summaryrefslogtreecommitdiff
path: root/roles/monitoring/prometheus/server/tasks/main.yml
blob: 4b1bf2c4fd1fc17fb211054c656a9278debc778a (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
---
- name: check if prometheus apt component of spreadspace repo is enabled
  assert:
    msg: "please enable the 'prometheus' component of spreadspace repo using 'spreadspace_apt_repo_components'"
    that:
    - spreadspace_apt_repo_components is defined
    - "'prometheus' in spreadspace_apt_repo_components"

- name: prepare storage volume for /var/lib/prometheus
  when: prometheus_server_storage is defined
  vars:
    storage_volume: "{{ prometheus_server_storage | combine({'dest': '/var/lib/prometheus'}) }}"
  include_role:
    name: "storage/{{ prometheus_server_storage.type }}/volume"

  ## TODO: pin version
- name: install apt packages
  apt:
    name: prom-server
    state: present

- name: add user for server
  user:
    name: prometheus
    system: yes
    home: /var/lib/prometheus
    create_home: no

- name: create data directory
  file:
    path: /var/lib/prometheus/metrics2
    state: directory
    owner: prometheus
    group: prometheus

- name: create TLS CA and certificates
  import_tasks: tls.yml

- name: create configuration directories
  loop:
  - rules
  - targets
  file:
    path: "/etc/prometheus/{{ item }}"
    state: directory

- name: create sub-directories for all jobs in targets directory
  loop: "{{ prometheus_server_jobs }}"
  file:
    path: "/etc/prometheus/targets/{{ item }}"
    state: directory

- name: enable/disable job targets
  vars:
    job_targets: "{{ hostvars | prometheus_job_targets(prometheus_server_jobs, prometheus_zone_targets) }}"
  block:
  - name: install files for enabled targets
    loop: "{{ job_targets | selectattr('enabled') }}"
    loop_control:
      loop_var: target
      label: "{{ target.job }} -> {{ target.instance }}"
    template:
      src: "{{ lookup('first_found', {'paths': ['templates/targets'], 'files': [target.job + '.yml.j2', 'generic.yml.j2']}) }}"
      dest: "/etc/prometheus/targets/{{ target.job }}/{{ target.instance }}.yml"
    notify: reload prometheus

  - name: remove files for disabled targets
    loop: "{{ job_targets | rejectattr('enabled') }}"
    loop_control:
      loop_var: target
      label: "{{ target.job }} -> {{ target.instance }}"
    file:
      path: "/etc/prometheus/targets/{{ target.job }}/{{ target.instance }}.yml"
      state: absent
    notify: reload prometheus

- name: create sub-directories for all jobs in rules directory
  loop: "{{ prometheus_server_jobs | select('match', '.*/.*') | map('dirname') | unique }}"
  file:
    path: "/etc/prometheus/rules/{{ item }}"
    state: directory

- name: generate rules files for all jobs
  loop: "{{ prometheus_server_jobs | union(['prometheus']) }}"
  template:
    src: rules.yml.j2
    dest: "/etc/prometheus/rules/{{ item }}.yml"
    validate: "promtool check rules %s"
  notify: reload prometheus

- name: generate configuration file
  template:
    src: prometheus.yml.j2
    dest: /etc/prometheus/prometheus.yml
    validate: "promtool check config %s"
  notify: reload prometheus

- name: generate web configuration file
  when: prometheus_server_auth_users is defined
  copy:
    content: |
      # Ansible managed
      basic_auth_users:
      {% for user,password in prometheus_server_auth_users.items() %}
        {{ user }}: {{ password | password_hash('bcrypt', (user~'@'~inventory_hostname~'/prometheus/server') | bcrypt_salt) }}
      {% endfor %}
    dest: /etc/prometheus/prometheus-web.yml
    mode: 0640
    owner: root
    group: prometheus
    validate: "promtool check web-config %s"
  notify: reload prometheus

- name: generate password file prometheus server to scrape itself
  when: prometheus_server_selfscraping_auth is defined
  copy:
    content: "{{ prometheus_server_selfscraping_auth.password }}\n"
    dest: /etc/prometheus/prometheus-selfscraping.password
    mode: 0640
    owner: root
    group: prometheus
  no_log: yes
  notify: reload prometheus

- name: generate password file prometheus server to access alertmanager
  when: "'basic_auth' in prometheus_server_alertmanager"
  copy:
    content: "{{ prometheus_server_alertmanager.basic_auth.password }}\n"
    dest: /etc/prometheus/prometheus-alertmanager.password
    mode: 0640
    owner: root
    group: prometheus
  no_log: yes
  notify: reload prometheus

- name: generate systemd service unit
  template:
    src: prometheus.service.j2
    dest: /etc/systemd/system/prometheus.service
  notify: restart prometheus

- name: make sure prometheus is enabled and started
  systemd:
    name: prometheus.service
    daemon_reload: yes
    state: started
    enabled: yes