add grahpite web and grafana roles

author: Christian Pointner <equinox@spreadspace.org> 2020-12-08 20:06:25 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2020-12-08 20:06:25 +0100
commit: 785cae7ccf8c69366438a446ff121ecbb7ad5465 (patch)
tree: f9971024e7befb12bb2bf26277d7b8c2006c36e1 /roles
parent: add role for graphite carbon-cache (diff)
18 files changed, 265 insertions, 1 deletions
diff --git a/roles/apt-repo/grafana/files/repo.gpg b/roles/apt-repo/grafana/files/repo.gpg
new file mode 100644
index 00000000..d3221fc8
--- /dev/null
+++ b/roles/apt-repo/grafana/files/repo.gpg
diff --git a/roles/apt-repo/grafana/tasks/main.yml b/roles/apt-repo/grafana/tasks/main.yml
new file mode 100644
index 00000000..05e6db80
--- /dev/null
+++ b/roles/apt-repo/grafana/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+- name: add repository key
+  copy:
+    src: repo.gpg
+    dest: /etc/apt/trusted.gpg.d/grafana.gpg
+  register: apt_repo_grafana_key
+
+- name: add repository entry
+  copy:
+    content: |
+      deb https://packages.grafana.com/oss/deb stable main
+    dest: /etc/apt/sources.list.d/grafana.list
+  register: apt_repo_grafana_sources
+
+- name: update apt cache
+  when: apt_repo_grafana_key is changed or
+        apt_repo_grafana_sources is changed
+  apt:
+    update_cache: yes
diff --git a/roles/monitoring/collectd/base/templates/common.conf.j2 b/roles/monitoring/collectd/base/templates/common.conf.j2
index 6447f3f1..c2f09f82 100644
--- a/roles/monitoring/collectd/base/templates/common.conf.j2
+++ b/roles/monitoring/collectd/base/templates/common.conf.j2
@@ -7,6 +7,7 @@ LoadPlugin irq
 LoadPlugin load
 LoadPlugin memory
 LoadPlugin processes
+LoadPlugin uptime
 LoadPlugin users
 
 <Plugin "df">
diff --git a/roles/monitoring/collectd/graphite/defaults/main.yml b/roles/monitoring/collectd/graphite/defaults/main.yml
index f4bfe09c..55eb76c8 100644
--- a/roles/monitoring/collectd/graphite/defaults/main.yml
+++ b/roles/monitoring/collectd/graphite/defaults/main.yml
@@ -5,4 +5,4 @@
 #     Port "2003"
 #     Protocol "tcp"
 #     LogSendErrors true
-#     Prefix "collectd"
+#     Prefix "collectd."
diff --git a/roles/monitoring/grafana/defaults/main.yml b/roles/monitoring/grafana/defaults/main.yml
new file mode 100644
index 00000000..8798dfb5
--- /dev/null
+++ b/roles/monitoring/grafana/defaults/main.yml
@@ -0,0 +1,21 @@
+---
+# grafana_secret_key:  <--- pwgen -s 64 -1
+grafana_root_url: "%(protocol)s://%(domain)s:%(http_port)s/grafana"
+
+grafana_config_server:
+  http_addr: localhost
+  http_port: 3000
+  root_url: "{{ grafana_root_url }}"
+  serve_from_sub_path: true
+
+grafana_config_analytics:
+  reporting_enabled: false
+  check_for_updates: false
+
+grafana_config_security:
+  secret_key: "{{ grafana_secret_key }}"
+  disable_gravatar: true
+
+grafana_config_users:
+  allow_sign_up: false
+  allow_org_create: false
diff --git a/roles/monitoring/grafana/handlers/main.yml b/roles/monitoring/grafana/handlers/main.yml
new file mode 100644
index 00000000..59d64e48
--- /dev/null
+++ b/roles/monitoring/grafana/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart grafana
+  service:
+    name: grafana-server
+    state: restarted
diff --git a/roles/monitoring/grafana/tasks/main.yml b/roles/monitoring/grafana/tasks/main.yml
new file mode 100644
index 00000000..87f16bd0
--- /dev/null
+++ b/roles/monitoring/grafana/tasks/main.yml
@@ -0,0 +1,71 @@
+---
+- name: add debian repository
+  include_role:
+    name: apt-repo/grafana
+
+- name: install apt packages
+  apt:
+    name: grafana
+    state: present
+
+- name: configure grafana server
+  loop: "{{ grafana_config_server | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  ini_file:
+    path: /etc/grafana/grafana.ini
+    section: server
+    option: "{{ item.key }}"
+    value: "{{ item.value | string }}"
+  notify: restart grafana
+
+- name: configure grafana analytics
+  loop: "{{ grafana_config_analytics | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  ini_file:
+    path: /etc/grafana/grafana.ini
+    section: analytics
+    option: "{{ item.key }}"
+    value: "{{ item.value | string }}"
+  notify: restart grafana
+
+- name: configure grafana security
+  loop: "{{ grafana_config_security | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  ini_file:
+    path: /etc/grafana/grafana.ini
+    section: security
+    option: "{{ item.key }}"
+    value: "{{ item.value | string }}"
+  notify: restart grafana
+
+- name: configure grafana users
+  loop: "{{ grafana_config_users | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  ini_file:
+    path: /etc/grafana/grafana.inig
+    section: users
+    option: "{{ item.key }}"
+    value: "{{ item.value | string }}"
+  notify: restart grafana
+
+- name: make sure grafan-server is enabled and started
+  systemd:
+    name: grafana-server
+    state: started
+    enabled: yes
+
+- name: configure nginx vhost
+  vars:
+    nginx_vhost:
+      name: grafana
+      template: generic-proxy-no-buffering
+      hostnames:
+      - "_"
+      client_max_body_size: "0"
+      proxy_pass: "http://127.0.0.1:{{ grafana_config_server.http_port | default(3000) }}"
+  include_role:
+    name: nginx/vhost
diff --git a/roles/monitoring/graphite/web/defaults/main.yml b/roles/monitoring/graphite/web/defaults/main.yml
new file mode 100644
index 00000000..167c39a1
--- /dev/null
+++ b/roles/monitoring/graphite/web/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+# graphite_web_secret_key:  <--- pwgen -s 64 -1
+
+graphite_web_nginx_listen: 127.0.0.1:81 default_server
+graphite_web_uwsgi_port: 3031
diff --git a/roles/monitoring/graphite/web/handlers/main.yml b/roles/monitoring/graphite/web/handlers/main.yml
new file mode 100644
index 00000000..ed97d539
--- /dev/null
+++ b/roles/monitoring/graphite/web/handlers/main.yml
@@ -0,0 +1 @@
+---
diff --git a/roles/monitoring/graphite/web/tasks/main.yml b/roles/monitoring/graphite/web/tasks/main.yml
new file mode 100644
index 00000000..7c796722
--- /dev/null
+++ b/roles/monitoring/graphite/web/tasks/main.yml
@@ -0,0 +1,50 @@
+---
+- name: instsall apt packages
+  apt:
+    name: graphite-web
+    state: present
+
+- name: configure secret key
+  lineinfile:
+    path: /etc/graphite/local_settings.py
+    regexp: '#?SECRET_KEY\s*='
+    line: "SECRET_KEY = '{{ graphite_web_secret_key }}'"
+
+- name: initialize database
+  become: yes
+  become_method: su
+  become_user: "_graphite"
+  become_flags: "-s /bin/bash"
+  command: graphite-manage migrate --run-syncdb
+  args:
+    creates: /var/lib/graphite/graphite.db
+
+- name: fix sqlite database permissions
+  file:
+    path: /var/lib/graphite/graphite.db
+    owner: "_graphite"
+    group: "_graphite"
+    mode: "0600"
+
+- name: check if uwsgi plugin python3 is installed
+  assert:
+    msg: "This role needs uwsgi with python3 plugin installed"
+    that:
+      - uwsgi_plugins is defined
+      - "'python3' in uwsgi_plugins"
+
+- name: install uwsgi app
+  vars:
+    uwsgi_app:
+      name: graphite
+      content: "{{ lookup('template', 'uwsgi-app.ini.j2') }}"
+  include_role:
+    name: uwsgi/app
+
+- name: install nginx vhost
+  vars:
+    nginx_vhost:
+      name: graphite
+      content: "{{ lookup('template', 'nginx-vhost.conf.j2') }}"
+  include_role:
+    name: nginx/vhost
diff --git a/roles/monitoring/graphite/web/templates/nginx-vhost.conf.j2 b/roles/monitoring/graphite/web/templates/nginx-vhost.conf.j2
new file mode 100644
index 00000000..48b6ef73
--- /dev/null
+++ b/roles/monitoring/graphite/web/templates/nginx-vhost.conf.j2
@@ -0,0 +1,20 @@
+server {
+  listen {{ graphite_web_nginx_listen }};
+
+  server_name _;
+
+  location / {
+    include uwsgi_params;
+    uwsgi_pass 127.0.0.1:{{ graphite_web_uwsgi_port }};
+  }
+  rewrite ^/admin(.*)admin/([^/]+)/([^/]+)$ /media/$2/$3 redirect;
+  location /media {
+    alias /usr/share/python-django-common/django/contrib/admin/static/admin/;
+  }
+  location /static/ {
+    alias /usr/share/graphite-web/static/;
+  }
+
+  access_log /var/log/nginx/access-graphite.log;
+  error_log /var/log/nginx/error-graphite.log;
+}
diff --git a/roles/monitoring/graphite/web/templates/uwsgi-app.ini.j2 b/roles/monitoring/graphite/web/templates/uwsgi-app.ini.j2
new file mode 100644
index 00000000..e5b01a04
--- /dev/null
+++ b/roles/monitoring/graphite/web/templates/uwsgi-app.ini.j2
@@ -0,0 +1,8 @@
+[uwsgi]
+plugin = python3
+processes = 2
+socket = 127.0.0.1:{{ graphite_web_uwsgi_port }}
+gid = _graphite
+uid = _graphite
+chdir = /usr/share/graphite-web
+wsgi-file = /usr/share/graphite-web/graphite.wsgi
diff --git a/roles/nginx/vhost/templates/generic-proxy-no-buffering.conf.j2 b/roles/nginx/vhost/templates/generic-proxy-no-buffering.conf.j2
new file mode 100644
index 00000000..10697441
--- /dev/null
+++ b/roles/nginx/vhost/templates/generic-proxy-no-buffering.conf.j2
@@ -0,0 +1,31 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name {{ nginx_vhost.hostnames | join(' ') }};
+
+    location / {
+        include snippets/proxy-nobuff.conf;
+{% if 'client_max_body_size' in nginx_vhost %}
+        client_max_body_size {{ nginx_vhost.client_max_body_size }};
+{% endif %}
+
+        proxy_set_header Host $host;
+        include snippets/proxy-forward-headers.conf;
+
+        # for websockets
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+
+        proxy_pass {{ nginx_vhost.proxy_pass }};
+{% if 'proxy_redirect' in nginx_vhost %}
+{%   for entry in nginx_vhost.proxy_redirect %}
+        proxy_redirect {{ entry.redirect }} {{ entry.replacement }};
+{%   endfor %}
+{% endif %}
+{% if 'proxy_ssl' in nginx_vhost %}
+{%   for prop in (nginx_vhost.proxy_ssl | list | sort)  %}
+        proxy_ssl_{{ prop }} {{ nginx_vhost.proxy_ssl[prop] }};
+{%   endfor %}
+{% endif %}
+    }
+}
diff --git a/roles/uwsgi/app/defaults/main.yml b/roles/uwsgi/app/defaults/main.yml
new file mode 100644
index 00000000..9dafac3d
--- /dev/null
+++ b/roles/uwsgi/app/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+# uwsgi_app:
+#   name: other-example
+#   content: "<<< content of vhost >>>"
diff --git a/roles/uwsgi/app/handlers/main.yml b/roles/uwsgi/app/handlers/main.yml
new file mode 100644
index 00000000..eeeffb99
--- /dev/null
+++ b/roles/uwsgi/app/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: reload uwsgi
+  service:
+    name: uwsgi
+    state: reloaded
diff --git a/roles/uwsgi/app/tasks/main.yml b/roles/uwsgi/app/tasks/main.yml
new file mode 100644
index 00000000..69bea0a2
--- /dev/null
+++ b/roles/uwsgi/app/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+- name: install app config
+  copy:
+    content: "{{ uwsgi_app.content }}"
+    dest: "/etc/uwsgi/apps-available/{{ uwsgi_app.name }}.ini"
+  notify: reload uwsgi
+
+- name: enable app config
+  file:
+    src: "../apps-available/{{ uwsgi_app.name }}.ini"
+    dest: "/etc/uwsgi/apps-enabled/{{ uwsgi_app.name }}.ini"
+    state: link
+  notify: reload uwsgi
diff --git a/roles/uwsgi/base/defaults/main.yml b/roles/uwsgi/base/defaults/main.yml
new file mode 100644
index 00000000..bcdca44d
--- /dev/null
+++ b/roles/uwsgi/base/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+uwsgi_plugins: []
+
+#uwsgi_plugins:
+# - python
diff --git a/roles/uwsgi/base/tasks/main.yml b/roles/uwsgi/base/tasks/main.yml
new file mode 100644
index 00000000..cf955eaf
--- /dev/null
+++ b/roles/uwsgi/base/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- name: install core and plugin packages
+  apt:
+    name: "{{ uwsgi_plugins | map('regex_replace', '^', 'uwsgi-plugin-') | list | union(['uwsgi']) }}"
+    state: present
author	Christian Pointner <equinox@spreadspace.org>	2020-12-08 20:06:25 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2020-12-08 20:06:25 +0100
commit	785cae7ccf8c69366438a446ff121ecbb7ad5465 (patch)
tree	f9971024e7befb12bb2bf26277d7b8c2006c36e1 /roles
parent	add role for graphite carbon-cache (diff)