feat(alertmanager): add ansible role for running alertmanager

README.md

@@ -7,6 +7,10 @@ metrics or alerting.
 
 ## Roles
 
+- [`alertmanager`](roles/alertmanager/README.md): Runs prometheus'
+  alertmanager for receiving alerts from prometheus and routing them
+  to the correct configured receivers.
+
 - [`matrix-alertmanager`](roles/matrix-alertmanager/README.md): An alert-
   manager receiver which posts alerts to a configured matrix channel
   using alertmanagers' webhooks.

roles/alertmanager/README.md

@@ -0,0 +1,10 @@
+# `finallycoffee.observability.alertmanager` ansible role
+
+## Description
+
+This role configures and runs prometheus alertmanager in a docker container.
+
+The config file is templated on the host and persisted in `alertmanager_config_file`.
+
+The alertmanager config can be passed by setting `alertmanager_config`, which expects the same yaml
+format as the "normal" alertmanager config file (with top-level keys `global`, `route` and `receivers`).

roles/alertmanager/defaults/main.yml

@@ -0,0 +1,40 @@
+---
+
+alertmanager_user: alertmanager
+alertmanager_version: 0.25.0
+alertmanager_base_path: /opt/alertmanager
+alertmanager_config_path: "{{ alertmanager_base_path }}/config"
+alertmanager_config_file: "{{ alertmanager_config_path }}/alertmanager.yml"
+alertmanager_data_path: "{{ alertmanager_base_path }}/data"
+
+alertmanager_container_name: alertmanager
+alertmanager_container_image_name: alertmanager
+alertmanager_container_image_namespace: prometheus/
+alertmanager_container_image_registry: quay.io
+
+alertmanager_container_image_repository: >-
+  {{
+    (container_registries[alertmanager_container_image_registry] | default(alertmanager_container_image_registry))
+    + '/' + (alertmanager_container_image_namespace | default(''))
+    + alertmanager_container_image_name
+  }}
+alertmanager_container_image_reference: >-
+  {{
+    alertmanager_container_image_repository + ':'
+    + (alertmanager_container_image_tag | default('v' + alertmanager_version))
+  }}
+
+alertmanager_container_image_force_pull: "{{ alertmanager_container_image_tag is defined }}"
+
+alertmanager_container_default_volumes:
+  - "{{ alertmanager_config_file }}:/etc/alertmanager/alertmanager.yml:ro"
+  - "{{ alertmanager_data_path }}:/alertmanager:rw"
+alertmanager_container_volumes: >-
+  {{ alertmanager_container_default_volumes
+     + alertmanager_container_extra_volumes | default([]) }}
+alertmanager_container_restart_policy: "unless-stopped"
+
+alertmanager_config:
+  global: {}
+  route: {}
+  receivers: []

roles/alertmanager/handlers/main.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Ensure alertmanager is restarted
+  community.docker.docker_container:
+    name: "{{ alertmanager_container_name }}"
+    state: started
+    restart: true
+  listen: restart-alertmanager

roles/alertmanager/tasks/main.yml

@@ -0,0 +1,51 @@
+---
+
+- name: Ensure alertmanager user '{{ alertmanager_user }}' exists
+  ansible.builtin.user:
+    name: "{{ alertmanager_user }}"
+    state: present
+    system: true
+  register: alertmanager_user_info
+
+- name: Ensure mounts are created
+  ansible.builtin.file:
+    dest: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner | default(alertmanager_user_info.uid | default(alertmanager_user)) }}"
+    group: "{{ item.owner | default(alertmanager_user_info.group | default(alertmanager_user)) }}"
+    mode: "{{ item.mode | default('0755') }}"
+  loop:
+    - path: "{{ alertmanager_base_path }}"
+    - path: "{{ alertmanager_data_path }}"
+    - path: "{{ alertmanager_config_path }}"
+
+- name: Ensure config file is templated
+  ansible.builtin.copy:
+    dest: "{{ alertmanager_config_file }}"
+    content: "{{ alertmanager_config | to_nice_yaml }}"
+    owner: "{{ alertmanager_user_info.uid | default(alertmanager_user) }}"
+    owner: "{{ alertmanager_user_info.uid | default(alertmanager_user) }}"
+    mode: "0640"
+  notify:
+    - restart-alertmanager
+
+- name: Ensure container image is present on host
+  community.docker.docker_image:
+    name: "{{ alertmanager_container_image_reference }}"
+    state: present
+    source: pull
+    force_source: "{{ alertmanager_container_image_force_pull | bool }}"
+
+- name: Ensure container '{{ alertmanager_container_name }}' is running
+  community.docker.docker_container:
+    name: "{{ alertmanager_container_name }}"
+    image: "{{ alertmanager_container_image_reference }}"
+    env: "{{ alertmanager_container_env | default(omit) }}"
+    user: "{{ alertmanager_user_info.uid | default(alertmanager_user) }}"
+    ports: "{{ alertmanager_container_ports | default(omit) }}"
+    volumes: "{{ alertmanager_container_volumes | default(omit) }}"
+    networks: "{{ alertmanager_container_networks | default(omit) }}"
+    purge_networks: "{{ alertmanager_container_purge_networks | default(omit) }}"
+    etc_hosts: "{{ alertmanager_container_etc_hosts | default(omit) }}"
+    restart_policy: "{{ alertmanager_container_restart_policy }}"
+    state: started