feat(vmalert): add role for deployment in docker

README.md

@@ -15,6 +15,11 @@ metrics or alerting.
   manager receiver which posts alerts to a configured matrix channel
   using alertmanagers' webhooks.
 
+- [`vmtsdb`](roles/vmtsdb/README.md): VictoriaMetrics time series database.
+
+- [`vmalert`](roles/vmalert/README.md): VictoriaMetrics alerting and
+  ruling engine.
+
 - [`postgres_exporter`](roles/postgres_exporter/README.md): Prometheus
   exporter for postgres databases, in a docker container.
 

playbooks/vmalert.yml

@@ -0,0 +1,6 @@
+---
+- name: Install vmalert using docker
+  hosts: "{{ vmalert_hosts | default('vmalert') }}"
+  become: "{{ vmalert_become | default(false) }}"
+  roles:
+    - role: finallycoffee.observability.vmalert

playbooks/vmtsdb.yml

@@ -0,0 +1,6 @@
+---
+- name: Install vmtsdb using docker
+  hosts: "{{ vmtsdb_hosts | default('vmtsdb') }}"
+  become: "{{ vmtsdb_become | default(false) }}"
+  roles:
+    - role: finallycoffee.observability.vmtsdb

roles/vmalert/README.md

@@ -0,0 +1,11 @@
+# `finallycoffee.observability.vmalert` ansible role
+
+## Description
+
+This role configures `vmalert` and runs it in the officially distributed docker container.
+
+The default configuration file for recording rules is `vmalert_recording_config` and the default file for alerts is `vmalert_alert_config`. To set rules in a prometheus-like syntax, supply them to the role using `vmalert_alerts` or `vmalert_records`.
+
+It is also possible to pass extra rule-files to load using `vmalert_rule_files`, though care must be taken to also mount them to the location in the container by populating `vmalert_container_volumes`.
+
+VM alert runs with the `envflag.enable` flag by default, so configuration to vmalert can be passed using `vmalert_container_env` with the syntax found on the official victoriametrics documentation.

roles/vmalert/defaults/main.yml

@@ -0,0 +1,57 @@
+---
+vmalert_state: present
+vmalert_user: vmalert
+vmalert_version: "1.87.5"
+vmalert_base_path: "/opt/vmalert"
+vmalert_config_path: "{{ vmalert_base_path }}/config"
+vmalert_alert_config: "{{ vmalert_config_path }}/alerts.yml"
+vmalert_recording_config: "{{ vmalert_config_path }}/records.yml"
+
+vmalert_alerts: {}
+vmalert_records: {}
+vmalert_rule_files: []
+vmalert_default_rule_files:
+  - "{{ vmalert_alert_config }}"
+  - "{{ vmalert_recording_config }}"
+vmalert_merged_rule_files: >-
+  {{ vmalert_default_rule_files + vmalert_rule_files }}
+
+vmalert_container_image_server: docker.io
+vmalert_container_image_namespace: "victoriametrics"
+vmalert_container_image_container: "vmalert"
+vmalert_container_image_name: >-2
+  {{
+    vmalert_container_image_server
+    + ((vmalert_container_image_namespace is defined)
+      | ternary('/' ~ vmalert_container_image_namespace, ''))
+    + '/' + vmalert_container_image_container
+  }}
+#vmalert_container_image_tag:
+vmalert_container_image: >-2
+  {{ vmalert_container_image_name }}:{{ vmalert_container_image_tag | default('v' + vmalert_version, false) }}
+
+vmalert_user_id: >-
+  {{ (vmalert_user_info is defined and 'uid' in vmalert_user_info) | ternary(vmalert_user_info.uid, vmalert_user) }}
+vmalert_group_id: >-
+  {{ (vmalert_user_info is defined and 'group' in vmalert_user_info) | ternary(vmalert_user_info.group, vmalert_user) }}
+vmalert_container_user: "{{ vmalert_user_id }}"
+vmalert_container_group: "{{ vmalert_group_id }}"
+vmalert_container_name: "vmalert"
+vmalert_container_command: []
+vmalert_container_default_command:
+  - "-enableTCP6"
+  - "-envflag.enable"
+vmalert_container_merged_command: >-
+  {{ vmalert_container_default_command + (vmalert_container_command | default([], false)) }}
+vmalert_container_env: {}
+vmalert_container_default_env:
+  PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+  rule: "{{ vmalert_merged_rule_files | join(',') }}"
+vmalert_container_merged_env: >-
+  {{ vmalert_container_default_env | combine(vmalert_container_env) }} 
+vmalert_container_volumes: []
+vmalert_container_default_volumes:
+  - "{{ vmalert_config_path }}:{{ vmalert_config_path }}:z"
+vmalert_container_merged_volumes: >-
+  {{ vmalert_container_default_volumes | combine(vmalert_container_volumes) }}
+vmalert_container_restart_policy: "unless-stopped"

roles/vmalert/tasks/main.yml

@@ -0,0 +1,69 @@
+---
+- name: Ensure user {{ vmalert_user }} is {{ vmalert_state }}
+  ansible.builtin.user:
+    name: "{{ vmalert_user }}"
+    state: present
+    system: true
+    create_home: false
+  register: vmalert_user_info
+
+- name: Ensure directories for vmalert are {{ vmalert_state }}
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: "{{ (vmalert_state == 'present') | ternary('directory', 'absent') }}"
+    owner: "{{ item.owner | default(vmalert_user_id) }}"
+    group: "{{ item.group | default(vmalert_group_id) }}"
+    mode: "{{ item.mode | default('0775') }}"
+  loop:
+    - path: "{{ vmalert_base_path }}"
+    - path: "{{ vmalert_config_path }}"
+      mode: "0755"
+  loop_control:
+    label: "{{ item.path }}"
+
+- name: Ensure alert configuration is present
+  ansible.builtin.copy:
+    dest: "{{ vmalert_alert_config }}"
+    content: |
+      {{ ({ 'groups': vmalert_alerts})
+      | to_nice_yaml(indent=2, width=1024, default_style='"') }}
+    owner: "{{ item.owner | default(vmalert_user_id) }}"
+    group: "{{ item.group | default(vmalert_group_id) }}"
+    mode: "{{ item.mode | default('0775') }}"
+  when: vmalert_state == 'present'
+
+- name: Ensure recording rule configuration is present
+  ansible.builtin.copy:
+    dest: "{{ vmalert_recording_config }}"
+    content: |
+      {{ ({ 'groups': vmalert_records})
+      | to_nice_yaml(indent=2, width=1024, default_style='"') }}
+    owner: "{{ item.owner | default(vmalert_user_id) }}"
+    group: "{{ item.group | default(vmalert_group_id) }}"
+    mode: "{{ item.mode | default('0775') }}"
+  when: vmalert_state == 'present'
+
+- name: Ensure container image {{ vmalert_container_image }} is {{ vmalert_state }}
+  community.docker.docker_image:
+    name: "{{ vmalert_container_image }}"
+    state: "{{ vmalert_state }}"
+    source: "{{ (vmalert_state == 'present') | ternary('pull', omit) }}"
+    force_source: >-2
+      {{ (vmalert_container_image == 'present') | ternary(vmalert_container_image_tag, omit) }}
+
+- name: Ensure vmalert container is {{ vmalert_state }}
+  community.docker.docker_container:
+    name: "{{ vmalert_container_name}}"
+    image: "{{ vmalert_container_image }}"
+    env: "{{ vmalert_container_merged_env }}"
+    user: "{{ vmalert_container_user }}"
+    ports: "{{ vmalert_container_ports | default(omit) }}"
+    groups: "{{ vmalert_container_group }}"
+    labels: "{{ vmalert_container_labels | default(omit) }}"
+    volumes: "{{ vmalert_container_merged_volumes }}"
+    command: "{{ vmalert_container_merged_command }}"
+    networks: "{{ vmalert_container_networks | default(omit) }}"
+    etc_hosts: "{{ vmalert_container_etc_hosts | default(omit )}}"
+    purge_networks: "{{ vmalert_container_purge_networks | default(omit) }}"
+    restart_policy: "{{ vmalert_container_restart_policy | default(omit) }}"
+    state: "{{ (vmalert_state == 'present') | ternary('started', 'absent') }}"

roles/vmtsdb/README.md

@@ -0,0 +1,7 @@
+# `finallycoffee.observability.vmtsdb` ansible role
+
+## Description
+
+This role configures `vmtsdb`, the time-series database part of victoria metrics, run in a docker container.
+
+Per default `enableTCP6` and `envflag.enable` flags are passed to victoriametrics, enabling configuration using `vmtsdb_container_env`, using the syntax found on the official victoriametrics documentation.

roles/vmtsdb/defaults/main.yml

@@ -0,0 +1,45 @@
+---
+vmtsdb_state: present
+vmtsdb_user: vmtsdb
+vmtsdb_version: "1.87.5"
+vmtsdb_base_path: "/opt/vmtsdb"
+vmtsdb_data_path: "{{ vmtsdb_base_path }}/data"
+
+vmtsdb_container_image_server: docker.io
+vmtsdb_container_image_namespace: "victoriametrics"
+vmtsdb_container_image_container: "victoria-metrics"
+vmtsdb_container_image_name: >-2
+  {{
+    vmtsdb_container_image_server
+    + ((vmtsdb_container_image_namespace is defined)
+      | ternary('/' ~ vmtsdb_container_image_namespace, ''))
+    + '/' + vmtsdb_container_image_container
+  }}
+#vmtsdb_container_image_tag:
+vmtsdb_container_image: >-2
+  {{ vmtsdb_container_image_name }}:{{ vmtsdb_container_image_tag | default('v' + vmtsdb_version, false) }}
+
+vmtsdb_user_id: >-
+  {{ (vmtsdb_user_info is defined and 'uid' in vmtsdb_user_info) | ternary(vmtsdb_user_info.uid, vmtsdb_user) }}
+vmtsdb_group_id: >-
+  {{ (vmtsdb_user_info is defined and 'group' in vmtsdb_user_info) | ternary(vmtsdb_user_info.group, vmtsdb_user) }}
+vmtsdb_container_user: "{{ vmtsdb_user_id }}"
+vmtsdb_container_group: "{{ vmtsdb_group_id }}"
+vmtsdb_container_name: "vmtsdb"
+vmtsdb_container_command: []
+vmtsdb_container_default_command:
+  - "-enableTCP6"
+  - "-envflag.enable"
+vmtsdb_container_merged_command: >-
+  {{ vmtsdb_container_default_command + (vmtsdb_container_command | default([], false)) }}
+vmtsdb_container_env: {}
+vmtsdb_container_default_env:
+  PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+vmtsdb_container_merged_env: >-
+  {{ vmtsdb_container_default_env | combine(vmtsdb_container_env) }} 
+vmtsdb_container_volumes: []
+vmtsdb_container_default_volumes:
+  - "{{ vmtsdb_data_path }}:/victoria-metrics-data:z"
+vmtsdb_container_merged_volumes: >-
+  {{ vmtsdb_container_default_volumes | combine(vmtsdb_container_volumes) }}
+vmtsdb_container_restart_policy: "unless-stopped"

roles/vmtsdb/tasks/main.yml

@@ -0,0 +1,47 @@
+---
+- name: Ensure user {{ vmtsdb_user }} is {{ vmtsdb_state }}
+  ansible.builtin.user:
+    name: "{{ vmtsdb_user }}"
+    state: present
+    system: true
+    create_home: false
+  register: vmtsdb_user_info
+
+- name: Ensure directories for vmtsdb are {{ vmtsdb_state }}
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: "{{ (vmtsdb_state == 'present') | ternary('directory', 'absent') }}"
+    owner: "{{ item.owner | default(vmtsdb_user_id) }}"
+    group: "{{ item.group | default(vmtsdb_group_id) }}"
+    mode: "{{ item.mode | default('0775') }}"
+  loop:
+    - path: "{{ vmtsdb_base_path }}"
+    - path: "{{ vmtsdb_data_path }}"
+      mode: "0755"
+  loop_control:
+    label: "{{ item.path }}"
+
+- name: Ensure container image {{ vmtsdb_container_image }} is {{ vmtsdb_state }}
+  community.docker.docker_image:
+    name: "{{ vmtsdb_container_image }}"
+    state: "{{ vmtsdb_state }}"
+    source: "{{ (vmtsdb_state == 'present') | ternary('pull', omit) }}"
+    force_source: >-2
+      {{ (vmtsdb_container_image == 'present') | ternary(vmtsdb_container_image_tag, omit) }}
+
+- name: Ensure vmtsdb container is {{ vmtsdb_state }}
+  community.docker.docker_container:
+    name: "{{ vmtsdb_container_name}}"
+    image: "{{ vmtsdb_container_image }}"
+    env: "{{ vmtsdb_container_merged_env }}"
+    user: "{{ vmtsdb_container_user }}"
+    ports: "{{ vmtsdb_container_ports | default(omit) }}"
+    groups: "{{ vmtsdb_container_group }}"
+    labels: "{{ vmtsdb_container_labels | default(omit) }}"
+    volumes: "{{ vmtsdb_container_merged_volumes }}"
+    command: "{{ vmtsdb_container_merged_command }}"
+    networks: "{{ vmtsdb_container_networks | default(omit) }}"
+    etc_hosts: "{{ vmtsdb_container_etc_hosts | default(omit )}}"
+    purge_networks: "{{ vmtsdb_container_purge_networks | default(omit) }}"
+    restart_policy: "{{ vmtsdb_container_restart_policy | default(omit) }}"
+    state: "{{ (vmtsdb_state == 'present') | ternary('started', 'absent') }}"