blob: b552fd2734157a8a4273aef2611afda1e129bd90 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
---
- name: check if prometheus apt component of spreadspace repo is enabled
assert:
msg: "please enable the 'prometheus' component of spreadspace repo using 'spreadspace_apt_repo_components'"
that:
- spreadspace_apt_repo_components is defined
- "'prometheus' in spreadspace_apt_repo_components"
- name: prepare storage volume for /var/lib/prometheus
when: prometheus_server_storage is defined
vars:
storage_volume: "{{ prometheus_server_storage | combine({'dest': '/var/lib/prometheus'}) }}"
include_role:
name: "storage/{{ prometheus_server_storage.type }}/volume"
- name: generate apt pin file for prometheus package
when: prometheus_server_version is defined
copy:
dest: "/etc/apt/preferences.d/prom-server.pref"
content: |
Package: prom-server
Pin: version {{ prometheus_server_version }}-1
Pin-Priority: 1001
- name: remove apt pin file for prometheus package
when: prometheus_server_version is not defined
file:
path: "/etc/apt/preferences.d/prom-server.pref"
state: absent
- name: install apt packages
apt:
name: "prom-server{% if prometheus_server_version is defined %}={{ prometheus_server_version }}-1{% endif %}"
state: present
allow_downgrade: yes
notify: restart prometheus
- name: add user for server
user:
name: prometheus
system: yes
home: /var/lib/prometheus
create_home: no
- name: create data directory
file:
path: /var/lib/prometheus/metrics2
state: directory
owner: prometheus
group: prometheus
- name: create TLS CA and certificates
import_tasks: tls.yml
- name: create configuration directories
loop:
- rules
- targets
file:
path: "/etc/prometheus/{{ item }}"
state: directory
- name: create sub-directories for all jobs in targets directory
loop: "{{ prometheus_server_jobs }}"
file:
path: "/etc/prometheus/targets/{{ item }}"
state: directory
- name: create sub-directories for all jobs in rules directory
loop: "{{ prometheus_server_jobs | union(prometheus_server_federation | default({}) | dict2items | map(attribute='value.jobs') | flatten | unique) | select('match', '.*/.*') | map('dirname') | unique }}"
file:
path: "/etc/prometheus/rules/{{ item }}"
state: directory
- name: generate rules files for all jobs
loop: "{{ prometheus_server_jobs | union(prometheus_server_federation | default({}) | dict2items | map(attribute='value.jobs') | flatten | unique) | union(['prometheus']) }}"
template:
src: rules.yml.j2
dest: "/etc/prometheus/rules/{{ item }}.yml"
validate: "promtool check rules %s"
notify: reload prometheus
- name: generate web configuration file
when: prometheus_server_auth_users is defined
copy:
content: |
# Ansible managed
basic_auth_users:
{% for user,password in prometheus_server_auth_users.items() %}
{{ user }}: {{ password | password_hash('bcrypt', (user~'@'~inventory_hostname~'/prometheus/server') | bcrypt_salt) }}
{% endfor %}
dest: /etc/prometheus/prometheus-web.yml
mode: 0640
owner: root
group: prometheus
validate: "promtool check web-config %s"
notify: reload prometheus
- name: generate password file prometheus server to scrape itself
when: prometheus_server_selfscraping_auth is defined
copy:
content: "{{ prometheus_server_selfscraping_auth.password }}\n"
dest: /etc/prometheus/prometheus-selfscraping.password
mode: 0640
owner: root
group: prometheus
no_log: yes
notify: reload prometheus
- name: generate password file prometheus server to access alertmanager
when:
- prometheus_server_alertmanager is defined
- "'basic_auth' in prometheus_server_alertmanager"
copy:
content: "{{ prometheus_server_alertmanager.basic_auth.password }}\n"
dest: /etc/prometheus/prometheus-alertmanager.password
mode: 0640
owner: root
group: prometheus
no_log: yes
notify: reload prometheus
- name: generate password file prometheus server to access federation
loop: "{{ prometheus_server_federation | default({}) | dict2items | selectattr('value.basic_auth', 'defined') }}"
loop_control:
label: "{{ item.key }}"
copy:
content: "{{ item.value.basic_auth.password }}\n"
dest: "/etc/prometheus/prometheus-federation-{{ item.key }}.password"
mode: 0640
owner: root
group: prometheus
no_log: yes
notify: reload prometheus
- name: generate extra secret files
when: prometheus_server_secret_files is defined
loop: "{{ prometheus_server_secret_files | dict2items }}"
loop_control:
label: "{{ item.key }}"
copy:
content: "{{ item.value }}"
dest: "/etc/prometheus/prometheus-{{ item.key }}.secret"
mode: 0640
owner: root
group: prometheus
notify: reload prometheus
- name: generate configuration file
template:
src: prometheus.yml.j2
dest: /etc/prometheus/prometheus.yml
validate: "promtool check config %s"
notify: reload prometheus
- name: generate systemd service unit
template:
src: prometheus.service.j2
dest: /etc/systemd/system/prometheus.service
notify: restart prometheus
- name: make sure prometheus is enabled and started
systemd:
name: prometheus.service
daemon_reload: yes
state: started
enabled: yes
|
