diff options
author | Christian Pointner <equinox@spreadspace.org> | 2020-12-08 20:06:25 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2020-12-08 20:06:25 +0100 |
commit | 785cae7ccf8c69366438a446ff121ecbb7ad5465 (patch) | |
tree | f9971024e7befb12bb2bf26277d7b8c2006c36e1 /roles | |
parent | add role for graphite carbon-cache (diff) |
add grahpite web and grafana roles
Diffstat (limited to 'roles')
18 files changed, 265 insertions, 1 deletions
diff --git a/roles/apt-repo/grafana/files/repo.gpg b/roles/apt-repo/grafana/files/repo.gpg Binary files differnew file mode 100644 index 00000000..d3221fc8 --- /dev/null +++ b/roles/apt-repo/grafana/files/repo.gpg diff --git a/roles/apt-repo/grafana/tasks/main.yml b/roles/apt-repo/grafana/tasks/main.yml new file mode 100644 index 00000000..05e6db80 --- /dev/null +++ b/roles/apt-repo/grafana/tasks/main.yml @@ -0,0 +1,19 @@ +--- +- name: add repository key + copy: + src: repo.gpg + dest: /etc/apt/trusted.gpg.d/grafana.gpg + register: apt_repo_grafana_key + +- name: add repository entry + copy: + content: | + deb https://packages.grafana.com/oss/deb stable main + dest: /etc/apt/sources.list.d/grafana.list + register: apt_repo_grafana_sources + +- name: update apt cache + when: apt_repo_grafana_key is changed or + apt_repo_grafana_sources is changed + apt: + update_cache: yes diff --git a/roles/monitoring/collectd/base/templates/common.conf.j2 b/roles/monitoring/collectd/base/templates/common.conf.j2 index 6447f3f1..c2f09f82 100644 --- a/roles/monitoring/collectd/base/templates/common.conf.j2 +++ b/roles/monitoring/collectd/base/templates/common.conf.j2 @@ -7,6 +7,7 @@ LoadPlugin irq LoadPlugin load LoadPlugin memory LoadPlugin processes +LoadPlugin uptime LoadPlugin users <Plugin "df"> diff --git a/roles/monitoring/collectd/graphite/defaults/main.yml b/roles/monitoring/collectd/graphite/defaults/main.yml index f4bfe09c..55eb76c8 100644 --- a/roles/monitoring/collectd/graphite/defaults/main.yml +++ b/roles/monitoring/collectd/graphite/defaults/main.yml @@ -5,4 +5,4 @@ # Port "2003" # Protocol "tcp" # LogSendErrors true -# Prefix "collectd" +# Prefix "collectd." diff --git a/roles/monitoring/grafana/defaults/main.yml b/roles/monitoring/grafana/defaults/main.yml new file mode 100644 index 00000000..8798dfb5 --- /dev/null +++ b/roles/monitoring/grafana/defaults/main.yml @@ -0,0 +1,21 @@ +--- +# grafana_secret_key: <--- pwgen -s 64 -1 +grafana_root_url: "%(protocol)s://%(domain)s:%(http_port)s/grafana" + +grafana_config_server: + http_addr: localhost + http_port: 3000 + root_url: "{{ grafana_root_url }}" + serve_from_sub_path: true + +grafana_config_analytics: + reporting_enabled: false + check_for_updates: false + +grafana_config_security: + secret_key: "{{ grafana_secret_key }}" + disable_gravatar: true + +grafana_config_users: + allow_sign_up: false + allow_org_create: false diff --git a/roles/monitoring/grafana/handlers/main.yml b/roles/monitoring/grafana/handlers/main.yml new file mode 100644 index 00000000..59d64e48 --- /dev/null +++ b/roles/monitoring/grafana/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart grafana + service: + name: grafana-server + state: restarted diff --git a/roles/monitoring/grafana/tasks/main.yml b/roles/monitoring/grafana/tasks/main.yml new file mode 100644 index 00000000..87f16bd0 --- /dev/null +++ b/roles/monitoring/grafana/tasks/main.yml @@ -0,0 +1,71 @@ +--- +- name: add debian repository + include_role: + name: apt-repo/grafana + +- name: install apt packages + apt: + name: grafana + state: present + +- name: configure grafana server + loop: "{{ grafana_config_server | dict2items }}" + loop_control: + label: "{{ item.key }}" + ini_file: + path: /etc/grafana/grafana.ini + section: server + option: "{{ item.key }}" + value: "{{ item.value | string }}" + notify: restart grafana + +- name: configure grafana analytics + loop: "{{ grafana_config_analytics | dict2items }}" + loop_control: + label: "{{ item.key }}" + ini_file: + path: /etc/grafana/grafana.ini + section: analytics + option: "{{ item.key }}" + value: "{{ item.value | string }}" + notify: restart grafana + +- name: configure grafana security + loop: "{{ grafana_config_security | dict2items }}" + loop_control: + label: "{{ item.key }}" + ini_file: + path: /etc/grafana/grafana.ini + section: security + option: "{{ item.key }}" + value: "{{ item.value | string }}" + notify: restart grafana + +- name: configure grafana users + loop: "{{ grafana_config_users | dict2items }}" + loop_control: + label: "{{ item.key }}" + ini_file: + path: /etc/grafana/grafana.inig + section: users + option: "{{ item.key }}" + value: "{{ item.value | string }}" + notify: restart grafana + +- name: make sure grafan-server is enabled and started + systemd: + name: grafana-server + state: started + enabled: yes + +- name: configure nginx vhost + vars: + nginx_vhost: + name: grafana + template: generic-proxy-no-buffering + hostnames: + - "_" + client_max_body_size: "0" + proxy_pass: "http://127.0.0.1:{{ grafana_config_server.http_port | default(3000) }}" + include_role: + name: nginx/vhost diff --git a/roles/monitoring/graphite/web/defaults/main.yml b/roles/monitoring/graphite/web/defaults/main.yml new file mode 100644 index 00000000..167c39a1 --- /dev/null +++ b/roles/monitoring/graphite/web/defaults/main.yml @@ -0,0 +1,5 @@ +--- +# graphite_web_secret_key: <--- pwgen -s 64 -1 + +graphite_web_nginx_listen: 127.0.0.1:81 default_server +graphite_web_uwsgi_port: 3031 diff --git a/roles/monitoring/graphite/web/handlers/main.yml b/roles/monitoring/graphite/web/handlers/main.yml new file mode 100644 index 00000000..ed97d539 --- /dev/null +++ b/roles/monitoring/graphite/web/handlers/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/monitoring/graphite/web/tasks/main.yml b/roles/monitoring/graphite/web/tasks/main.yml new file mode 100644 index 00000000..7c796722 --- /dev/null +++ b/roles/monitoring/graphite/web/tasks/main.yml @@ -0,0 +1,50 @@ +--- +- name: instsall apt packages + apt: + name: graphite-web + state: present + +- name: configure secret key + lineinfile: + path: /etc/graphite/local_settings.py + regexp: '#?SECRET_KEY\s*=' + line: "SECRET_KEY = '{{ graphite_web_secret_key }}'" + +- name: initialize database + become: yes + become_method: su + become_user: "_graphite" + become_flags: "-s /bin/bash" + command: graphite-manage migrate --run-syncdb + args: + creates: /var/lib/graphite/graphite.db + +- name: fix sqlite database permissions + file: + path: /var/lib/graphite/graphite.db + owner: "_graphite" + group: "_graphite" + mode: "0600" + +- name: check if uwsgi plugin python3 is installed + assert: + msg: "This role needs uwsgi with python3 plugin installed" + that: + - uwsgi_plugins is defined + - "'python3' in uwsgi_plugins" + +- name: install uwsgi app + vars: + uwsgi_app: + name: graphite + content: "{{ lookup('template', 'uwsgi-app.ini.j2') }}" + include_role: + name: uwsgi/app + +- name: install nginx vhost + vars: + nginx_vhost: + name: graphite + content: "{{ lookup('template', 'nginx-vhost.conf.j2') }}" + include_role: + name: nginx/vhost diff --git a/roles/monitoring/graphite/web/templates/nginx-vhost.conf.j2 b/roles/monitoring/graphite/web/templates/nginx-vhost.conf.j2 new file mode 100644 index 00000000..48b6ef73 --- /dev/null +++ b/roles/monitoring/graphite/web/templates/nginx-vhost.conf.j2 @@ -0,0 +1,20 @@ +server { + listen {{ graphite_web_nginx_listen }}; + + server_name _; + + location / { + include uwsgi_params; + uwsgi_pass 127.0.0.1:{{ graphite_web_uwsgi_port }}; + } + rewrite ^/admin(.*)admin/([^/]+)/([^/]+)$ /media/$2/$3 redirect; + location /media { + alias /usr/share/python-django-common/django/contrib/admin/static/admin/; + } + location /static/ { + alias /usr/share/graphite-web/static/; + } + + access_log /var/log/nginx/access-graphite.log; + error_log /var/log/nginx/error-graphite.log; +} diff --git a/roles/monitoring/graphite/web/templates/uwsgi-app.ini.j2 b/roles/monitoring/graphite/web/templates/uwsgi-app.ini.j2 new file mode 100644 index 00000000..e5b01a04 --- /dev/null +++ b/roles/monitoring/graphite/web/templates/uwsgi-app.ini.j2 @@ -0,0 +1,8 @@ +[uwsgi] +plugin = python3 +processes = 2 +socket = 127.0.0.1:{{ graphite_web_uwsgi_port }} +gid = _graphite +uid = _graphite +chdir = /usr/share/graphite-web +wsgi-file = /usr/share/graphite-web/graphite.wsgi diff --git a/roles/nginx/vhost/templates/generic-proxy-no-buffering.conf.j2 b/roles/nginx/vhost/templates/generic-proxy-no-buffering.conf.j2 new file mode 100644 index 00000000..10697441 --- /dev/null +++ b/roles/nginx/vhost/templates/generic-proxy-no-buffering.conf.j2 @@ -0,0 +1,31 @@ +server { + listen 80; + listen [::]:80; + server_name {{ nginx_vhost.hostnames | join(' ') }}; + + location / { + include snippets/proxy-nobuff.conf; +{% if 'client_max_body_size' in nginx_vhost %} + client_max_body_size {{ nginx_vhost.client_max_body_size }}; +{% endif %} + + proxy_set_header Host $host; + include snippets/proxy-forward-headers.conf; + + # for websockets + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_pass {{ nginx_vhost.proxy_pass }}; +{% if 'proxy_redirect' in nginx_vhost %} +{% for entry in nginx_vhost.proxy_redirect %} + proxy_redirect {{ entry.redirect }} {{ entry.replacement }}; +{% endfor %} +{% endif %} +{% if 'proxy_ssl' in nginx_vhost %} +{% for prop in (nginx_vhost.proxy_ssl | list | sort) %} + proxy_ssl_{{ prop }} {{ nginx_vhost.proxy_ssl[prop] }}; +{% endfor %} +{% endif %} + } +} diff --git a/roles/uwsgi/app/defaults/main.yml b/roles/uwsgi/app/defaults/main.yml new file mode 100644 index 00000000..9dafac3d --- /dev/null +++ b/roles/uwsgi/app/defaults/main.yml @@ -0,0 +1,4 @@ +--- +# uwsgi_app: +# name: other-example +# content: "<<< content of vhost >>>" diff --git a/roles/uwsgi/app/handlers/main.yml b/roles/uwsgi/app/handlers/main.yml new file mode 100644 index 00000000..eeeffb99 --- /dev/null +++ b/roles/uwsgi/app/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: reload uwsgi + service: + name: uwsgi + state: reloaded diff --git a/roles/uwsgi/app/tasks/main.yml b/roles/uwsgi/app/tasks/main.yml new file mode 100644 index 00000000..69bea0a2 --- /dev/null +++ b/roles/uwsgi/app/tasks/main.yml @@ -0,0 +1,13 @@ +--- +- name: install app config + copy: + content: "{{ uwsgi_app.content }}" + dest: "/etc/uwsgi/apps-available/{{ uwsgi_app.name }}.ini" + notify: reload uwsgi + +- name: enable app config + file: + src: "../apps-available/{{ uwsgi_app.name }}.ini" + dest: "/etc/uwsgi/apps-enabled/{{ uwsgi_app.name }}.ini" + state: link + notify: reload uwsgi diff --git a/roles/uwsgi/base/defaults/main.yml b/roles/uwsgi/base/defaults/main.yml new file mode 100644 index 00000000..bcdca44d --- /dev/null +++ b/roles/uwsgi/base/defaults/main.yml @@ -0,0 +1,5 @@ +--- +uwsgi_plugins: [] + +#uwsgi_plugins: +# - python diff --git a/roles/uwsgi/base/tasks/main.yml b/roles/uwsgi/base/tasks/main.yml new file mode 100644 index 00000000..cf955eaf --- /dev/null +++ b/roles/uwsgi/base/tasks/main.yml @@ -0,0 +1,5 @@ +--- +- name: install core and plugin packages + apt: + name: "{{ uwsgi_plugins | map('regex_replace', '^', 'uwsgi-plugin-') | list | union(['uwsgi']) }}" + state: present |