meta: bump galaxy version to 0.1.3

README.md

@@ -11,6 +11,9 @@ metrics or alerting.
   alertmanager for receiving alerts from prometheus and routing them
   to the correct configured receivers.
 
+- [`cadvisor`](roles/cadvisor/README.md): Run and configure cAdvisor, googles'
+  container performance and resource usage collection and aggregation daemon.
+
 - [`grafana`](roles/grafana/README.md): a popular visualization and
   dashboard creation tool able to use various datasources.
 
@@ -18,6 +21,8 @@ metrics or alerting.
   manager receiver which posts alerts to a configured matrix channel
   using alertmanagers' webhooks.
 
+- [`vmagent`](roles/vmagent/README.md): VictoriaMetrics agent
+
 - [`vmtsdb`](roles/vmtsdb/README.md): VictoriaMetrics time series database.
 
 - [`vmalert`](roles/vmalert/README.md): VictoriaMetrics alerting and

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: finallycoffee
 name: observability
-version: 0.1.0
+version: 0.1.3
 readme: README.md
 authors:
 - transcaffeine <transcaffeine@finally.coffee>
@@ -12,3 +12,10 @@ build_ignore:
 - '*.tar.gz'
 repository: https://git.finally.coffee/finallycoffee/observability
 issues: https://codeberg.org/finallycoffee/ansible-collection-observability/issues
+tags:
+  - observability
+  - monitoring
+  - prometheus
+  - victoriametrics
+  - grafana
+  - alertmanager

playbooks/vmagent.yml

@@ -0,0 +1,6 @@
+---
+- name: Install and configure vmagent
+  hosts: "{{ vmagent_hosts | default('vmagent') }}"
+  become: "{{ vmagent_become | default(false) }}"
+  roles:
+    - role: finallycoffee.observability.vmagent

roles/alertmanager/defaults/main/config.yml

@@ -0,0 +1,8 @@
+---
+alertmanager_config_global: {}
+alertmanager_config_route: {}
+alertmanager_config_receivers: []
+alertmanager_config:
+  global: "{{ alertmanager_config_global }}"
+  route: "{{ alertmanager_config_route }}"
+  receivers: "{{ alertmanager_config_receivers }}"

roles/alertmanager/defaults/main/container.yml

@@ -1,11 +1,4 @@
 ---
-alertmanager_user: alertmanager
-alertmanager_version: 0.27.0
-alertmanager_base_path: /opt/alertmanager
-alertmanager_config_path: "{{ alertmanager_base_path }}/config"
-alertmanager_config_file: "{{ alertmanager_config_path }}/alertmanager.yml"
-alertmanager_data_path: "{{ alertmanager_base_path }}/data"
-
 alertmanager_container_name: alertmanager
 alertmanager_container_image_name: alertmanager
 alertmanager_container_image_namespace: prometheus/
@@ -22,7 +15,7 @@ alertmanager_container_image_reference: >-
     alertmanager_container_image_repository + ':'
     + (alertmanager_container_image_tag | default('v' + alertmanager_version))
   }}
-
+alertmanager_container_image_source: pull
 alertmanager_container_image_force_pull: "{{ alertmanager_container_image_tag is defined }}"
 
 alertmanager_container_default_volumes:
@@ -32,8 +25,5 @@ alertmanager_container_volumes: >-
   {{ alertmanager_container_default_volumes
      + alertmanager_container_extra_volumes | default([]) }}
 alertmanager_container_restart_policy: "unless-stopped"
-
+alertmanager_container_state: >-2
-alertmanager_config:
+  {{ (alertmanager_state == 'present') | ternary('started', 'absent') }}
-  global: {}
-  route: {}
-  receivers: []

roles/alertmanager/defaults/main/main.yml

@@ -0,0 +1,10 @@
+---
+alertmanager_user: alertmanager
+alertmanager_version: 0.27.0
+alertmanager_state: present
+alertmanager_deployment_method: docker
+alertmanager_base_path: /opt/alertmanager
+alertmanager_config_path: "{{ alertmanager_base_path }}/config"
+alertmanager_config_file: "{{ alertmanager_config_path }}/alertmanager.yml"
+alertmanager_data_path: "{{ alertmanager_base_path }}/data"
+

roles/alertmanager/handlers/main.yml

@@ -1,8 +1,8 @@
 ---
-
 - name: Ensure alertmanager is restarted
   community.docker.docker_container:
     name: "{{ alertmanager_container_name }}"
-    state: started
+    state: "{{ alertmanager_container_state }}"
     restart: true
   listen: restart-alertmanager
+  when: alertmanager_deployment_method == 'docker'

roles/alertmanager/meta/main.yml

@@ -0,0 +1,10 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: alertmanager
+  description: Deploy and configure prometheus alertmanager
+  galaxy_tags:
+    - prometheus
+    - alertmanager
+    - observability

roles/alertmanager/tasks/deploy-docker.yml

@@ -0,0 +1,21 @@
+---
+- name: Ensure container image is {{ alertmanager_state }} on host
+  community.docker.docker_image:
+    name: "{{ alertmanager_container_image_reference }}"
+    state: "{{ alertmanager_state }}"
+    source: "{{ alertmanager_container_image_source }}"
+    force_source: "{{ alertmanager_container_image_force_pull | bool }}"
+
+- name: Ensure container '{{ alertmanager_container_name }}' is {{ alertmanager_container_state }}
+  community.docker.docker_container:
+    name: "{{ alertmanager_container_name }}"
+    image: "{{ alertmanager_container_image_reference }}"
+    env: "{{ alertmanager_container_env | default(omit) }}"
+    user: "{{ alertmanager_user_info.uid | default(alertmanager_user) }}"
+    ports: "{{ alertmanager_container_ports | default(omit) }}"
+    volumes: "{{ alertmanager_container_volumes | default(omit) }}"
+    networks: "{{ alertmanager_container_networks | default(omit) }}"
+    purge_networks: "{{ alertmanager_container_purge_networks | default(omit) }}"
+    etc_hosts: "{{ alertmanager_container_etc_hosts | default(omit) }}"
+    restart_policy: "{{ alertmanager_container_restart_policy }}"
+    state: "{{ alertmanager_container_state }}"

roles/alertmanager/tasks/main.yml

@@ -1,16 +1,29 @@
 ---
+- name: Ensure state is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Invalid state '{{ alertmanager_state }}'! Valid
+      states are {{ alertmanager_states | join(', ') }}.
+  when: alertmanager_state not in alertmanager_states
 
-- name: Ensure alertmanager user '{{ alertmanager_user }}' exists
+- name: Ensure deployment method is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Invalid deployment method {{ alertmanager_deployment_method }}!
+      Supported deployment methods are {{ alertmanager_deployment_methods | join(', ') }}.
+  when: alertmanager_deployment_method not in alertmanager_deployment_methods
+
+- name: Ensure alertmanager user '{{ alertmanager_user }}' is {{ alertmanager_state }}
   ansible.builtin.user:
     name: "{{ alertmanager_user }}"
-    state: present
+    state: "{{ alertmanager_state }}"
     system: true
   register: alertmanager_user_info
 
-- name: Ensure mounts are created
+- name: Ensure mounts are {{ alertmanager_state }}
   ansible.builtin.file:
     dest: "{{ item.path }}"
-    state: directory
+    state: "{{ (alertmanager_state == 'present') | ternary('directory', 'absent') }}"
     owner: "{{ item.owner | default(alertmanager_user_info.uid | default(alertmanager_user)) }}"
     group: "{{ item.owner | default(alertmanager_user_info.group | default(alertmanager_user)) }}"
     mode: "{{ item.mode | default('0755') }}"
@@ -24,28 +37,12 @@
     dest: "{{ alertmanager_config_file }}"
     content: "{{ alertmanager_config | to_nice_yaml }}"
     owner: "{{ alertmanager_user_info.uid | default(alertmanager_user) }}"
-    owner: "{{ alertmanager_user_info.uid | default(alertmanager_user) }}"
+    group: "{{ alertmanager_user_info.group | default(alertmanager_user) }}"
     mode: "0640"
+  when: alertmanager_state == 'present'
   notify:
     - restart-alertmanager
 
-- name: Ensure container image is present on host
+- name: Deploy alertmanager using {{ alertmanager_deployment_method }}
-  community.docker.docker_image:
+  ansible.builtin.include_tasks:
-    name: "{{ alertmanager_container_image_reference }}"
+    file: "deploy-{{ alertmanager_deployment_method }}.yml"
-    state: present
-    source: pull
-    force_source: "{{ alertmanager_container_image_force_pull | bool }}"
-
-- name: Ensure container '{{ alertmanager_container_name }}' is running
-  community.docker.docker_container:
-    name: "{{ alertmanager_container_name }}"
-    image: "{{ alertmanager_container_image_reference }}"
-    env: "{{ alertmanager_container_env | default(omit) }}"
-    user: "{{ alertmanager_user_info.uid | default(alertmanager_user) }}"
-    ports: "{{ alertmanager_container_ports | default(omit) }}"
-    volumes: "{{ alertmanager_container_volumes | default(omit) }}"
-    networks: "{{ alertmanager_container_networks | default(omit) }}"
-    purge_networks: "{{ alertmanager_container_purge_networks | default(omit) }}"
-    etc_hosts: "{{ alertmanager_container_etc_hosts | default(omit) }}"
-    restart_policy: "{{ alertmanager_container_restart_policy }}"
-    state: started

roles/alertmanager/vars/main.yml

@@ -0,0 +1,6 @@
+---
+alertmanager_states:
+  - present
+  - absent
+alertmanager_deployment_methods:
+  - docker

roles/cadvisor/defaults/main.yml

@@ -1,52 +0,0 @@
----
-cadvisor_version: 0.49.1
-
-cadvisor_container_name: cadvisor
-cadvisor_container_image_name: gcr.io/cadvisor/cadvisor
-cadvisor_container_image_tag: ~
-cadvisor_container_image_ref: >-
-  {{ cadvisor_container_image_name }}:{{ cadvisor_container_image_tag | default('v' + cadvisor_version, True) }}
-cadvisor_container_volumes: >-
-  {{ cadvisor_container_base_volumes + cadvisor_container_extra_volumes | default([], True) }}
-cadvisor_container_extra_volumes: ~
-cadvisor_container_env: ~
-cadvisor_container_labels: "{{ cadvisor_container_base_labels | combine(cadvisor_container_extra_labels) }}"
-cadvisor_container_extra_labels: {}
-cadvisor_container_ports: ~
-cadvisor_container_networks: ~
-cadvisor_container_etc_hosts: ~
-cadvisor_container_devices: [ "/dev/kmsg:/dev/kmsg:rwm" ]
-cadvisor_container_privileged: yes
-cadvisor_container_pid_mode: "host"
-cadvisor_container_userns_mode: "host"
-cadvisor_container_capabilities: ~
-cadvisor_container_restart_policy: unless-stopped
-cadvisor_container_command: >-2
-  {{ ["--docker_only=false"]
-    + (["--disable_metrics=" + cadvisor_disabled_metrics | join( ',' )]
-      if cadvisor_disabled_metrics | default(false, True) else [])
-    + (["--enable_metrics=" +  cadvisor_force_enable_metrics | join( ',' )]
-      if cadvisor_force_enable_metrics | default(false, True) else [])
-  }}
-cadvisor_container_base_labels:
-  version: "{{ cadvisor_version }}"
-cadvisor_container_base_volumes:
-  - "/:/rootfs:ro"
-  - "/var/run:/var/run:ro"
-  - "/sys:/sys:ro"
-  - "/var/lib/docker/:/var/lib/docker:ro"
-  - "/dev/disk/:/dev/disk:ro"
-
-cadvisor_disabled_metrics:
-  - advtcp
-  - cpu_topology
-  - cpuset
-  - hugetlb
-  - memory_numa
-  - process
-  - referenced_memory
-  - resctrl
-  - sched
-  - tcp
-  - udp
-cadvisor_force_enable_metrics: []

roles/cadvisor/defaults/main/container.yml

@@ -0,0 +1,56 @@
+---
+cadvisor_container_image_registry: gcr.io
+cadvisor_container_image_namespace: cadvisor
+cadvisor_container_image_name: cadvisor
+cadvisor_container_image: >-2
+  {{
+    [
+      cadvisor_container_image_registry,
+      cadvisor_container_image_namespace,
+      cadvisor_container_image_name,
+    ] | flatten | join('/')
+  }}
+cadvisor_container_image_tag: ~
+cadvisor_container_image_ref: >-2
+  {{ cadvisor_container_image }}:{{ cadvisor_container_image_tag | default('v' + cadvisor_version, true) }}
+cadvisor_container_image_source: pull
+cadvisor_container_image_force_source: >-2
+  {{ cadvisor_container_image_tag | default(false, true) | bool }}
+
+cadvisor_container_state: >-2
+  {{ (cadvisor_state == 'present') | ternary('started', 'absent') }}
+
+cadvisor_container_name: cadvisor
+cadvisor_container_volumes: >-2
+  {{ cadvisor_container_base_volumes + cadvisor_container_extra_volumes | default([], true) }}
+cadvisor_container_extra_volumes: ~
+cadvisor_container_env: ~
+cadvisor_container_labels: >-2
+  {{ cadvisor_container_base_labels | combine(cadvisor_container_extra_labels) }}
+cadvisor_container_extra_labels: {}
+cadvisor_container_ports: ~
+cadvisor_container_networks: ~
+cadvisor_container_etc_hosts: ~
+cadvisor_container_devices:
+  - "/dev/kmsg:/dev/kmsg:rwm"
+cadvisor_container_privileged: true
+cadvisor_container_pid_mode: "host"
+cadvisor_container_userns_mode: "host"
+cadvisor_container_capabilities: ~
+cadvisor_container_restart_policy: "unless-stopped"
+cadvisor_container_command: >-2
+  {{ ["--docker_only=false"]
+    + (["--disable_metrics=" + cadvisor_disabled_metrics | join( ',' )]
+      if cadvisor_disabled_metrics | default(false, true) else [])
+    + (["--enable_metrics=" +  cadvisor_force_enable_metrics | join( ',' )]
+      if cadvisor_force_enable_metrics | default(false, true) else [])
+  }}
+cadvisor_container_base_labels:
+  version: "{{ cadvisor_version }}"
+cadvisor_container_base_volumes:
+  - "/:/rootfs:ro"
+  - "/var/run:/var/run:ro"
+  - "/sys:/sys:ro"
+  - "/var/lib/docker/:/var/lib/docker:ro"
+  - "/dev/disk/:/dev/disk:ro"
+

roles/cadvisor/defaults/main/main.yml

@@ -0,0 +1,18 @@
+---
+cadvisor_version: "0.51.0"
+cadvisor_state: present
+cadvisor_deployment_method: docker
+
+cadvisor_disabled_metrics:
+  - advtcp
+  - cpu_topology
+  - cpuset
+  - hugetlb
+  - memory_numa
+  - process
+  - referenced_memory
+  - resctrl
+  - sched
+  - tcp
+  - udp
+cadvisor_force_enable_metrics: []

roles/cadvisor/meta/main.yml

@@ -0,0 +1,11 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: cadvisor
+  description: Deploy cadvisor (Container Advisor), a container performance and resource usage aggregation daemon
+  galaxy_tags:
+    - cadvisor
+    - observability
+    - container
+    - docker

roles/cadvisor/tasks/deploy-docker.yml

@@ -0,0 +1,25 @@
+---
+- name: Ensure cadvisor container image '{{ cadvisor_container_image_ref }}' is {{ cadvisor_state }}
+  community.docker.docker_image:
+    name: "{{ cadvisor_container_image_ref }}"
+    state: "{{ cadvisor_state }}"
+    source: "{{ cadvisor_container_image_source }}"
+    force_source: "{{ cadvisor_container_image_force_source }}"
+
+- name: Ensure cadvisor container '{{ cadvisor_container_name }}' is {{ cadvisor_container_state }}
+  community.docker.docker_container:
+    name: "{{ cadvisor_container_name }}"
+    image: "{{ cadvisor_container_image_ref }}"
+    env: "{{ cadvisor_container_env | default(omit, true) }}"
+    ports: "{{ cadvisor_container_ports | default(omit, true) }}"
+    labels: "{{ cadvisor_container_labels }}"
+    devices: "{{ cadvisor_container_devices }}"
+    volumes: "{{ cadvisor_container_volumes }}"
+    networks: "{{ cadvisor_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ cadvisor_container_etc_hosts | default(omit, true) }}"
+    privileged: "{{ cadvisor_container_privileged }}"
+    command: "{{ cadvisor_container_command }}"
+    pid_mode: "{{ cadvisor_container_pid_mode | default(omit, true) }}"
+    userns_mode: "{{ cadvisor_container_userns_mode | default(omit, true) }}"
+    restart_policy: "{{ cadvisor_container_restart_policy }}"
+    state: "{{ cadvisor_container_state }}"

roles/cadvisor/tasks/main.yml

@@ -1,26 +1,18 @@
 ---
+- name: Ensure state is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unknown state '{{ cadvisor_state }}'! Supported
+      states are: {{ cadvisor_states | join(', ') }}.
+  when: cadvisor_state not in cadvisor_states
 
-- name: Ensure container image is present
+- name: Ensure deployment method is valid
-  docker_image:
+  ansible.builtin.fail:
-    name: "{{ cadvisor_container_image_ref }}"
+    msg: >-2
-    state: present
+      Unknown deployment method '{{ cadvisor_deployment_method }}'! Supported
-    source: pull
+      deployment methods are: {{ cadvisor_deployment_methods | join(', ') }}.
-    force_source: "{{ cadvisor_container_image_tag|default(False, True) | bool }}"
+  when: cadvisor_deployment_method not in cadvisor_deployment_methods
 
-- name: Ensure cadvisor container is running
+- name: Deploy using {{ cadvisor_deployment_method }}
-  docker_container:
+  ansible.builtin.include_tasks:
-    name: "{{ cadvisor_container_name }}"
+    file: "deploy-{{ cadvisor_deployment_method }}.yml"
-    image: "{{ cadvisor_container_image_ref }}"
-    env: "{{ cadvisor_container_env | default(omit, True) }}"
-    ports: "{{ cadvisor_container_ports | default(omit, True) }}"
-    labels: "{{ cadvisor_container_labels }}"
-    devices: "{{ cadvisor_container_devices }}"
-    volumes: "{{ cadvisor_container_volumes }}"
-    networks: "{{ cadvisor_container_networks | default(omit, True) }}"
-    etc_hosts: "{{ cadvisor_container_etc_hosts | default(omit, True) }}"
-    privileged: "{{ cadvisor_container_privileged }}"
-    command: "{{ cadvisor_container_command }}"
-    pid_mode: "{{ cadvisor_container_pid_mode | default(omit, True) }}"
-    userns_mode: "{{ cadvisor_container_userns_mode | default(omit, True) }}"
-    restart_policy: "{{ cadvisor_container_restart_policy }}"
-    state: started

roles/cadvisor/vars/main.yml

@@ -0,0 +1,6 @@
+---
+cadvisor_states:
+  - present
+  - absent
+cadvisor_deployment_methods:
+  - docker

roles/grafana/defaults/main/config.yml

@@ -1,50 +1,4 @@
 ---
-grafana_user: grafana
-grafana_version: "10.1.1"
-grafana_base_path: "/opt/grafana"
-grafana_config_path: "{{ grafana_base_path }}/config"
-grafana_config_file: "{{ grafana_config_path }}/grafana.ini"
-grafana_ldap_config_file: "{{ grafana_config_path }}/ldap.toml"
-grafana_provisioning_path: "{{ grafana_config_path }}/provisioning"
-grafana_notifier_provisioning_path: "{{ grafana_provisioning_path }}/notifiers"
-grafana_dashboard_provisioning_path: "{{ grafana_provisioning_path }}/dashboards"
-grafana_datasource_provisioning_path: "{{ grafana_provisioning_path }}/datasources"
-grafana_plugin_provisioning_path: "{{ grafana_provisioning_path }}/plugins"
-grafana_data_path: "{{ grafana_base_path }}/data"
-grafana_logs_path: "{{ grafana_base_path }}/logs"
-grafana_state: present
-
-grafana_run_user: >-
-  {{ ('uid' in (grafana_user_info | default([]))) | ternary(grafana_user_info.uid, grafana_user) }}
-grafana_run_group: >-
-  {{ ('group' in (grafana_user_info | default([]))) | ternary(grafana_user_info.group, grafana_user) }}
-
-grafana_container_image_server: "docker.io"
-grafana_container_image_namespace: "grafana"
-grafana_container_image_container: "grafana"
-grafana_container_image_name: >-
-  {{
-    [
-      ((grafana_container_image_server is defined)
-        | ternary([ grafana_container_image_server ], [])),
-      ((grafana_container_image_namespace is defined)
-        | ternary([ grafana_container_image_namespace], [])),
-      grafana_container_image_container,
-    ] | ansible.builtin.flatten | join('/')
-  }}
-grafana_container_image: >-
-  {{ grafana_container_image_name }}:{{ grafana_container_image_tag | default(grafana_version, true) }}
-
-grafana_container_name: grafana
-grafana_container_base_volumes:
-  - "{{ grafana_config_path }}:{{ grafana_container_config_path }}:ro"
-  - "{{ grafana_data_path }}:{{ grafana_container_data_path }}:rw"
-  - "{{ grafana_logs_path }}:{{ grafana_container_logs_path }}:rw"
-grafana_container_volumes: []
-grafana_container_collected_volumes: >-
-  {{ grafana_container_base_volumes + grafana_container_volumes }}
-grafana_container_restart_policy: "unless-stopped"
-
 grafana_config_log_mode:
   - console
   - file

roles/grafana/defaults/main/container.yml

@@ -0,0 +1,26 @@
+---
+grafana_container_image_server: "docker.io"
+grafana_container_image_namespace: "grafana"
+grafana_container_image_container: "grafana"
+grafana_container_image_name: >-2
+  {{
+    [
+      ((grafana_container_image_server is defined)
+        | ternary([ grafana_container_image_server ], [])),
+      ((grafana_container_image_namespace is defined)
+        | ternary([ grafana_container_image_namespace], [])),
+      grafana_container_image_container,
+    ] | ansible.builtin.flatten | join('/')
+  }}
+grafana_container_image: >-2
+  {{ grafana_container_image_name }}:{{ grafana_container_image_tag | default(grafana_version, true) }}
+
+grafana_container_name: grafana
+grafana_container_base_volumes:
+  - "{{ grafana_config_path }}:{{ grafana_container_config_path }}:ro"
+  - "{{ grafana_data_path }}:{{ grafana_container_data_path }}:rw"
+  - "{{ grafana_logs_path }}:{{ grafana_container_logs_path }}:rw"
+grafana_container_volumes: []
+grafana_container_collected_volumes: >-2
+  {{ grafana_container_base_volumes + grafana_container_volumes }}
+grafana_container_restart_policy: "unless-stopped"

roles/grafana/defaults/main/main.yml

@@ -0,0 +1,20 @@
+---
+grafana_user: grafana
+grafana_version: "11.3.0"
+grafana_base_path: "/opt/grafana"
+grafana_config_path: "{{ grafana_base_path }}/config"
+grafana_config_file: "{{ grafana_config_path }}/grafana.ini"
+grafana_ldap_config_file: "{{ grafana_config_path }}/ldap.toml"
+grafana_provisioning_path: "{{ grafana_config_path }}/provisioning"
+grafana_notifier_provisioning_path: "{{ grafana_provisioning_path }}/notifiers"
+grafana_dashboard_provisioning_path: "{{ grafana_provisioning_path }}/dashboards"
+grafana_datasource_provisioning_path: "{{ grafana_provisioning_path }}/datasources"
+grafana_plugin_provisioning_path: "{{ grafana_provisioning_path }}/plugins"
+grafana_data_path: "{{ grafana_base_path }}/data"
+grafana_logs_path: "{{ grafana_base_path }}/logs"
+grafana_state: present
+
+grafana_run_user: >-
+  {{ ('uid' in (grafana_user_info | default([]))) | ternary(grafana_user_info.uid, grafana_user) }}
+grafana_run_group: >-
+  {{ ('group' in (grafana_user_info | default([]))) | ternary(grafana_user_info.group, grafana_user) }}

roles/grafana/tasks/main.yml

@@ -2,7 +2,7 @@
 - name: Ensure grafana_state is valid
   ansible.builtin.assert:
     that:
-      - "grafana_state in ['present', 'absent']"
+      - "grafana_state in grafana_states"
     fail_msg: >-
       Only 'present' and 'absent' are allowed as values for grafana_state
 

roles/grafana/vars/main.yml

@@ -1,4 +1,7 @@
 ---
+grafana_states:
+  - present
+  - absent
 grafana_container_config_path: "/etc/grafana"
 grafana_container_data_path: "/var/lib/grafana"
 grafana_container_logs_path: "/var/log/grafana"

roles/postgres_exporter/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 
-postgres_exporter_version: "0.10.1"
+postgres_exporter_version: "0.15.0"
 postgres_exporter_user: root
 postgres_exporter_create_user: false
 

roles/vmagent/README.md

@@ -0,0 +1,27 @@
+# `finallycoffee.observability.vmagent` ansible role
+
+Install and configure the
+[victoriametrics agent `vmagent`](https://docs.victoriametrics.com/vmagent/)
+using the [supported deployment types (see `vars/main.yml#L5`)](vars/main.yml#L5).
+
+## Configuration
+
+Set scrape job configuration as complex data in `vmagent_config_scrape_configs`.
+To tune the scrape interval, override `vmagent_config_global_scrape_interval`,
+or modify / extend `vmagent_config` directly.
+
+### Prometheus remote write api with basic auth
+
+One of the more common methods of sending the collected metrics to a
+central prometheus server. Set the following variables to archieve this:
+
+```yaml
+vmagent_flags:
+  remoteWrite_url: https://my.prometheus.instance.example.com/api/v1/write
+  remoteWrite_basicAuth_username: my_prom_user
+  remoteWrite_basicAuth_passwordFile: /path/to/password/file.key
+```
+
+For the full set of options, see either the
+[vmagents' "Advanced usage" documentation](https://docs.victoriametrics.com/vmagent/#advanced-usage)
+or run `vmagent -help` for the same output.

roles/vmagent/defaults/main/config.yml

@@ -0,0 +1,17 @@
+---
+vmagent_config_global_scrape_interval: "30s"
+vmagent_config_global_scrape_timeout: "10s"
+vmagent_config_global_external_labels: {}
+vmagent_config_scrape_configs: []
+
+vmagent_config: ~
+vmagent_base_config:
+  global:
+    scrape_interval: "{{ vmagent_config_global_scrape_interval }}"
+    scrape_timeout: "{{ vmagent_config_global_scrape_timeout }}"
+    external_labels: "{{ vmagent_config_global_external_labels }}"
+  scrape_configs: "{{ vmagent_config_scrape_configs }}"
+
+vmagent_merged_config: >-2
+  {{ (vmagent_base_config | default({}, true))
+    | combine(vmagent_config | default({}, true), recursive=True) }}

roles/vmagent/defaults/main/container.yml

@@ -0,0 +1,59 @@
+---
+vmagent_container_image_registry: "docker.io"
+vmagent_container_image_namespace: "victoriametrics"
+vmagent_container_image_name: "vmagent"
+vmagent_container_image_tag: ~
+vmagent_container_image: >-2
+  {{
+    ([
+      vmagent_container_image_registry,
+      vmagent_container_image_namespace,
+      vmagent_container_image_name,
+    ] | join('/'))
+    + ':'
+    + (vmagent_container_image_tag
+      | default('v' + vmagent_version, true))
+  }}
+vmagent_container_image_source: pull
+vmagent_container_image_force_source: >-2
+  {{ vmagent_container_image_tag | default(false, true) | bool }}
+vmagent_container_image_network_retries: 3
+vmagent_container_image_network_delay: 5
+
+vmagent_container_name: vmagent
+vmagent_container_user: ~
+vmagent_container_ports: ~
+vmagent_container_labels: ~
+vmagent_container_command: >-2
+  {% for flag in vmagent_all_flags -%}
+  -{{ flag }}
+  {% endfor -%}
+vmagent_container_networks: ~
+vmagent_container_network_mode: ~
+vmagent_container_etc_hosts: ~
+vmagent_container_dns_servers: ~
+vmagent_container_restart_policy: >-2
+  {{ (vmagent_deployment_type == 'docker')
+    | ternary('unless-stopped', 'on-failure') }}
+vmagent_container_state: >-2
+  {{ (vmagent_state == 'present') | ternary('started', 'absent') }}
+
+vmagent_container_base_volumes:
+  - "{{ vmagent_scrape_config_file }}:{{ vmagent_scrape_config_file }}:ro"
+  - "{{ vmagent_cache_path }}:{{ vmagent_cache_path }}:z"
+vmagent_container_volumes: ~
+vmagent_container_all_volumes: >-2
+  {{ (vmagent_container_base_volumes | default([], true))
+    + (vmagent_container_volumes | default([], true)) }}
+
+vmagent_container_base_env:
+  remoteWrite_tmpDataPath: "{{ vmagent_cache_path }}"
+  promscrape_config: "{{ vmagent_scrape_config_file }}"
+vmagent_container_env: ~
+vmagent_container_merged_env: >-2
+  {{ (vmagent_container_base_env | default({}, true))
+    | combine(vmagent_container_env | default({})) }}
+vmagent_container_comparisons:
+  env: allow_more_present
+  image: strict
+  labels: allow_more_present

roles/vmagent/defaults/main/main.yml

@@ -0,0 +1,16 @@
+---
+vmagent_user: vmagent
+vmagent_version: "1.106.0"
+vmagent_state: present
+vmagent_deployment_method: "docker"
+
+vmagent_scrape_config_file: "/etc/vmagent/scrape_config.yml"
+vmagent_config_path: "{{ vmagent_scrape_config_file | dirname }}"
+vmagent_cache_path: "/var/cache/vmagent"
+
+vmagent_base_flags:
+  - "enableTCP6"
+  - "envflag.enable"
+vmagent_flags: ~
+vmagent_all_flags: >-2
+  {{ vmagent_base_flags + (vmagent_flags | default([], true)) }}

roles/vmagent/defaults/main/user.yml

@@ -0,0 +1,7 @@
+---
+vmagent_user_groups: ~
+
+vmagent_run_user_id: >-2
+  {{ vmagent_user_info.uid | default(vmagent_user) }}
+vmagent_run_group_id: >-2
+  {{ vmagent_user_info.group | default(vmagent_user) }}

roles/vmagent/handlers/main.yml

@@ -0,0 +1,9 @@
+---
+- name: Ensure vmagent container '{{ vmagent_container_name }}' is restarted
+  community.docker.docker_container:
+    name: "{{ vmagent_container_name }}"
+    state: "{{ vmagent_container_state }}"
+    restart: true
+  listen: "vmagent-reload"
+  ignore_errors: "{{ ansible_check_mode }}"
+  when: vmagent_deployment_method == 'docker'

roles/vmagent/meta/main.yml

@@ -0,0 +1,10 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: vmagent
+  description: Deploy and configure the victoriametrics agent `vmagent`
+  galaxy_tags:
+    - victoriametrics
+    - vmagent
+    - prometheus

roles/vmagent/tasks/deploy-docker.yml

@@ -0,0 +1,29 @@
+---
+- name: Ensure container image '{{ vmagent_container_image }}' is {{ vmagent_state }}
+  community.docker.docker_image:
+    name: "{{ vmagent_container_image }}"
+    state: "{{ vmagent_state }}"
+    source: "{{ vmagent_container_image_source }}"
+    force_source: "{{ vmagent_container_image_force_source }}"
+  register: vmagent_container_image_info
+  until: vmagent_container_image_info is success
+  retries: "{{ vmagent_container_image_network_retries }}"
+  delay: "{{ vmagent_container_image_network_delay }}"
+
+- name: Ensure container '{{ vmagent_container_name }}' is {{ vmagent_container_state }}
+  community.docker.docker_container:
+    name: "{{ vmagent_container_name }}"
+    image: "{{ vmagent_container_image }}"
+    env: "{{ vmagent_container_merged_env }}"
+    user: "{{ vmagent_container_user }}"
+    ports: "{{ vmagent_container_ports | default(omit, true) }}"
+    labels: "{{ vmagent_container_labels | default(omit, true) }}"
+    command: "{{ vmagent_container_command }}"
+    volumes: "{{ vmagent_container_all_volumes }}"
+    networks: "{{ vmagent_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ vmagent_container_etc_hosts | default(omit, true) }}"
+    dns_servers: "{{ vmagent_container_dns_servers | default(omit, true) }}"
+    network_mode: "{{ vmagent_container_network_mode | default(omit, true) }}"
+    restart_policy: "{{ vmagent_container_restart_policy | default(omit, true) }}"
+    comparisons: "{{ vmagent_container_comparisons | default(omit, true) }}"
+    state: "{{ vmagent_container_state }}"

roles/vmagent/tasks/main.yml

@@ -0,0 +1,54 @@
+---
+- name: Check that `vmagent_state` is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported state '{{ vmagent_state }}'! Supported states
+      are {{ vmagent_states | join(', ') }}.
+  when: vmagent_state not in vmagent_states
+
+- name: Check that `vmagent_deployment_method` is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported deployment method '{{ vmagent_deployment_method }}'!
+      Supported are: {{ vmagent_deployment_methods | join(', ') }}.
+  when: vmagent_deployment_method not in vmagent_deployment_methods
+
+- name: Ensure vmagent user '{{ vmagent_user }}' is {{ vmagent_state }}
+  ansible.builtin.user:
+    name: "{{ vmagent_user }}"
+    state: "{{ vmagent_state }}"
+    system: "{{ vmagent_user_system | default(true, true) }}"
+    groups: "{{ vmagent_user_groups | default(omit, true) }}"
+    append: "{{ (vmagent_user_groups | default([], true)) | length > 0 }}"
+    create_home: "{{ vmagent_user_create_home | default(false, true) }}"
+  register: vmagent_user_info
+
+- name: Ensure configuration file '{{ vmagent_scrape_config_file }}' is {{ vmagent_state }}
+  ansible.builtin.file:
+    path: "{{ vmagent_scrape_config_file }}"
+    state: "{{ vmagent_state }}"
+  when: vmagent_state == 'absent'
+
+- name: Ensure config directory '{{ vmagent_config_path }}' is {{ vmagent_state }}
+  ansible.builtin.file:
+    path: "{{ vmagent_config_path }}"
+    state: >-2
+      {{ (vmagent_state == 'present') | ternary('directory', 'absent') }}
+    owner: "{{ vmagent_run_user_id }}"
+    group: "{{ vmagent_run_group_id }}"
+    mode: "0755"
+
+- name: Ensure configuration file '{{ vmagent_scrape_config_file }}' is {{ vmagent_state }}
+  ansible.builtin.copy:
+    dest: "{{ vmagent_scrape_config_file }}"
+    content: "{{ vmagent_merged_config | to_nice_yaml(indent=4, width=1000) }}"
+    owner: "{{ vmagent_run_user_id }}"
+    group: "{{ vmagent_run_group_id }}"
+    mode: "0644"
+  when: vmagent_state == 'present'
+  notify:
+    - vmagent-reload
+
+- name: Ensure vmagent is deployed using {{ vmagent_deployment_method }}
+  ansible.builtin.include_tasks:
+    file: "deploy-{{ vmagent_deployment_method }}.yml"

roles/vmagent/vars/main.yml

@@ -0,0 +1,6 @@
+---
+vmagent_states:
+  - present
+  - absent
+vmagent_deployment_methods:
+  - docker

roles/vmalert/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 vmalert_state: present
 vmalert_user: vmalert
-vmalert_version: "1.104.0"
+vmalert_version: "1.106.0"
 vmalert_base_path: "/opt/vmalert"
 vmalert_config_path: "{{ vmalert_base_path }}/config"
 vmalert_alert_config: "{{ vmalert_config_path }}/alerts.yml"

roles/vmtsdb/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 vmtsdb_state: present
 vmtsdb_user: vmtsdb
-vmtsdb_version: "1.104.0"
+vmtsdb_version: "1.106.0"
 vmtsdb_base_path: "/opt/vmtsdb"
 vmtsdb_data_path: "{{ vmtsdb_base_path }}/data"