Compare commits
26 Commits
bceedf79f4
...
6705256abc
Author | SHA1 | Date | |
---|---|---|---|
6705256abc | |||
0e6490bbd2 | |||
0760ae4c2c | |||
2b6b7aca79 | |||
4c64613a90 | |||
04dfdbd399 | |||
49be68b4db | |||
3a14992832 | |||
a948debbf8 | |||
eae4e0120c | |||
749934f9e1 | |||
ec17840809 | |||
d55f62893d | |||
5b55cc1a16 | |||
d5fd90a9e9 | |||
3e982b9729 | |||
523d6f3b32 | |||
341583bbe1 | |||
4a497c211a | |||
72254bd72e | |||
4541bab1bc | |||
8122bd25d7 | |||
149fff70a3 | |||
789541a90f | |||
4d07232525 | |||
8e899da042 |
52
roles/alertmanager/defaults/main.yaml
Normal file
52
roles/alertmanager/defaults/main.yaml
Normal file
@ -0,0 +1,52 @@
|
||||
---
|
||||
alertmanager_go_arch_map:
|
||||
i386: '386'
|
||||
x86_64: 'amd64'
|
||||
|
||||
alertmanager_go_arch: "{{ alertmanager_go_arch_map[ansible_architecture] | default('amd64') }}"
|
||||
|
||||
alertmanager_service_name: alertmanager.service
|
||||
alertmanager_service_enabled: true
|
||||
alertmanager_service_state: started
|
||||
|
||||
alertmanager_version_regex: ^alertmanager, version ([\d.]+)
|
||||
|
||||
alertmanager_github_project_url: https://github.com/prometheus/alertmanager
|
||||
alertmanager_release_file: "alertmanager-{{ alertmanager_version }}.{{ ansible_system | lower }}-{{ alertmanager_go_arch }}.tar.gz"
|
||||
alertmanager_release_url: "{{ alertmanager_github_project_url }}/releases/download/v{{ alertmanager_version }}/{{ alertmanager_release_file }}"
|
||||
alertmanager_checksum_url: "{{ alertmanager_github_project_url }}/releases/download/v{{ alertmanager_version }}/sha256sums.txt"
|
||||
alertmanager_download_path: "/tmp/{{ alertmanager_release_file }}"
|
||||
alertmanager_unarchive_dest_path: /tmp
|
||||
alertmanager_extracted_path: "{{ alertmanager_download_path | replace('.tar.gz', '') }}"
|
||||
|
||||
alertmanager_user: alertmanager
|
||||
alertmanager_user_state: present
|
||||
alertmanager_user_shell: /usr/sbin/nologin
|
||||
|
||||
alertmanager_group: alertmanager
|
||||
alertmanager_group_state: "{{ alertmanager_user_state | default('present') }}"
|
||||
|
||||
alertmanager_etc_path: /etc/alertmanager
|
||||
alertmanager_etc_owner: root
|
||||
alertmanager_etc_group: root
|
||||
alertmanager_etc_mode: "0755"
|
||||
|
||||
alertmanager_var_path: /var/lib/alertmanager
|
||||
alertmanager_var_owner: "{{ alertmanager_user }}"
|
||||
alertmanager_var_group: "{{ alertmanager_group }}"
|
||||
alertmanager_var_mode: "0755"
|
||||
|
||||
alertmanager_bin_path: /usr/local/bin
|
||||
|
||||
alertmanager_web_listen_address: 0.0.0.0:9093
|
||||
alertmanager_port: "{{ alertmanager_web_listen_address.split(':')[1] }}"
|
||||
alertmanager_web_external_url:
|
||||
alertmanager_web_route_prefix:
|
||||
alertmanager_cluster_advertise_address: 0.0.0.0:9093
|
||||
|
||||
alertmanager_config:
|
||||
route:
|
||||
routes:
|
||||
receiver: dummy
|
||||
receivers:
|
||||
- name: dummy
|
6
roles/alertmanager/handlers/main.yaml
Normal file
6
roles/alertmanager/handlers/main.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
- name: restart alertmanager
|
||||
systemd:
|
||||
name: alertmanager.service
|
||||
daemon_reload: true
|
||||
state: restarted
|
56
roles/alertmanager/tasks/configure.yaml
Normal file
56
roles/alertmanager/tasks/configure.yaml
Normal file
@ -0,0 +1,56 @@
|
||||
---
|
||||
- name: create group
|
||||
group:
|
||||
name: "{{ alertmanager_group }}"
|
||||
system: true
|
||||
state: "{{ alertmanager_group_state | default('present') }}"
|
||||
|
||||
- name: create user
|
||||
user:
|
||||
name: "{{ alertmanager_user }}"
|
||||
system: true
|
||||
shell: "{{ alertmanager_user_shell }}"
|
||||
group: "{{ alertmanager_group }}"
|
||||
createhome: false
|
||||
home: "{{ alertmanager_var_path }}"
|
||||
state: "{{ alertmanager_user_state | default('present') }}"
|
||||
|
||||
- name: create etc path
|
||||
file:
|
||||
path: "{{ alertmanager_etc_path }}"
|
||||
state: directory
|
||||
owner: "{{ alertmanager_etc_owner }}"
|
||||
group: "{{ alertmanager_etc_group }}"
|
||||
mode: "{{ alertmanager_etc_mode }}"
|
||||
|
||||
- name: create var path
|
||||
file:
|
||||
path: "{{ alertmanager_var_path }}"
|
||||
state: directory
|
||||
owner: "{{ alertmanager_var_owner }}"
|
||||
group: "{{ alertmanager_var_group }}"
|
||||
mode: "{{ alertmanager_var_mode }}"
|
||||
|
||||
- name: configure
|
||||
copy:
|
||||
dest: "{{ alertmanager_etc_path }}/alertmanager.yaml"
|
||||
content: "{{ (alertmanager_config | default({})) | to_nice_yaml }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0444
|
||||
notify: restart alertmanager
|
||||
|
||||
- name: configure systemd template
|
||||
template:
|
||||
src: alertmanager.service.j2
|
||||
dest: /etc/systemd/system/alertmanager.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0444
|
||||
notify: restart alertmanager
|
||||
|
||||
- name: manage service
|
||||
service:
|
||||
name: "{{ alertmanager_service_name }}"
|
||||
enabled: "{{ alertmanager_service_enabled }}"
|
||||
state: "{{ alertmanager_service_state }}"
|
0
roles/alertmanager/tasks/default.yaml
Normal file
0
roles/alertmanager/tasks/default.yaml
Normal file
32
roles/alertmanager/tasks/install.yaml
Normal file
32
roles/alertmanager/tasks/install.yaml
Normal file
@ -0,0 +1,32 @@
|
||||
---
|
||||
- block:
|
||||
- name: download tar
|
||||
get_url:
|
||||
url: "{{ alertmanager_release_url }}"
|
||||
dest: "{{ alertmanager_download_path }}"
|
||||
checksum: "{{ alertmanager_checksum }}"
|
||||
register: dl
|
||||
until: dl is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
- name: extract tar
|
||||
unarchive:
|
||||
src: "{{ alertmanager_download_path }}"
|
||||
dest: "{{ alertmanager_unarchive_dest_path }}"
|
||||
creates: "{{ alertmanager_extracted_path }}/alertmanager"
|
||||
remote_src: true
|
||||
|
||||
- name: install binaries
|
||||
copy:
|
||||
src: "{{ alertmanager_extracted_path }}/{{ item }}"
|
||||
dest: "{{ alertmanager_bin_path }}/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
remote_src: true
|
||||
loop:
|
||||
- alertmanager
|
||||
- amtool
|
||||
notify: restart alertmanager
|
||||
when: alertmanager_version != alertmanager_local_version
|
30
roles/alertmanager/tasks/main.yaml
Normal file
30
roles/alertmanager/tasks/main.yaml
Normal file
@ -0,0 +1,30 @@
|
||||
---
|
||||
- name: gather os specific variables
|
||||
include_vars: "{{ lookup('first_found', possible_files) }}"
|
||||
vars:
|
||||
possible_files:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- vars
|
||||
|
||||
- name: include os specific tasks
|
||||
include_tasks: "{{ lookup('first_found', possible_files) }}"
|
||||
vars:
|
||||
possible_files:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- tasks
|
||||
|
||||
- include: pre.yaml
|
||||
|
||||
- include: install.yaml
|
||||
|
||||
- include: configure.yaml
|
50
roles/alertmanager/tasks/pre.yaml
Normal file
50
roles/alertmanager/tasks/pre.yaml
Normal file
@ -0,0 +1,50 @@
|
||||
---
|
||||
- name: determine if installed
|
||||
stat:
|
||||
path: "{{ alertmanager_bin_path }}/alertmanager"
|
||||
register: st
|
||||
|
||||
- name: set alertmanager_installed
|
||||
set_fact:
|
||||
alertmanager_installed: "{{ st.stat.exists | bool }}"
|
||||
|
||||
- block:
|
||||
- name: determine latest version
|
||||
uri:
|
||||
url: https://api.github.com/repos/prometheus/alertmanager/releases/latest
|
||||
return_content: true
|
||||
body_format: json
|
||||
register: _latest_version
|
||||
until: _latest_version.status == 200
|
||||
retries: 3
|
||||
|
||||
- name: set alertmanager_version
|
||||
set_fact:
|
||||
alertmanager_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
|
||||
|
||||
- block:
|
||||
- name: determine installed version
|
||||
command: "{{ alertmanager_bin_path }}/alertmanager --version"
|
||||
register: _installed_version_string
|
||||
changed_when: false
|
||||
|
||||
- name: set alertmanager_local_version
|
||||
set_fact:
|
||||
alertmanager_local_version: "{{ _installed_version_string.stdout | regex_search(alertmanager_version_regex, '\\1') | first }}"
|
||||
when: alertmanager_installed
|
||||
|
||||
- name: set alertmanager_local_version to 0
|
||||
set_fact:
|
||||
alertmanager_local_version: "0"
|
||||
when: not alertmanager_installed
|
||||
|
||||
- block:
|
||||
- name: get checksums
|
||||
set_fact:
|
||||
_checksums: "{{ lookup('url', alertmanager_checksum_url, wantlist=True) }}"
|
||||
|
||||
- name: set alertmanager_checksum
|
||||
set_fact:
|
||||
alertmanager_checksum: "sha256:{{ item.split(' ') | first }}"
|
||||
loop: "{{ _checksums }}"
|
||||
when: "alertmanager_release_file in item"
|
26
roles/alertmanager/templates/alertmanager.service.j2
Normal file
26
roles/alertmanager/templates/alertmanager.service.j2
Normal file
@ -0,0 +1,26 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
[Unit]
|
||||
Description=Alertmanager
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User={{ alertmanager_user }}
|
||||
Group={{ alertmanager_group }}
|
||||
ExecStart={{ alertmanager_bin_path }}/alertmanager \
|
||||
--config.file={{ alertmanager_etc_path }}/alertmanager.yaml \
|
||||
--storage.path={{ alertmanager_var_path }} \
|
||||
--cluster.advertise-address={{ alertmanager_cluster_advertise_address }} \
|
||||
{% if alertmanager_web_external_url %}
|
||||
--web.external-url={{ alertmanager_web_external_url }} \
|
||||
{% endif %}
|
||||
{% if alertmanager_web_route_prefix %}
|
||||
--web.route-prefix={{ alertmanager_web_route_prefix }} \
|
||||
{% endif %}
|
||||
{% if alertmanager_web_listen_address %}
|
||||
--web.listen-address={{ alertmanager_web_listen_address }} \
|
||||
{% endif %}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
0
roles/alertmanager/vars/default.yaml
Normal file
0
roles/alertmanager/vars/default.yaml
Normal file
39
roles/blackbox_exporter/defaults/main.yaml
Normal file
39
roles/blackbox_exporter/defaults/main.yaml
Normal file
@ -0,0 +1,39 @@
|
||||
blackbox_exporter_go_arch_map:
|
||||
i386: '386'
|
||||
x86_64: 'amd64'
|
||||
|
||||
blackbox_exporter_go_arch: "{{ blackbox_exporter_go_arch_map[ansible_architecture] | default('amd64') }}"
|
||||
|
||||
blackbox_exporter_service_name: blackbox_exporter.service
|
||||
blackbox_exporter_service_enabled: true
|
||||
blackbox_exporter_service_state: started
|
||||
|
||||
blackbox_exporter_version_regex: ^blackbox_exporter, version ([\d.]+)
|
||||
|
||||
blackbox_exporter_release_file: "blackbox_exporter-{{ blackbox_exporter_version }}.{{ ansible_system | lower }}-{{ blackbox_exporter_go_arch }}.tar.gz"
|
||||
blackbox_exporter_release_url: "https://github.com/prometheus/blackbox_exporter/releases/download/v{{ blackbox_exporter_version }}/{{ blackbox_exporter_release_file }}"
|
||||
blackbox_exporter_checksum_url: "https://github.com/prometheus/blackbox_exporter/releases/download/v{{ blackbox_exporter_version }}/sha256sums.txt"
|
||||
blackbox_exporter_download_path: "/tmp/{{ blackbox_exporter_release_file }}"
|
||||
blackbox_exporter_unarchive_dest_path: /tmp
|
||||
blackbox_exporter_extracted_path: "{{ blackbox_exporter_download_path | replace('.tar.gz', '') }}"
|
||||
|
||||
blackbox_exporter_user: blackbox_exporter
|
||||
blackbox_exporter_user_state: present
|
||||
blackbox_exporter_user_shell: /usr/sbin/nologin
|
||||
|
||||
blackbox_exporter_group: blackbox_exporter
|
||||
blackbox_exporter_group_state: "{{ blackbox_exporter_user_state | default('present') }}"
|
||||
|
||||
blackbox_exporter_etc_path: /etc/blackbox_exporter
|
||||
blackbox_exporter_etc_owner: root
|
||||
blackbox_exporter_etc_group: root
|
||||
blackbox_exporter_etc_mode: "0755"
|
||||
|
||||
blackbox_exporter_var_path: /var/lib/blackbox_exporter
|
||||
blackbox_exporter_var_owner: "{{ blackbox_exporter_user }}"
|
||||
blackbox_exporter_var_group: "{{ blackbox_exporter_group }}"
|
||||
blackbox_exporter_var_mode: "0755"
|
||||
|
||||
blackbox_exporter_bin_path: /usr/local/bin
|
||||
|
||||
blackbox_exporter_config: {}
|
6
roles/blackbox_exporter/handlers/main.yaml
Normal file
6
roles/blackbox_exporter/handlers/main.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
- name: restart blackbox_exporter
|
||||
systemd:
|
||||
name: blackbox_exporter.service
|
||||
daemon_reload: true
|
||||
state: restarted
|
48
roles/blackbox_exporter/tasks/configure.yaml
Normal file
48
roles/blackbox_exporter/tasks/configure.yaml
Normal file
@ -0,0 +1,48 @@
|
||||
---
|
||||
- name: create group
|
||||
group:
|
||||
name: "{{ blackbox_exporter_group }}"
|
||||
system: true
|
||||
state: "{{ blackbox_exporter_group_state | default('present') }}"
|
||||
|
||||
- name: create user
|
||||
user:
|
||||
name: "{{ blackbox_exporter_user }}"
|
||||
system: true
|
||||
shell: "{{ blackbox_exporter_user_shell }}"
|
||||
group: "{{ blackbox_exporter_group }}"
|
||||
createhome: false
|
||||
home: "{{ blackbox_exporter_var_path }}"
|
||||
state: "{{ blackbox_exporter_user_state | default('present') }}"
|
||||
|
||||
- name: create etc path
|
||||
file:
|
||||
path: "{{ blackbox_exporter_etc_path }}"
|
||||
state: directory
|
||||
owner: "{{ blackbox_exporter_etc_owner }}"
|
||||
group: "{{ blackbox_exporter_etc_group }}"
|
||||
mode: "{{ blackbox_exporter_etc_mode }}"
|
||||
|
||||
- name: configure
|
||||
copy:
|
||||
dest: "{{ blackbox_exporter_etc_path }}/config.yaml"
|
||||
content: "{{ (blackbox_exporter_config | default({})) | to_nice_yaml }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0444
|
||||
notify: restart blackbox_exporter
|
||||
|
||||
- name: configure systemd template
|
||||
template:
|
||||
src: blackbox_exporter.service.j2
|
||||
dest: /etc/systemd/system/blackbox_exporter.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0444
|
||||
notify: restart blackbox_exporter
|
||||
|
||||
- name: manage service
|
||||
service:
|
||||
name: "{{ blackbox_exporter_service_name }}"
|
||||
enabled: "{{ blackbox_exporter_service_enabled }}"
|
||||
state: "{{ blackbox_exporter_service_state }}"
|
0
roles/blackbox_exporter/tasks/default.yaml
Normal file
0
roles/blackbox_exporter/tasks/default.yaml
Normal file
31
roles/blackbox_exporter/tasks/install.yaml
Normal file
31
roles/blackbox_exporter/tasks/install.yaml
Normal file
@ -0,0 +1,31 @@
|
||||
---
|
||||
- block:
|
||||
- name: download tar
|
||||
get_url:
|
||||
url: "{{ blackbox_exporter_release_url }}"
|
||||
dest: "{{ blackbox_exporter_download_path }}"
|
||||
checksum: "{{ blackbox_exporter_checksum }}"
|
||||
register: dl
|
||||
until: dl is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
- name: extract tar
|
||||
unarchive:
|
||||
src: "{{ blackbox_exporter_download_path }}"
|
||||
dest: "{{ blackbox_exporter_unarchive_dest_path }}"
|
||||
creates: "{{ blackbox_exporter_extracted_path }}/blackbox_exporter"
|
||||
remote_src: true
|
||||
|
||||
- name: install binaries
|
||||
copy:
|
||||
src: "{{ blackbox_exporter_extracted_path }}/{{ item }}"
|
||||
dest: "{{ blackbox_exporter_bin_path }}/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
remote_src: true
|
||||
loop:
|
||||
- blackbox_exporter
|
||||
notify: restart blackbox_exporter
|
||||
when: blackbox_exporter_version != blackbox_exporter_local_version
|
30
roles/blackbox_exporter/tasks/main.yaml
Normal file
30
roles/blackbox_exporter/tasks/main.yaml
Normal file
@ -0,0 +1,30 @@
|
||||
---
|
||||
- name: gather os specific variables
|
||||
include_vars: "{{ lookup('first_found', possible_files) }}"
|
||||
vars:
|
||||
possible_files:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- vars
|
||||
|
||||
- name: include os specific tasks
|
||||
include_tasks: "{{ lookup('first_found', possible_files) }}"
|
||||
vars:
|
||||
possible_files:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- tasks
|
||||
|
||||
- include: pre.yaml
|
||||
|
||||
- include: install.yaml
|
||||
|
||||
- include: configure.yaml
|
50
roles/blackbox_exporter/tasks/pre.yaml
Normal file
50
roles/blackbox_exporter/tasks/pre.yaml
Normal file
@ -0,0 +1,50 @@
|
||||
---
|
||||
- name: determine if installed
|
||||
stat:
|
||||
path: "{{ blackbox_exporter_bin_path }}/blackbox_exporter"
|
||||
register: st
|
||||
|
||||
- name: set blackbox_exporter_installed
|
||||
set_fact:
|
||||
blackbox_exporter_installed: "{{ st.stat.exists | bool }}"
|
||||
|
||||
- block:
|
||||
- name: determine latest version
|
||||
uri:
|
||||
url: https://api.github.com/repos/prometheus/blackbox_exporter/releases/latest
|
||||
return_content: true
|
||||
body_format: json
|
||||
register: _latest_version
|
||||
until: _latest_version.status == 200
|
||||
retries: 3
|
||||
|
||||
- name: set blackbox_exporter_version
|
||||
set_fact:
|
||||
blackbox_exporter_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
|
||||
|
||||
- block:
|
||||
- name: determine installed version
|
||||
command: "{{ blackbox_exporter_bin_path }}/blackbox_exporter --version"
|
||||
register: _installed_version_string
|
||||
changed_when: false
|
||||
|
||||
- name: set blackbox_exporter_local_version
|
||||
set_fact:
|
||||
blackbox_exporter_local_version: "{{ _installed_version_string.stdout | regex_search(blackbox_exporter_version_regex, '\\1') | first }}"
|
||||
when: blackbox_exporter_installed
|
||||
|
||||
- name: set blackbox_exporter_local_version to 0
|
||||
set_fact:
|
||||
blackbox_exporter_local_version: "0"
|
||||
when: not blackbox_exporter_installed
|
||||
|
||||
- block:
|
||||
- name: get checksums
|
||||
set_fact:
|
||||
_checksums: "{{ lookup('url', blackbox_exporter_checksum_url, wantlist=True) }}"
|
||||
|
||||
- name: set blackbox_exporter_checksum
|
||||
set_fact:
|
||||
blackbox_exporter_checksum: "sha256:{{ item.split(' ') | first }}"
|
||||
loop: "{{ _checksums }}"
|
||||
when: "blackbox_exporter_release_file in item"
|
@ -0,0 +1,11 @@
|
||||
[Unit]
|
||||
Description=Blackbox Exporter
|
||||
|
||||
[Service]
|
||||
User=blackbox_exporter
|
||||
ExecStart={{ blackbox_exporter_bin_path }}/blackbox_exporter \
|
||||
--config.file={{ blackbox_exporter_etc_path }}/config.yaml
|
||||
AmbientCapabilities=CAP_NET_RAW
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
0
roles/blackbox_exporter/vars/default.yaml
Normal file
0
roles/blackbox_exporter/vars/default.yaml
Normal file
21
roles/consul/defaults/main.yaml
Normal file
21
roles/consul/defaults/main.yaml
Normal file
@ -0,0 +1,21 @@
|
||||
---
|
||||
consul_package_name: consul
|
||||
consul_package_state: present
|
||||
consul_service_name: consul
|
||||
consul_service_state: started
|
||||
consul_service_enabled: true
|
||||
consul_etc_path: /etc/consul.d
|
||||
consul_config_path: "{{ consul_etc_path }}/consul.hcl"
|
||||
consul_config_template: consul.hcl.j2
|
||||
consul_user: consul
|
||||
consul_group: consul
|
||||
consul_config_owner: "{{ consul_user }}"
|
||||
consul_config_group: "{{ consul_group }}"
|
||||
consul_config_mode: 0644
|
||||
consul_data_dir: /opt/consul
|
||||
consul_bind_addr: "{{ ansible_default_ipv4.address }}"
|
||||
consul_server: false
|
||||
consul_bootstrap_expect: 1
|
||||
consul_ui_config_enabled: true
|
||||
consul_client_addr: 0.0.0.0
|
||||
consul_unbound_enabled: false
|
9
roles/consul/files/unbound-consul.conf
Normal file
9
roles/consul/files/unbound-consul.conf
Normal file
@ -0,0 +1,9 @@
|
||||
# Ansible managed
|
||||
|
||||
server:
|
||||
do-not-query-localhost: no
|
||||
domain-insecure: "consul"
|
||||
|
||||
stub-zone:
|
||||
name: "consul"
|
||||
stub-addr: 127.0.0.1@8600
|
12
roles/consul/handlers/main.yaml
Normal file
12
roles/consul/handlers/main.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
- name: reload consul
|
||||
service:
|
||||
name: "{{ consul_service_name }}"
|
||||
state: reloaded
|
||||
when: consul_service_enabled
|
||||
|
||||
- name: restart consul
|
||||
service:
|
||||
name: "{{ consul_service_name }}"
|
||||
state: restarted
|
||||
when: consul_service_enabled
|
18
roles/consul/tasks/RedHat.yaml
Normal file
18
roles/consul/tasks/RedHat.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
---
|
||||
- name: install Hashicorp yum repo
|
||||
yum_repository:
|
||||
name: hashicorp
|
||||
description: Hashicorp Stable - $basearch
|
||||
baseurl: https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/stable
|
||||
enabled: 1
|
||||
gpgcheck: 1
|
||||
gpgkey: https://rpm.releases.hashicorp.com/gpg
|
||||
|
||||
- name: install Hashicorp (test) yum repo
|
||||
yum_repository:
|
||||
name: hashicorp-test
|
||||
description: Hashicorp Test - $basearch
|
||||
baseurl: https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/test
|
||||
enabled: 0
|
||||
gpgcheck: 1
|
||||
gpgkey: https://rpm.releases.hashicorp.com/gpg
|
9
roles/consul/tasks/forward-unbound.yaml
Normal file
9
roles/consul/tasks/forward-unbound.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
---
|
||||
- name: configure unbound forwarder
|
||||
copy:
|
||||
src: unbound-consul.conf
|
||||
dest: "{{ unbound_conf_d_path }}/consul.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
notify: reload unbound
|
47
roles/consul/tasks/main.yaml
Normal file
47
roles/consul/tasks/main.yaml
Normal file
@ -0,0 +1,47 @@
|
||||
---
|
||||
- name: gather os specific variables
|
||||
include_vars: "{{ lookup('first_found', possible_files) }}"
|
||||
vars:
|
||||
possible_files:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- vars
|
||||
|
||||
- name: include os specific tasks
|
||||
include_tasks: "{{ lookup('first_found', possible_files) }}"
|
||||
vars:
|
||||
possible_files:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- tasks
|
||||
|
||||
- name: install
|
||||
package:
|
||||
name: "{{ consul_package_name | default('consul') }}"
|
||||
state: "{{ consul_package_state | default('present') }}"
|
||||
|
||||
- name: configure
|
||||
template:
|
||||
src: "{{ consul_config_template }}"
|
||||
dest: "{{ consul_config_path }}"
|
||||
owner: "{{ consul_config_owner }}"
|
||||
group: "{{ consul_config_group }}"
|
||||
mode: "{{ consul_config_mode }}"
|
||||
notify: restart consul
|
||||
|
||||
- name: service
|
||||
service:
|
||||
name: "{{ consul_service_name | default('consul') }}"
|
||||
state: "{{ consul_service_state | default('started') }}"
|
||||
enabled: "{{ consul_service_enabled | default(true) }}"
|
||||
|
||||
- include: forward-unbound.yaml
|
||||
when: consul_unbound_enabled
|
41
roles/consul/templates/consul.hcl.j2
Normal file
41
roles/consul/templates/consul.hcl.j2
Normal file
@ -0,0 +1,41 @@
|
||||
// {{ ansible_managed }}
|
||||
|
||||
data_dir = "{{ consul_data_dir }}"
|
||||
|
||||
{% if consul_server is defined %}
|
||||
server = {{ (consul_server | lower) | default(false) }}
|
||||
{% endif %}
|
||||
|
||||
{% if consul_bind_addr is defined %}
|
||||
bind_addr = "{{ (consul_bind_addr | lower) | default("0.0.0.0") }}"
|
||||
{% endif %}
|
||||
|
||||
{% if consul_server is true and consul_bootstrap_expect is defined %}
|
||||
bootstrap_expect = {{ consul_bootstrap_expect }}
|
||||
{% endif %}
|
||||
|
||||
{% if consul_retry_join is defined %}
|
||||
retry_join = [
|
||||
{%- set comma = joiner(",") -%}
|
||||
{%- for x in consul_retry_join | default([]) -%}
|
||||
{{ comma() }}"{{ x }}"
|
||||
{%- endfor -%} ]
|
||||
{% endif %}
|
||||
|
||||
{% if consul_server_addresses is defined %}
|
||||
server_addresses = [
|
||||
{%- set comma = joiner(",") -%}
|
||||
{%- for x in consul_server_addresses | default([]) -%}
|
||||
{{ comma() }}"{{ x }}"
|
||||
{%- endfor -%} ]
|
||||
{% endif %}
|
||||
|
||||
ui_config {
|
||||
{% if consul_ui_config_enabled is defined %}
|
||||
enabled = {{ (consul_ui_config_enabled | lower) | default(false) }}
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
{% if consul_client_addr is defined %}
|
||||
client_addr = "{{ (consul_client_addr | lower) | default("0.0.0.0") }}"
|
||||
{% endif %}
|
0
roles/consul/vars/default.yaml
Normal file
0
roles/consul/vars/default.yaml
Normal file
2
roles/crio/defaults/main.yaml
Normal file
2
roles/crio/defaults/main.yaml
Normal file
@ -0,0 +1,2 @@
|
||||
---
|
||||
crio_version: 1.23
|
0
roles/crio/tasks/default.yaml
Normal file
0
roles/crio/tasks/default.yaml
Normal file
53
roles/crio/tasks/main.yaml
Normal file
53
roles/crio/tasks/main.yaml
Normal file
@ -0,0 +1,53 @@
|
||||
---
|
||||
- name: gather os specific variables
|
||||
include_vars: "{{ lookup('first_found', possible_files) }}"
|
||||
vars:
|
||||
possible_files:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- vars
|
||||
|
||||
- name: include os specific tasks
|
||||
include_tasks: "{{ lookup('first_found', possible_files) }}"
|
||||
vars:
|
||||
possible_files:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- tasks
|
||||
|
||||
- name: yum repo (devel:kubic:libcontainers:stable)
|
||||
yum_repository:
|
||||
name: devel:kubic:libcontainers:stable
|
||||
description: "Stable Releases of Upstream github.com/containers packages ({{ crio_os }}) type=rpm-md"
|
||||
baseurl: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ crio_os }}/"
|
||||
gpgcheck: yes
|
||||
gpgkey: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ crio_os }}/repodata/repomd.xml.key"
|
||||
enabled: yes
|
||||
|
||||
- name: "yum repo (devel:kubic:libcontainers:stable:cri-o:{{ crio_version }})"
|
||||
yum_repository:
|
||||
name: "devel_kubic_libcontainers_stable_cri-o_{{ crio_version }}"
|
||||
description: "devel:kubic:libcontainers:stable:cri-o:{{ crio_version }} ({{ crio_os }})"
|
||||
baseurl: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ crio_version }}/{{ crio_os }}/"
|
||||
gpgcheck: yes
|
||||
gpgkey: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ crio_version }}/{{ crio_os }}/repodata/repomd.xml.key"
|
||||
enabled: yes
|
||||
|
||||
- name: install
|
||||
package:
|
||||
name: "{{ crio_package_name | default('cri-o') }}"
|
||||
state: "{{ crio_package_state | default('present') }}"
|
||||
|
||||
- name: manage service
|
||||
service:
|
||||
name: "{{ crio_service_name | default('crio') }}"
|
||||
state: "{{ crio_service_state | default('started') }}"
|
||||
enabled: "{{ crio_service_enabled | default(true) }}"
|
1
roles/crio/vars/Rocky.yaml
Normal file
1
roles/crio/vars/Rocky.yaml
Normal file
@ -0,0 +1 @@
|
||||
crio_os: "CentOS_{{ ansible_distribution_major_version }}"
|
8
roles/dl/defaults/main.yaml
Normal file
8
roles/dl/defaults/main.yaml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
dl_server_name: dl.kill0.net
|
||||
dl_server_root: /var/www/dl
|
||||
dl_access_log: /var/log/nginx/dl.access.log
|
||||
dl_error_log: /var/log/nginx/dl.error.log
|
||||
dl_ssl_enabled: false
|
||||
dl_ssl_certificate: "/etc/letsencrypt/live/{{ dl_server_name }}/fullchain.pem"
|
||||
dl_ssl_certificate_key: "/etc/letsencrypt/live/{{ dl_server_name }}/privkey.pem"
|
5
roles/dl/handlers/main.yaml
Normal file
5
roles/dl/handlers/main.yaml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
- name: reload nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: reloaded
|
31
roles/dl/tasks/main.yaml
Normal file
31
roles/dl/tasks/main.yaml
Normal file
@ -0,0 +1,31 @@
|
||||
---
|
||||
- name: check if SSL key exists
|
||||
stat:
|
||||
path: "{{ dl_ssl_certificate_key }}"
|
||||
register: key_st
|
||||
|
||||
- name: check if SSL certificate exists
|
||||
stat:
|
||||
path: "{{ dl_ssl_certificate }}"
|
||||
register: crt_st
|
||||
|
||||
- name: ssl enabled
|
||||
set_fact:
|
||||
dl_ssl_enabled: true
|
||||
when:
|
||||
- key_st.stat.exists
|
||||
- crt_st.stat.exists
|
||||
|
||||
- name: configure nginx
|
||||
template:
|
||||
src: nginx.conf.j2
|
||||
dest: "/etc/nginx/conf.d/dl.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: reload nginx
|
||||
|
||||
- name: create web root
|
||||
file:
|
||||
path: "{{ dl_server_root }}"
|
||||
state: directory
|
63
roles/dl/templates/nginx.conf.j2
Normal file
63
roles/dl/templates/nginx.conf.j2
Normal file
@ -0,0 +1,63 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
{% if ansible_all_ipv6_addresses | length %}
|
||||
listen [::]:80;
|
||||
{% endif %}
|
||||
server_name {{ dl_server_name }};
|
||||
|
||||
access_log {{ dl_access_log }} main;
|
||||
error_log {{ dl_error_log }} warn;
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/html;
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
{% if dl_ssl_enabled is defined and
|
||||
dl_ssl_enabled %}
|
||||
location / {
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
{% if dl_ssl_enabled is defined and
|
||||
dl_ssl_enabled %}
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
{% if ansible_all_ipv6_addresses | length %}
|
||||
listen [::]:443 ssl http2;
|
||||
{% endif %}
|
||||
server_name {{ dl_server_name }};
|
||||
access_log {{ dl_access_log }} main;
|
||||
error_log {{ dl_error_log }} warn;
|
||||
|
||||
root {{ dl_server_root }};
|
||||
|
||||
{% if dl_ssl_certificate is defined %}
|
||||
ssl_certificate {{ dl_ssl_certificate }};
|
||||
{% endif %}
|
||||
{% if dl_ssl_certificate_key is defined %}
|
||||
ssl_certificate_key {{ dl_ssl_certificate_key }};
|
||||
{% endif %}
|
||||
{% if dl_ssl_dhparam is defined %}
|
||||
ssl_dhparam {{ dl_ssl_dhparam }};
|
||||
{% endif %}
|
||||
|
||||
location ~ ^\/~(.+?)(\/.*)?$ {
|
||||
alias /home/$1/public_html$2;
|
||||
index index.html index.htm;
|
||||
autoindex on;
|
||||
auth_basic "Files";
|
||||
auth_basic_user_file /home/$1/.htpasswd;
|
||||
}
|
||||
|
||||
location /repo/ {
|
||||
root /var/www/html;
|
||||
autoindex on;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
||||
{% endif %}
|
11
roles/docker/defaults/main.yaml
Normal file
11
roles/docker/defaults/main.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
docker_package_name:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- containerd.io
|
||||
- docker-compose-plugin
|
||||
docker_package_state: present
|
||||
|
||||
docker_service_name: docker.service
|
||||
docker_service_state: started
|
||||
docker_service_enabled: true
|
13
roles/docker/tasks/Debian.yaml
Normal file
13
roles/docker/tasks/Debian.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
- name: install apt key
|
||||
apt_key:
|
||||
url: "https://download.docker.com/linux/{{ ansible_lsb.id | lower }}/gpg"
|
||||
state: present
|
||||
|
||||
- name: install apt repo
|
||||
apt_repository:
|
||||
repo: >
|
||||
deb [arch=amd64] https://download.docker.com/linux/{{ ansible_lsb.id | lower }}
|
||||
{{ ansible_lsb.codename }}
|
||||
stable
|
||||
filename: docker
|
9
roles/docker/tasks/RedHat.yaml
Normal file
9
roles/docker/tasks/RedHat.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
---
|
||||
- name: install Docker CE yum repo
|
||||
yum_repository:
|
||||
name: docker-ce
|
||||
description: Docker CE Stable - $basearch
|
||||
baseurl: https://download.docker.com/linux/centos/$releasever/$basearch/stable
|
||||
enabled: 1
|
||||
gpgcheck: 1
|
||||
gpgkey: https://download.docker.com/linux/centos/gpg
|
6
roles/docker/tasks/configure.yaml
Normal file
6
roles/docker/tasks/configure.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
- name: manage service
|
||||
service:
|
||||
name: "{{ docker_service_name }}"
|
||||
state: "{{ docker_service_state }}"
|
||||
enabled: "{{ docker_service_enabled }}"
|
6
roles/docker/tasks/install.yaml
Normal file
6
roles/docker/tasks/install.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
- name: install docker
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: "{{ docker_package_state }}"
|
||||
loop: "{{ docker_package_name }}"
|
28
roles/docker/tasks/main.yaml
Normal file
28
roles/docker/tasks/main.yaml
Normal file
@ -0,0 +1,28 @@
|
||||
---
|
||||
- name: gather os specific variables
|
||||
include_vars: "{{ lookup('first_found', possible_files) }}"
|
||||
vars:
|
||||
possible_files:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- vars
|
||||
|
||||
- name: include os specific tasks
|
||||
include_tasks: "{{ lookup('first_found', possible_files) }}"
|
||||
vars:
|
||||
possible_files:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- tasks
|
||||
|
||||
- include: install.yaml
|
||||
|
||||
- include: configure.yaml
|
0
roles/docker/vars/RedHat.yaml
Normal file
0
roles/docker/vars/RedHat.yaml
Normal file
0
roles/docker/vars/default.yaml
Normal file
0
roles/docker/vars/default.yaml
Normal file
45
roles/karma/defaults/main.yaml
Normal file
45
roles/karma/defaults/main.yaml
Normal file
@ -0,0 +1,45 @@
|
||||
---
|
||||
karma_go_arch_map:
|
||||
i386: '386'
|
||||
x86_64: 'amd64'
|
||||
|
||||
karma_go_arch: "{{ karma_go_arch_map[ansible_architecture] | default('amd64') }}"
|
||||
|
||||
karma_service_name: karma.service
|
||||
karma_service_enabled: true
|
||||
karma_service_state: started
|
||||
|
||||
karma_version_regex: ^(.+)
|
||||
|
||||
karma_github_project_url: https://github.com/prymitive/karma
|
||||
karma_release_file: "karma-{{ ansible_system | lower }}-{{ karma_go_arch }}.tar.gz"
|
||||
karma_release_url: "{{ karma_github_project_url }}/releases/download/v{{ karma_version }}/{{ karma_release_file }}"
|
||||
karma_checksum_url: "{{ karma_github_project_url }}/releases/download/v{{ karma_version }}/sha512sum.txt"
|
||||
karma_download_path: "/tmp/{{ karma_release_file }}"
|
||||
karma_unarchive_dest_path: /tmp
|
||||
karma_extracted_path: "{{ karma_download_path | replace('.tar.gz', '') }}"
|
||||
|
||||
karma_user: karma
|
||||
karma_user_state: present
|
||||
karma_user_shell: /usr/sbin/nologin
|
||||
|
||||
karma_group: karma
|
||||
karma_group_state: "{{ karma_user_state | default('present') }}"
|
||||
|
||||
karma_etc_path: /etc/karma
|
||||
karma_etc_owner: root
|
||||
karma_etc_group: root
|
||||
karma_etc_mode: "0755"
|
||||
|
||||
karma_config_path: "{{ karma_etc_path }}/karma.yml"
|
||||
|
||||
karma_var_path: /var/lib/karma
|
||||
karma_var_owner: "{{ karma_user }}"
|
||||
karma_var_group: "{{ karma_group }}"
|
||||
karma_var_mode: "0755"
|
||||
|
||||
karma_bin_path: /usr/local/bin
|
||||
|
||||
karma_port: 8080
|
||||
|
||||
karma_config: {}
|
6
roles/karma/handlers/main.yaml
Normal file
6
roles/karma/handlers/main.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
- name: restart karma
|
||||
systemd:
|
||||
name: karma.service
|
||||
daemon_reload: true
|
||||
state: restarted
|
56
roles/karma/tasks/configure.yaml
Normal file
56
roles/karma/tasks/configure.yaml
Normal file
@ -0,0 +1,56 @@
|
||||
---
|
||||
- name: create group
|
||||
group:
|
||||
name: "{{ karma_group }}"
|
||||
system: true
|
||||
state: "{{ karma_group_state | default('present') }}"
|
||||
|
||||
- name: create user
|
||||
user:
|
||||
name: "{{ karma_user }}"
|
||||
system: true
|
||||
shell: "{{ karma_user_shell }}"
|
||||
group: "{{ karma_group }}"
|
||||
createhome: false
|
||||
home: "{{ karma_var_path }}"
|
||||
state: "{{ karma_user_state | default('present') }}"
|
||||
|
||||
- name: create etc path
|
||||
file:
|
||||
path: "{{ karma_etc_path }}"
|
||||
state: directory
|
||||
owner: "{{ karma_etc_owner }}"
|
||||
group: "{{ karma_etc_group }}"
|
||||
mode: "{{ karma_etc_mode }}"
|
||||
|
||||
- name: create var path
|
||||
file:
|
||||
path: "{{ karma_var_path }}"
|
||||
state: directory
|
||||
owner: "{{ karma_var_owner }}"
|
||||
group: "{{ karma_var_group }}"
|
||||
mode: "{{ karma_var_mode }}"
|
||||
|
||||
- name: configure
|
||||
copy:
|
||||
dest: "{{ karma_config_path }}"
|
||||
content: "{{ (karma_config | default({})) | to_nice_yaml }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0444
|
||||
notify: restart karma
|
||||
|
||||
- name: configure systemd template
|
||||
template:
|
||||
src: karma.service.j2
|
||||
dest: /etc/systemd/system/karma.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0444
|
||||
notify: restart karma
|
||||
|
||||
- name: manage service
|
||||
service:
|
||||
name: "{{ karma_service_name }}"
|
||||
enabled: "{{ karma_service_enabled }}"
|
||||
state: "{{ karma_service_state }}"
|
0
roles/karma/tasks/default.yaml
Normal file
0
roles/karma/tasks/default.yaml
Normal file
29
roles/karma/tasks/install.yaml
Normal file
29
roles/karma/tasks/install.yaml
Normal file
@ -0,0 +1,29 @@
|
||||
---
|
||||
- block:
|
||||
- name: download tar
|
||||
get_url:
|
||||
url: "{{ karma_release_url }}"
|
||||
dest: "{{ karma_download_path }}"
|
||||
checksum: "{{ karma_checksum }}"
|
||||
register: dl
|
||||
until: dl is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
- name: extract tar
|
||||
unarchive:
|
||||
src: "{{ karma_download_path }}"
|
||||
dest: "{{ karma_unarchive_dest_path }}"
|
||||
creates: "{{ karma_extracted_path }}"
|
||||
remote_src: true
|
||||
|
||||
- name: install binaries
|
||||
copy:
|
||||
src: "{{ karma_extracted_path }}"
|
||||
dest: "{{ karma_bin_path }}/karma"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
remote_src: true
|
||||
notify: restart karma
|
||||
when: karma_version != karma_local_version
|
30
roles/karma/tasks/main.yaml
Normal file
30
roles/karma/tasks/main.yaml
Normal file
@ -0,0 +1,30 @@
|
||||
---
|
||||
- name: gather os specific variables
|
||||
include_vars: "{{ lookup('first_found', possible_files) }}"
|
||||
vars:
|
||||
possible_files:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- vars
|
||||
|
||||
- name: include os specific tasks
|
||||
include_tasks: "{{ lookup('first_found', possible_files) }}"
|
||||
vars:
|
||||
possible_files:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- tasks
|
||||
|
||||
- include: pre.yaml
|
||||
|
||||
- include: install.yaml
|
||||
|
||||
- include: configure.yaml
|
50
roles/karma/tasks/pre.yaml
Normal file
50
roles/karma/tasks/pre.yaml
Normal file
@ -0,0 +1,50 @@
|
||||
---
|
||||
- name: determine if installed
|
||||
stat:
|
||||
path: "{{ karma_bin_path }}/karma"
|
||||
register: st
|
||||
|
||||
- name: set karma_installed
|
||||
set_fact:
|
||||
karma_installed: "{{ st.stat.exists | bool }}"
|
||||
|
||||
- block:
|
||||
- name: determine latest version
|
||||
uri:
|
||||
url: https://api.github.com/repos/prymitive/karma/releases/latest
|
||||
return_content: true
|
||||
body_format: json
|
||||
register: _latest_version
|
||||
until: _latest_version.status == 200
|
||||
retries: 3
|
||||
|
||||
- name: set karma_version
|
||||
set_fact:
|
||||
karma_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
|
||||
|
||||
- block:
|
||||
- name: determine installed version
|
||||
command: "{{ karma_bin_path }}/karma --version"
|
||||
register: _installed_version_string
|
||||
changed_when: false
|
||||
|
||||
- name: set karma_local_version
|
||||
set_fact:
|
||||
karma_local_version: "{{ _installed_version_string.stdout | regex_search(karma_version_regex, '\\1') | first }}"
|
||||
when: karma_installed
|
||||
|
||||
- name: set karma_local_version to 0
|
||||
set_fact:
|
||||
karma_local_version: "0"
|
||||
when: not karma_installed
|
||||
|
||||
- block:
|
||||
- name: get checksums
|
||||
set_fact:
|
||||
_checksums: "{{ lookup('url', karma_checksum_url, wantlist=True) }}"
|
||||
|
||||
- name: set karma_checksum
|
||||
set_fact:
|
||||
karma_checksum: "sha512:{{ item.split(' ') | first }}"
|
||||
loop: "{{ _checksums }}"
|
||||
when: "karma_release_file in item"
|
18
roles/karma/templates/karma.service.j2
Normal file
18
roles/karma/templates/karma.service.j2
Normal file
@ -0,0 +1,18 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
[Unit]
|
||||
Description=Karma Alertmanager dashboard
|
||||
Wants=network-online.target
|
||||
After=network-online.target
|
||||
After=alertmanager.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User={{ karma_user }}
|
||||
Group={{ karma_group }}
|
||||
WorkingDirectory={{ karma_etc_path }}
|
||||
ExecStart={{ karma_bin_path }}/karma \
|
||||
--config.file={{ karma_config_path }}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
0
roles/karma/vars/default.yaml
Normal file
0
roles/karma/vars/default.yaml
Normal file
14
roles/keepalived/defaults/main.yaml
Normal file
14
roles/keepalived/defaults/main.yaml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
keepalived_package_name: keepalived
|
||||
keepalived_package_state: present
|
||||
|
||||
keepalived_service_name: keepalived
|
||||
keepalived_service_state: started
|
||||
keepalived_service_enabled: true
|
||||
|
||||
keepalived_etc_path: /etc/keepalived
|
||||
|
||||
keepalived_config_path: "{{ keepalived_etc_path }}/keepalived.conf"
|
||||
keepalived_config_owner: root
|
||||
keepalived_config_group: root
|
||||
keepalived_config_mode: "0600"
|
12
roles/keepalived/handlers/main.yaml
Normal file
12
roles/keepalived/handlers/main.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
- name: reload keepalived
|
||||
service:
|
||||
name: "{{ keepalived_service_name }}"
|
||||
state: reloaded
|
||||
when: keepalived_service_enabled
|
||||
|
||||
- name: restart keepalived
|
||||
service:
|
||||
name: "{{ keepalived_service_name }}"
|
||||
state: restarted
|
||||
when: keepalived_service_enabled
|
20
roles/keepalived/tasks/main.yaml
Normal file
20
roles/keepalived/tasks/main.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
- name: install
|
||||
package:
|
||||
name: "{{ keepalived_package_name }}"
|
||||
state: "{{ keepalived_package_state }}"
|
||||
|
||||
- name: configure
|
||||
template:
|
||||
src: keepalived.conf.j2
|
||||
dest: "{{ keepalived_config_path }}"
|
||||
owner: "{{ keepalived_config_owner }}"
|
||||
group: "{{ keepalived_config_group }}"
|
||||
mode: "{{ keepalived_config_mode }}"
|
||||
notify: reload keepalived
|
||||
|
||||
- name: service
|
||||
service:
|
||||
name: "{{ keepalived_service_name }}"
|
||||
state: "{{ keepalived_service_state }}"
|
||||
enabled: "{{ keepalived_service_enabled }}"
|
78
roles/keepalived/templates/keepalived.conf.j2
Normal file
78
roles/keepalived/templates/keepalived.conf.j2
Normal file
@ -0,0 +1,78 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
{% if keepalived_global_defs is defined %}
|
||||
global_defs {
|
||||
{% for k in keepalived_global_defs %}
|
||||
{{ k }} {{ v }}
|
||||
{% endfor %}
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if keepalived_vrrp_scripts is defined %}
|
||||
{% for name, conf in keepalived_vrrp_scripts.items() %}
|
||||
vrrp_script {{ name }} {
|
||||
{% if conf.script is defined %}
|
||||
script "{{ conf.script }}"
|
||||
{% endif %}
|
||||
{% if conf.interval is defined %}
|
||||
interval {{ conf.interval | default(1) }}
|
||||
{% endif %}
|
||||
{% if conf.weight is defined %}
|
||||
weight {{ conf.weight }}
|
||||
{% endif %}
|
||||
}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if keepalived_vrrp_instances is defined %}
|
||||
{% for name, conf in keepalived_vrrp_instances.items() %}
|
||||
vrrp_instance {{ name }} {
|
||||
{% if conf.state is defined %}
|
||||
state {{ conf.state | default("MASTER") }}
|
||||
{% endif %}
|
||||
{% if conf.interface is defined %}
|
||||
interface {{ conf.interface | default("eth0") }}
|
||||
{% endif %}
|
||||
{% if conf.virtual_router_id is defined %}
|
||||
virtual_router_id {{ conf.virtual_router_id }}
|
||||
{% endif %}
|
||||
{% if conf.priority is defined %}
|
||||
priority {{ conf.priority }}
|
||||
{% endif %}
|
||||
{% if conf.advert_int is defined %}
|
||||
advert_int {{ conf.advert_int }}
|
||||
{% endif %}
|
||||
{% if conf.authentication is defined %}
|
||||
authentication {
|
||||
{% if conf.authentication.auth_type is defined %}
|
||||
auth_type {{ conf.authentication.auth_type }}
|
||||
{% endif %}
|
||||
{% if conf.authentication.auth_pass is defined %}
|
||||
auth_pass {{ conf.authentication.auth_pass }}
|
||||
{% endif %}
|
||||
}
|
||||
{% if conf.unicast_peer is defined %}
|
||||
unicast_peer {
|
||||
{% for x in conf.unicast_peer %}
|
||||
{{ x }}
|
||||
{% endfor %}
|
||||
}
|
||||
{% endif %}
|
||||
{% if conf.virtual_ipaddress is defined %}
|
||||
virtual_ipaddress {
|
||||
{% for x in conf.virtual_ipaddress %}
|
||||
{{ x }}
|
||||
{% endfor %}
|
||||
}
|
||||
{% endif %}
|
||||
{% if conf.track_script is defined %}
|
||||
track_script {
|
||||
{% for x in conf.track_script %}
|
||||
{{ x }}
|
||||
{% endfor %}
|
||||
}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
}
|
||||
{% endfor %}
|
||||
{% endif %}
|
47
roles/kthxbye/defaults/main.yaml
Normal file
47
roles/kthxbye/defaults/main.yaml
Normal file
@ -0,0 +1,47 @@
|
||||
---
|
||||
kthxbye_go_arch_map:
|
||||
i386: '386'
|
||||
x86_64: 'amd64'
|
||||
|
||||
kthxbye_go_arch: "{{ kthxbye_go_arch_map[ansible_architecture] | default('amd64') }}"
|
||||
|
||||
kthxbye_sidecar_service_name: kthxbye-sidecar.service
|
||||
kthxbye_sidecar_service_enabled: true
|
||||
kthxbye_sidecar_service_state: started
|
||||
|
||||
kthxbye_service_name: kthxbye.service
|
||||
kthxbye_service_enabled: true
|
||||
kthxbye_service_state: started
|
||||
|
||||
kthxbye_version_regex: (.+)
|
||||
|
||||
kthxbye_checksum_algo: sha512
|
||||
kthxbye_github_rel_path: prymitive/kthxbye
|
||||
kthxbye_github_project_url: "https://github.com/{{ kthxbye_github_rel_path }}"
|
||||
kthxbye_release_file: "kthxbye-{{ ansible_system | lower }}-{{ kthxbye_go_arch }}.tar.gz"
|
||||
kthxbye_release_url: "{{ kthxbye_github_project_url }}/releases/download/v{{ kthxbye_version }}/{{ kthxbye_release_file }}"
|
||||
kthxbye_checksum_url: "{{ kthxbye_github_project_url }}/releases/download/v{{ kthxbye_version }}/{{ kthxbye_checksum_algo }}sum.txt"
|
||||
kthxbye_download_path: "/tmp/{{ kthxbye_release_file }}"
|
||||
kthxbye_unarchive_dest_path: /tmp
|
||||
kthxbye_extracted_path: "{{ kthxbye_download_path | replace('.tar.gz', '') }}"
|
||||
kthxbye_binaries:
|
||||
- kthxbye
|
||||
|
||||
kthxbye_user: kthxbye
|
||||
kthxbye_user_state: present
|
||||
kthxbye_user_shell: /usr/sbin/nologin
|
||||
|
||||
kthxbye_group: kthxbye
|
||||
kthxbye_group_state: "{{ kthxbye_user_state | default('present') }}"
|
||||
|
||||
kthxbye_etc_path: /etc/kthxbye
|
||||
kthxbye_etc_owner: root
|
||||
kthxbye_etc_group: root
|
||||
kthxbye_etc_mode: "0755"
|
||||
|
||||
kthxbye_var_path: /var/lib/kthxbye
|
||||
kthxbye_var_owner: "{{ kthxbye_user }}"
|
||||
kthxbye_var_group: "{{ kthxbye_group }}"
|
||||
kthxbye_var_mode: "0755"
|
||||
|
||||
kthxbye_bin_path: /usr/local/bin
|
6
roles/kthxbye/handlers/main.yaml
Normal file
6
roles/kthxbye/handlers/main.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
- name: restart kthxbye
|
||||
systemd:
|
||||
name: kthxbye.service
|
||||
daemon_reload: true
|
||||
state: restarted
|
47
roles/kthxbye/tasks/configure.yaml
Normal file
47
roles/kthxbye/tasks/configure.yaml
Normal file
@ -0,0 +1,47 @@
|
||||
---
|
||||
- name: create group
|
||||
group:
|
||||
name: "{{ kthxbye_group }}"
|
||||
system: true
|
||||
state: "{{ kthxbye_group_state | default('present') }}"
|
||||
|
||||
- name: create user
|
||||
user:
|
||||
name: "{{ kthxbye_user }}"
|
||||
system: true
|
||||
shell: "{{ kthxbye_user_shell }}"
|
||||
group: "{{ kthxbye_group }}"
|
||||
createhome: false
|
||||
home: "{{ kthxbye_var_path }}"
|
||||
state: "{{ kthxbye_user_state | default('present') }}"
|
||||
|
||||
- name: create etc path
|
||||
file:
|
||||
path: "{{ kthxbye_etc_path }}"
|
||||
state: directory
|
||||
owner: "{{ kthxbye_etc_owner }}"
|
||||
group: "{{ kthxbye_etc_group }}"
|
||||
mode: "{{ kthxbye_etc_mode }}"
|
||||
|
||||
- name: create var path
|
||||
file:
|
||||
path: "{{ kthxbye_var_path }}"
|
||||
state: directory
|
||||
owner: "{{ kthxbye_var_owner }}"
|
||||
group: "{{ kthxbye_var_group }}"
|
||||
mode: "{{ kthxbye_var_mode }}"
|
||||
|
||||
- name: configure systemd template
|
||||
template:
|
||||
src: kthxbye.service.j2
|
||||
dest: /etc/systemd/system/kthxbye.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0444
|
||||
notify: restart kthxbye
|
||||
|
||||
- name: manage service
|
||||
service:
|
||||
name: "{{ kthxbye_service_name }}"
|
||||
enabled: "{{ kthxbye_service_enabled }}"
|
||||
state: "{{ kthxbye_service_state }}"
|
0
roles/kthxbye/tasks/default.yaml
Normal file
0
roles/kthxbye/tasks/default.yaml
Normal file
30
roles/kthxbye/tasks/install.yaml
Normal file
30
roles/kthxbye/tasks/install.yaml
Normal file
@ -0,0 +1,30 @@
|
||||
---
|
||||
- block:
|
||||
- name: download tar
|
||||
get_url:
|
||||
url: "{{ kthxbye_release_url }}"
|
||||
dest: "{{ kthxbye_download_path }}"
|
||||
checksum: "{{ kthxbye_checksum }}"
|
||||
register: dl
|
||||
until: dl is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
- name: extract tar
|
||||
unarchive:
|
||||
src: "{{ kthxbye_download_path }}"
|
||||
dest: "{{ kthxbye_unarchive_dest_path }}"
|
||||
creates: "{{ kthxbye_extracted_path }}"
|
||||
remote_src: true
|
||||
|
||||
- name: install binaries
|
||||
copy:
|
||||
src: "{{ kthxbye_extracted_path }}"
|
||||
dest: "{{ kthxbye_bin_path }}/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
remote_src: true
|
||||
loop: "{{ kthxbye_binaries }}"
|
||||
notify: restart kthxbye
|
||||
when: kthxbye_version != kthxbye_local_version
|
30
roles/kthxbye/tasks/main.yaml
Normal file
30
roles/kthxbye/tasks/main.yaml
Normal file
@ -0,0 +1,30 @@
|
||||
---
|
||||
- name: gather os specific variables
|
||||
include_vars: "{{ lookup('first_found', possible_files) }}"
|
||||
vars:
|
||||
possible_files:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- vars
|
||||
|
||||
- name: include os specific tasks
|
||||
include_tasks: "{{ lookup('first_found', possible_files) }}"
|
||||
vars:
|
||||
possible_files:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- tasks
|
||||
|
||||
- include: pre.yaml
|
||||
|
||||
- include: install.yaml
|
||||
|
||||
- include: configure.yaml
|
54
roles/kthxbye/tasks/pre.yaml
Normal file
54
roles/kthxbye/tasks/pre.yaml
Normal file
@ -0,0 +1,54 @@
|
||||
---
|
||||
- name: determine if installed
|
||||
stat:
|
||||
path: "{{ kthxbye_bin_path }}/kthxbye"
|
||||
register: st
|
||||
|
||||
- name: set kthxbye_installed
|
||||
set_fact:
|
||||
kthxbye_installed: "{{ st.stat.exists | bool }}"
|
||||
|
||||
- block:
|
||||
- name: determine latest version
|
||||
uri:
|
||||
url: "https://api.github.com/repos/{{ kthxbye_github_rel_path }}/releases/latest"
|
||||
return_content: true
|
||||
body_format: json
|
||||
register: _latest_version
|
||||
until: _latest_version.status == 200
|
||||
retries: 3
|
||||
|
||||
- name: set kthxbye_version
|
||||
set_fact:
|
||||
kthxbye_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
|
||||
|
||||
- block:
|
||||
- name: determine installed version
|
||||
command: "{{ kthxbye_bin_path }}/kthxbye --version"
|
||||
register: _installed_version_string
|
||||
changed_when: false
|
||||
|
||||
- name: set kthxbye_local_version
|
||||
set_fact:
|
||||
kthxbye_local_version: "{{ _installed_version_string.stdout | regex_search(kthxbye_version_regex, '\\1') | first }}"
|
||||
rescue:
|
||||
- name: set kthxbye_local_version
|
||||
set_fact:
|
||||
kthxbye_local_version: "{{ _installed_version_string.stderr | regex_search(kthxbye_version_regex, '\\1') | first }}"
|
||||
when: kthxbye_installed
|
||||
|
||||
- name: set kthxbye_local_version to 0
|
||||
set_fact:
|
||||
kthxbye_local_version: "0"
|
||||
when: not kthxbye_installed
|
||||
|
||||
- block:
|
||||
- name: get checksums
|
||||
set_fact:
|
||||
_checksums: "{{ lookup('url', kthxbye_checksum_url, wantlist=True) }}"
|
||||
|
||||
- name: set kthxbye_checksum
|
||||
set_fact:
|
||||
kthxbye_checksum: "sha512:{{ item.split(' ') | first }}"
|
||||
loop: "{{ _checksums }}"
|
||||
when: "kthxbye_release_file in item"
|
20
roles/kthxbye/templates/kthxbye.service.j2
Normal file
20
roles/kthxbye/templates/kthxbye.service.j2
Normal file
@ -0,0 +1,20 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
[Unit]
|
||||
Description=Kthxbye
|
||||
Wants=network-online.target
|
||||
After=network-online.target
|
||||
After=alertmanager.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User={{ kthxbye_user }}
|
||||
Group={{ kthxbye_group }}
|
||||
WorkingDirectory={{ kthxbye_etc_path }}
|
||||
ExecStart={{ kthxbye_bin_path }}/kthxbye \
|
||||
{% if kthxbye_listen %}
|
||||
-listen={{ kthxbye_listen }}
|
||||
{% endif %}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
0
roles/kthxbye/vars/default.yaml
Normal file
0
roles/kthxbye/vars/default.yaml
Normal file
74
roles/loki/defaults/main.yaml
Normal file
74
roles/loki/defaults/main.yaml
Normal file
@ -0,0 +1,74 @@
|
||||
---
|
||||
loki_go_arch_map:
|
||||
i386: '386'
|
||||
x86_64: 'amd64'
|
||||
|
||||
loki_go_arch: "{{ loki_go_arch_map[ansible_architecture] | default('amd64') }}"
|
||||
|
||||
loki_service_name: loki.service
|
||||
loki_service_enabled: true
|
||||
loki_service_state: started
|
||||
|
||||
loki_version_regex: ^loki, version ([\d.]+)
|
||||
|
||||
loki_github_project_url: https://github.com/grafana/loki
|
||||
loki_release_file: "loki-{{ ansible_system | lower }}-{{ loki_go_arch }}.zip"
|
||||
loki_release_url: "{{ loki_github_project_url }}/releases/download/v{{ loki_version }}/{{ loki_release_file }}"
|
||||
loki_checksum_url: "{{ loki_github_project_url }}/releases/download/v{{ loki_version }}/SHA256SUMS"
|
||||
loki_download_path: "/tmp/{{ loki_release_file }}"
|
||||
loki_unarchive_dest_path: /tmp
|
||||
loki_extracted_path: "{{ loki_download_path | replace('.zip', '') }}"
|
||||
|
||||
loki_user: loki
|
||||
loki_user_state: present
|
||||
loki_user_shell: /usr/sbin/nologin
|
||||
|
||||
loki_group: loki
|
||||
loki_group_state: "{{ loki_user_state | default('present') }}"
|
||||
|
||||
loki_config_path: /etc/loki.yaml
|
||||
|
||||
loki_var_path: /var/lib/loki
|
||||
loki_var_owner: "{{ loki_user }}"
|
||||
loki_var_group: "{{ loki_group }}"
|
||||
loki_var_mode: "0755"
|
||||
|
||||
loki_bin_path: /usr/local/bin
|
||||
|
||||
loki_auth_enabled: false
|
||||
|
||||
loki_server:
|
||||
http_listen_port: 3100
|
||||
|
||||
loki_ingester:
|
||||
lifecycler:
|
||||
address: 127.0.0.1
|
||||
ring:
|
||||
kvstore:
|
||||
store: inmemory
|
||||
replication_factor: 1
|
||||
final_sleep: 0s
|
||||
chunk_idle_period: 5m
|
||||
chunk_retain_period: 30s
|
||||
|
||||
loki_schema_config:
|
||||
configs:
|
||||
- from: 2020-05-15
|
||||
store: boltdb
|
||||
object_store: filesystem
|
||||
schema: v11
|
||||
index:
|
||||
prefix: index_
|
||||
period: 168h
|
||||
|
||||
loki_storage_config:
|
||||
boltdb:
|
||||
directory: "{{ loki_var_path }}/index"
|
||||
filesystem:
|
||||
directory: "{{ loki_var_path }}/chunks"
|
||||
|
||||
loki_limits_config:
|
||||
enforce_metric_name: false
|
||||
reject_old_samples: true
|
||||
reject_old_samples_max_age: 168h
|
||||
ingestion_burst_size_mb: 16
|
6
roles/loki/handlers/main.yaml
Normal file
6
roles/loki/handlers/main.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
- name: restart loki
|
||||
systemd:
|
||||
name: loki.service
|
||||
daemon_reload: true
|
||||
state: restarted
|
48
roles/loki/tasks/configure.yaml
Normal file
48
roles/loki/tasks/configure.yaml
Normal file
@ -0,0 +1,48 @@
|
||||
---
|
||||
- name: create group
|
||||
group:
|
||||
name: "{{ loki_group }}"
|
||||
system: true
|
||||
state: "{{ loki_group_state | default('present') }}"
|
||||
|
||||
- name: create user
|
||||
user:
|
||||
name: "{{ loki_user }}"
|
||||
system: true
|
||||
shell: "{{ loki_user_shell }}"
|
||||
group: "{{ loki_group }}"
|
||||
createhome: false
|
||||
home: "{{ loki_var_path }}"
|
||||
state: "{{ loki_user_state | default('present') }}"
|
||||
|
||||
- name: configure
|
||||
template:
|
||||
src: loki.yaml.j2
|
||||
dest: "{{ loki_config_path }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0444
|
||||
notify: restart loki
|
||||
|
||||
- name: create var path
|
||||
file:
|
||||
path: "{{ loki_var_path }}"
|
||||
state: directory
|
||||
owner: "{{ loki_var_owner }}"
|
||||
group: "{{ loki_var_group }}"
|
||||
mode: "{{ loki_var_mode }}"
|
||||
|
||||
- name: configure systemd template
|
||||
template:
|
||||
src: "{{ loki_service_name }}.j2"
|
||||
dest: "/etc/systemd/system/{{ loki_service_name }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0444
|
||||
notify: restart loki
|
||||
|
||||
- name: manage service
|
||||
service:
|
||||
name: "{{ loki_service_name }}"
|
||||
enabled: "{{ loki_service_enabled }}"
|
||||
state: "{{ loki_service_state }}"
|
0
roles/loki/tasks/default.yaml
Normal file
0
roles/loki/tasks/default.yaml
Normal file
29
roles/loki/tasks/install.yaml
Normal file
29
roles/loki/tasks/install.yaml
Normal file
@ -0,0 +1,29 @@
|
||||
---
|
||||
- block:
|
||||
- name: download archive
|
||||
get_url:
|
||||
url: "{{ loki_release_url }}"
|
||||
dest: "{{ loki_download_path }}"
|
||||
checksum: "{{ loki_checksum }}"
|
||||
register: dl
|
||||
until: dl is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
- name: extract archive
|
||||
unarchive:
|
||||
src: "{{ loki_download_path }}"
|
||||
dest: "{{ loki_unarchive_dest_path }}"
|
||||
creates: "{{ loki_extracted_path }}/loki"
|
||||
remote_src: true
|
||||
|
||||
- name: install binaries
|
||||
copy:
|
||||
src: "{{ loki_extracted_path }}"
|
||||
dest: "{{ loki_bin_path }}/loki"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
remote_src: true
|
||||
notify: restart loki
|
||||
when: loki_version != loki_local_version
|
30
roles/loki/tasks/main.yaml
Normal file
30
roles/loki/tasks/main.yaml
Normal file
@ -0,0 +1,30 @@
|
||||
---
|
||||
- name: gather os specific variables
|
||||
include_vars: "{{ lookup('first_found', possible_files) }}"
|
||||
vars:
|
||||
possible_files:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- vars
|
||||
|
||||
- name: include os specific tasks
|
||||
include_tasks: "{{ lookup('first_found', possible_files) }}"
|
||||
vars:
|
||||
possible_files:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- tasks
|
||||
|
||||
- include: pre.yaml
|
||||
|
||||
- include: install.yaml
|
||||
|
||||
- include: configure.yaml
|
50
roles/loki/tasks/pre.yaml
Normal file
50
roles/loki/tasks/pre.yaml
Normal file
@ -0,0 +1,50 @@
|
||||
---
|
||||
- name: determine if installed
|
||||
stat:
|
||||
path: "{{ loki_bin_path }}/loki"
|
||||
register: st
|
||||
|
||||
- name: set loki_installed
|
||||
set_fact:
|
||||
loki_installed: "{{ st.stat.exists | bool }}"
|
||||
|
||||
- block:
|
||||
- name: determine latest version
|
||||
uri:
|
||||
url: https://api.github.com/repos/grafana/loki/releases/latest
|
||||
return_content: true
|
||||
body_format: json
|
||||
register: _latest_version
|
||||
until: _latest_version.status == 200
|
||||
retries: 3
|
||||
|
||||
- name: set loki_version
|
||||
set_fact:
|
||||
loki_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
|
||||
|
||||
- block:
|
||||
- name: determine installed version
|
||||
command: "{{ loki_bin_path }}/loki --version"
|
||||
register: _installed_version_string
|
||||
changed_when: false
|
||||
|
||||
- name: set loki_local_version
|
||||
set_fact:
|
||||
loki_local_version: "{{ _installed_version_string.stdout | regex_search(loki_version_regex, '\\1') | first }}"
|
||||
when: loki_installed
|
||||
|
||||
- name: set loki_local_version to 0
|
||||
set_fact:
|
||||
loki_local_version: "0"
|
||||
when: not loki_installed
|
||||
|
||||
- block:
|
||||
- name: get checksums
|
||||
set_fact:
|
||||
_checksums: "{{ lookup('url', loki_checksum_url, wantlist=True) }}"
|
||||
|
||||
- name: set loki_checksum
|
||||
set_fact:
|
||||
loki_checksum: "sha256:{{ item.split(' ') | first }}"
|
||||
loop: "{{ _checksums }}"
|
||||
when: "loki_release_file in item"
|
19
roles/loki/templates/loki.service.j2
Normal file
19
roles/loki/templates/loki.service.j2
Normal file
@ -0,0 +1,19 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
[Unit]
|
||||
Description=Loki
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User={{ loki_user }}
|
||||
Group={{ loki_group }}
|
||||
ExecStart={{ loki_bin_path }}/loki \
|
||||
-config.file {{ loki_config_path }}
|
||||
WorkingDirectory={{ loki_var_path }}
|
||||
|
||||
Restart=always
|
||||
RestartSec=1
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
30
roles/loki/templates/loki.yaml.j2
Normal file
30
roles/loki/templates/loki.yaml.j2
Normal file
@ -0,0 +1,30 @@
|
||||
{{ ansible_managed | comment }}
|
||||
---
|
||||
{% if loki_auth_enabled is defined %}
|
||||
auth_enabled: {{ loki_auth_enabled | bool | lower }}
|
||||
{% endif %}
|
||||
|
||||
{% if loki_server is defined %}
|
||||
server:
|
||||
{{ loki_server | to_nice_yaml(indent=2) | indent(2, False) }}
|
||||
{% endif -%}
|
||||
|
||||
{% if loki_ingester is defined %}
|
||||
ingester:
|
||||
{{ loki_ingester | to_nice_yaml(indent=2) | indent(2, False) }}
|
||||
{% endif -%}
|
||||
|
||||
{% if loki_schema_config is defined %}
|
||||
schema_config:
|
||||
{{ loki_schema_config | to_nice_yaml(indent=2) | indent(2, False) }}
|
||||
{% endif -%}
|
||||
|
||||
{% if loki_storage_config is defined %}
|
||||
storage_config:
|
||||
{{ loki_storage_config | to_nice_yaml(indent=2) | indent(2, False) }}
|
||||
{% endif -%}
|
||||
|
||||
{% if loki_limits_config is defined %}
|
||||
limits_config:
|
||||
{{ loki_limits_config | to_nice_yaml(indent=2) | indent(2, False) }}
|
||||
{% endif -%}
|
0
roles/loki/vars/default.yaml
Normal file
0
roles/loki/vars/default.yaml
Normal file
50
roles/mtail/defaults/main.yaml
Normal file
50
roles/mtail/defaults/main.yaml
Normal file
@ -0,0 +1,50 @@
|
||||
---
|
||||
mtail_go_arch_map:
|
||||
i386: '386'
|
||||
x86_64: 'amd64'
|
||||
|
||||
mtail_go_arch: "{{ mtail_go_arch_map[ansible_architecture] | default('amd64') }}"
|
||||
|
||||
mtail_service_name: mtail.service
|
||||
mtail_service_state: started
|
||||
mtail_service_enabled: yes
|
||||
|
||||
mtail_version_regex: ^mtail version (\S+)
|
||||
|
||||
mtail_github_project_url: https://github.com/google/mtail
|
||||
mtail_release_file: "mtail_{{ mtail_version }}_{{ ansible_system | capitalize }}_{{ ansible_architecture }}.tar.gz"
|
||||
mtail_release_url: "{{ mtail_github_project_url }}/releases/download/v{{ mtail_version }}/{{ mtail_release_file }}"
|
||||
mtail_download_path: "/tmp/{{ mtail_release_file }}"
|
||||
mtail_checksum_url: "{{ mtail_github_project_url }}/releases/download/v{{ mtail_version }}/checksums.txt"
|
||||
mtail_extracted_path: "/tmp"
|
||||
mtail_unarchive_dest_path: "/tmp"
|
||||
|
||||
mtail_user: mtail
|
||||
mtail_user_state: present
|
||||
mtail_user_shell: /usr/sbin/nologin
|
||||
mtail_append_groups:
|
||||
- adm
|
||||
|
||||
mtail_group: mtail
|
||||
mtail_group_state: "{{ mtail_user_state | default('present') }}"
|
||||
|
||||
mtail_etc_path: /etc/mtail
|
||||
mtail_etc_owner: root
|
||||
mtail_etc_group: root
|
||||
mtail_etc_mode: "0755"
|
||||
|
||||
mtail_var_path: /var/lib/mtail
|
||||
mtail_var_owner: "{{ mtail_user }}"
|
||||
mtail_var_group: "{{ mtail_group }}"
|
||||
mtail_var_mode: "0755"
|
||||
|
||||
mtail_var_log_path: /var/log/mtail
|
||||
mtail_var_log_owner: "{{ mtail_user }}"
|
||||
mtail_var_log_group: "{{ mtail_group }}"
|
||||
mtail_var_log_mode: "0755"
|
||||
|
||||
mtail_bin_path: /usr/local/bin
|
||||
|
||||
mtail_arg_logs:
|
||||
- "/var/log/syslog/{{ inventory_hostname_short }}/*/*/*.log"
|
||||
- /var/log/nginx/*.access.log
|
29
roles/mtail/files/rules/nginx.mtail
Normal file
29
roles/mtail/files/rules/nginx.mtail
Normal file
@ -0,0 +1,29 @@
|
||||
getfilename() !~ /nginx\/.*\.log$/ {
|
||||
stop
|
||||
}
|
||||
|
||||
counter nginx_http_requests_total by vhost, method, code
|
||||
counter nginx_http_response_size_bytes_total by vhost, method, code
|
||||
|
||||
histogram nginx_http_response_time_seconds buckets 0.0, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0, 10.0, 25.0, 50.0 by vhost, method, code
|
||||
|
||||
/^/ +
|
||||
/(?P<vhost>[0-9A-Za-z\.\-:]+) / +
|
||||
/(?P<remote_addr>\S+) / +
|
||||
/- / +
|
||||
/(?P<remote_user>\S+) / +
|
||||
/\[(?P<time_local>\d{2}\/\w{3}\/\d{4}:\d{2}:\d{2}:\d{2} (\+|-)\d{4})\] / +
|
||||
/"(?P<request_method>[A-Z]+) (?P<request_uri>\S+) (?P<http_version>HTTP\/[0-9\.]+)" / +
|
||||
/(?P<status>\d{3}) / +
|
||||
/(?P<bytes_sent>\d+) / +
|
||||
/(?P<request_time>\d+\.\d+) / +
|
||||
/"(?P<http_referer>\S+)" / +
|
||||
/"(?P<http_user_agent>[[:print:]]+)" / +
|
||||
/"(?P<http_x_forwarded_for>\S+)"/ +
|
||||
/$/ {
|
||||
nginx_http_requests_total[$vhost][$request_method][$status]++
|
||||
|
||||
nginx_http_response_size_bytes_total[$vhost][$request_method][$status] += $bytes_sent
|
||||
|
||||
nginx_http_response_time_seconds[$vhost][$request_method][$status] = $request_time
|
||||
}
|
32
roles/mtail/files/rules/syslog.mtail
Normal file
32
roles/mtail/files/rules/syslog.mtail
Normal file
@ -0,0 +1,32 @@
|
||||
getfilename() !~ /^\/var\/log\/syslog\// {
|
||||
stop
|
||||
}
|
||||
|
||||
def syslog {
|
||||
/(?P<date>(?P<legacy_date>\w+\s+\d+\s+\d+:\d+:\d+)|(?P<rfc3339_date>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d+[+-]\d{2}:\d{2}))/ +
|
||||
/\s+(?:\w+@)?(?P<hostname>[\w\.-]+)\s+(?P<application>[\w\.-]+)(?:\[(?P<pid>\d+)\])?:\s+(?P<message>.*)/ {
|
||||
# If the legacy_date regexp matched, try this format.
|
||||
len($legacy_date) > 0 {
|
||||
strptime($legacy_date, "Jan _2 15:04:05")
|
||||
}
|
||||
# If the RFC3339 style matched, parse it this way.
|
||||
len($rfc3339_date) > 0 {
|
||||
strptime($rfc3339_date, "2006-01-02T15:04:05-07:00")
|
||||
}
|
||||
# Call into the decorated block
|
||||
next
|
||||
}
|
||||
}
|
||||
|
||||
counter syslog_loglines_total by application
|
||||
counter ssh_invalid_user
|
||||
|
||||
@syslog {
|
||||
syslog_loglines_total[$application]++
|
||||
$application == "sshd" {
|
||||
$message =~ /^Invalid user/ {
|
||||
ssh_invalid_user++
|
||||
}
|
||||
}
|
||||
}
|
||||
|
6
roles/mtail/handlers/main.yaml
Normal file
6
roles/mtail/handlers/main.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
- name: restart mtail
|
||||
systemd:
|
||||
name: mtail.service
|
||||
daemon_reload: true
|
||||
state: restarted
|
67
roles/mtail/tasks/configure.yaml
Normal file
67
roles/mtail/tasks/configure.yaml
Normal file
@ -0,0 +1,67 @@
|
||||
---
|
||||
- name: create group
|
||||
group:
|
||||
name: "{{ mtail_group }}"
|
||||
system: true
|
||||
state: "{{ mtail_group_state | default('present') }}"
|
||||
|
||||
- name: create user
|
||||
user:
|
||||
name: "{{ mtail_user }}"
|
||||
system: true
|
||||
shell: "{{ mtail_user_shell }}"
|
||||
group: "{{ mtail_group }}"
|
||||
groups: "{{ [mtail_group] + (mtail_append_groups | default([])) }}"
|
||||
append: true
|
||||
createhome: false
|
||||
home: "{{ mtail_var_path }}"
|
||||
state: "{{ mtail_user_state | default('present') }}"
|
||||
|
||||
- name: create etc path
|
||||
file:
|
||||
path: "{{ mtail_etc_path }}"
|
||||
state: directory
|
||||
owner: "{{ mtail_etc_owner }}"
|
||||
group: "{{ mtail_etc_group }}"
|
||||
mode: "{{ mtail_etc_mode }}"
|
||||
|
||||
- name: create var path
|
||||
file:
|
||||
path: "{{ mtail_var_path }}"
|
||||
state: directory
|
||||
owner: "{{ mtail_var_owner }}"
|
||||
group: "{{ mtail_var_group }}"
|
||||
mode: "{{ mtail_var_mode }}"
|
||||
|
||||
- name: create var_log path
|
||||
file:
|
||||
path: "{{ mtail_var_log_path }}"
|
||||
state: directory
|
||||
owner: "{{ mtail_var_log_owner }}"
|
||||
group: "{{ mtail_var_log_group }}"
|
||||
mode: "{{ mtail_var_log_mode }}"
|
||||
|
||||
- name: configure rules
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ mtail_etc_path }}/{{ item | basename }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
loop: "{{ lookup('fileglob', 'rules/*.mtail', wantlist=True) }}"
|
||||
notify: restart mtail
|
||||
|
||||
- name: configure systemd template
|
||||
template:
|
||||
src: mtail.service.j2
|
||||
dest: /etc/systemd/system/mtail.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0444
|
||||
notify: restart mtail
|
||||
|
||||
- name: manage service
|
||||
service:
|
||||
name: "{{ mtail_service_name }}"
|
||||
enabled: "{{ mtail_service_enabled }}"
|
||||
state: "{{ mtail_service_state }}"
|
0
roles/mtail/tasks/default.yaml
Normal file
0
roles/mtail/tasks/default.yaml
Normal file
52
roles/mtail/tasks/install.yaml
Normal file
52
roles/mtail/tasks/install.yaml
Normal file
@ -0,0 +1,52 @@
|
||||
---
|
||||
#- block:
|
||||
# - name: download tar
|
||||
# get_url:
|
||||
# url: "{{ mtail_release_url }}"
|
||||
# dest: "{{ mtail_download_path }}"
|
||||
# register: dl
|
||||
# until: dl is success
|
||||
# retries: 5
|
||||
# delay: 10
|
||||
#
|
||||
# - name: install binaries
|
||||
# copy:
|
||||
# src: "{{ mtail_download_path }}"
|
||||
# dest: "{{ mtail_bin_path }}/mtail"
|
||||
# owner: root
|
||||
# group: root
|
||||
# mode: 0755
|
||||
# remote_src: true
|
||||
# notify: restart mtail
|
||||
# when: mtail_version != mtail_local_version
|
||||
#
|
||||
- block:
|
||||
- name: download tar
|
||||
get_url:
|
||||
url: "{{ mtail_release_url }}"
|
||||
dest: "{{ mtail_download_path }}"
|
||||
checksum: "{{ mtail_checksum }}"
|
||||
register: dl
|
||||
until: dl is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
- name: extract tar
|
||||
unarchive:
|
||||
src: "{{ mtail_download_path }}"
|
||||
dest: "{{ mtail_unarchive_dest_path }}"
|
||||
creates: "{{ mtail_extracted_path }}/mtail"
|
||||
remote_src: true
|
||||
|
||||
- name: install binaries
|
||||
copy:
|
||||
src: "{{ mtail_extracted_path }}/{{ item }}"
|
||||
dest: "{{ mtail_bin_path }}/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
remote_src: true
|
||||
loop:
|
||||
- mtail
|
||||
notify: restart mtail
|
||||
when: mtail_version != mtail_local_version
|
30
roles/mtail/tasks/main.yaml
Normal file
30
roles/mtail/tasks/main.yaml
Normal file
@ -0,0 +1,30 @@
|
||||
---
|
||||
- name: gather os specific variables
|
||||
include_vars: "{{ lookup('first_found', possible_files) }}"
|
||||
vars:
|
||||
possible_files:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- vars
|
||||
|
||||
- name: include os specific tasks
|
||||
include_tasks: "{{ lookup('first_found', possible_files) }}"
|
||||
vars:
|
||||
possible_files:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- tasks
|
||||
|
||||
- include: pre.yaml
|
||||
|
||||
- include: install.yaml
|
||||
|
||||
- include: configure.yaml
|
88
roles/mtail/tasks/pre.yaml
Normal file
88
roles/mtail/tasks/pre.yaml
Normal file
@ -0,0 +1,88 @@
|
||||
---
|
||||
#- name: determine if installed
|
||||
# stat:
|
||||
# path: "{{ mtail_bin_path }}/mtail"
|
||||
# register: st
|
||||
#
|
||||
#- name: set mtail_installed
|
||||
# set_fact:
|
||||
# mtail_installed: "{{ st.stat.exists | bool }}"
|
||||
#
|
||||
#- block:
|
||||
# - name: determine latest version
|
||||
# uri:
|
||||
# url: https://api.github.com/repos/google/mtail/releases/latest
|
||||
# return_content: true
|
||||
# body_format: json
|
||||
# register: _latest_version
|
||||
# until: _latest_version.status == 200
|
||||
# retries: 3
|
||||
#
|
||||
# - name: set mtail_version
|
||||
# set_fact:
|
||||
# mtail_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
|
||||
#
|
||||
#- block:
|
||||
# - name: determine installed version
|
||||
# command: "{{ mtail_bin_path }}/mtail --version"
|
||||
# register: _installed_version_string
|
||||
# changed_when: false
|
||||
#
|
||||
# - name: set mtail_local_version
|
||||
# set_fact:
|
||||
# mtail_local_version: "{{ _installed_version_string.stdout | regex_search(mtail_version_regex, '\\1') | first }}"
|
||||
# when: mtail_installed
|
||||
#
|
||||
#- name: set mtail_local_version to 0
|
||||
# set_fact:
|
||||
# mtail_local_version: "0"
|
||||
# when: not mtail_installed
|
||||
- name: determine if installed
|
||||
stat:
|
||||
path: "{{ mtail_bin_path }}/mtail"
|
||||
register: st
|
||||
|
||||
- name: set mtail_installed
|
||||
set_fact:
|
||||
mtail_installed: "{{ st.stat.exists | bool }}"
|
||||
|
||||
- block:
|
||||
- name: determine latest version
|
||||
uri:
|
||||
url: https://api.github.com/repos/google/mtail/releases/latest
|
||||
return_content: true
|
||||
body_format: json
|
||||
register: _latest_version
|
||||
until: _latest_version.status == 200
|
||||
retries: 3
|
||||
|
||||
- name: set mtail_version
|
||||
set_fact:
|
||||
mtail_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
|
||||
|
||||
- block:
|
||||
- name: determine installed version
|
||||
command: "{{ mtail_bin_path }}/mtail --version"
|
||||
register: _installed_version_string
|
||||
changed_when: false
|
||||
|
||||
- name: set mtail_local_version
|
||||
set_fact:
|
||||
mtail_local_version: "{{ _installed_version_string.stdout | regex_search(mtail_version_regex, '\\1') | first }}"
|
||||
when: mtail_installed
|
||||
|
||||
- name: set mtail_local_version to 0
|
||||
set_fact:
|
||||
mtail_local_version: "0"
|
||||
when: not mtail_installed
|
||||
|
||||
- block:
|
||||
- name: get checksums
|
||||
set_fact:
|
||||
_checksums: "{{ lookup('url', mtail_checksum_url, wantlist=True) }}"
|
||||
|
||||
- name: set mtail_checksum
|
||||
set_fact:
|
||||
mtail_checksum: "sha256:{{ item.split(' ') | first }}"
|
||||
loop: "{{ _checksums }}"
|
||||
when: "mtail_release_file in item"
|
16
roles/mtail/templates/mtail.service.j2
Normal file
16
roles/mtail/templates/mtail.service.j2
Normal file
@ -0,0 +1,16 @@
|
||||
[Unit]
|
||||
Description=mtail
|
||||
|
||||
[Service]
|
||||
User={{ mtail_user }}
|
||||
ExecStart={{ mtail_bin_path }}/mtail \
|
||||
--progs {{ mtail_etc_path }} \
|
||||
--log_dir={{ mtail_var_log_path }} \
|
||||
{% if mtail_arg_logs %}
|
||||
{% for path in mtail_arg_logs %}
|
||||
--logs {{ path }} \
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
0
roles/mtail/vars/default.yaml
Normal file
0
roles/mtail/vars/default.yaml
Normal file
38
roles/mysql/README.md
Normal file
38
roles/mysql/README.md
Normal file
@ -0,0 +1,38 @@
|
||||
Role Name
|
||||
=========
|
||||
|
||||
A brief description of the role goes here.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
|
||||
|
||||
Role Variables
|
||||
--------------
|
||||
|
||||
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
|
||||
|
||||
Example Playbook
|
||||
----------------
|
||||
|
||||
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
|
||||
|
||||
- hosts: servers
|
||||
roles:
|
||||
- { role: username.rolename, x: 42 }
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
BSD
|
||||
|
||||
Author Information
|
||||
------------------
|
||||
|
||||
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
|
57
roles/mysql/defaults/main.yaml
Normal file
57
roles/mysql/defaults/main.yaml
Normal file
@ -0,0 +1,57 @@
|
||||
---
|
||||
mysql_package_state: 'present'
|
||||
|
||||
mysql_service_name: 'mysql'
|
||||
mysql_service_state: 'started'
|
||||
mysql_service_enabled: yes
|
||||
|
||||
mysql_initialize_log_error: /var/tmp/mysqld_initialize.log
|
||||
|
||||
mysql_cfg_path: /etc/my.cnf
|
||||
|
||||
mysql_datadir_owner: mysql
|
||||
mysql_datadir_group: mysql
|
||||
mysql_datadir_mode: 0700
|
||||
|
||||
mysql_config:
|
||||
mysql:
|
||||
port: 3306
|
||||
socket: /var/run/mysqld/mysqld.sock
|
||||
mysqld:
|
||||
basedir: /usr
|
||||
bind_address: 127.0.0.1
|
||||
datadir: /var/lib/mysql
|
||||
default_storage_engine: InnoDB
|
||||
innodb_buffer_pool_size: "{{ (ansible_memtotal_mb * 0.25) | int }}M"
|
||||
innodb_file_per_table: 1
|
||||
innodb_flush_log_at_trx_commit: 1
|
||||
innodb_flush_method: O_DIRECT
|
||||
innodb_log_file_size: 128M
|
||||
innodb_log_files_in_group: 2
|
||||
key_buffer_size: 16M
|
||||
log_error: /var/log/mysql/mysql-error.log
|
||||
log_queries_not_using_indexes: 1
|
||||
max_allowed_packet: 16M
|
||||
max_connect_errors: 1000000
|
||||
max_connections: 100
|
||||
max_heap_table_size: 32M
|
||||
myisam_recover_options: FORCE,BACKUP
|
||||
open_files_limit: 65535
|
||||
pid_file: /var/run/mysqld/mysqld.pid
|
||||
query_cache_size: 0
|
||||
query_cache_type: 0
|
||||
slow_query_log: 1
|
||||
slow_query_log_file: /var/log/mysql/mysql-slow.log
|
||||
socket: /var/run/mysqld/mysqld.sock
|
||||
table_definition_cache: 4096
|
||||
table_open_cache: 300
|
||||
thread_cache_size: 16
|
||||
tmp_table_size: 32M
|
||||
tmpdir: /tmp
|
||||
user: mysql
|
||||
mysqld_safe:
|
||||
nice: 0
|
||||
socket: /var/run/mysqld/mysqld.sock
|
||||
syslog: ~
|
||||
|
||||
# vim:ft=yaml.ansible:
|
5
roles/mysql/handlers/main.yml
Normal file
5
roles/mysql/handlers/main.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
- name: restart mysql
|
||||
service:
|
||||
name: "{{ mysql_service_name }}"
|
||||
state: restarted
|
60
roles/mysql/meta/main.yml
Normal file
60
roles/mysql/meta/main.yml
Normal file
@ -0,0 +1,60 @@
|
||||
galaxy_info:
|
||||
author: your name
|
||||
description: your description
|
||||
company: your company (optional)
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
# Some suggested licenses:
|
||||
# - BSD (default)
|
||||
# - MIT
|
||||
# - GPLv2
|
||||
# - GPLv3
|
||||
# - Apache
|
||||
# - CC-BY
|
||||
license: license (GPLv2, CC-BY, etc)
|
||||
|
||||
min_ansible_version: 2.4
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
||||
# Optionally specify the branch Galaxy will use when accessing the GitHub
|
||||
# repo for this role. During role install, if no tags are available,
|
||||
# Galaxy will use this branch. During import Galaxy will access files on
|
||||
# this branch. If Travis integration is configured, only notifications for this
|
||||
# branch will be accepted. Otherwise, in all cases, the repo's default branch
|
||||
# (usually master) will be used.
|
||||
#github_branch:
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
# platforms:
|
||||
# - name: Fedora
|
||||
# versions:
|
||||
# - all
|
||||
# - 25
|
||||
# - name: SomePlatform
|
||||
# versions:
|
||||
# - all
|
||||
# - 1.0
|
||||
# - 7
|
||||
# - 99.99
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is a keyword that describes
|
||||
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above, if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
||||
# Maximum 20 tags per role.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
39
roles/mysql/tasks/main.yml
Normal file
39
roles/mysql/tasks/main.yml
Normal file
@ -0,0 +1,39 @@
|
||||
---
|
||||
- name: gather OS distribution version specific variables
|
||||
include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
|
||||
|
||||
- name: gather OS distribution specific variables
|
||||
include_vars: "{{ ansible_distribution }}.yaml"
|
||||
|
||||
- name: gather OS family specific variables
|
||||
include_vars: "{{ ansible_os_family }}.yaml"
|
||||
|
||||
- name: manage mysql package
|
||||
package:
|
||||
name: "{{ mysql_package_name }}"
|
||||
state: "{{ mysql_package_state }}"
|
||||
|
||||
- name: create datadir
|
||||
file:
|
||||
path: "{{ mysql_config.mysqld.datadir }}"
|
||||
owner: "{{ mysql_datadir_owner }}"
|
||||
group: "{{ mysql_datadir_group }}"
|
||||
mode: "{{ mysql_datadir_mode }}"
|
||||
state: directory
|
||||
|
||||
- name: initialize mysql
|
||||
command: "mysqld --initialize --log-error={{ mysql_initialize_log_error }}"
|
||||
args:
|
||||
creates: "{{ mysql_config.mysqld.datadir }}/mysql"
|
||||
|
||||
- name: configure mysql
|
||||
template:
|
||||
src: my.cnf.j2
|
||||
dest: "{{ mysql_cfg_path }}"
|
||||
notify: restart mysql
|
||||
|
||||
- name: manage mysql service
|
||||
service:
|
||||
name: "{{ mysql_service_name }}"
|
||||
state: "{{ mysql_service_state }}"
|
||||
enabled: "{{ mysql_service_enabled }}"
|
12
roles/mysql/templates/my.cnf.j2
Normal file
12
roles/mysql/templates/my.cnf.j2
Normal file
@ -0,0 +1,12 @@
|
||||
# {{ ansible_managed }}
|
||||
{% for section, cfg in mysql_config.iteritems() | sort %}
|
||||
|
||||
[{{section}}]
|
||||
{% for k, v in cfg.iteritems() | sort %}
|
||||
{% if k is defined and v is not none %}
|
||||
{{ k }} = {{ v }}
|
||||
{% elif k and v is none %}
|
||||
{{ k }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
2
roles/mysql/tests/inventory
Normal file
2
roles/mysql/tests/inventory
Normal file
@ -0,0 +1,2 @@
|
||||
localhost
|
||||
|
5
roles/mysql/tests/test.yml
Normal file
5
roles/mysql/tests/test.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- roles/mysql
|
2
roles/mysql/vars/Debian.yaml
Normal file
2
roles/mysql/vars/Debian.yaml
Normal file
@ -0,0 +1,2 @@
|
||||
---
|
||||
mysql_cfg_path: /etc/my.cnf
|
5
roles/mysql/vars/Ubuntu-18.yaml
Normal file
5
roles/mysql/vars/Ubuntu-18.yaml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
mysql_service_name: 'mysql.service'
|
||||
mysql_cfg_path: /etc/mysql/my.cnf
|
||||
|
||||
# vim:ft=yaml.ansible:
|
4
roles/mysql/vars/Ubuntu.yaml
Normal file
4
roles/mysql/vars/Ubuntu.yaml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
mysql_package_name: 'mysql-server'
|
||||
|
||||
# vim:ft=yaml.ansible:
|
2
roles/mysql/vars/main.yml
Normal file
2
roles/mysql/vars/main.yml
Normal file
@ -0,0 +1,2 @@
|
||||
---
|
||||
# vars file for roles/mysql
|
51
roles/node_exporter/defaults/main.yaml
Normal file
51
roles/node_exporter/defaults/main.yaml
Normal file
@ -0,0 +1,51 @@
|
||||
---
|
||||
node_exporter_go_arch_map:
|
||||
i386: '386'
|
||||
x86_64: 'amd64'
|
||||
|
||||
node_exporter_go_arch: "{{ node_exporter_go_arch_map[ansible_architecture] | default('amd64') }}"
|
||||
|
||||
node_exporter_service_name: node_exporter.service
|
||||
node_exporter_service_enabled: true
|
||||
node_exporter_service_state: started
|
||||
|
||||
node_exporter_version_regex: ^node_exporter, version ([\d.]+)
|
||||
|
||||
node_exporter_release_file: "node_exporter-{{ node_exporter_version }}.{{ ansible_system | lower }}-{{ node_exporter_go_arch }}.tar.gz"
|
||||
node_exporter_release_url: "https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/{{ node_exporter_release_file }}"
|
||||
node_exporter_checksum_url: "https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/sha256sums.txt"
|
||||
node_exporter_download_path: "/tmp/{{ node_exporter_release_file }}"
|
||||
node_exporter_unarchive_dest_path: /tmp
|
||||
node_exporter_extracted_path: "{{ node_exporter_download_path | replace('.tar.gz', '') }}"
|
||||
|
||||
node_exporter_user: node_exporter
|
||||
node_exporter_user_state: present
|
||||
node_exporter_user_shell: /usr/sbin/nologin
|
||||
|
||||
node_exporter_group: node_exporter
|
||||
node_exporter_group_state: "{{ node_exporter_user_state | default('present') }}"
|
||||
|
||||
node_exporter_var_path: /var/lib/node_exporter
|
||||
node_exporter_var_owner: "{{ node_exporter_user }}"
|
||||
node_exporter_var_group: "{{ node_exporter_group }}"
|
||||
node_exporter_var_mode: "0755"
|
||||
|
||||
node_exporter_spool_path: /var/spool/node_exporter
|
||||
node_exporter_spool_owner: "{{ node_exporter_user }}"
|
||||
node_exporter_spool_group: "{{ node_exporter_group }}"
|
||||
node_exporter_spool_mode: "0755"
|
||||
|
||||
node_exporter_bin_path: /usr/local/bin
|
||||
|
||||
node_exporter_collectors_enabled:
|
||||
- textfile:
|
||||
directory: "{{ node_exporter_spool_path }}/textfile_collector"
|
||||
- processes
|
||||
- tcpstat
|
||||
- ntp
|
||||
- supervisord:
|
||||
url: unix:///var/run/supervisor.sock
|
||||
- systemd:
|
||||
enable-task-metrics:
|
||||
enable-restarts-metrics:
|
||||
enable-start-time-metrics:
|
36
roles/node_exporter/files/apt-exporter.pl
Normal file
36
roles/node_exporter/files/apt-exporter.pl
Normal file
@ -0,0 +1,36 @@
|
||||
#!/usr/bin/env perl
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
my $cmd = "apt-get --just-print dist-upgrade";
|
||||
my %metrics;
|
||||
|
||||
open(my $fh, '-|', $cmd) or die $!;
|
||||
while(my $line = <$fh>) {
|
||||
if ($line =~ /Inst \S+ \S+ \(\S+ (.+) \[(\S+)\]\)/) {
|
||||
my $k = sprintf("apt_upgrades_pending{origin=\"%s\", arch=\"%s\"}", $1, $2);
|
||||
if (!exists $metrics{$k}) {
|
||||
$metrics{$k} = 1;
|
||||
} else {
|
||||
$metrics{$k}++;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (%metrics) {
|
||||
# print apt metrics
|
||||
while(my($k, $v) = each %metrics) {
|
||||
printf("%s %d\n", $k, $v)
|
||||
}
|
||||
}
|
||||
else {
|
||||
print("apt_upgrades_pending{origin=\"\",arch=\"\"} 0\n");
|
||||
}
|
||||
|
||||
# print reboot required metric
|
||||
if (-e "/var/run/reboot-required") {
|
||||
print("node_reboot_required 1\n")
|
||||
}
|
||||
else {
|
||||
print("node_reboot_required 0\n")
|
||||
}
|
42
roles/node_exporter/files/promcat.sh
Normal file
42
roles/node_exporter/files/promcat.sh
Normal file
@ -0,0 +1,42 @@
|
||||
#!/bin/bash
|
||||
|
||||
function usage { printf "Usage: %s FILE\n" "$(basename "$0")" >&2; exit 1; }
|
||||
|
||||
while getopts "h" opt; do
|
||||
case "${opt}" in
|
||||
*)
|
||||
usage
|
||||
;;
|
||||
esac
|
||||
done
|
||||
shift $((OPTIND-1))
|
||||
|
||||
FILE="$1"
|
||||
|
||||
if [ -z "${FILE}" ]; then
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if command -v sponge > /dev/null; then
|
||||
( echo "# promcat (sponge)" ; cat /dev/stdin ) | sponge "${FILE}"
|
||||
else
|
||||
TEMP=$(mktemp --suffix .prom)
|
||||
|
||||
function finish {
|
||||
if [ -f "${TEMP}" ]; then
|
||||
rm -f "${TEMP}"
|
||||
fi
|
||||
}
|
||||
trap finish EXIT
|
||||
|
||||
echo "# promcat (mktemp, mv)" > "${TEMP}"
|
||||
cat /dev/stdin >> "${TEMP}"
|
||||
|
||||
if [ ! -s "${TEMP}" ] || grep -q '^[[:space:]]*$' "${TEMP}" ; then
|
||||
printf "%s is empty\n" "${TEMP}" >&2
|
||||
exit 1
|
||||
else
|
||||
mv "${TEMP}" "${FILE}"
|
||||
fi
|
||||
fi
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user