---
- name: check if prometheus apt component of spreadspace repo is enabled
  assert:
    msg: "please enable the 'prometheus' component of spreadspace repo using 'spreadspace_apt_repo_components'"
    that:
    - spreadspace_apt_repo_components is defined
    - "'prometheus' in spreadspace_apt_repo_components"

- name: prepare storage volume for /var/lib/prometheus
  when: prometheus_server_storage is defined
  vars:
    storage_volume: "{{ prometheus_server_storage | combine({'dest': '/var/lib/prometheus'}) }}"
  include_role:
    name: "storage/{{ prometheus_server_storage.type }}/volume"

- name: generate apt pin file for prometheus package
  when: prometheus_server_version is defined
  copy:
    dest: "/etc/apt/preferences.d/prom-server.pref"
    content: |
      Package: prom-server
      Pin: version {{ prometheus_server_version }}-1
      Pin-Priority: 1001

- name: remove apt pin file for prometheus package
  when: prometheus_server_version is not defined
  file:
    path: "/etc/apt/preferences.d/prom-server.pref"
    state: absent

- name: install apt packages
  apt:
    name: "prom-server{% if prometheus_server_version is defined %}={{ prometheus_server_version }}-1{% endif %}"
    state: present
    allow_downgrade: yes
  notify: restart prometheus

- name: add user for server
  user:
    name: prometheus
    system: yes
    home: /var/lib/prometheus
    create_home: no

- name: create data directory
  file:
    path: /var/lib/prometheus/metrics2
    state: directory
    owner: prometheus
    group: prometheus

- name: create TLS CA and certificates
  import_tasks: tls.yml

- name: create configuration directories
  loop:
  - rules
  - targets
  file:
    path: "/etc/prometheus/{{ item }}"
    state: directory

- name: create sub-directories for all jobs in targets directory
  loop: "{{ prometheus_server_jobs }}"
  file:
    path: "/etc/prometheus/targets/{{ item }}"
    state: directory

- name: enable/disable job targets
  vars:
    job_targets: "{{ hostvars | prometheus_job_targets(prometheus_server_jobs, prometheus_zone_targets) }}"
  block:
  - name: install files for enabled targets
    loop: "{{ job_targets | selectattr('enabled') }}"
    loop_control:
      loop_var: target
      label: "{{ target.job }} -> {{ target.instance }}"
    template:
      src: "{{ lookup('first_found', {'paths': ['templates/targets'], 'files': [target.job + '.yml.j2', 'generic.yml.j2']}) }}"
      dest: "/etc/prometheus/targets/{{ target.job }}/{{ target.instance }}.yml"
    notify: reload prometheus

  - name: remove files for disabled targets
    loop: "{{ job_targets | rejectattr('enabled') }}"
    loop_control:
      loop_var: target
      label: "{{ target.job }} -> {{ target.instance }}"
    file:
      path: "/etc/prometheus/targets/{{ target.job }}/{{ target.instance }}.yml"
      state: absent
    notify: reload prometheus

- name: create sub-directories for all jobs in rules directory
  loop: "{{ prometheus_server_jobs | union(prometheus_server_federation | default({}) | dict2items | map(attribute='value.jobs') | flatten | unique) | select('match', '.*/.*') | map('dirname') | unique }}"
  file:
    path: "/etc/prometheus/rules/{{ item }}"
    state: directory

- name: generate rules files for all jobs
  loop: "{{ prometheus_server_jobs | union(prometheus_server_federation | default({}) | dict2items | map(attribute='value.jobs') | flatten | unique) | union(['prometheus']) }}"
  template:
    src: rules.yml.j2
    dest: "/etc/prometheus/rules/{{ item }}.yml"
    validate: "promtool check rules %s"
  notify: reload prometheus

- name: generate configuration file
  template:
    src: prometheus.yml.j2
    dest: /etc/prometheus/prometheus.yml
    validate: "promtool check config %s"
  notify: reload prometheus

- name: generate web configuration file
  when: prometheus_server_auth_users is defined
  copy:
    content: |
      # Ansible managed
      basic_auth_users:
      {% for user,password in prometheus_server_auth_users.items() %}
        {{ user }}: {{ password | password_hash('bcrypt', (user~'@'~inventory_hostname~'/prometheus/server') | bcrypt_salt) }}
      {% endfor %}
    dest: /etc/prometheus/prometheus-web.yml
    mode: 0640
    owner: root
    group: prometheus
    validate: "promtool check web-config %s"
  notify: reload prometheus

- name: generate password file prometheus server to scrape itself
  when: prometheus_server_selfscraping_auth is defined
  copy:
    content: "{{ prometheus_server_selfscraping_auth.password }}\n"
    dest: /etc/prometheus/prometheus-selfscraping.password
    mode: 0640
    owner: root
    group: prometheus
  no_log: yes
  notify: reload prometheus

- name: generate password file prometheus server to access alertmanager
  when:
  - prometheus_server_alertmanager is defined
  - "'basic_auth' in prometheus_server_alertmanager"
  copy:
    content: "{{ prometheus_server_alertmanager.basic_auth.password }}\n"
    dest: /etc/prometheus/prometheus-alertmanager.password
    mode: 0640
    owner: root
    group: prometheus
  no_log: yes
  notify: reload prometheus

- name: generate password file prometheus server to access federation
  loop: "{{ prometheus_server_federation | default({}) | dict2items | selectattr('value.basic_auth', 'defined') }}"
  loop_control:
    label: "{{ item.key }}"
  copy:
    content: "{{ item.value.basic_auth.password }}\n"
    dest: "/etc/prometheus/prometheus-federation-{{ item.key }}.password"
    mode: 0640
    owner: root
    group: prometheus
  no_log: yes
  notify: reload prometheus

- name: generate systemd service unit
  template:
    src: prometheus.service.j2
    dest: /etc/systemd/system/prometheus.service
  notify: restart prometheus

- name: make sure prometheus is enabled and started
  systemd:
    name: prometheus.service
    daemon_reload: yes
    state: started
    enabled: yes