c236bb61a4
Migration playbook:
- name: Cleanup old promtail install
hosts: all
tasks:
- name: Stop and disable old service
when: prometheus_agent.agents.promtail.enable
service:
name: grafana-promtail
state: stopped
enabled: false
- name: Migrate state dir
when: prometheus_agent.agents.promtail.enable
copy:
src: /var/lib/grafana-promtail/
dest: /var/lib/promtail/
remote_src: yes
- name: Uninstall old package
when: prometheus_agent.agents.promtail.enable
apt:
name: grafana-promtail
state: absent
purge: true # Removes user, group and /var/lib/grafana-promtail
- name: create promtail group
when: prometheus_agent.agents.promtail.enable
group:
name: promtail
system: true
- name: create promtail user
when: prometheus_agent.agents.promtail.enable
user:
name: promtail
system: true
group: promtail
home: /var/lib/promtail
- name: Fix state dir owner and group
when: prometheus_agent.agents.promtail.enable
file:
name: /var/lib/promtail/
state: directory
recurse: true
owner: promtail
group: promtail
225 lines
6.6 KiB
YAML
225 lines
6.6 KiB
YAML
- name: install node-exporter
|
|
apt:
|
|
pkg:
|
|
- prometheus-node-exporter
|
|
- prometheus-node-exporter-collectors
|
|
|
|
- name: copy node-exporter config
|
|
notify: restart node-exporter
|
|
template:
|
|
src: node-exporter.j2
|
|
dest: /etc/default/prometheus-node-exporter
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- name: handle blackbox exporter
|
|
when: prometheus_agent.agents.blackbox.enable
|
|
block:
|
|
- name: install blackbox exporter
|
|
apt:
|
|
pkg: prometheus-blackbox-exporter
|
|
- name: handle cap cap_net_raw, needed for icmp
|
|
community.general.capabilities:
|
|
path: /usr/bin/prometheus-blackbox-exporter
|
|
capability: cap_net_raw+ep
|
|
- name: write blackbox exporter service config
|
|
notify: restart blackbox exporter
|
|
template:
|
|
src: prometheus-blackbox.j2
|
|
dest: /etc/default/prometheus-blackbox-exporter
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
- name: write blackbox exporter config
|
|
notify: restart blackbox exporter
|
|
copy:
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
dest: /etc/prometheus/blackbox.yml
|
|
content: "{{ prometheus_agent.agents.blackbox.config|to_nice_yaml(indent=2) }}"
|
|
|
|
- name: handle snmp exporter
|
|
when: prometheus_agent.agents.snmp.enable
|
|
block:
|
|
- name: install prometheus-snmp-exporter
|
|
apt:
|
|
name: prometheus-snmp-exporter
|
|
- name: install snmp downloader
|
|
apt:
|
|
name: snmp-mibs-downloader
|
|
register: mibs_downloader_installed
|
|
- name: create folder for MIBs
|
|
file:
|
|
dest: '{{prometheus_agent.agents.snmp.mib_path }}'
|
|
state: directory
|
|
- name: download MIBs
|
|
loop: '{{ prometheus_agent.agents.snmp.mibs }}'
|
|
when: "'url' in item"
|
|
get_url:
|
|
dest: '{{prometheus_agent.agents.snmp.mib_path }}'
|
|
url: '{{ item.url }}'
|
|
#async: 600
|
|
#poll: 0.1
|
|
register: mibs_downloaded
|
|
- name: copy MIBs
|
|
loop: '{{ prometheus_agent.agents.snmp.mibs }}'
|
|
when: "'file' in item"
|
|
copy:
|
|
dest: '{{prometheus_agent.agents.snmp.mib_path }}'
|
|
src: '{{ item.file }}'
|
|
#async: 600
|
|
#poll: 0.1
|
|
register: mibs_copied
|
|
- name: create snmp directory
|
|
file:
|
|
dest: /etc/prometheus/snmp
|
|
state: directory
|
|
mode: 0755
|
|
- name: generate generator configuration
|
|
copy:
|
|
dest: /etc/prometheus/snmp/generator.yml
|
|
content: '{{ prometheus_agent.agents.snmp.config|to_nice_yaml }}'
|
|
mode: 0644
|
|
register: snmp_exporter_generator
|
|
- name: generate SNMP exporter configuration
|
|
when: snmp_exporter_generator.changed or mibs_downloader_installed.changed or mibs_downloaded.changed or mibs_copied.changed
|
|
shell: prometheus-snmp-generator generate -o /etc/prometheus/snmp.yml
|
|
args:
|
|
chdir: /etc/prometheus/snmp
|
|
notify: restart snmp exporter
|
|
- name: enable and start snmp exporter
|
|
service:
|
|
name: prometheus-snmp-exporter
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: manage tls
|
|
when: prometheus_agent.tls.manage
|
|
block:
|
|
- name: store certificates
|
|
set_fact:
|
|
inventory_certs: "{{ certificates.certs|d({}) }}"
|
|
prometheus_certs: |
|
|
{
|
|
'prometheus_agent': {
|
|
'san': ['{{ inventory_hostname }}', '{{ ansible_fqdn }}'],
|
|
'backend': 'selfsigned'
|
|
}
|
|
}
|
|
- name: create certificates
|
|
include_role:
|
|
name: certificates
|
|
vars:
|
|
certificates:
|
|
certs: "{{ { 'prometheus_agent': ({}|combine(prometheus_certs, inventory_certs, recursive=True))['prometheus_agent'] } }}"
|
|
|
|
- name: slurp up all scraper certs
|
|
loop: "{{ prometheus_agent.scrapers.keys()|list }}"
|
|
delegate_to: "{{ item }}"
|
|
slurp:
|
|
src: /etc/ssl/prometheus_scraper.crt
|
|
register: scrapercertfiles
|
|
|
|
- name: slurp up agent cert
|
|
slurp:
|
|
src: /etc/ssl/prometheus_agent.crt
|
|
register: agentcertfiles
|
|
|
|
- name: setup stunnel client
|
|
when: prometheus_agent.tls.mode == "stunnel"
|
|
block:
|
|
- name: install stunnel
|
|
apt:
|
|
pkg: stunnel4
|
|
- name: copy scraper ssl certs
|
|
loop: "{{ scrapercertfiles.results }}"
|
|
copy:
|
|
content: "{{ item.content | b64decode }}"
|
|
dest: "/etc/ssl/scraper_{{ item.item }}.crt"
|
|
mode: 0644
|
|
- name: copy stunnel config
|
|
template:
|
|
src: stunnel-client.conf.j2
|
|
dest: /etc/stunnel/prometheus-agent.conf
|
|
mode: 0644
|
|
notify: restart stunnel
|
|
- name: ensure stunnel is running
|
|
failed_when: False
|
|
service:
|
|
name: stunnel4
|
|
state: started
|
|
enabled: yes
|
|
- name: copy agent certs to scrapers
|
|
loop: "{{ prometheus_agent.scrapers.keys()|list }}"
|
|
delegate_to: "{{ item }}"
|
|
copy:
|
|
content: "{{ agentcertfiles.content | b64decode }}"
|
|
dest: "/etc/prometheus/targetcerts/{{ inventory_hostname }}.crt"
|
|
mode: 0644
|
|
|
|
- name: store ansible groups as labels
|
|
set_fact:
|
|
labels_ansible_groups: '{ {% for g in group_names %}"ansible_group_{{ g }}": 1{% if not loop.last %}, {% endif %}{% endfor %} }'
|
|
- name: store combined labels
|
|
set_fact:
|
|
merged_prometheus_labels: "{{ {}|combine((labels_ansible_groups if prometheus_agent.ansible_groups_as_labels else {}), prometheus_agent.labels) }}"
|
|
- name: setup scraper
|
|
loop: "{{ prometheus_agent.scrapers.keys()|list }}"
|
|
delegate_to: "{{ item }}"
|
|
template:
|
|
src: node-scraper.j2
|
|
dest: /etc/prometheus/conf.d/scrape_configs/agent_{{ inventory_hostname }}.conf
|
|
mode: 0644
|
|
- name: setup alerts
|
|
loop: "{{ prometheus_agent.scrapers.keys()|list }}"
|
|
delegate_to: "{{ item }}"
|
|
template:
|
|
src: node-alerts.j2
|
|
dest: /etc/prometheus/conf.d/rule_files/agent_{{ inventory_hostname }}.conf
|
|
mode: 0644
|
|
|
|
- name: handle promtail
|
|
when: prometheus_agent.agents.promtail.enable
|
|
block:
|
|
- name: setup grafana repo key for promtail
|
|
apt_key:
|
|
url: "https://apt.grafana.com/gpg.key"
|
|
- name: setup grafana repo for promtail
|
|
apt_repository:
|
|
repo: "deb https://apt.grafana.com stable main"
|
|
- name: create promtail group
|
|
group:
|
|
name: promtail
|
|
system: true
|
|
- name: create promtail user
|
|
user:
|
|
name: promtail
|
|
system: true
|
|
group: promtail
|
|
groups: adm
|
|
home: /var/lib/promtail
|
|
- name: install promtail
|
|
apt:
|
|
pkg: promtail
|
|
- name: write promtail config
|
|
notify: restart promtail
|
|
template:
|
|
owner: promtail
|
|
group: root
|
|
mode: 0640
|
|
dest: /etc/promtail/config.yml
|
|
src: promtail.yml.j2
|
|
|
|
- name: create node-exporter-textfile group
|
|
ansible.builtin.group:
|
|
name: node-exporter-textfile
|
|
state: present
|
|
- name: make node-exporter textfile dir accessible to node-exporter-textfile group
|
|
ansible.builtin.file:
|
|
path: /var/lib/prometheus/node-exporter
|
|
state: directory
|
|
owner: root
|
|
group: node-exporter-textfile
|
|
mode: '0775'
|