ryanc/ansible
1
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Compare commits

base: ryanc:6705256abc985715ec4e879d7dde7a682cd17068
Branches Tags
ryanc:master
..
compare: ryanc:bceedf79f46374b4ab0fa023de5a9f20342f14c6
Branches Tags
ryanc:master

No commits in common. "6705256abc985715ec4e879d7dde7a682cd17068" and "bceedf79f46374b4ab0fa023de5a9f20342f14c6" have entirely different histories.
6705256abc ... bceedf79f4

205 changed files with 0 additions and 5264 deletions
Show Stats Expand all files Collapse all files

52
roles/alertmanager/defaults/main.yaml
View File

@ -1,52 +0,0 @@
---
alertmanager_go_arch_map:
i386: '386'
x86_64: 'amd64'
alertmanager_go_arch: "{{ alertmanager_go_arch_map[ansible_architecture] | default('amd64') }}"
alertmanager_service_name: alertmanager.service
alertmanager_service_enabled: true
alertmanager_service_state: started
alertmanager_version_regex: ^alertmanager, version ([\d.]+)
alertmanager_github_project_url: https://github.com/prometheus/alertmanager
alertmanager_release_file: "alertmanager-{{ alertmanager_version }}.{{ ansible_system | lower }}-{{ alertmanager_go_arch }}.tar.gz"
alertmanager_release_url: "{{ alertmanager_github_project_url }}/releases/download/v{{ alertmanager_version }}/{{ alertmanager_release_file }}"
alertmanager_checksum_url: "{{ alertmanager_github_project_url }}/releases/download/v{{ alertmanager_version }}/sha256sums.txt"
alertmanager_download_path: "/tmp/{{ alertmanager_release_file }}"
alertmanager_unarchive_dest_path: /tmp
alertmanager_extracted_path: "{{ alertmanager_download_path | replace('.tar.gz', '') }}"
alertmanager_user: alertmanager
alertmanager_user_state: present
alertmanager_user_shell: /usr/sbin/nologin
alertmanager_group: alertmanager
alertmanager_group_state: "{{ alertmanager_user_state | default('present') }}"
alertmanager_etc_path: /etc/alertmanager
alertmanager_etc_owner: root
alertmanager_etc_group: root
alertmanager_etc_mode: "0755"
alertmanager_var_path: /var/lib/alertmanager
alertmanager_var_owner: "{{ alertmanager_user }}"
alertmanager_var_group: "{{ alertmanager_group }}"
alertmanager_var_mode: "0755"
alertmanager_bin_path: /usr/local/bin
alertmanager_web_listen_address: 0.0.0.0:9093
alertmanager_port: "{{ alertmanager_web_listen_address.split(':')[1] }}"
alertmanager_web_external_url:
alertmanager_web_route_prefix:
alertmanager_cluster_advertise_address: 0.0.0.0:9093
alertmanager_config:
route:
routes:
receiver: dummy
receivers:
- name: dummy

6
roles/alertmanager/handlers/main.yaml
View File

@ -1,6 +0,0 @@
---
- name: restart alertmanager
systemd:
name: alertmanager.service
daemon_reload: true
state: restarted

56
roles/alertmanager/tasks/configure.yaml
View File

@ -1,56 +0,0 @@
---
- name: create group
group:
name: "{{ alertmanager_group }}"
system: true
state: "{{ alertmanager_group_state | default('present') }}"
- name: create user
user:
name: "{{ alertmanager_user }}"
system: true
shell: "{{ alertmanager_user_shell }}"
group: "{{ alertmanager_group }}"
createhome: false
home: "{{ alertmanager_var_path }}"
state: "{{ alertmanager_user_state | default('present') }}"
- name: create etc path
file:
path: "{{ alertmanager_etc_path }}"
state: directory
owner: "{{ alertmanager_etc_owner }}"
group: "{{ alertmanager_etc_group }}"
mode: "{{ alertmanager_etc_mode }}"
- name: create var path
file:
path: "{{ alertmanager_var_path }}"
state: directory
owner: "{{ alertmanager_var_owner }}"
group: "{{ alertmanager_var_group }}"
mode: "{{ alertmanager_var_mode }}"
- name: configure
copy:
dest: "{{ alertmanager_etc_path }}/alertmanager.yaml"
content: "{{ (alertmanager_config | default({})) | to_nice_yaml }}"
owner: root
group: root
mode: 0444
notify: restart alertmanager
- name: configure systemd template
template:
src: alertmanager.service.j2
dest: /etc/systemd/system/alertmanager.service
owner: root
group: root
mode: 0444
notify: restart alertmanager
- name: manage service
service:
name: "{{ alertmanager_service_name }}"
enabled: "{{ alertmanager_service_enabled }}"
state: "{{ alertmanager_service_state }}"

0
roles/alertmanager/tasks/default.yaml
View File

32
roles/alertmanager/tasks/install.yaml
View File

@ -1,32 +0,0 @@
---
- block:
- name: download tar
get_url:
url: "{{ alertmanager_release_url }}"
dest: "{{ alertmanager_download_path }}"
checksum: "{{ alertmanager_checksum }}"
register: dl
until: dl is success
retries: 5
delay: 10
- name: extract tar
unarchive:
src: "{{ alertmanager_download_path }}"
dest: "{{ alertmanager_unarchive_dest_path }}"
creates: "{{ alertmanager_extracted_path }}/alertmanager"
remote_src: true
- name: install binaries
copy:
src: "{{ alertmanager_extracted_path }}/{{ item }}"
dest: "{{ alertmanager_bin_path }}/{{ item }}"
owner: root
group: root
mode: 0755
remote_src: true
loop:
- alertmanager
- amtool
notify: restart alertmanager
when: alertmanager_version != alertmanager_local_version

30
roles/alertmanager/tasks/main.yaml
View File

@ -1,30 +0,0 @@
---
- name: gather os specific variables
include_vars: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
include_tasks: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- include: pre.yaml
- include: install.yaml
- include: configure.yaml

50
roles/alertmanager/tasks/pre.yaml
View File

@ -1,50 +0,0 @@
---
- name: determine if installed
stat:
path: "{{ alertmanager_bin_path }}/alertmanager"
register: st
- name: set alertmanager_installed
set_fact:
alertmanager_installed: "{{ st.stat.exists | bool }}"
- block:
- name: determine latest version
uri:
url: https://api.github.com/repos/prometheus/alertmanager/releases/latest
return_content: true
body_format: json
register: _latest_version
until: _latest_version.status == 200
retries: 3
- name: set alertmanager_version
set_fact:
alertmanager_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
- block:
- name: determine installed version
command: "{{ alertmanager_bin_path }}/alertmanager --version"
register: _installed_version_string
changed_when: false
- name: set alertmanager_local_version
set_fact:
alertmanager_local_version: "{{ _installed_version_string.stdout | regex_search(alertmanager_version_regex, '\\1') | first }}"
when: alertmanager_installed
- name: set alertmanager_local_version to 0
set_fact:
alertmanager_local_version: "0"
when: not alertmanager_installed
- block:
- name: get checksums
set_fact:
_checksums: "{{ lookup('url', alertmanager_checksum_url, wantlist=True) }}"
- name: set alertmanager_checksum
set_fact:
alertmanager_checksum: "sha256:{{ item.split(' ') | first }}"
loop: "{{ _checksums }}"
when: "alertmanager_release_file in item"

26
roles/alertmanager/templates/alertmanager.service.j2
View File

@ -1,26 +0,0 @@
{{ ansible_managed | comment }}
[Unit]
Description=Alertmanager
After=network-online.target
[Service]
Type=simple
User={{ alertmanager_user }}
Group={{ alertmanager_group }}
ExecStart={{ alertmanager_bin_path }}/alertmanager \
--config.file={{ alertmanager_etc_path }}/alertmanager.yaml \
--storage.path={{ alertmanager_var_path }} \
--cluster.advertise-address={{ alertmanager_cluster_advertise_address }} \
{% if alertmanager_web_external_url %}
--web.external-url={{ alertmanager_web_external_url }} \
{% endif %}
{% if alertmanager_web_route_prefix %}
--web.route-prefix={{ alertmanager_web_route_prefix }} \
{% endif %}
{% if alertmanager_web_listen_address %}
--web.listen-address={{ alertmanager_web_listen_address }} \
{% endif %}
[Install]
WantedBy=multi-user.target

0
roles/alertmanager/vars/default.yaml
View File

39
roles/blackbox_exporter/defaults/main.yaml
View File

@ -1,39 +0,0 @@
blackbox_exporter_go_arch_map:
i386: '386'
x86_64: 'amd64'
blackbox_exporter_go_arch: "{{ blackbox_exporter_go_arch_map[ansible_architecture] | default('amd64') }}"
blackbox_exporter_service_name: blackbox_exporter.service
blackbox_exporter_service_enabled: true
blackbox_exporter_service_state: started
blackbox_exporter_version_regex: ^blackbox_exporter, version ([\d.]+)
blackbox_exporter_release_file: "blackbox_exporter-{{ blackbox_exporter_version }}.{{ ansible_system | lower }}-{{ blackbox_exporter_go_arch }}.tar.gz"
blackbox_exporter_release_url: "https://github.com/prometheus/blackbox_exporter/releases/download/v{{ blackbox_exporter_version }}/{{ blackbox_exporter_release_file }}"
blackbox_exporter_checksum_url: "https://github.com/prometheus/blackbox_exporter/releases/download/v{{ blackbox_exporter_version }}/sha256sums.txt"
blackbox_exporter_download_path: "/tmp/{{ blackbox_exporter_release_file }}"
blackbox_exporter_unarchive_dest_path: /tmp
blackbox_exporter_extracted_path: "{{ blackbox_exporter_download_path | replace('.tar.gz', '') }}"
blackbox_exporter_user: blackbox_exporter
blackbox_exporter_user_state: present
blackbox_exporter_user_shell: /usr/sbin/nologin
blackbox_exporter_group: blackbox_exporter
blackbox_exporter_group_state: "{{ blackbox_exporter_user_state | default('present') }}"
blackbox_exporter_etc_path: /etc/blackbox_exporter
blackbox_exporter_etc_owner: root
blackbox_exporter_etc_group: root
blackbox_exporter_etc_mode: "0755"
blackbox_exporter_var_path: /var/lib/blackbox_exporter
blackbox_exporter_var_owner: "{{ blackbox_exporter_user }}"
blackbox_exporter_var_group: "{{ blackbox_exporter_group }}"
blackbox_exporter_var_mode: "0755"
blackbox_exporter_bin_path: /usr/local/bin
blackbox_exporter_config: {}

6
roles/blackbox_exporter/handlers/main.yaml
View File

@ -1,6 +0,0 @@
---
- name: restart blackbox_exporter
systemd:
name: blackbox_exporter.service
daemon_reload: true
state: restarted

48
roles/blackbox_exporter/tasks/configure.yaml
View File

@ -1,48 +0,0 @@
---
- name: create group
group:
name: "{{ blackbox_exporter_group }}"
system: true
state: "{{ blackbox_exporter_group_state | default('present') }}"
- name: create user
user:
name: "{{ blackbox_exporter_user }}"
system: true
shell: "{{ blackbox_exporter_user_shell }}"
group: "{{ blackbox_exporter_group }}"
createhome: false
home: "{{ blackbox_exporter_var_path }}"
state: "{{ blackbox_exporter_user_state | default('present') }}"
- name: create etc path
file:
path: "{{ blackbox_exporter_etc_path }}"
state: directory
owner: "{{ blackbox_exporter_etc_owner }}"
group: "{{ blackbox_exporter_etc_group }}"
mode: "{{ blackbox_exporter_etc_mode }}"
- name: configure
copy:
dest: "{{ blackbox_exporter_etc_path }}/config.yaml"
content: "{{ (blackbox_exporter_config | default({})) | to_nice_yaml }}"
owner: root
group: root
mode: 0444
notify: restart blackbox_exporter
- name: configure systemd template
template:
src: blackbox_exporter.service.j2
dest: /etc/systemd/system/blackbox_exporter.service
owner: root
group: root
mode: 0444
notify: restart blackbox_exporter
- name: manage service
service:
name: "{{ blackbox_exporter_service_name }}"
enabled: "{{ blackbox_exporter_service_enabled }}"
state: "{{ blackbox_exporter_service_state }}"

0
roles/blackbox_exporter/tasks/default.yaml
View File

31
roles/blackbox_exporter/tasks/install.yaml
View File

@ -1,31 +0,0 @@
---
- block:
- name: download tar
get_url:
url: "{{ blackbox_exporter_release_url }}"
dest: "{{ blackbox_exporter_download_path }}"
checksum: "{{ blackbox_exporter_checksum }}"
register: dl
until: dl is success
retries: 5
delay: 10
- name: extract tar
unarchive:
src: "{{ blackbox_exporter_download_path }}"
dest: "{{ blackbox_exporter_unarchive_dest_path }}"
creates: "{{ blackbox_exporter_extracted_path }}/blackbox_exporter"
remote_src: true
- name: install binaries
copy:
src: "{{ blackbox_exporter_extracted_path }}/{{ item }}"
dest: "{{ blackbox_exporter_bin_path }}/{{ item }}"
owner: root
group: root
mode: 0755
remote_src: true
loop:
- blackbox_exporter
notify: restart blackbox_exporter
when: blackbox_exporter_version != blackbox_exporter_local_version

30
roles/blackbox_exporter/tasks/main.yaml
View File

@ -1,30 +0,0 @@
---
- name: gather os specific variables
include_vars: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
include_tasks: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- include: pre.yaml
- include: install.yaml
- include: configure.yaml

50
roles/blackbox_exporter/tasks/pre.yaml
View File

@ -1,50 +0,0 @@
---
- name: determine if installed
stat:
path: "{{ blackbox_exporter_bin_path }}/blackbox_exporter"
register: st
- name: set blackbox_exporter_installed
set_fact:
blackbox_exporter_installed: "{{ st.stat.exists | bool }}"
- block:
- name: determine latest version
uri:
url: https://api.github.com/repos/prometheus/blackbox_exporter/releases/latest
return_content: true
body_format: json
register: _latest_version
until: _latest_version.status == 200
retries: 3
- name: set blackbox_exporter_version
set_fact:
blackbox_exporter_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
- block:
- name: determine installed version
command: "{{ blackbox_exporter_bin_path }}/blackbox_exporter --version"
register: _installed_version_string
changed_when: false
- name: set blackbox_exporter_local_version
set_fact:
blackbox_exporter_local_version: "{{ _installed_version_string.stdout | regex_search(blackbox_exporter_version_regex, '\\1') | first }}"
when: blackbox_exporter_installed
- name: set blackbox_exporter_local_version to 0
set_fact:
blackbox_exporter_local_version: "0"
when: not blackbox_exporter_installed
- block:
- name: get checksums
set_fact:
_checksums: "{{ lookup('url', blackbox_exporter_checksum_url, wantlist=True) }}"
- name: set blackbox_exporter_checksum
set_fact:
blackbox_exporter_checksum: "sha256:{{ item.split(' ') | first }}"
loop: "{{ _checksums }}"
when: "blackbox_exporter_release_file in item"

11
roles/blackbox_exporter/templates/blackbox_exporter.service.j2
View File

@ -1,11 +0,0 @@
[Unit]
Description=Blackbox Exporter
[Service]
User=blackbox_exporter
ExecStart={{ blackbox_exporter_bin_path }}/blackbox_exporter \
--config.file={{ blackbox_exporter_etc_path }}/config.yaml
AmbientCapabilities=CAP_NET_RAW
[Install]
WantedBy=multi-user.target

0
roles/blackbox_exporter/vars/default.yaml
View File

21
roles/consul/defaults/main.yaml
View File

@ -1,21 +0,0 @@
---
consul_package_name: consul
consul_package_state: present
consul_service_name: consul
consul_service_state: started
consul_service_enabled: true
consul_etc_path: /etc/consul.d
consul_config_path: "{{ consul_etc_path }}/consul.hcl"
consul_config_template: consul.hcl.j2
consul_user: consul
consul_group: consul
consul_config_owner: "{{ consul_user }}"
consul_config_group: "{{ consul_group }}"
consul_config_mode: 0644
consul_data_dir: /opt/consul
consul_bind_addr: "{{ ansible_default_ipv4.address }}"
consul_server: false
consul_bootstrap_expect: 1
consul_ui_config_enabled: true
consul_client_addr: 0.0.0.0
consul_unbound_enabled: false

9
roles/consul/files/unbound-consul.conf
View File

@ -1,9 +0,0 @@
# Ansible managed
server:
do-not-query-localhost: no
domain-insecure: "consul"
stub-zone:
name: "consul"
stub-addr: 127.0.0.1@8600

12
roles/consul/handlers/main.yaml
View File

@ -1,12 +0,0 @@
---
- name: reload consul
service:
name: "{{ consul_service_name }}"
state: reloaded
when: consul_service_enabled
- name: restart consul
service:
name: "{{ consul_service_name }}"
state: restarted
when: consul_service_enabled

18
roles/consul/tasks/RedHat.yaml
View File

@ -1,18 +0,0 @@
---
- name: install Hashicorp yum repo
yum_repository:
name: hashicorp
description: Hashicorp Stable - $basearch
baseurl: https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/stable
enabled: 1
gpgcheck: 1
gpgkey: https://rpm.releases.hashicorp.com/gpg
- name: install Hashicorp (test) yum repo
yum_repository:
name: hashicorp-test
description: Hashicorp Test - $basearch
baseurl: https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/test
enabled: 0
gpgcheck: 1
gpgkey: https://rpm.releases.hashicorp.com/gpg

9
roles/consul/tasks/forward-unbound.yaml
View File

@ -1,9 +0,0 @@
---
- name: configure unbound forwarder
copy:
src: unbound-consul.conf
dest: "{{ unbound_conf_d_path }}/consul.conf"
owner: root
group: root
mode: "0644"
notify: reload unbound

47
roles/consul/tasks/main.yaml
View File

@ -1,47 +0,0 @@
---
- name: gather os specific variables
include_vars: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
include_tasks: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- name: install
package:
name: "{{ consul_package_name | default('consul') }}"
state: "{{ consul_package_state | default('present') }}"
- name: configure
template:
src: "{{ consul_config_template }}"
dest: "{{ consul_config_path }}"
owner: "{{ consul_config_owner }}"
group: "{{ consul_config_group }}"
mode: "{{ consul_config_mode }}"
notify: restart consul
- name: service
service:
name: "{{ consul_service_name | default('consul') }}"
state: "{{ consul_service_state | default('started') }}"
enabled: "{{ consul_service_enabled | default(true) }}"
- include: forward-unbound.yaml
when: consul_unbound_enabled

41
roles/consul/templates/consul.hcl.j2
View File

@ -1,41 +0,0 @@
// {{ ansible_managed }}
data_dir = "{{ consul_data_dir }}"
{% if consul_server is defined %}
server = {{ (consul_server | lower) | default(false) }}
{% endif %}
{% if consul_bind_addr is defined %}
bind_addr = "{{ (consul_bind_addr | lower) | default("0.0.0.0") }}"
{% endif %}
{% if consul_server is true and consul_bootstrap_expect is defined %}
bootstrap_expect = {{ consul_bootstrap_expect }}
{% endif %}
{% if consul_retry_join is defined %}
retry_join = [
{%- set comma = joiner(",") -%}
{%- for x in consul_retry_join | default([]) -%}
{{ comma() }}"{{ x }}"
{%- endfor -%} ]
{% endif %}
{% if consul_server_addresses is defined %}
server_addresses = [
{%- set comma = joiner(",") -%}
{%- for x in consul_server_addresses | default([]) -%}
{{ comma() }}"{{ x }}"
{%- endfor -%} ]
{% endif %}
ui_config {
{% if consul_ui_config_enabled is defined %}
enabled = {{ (consul_ui_config_enabled | lower) | default(false) }}
{% endif %}
}
{% if consul_client_addr is defined %}
client_addr = "{{ (consul_client_addr | lower) | default("0.0.0.0") }}"
{% endif %}

0
roles/consul/vars/default.yaml
View File

2
roles/crio/defaults/main.yaml
View File

@ -1,2 +0,0 @@
---
crio_version: 1.23

0
roles/crio/tasks/default.yaml
View File

53
roles/crio/tasks/main.yaml
View File

@ -1,53 +0,0 @@
---
- name: gather os specific variables
include_vars: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
include_tasks: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- name: yum repo (devel:kubic:libcontainers:stable)
yum_repository:
name: devel:kubic:libcontainers:stable
description: "Stable Releases of Upstream github.com/containers packages ({{ crio_os }}) type=rpm-md"
baseurl: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ crio_os }}/"
gpgcheck: yes
gpgkey: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ crio_os }}/repodata/repomd.xml.key"
enabled: yes
- name: "yum repo (devel:kubic:libcontainers:stable:cri-o:{{ crio_version }})"
yum_repository:
name: "devel_kubic_libcontainers_stable_cri-o_{{ crio_version }}"
description: "devel:kubic:libcontainers:stable:cri-o:{{ crio_version }} ({{ crio_os }})"
baseurl: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ crio_version }}/{{ crio_os }}/"
gpgcheck: yes
gpgkey: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ crio_version }}/{{ crio_os }}/repodata/repomd.xml.key"
enabled: yes
- name: install
package:
name: "{{ crio_package_name | default('cri-o') }}"
state: "{{ crio_package_state | default('present') }}"
- name: manage service
service:
name: "{{ crio_service_name | default('crio') }}"
state: "{{ crio_service_state | default('started') }}"
enabled: "{{ crio_service_enabled | default(true) }}"

1
roles/crio/vars/Rocky.yaml
View File

@ -1 +0,0 @@
crio_os: "CentOS_{{ ansible_distribution_major_version }}"

8
roles/dl/defaults/main.yaml
View File

@ -1,8 +0,0 @@
---
dl_server_name: dl.kill0.net
dl_server_root: /var/www/dl
dl_access_log: /var/log/nginx/dl.access.log
dl_error_log: /var/log/nginx/dl.error.log
dl_ssl_enabled: false
dl_ssl_certificate: "/etc/letsencrypt/live/{{ dl_server_name }}/fullchain.pem"
dl_ssl_certificate_key: "/etc/letsencrypt/live/{{ dl_server_name }}/privkey.pem"

5
roles/dl/handlers/main.yaml
View File

@ -1,5 +0,0 @@
---
- name: reload nginx
service:
name: nginx
state: reloaded

31
roles/dl/tasks/main.yaml
View File

@ -1,31 +0,0 @@
---
- name: check if SSL key exists
stat:
path: "{{ dl_ssl_certificate_key }}"
register: key_st
- name: check if SSL certificate exists
stat:
path: "{{ dl_ssl_certificate }}"
register: crt_st
- name: ssl enabled
set_fact:
dl_ssl_enabled: true
when:
- key_st.stat.exists
- crt_st.stat.exists
- name: configure nginx
template:
src: nginx.conf.j2
dest: "/etc/nginx/conf.d/dl.conf"
owner: root
group: root
mode: 0644
notify: reload nginx
- name: create web root
file:
path: "{{ dl_server_root }}"
state: directory

63
roles/dl/templates/nginx.conf.j2
View File

@ -1,63 +0,0 @@
# {{ ansible_managed }}
server {
listen 80;
{% if ansible_all_ipv6_addresses | length %}
listen [::]:80;
{% endif %}
server_name {{ dl_server_name }};
access_log {{ dl_access_log }} main;
error_log {{ dl_error_log }} warn;
location /.well-known/acme-challenge/ {
root /var/www/html;
try_files $uri =404;
}
{% if dl_ssl_enabled is defined and
dl_ssl_enabled %}
location / {
return 301 https://$server_name$request_uri;
}
{% endif %}
}
{% if dl_ssl_enabled is defined and
dl_ssl_enabled %}
server {
listen 443 ssl http2;
{% if ansible_all_ipv6_addresses | length %}
listen [::]:443 ssl http2;
{% endif %}
server_name {{ dl_server_name }};
access_log {{ dl_access_log }} main;
error_log {{ dl_error_log }} warn;
root {{ dl_server_root }};
{% if dl_ssl_certificate is defined %}
ssl_certificate {{ dl_ssl_certificate }};
{% endif %}
{% if dl_ssl_certificate_key is defined %}
ssl_certificate_key {{ dl_ssl_certificate_key }};
{% endif %}
{% if dl_ssl_dhparam is defined %}
ssl_dhparam {{ dl_ssl_dhparam }};
{% endif %}
location ~ ^\/~(.+?)(\/.*)?$ {
alias /home/$1/public_html$2;
index index.html index.htm;
autoindex on;
auth_basic "Files";
auth_basic_user_file /home/$1/.htpasswd;
}
location /repo/ {
root /var/www/html;
autoindex on;
try_files $uri $uri/ =404;
}
}
{% endif %}

11
roles/docker/defaults/main.yaml
View File

@ -1,11 +0,0 @@
---
docker_package_name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-compose-plugin
docker_package_state: present
docker_service_name: docker.service
docker_service_state: started
docker_service_enabled: true

13
roles/docker/tasks/Debian.yaml
View File

@ -1,13 +0,0 @@
---
- name: install apt key
apt_key:
url: "https://download.docker.com/linux/{{ ansible_lsb.id | lower }}/gpg"
state: present
- name: install apt repo
apt_repository:
repo: >
deb [arch=amd64] https://download.docker.com/linux/{{ ansible_lsb.id | lower }}
{{ ansible_lsb.codename }}
stable
filename: docker

9
roles/docker/tasks/RedHat.yaml
View File

@ -1,9 +0,0 @@
---
- name: install Docker CE yum repo
yum_repository:
name: docker-ce
description: Docker CE Stable - $basearch
baseurl: https://download.docker.com/linux/centos/$releasever/$basearch/stable
enabled: 1
gpgcheck: 1
gpgkey: https://download.docker.com/linux/centos/gpg

6
roles/docker/tasks/configure.yaml
View File

@ -1,6 +0,0 @@
---
- name: manage service
service:
name: "{{ docker_service_name }}"
state: "{{ docker_service_state }}"
enabled: "{{ docker_service_enabled }}"

6
roles/docker/tasks/install.yaml
View File

@ -1,6 +0,0 @@
---
- name: install docker
package:
name: "{{ item }}"
state: "{{ docker_package_state }}"
loop: "{{ docker_package_name }}"

28
roles/docker/tasks/main.yaml
View File

@ -1,28 +0,0 @@
---
- name: gather os specific variables
include_vars: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
include_tasks: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- include: install.yaml
- include: configure.yaml

0
roles/docker/vars/RedHat.yaml
View File

0
roles/docker/vars/default.yaml
View File

45
roles/karma/defaults/main.yaml
View File

@ -1,45 +0,0 @@
---
karma_go_arch_map:
i386: '386'
x86_64: 'amd64'
karma_go_arch: "{{ karma_go_arch_map[ansible_architecture] | default('amd64') }}"
karma_service_name: karma.service
karma_service_enabled: true
karma_service_state: started
karma_version_regex: ^(.+)
karma_github_project_url: https://github.com/prymitive/karma
karma_release_file: "karma-{{ ansible_system | lower }}-{{ karma_go_arch }}.tar.gz"
karma_release_url: "{{ karma_github_project_url }}/releases/download/v{{ karma_version }}/{{ karma_release_file }}"
karma_checksum_url: "{{ karma_github_project_url }}/releases/download/v{{ karma_version }}/sha512sum.txt"
karma_download_path: "/tmp/{{ karma_release_file }}"
karma_unarchive_dest_path: /tmp
karma_extracted_path: "{{ karma_download_path | replace('.tar.gz', '') }}"
karma_user: karma
karma_user_state: present
karma_user_shell: /usr/sbin/nologin
karma_group: karma
karma_group_state: "{{ karma_user_state | default('present') }}"
karma_etc_path: /etc/karma
karma_etc_owner: root
karma_etc_group: root
karma_etc_mode: "0755"
karma_config_path: "{{ karma_etc_path }}/karma.yml"
karma_var_path: /var/lib/karma
karma_var_owner: "{{ karma_user }}"
karma_var_group: "{{ karma_group }}"
karma_var_mode: "0755"
karma_bin_path: /usr/local/bin
karma_port: 8080
karma_config: {}

6
roles/karma/handlers/main.yaml
View File

@ -1,6 +0,0 @@
---
- name: restart karma
systemd:
name: karma.service
daemon_reload: true
state: restarted

56
roles/karma/tasks/configure.yaml
View File

@ -1,56 +0,0 @@
---
- name: create group
group:
name: "{{ karma_group }}"
system: true
state: "{{ karma_group_state | default('present') }}"
- name: create user
user:
name: "{{ karma_user }}"
system: true
shell: "{{ karma_user_shell }}"
group: "{{ karma_group }}"
createhome: false
home: "{{ karma_var_path }}"
state: "{{ karma_user_state | default('present') }}"
- name: create etc path
file:
path: "{{ karma_etc_path }}"
state: directory
owner: "{{ karma_etc_owner }}"
group: "{{ karma_etc_group }}"
mode: "{{ karma_etc_mode }}"
- name: create var path
file:
path: "{{ karma_var_path }}"
state: directory
owner: "{{ karma_var_owner }}"
group: "{{ karma_var_group }}"
mode: "{{ karma_var_mode }}"
- name: configure
copy:
dest: "{{ karma_config_path }}"
content: "{{ (karma_config | default({})) | to_nice_yaml }}"
owner: root
group: root
mode: 0444
notify: restart karma
- name: configure systemd template
template:
src: karma.service.j2
dest: /etc/systemd/system/karma.service
owner: root
group: root
mode: 0444
notify: restart karma
- name: manage service
service:
name: "{{ karma_service_name }}"
enabled: "{{ karma_service_enabled }}"
state: "{{ karma_service_state }}"

0
roles/karma/tasks/default.yaml
View File

29
roles/karma/tasks/install.yaml
View File

@ -1,29 +0,0 @@
---
- block:
- name: download tar
get_url:
url: "{{ karma_release_url }}"
dest: "{{ karma_download_path }}"
checksum: "{{ karma_checksum }}"
register: dl
until: dl is success
retries: 5
delay: 10
- name: extract tar
unarchive:
src: "{{ karma_download_path }}"
dest: "{{ karma_unarchive_dest_path }}"
creates: "{{ karma_extracted_path }}"
remote_src: true
- name: install binaries
copy:
src: "{{ karma_extracted_path }}"
dest: "{{ karma_bin_path }}/karma"
owner: root
group: root
mode: 0755
remote_src: true
notify: restart karma
when: karma_version != karma_local_version

30
roles/karma/tasks/main.yaml
View File

@ -1,30 +0,0 @@
---
- name: gather os specific variables
include_vars: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
include_tasks: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- include: pre.yaml
- include: install.yaml
- include: configure.yaml

50
roles/karma/tasks/pre.yaml
View File

@ -1,50 +0,0 @@
---
- name: determine if installed
stat:
path: "{{ karma_bin_path }}/karma"
register: st
- name: set karma_installed
set_fact:
karma_installed: "{{ st.stat.exists | bool }}"
- block:
- name: determine latest version
uri:
url: https://api.github.com/repos/prymitive/karma/releases/latest
return_content: true
body_format: json
register: _latest_version
until: _latest_version.status == 200
retries: 3
- name: set karma_version
set_fact:
karma_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
- block:
- name: determine installed version
command: "{{ karma_bin_path }}/karma --version"
register: _installed_version_string
changed_when: false
- name: set karma_local_version
set_fact:
karma_local_version: "{{ _installed_version_string.stdout | regex_search(karma_version_regex, '\\1') | first }}"
when: karma_installed
- name: set karma_local_version to 0
set_fact:
karma_local_version: "0"
when: not karma_installed
- block:
- name: get checksums
set_fact:
_checksums: "{{ lookup('url', karma_checksum_url, wantlist=True) }}"
- name: set karma_checksum
set_fact:
karma_checksum: "sha512:{{ item.split(' ') | first }}"
loop: "{{ _checksums }}"
when: "karma_release_file in item"

18
roles/karma/templates/karma.service.j2
View File

@ -1,18 +0,0 @@
{{ ansible_managed | comment }}
[Unit]
Description=Karma Alertmanager dashboard
Wants=network-online.target
After=network-online.target
After=alertmanager.service
[Service]
Type=simple
User={{ karma_user }}
Group={{ karma_group }}
WorkingDirectory={{ karma_etc_path }}
ExecStart={{ karma_bin_path }}/karma \
--config.file={{ karma_config_path }}
[Install]
WantedBy=multi-user.target

0
roles/karma/vars/default.yaml
View File

14
roles/keepalived/defaults/main.yaml
View File

@ -1,14 +0,0 @@
---
keepalived_package_name: keepalived
keepalived_package_state: present
keepalived_service_name: keepalived
keepalived_service_state: started
keepalived_service_enabled: true
keepalived_etc_path: /etc/keepalived
keepalived_config_path: "{{ keepalived_etc_path }}/keepalived.conf"
keepalived_config_owner: root
keepalived_config_group: root
keepalived_config_mode: "0600"

12
roles/keepalived/handlers/main.yaml
View File

@ -1,12 +0,0 @@
---
- name: reload keepalived
service:
name: "{{ keepalived_service_name }}"
state: reloaded
when: keepalived_service_enabled
- name: restart keepalived
service:
name: "{{ keepalived_service_name }}"
state: restarted
when: keepalived_service_enabled

20
roles/keepalived/tasks/main.yaml
View File

@ -1,20 +0,0 @@
---
- name: install
package:
name: "{{ keepalived_package_name }}"
state: "{{ keepalived_package_state }}"
- name: configure
template:
src: keepalived.conf.j2
dest: "{{ keepalived_config_path }}"
owner: "{{ keepalived_config_owner }}"
group: "{{ keepalived_config_group }}"
mode: "{{ keepalived_config_mode }}"
notify: reload keepalived
- name: service
service:
name: "{{ keepalived_service_name }}"
state: "{{ keepalived_service_state }}"
enabled: "{{ keepalived_service_enabled }}"

78
roles/keepalived/templates/keepalived.conf.j2
View File

@ -1,78 +0,0 @@
{{ ansible_managed | comment }}
{% if keepalived_global_defs is defined %}
global_defs {
{% for k in keepalived_global_defs %}
{{ k }} {{ v }}
{% endfor %}
}
{% endif %}
{% if keepalived_vrrp_scripts is defined %}
{% for name, conf in keepalived_vrrp_scripts.items() %}
vrrp_script {{ name }} {
{% if conf.script is defined %}
script "{{ conf.script }}"
{% endif %}
{% if conf.interval is defined %}
interval {{ conf.interval | default(1) }}
{% endif %}
{% if conf.weight is defined %}
weight {{ conf.weight }}
{% endif %}
}
{% endfor %}
{% endif %}
{% if keepalived_vrrp_instances is defined %}
{% for name, conf in keepalived_vrrp_instances.items() %}
vrrp_instance {{ name }} {
{% if conf.state is defined %}
state {{ conf.state | default("MASTER") }}
{% endif %}
{% if conf.interface is defined %}
interface {{ conf.interface | default("eth0") }}
{% endif %}
{% if conf.virtual_router_id is defined %}
virtual_router_id {{ conf.virtual_router_id }}
{% endif %}
{% if conf.priority is defined %}
priority {{ conf.priority }}
{% endif %}
{% if conf.advert_int is defined %}
advert_int {{ conf.advert_int }}
{% endif %}
{% if conf.authentication is defined %}
authentication {
{% if conf.authentication.auth_type is defined %}
auth_type {{ conf.authentication.auth_type }}
{% endif %}
{% if conf.authentication.auth_pass is defined %}
auth_pass {{ conf.authentication.auth_pass }}
{% endif %}
}
{% if conf.unicast_peer is defined %}
unicast_peer {
{% for x in conf.unicast_peer %}
{{ x }}
{% endfor %}
}
{% endif %}
{% if conf.virtual_ipaddress is defined %}
virtual_ipaddress {
{% for x in conf.virtual_ipaddress %}
{{ x }}
{% endfor %}
}
{% endif %}
{% if conf.track_script is defined %}
track_script {
{% for x in conf.track_script %}
{{ x }}
{% endfor %}
}
{% endif %}
{% endif %}
}
{% endfor %}
{% endif %}

47
roles/kthxbye/defaults/main.yaml
View File

@ -1,47 +0,0 @@
---
kthxbye_go_arch_map:
i386: '386'
x86_64: 'amd64'
kthxbye_go_arch: "{{ kthxbye_go_arch_map[ansible_architecture] | default('amd64') }}"
kthxbye_sidecar_service_name: kthxbye-sidecar.service
kthxbye_sidecar_service_enabled: true
kthxbye_sidecar_service_state: started
kthxbye_service_name: kthxbye.service
kthxbye_service_enabled: true
kthxbye_service_state: started
kthxbye_version_regex: (.+)
kthxbye_checksum_algo: sha512
kthxbye_github_rel_path: prymitive/kthxbye
kthxbye_github_project_url: "https://github.com/{{ kthxbye_github_rel_path }}"
kthxbye_release_file: "kthxbye-{{ ansible_system | lower }}-{{ kthxbye_go_arch }}.tar.gz"
kthxbye_release_url: "{{ kthxbye_github_project_url }}/releases/download/v{{ kthxbye_version }}/{{ kthxbye_release_file }}"
kthxbye_checksum_url: "{{ kthxbye_github_project_url }}/releases/download/v{{ kthxbye_version }}/{{ kthxbye_checksum_algo }}sum.txt"
kthxbye_download_path: "/tmp/{{ kthxbye_release_file }}"
kthxbye_unarchive_dest_path: /tmp
kthxbye_extracted_path: "{{ kthxbye_download_path | replace('.tar.gz', '') }}"
kthxbye_binaries:
- kthxbye
kthxbye_user: kthxbye
kthxbye_user_state: present
kthxbye_user_shell: /usr/sbin/nologin
kthxbye_group: kthxbye
kthxbye_group_state: "{{ kthxbye_user_state | default('present') }}"
kthxbye_etc_path: /etc/kthxbye
kthxbye_etc_owner: root
kthxbye_etc_group: root
kthxbye_etc_mode: "0755"
kthxbye_var_path: /var/lib/kthxbye
kthxbye_var_owner: "{{ kthxbye_user }}"
kthxbye_var_group: "{{ kthxbye_group }}"
kthxbye_var_mode: "0755"
kthxbye_bin_path: /usr/local/bin

6
roles/kthxbye/handlers/main.yaml
View File

@ -1,6 +0,0 @@
---
- name: restart kthxbye
systemd:
name: kthxbye.service
daemon_reload: true
state: restarted

47
roles/kthxbye/tasks/configure.yaml
View File

@ -1,47 +0,0 @@
---
- name: create group
group:
name: "{{ kthxbye_group }}"
system: true
state: "{{ kthxbye_group_state | default('present') }}"
- name: create user
user:
name: "{{ kthxbye_user }}"
system: true
shell: "{{ kthxbye_user_shell }}"
group: "{{ kthxbye_group }}"
createhome: false
home: "{{ kthxbye_var_path }}"
state: "{{ kthxbye_user_state | default('present') }}"
- name: create etc path
file:
path: "{{ kthxbye_etc_path }}"
state: directory
owner: "{{ kthxbye_etc_owner }}"
group: "{{ kthxbye_etc_group }}"
mode: "{{ kthxbye_etc_mode }}"
- name: create var path
file:
path: "{{ kthxbye_var_path }}"
state: directory
owner: "{{ kthxbye_var_owner }}"
group: "{{ kthxbye_var_group }}"
mode: "{{ kthxbye_var_mode }}"
- name: configure systemd template
template:
src: kthxbye.service.j2
dest: /etc/systemd/system/kthxbye.service
owner: root
group: root
mode: 0444
notify: restart kthxbye
- name: manage service
service:
name: "{{ kthxbye_service_name }}"
enabled: "{{ kthxbye_service_enabled }}"
state: "{{ kthxbye_service_state }}"

0
roles/kthxbye/tasks/default.yaml
View File

30
roles/kthxbye/tasks/install.yaml
View File

@ -1,30 +0,0 @@
---
- block:
- name: download tar
get_url:
url: "{{ kthxbye_release_url }}"
dest: "{{ kthxbye_download_path }}"
checksum: "{{ kthxbye_checksum }}"
register: dl
until: dl is success
retries: 5
delay: 10
- name: extract tar
unarchive:
src: "{{ kthxbye_download_path }}"
dest: "{{ kthxbye_unarchive_dest_path }}"
creates: "{{ kthxbye_extracted_path }}"
remote_src: true
- name: install binaries
copy:
src: "{{ kthxbye_extracted_path }}"
dest: "{{ kthxbye_bin_path }}/{{ item }}"
owner: root
group: root
mode: 0755
remote_src: true
loop: "{{ kthxbye_binaries }}"
notify: restart kthxbye
when: kthxbye_version != kthxbye_local_version

30
roles/kthxbye/tasks/main.yaml
View File

@ -1,30 +0,0 @@
---
- name: gather os specific variables
include_vars: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
include_tasks: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- include: pre.yaml
- include: install.yaml
- include: configure.yaml

54
roles/kthxbye/tasks/pre.yaml
View File

@ -1,54 +0,0 @@
---
- name: determine if installed
stat:
path: "{{ kthxbye_bin_path }}/kthxbye"
register: st
- name: set kthxbye_installed
set_fact:
kthxbye_installed: "{{ st.stat.exists | bool }}"
- block:
- name: determine latest version
uri:
url: "https://api.github.com/repos/{{ kthxbye_github_rel_path }}/releases/latest"
return_content: true
body_format: json
register: _latest_version
until: _latest_version.status == 200
retries: 3
- name: set kthxbye_version
set_fact:
kthxbye_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
- block:
- name: determine installed version
command: "{{ kthxbye_bin_path }}/kthxbye --version"
register: _installed_version_string
changed_when: false
- name: set kthxbye_local_version
set_fact:
kthxbye_local_version: "{{ _installed_version_string.stdout | regex_search(kthxbye_version_regex, '\\1') | first }}"
rescue:
- name: set kthxbye_local_version
set_fact:
kthxbye_local_version: "{{ _installed_version_string.stderr | regex_search(kthxbye_version_regex, '\\1') | first }}"
when: kthxbye_installed
- name: set kthxbye_local_version to 0
set_fact:
kthxbye_local_version: "0"
when: not kthxbye_installed
- block:
- name: get checksums
set_fact:
_checksums: "{{ lookup('url', kthxbye_checksum_url, wantlist=True) }}"
- name: set kthxbye_checksum
set_fact:
kthxbye_checksum: "sha512:{{ item.split(' ') | first }}"
loop: "{{ _checksums }}"
when: "kthxbye_release_file in item"

20
roles/kthxbye/templates/kthxbye.service.j2
View File

@ -1,20 +0,0 @@
{{ ansible_managed | comment }}
[Unit]
Description=Kthxbye
Wants=network-online.target
After=network-online.target
After=alertmanager.service
[Service]
Type=simple
User={{ kthxbye_user }}
Group={{ kthxbye_group }}
WorkingDirectory={{ kthxbye_etc_path }}
ExecStart={{ kthxbye_bin_path }}/kthxbye \
{% if kthxbye_listen %}
-listen={{ kthxbye_listen }}
{% endif %}
[Install]
WantedBy=multi-user.target

0
roles/kthxbye/vars/default.yaml
View File

74
roles/loki/defaults/main.yaml
View File

@ -1,74 +0,0 @@
---
loki_go_arch_map:
i386: '386'
x86_64: 'amd64'
loki_go_arch: "{{ loki_go_arch_map[ansible_architecture] | default('amd64') }}"
loki_service_name: loki.service
loki_service_enabled: true
loki_service_state: started
loki_version_regex: ^loki, version ([\d.]+)
loki_github_project_url: https://github.com/grafana/loki
loki_release_file: "loki-{{ ansible_system | lower }}-{{ loki_go_arch }}.zip"
loki_release_url: "{{ loki_github_project_url }}/releases/download/v{{ loki_version }}/{{ loki_release_file }}"
loki_checksum_url: "{{ loki_github_project_url }}/releases/download/v{{ loki_version }}/SHA256SUMS"
loki_download_path: "/tmp/{{ loki_release_file }}"
loki_unarchive_dest_path: /tmp
loki_extracted_path: "{{ loki_download_path | replace('.zip', '') }}"
loki_user: loki
loki_user_state: present
loki_user_shell: /usr/sbin/nologin
loki_group: loki
loki_group_state: "{{ loki_user_state | default('present') }}"
loki_config_path: /etc/loki.yaml
loki_var_path: /var/lib/loki
loki_var_owner: "{{ loki_user }}"
loki_var_group: "{{ loki_group }}"
loki_var_mode: "0755"
loki_bin_path: /usr/local/bin
loki_auth_enabled: false
loki_server:
http_listen_port: 3100
loki_ingester:
lifecycler:
address: 127.0.0.1
ring:
kvstore:
store: inmemory
replication_factor: 1
final_sleep: 0s
chunk_idle_period: 5m
chunk_retain_period: 30s
loki_schema_config:
configs:
- from: 2020-05-15
store: boltdb
object_store: filesystem
schema: v11
index:
prefix: index_
period: 168h
loki_storage_config:
boltdb:
directory: "{{ loki_var_path }}/index"
filesystem:
directory: "{{ loki_var_path }}/chunks"
loki_limits_config:
enforce_metric_name: false
reject_old_samples: true
reject_old_samples_max_age: 168h
ingestion_burst_size_mb: 16

6
roles/loki/handlers/main.yaml
View File

@ -1,6 +0,0 @@
---
- name: restart loki
systemd:
name: loki.service
daemon_reload: true
state: restarted

48
roles/loki/tasks/configure.yaml
View File

@ -1,48 +0,0 @@
---
- name: create group
group:
name: "{{ loki_group }}"
system: true
state: "{{ loki_group_state | default('present') }}"
- name: create user
user:
name: "{{ loki_user }}"
system: true
shell: "{{ loki_user_shell }}"
group: "{{ loki_group }}"
createhome: false
home: "{{ loki_var_path }}"
state: "{{ loki_user_state | default('present') }}"
- name: configure
template:
src: loki.yaml.j2
dest: "{{ loki_config_path }}"
owner: root
group: root
mode: 0444
notify: restart loki
- name: create var path
file:
path: "{{ loki_var_path }}"
state: directory
owner: "{{ loki_var_owner }}"
group: "{{ loki_var_group }}"
mode: "{{ loki_var_mode }}"
- name: configure systemd template
template:
src: "{{ loki_service_name }}.j2"
dest: "/etc/systemd/system/{{ loki_service_name }}"
owner: root
group: root
mode: 0444
notify: restart loki
- name: manage service
service:
name: "{{ loki_service_name }}"
enabled: "{{ loki_service_enabled }}"
state: "{{ loki_service_state }}"

0
roles/loki/tasks/default.yaml
View File

29
roles/loki/tasks/install.yaml
View File

@ -1,29 +0,0 @@
---
- block:
- name: download archive
get_url:
url: "{{ loki_release_url }}"
dest: "{{ loki_download_path }}"
checksum: "{{ loki_checksum }}"
register: dl
until: dl is success
retries: 5
delay: 10
- name: extract archive
unarchive:
src: "{{ loki_download_path }}"
dest: "{{ loki_unarchive_dest_path }}"
creates: "{{ loki_extracted_path }}/loki"
remote_src: true
- name: install binaries
copy:
src: "{{ loki_extracted_path }}"
dest: "{{ loki_bin_path }}/loki"
owner: root
group: root
mode: 0755
remote_src: true
notify: restart loki
when: loki_version != loki_local_version

30
roles/loki/tasks/main.yaml
View File

@ -1,30 +0,0 @@
---
- name: gather os specific variables
include_vars: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
include_tasks: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- include: pre.yaml
- include: install.yaml
- include: configure.yaml

50
roles/loki/tasks/pre.yaml
View File

@ -1,50 +0,0 @@
---
- name: determine if installed
stat:
path: "{{ loki_bin_path }}/loki"
register: st
- name: set loki_installed
set_fact:
loki_installed: "{{ st.stat.exists | bool }}"
- block:
- name: determine latest version
uri:
url: https://api.github.com/repos/grafana/loki/releases/latest
return_content: true
body_format: json
register: _latest_version
until: _latest_version.status == 200
retries: 3
- name: set loki_version
set_fact:
loki_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
- block:
- name: determine installed version
command: "{{ loki_bin_path }}/loki --version"
register: _installed_version_string
changed_when: false
- name: set loki_local_version
set_fact:
loki_local_version: "{{ _installed_version_string.stdout | regex_search(loki_version_regex, '\\1') | first }}"
when: loki_installed
- name: set loki_local_version to 0
set_fact:
loki_local_version: "0"
when: not loki_installed
- block:
- name: get checksums
set_fact:
_checksums: "{{ lookup('url', loki_checksum_url, wantlist=True) }}"
- name: set loki_checksum
set_fact:
loki_checksum: "sha256:{{ item.split(' ') | first }}"
loop: "{{ _checksums }}"
when: "loki_release_file in item"

19
roles/loki/templates/loki.service.j2
View File

@ -1,19 +0,0 @@
{{ ansible_managed | comment }}
[Unit]
Description=Loki
After=network-online.target
[Service]
Type=simple
User={{ loki_user }}
Group={{ loki_group }}
ExecStart={{ loki_bin_path }}/loki \
-config.file {{ loki_config_path }}
WorkingDirectory={{ loki_var_path }}
Restart=always
RestartSec=1
[Install]
WantedBy=multi-user.target

30
roles/loki/templates/loki.yaml.j2
View File

@ -1,30 +0,0 @@
{{ ansible_managed | comment }}
---
{% if loki_auth_enabled is defined %}
auth_enabled: {{ loki_auth_enabled | bool | lower }}
{% endif %}
{% if loki_server is defined %}
server:
{{ loki_server | to_nice_yaml(indent=2) | indent(2, False) }}
{% endif -%}
{% if loki_ingester is defined %}
ingester:
{{ loki_ingester | to_nice_yaml(indent=2) | indent(2, False) }}
{% endif -%}
{% if loki_schema_config is defined %}
schema_config:
{{ loki_schema_config | to_nice_yaml(indent=2) | indent(2, False) }}
{% endif -%}
{% if loki_storage_config is defined %}
storage_config:
{{ loki_storage_config | to_nice_yaml(indent=2) | indent(2, False) }}
{% endif -%}
{% if loki_limits_config is defined %}
limits_config:
{{ loki_limits_config | to_nice_yaml(indent=2) | indent(2, False) }}
{% endif -%}

0
roles/loki/vars/default.yaml
View File

50
roles/mtail/defaults/main.yaml
View File

@ -1,50 +0,0 @@
---
mtail_go_arch_map:
i386: '386'
x86_64: 'amd64'
mtail_go_arch: "{{ mtail_go_arch_map[ansible_architecture] | default('amd64') }}"
mtail_service_name: mtail.service
mtail_service_state: started
mtail_service_enabled: yes
mtail_version_regex: ^mtail version (\S+)
mtail_github_project_url: https://github.com/google/mtail
mtail_release_file: "mtail_{{ mtail_version }}_{{ ansible_system | capitalize }}_{{ ansible_architecture }}.tar.gz"
mtail_release_url: "{{ mtail_github_project_url }}/releases/download/v{{ mtail_version }}/{{ mtail_release_file }}"
mtail_download_path: "/tmp/{{ mtail_release_file }}"
mtail_checksum_url: "{{ mtail_github_project_url }}/releases/download/v{{ mtail_version }}/checksums.txt"
mtail_extracted_path: "/tmp"
mtail_unarchive_dest_path: "/tmp"
mtail_user: mtail
mtail_user_state: present
mtail_user_shell: /usr/sbin/nologin
mtail_append_groups:
- adm
mtail_group: mtail
mtail_group_state: "{{ mtail_user_state | default('present') }}"
mtail_etc_path: /etc/mtail
mtail_etc_owner: root
mtail_etc_group: root
mtail_etc_mode: "0755"
mtail_var_path: /var/lib/mtail
mtail_var_owner: "{{ mtail_user }}"
mtail_var_group: "{{ mtail_group }}"
mtail_var_mode: "0755"
mtail_var_log_path: /var/log/mtail
mtail_var_log_owner: "{{ mtail_user }}"
mtail_var_log_group: "{{ mtail_group }}"
mtail_var_log_mode: "0755"
mtail_bin_path: /usr/local/bin
mtail_arg_logs:
- "/var/log/syslog/{{ inventory_hostname_short }}/*/*/*.log"
- /var/log/nginx/*.access.log

29
roles/mtail/files/rules/nginx.mtail
View File

@ -1,29 +0,0 @@
getfilename() !~ /nginx\/.*\.log$/ {
stop
}
counter nginx_http_requests_total by vhost, method, code
counter nginx_http_response_size_bytes_total by vhost, method, code
histogram nginx_http_response_time_seconds buckets 0.0, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0, 10.0, 25.0, 50.0 by vhost, method, code
/^/ +
/(?P<vhost>[0-9A-Za-z\.\-:]+) / +
/(?P<remote_addr>\S+) / +
/- / +
/(?P<remote_user>\S+) / +
/\[(?P<time_local>\d{2}\/\w{3}\/\d{4}:\d{2}:\d{2}:\d{2} (\+|-)\d{4})\] / +
/"(?P<request_method>[A-Z]+) (?P<request_uri>\S+) (?P<http_version>HTTP\/[0-9\.]+)" / +
/(?P<status>\d{3}) / +
/(?P<bytes_sent>\d+) / +
/(?P<request_time>\d+\.\d+) / +
/"(?P<http_referer>\S+)" / +
/"(?P<http_user_agent>[[:print:]]+)" / +
/"(?P<http_x_forwarded_for>\S+)"/ +
/$/ {
nginx_http_requests_total[$vhost][$request_method][$status]++
nginx_http_response_size_bytes_total[$vhost][$request_method][$status] += $bytes_sent
nginx_http_response_time_seconds[$vhost][$request_method][$status] = $request_time
}

32
roles/mtail/files/rules/syslog.mtail
View File

@ -1,32 +0,0 @@
getfilename() !~ /^\/var\/log\/syslog\// {
stop
}
def syslog {
/(?P<date>(?P<legacy_date>\w+\s+\d+\s+\d+:\d+:\d+)|(?P<rfc3339_date>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d+[+-]\d{2}:\d{2}))/ +
/\s+(?:\w+@)?(?P<hostname>[\w\.-]+)\s+(?P<application>[\w\.-]+)(?:\[(?P<pid>\d+)\])?:\s+(?P<message>.*)/ {
# If the legacy_date regexp matched, try this format.
len($legacy_date) > 0 {
strptime($legacy_date, "Jan _2 15:04:05")
}
# If the RFC3339 style matched, parse it this way.
len($rfc3339_date) > 0 {
strptime($rfc3339_date, "2006-01-02T15:04:05-07:00")
}
# Call into the decorated block
next
}
}
counter syslog_loglines_total by application
counter ssh_invalid_user
@syslog {
syslog_loglines_total[$application]++
$application == "sshd" {
$message =~ /^Invalid user/ {
ssh_invalid_user++
}
}
}

6
roles/mtail/handlers/main.yaml
View File

@ -1,6 +0,0 @@
---
- name: restart mtail
systemd:
name: mtail.service
daemon_reload: true
state: restarted

67
roles/mtail/tasks/configure.yaml
View File

@ -1,67 +0,0 @@
---
- name: create group
group:
name: "{{ mtail_group }}"
system: true
state: "{{ mtail_group_state | default('present') }}"
- name: create user
user:
name: "{{ mtail_user }}"
system: true
shell: "{{ mtail_user_shell }}"
group: "{{ mtail_group }}"
groups: "{{ [mtail_group] + (mtail_append_groups | default([])) }}"
append: true
createhome: false
home: "{{ mtail_var_path }}"
state: "{{ mtail_user_state | default('present') }}"
- name: create etc path
file:
path: "{{ mtail_etc_path }}"
state: directory
owner: "{{ mtail_etc_owner }}"
group: "{{ mtail_etc_group }}"
mode: "{{ mtail_etc_mode }}"
- name: create var path
file:
path: "{{ mtail_var_path }}"
state: directory
owner: "{{ mtail_var_owner }}"
group: "{{ mtail_var_group }}"
mode: "{{ mtail_var_mode }}"
- name: create var_log path
file:
path: "{{ mtail_var_log_path }}"
state: directory
owner: "{{ mtail_var_log_owner }}"
group: "{{ mtail_var_log_group }}"
mode: "{{ mtail_var_log_mode }}"
- name: configure rules
copy:
src: "{{ item }}"
dest: "{{ mtail_etc_path }}/{{ item | basename }}"
owner: root
group: root
mode: "0755"
loop: "{{ lookup('fileglob', 'rules/*.mtail', wantlist=True) }}"
notify: restart mtail
- name: configure systemd template
template:
src: mtail.service.j2
dest: /etc/systemd/system/mtail.service
owner: root
group: root
mode: 0444
notify: restart mtail
- name: manage service
service:
name: "{{ mtail_service_name }}"
enabled: "{{ mtail_service_enabled }}"
state: "{{ mtail_service_state }}"

0
roles/mtail/tasks/default.yaml
View File

52
roles/mtail/tasks/install.yaml
View File

@ -1,52 +0,0 @@
---
#- block:
# - name: download tar
# get_url:
# url: "{{ mtail_release_url }}"
# dest: "{{ mtail_download_path }}"
# register: dl
# until: dl is success
# retries: 5
# delay: 10
#
# - name: install binaries
# copy:
# src: "{{ mtail_download_path }}"
# dest: "{{ mtail_bin_path }}/mtail"
# owner: root
# group: root
# mode: 0755
# remote_src: true
# notify: restart mtail
# when: mtail_version != mtail_local_version
#
- block:
- name: download tar
get_url:
url: "{{ mtail_release_url }}"
dest: "{{ mtail_download_path }}"
checksum: "{{ mtail_checksum }}"
register: dl
until: dl is success
retries: 5
delay: 10
- name: extract tar
unarchive:
src: "{{ mtail_download_path }}"
dest: "{{ mtail_unarchive_dest_path }}"
creates: "{{ mtail_extracted_path }}/mtail"
remote_src: true
- name: install binaries
copy:
src: "{{ mtail_extracted_path }}/{{ item }}"
dest: "{{ mtail_bin_path }}/{{ item }}"
owner: root
group: root
mode: 0755
remote_src: true
loop:
- mtail
notify: restart mtail
when: mtail_version != mtail_local_version

30
roles/mtail/tasks/main.yaml
View File

@ -1,30 +0,0 @@
---
- name: gather os specific variables
include_vars: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
include_tasks: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- include: pre.yaml
- include: install.yaml
- include: configure.yaml

88
roles/mtail/tasks/pre.yaml
View File

@ -1,88 +0,0 @@
---
#- name: determine if installed
# stat:
# path: "{{ mtail_bin_path }}/mtail"
# register: st
#
#- name: set mtail_installed
# set_fact:
# mtail_installed: "{{ st.stat.exists | bool }}"
#
#- block:
# - name: determine latest version
# uri:
# url: https://api.github.com/repos/google/mtail/releases/latest
# return_content: true
# body_format: json
# register: _latest_version
# until: _latest_version.status == 200
# retries: 3
#
# - name: set mtail_version
# set_fact:
# mtail_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
#
#- block:
# - name: determine installed version
# command: "{{ mtail_bin_path }}/mtail --version"
# register: _installed_version_string
# changed_when: false
#
# - name: set mtail_local_version
# set_fact:
# mtail_local_version: "{{ _installed_version_string.stdout | regex_search(mtail_version_regex, '\\1') | first }}"
# when: mtail_installed
#
#- name: set mtail_local_version to 0
# set_fact:
# mtail_local_version: "0"
# when: not mtail_installed
- name: determine if installed
stat:
path: "{{ mtail_bin_path }}/mtail"
register: st
- name: set mtail_installed
set_fact:
mtail_installed: "{{ st.stat.exists | bool }}"
- block:
- name: determine latest version
uri:
url: https://api.github.com/repos/google/mtail/releases/latest
return_content: true
body_format: json
register: _latest_version
until: _latest_version.status == 200
retries: 3
- name: set mtail_version
set_fact:
mtail_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
- block:
- name: determine installed version
command: "{{ mtail_bin_path }}/mtail --version"
register: _installed_version_string
changed_when: false
- name: set mtail_local_version
set_fact:
mtail_local_version: "{{ _installed_version_string.stdout | regex_search(mtail_version_regex, '\\1') | first }}"
when: mtail_installed
- name: set mtail_local_version to 0
set_fact:
mtail_local_version: "0"
when: not mtail_installed
- block:
- name: get checksums
set_fact:
_checksums: "{{ lookup('url', mtail_checksum_url, wantlist=True) }}"
- name: set mtail_checksum
set_fact:
mtail_checksum: "sha256:{{ item.split(' ') | first }}"
loop: "{{ _checksums }}"
when: "mtail_release_file in item"

16
roles/mtail/templates/mtail.service.j2
View File

@ -1,16 +0,0 @@
[Unit]
Description=mtail
[Service]
User={{ mtail_user }}
ExecStart={{ mtail_bin_path }}/mtail \
--progs {{ mtail_etc_path }} \
--log_dir={{ mtail_var_log_path }} \
{% if mtail_arg_logs %}
{% for path in mtail_arg_logs %}
--logs {{ path }} \
{% endfor %}
{% endif %}
[Install]
WantedBy=multi-user.target

0
roles/mtail/vars/default.yaml
View File

38
roles/mysql/README.md
View File

@ -1,38 +0,0 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

57
roles/mysql/defaults/main.yaml
View File

@ -1,57 +0,0 @@
---
mysql_package_state: 'present'
mysql_service_name: 'mysql'
mysql_service_state: 'started'
mysql_service_enabled: yes
mysql_initialize_log_error: /var/tmp/mysqld_initialize.log
mysql_cfg_path: /etc/my.cnf
mysql_datadir_owner: mysql
mysql_datadir_group: mysql
mysql_datadir_mode: 0700
mysql_config:
mysql:
port: 3306
socket: /var/run/mysqld/mysqld.sock
mysqld:
basedir: /usr
bind_address: 127.0.0.1
datadir: /var/lib/mysql
default_storage_engine: InnoDB
innodb_buffer_pool_size: "{{ (ansible_memtotal_mb * 0.25) | int }}M"
innodb_file_per_table: 1
innodb_flush_log_at_trx_commit: 1
innodb_flush_method: O_DIRECT
innodb_log_file_size: 128M
innodb_log_files_in_group: 2
key_buffer_size: 16M
log_error: /var/log/mysql/mysql-error.log
log_queries_not_using_indexes: 1
max_allowed_packet: 16M
max_connect_errors: 1000000
max_connections: 100
max_heap_table_size: 32M
myisam_recover_options: FORCE,BACKUP
open_files_limit: 65535
pid_file: /var/run/mysqld/mysqld.pid
query_cache_size: 0
query_cache_type: 0
slow_query_log: 1
slow_query_log_file: /var/log/mysql/mysql-slow.log
socket: /var/run/mysqld/mysqld.sock
table_definition_cache: 4096
table_open_cache: 300
thread_cache_size: 16
tmp_table_size: 32M
tmpdir: /tmp
user: mysql
mysqld_safe:
nice: 0
socket: /var/run/mysqld/mysqld.sock
syslog: ~
# vim:ft=yaml.ansible:

5
roles/mysql/handlers/main.yml
View File

@ -1,5 +0,0 @@
---
- name: restart mysql
service:
name: "{{ mysql_service_name }}"
state: restarted

60
roles/mysql/meta/main.yml
View File

@ -1,60 +0,0 @@
galaxy_info:
author: your name
description: your description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Some suggested licenses:
# - BSD (default)
# - MIT
# - GPLv2
# - GPLv3
# - Apache
# - CC-BY
license: license (GPLv2, CC-BY, etc)
min_ansible_version: 2.4
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
# Optionally specify the branch Galaxy will use when accessing the GitHub
# repo for this role. During role install, if no tags are available,
# Galaxy will use this branch. During import Galaxy will access files on
# this branch. If Travis integration is configured, only notifications for this
# branch will be accepted. Otherwise, in all cases, the repo's default branch
# (usually master) will be used.
#github_branch:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

39
roles/mysql/tasks/main.yml
View File

@ -1,39 +0,0 @@
---
- name: gather OS distribution version specific variables
include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
- name: gather OS distribution specific variables
include_vars: "{{ ansible_distribution }}.yaml"
- name: gather OS family specific variables
include_vars: "{{ ansible_os_family }}.yaml"
- name: manage mysql package
package:
name: "{{ mysql_package_name }}"
state: "{{ mysql_package_state }}"
- name: create datadir
file:
path: "{{ mysql_config.mysqld.datadir }}"
owner: "{{ mysql_datadir_owner }}"
group: "{{ mysql_datadir_group }}"
mode: "{{ mysql_datadir_mode }}"
state: directory
- name: initialize mysql
command: "mysqld --initialize --log-error={{ mysql_initialize_log_error }}"
args:
creates: "{{ mysql_config.mysqld.datadir }}/mysql"
- name: configure mysql
template:
src: my.cnf.j2
dest: "{{ mysql_cfg_path }}"
notify: restart mysql
- name: manage mysql service
service:
name: "{{ mysql_service_name }}"
state: "{{ mysql_service_state }}"
enabled: "{{ mysql_service_enabled }}"

12
roles/mysql/templates/my.cnf.j2
View File

@ -1,12 +0,0 @@
# {{ ansible_managed }}
{% for section, cfg in mysql_config.iteritems() | sort %}
[{{section}}]
{% for k, v in cfg.iteritems() | sort %}
{% if k is defined and v is not none %}
{{ k }} = {{ v }}
{% elif k and v is none %}
{{ k }}
{% endif %}
{% endfor %}
{% endfor %}

2
roles/mysql/tests/inventory
View File

@ -1,2 +0,0 @@
localhost

5
roles/mysql/tests/test.yml
View File

@ -1,5 +0,0 @@
---
- hosts: localhost
remote_user: root
roles:
- roles/mysql

2
roles/mysql/vars/Debian.yaml
View File

@ -1,2 +0,0 @@
---
mysql_cfg_path: /etc/my.cnf

5
roles/mysql/vars/Ubuntu-18.yaml
View File

@ -1,5 +0,0 @@
---
mysql_service_name: 'mysql.service'
mysql_cfg_path: /etc/mysql/my.cnf
# vim:ft=yaml.ansible:

4
roles/mysql/vars/Ubuntu.yaml
View File

@ -1,4 +0,0 @@
---
mysql_package_name: 'mysql-server'
# vim:ft=yaml.ansible:

2
roles/mysql/vars/main.yml
View File

@ -1,2 +0,0 @@
---
# vars file for roles/mysql

51
roles/node_exporter/defaults/main.yaml
View File

@ -1,51 +0,0 @@
---
node_exporter_go_arch_map:
i386: '386'
x86_64: 'amd64'
node_exporter_go_arch: "{{ node_exporter_go_arch_map[ansible_architecture] | default('amd64') }}"
node_exporter_service_name: node_exporter.service
node_exporter_service_enabled: true
node_exporter_service_state: started
node_exporter_version_regex: ^node_exporter, version ([\d.]+)
node_exporter_release_file: "node_exporter-{{ node_exporter_version }}.{{ ansible_system | lower }}-{{ node_exporter_go_arch }}.tar.gz"
node_exporter_release_url: "https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/{{ node_exporter_release_file }}"
node_exporter_checksum_url: "https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/sha256sums.txt"
node_exporter_download_path: "/tmp/{{ node_exporter_release_file }}"
node_exporter_unarchive_dest_path: /tmp
node_exporter_extracted_path: "{{ node_exporter_download_path | replace('.tar.gz', '') }}"
node_exporter_user: node_exporter
node_exporter_user_state: present
node_exporter_user_shell: /usr/sbin/nologin
node_exporter_group: node_exporter
node_exporter_group_state: "{{ node_exporter_user_state | default('present') }}"
node_exporter_var_path: /var/lib/node_exporter
node_exporter_var_owner: "{{ node_exporter_user }}"
node_exporter_var_group: "{{ node_exporter_group }}"
node_exporter_var_mode: "0755"
node_exporter_spool_path: /var/spool/node_exporter
node_exporter_spool_owner: "{{ node_exporter_user }}"
node_exporter_spool_group: "{{ node_exporter_group }}"
node_exporter_spool_mode: "0755"
node_exporter_bin_path: /usr/local/bin
node_exporter_collectors_enabled:
- textfile:
directory: "{{ node_exporter_spool_path }}/textfile_collector"
- processes
- tcpstat
- ntp
- supervisord:
url: unix:///var/run/supervisor.sock
- systemd:
enable-task-metrics:
enable-restarts-metrics:
enable-start-time-metrics:

36
roles/node_exporter/files/apt-exporter.pl
View File

@ -1,36 +0,0 @@
#!/usr/bin/env perl
use strict;
use warnings;
my $cmd = "apt-get --just-print dist-upgrade";
my %metrics;
open(my $fh, '-|', $cmd) or die $!;
while(my $line = <$fh>) {
if ($line =~ /Inst \S+ \S+ \(\S+ (.+) \[(\S+)\]\)/) {
my $k = sprintf("apt_upgrades_pending{origin=\"%s\", arch=\"%s\"}", $1, $2);
if (!exists $metrics{$k}) {
$metrics{$k} = 1;
} else {
$metrics{$k}++;
}
}
}
if (%metrics) {
# print apt metrics
while(my($k, $v) = each %metrics) {
printf("%s %d\n", $k, $v)
}
}
else {
print("apt_upgrades_pending{origin=\"\",arch=\"\"} 0\n");
}
# print reboot required metric
if (-e "/var/run/reboot-required") {
print("node_reboot_required 1\n")
}
else {
print("node_reboot_required 0\n")
}

42
roles/node_exporter/files/promcat.sh
View File

@ -1,42 +0,0 @@
#!/bin/bash
function usage { printf "Usage: %s FILE\n" "$(basename "$0")" >&2; exit 1; }
while getopts "h" opt; do
case "${opt}" in
*)
usage
;;
esac
done
shift $((OPTIND-1))
FILE="$1"
if [ -z "${FILE}" ]; then
usage
exit 1
fi
if command -v sponge > /dev/null; then
( echo "# promcat (sponge)" ; cat /dev/stdin ) | sponge "${FILE}"
else
TEMP=$(mktemp --suffix .prom)
function finish {
if [ -f "${TEMP}" ]; then
rm -f "${TEMP}"
fi
}
trap finish EXIT
echo "# promcat (mktemp, mv)" > "${TEMP}"
cat /dev/stdin >> "${TEMP}"
if [ ! -s "${TEMP}" ] || grep -q '^[[:space:]]*$' "${TEMP}" ; then
printf "%s is empty\n" "${TEMP}" >&2
exit 1
else
mv "${TEMP}" "${FILE}"
fi
fi

Some files were not shown because too many files have changed in this diff Show More