Add roles for lego, logcli, mimir, process_exporter, smokeping_prober, and vector

roles/process_exporter/defaults/main.yaml

@@ -0,0 +1,43 @@
+---
+process_exporter_go_arch_map:
+  i386: '386'
+  x86_64: 'amd64'
+
+process_exporter_go_arch: "{{ process_exporter_go_arch_map[ansible_architecture] | default('amd64') }}"
+
+process_exporter_service_name: process-exporter.service
+process_exporter_service_enabled: true
+process_exporter_service_state: started
+
+process_exporter_version_regex: (.+)
+
+process_exporter_checksum_algo: sha256
+process_exporter_github_rel_path: ncabatoff/process-exporter
+process_exporter_github_project_url: "https://github.com/{{ process_exporter_github_rel_path }}"
+process_exporter_release_file: "process-exporter-{{ process_exporter_version }}.{{ ansible_system | lower }}-{{ process_exporter_go_arch }}.tar.gz"
+process_exporter_release_url: "{{ process_exporter_github_project_url }}/releases/download/v{{ process_exporter_version }}/{{ process_exporter_release_file }}"
+process_exporter_checksum_url: "{{ process_exporter_github_project_url }}/releases/download/v{{ process_exporter_version }}/checksums.txt"
+process_exporter_download_path: "/tmp/{{ process_exporter_release_file }}"
+process_exporter_unarchive_dest_path: /tmp
+process_exporter_extracted_path: "{{ process_exporter_download_path | replace('.tar.gz', '') }}"
+process_exporter_binaries:
+ - process-exporter
+
+process_exporter_user: process-exporter
+process_exporter_user_state: present
+process_exporter_user_shell: /usr/sbin/nologin
+
+process_exporter_group: process-exporter
+process_exporter_group_state: "{{ process_exporter_user_state | default('present') }}"
+
+process_exporter_etc_path: /etc/process-exporter
+process_exporter_etc_owner: root
+process_exporter_etc_group: root
+process_exporter_etc_mode: "0755"
+
+process_exporter_var_path: /var/lib/process-exporter
+process_exporter_var_owner: "{{ process_exporter_user }}"
+process_exporter_var_group: "{{ process_exporter_group }}"
+process_exporter_var_mode: "0755"
+
+process_exporter_bin_path: /usr/local/bin

roles/process_exporter/handlers/main.yaml

@@ -0,0 +1,6 @@
+---
+- name: restart process-exporter
+  systemd:
+    name: "{{ process_exporter_service_name }}"
+    daemon_reload: true
+    state: restarted

roles/process_exporter/tasks/configure.yaml

@@ -0,0 +1,47 @@
+---
+- name: create group
+  group:
+    name: "{{ process_exporter_group }}"
+    system: true
+    state: "{{ process_exporter_group_state | default('present') }}"
+
+- name: create user
+  user:
+    name: "{{ process_exporter_user }}"
+    system: true
+    shell: "{{ process_exporter_user_shell }}"
+    group: "{{ process_exporter_group }}"
+    createhome: false
+    home: "{{ process_exporter_var_path }}"
+    state: "{{ process_exporter_user_state | default('present') }}"
+
+- name: create etc path
+  file:
+    path: "{{ process_exporter_etc_path }}"
+    state: directory
+    owner: "{{ process_exporter_etc_owner }}"
+    group: "{{ process_exporter_etc_group }}"
+    mode: "{{ process_exporter_etc_mode }}"
+
+- name: create var path
+  file:
+    path: "{{ process_exporter_var_path }}"
+    state: directory
+    owner: "{{ process_exporter_var_owner }}"
+    group: "{{ process_exporter_var_group }}"
+    mode: "{{ process_exporter_var_mode }}"
+
+- name: configure systemd template
+  template:
+    src: "{{ process_exporter_service_name }}.j2"
+    dest: "/etc/systemd/system/{{ process_exporter_service_name }}"
+    owner: root
+    group: root
+    mode: 0444
+  notify: restart process-exporter
+
+- name: manage service
+  service:
+    name: "{{ process_exporter_service_name }}"
+    enabled: "{{ process_exporter_service_enabled }}"
+    state: "{{ process_exporter_service_state }}"

roles/process_exporter/tasks/install.yaml

@@ -0,0 +1,30 @@
+---
+- block:
+  - name: download tar
+    get_url:
+      url: "{{ process_exporter_release_url }}"
+      dest: "{{ process_exporter_download_path }}"
+      checksum: "{{ process_exporter_checksum }}"
+    register: dl
+    until: dl is success
+    retries: 5
+    delay: 10
+
+  - name: extract tar
+    unarchive:
+      src: "{{ process_exporter_download_path }}"
+      dest: "{{ process_exporter_unarchive_dest_path }}"
+      creates: "{{ process_exporter_extracted_path }}"
+      remote_src: true
+
+  - name: install binaries
+    copy:
+      src: "{{ process_exporter_extracted_path }}/{{ item }}"
+      dest: "{{ process_exporter_bin_path }}/{{ item }}"
+      owner: root
+      group: root
+      mode: 0755
+      remote_src: true
+    loop: "{{ process_exporter_binaries }}"
+    notify: restart process-exporter
+  when: process_exporter_version != process_exporter_local_version

roles/process_exporter/tasks/main.yaml

@@ -0,0 +1,30 @@
+---
+- name: gather os specific variables
+  ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
+- name: include os specific tasks
+  ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - tasks
+
+- ansible.builtin.include_tasks: pre.yaml
+
+- ansible.builtin.include_tasks: install.yaml
+
+- ansible.builtin.include_tasks: configure.yaml

roles/process_exporter/tasks/pre.yaml

@@ -0,0 +1,54 @@
+---
+- name: determine if installed
+  stat:
+    path: "{{ process_exporter_bin_path }}/process-exporter"
+  register: st
+
+- name: set process_exporter_installed
+  set_fact:
+    process_exporter_installed: "{{ st.stat.exists | bool }}"
+
+- block:
+  - name: determine latest version
+    uri:
+      url: "https://api.github.com/repos/{{ process_exporter_github_rel_path }}/releases/latest"
+      return_content: true
+      body_format: json
+    register: _latest_version
+    until: _latest_version.status == 200
+    retries: 3
+
+  - name: set process_exporter_version
+    set_fact:
+      process_exporter_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
+
+- block:
+  - name: determine installed version
+    command: "{{ process_exporter_bin_path }}/process-exporter --version"
+    register: _installed_version_string
+    changed_when: false
+
+  - name: set process_exporter_local_version
+    set_fact:
+      process_exporter_local_version: "{{ _installed_version_string.stdout | regex_search(process_exporter_version_regex, '\\1') | first }}"
+  rescue:
+  - name: set process_exporter_local_version
+    set_fact:
+      process_exporter_local_version: "{{ _installed_version_string.stderr | regex_search(process_exporter_version_regex, '\\1') | first }}"
+  when: process_exporter_installed
+
+- name: set process_exporter_local_version to 0
+  set_fact:
+    process_exporter_local_version: "0"
+  when: not process_exporter_installed
+
+- block:
+  - name: get checksums
+    set_fact:
+      _checksums: "{{ lookup('url', process_exporter_checksum_url, wantlist=True) }}"
+
+  - name: set process_exporter_checksum
+    set_fact:
+      process_exporter_checksum: "{{ process_exporter_checksum_algo }}:{{ item.split(' ') | first }}"
+    loop: "{{ _checksums }}"
+    when: "process_exporter_release_file in item"

roles/process_exporter/templates/process-exporter.service.j2

@@ -0,0 +1,17 @@
+{{ ansible_managed | comment }}
+
+[Unit]
+Description=process-exporter
+Wants=network-online.target
+After=network-online.target
+After=alertmanager.service
+ 
+[Service]
+Type=simple
+User={{ process_exporter_user }}
+Group={{ process_exporter_group }}
+WorkingDirectory={{ process_exporter_etc_path }}
+ExecStart={{ process_exporter_bin_path }}/process-exporter \
+ 
+[Install]
+WantedBy=multi-user.target