}/prometheus" + register: st + +- name: set prometheus_installed + set_fact: + prometheus_installed: "{{ st.stat.exists | bool }}" + +- block: + - name: determine latest version + uri: + url: https://api.github.com/repos/prometheus/prometheus/releases/latest + return_content: true + body_format: json + register: _latest_version + until: _latest_version.status == 200 + retries: 3 + + - name: set prometheus_version + set_fact: + prometheus_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}" + +- block: + - name: determine installed version + command: "{{ prometheus_bin_path }}/prometheus --version" + register: _installed_version_string + changed_when: false + + - name: set prometheus_local_version + set_fact: + prometheus_local_version: "{{ _installed_version_string.stdout | regex_search(prometheus_version_regex, '\\1') | first }}" + when: prometheus_installed + +- name: set prometheus_local_version to 0 + set_fact: + prometheus_local_version: "0" + when: not prometheus_installed + +- block: + - name: get checksums + set_fact: + _checksums: "{{ lookup('url', prometheus_checksum_url, wantlist=True) }}" + + - name: set prometheus_checksum + set_fact: + prometheus_checksum: "sha256:{{ item.split(' ') | first }}" + loop: "{{ _checksums }}" + when: "prometheus_release_file in item" diff --git a/roles/prometheus/templates/nginx.conf.j2 b/roles/prometheus/templates/nginx.conf.j2 new file mode 100644 index 0000000..a45f442 --- /dev/null +++ b/roles/prometheus/templates/nginx.conf.j2 @@ -0,0 +1,79 @@ +# {{ ansible_managed }} + +upstream prometheus_backend { + server 127.0.0.1:{{ prometheus_port }}; +} + +upstream alertmanager_backend { + server 127.0.0.1:{{ alertmanager_port }}; +} + +upstream karma_backend { + server 127.0.0.1:{{ karma_port }}; +} + +server { + listen 80; +{% if ansible_all_ipv6_addresses | length %} + listen [::]:80; +{% endif %} + server_name {{ prometheus_hostname }}; + + access_log /var/log/nginx/prometheus.access.log main; + error_log /var/log/nginx/prometheus.error.log warn; + + location /.well-known/acme-challenge/ { + root /var/www/html; + try_files $uri =404; + } + +{% if prometheus_ssl_enabled is defined and + prometheus_ssl_enabled %} + location / { + return 301 https://$server_name$request_uri; + } +{% endif %} +} + +{% if prometheus_ssl_enabled is defined and + prometheus_ssl_enabled %} +server { + listen 443 ssl http2; +{% if ansible_all_ipv6_addresses | length %} + listen [::]:443 ssl http2; +{% endif %} + server_name {{ prometheus_hostname }}; + + auth_basic "Prometheus"; + auth_basic_user_file {{ prometheus_htpasswd_path }}; + + access_log /var/log/nginx/prometheus.access.log main; + error_log /var/log/nginx/prometheus.error.log warn; + +{% if prometheus_ssl_certificate is defined %} + ssl_certificate {{ prometheus_ssl_certificate }}; +{% endif %} +{% if prometheus_ssl_certificate_key is defined %} + ssl_certificate_key {{ prometheus_ssl_certificate_key }}; +{% endif %} +{% if prometheus_ssl_dhparam is defined %} + ssl_dhparam {{ prometheus_ssl_dhparam }}; +{% endif %} + + location /prometheus/ { + proxy_pass http://prometheus_backend/; + } + + location /alertmanager/ { + proxy_pass http://alertmanager_backend/; + } + + location /karma/ { + proxy_pass http://karma_backend/; + } + + location / { + return 301 /prometheus/; + } +} +{% endif %} diff --git a/roles/prometheus/templates/prometheus.service.j2 b/roles/prometheus/templates/prometheus.service.j2 new file mode 100644 index 0000000..2d57718 --- /dev/null +++ b/roles/prometheus/templates/prometheus.service.j2 @@ -0,0 +1,35 @@ +{{ ansible_managed | comment }} + +[Unit] +Description=Prometheus +After=network-online.target + +[Service] +Type=simple +User={{ prometheus_user }} +Group={{ prometheus_group }} +ExecReload=/bin/kill -HUP $MAINPID +ExecStart={{ prometheus_bin_path }}/prometheus \ + --config.file={{ prometheus_etc_path }}/prometheus.yaml \ + --storage.tsdb.path={{ prometheus_var_path }} \ +{% if prometheus_web_external_url %} + --web.external-url={{ prometheus_web_external_url }} \ +{% endif %} +{% if prometheus_web_route_prefix %} + --web.route-prefix={{ prometheus_web_route_prefix }} \ +{% endif %} +{% if prometheus_web_listen_address %} + --web.listen-address={{ prometheus_web_listen_address }} \ +{% endif %} +{% if prometheus_web_enable_lifecycle %} + --web.enable-lifecycle \ +{% endif %} +{% if prometheus_storage_tsdb_min_block_duration %} + --storage.tsdb.min-block-duration={{ prometheus_storage_tsdb_min_block_duration }} \ +{% endif %} +{% if prometheus_storage_tsdb_max_block_duration %} + --storage.tsdb.max-block-duration={{ prometheus_storage_tsdb_max_block_duration }} \ +{% endif %} + +[Install] +WantedBy=multi-user.target diff --git a/roles/prometheus/templates/targets.yaml.j2 b/roles/prometheus/templates/targets.yaml.j2 new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/prometheus/templates/targets.yaml.j2 @@ -0,0 +1 @@ +--- diff --git a/roles/prometheus/vars/default.yaml b/roles/prometheus/vars/default.yaml new file mode 100644 index 0000000..e69de29 diff --git a/roles/prometheus/vars/main.yaml b/roles/prometheus/vars/main.yaml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/prometheus/vars/main.yaml @@ -0,0 +1 @@ +---