add prometheus role

roles/prometheus/defaults/main.yaml

@@ -0,0 +1,70 @@
+---
+prometheus_go_arch_map:
+  i386: '386'
+  x86_64: 'amd64'
+
+prometheus_go_arch: "{{ prometheus_go_arch_map[ansible_architecture] | default('amd64') }}"
+
+prometheus_service_name: prometheus.service
+prometheus_service_enabled: true
+prometheus_service_state: started
+
+prometheus_version_regex: ^prometheus, version ([\d.]+)
+
+prometheus_release_file: "prometheus-{{ prometheus_version }}.{{ ansible_system | lower }}-{{ prometheus_go_arch }}.tar.gz"
+prometheus_release_url: "https://github.com/prometheus/prometheus/releases/download/v{{ prometheus_version }}/{{ prometheus_release_file }}"
+prometheus_checksum_url: "https://github.com/prometheus/prometheus/releases/download/v{{ prometheus_version }}/sha256sums.txt"
+prometheus_download_path: "/tmp/{{ prometheus_release_file }}"
+prometheus_unarchive_dest_path: /tmp
+prometheus_extracted_path: "{{ prometheus_download_path | replace('.tar.gz', '') }}"
+
+prometheus_user: prometheus
+prometheus_user_state: present
+prometheus_user_shell: /usr/sbin/nologin
+
+prometheus_group: prometheus
+prometheus_group_state: "{{ prometheus_user_state | default('present') }}"
+
+prometheus_etc_path: /etc/prometheus
+prometheus_etc_owner: root
+prometheus_etc_group: root
+prometheus_etc_mode: "0755"
+
+prometheus_var_path: /var/lib/prometheus
+prometheus_var_owner: "{{ prometheus_user }}"
+prometheus_var_group: "{{ prometheus_group }}"
+prometheus_var_mode: "0775"
+
+prometheus_bin_path: /usr/local/bin
+
+prometheus_ssl_enabled: true
+prometheus_hostname: "{{ prometheus_web_external_url | urlsplit('hostname') }}"
+prometheus_ssl_certificate: "/etc/letsencrypt/live/{{ prometheus_hostname }}/fullchain.pem"
+prometheus_ssl_certificate_key: "/etc/letsencrypt/live/{{ prometheus_hostname }}/privkey.pem"
+
+prometheus_alertmanager_enabled: true
+
+prometheus_web_listen_address: 0.0.0.0:9090
+prometheus_port: "{{ prometheus_web_listen_address.split(':')[1] }}"
+prometheus_web_external_url:
+prometheus_web_route_prefix:
+prometheus_web_enable_lifecycle: true
+prometheus_storage_tsdb_min_block_duration: 2h
+prometheus_storage_tsdb_max_block_duration: 2h
+
+prometheus_htpasswd_path: "{{ nginx_etc_path }}/prometheus.htpasswd"
+
+prometheus_config:
+  global:
+    scrape_interval: 15s
+  scrape_configs:
+    - job_name: prometheus
+      scrape_interval: 5s
+      static_configs:
+        - targets:
+          - localhost:9090
+      relabel_configs:
+        - source_labels: [__address__]
+          target_label: instance
+          regex: (.+):\d+
+          replacement: $1

roles/prometheus/handlers/main.yaml

@@ -0,0 +1,11 @@
+---
+- name: restart prometheus
+  systemd:
+    name: prometheus.service
+    daemon_reload: true
+    state: restarted
+
+- name: reload prometheus
+  service:
+    name: prometheus.service
+    state: reloaded

roles/prometheus/tasks/configure.yaml

@@ -0,0 +1,65 @@
+---
+- name: create group
+  group:
+    name: "{{ prometheus_group }}"
+    system: true
+    state: "{{ prometheus_group_state | default('present') }}"
+
+- name: create user
+  user:
+    name: "{{ prometheus_user }}"
+    system: true
+    shell: "{{ prometheus_user_shell }}"
+    group: "{{ prometheus_group }}"
+    createhome: false
+    home: "{{ prometheus_var_path }}"
+    state: "{{ prometheus_user_state | default('present') }}"
+
+- name: create etc path
+  file:
+    path: "{{ prometheus_etc_path }}"
+    state: directory
+    owner: "{{ prometheus_etc_owner }}"
+    group: "{{ prometheus_etc_group }}"
+    mode: "{{ prometheus_etc_mode }}"
+
+- name: create var path
+  file:
+    path: "{{ prometheus_var_path }}"
+    state: directory
+    owner: "{{ prometheus_var_owner }}"
+    group: "{{ prometheus_var_group }}"
+    mode: "{{ prometheus_var_mode }}"
+
+- name: configure
+  copy:
+    dest: "{{ prometheus_etc_path }}/prometheus.yaml"
+    content: "{{ (prometheus_config | default({})) | to_yaml }}"
+    owner: root
+    group: root
+    mode: 0444
+  notify: restart prometheus
+
+- name: configure rules
+  copy:
+    dest: "{{ prometheus_etc_path }}/rules.yaml"
+    content: "{{ (prometheus_rules_config | default({})) | to_yaml }}"
+    owner: root
+    group: root
+    mode: 0444
+  notify: reload prometheus
+
+- name: configure systemd template
+  template:
+    src: prometheus.service.j2
+    dest: /etc/systemd/system/prometheus.service
+    owner: root
+    group: root
+    mode: 0444
+  notify: restart prometheus
+
+- name: manage service
+  service:
+    name: "{{ prometheus_service_name }}"
+    enabled: "{{ prometheus_service_enabled }}"
+    state: "{{ prometheus_service_state }}"

roles/prometheus/tasks/install.yaml

@@ -0,0 +1,32 @@
+---
+- block:
+  - name: download tar
+    get_url:
+      url: "{{ prometheus_release_url }}"
+      dest: "{{ prometheus_download_path }}"
+      checksum: "{{ prometheus_checksum }}"
+    register: dl
+    until: dl is success
+    retries: 5
+    delay: 10
+
+  - name: extract tar
+    unarchive:
+      src: "{{ prometheus_download_path }}"
+      dest: "{{ prometheus_unarchive_dest_path }}"
+      creates: "{{ prometheus_extracted_path }}/prometheus"
+      remote_src: true
+
+  - name: install binaries
+    copy:
+      src: "{{ prometheus_extracted_path }}/{{ item }}"
+      dest: "{{ prometheus_bin_path }}/{{ item }}"
+      owner: root
+      group: root
+      mode: 0755
+      remote_src: true
+    loop:
+      - promtool
+      - prometheus
+    notify: restart prometheus
+  when: prometheus_version != prometheus_local_version

roles/prometheus/tasks/main.yaml

@@ -0,0 +1,34 @@
+---
+- name: gather os specific variables
+  include_vars: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
+- name: include os specific tasks
+  include_tasks: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - tasks
+
+- include: pre.yaml
+
+- include: install.yaml
+
+- include: configure.yaml
+  notify: restart prometheus
+
+- include: nginx.yaml
+  when: '"nginx" in ansible_play_role_names'

roles/prometheus/tasks/nginx.yaml

@@ -0,0 +1,9 @@
+---
+- name: configure nginx
+  template:
+    src: nginx.conf.j2
+    dest: "{{ nginx_conf_d_path }}/prometheus.conf"
+    owner: root
+    group: root
+    mode: 0444
+  notify: reload nginx

roles/prometheus/tasks/pre.yaml

@@ -0,0 +1,50 @@
+---
+- name: determine if installed
+  stat:
+    path: "{{ prometheus_bin_path }}/prometheus"
+  register: st
+
+- name: set prometheus_installed
+  set_fact:
+    prometheus_installed: "{{ st.stat.exists | bool }}"
+
+- block:
+  - name: determine latest version
+    uri:
+      url: https://api.github.com/repos/prometheus/prometheus/releases/latest
+      return_content: true
+      body_format: json
+    register: _latest_version
+    until: _latest_version.status == 200
+    retries: 3
+
+  - name: set prometheus_version
+    set_fact:
+      prometheus_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
+
+- block:
+  - name: determine installed version
+    command: "{{ prometheus_bin_path }}/prometheus --version"
+    register: _installed_version_string
+    changed_when: false
+
+  - name: set prometheus_local_version
+    set_fact:
+      prometheus_local_version: "{{ _installed_version_string.stdout | regex_search(prometheus_version_regex, '\\1') | first }}"
+  when: prometheus_installed
+
+- name: set prometheus_local_version to 0
+  set_fact:
+    prometheus_local_version: "0"
+  when: not prometheus_installed
+
+- block:
+  - name: get checksums
+    set_fact:
+      _checksums: "{{ lookup('url', prometheus_checksum_url, wantlist=True) }}"
+
+  - name: set prometheus_checksum
+    set_fact:
+      prometheus_checksum: "sha256:{{ item.split(' ') | first }}"
+    loop: "{{ _checksums }}"
+    when: "prometheus_release_file in item"

roles/prometheus/templates/nginx.conf.j2

@@ -0,0 +1,79 @@
+# {{ ansible_managed }}
+
+upstream prometheus_backend {
+    server 127.0.0.1:{{ prometheus_port }};
+}
+
+upstream alertmanager_backend {
+    server 127.0.0.1:{{ alertmanager_port }};
+}
+
+upstream karma_backend {
+    server 127.0.0.1:{{ karma_port }};
+}
+
+server {
+    listen 80;
+{% if ansible_all_ipv6_addresses | length %}
+    listen [::]:80;
+{% endif %}
+    server_name {{ prometheus_hostname }};
+
+    access_log /var/log/nginx/prometheus.access.log main;
+    error_log /var/log/nginx/prometheus.error.log warn;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+        try_files $uri =404;
+    }
+
+{% if prometheus_ssl_enabled is defined and
+      prometheus_ssl_enabled %}
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+{% endif %}
+}
+
+{% if prometheus_ssl_enabled is defined and
+      prometheus_ssl_enabled %}
+server {
+    listen 443 ssl http2;
+{% if ansible_all_ipv6_addresses | length %}
+    listen [::]:443 ssl http2;
+{% endif %}
+    server_name {{ prometheus_hostname }};
+
+    auth_basic           "Prometheus";
+    auth_basic_user_file {{ prometheus_htpasswd_path }};
+
+    access_log /var/log/nginx/prometheus.access.log main;
+    error_log /var/log/nginx/prometheus.error.log warn;
+
+{% if prometheus_ssl_certificate is defined %}
+    ssl_certificate {{ prometheus_ssl_certificate }};
+{% endif %}
+{% if prometheus_ssl_certificate_key is defined %}
+    ssl_certificate_key {{ prometheus_ssl_certificate_key }};
+{% endif %}
+{% if prometheus_ssl_dhparam is defined %}
+    ssl_dhparam {{ prometheus_ssl_dhparam }};
+{% endif %}
+
+    location /prometheus/ {
+        proxy_pass http://prometheus_backend/;
+    }
+
+    location /alertmanager/ {
+        proxy_pass http://alertmanager_backend/;
+    }
+
+    location /karma/ {
+        proxy_pass http://karma_backend/;
+    }
+
+    location / {
+        return 301 /prometheus/;
+    }
+}
+{% endif %}

roles/prometheus/templates/prometheus.service.j2

@@ -0,0 +1,35 @@
+{{ ansible_managed | comment }}
+
+[Unit]
+Description=Prometheus
+After=network-online.target
+
+[Service]
+Type=simple
+User={{ prometheus_user }}
+Group={{ prometheus_group }}
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStart={{ prometheus_bin_path }}/prometheus \
+  --config.file={{ prometheus_etc_path }}/prometheus.yaml \
+  --storage.tsdb.path={{ prometheus_var_path }} \
+{% if prometheus_web_external_url %}
+  --web.external-url={{ prometheus_web_external_url }} \
+{% endif %}
+{% if prometheus_web_route_prefix %}
+  --web.route-prefix={{ prometheus_web_route_prefix }} \
+{% endif %}
+{% if prometheus_web_listen_address %}
+  --web.listen-address={{ prometheus_web_listen_address }} \
+{% endif %}
+{% if prometheus_web_enable_lifecycle %}
+  --web.enable-lifecycle \
+{% endif %}
+{% if prometheus_storage_tsdb_min_block_duration %}
+  --storage.tsdb.min-block-duration={{ prometheus_storage_tsdb_min_block_duration }} \
+{% endif %}
+{% if prometheus_storage_tsdb_max_block_duration %}
+  --storage.tsdb.max-block-duration={{ prometheus_storage_tsdb_max_block_duration }} \
+{% endif %}
+
+[Install]
+WantedBy=multi-user.target

roles/prometheus/templates/targets.yaml.j2

@@ -0,0 +1 @@
+---

roles/prometheus/vars/main.yaml

@@ -0,0 +1 @@
+---