Compare commits

..

No commits in common. "main" and "1a2cb67f7a83e8b5c6f43afe896c54cc8e99f669" have entirely different histories.

62 changed files with 21 additions and 1790 deletions

View File

@ -1,482 +0,0 @@
THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS
COOPERATIVE NON-VIOLENT PUBLIC LICENSE (\"LICENSE\"). THE WORK IS
PROTECTED BY COPYRIGHT AND ALL OTHER APPLICABLE LAWS. ANY USE OF THE
WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS
PROHIBITED. BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED IN THIS
LICENSE, YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE.TO THE
EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR
GRANTS YOU THE RIGHTS CONTAINED HERE IN AS CONSIDERATION FOR ACCEPTING
THE TERMS AND CONDITIONS OF THIS LICENSE AND FOR AGREEING TO BE BOUND BY
THE TERMS AND CONDITIONS OF THIS LICENSE.
# Definitions
An Act of War is any action of one country against any group either with
an intention to provoke a conflict or an action that occurs during a
declared war or during armed conflict between military forces of any
origin. This includes but is not limited to enforcing sanctions or
sieges, supplying armed forces, or profiting from the manufacture of
tools or weaponry used in military conflict.
An Adaptation is a work based upon the Work, or upon the Work and other
pre-existing works, such as a translation, adaptation, derivative work,
arrangement of music or other alterations of a literary or artistic
work, or phonogram or performance and includes cinematographic
adaptations or any other form in which the Work may be recast,
transformed, or adapted including in any form recognizably derived from
the original, except that a work that constitutes a Collection will not
be considered an Adaptation for the purpose of this License. For the
avoidance of doubt, where the Work is a musical work, performance or
phonogram, the synchronization of the Work in timed-relation with a
moving image (\"synching\") will be considered an Adaptation for the
purpose of this License. In addition, where the Work is designed to
output a neural network the output of the neural network will be
considered an Adaptation for the purpose of this license.
Bodily Harm is any physical hurt or injury to a person that interferes
with the health or comfort of the person and that is more than merely
transient or trifling in nature.
Distribute is to make available to the public the original and copies of
the Work or Adaptation, as appropriate, through sale, gift or any other
transfer of possession or ownership.
Incarceration is Confinement in a jail, prison, or any other place where
individuals of any kind are held against either their will or (if their
will cannot be determined) the will of their legal guardian or
guardians. In the case of a conflict between the will of the individual
and the will of their legal guardian or guardians, the will of the
individual will take precedence.
Licensor is The individual, individuals, entity, or entities that
offer(s) the Work under the terms of this License
Original Author is in the case of a literary or artistic work, the
individual, individuals, entity or entities who created the Work or if
no individual or entity can be identified, the publisher; and in
addition
- in the case of a performance the actors, singers, musicians,
dancers, and other persons who act, sing, deliver, declaim, play in,
interpret or otherwise perform literary or artistic works or
expressions of folklore;
- in the case of a phonogram the producer being the person or legal
entity who first fixes the sounds of a performance or other sounds;
and,
- in the case of broadcasts, the organization that transmits the
broadcast.
Work is the literary and/or artistic work offered under the terms of
this License including without limitation any production in the
literary, scientific and artistic domain, whatever may be the mode or
form of its expression including digital form, such as a book, pamphlet
and other writing; a lecture, address, sermon or other work of the same
nature; a dramatic or dramatico-musical work; a choreographic work or
entertainment in dumb show; a musical composition with or without words;
a cinematographic work to which are assimilated works expressed by a
process analogous to cinematography; a work of drawing, painting,
architecture, sculpture, engraving or lithography; a photographic work
to which are assimilated works expressed by a process analogous to
photography; a work of applied art; an illustration, map, plan, sketch
or three-dimensional work relative to geography, topography,
architecture or science; a performance; a broadcast; a phonogram; a
compilation of data to the extent it is protected as a copyrightable
work; or a work performed by a variety or circus performer to the extent
it is not otherwise considered a literary or artistic work.
You means an individual or entity exercising rights under this License
who has not previously violated the terms of this License with respect
to the Work, or who has received express permission from the Licensor to
exercise rights under this License despite a previous violation.
Publicly Perform means to perform public recitations of the Work and to
communicate to the public those public recitations, by any means or
process, including by wire or wireless means or public digital
performances; to make available to the public Works in such a way that
members of the public may access these Works from a place and at a place
individually chosen by them; to perform the Work to the public by any
means or process and the communication to the public of the performances
of the Work, including by public digital performance; to broadcast and
rebroadcast the Work by any means including signs, sounds or images.
Reproduce is to make copies of the Work by any means including without
limitation by sound or visual recordings and the right of fixation and
reproducing fixations of the Work, including storage of a protected
performance or phonogram in digital form or other electronic medium.
Software is any digital Work which, through use of a third-party piece
of Software or through the direct usage of itself on a computer system,
the memory of the computer is modified dynamically or semi-dynamically.
\"Software\", secondly, processes or interprets information.
Source Code is Any digital Work which, through use of a third-party
piece of Software or through the direct usage of itself on a computer
system, the memory of the computer is modified dynamically or
semi-dynamically. \"Software\", secondly, processes or interprets
information.
Surveilling is the use of the Work to either overtly or covertly observe
and record persons and or their activities.
A Network Service is the use of a piece of Software to interpret or
modify information that is subsequently and directly served to users
over the Internet.
To Discriminate is the use of a piece of Software to interpret or modify
information that is subsequently and directly served to users over the
Internet.
Hate Speech is Communication or any form of expression which is solely
for the purpose of expressing hatred for some group or advocating a form
of Discrimination between humans.
Coercion is leveraging of the threat of force or use of force to
intimidate a person in order to gain compliance, or to offer large
incentives which aim to entice a person to act against their will.
# Fair Dealing Rights
Nothing in this License is intended to reduce, limit, or restrict any
uses free from copyright or rights arising from limitations or
exceptions that are provided for in connection with the copyright
protection under copyright law or other applicable laws.
# License Grant
Subject to the terms and conditions of this License, Licensor hereby
grants You a worldwide, royalty-free, non-exclusive, perpetual (for the
duration of the applicable copyright) license to exercise the rights in
the Work as stated below:
To Reproduce the Work, to incorporate the Work into one or more
Collections, and to Reproduce the Work as incorporated in the
Collections
To create and Reproduce Adaptations provided that any such Adaptation,
including any translation in any medium, takes reasonable steps to
clearly label, demarcate or otherwise identify that changes were made to
the original Work. For example, a translation could be marked \"The
original work was translated from English to Spanish,\" or a
modification could indicate \"The original work has been modified.\"
To Distribute and Publicly Perform the Work including as incorporated in
Collections.
To Distribute and Publicly Perform Adaptations. The above rights may be
exercised in all media and formats whether now known or hereafter
devised. The above rights include the right to make such modifications
as are technically necessary to exercise the rights in other media and
formats. This License constitutes the entire agreement between the
parties with respect to the Work licensed here. There are no
understandings, agreements or representations with respect to the Work
not specified here. Licensor shall not be bound by any additional
provisions that may appear in any communication from You. This License
may not be modified without the mutual written agreement of the Licensor
and You. All rights not expressly granted by Licensor are hereby
reserved, including but not limited to the rights set forth in
Non-waivable Compulsory License Schemes, Waivable Compulsory License
Schemes, and Voluntary License Schemes in the restrictions.
# Restrictions
The license granted in the license grant above is expressly made subject
to and limited by the following restrictions:
You may Distribute or Publicly Perform the Work only under the terms of
this License. You must include a copy of, or the Uniform Resource
Identifier (URI) for, this License with every copy of the Work You
Distribute or Publicly Perform. You may not offer or impose any terms on
the Work that restrict the terms of this License or the ability of the
recipient of the Work to exercise the rights granted to that recipient
under the terms of the License. You may not sublicense the Work. You
must keep intact all notices that refer to this License and to the
disclaimer of warranties with every copy of the Work You Distribute or
Publicly Perform. When You Distribute or Publicly Perform the Work, You
may not impose any effective technological measures on the Work that
restrict the ability of a recipient of the Work from You to exercise the
rights granted to that recipient under the terms of the License. This
Section applies to the Work as incorporated in a Collection, but this
does not require the Collection apart from the Work itself to be made
subject to the terms of this License. If You create a Collection, upon
notice from any Licensor You must, to the extent practicable, remove
from the Collection any credit as requested. If You create an
Adaptation, upon notice from any Licensor You must, to the extent
practicable, remove from the Adaptation any credit as requested.
## Commercial Restrictions
You may not exercise any of the rights granted to You in the above
section in any manner that is primarily intended for or directed toward
commercial advantage or private monetary compensation unless you meet
the following requirements.
i. You are a worker-owned business or worker-owned collective.
ii. after tax, all financial gain, surplus, profits and benefits
produced by the business or collective are distributed among the
worker-owners unless a set amount is to be allocated towards
community projects as decided by a previously-established consensus
agreement between the worker-owners where all worker-owners agreed.
iii. You are not using such rights on behalf of a business other than
those specified in (i) or (ii) above, nor are using such rights as
a proxy on behalf of a business with the intent to circumvent the
aforementioned restrictions on such a business.
The exchange of the Work for other copyrighted works by means of digital
file-sharing or otherwise shall not be considered to be intended for or
directed toward commercial advantage or private monetary compensation,
provided there is no payment of any monetary compensation in connection
with the exchange of copyrighted works.
If the Work meets the definition of Software, You may exercise the
rights granted in the license grant only if You provide a copy of the
corresponding Source Code from which the Work was derived in digital
form, or You provide a URI for the corresponding Source Code of the
Work, to any recipients upon request.
If the Work is used as or for a Network Service, You may exercise the
rights granted in the license grant only if You provide a copy of the
corresponding Source Code from which the Work was derived in digital
form, or You provide a URI for the corresponding Source Code to the
Work, to any recipients of the data served or modified by the Web
Service.
Any use by a business that is privately owned and managed, and that
seeks to generate profit from the labor of employees paid by salary or
other wages, is not permitted under this license.
##
You may exercise the rights granted in the license grant for any
purposes only if:
i. You do not use the Work for the purpose of inflicting Bodily Harm on
human beings (subject to criminal prosecution or otherwise) outside
of providing medical aid or undergoing a voluntary procedure under
no form of Coercion.
ii. You do not use the Work for the purpose of Surveilling or tracking
individuals for financial gain.
iii. You do not use the Work in an Act of War.
iv. You do not use the Work for the purpose of supporting or profiting
from an Act of War.
v. You do not use the Work for the purpose of Incarceration.
vi. You do not use the Work for the purpose of extracting, processing,
or refining, oil, gas, or coal. Or to in any other way to
deliberately pollute the environment as a byproduct of manufacturing
or irresponsible disposal of hazardous materials.
vii. You do not use the Work for the purpose of expediting,
coordinating, or facilitating paid work undertaken by individuals
under the age of 12 years.
viii. You do not use the Work to either Discriminate or spread Hate
Speech on the basis of sex, sexual orientation, gender identity,
race, age, disability, color, national origin, religion, caste, or
lower economic status.
##
If You Distribute, or Publicly Perform the Work or any Adaptations or
Collections, You must, unless a request has been made by any Licensor to
remove credit from a Collection or Adaptation, keep intact all copyright
notices for the Work and provide, reasonable to the medium or means You
are utilizing:
i. the name of the Original Author (or pseudonym, if applicable) if
supplied, and/or if the Original Author and/or Licensor designate
another party or parties (e.g., a sponsor institute, publishing
entity, journal) for attribution (\"Attribution Parties\") in
Licensor\'s copyright notice, terms of service or by other
reasonable means, the name of such party or parties;
ii. the title of the Work if supplied;
iii. to the extent reasonably practicable, the URI, if any, that
Licensor to be associated with the Work, unless such URI does not
refer to the copyright notice or licensing information for the
Work; and,
iv. in the case of an Adaptation, a credit identifying the use of the
Work in the Adaptation (e.g., \"French translation of the Work by
Original Author,\" or \"Screenplay based on original Work by
Original Author\").
If any Licensor has sent notice to request removing credit, You must, to
the extent practicable, remove any credit as requested. The credit
required by this Section may be implemented in any reasonable manner;
provided, however, that in the case of an Adaptation or Collection, at a
minimum such credit will appear, if a credit for all contributing
authors of the Adaptation or Collection appears, then as part of these
credits and in a manner at least as prominent as the credits for the
other contributing authors. For the avoidance of doubt, You may only use
the credit required by this Section for the purpose of attribution in
the manner set out above and, by exercising Your rights under this
License, You may not implicitly or explicitly assert or imply any
connection with, sponsorship or endorsement by the Original Author,
Licensor and/or Attribution Parties, as appropriate, of You or Your use
of the Work, without the separate, express prior written permission of
the Original Author, Licensor and/or Attribution Parties.
Non-waivable Compulsory License Schemes. In those jurisdictions in which
the right to collect royalties through any statutory or compulsory
licensing scheme cannot be waived, the Licensor reserves the exclusive
right to collect such royalties for any exercise by You of the rights
granted under this License
Waivable Compulsory License Schemes. In those jurisdictions in which the
right to collect royalties through any statutory or compulsory licensing
scheme can be waived, the Licensor reserves the exclusive right to
collect such royalties for any exercise by You of the rights granted
under this License if Your exercise of such rights is for a purpose or
use which is otherwise than noncommercial as permitted under Commercial
Restrictions and otherwise waives the right to collect royalties through
any statutory or compulsory licensing scheme.
Voluntary License Schemes. The Licensor reserves the right to collect
royalties, whether individually or, in the event that the Licensor is a
member of a collecting society that administers voluntary licensing
schemes, via that society, from any exercise by You of the rights
granted under this License that is for a purpose or use which is
otherwise than noncommercial as permitted under the license grant.
Except as otherwise agreed in writing by the Licensor or as may be
otherwise permitted by applicable law, if You Reproduce, Distribute or
Publicly Perform the Work either by itself or as part of any Adaptations
or Collections, You must not distort, mutilate, modify or take other
derogatory action in relation to the Work which would be prejudicial to
the Original Author\'shonor or reputation. Licensor agrees that in those
jurisdictions (e.g. Japan), in which any exercise of the right granted
in the license grant of this License (the right to make Adaptations)
would be deemed to be a distortion, mutilation, modification or other
derogatory action prejudicial to the Original Author\'s honor and
reputation, the Licensor will waive or not assert, as appropriate, this
Section, to the fullest extent permitted by the applicable national law,
to enable You to reasonably exercise Your right under the license grant
of this License (right to make Adaptations) but not otherwise.
Do not make any legal claim against anyone accusing the Work, with or
without changes, alone or with other works, of infringing any patent
claim.
# Representations Warranties and Disclaimer
UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR
OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY
KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE,
INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY,
FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF
LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS,
WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE
EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU.
# Limitation on Liability
EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL
LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL,
INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF
THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED
OF THE POSSIBILITY OF SUCH DAMAGES.
# Termination
This License and the rights granted hereunder will terminate
automatically upon any breach by You of the terms of this License.
Individuals or entities who have received Adaptations or Collections
from You under this License, however, will not have their licenses
terminated provided such individuals or entities remain in full
compliance with those licenses. The Sections on definitions, fair
dealing rights, representations, warranties, and disclaimer, limitation
on liability, termination, and revised license versions will survive any
termination of this License.
Subject to the above terms and conditions, the license granted here is
perpetual (for the duration of the applicable copyright in the Work).
Notwithstanding the above, Licensor reserves the right to release the
Work under different license terms or to stop distributing the Work at
any time; provided, however that any such election will not serve to
withdraw this License (or any other license that has been, or is
required to be, granted under the terms of this License), and this
License will continue in full force and effect unless terminated as
stated above.
# Revised License Versions
This License may receive future revisions in the original spirit of the
license intended to strengthen This License. Each version of This
License has an incrementing version number.
Unless otherwise specified like in the below subsection The Licensor has
only granted this current version of This License for The Work. In this
case future revisions do not apply.
The Licensor may specify that the latest available revision of This
License be used for The Work by either explicitly writing so or by
suffixing the License URI with a \"+\" symbol.
The Licensor may specify that The Work is also available under the terms
of This License\'s current revision as well as specific future
revisions. The Licensor may do this by writing it explicitly or
suffixing the License URI with any additional version numbers each
separated by a comma.
# Miscellaneous
Each time You Distribute or Publicly Perform the Work or a Collection,
the Licensor offers to the recipient a license to the Work on the same
terms and conditions as the license granted to You under this License.
Each time You Distribute or Publicly Perform an Adaptation, Licensor
offers to the recipient a license to the original Work on the same terms
and conditions as the license granted to You under this License.
If the Work is classified as Software, each time You Distribute or
Publicly Perform an Adaptation, Licensor offers to the recipient a copy
and/or URI of the corresponding Source Code on the same terms and
conditions as the license granted to You under this License.
If the Work is used as a Network Service, each time You Distribute or
Publicly Perform an Adaptation, or serve data derived from the Software,
the Licensor offers to any recipients of the data a copy and/or URI of
the corresponding Source Code on the same terms and conditions as the
license granted to You under this License.
If any provision of this License is invalid or unenforceable under
applicable law, it shall not affect the validity or enforceability of
the remainder of the terms of this License, and without further action
by the parties to this agreement, such provision shall be reformed to
the minimum extent necessary to make such provision valid and
enforceable.
No term or provision of this License shall be deemed waived and no
breach consented to unless such waiver or consent shall be in writing
and signed by the party to be charged with such waiver or consent.
This License constitutes the entire agreement between the parties with
respect to the Work licensed here. There are no understandings,
agreements or representations with respect to the Work not specified
here. Licensor shall not be bound by any additional provisions that may
appear in any communication from You. This License may not be modified
without the mutual written agreement of the Licensor and You.
The rights granted under, and the subject matter referenced, in this
License were drafted utilizing the terminology of the Berne Convention
for the Protection of Literary and Artistic Works (as amended on
September 28, 1979), the Rome Convention of 1961, the WIPO Copyright
Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and
the Universal Copyright Convention (as revised on July 24, 1971). These
rights and subject matter take effect in the relevant jurisdiction in
which the License terms are sought to be enforced according to the
corresponding provisions of the implementation of those treaty
provisions in the applicable national law. If the standard suite of
rights granted under applicable copyright law includes additional rights
not granted under this License, such additional rights are deemed to be
included in the License; this License is not intended to restrict the
license of any rights under applicable law.

View File

@ -1,36 +0,0 @@
# `finallycoffee.observability` ansible collection
## Overview
Ansible roles for running monitoring infrastructure, regardless of logs,
metrics or alerting.
## Roles
- [`alertmanager`](roles/alertmanager/README.md): Runs prometheus'
alertmanager for receiving alerts from prometheus and routing them
to the correct configured receivers.
- [`cadvisor`](roles/cadvisor/README.md): Run and configure cAdvisor, googles'
container performance and resource usage collection and aggregation daemon.
- [`grafana`](roles/grafana/README.md): a popular visualization and
dashboard creation tool able to use various datasources.
- [`matrix_alertmanager`](roles/matrix_alertmanager/README.md): An alert-
manager receiver which posts alerts to a configured matrix channel
using alertmanagers' webhooks.
- [`vmagent`](roles/vmagent/README.md): VictoriaMetrics agent
- [`vmtsdb`](roles/vmtsdb/README.md): VictoriaMetrics time series database.
- [`vmalert`](roles/vmalert/README.md): VictoriaMetrics alerting and
ruling engine.
- [`postgres_exporter`](roles/postgres_exporter/README.md): Prometheus
exporter for postgres databases, in a docker container.
## License
[CNPLv7+](LICENSE.md): Cooperative Nonviolent Public License

View File

@ -1,21 +0,0 @@
namespace: finallycoffee
name: observability
version: 0.1.4
readme: README.md
authors:
- transcaffeine <transcaffeine@finally.coffee>
description: Various ansible roles useful for automating infrastructure
dependencies:
"community.docker": "^3.0.0"
license_file: LICENSE.md
build_ignore:
- '*.tar.gz'
repository: https://git.finally.coffee/finallycoffee/observability
issues: https://codeberg.org/finallycoffee/ansible-collection-observability/issues
tags:
- observability
- monitoring
- prometheus
- victoriametrics
- grafana
- alertmanager

View File

@ -1,2 +0,0 @@
---
requires_ansible: ">=2.15"

View File

@ -1,6 +0,0 @@
---
- name: Ensure alertmanager is configured and running
hosts: "{{ alertmanager_hosts | default('alertmanager') }}"
become: "{{ alertmanager_become | default(false, false) }}"
roles:
- role: finallycoffee.observability.alertmanager

View File

@ -1,6 +0,0 @@
---
- name: Install and configure grafana
hosts: "{{ grafana_hosts | default('grafana') }}"
become: "{{ grafana_become | default(false, true) }}"
roles:
- role: finallycoffee.observability.grafana

View File

@ -1,6 +0,0 @@
---
- name: Install and configure vmagent
hosts: "{{ vmagent_hosts | default('vmagent') }}"
become: "{{ vmagent_become | default(false) }}"
roles:
- role: finallycoffee.observability.vmagent

View File

@ -1,6 +0,0 @@
---
- name: Install vmalert using docker
hosts: "{{ vmalert_hosts | default('vmalert') }}"
become: "{{ vmalert_become | default(false) }}"
roles:
- role: finallycoffee.observability.vmalert

View File

@ -1,6 +0,0 @@
---
- name: Install vmtsdb using docker
hosts: "{{ vmtsdb_hosts | default('vmtsdb') }}"
become: "{{ vmtsdb_become | default(false) }}"
roles:
- role: finallycoffee.observability.vmtsdb

View File

@ -1,10 +0,0 @@
# `finallycoffee.observability.alertmanager` ansible role
## Description
This role configures and runs prometheus alertmanager in a docker container.
The config file is templated on the host and persisted in `alertmanager_config_file`.
The alertmanager config can be passed by setting `alertmanager_config`, which expects the same yaml
format as the "normal" alertmanager config file (with top-level keys `global`, `route` and `receivers`).

View File

@ -1,8 +0,0 @@
---
alertmanager_config_global: {}
alertmanager_config_route: {}
alertmanager_config_receivers: []
alertmanager_config:
global: "{{ alertmanager_config_global }}"
route: "{{ alertmanager_config_route }}"
receivers: "{{ alertmanager_config_receivers }}"

View File

@ -1,29 +0,0 @@
---
alertmanager_container_name: alertmanager
alertmanager_container_image_name: alertmanager
alertmanager_container_image_namespace: prometheus/
alertmanager_container_image_registry: quay.io
alertmanager_container_image_repository: >-
{{
(container_registries[alertmanager_container_image_registry] | default(alertmanager_container_image_registry))
+ '/' + (alertmanager_container_image_namespace | default(''))
+ alertmanager_container_image_name
}}
alertmanager_container_image_reference: >-
{{
alertmanager_container_image_repository + ':'
+ (alertmanager_container_image_tag | default('v' + alertmanager_version))
}}
alertmanager_container_image_source: pull
alertmanager_container_image_force_pull: "{{ alertmanager_container_image_tag is defined }}"
alertmanager_container_default_volumes:
- "{{ alertmanager_config_file }}:/etc/alertmanager/alertmanager.yml:ro"
- "{{ alertmanager_data_path }}:/alertmanager:rw"
alertmanager_container_volumes: >-
{{ alertmanager_container_default_volumes
+ alertmanager_container_extra_volumes | default([]) }}
alertmanager_container_restart_policy: "unless-stopped"
alertmanager_container_state: >-2
{{ (alertmanager_state == 'present') | ternary('started', 'absent') }}

View File

@ -1,10 +0,0 @@
---
alertmanager_user: alertmanager
alertmanager_version: 0.27.0
alertmanager_state: present
alertmanager_deployment_method: docker
alertmanager_base_path: /opt/alertmanager
alertmanager_config_path: "{{ alertmanager_base_path }}/config"
alertmanager_config_file: "{{ alertmanager_config_path }}/alertmanager.yml"
alertmanager_data_path: "{{ alertmanager_base_path }}/data"

View File

@ -1,8 +0,0 @@
---
- name: Ensure alertmanager is restarted
community.docker.docker_container:
name: "{{ alertmanager_container_name }}"
state: "{{ alertmanager_container_state }}"
restart: true
listen: restart-alertmanager
when: alertmanager_deployment_method == 'docker'

View File

@ -1,10 +0,0 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: alertmanager
description: Deploy and configure prometheus alertmanager
galaxy_tags:
- prometheus
- alertmanager
- observability

View File

@ -1,21 +0,0 @@
---
- name: Ensure container image is {{ alertmanager_state }} on host
community.docker.docker_image:
name: "{{ alertmanager_container_image_reference }}"
state: "{{ alertmanager_state }}"
source: "{{ alertmanager_container_image_source }}"
force_source: "{{ alertmanager_container_image_force_pull | bool }}"
- name: Ensure container '{{ alertmanager_container_name }}' is {{ alertmanager_container_state }}
community.docker.docker_container:
name: "{{ alertmanager_container_name }}"
image: "{{ alertmanager_container_image_reference }}"
env: "{{ alertmanager_container_env | default(omit) }}"
user: "{{ alertmanager_user_info.uid | default(alertmanager_user) }}"
ports: "{{ alertmanager_container_ports | default(omit) }}"
volumes: "{{ alertmanager_container_volumes | default(omit) }}"
networks: "{{ alertmanager_container_networks | default(omit) }}"
purge_networks: "{{ alertmanager_container_purge_networks | default(omit) }}"
etc_hosts: "{{ alertmanager_container_etc_hosts | default(omit) }}"
restart_policy: "{{ alertmanager_container_restart_policy }}"
state: "{{ alertmanager_container_state }}"

View File

@ -1,48 +0,0 @@
---
- name: Ensure state is valid
ansible.builtin.fail:
msg: >-2
Invalid state '{{ alertmanager_state }}'! Valid
states are {{ alertmanager_states | join(', ') }}.
when: alertmanager_state not in alertmanager_states
- name: Ensure deployment method is valid
ansible.builtin.fail:
msg: >-2
Invalid deployment method {{ alertmanager_deployment_method }}!
Supported deployment methods are {{ alertmanager_deployment_methods | join(', ') }}.
when: alertmanager_deployment_method not in alertmanager_deployment_methods
- name: Ensure alertmanager user '{{ alertmanager_user }}' is {{ alertmanager_state }}
ansible.builtin.user:
name: "{{ alertmanager_user }}"
state: "{{ alertmanager_state }}"
system: true
register: alertmanager_user_info
- name: Ensure mounts are {{ alertmanager_state }}
ansible.builtin.file:
dest: "{{ item.path }}"
state: "{{ (alertmanager_state == 'present') | ternary('directory', 'absent') }}"
owner: "{{ item.owner | default(alertmanager_user_info.uid | default(alertmanager_user)) }}"
group: "{{ item.owner | default(alertmanager_user_info.group | default(alertmanager_user)) }}"
mode: "{{ item.mode | default('0755') }}"
loop:
- path: "{{ alertmanager_base_path }}"
- path: "{{ alertmanager_data_path }}"
- path: "{{ alertmanager_config_path }}"
- name: Ensure config file is templated
ansible.builtin.copy:
dest: "{{ alertmanager_config_file }}"
content: "{{ alertmanager_config | to_nice_yaml }}"
owner: "{{ alertmanager_user_info.uid | default(alertmanager_user) }}"
group: "{{ alertmanager_user_info.group | default(alertmanager_user) }}"
mode: "0640"
when: alertmanager_state == 'present'
notify:
- restart-alertmanager
- name: Deploy alertmanager using {{ alertmanager_deployment_method }}
ansible.builtin.include_tasks:
file: "deploy-{{ alertmanager_deployment_method }}.yml"

View File

@ -1,6 +0,0 @@
---
alertmanager_states:
- present
- absent
alertmanager_deployment_methods:
- docker

View File

@ -1,24 +0,0 @@
# `finallycoffee.observability.cadvisor` ansible role
## Overview
Deploys [cadvisor](https://github.com/google/cadvisor/), a daemon
for collecting and exporting information about running (docker)
containers in a docker container.
## Configuration
In order to scrape `/metrics` of running containers, it is recommended
to expose the default port of cadvisor to the host using
```yaml
cadvisor_container_ports:
- "127.0.0.1:8080:8080`
```
so that cadvisor metrics are exposed at `http://127.0.0.1:8080/metrics`.
### Enabling/Disabling collection of metrics
By setting `cadvisor_disabled_metrics`, the collection of metrics
can be disabled. The default list of disabled metrics is quite extensive,
so when enabling a disabled-by-default metric, it is recommended to
use `cadvisor_force_enable_metrics` instead, as it's empty by default.

View File

@ -1,56 +0,0 @@
---
cadvisor_container_image_registry: gcr.io
cadvisor_container_image_namespace: cadvisor
cadvisor_container_image_name: cadvisor
cadvisor_container_image: >-2
{{
[
cadvisor_container_image_registry,
cadvisor_container_image_namespace,
cadvisor_container_image_name,
] | flatten | join('/')
}}
cadvisor_container_image_tag: ~
cadvisor_container_image_ref: >-2
{{ cadvisor_container_image }}:{{ cadvisor_container_image_tag | default('v' + cadvisor_version, true) }}
cadvisor_container_image_source: pull
cadvisor_container_image_force_source: >-2
{{ cadvisor_container_image_tag | default(false, true) | bool }}
cadvisor_container_state: >-2
{{ (cadvisor_state == 'present') | ternary('started', 'absent') }}
cadvisor_container_name: cadvisor
cadvisor_container_volumes: >-2
{{ cadvisor_container_base_volumes + cadvisor_container_extra_volumes | default([], true) }}
cadvisor_container_extra_volumes: ~
cadvisor_container_env: ~
cadvisor_container_labels: >-2
{{ cadvisor_container_base_labels | combine(cadvisor_container_extra_labels) }}
cadvisor_container_extra_labels: {}
cadvisor_container_ports: ~
cadvisor_container_networks: ~
cadvisor_container_etc_hosts: ~
cadvisor_container_devices:
- "/dev/kmsg:/dev/kmsg:rwm"
cadvisor_container_privileged: true
cadvisor_container_pid_mode: "host"
cadvisor_container_userns_mode: "host"
cadvisor_container_capabilities: ~
cadvisor_container_restart_policy: "unless-stopped"
cadvisor_container_command: >-2
{{ ["--docker_only=false"]
+ (["--disable_metrics=" + cadvisor_disabled_metrics | join( ',' )]
if cadvisor_disabled_metrics | default(false, true) else [])
+ (["--enable_metrics=" + cadvisor_force_enable_metrics | join( ',' )]
if cadvisor_force_enable_metrics | default(false, true) else [])
}}
cadvisor_container_base_labels:
version: "{{ cadvisor_version }}"
cadvisor_container_base_volumes:
- "/:/rootfs:ro"
- "/var/run:/var/run:ro"
- "/sys:/sys:ro"
- "/var/lib/docker/:/var/lib/docker:ro"
- "/dev/disk/:/dev/disk:ro"

View File

@ -1,18 +0,0 @@
---
cadvisor_version: "0.51.0"
cadvisor_state: present
cadvisor_deployment_method: docker
cadvisor_disabled_metrics:
- advtcp
- cpu_topology
- cpuset
- hugetlb
- memory_numa
- process
- referenced_memory
- resctrl
- sched
- tcp
- udp
cadvisor_force_enable_metrics: []

View File

@ -1,11 +0,0 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: cadvisor
description: Deploy cadvisor (Container Advisor), a container performance and resource usage aggregation daemon
galaxy_tags:
- cadvisor
- observability
- container
- docker

View File

@ -1,25 +0,0 @@
---
- name: Ensure cadvisor container image '{{ cadvisor_container_image_ref }}' is {{ cadvisor_state }}
community.docker.docker_image:
name: "{{ cadvisor_container_image_ref }}"
state: "{{ cadvisor_state }}"
source: "{{ cadvisor_container_image_source }}"
force_source: "{{ cadvisor_container_image_force_source }}"
- name: Ensure cadvisor container '{{ cadvisor_container_name }}' is {{ cadvisor_container_state }}
community.docker.docker_container:
name: "{{ cadvisor_container_name }}"
image: "{{ cadvisor_container_image_ref }}"
env: "{{ cadvisor_container_env | default(omit, true) }}"
ports: "{{ cadvisor_container_ports | default(omit, true) }}"
labels: "{{ cadvisor_container_labels }}"
devices: "{{ cadvisor_container_devices }}"
volumes: "{{ cadvisor_container_volumes }}"
networks: "{{ cadvisor_container_networks | default(omit, true) }}"
etc_hosts: "{{ cadvisor_container_etc_hosts | default(omit, true) }}"
privileged: "{{ cadvisor_container_privileged }}"
command: "{{ cadvisor_container_command }}"
pid_mode: "{{ cadvisor_container_pid_mode | default(omit, true) }}"
userns_mode: "{{ cadvisor_container_userns_mode | default(omit, true) }}"
restart_policy: "{{ cadvisor_container_restart_policy }}"
state: "{{ cadvisor_container_state }}"

View File

@ -1,18 +0,0 @@
---
- name: Ensure state is valid
ansible.builtin.fail:
msg: >-2
Unknown state '{{ cadvisor_state }}'! Supported
states are: {{ cadvisor_states | join(', ') }}.
when: cadvisor_state not in cadvisor_states
- name: Ensure deployment method is valid
ansible.builtin.fail:
msg: >-2
Unknown deployment method '{{ cadvisor_deployment_method }}'! Supported
deployment methods are: {{ cadvisor_deployment_methods | join(', ') }}.
when: cadvisor_deployment_method not in cadvisor_deployment_methods
- name: Deploy using {{ cadvisor_deployment_method }}
ansible.builtin.include_tasks:
file: "deploy-{{ cadvisor_deployment_method }}.yml"

View File

@ -1,6 +0,0 @@
---
cadvisor_states:
- present
- absent
cadvisor_deployment_methods:
- docker

View File

@ -1,13 +0,0 @@
# `finallycoffee.observability.grafana` ansible role
Ansible role to install and configure grafana, currently only supports docker. For docker, the python library `docker` must be installed on the target host.
## Usage
Ensure the following variables are populated:
- `grafana_config_security_secret_key`
- `grafana_config_security_admin_password`
### Authentication via OAuth2
Set `grafna_config_auth_generic_oauth_enabled` to `true` and populate variables according to the grafana docs, all generic oauth configuration values are available prefixed with `grafana_config_auth_generic_oauth_`.

View File

@ -1,189 +0,0 @@
---
grafana_config_log_mode:
- console
- file
grafana_config_auth_generic_oauth_scopes:
- openid
- profile
- email
- roles
- offline_access
grafana_config_auth_generic_oauth_config:
enabled: "{{ grafana_config_auth_generic_oauth_enabled }}"
name: "{{ grafana_config_auth_generic_oauth_name }}"
client_id: "{{ grafana_config_auth_generic_oauth_client_id }}"
client_secret: "{{ grafana_config_auth_generic_oauth_client_secret }}"
scopes: "{{ grafana_config_auth_generic_oauth_scopes | join(' ') }}"
email_attribute_name: "{{ grafana_config_auth_generic_oauth_email_attribute_name | default('email') }}"
email_attribute_path: "{{ grafana_config_auth_generic_oauth_email_attribute_name | default('email') }}"
login_attribute_path: "{{ grafana_config_auth_generic_oauth_login_attribute_name | default('preferred_username') }}"
name_attribute_path: "{{ grafana_config_auth_generic_oauth_name_attribute_name | default('name') }}"
api_url: "{{ grafana_config_auth_generic_oauth_api_url }}"
auth_url: "{{ grafana_config_auth_generic_oauth_auth_url }}"
token_url: "{{ grafana_config_auth_generic_oauth_token_url }}"
role_attribute_path: "{{ grafana_config_auth_generic_oauth_role_attribute_path | default('') }}"
grafana_default_config:
DEFAULT:
app_mode: "{{ grafana_config_app_mode | default('production') }}"
instance_name: "{{ grafana_config_instance_name | default('${HOSTNAME}') }}"
paths:
data: "{{ grafana_config_paths_data | default('/var/lib/grafana') }}"
temp_data_lifetime: "{{ grafana_config_paths_temp_data_lifetime | default('24h') }}"
logs: "{{ grafana_config_paths_logs | default('/var/log/grafana') }}"
plugins: "{{ grafana_config_paths_plugins | default('/var/lib/grafana/plugins') }}"
provisioning: "{{ grafana_config_paths_provisioning | default('conf/provisioning') }}"
server:
protocol: "{{ grafana_config_server_protocol | default('http') }}"
http_addr: "{{ grafana_config_server_http_addr | default('\"\"') }}"
http_port: "{{ grafana_config_server_http_port | default(3000) }}"
domain: "{{ grafana_config_server_domain }}"
enforce_domain: "{{ grafana_config_server_enforce_domain | default(true) }}"
root_url: "{{ grafana_config_server_root_url | default('%(protocol)s://%(domain)s:%(http_port)s/') }}"
serve_from_subpath: "{{ grafana_config_server_serve_from_subpath | default(false) }}"
router_logging: "{{ grafana_config_server_router_logging | default(false) }}"
static_root_path: "{{ grafana_config_server_static_root_path | default('public') }}"
enable_gzip: "{{ grafana_config_server_enable_gzip | default(false) }}"
cert_file: "{{ grafana_config_server_cert_file | default('\"\"') }}"
cert_key: "{{ grafana_config_server_cert_key | default('\"\"') }}"
socket: "{{ grafana_config_server_socket | default('\"\"') }}"
database:
type: "{{ grafana_config_database_type | default('sqlite3') }}"
host: "{{ grafana_config_database_host | default('127.0.0.1:3306') }}"
name: "{{ grafana_config_database_name | default('grafana') }}"
user: "{{ grafana_config_database_user | default('root') }}"
password: "{{ grafana_config_database_password | default('') }}"
url: "{{ grafana_config_database_url | default('') }}"
ssl_mode: "{{ grafana_config_database_ssl_mode | default('disable') }}"
ca_cert_path: "{{ grafana_config_database_ca_cert_path | default('') }}"
client_key_path: "{{ grafana_config_database_client_key_path | default('') }}"
client_cert_path: "{{ grafana_config_database_client_cert_path | default('') }}"
server_cert_name: "{{ grafana_config_database_srver_cert_name | default('') }}"
path: "{{ grafana_config_database_path | default('grafana.db') }}"
max_idle_conn: "{{ grafana_config_database_max_idle_conn | default(2) }}"
max_open_conn: "{{ grafana_config_database_max_open_conn | default(0) }}"
conn_max_lifetime: "{{ grafana_config_database_conn_max_lifetime | default(14400) }}"
log_queries: "{{ grafana_config_database_log_queries | default(false) }}"
cache_mode: "{{ grafana_config_database_cache_mode | default('private') }}"
remote_cache:
type: "{{ grafana_config_config_remote_cache_type | default('database') }}"
connstr: "{{ grafana_config_remote_cache_connstr | default('') }}"
dataproxy:
logging: "{{ grafana_config_dataproxy_logging | default(false) }}"
timeout: "{{ grafana_config_dataproxy_timeout | default(30) }}"
send_user_header: "{{ grafana_config_dataproxy_send_header | default(false) }}"
analytics:
reporting_enabled: "{{ grafana_config_analytics_reporting_enabled | default(true) }}"
check_for_updates: "{{ grafana_config_analytics_check_for_updates | default(true) }}"
google_analytics_ua_id: "{{ grafana_config_analytics_google_analytics_ua_id | default('') }}"
google_tag_manager_id: "{{ grafana_config_analytics_google_tag_manager_id | default('') }}"
security:
disable_initial_admin_create: "{{ grafana_config_security_disable_initial_admin_creation | default(false) }}"
admin_user: "{{ grafana_config_security_admin_user | default('admin') }}"
admin_password: "{{ grafana_config_security_admin_password }}"
secret_key: "{{ grafana_config_security_secret_key }}"
disable_gravatar: "{{ grafana_config_security_disable_gravatar | default(true) }}"
data_source_proxy_whitelist: "{{ grafana_config_security_data_source_proxy_whitelist | default([]) | join(' ') }}"
disable_brute_force_login_protection: "{{ grafana_config_security_disable_brute_force_login_protection | default(false) }}"
cookie_secure: "{{ grafana_config_security_cookie_secure | default(false) }}"
cookie_samesite: "{{ grafana_config_security_cookie_samesite | default('lax') }}"
allow_embedding: "{{ grafana_config_security_allow_embedding | default(false) }}"
strict_transport_security: "{{ grafana_config_security_strict_transport_security | default(false) }}"
strict_transport_security_max_age_seconds: "{{ grafana_config_security_strict_transport_security_max_age_seconds | default(86400) }}"
strict_transport_security_preload: "{{ grafana_config_security_strict_transport_security_preload | default(false) }}"
strict_transport_security_subdomains: "{{ grafana_config_security_strict_transport_security_subdomains | default(false) }}"
x_content_type_options: "{{ grafana_config_security_x_content_type_options | default(false) }}"
x_xss_protection: "{{ grafana_config_security_x_xss_protection | default(true) }}"
snapshots:
external_enabled: "{{ grafana_config_snapshots_external_enabled | default(false) }}"
external_snapshot_url: "{{ grafana_config_snapshots_external | default('') }}"
external_snapshot_name: "{{ grafana_config_snapshots_external | default('') }}"
public_mode_: "{{ grafana_config_snapshots_public_mode | default(false) }}"
snapshot_remove_expired: "{{ grafana_config_snapshots_snapshot_remove_expired | default(true) }}"
dashboards:
versions_to_keep: "{{ grafana_config_dashboards_versions_to_keep | default(20) }}"
users:
allow_sign_up: "{{ grafana_config_users_allow_sign_up | default(true) }}"
allow_org_create: "{{ grafana_config_users_allow_org_create | default(false) }}"
auto_assign_org: "{{ grafana_config_users_auto_assign_org | default(true) }}"
auto_assign_org_id: "{{ grafana_config_users_auto_assign_org_id | default(1) }}"
auto_assign_org_role: "{{ grafana_config_users_auto_assign_org_role | default('Viewer') }}"
verify_email_enabled: "{{ grafana_config_users_verify_email_enabled | default(false) }}"
login_hint: "{{ grafana_config_users_login_hint | default('email or username') }}"
password_hint: "{{ grafana_config_users_password_hint | default('password') }}"
viewers_can_edit: "{{ grafana_config_users_viewers_can_edit | default(true) }}"
editors_can_admin: "{{ grafana_config_users_editors_can_admin | default(false) }}"
auth:
login_cookie_name: "{{ grafana_config_auth_login_cookie_name | default('grafana_session') }}"
login_maximum_inactive_lifetime_days: "{{ grafana_config_auth_login_maximum_inactive_lifetime_days | default(7) }}"
login_maximum_lifetime_days: "{{ grafana_config_auth_login_maximum_lifetime_days | default(30) }}"
token_rotation_interval_minutes: "{{ grafana_config_auth_token_rotation_interval_minutes | default(10) }}"
disable_login_form: "{{ grafana_config_auth_disable_login_form | default(false) }}"
disable_signout_menu: "{{ grafana_config_auth_disable_signout_menu | default(false) }}"
signout_redirect_url: "{{ grafana_config_auth_signout_redirect_url | default('') }}"
api_key_max_seconds_to_live: "{{ grafana_config_api_key_max_seconds_to_live | default(-1) }}"
oauth_auto_login: "{{ grafana_config_auth_oauth_auto_login | default(false) }}"
oauth_allow_insecure_email_lookup: "{{ grafana_config_oauth_allow_insecure_email_lookup | default(false) }}"
smtp:
enabled: "{{ grafana_config_smtp_enabled | default(false) }}"
host: "{{ grafana_config_smtp_host | default('localhost:25') }}"
user: "{{ grafana_config_smtp_user | default('') }}"
password: "{{ grafana_config_smtp_password | default('') }}"
cert_file: "{{ grafana_config_smtp_cert_file | default('') }}"
key_file: "{{ grafana_config_smtp_key_file | default('') }}"
skip_verify: "{{ grafana_config_smtp_skip_verify | default('') }}"
ehlo_identity: "{{ grafana_config_smtp_ehlo_identity | default('') }}"
from_address: "{{ grafana_config_smtp_from_address | default('admin@grafana.localhost') }}"
from_name: "{{ grafana_config_smtp_from_name | default('Grafana') }}"
emails:
welcome_email_on_sign_up: "{{ grafana_config_emails_welcome_email_on_sign_up | default(false) }}"
log:
mode: "{{ grafana_config_log_mode | join(' ') }}"
level: "{{ grafana_config_log_level | default('info') }}"
filters: "{{ grafana_config_log_filters | default('') }}"
"log.syslog":
format: "{{ grafana_config_log_syslog_format | default('text') }}"
quota:
enabled: "{{ grafana_config_quota_enabled | default(false) }}"
explore:
enabled: "{{ grafana_config_explore_enabled | default(true) }}"
metrics:
enabled: "{{ grafana_config_metrics_enabled | default(false) }}"
grafana_com:
url: "{{ grafana_config_grafana_com_url | default('https://grafana.com') }}"
grafana_merged_config: >-
{{
grafana_default_config
| combine({"auth.generic_oauth": grafana_config_auth_generic_oauth_config}
if grafana_config_auth_generic_oauth_enabled else {}, recursive=true)
| combine(grafana_config | default({}), recursive=true) }}
grafana_ldap_config:
log:
filters: "{{ grafana_ldap_config_log_filters | default('ldap:trace') }}"
servers: "{{ grafana_ldap_config_default_servers }}"
grafana_ldap_config_default_servers:
- host: "{{ grafana_ldap_config_servers_host }}"
port: "{{ grafana_ldap_config_servers_port }}"
use_ssl: "{{ grafana_ldap_config_servers_use_ssl | bool }}"
start_ssl: "{{ grafana_ldap_config_servers_start_ssl | bool }}"
ssl_skip_verify: "{{ grafana_ldap_config_servers_ssl_skip_verify | bool }}"
bind_dn: "{{ grafana_ldap_config_servers_bind_dn }}"
bind_passwort: "{{ grafana_ldap_config_servers_bind_passwort }}"
search_filter: "{{ grafana_ldap_config_servers_search_filter }}"
search_base_dns: "{{ grafana_ldap_config_servers_search_base_dns | to_json }}"
attributes:
name: "{{ grafana_ldap_config_servers_attributes_name | default('givenName') }}"
surname: "{{ grafana_ldap_config_servers_attributes_name | default('sn') }}"
username: "{{ grafana_ldap_config_servers_attributes_name | default('uid') }}"
member_of: "{{ grafana_ldap_config_servers_attributes_member_of | default('memberOf') }}"
email: "{{ grafana_ldap_config_servers_attributes_email | default('mail') }}"
group_mappings: "{{ grafana_ldap_config_default_group_mappings }}"
grafana_ldap_config_default_group_mappings:
- group_dn: "{{ grafana_ldap_config_servers_group_mappings_group_dn }}"
org_role: "{{ grafana_ldap_config_servers_group_mappings_org_role }}"
org_id: "{{ grafana_ldap_config_servers_group_mappings_org_id }}"
grafana_admin: "{{ grafana_ldap_config_servers_group_mappings_grafana_admin }}"

View File

@ -1,26 +0,0 @@
---
grafana_container_image_server: "docker.io"
grafana_container_image_namespace: "grafana"
grafana_container_image_container: "grafana"
grafana_container_image_name: >-2
{{
[
((grafana_container_image_server is defined)
| ternary([ grafana_container_image_server ], [])),
((grafana_container_image_namespace is defined)
| ternary([ grafana_container_image_namespace], [])),
grafana_container_image_container,
] | ansible.builtin.flatten | join('/')
}}
grafana_container_image: >-2
{{ grafana_container_image_name }}:{{ grafana_container_image_tag | default(grafana_version, true) }}
grafana_container_name: grafana
grafana_container_base_volumes:
- "{{ grafana_config_path }}:{{ grafana_container_config_path }}:ro"
- "{{ grafana_data_path }}:{{ grafana_container_data_path }}:rw"
- "{{ grafana_logs_path }}:{{ grafana_container_logs_path }}:rw"
grafana_container_volumes: []
grafana_container_collected_volumes: >-2
{{ grafana_container_base_volumes + grafana_container_volumes }}
grafana_container_restart_policy: "unless-stopped"

View File

@ -1,20 +0,0 @@
---
grafana_user: grafana
grafana_version: "11.4.0"
grafana_base_path: "/opt/grafana"
grafana_config_path: "{{ grafana_base_path }}/config"
grafana_config_file: "{{ grafana_config_path }}/grafana.ini"
grafana_ldap_config_file: "{{ grafana_config_path }}/ldap.toml"
grafana_provisioning_path: "{{ grafana_config_path }}/provisioning"
grafana_notifier_provisioning_path: "{{ grafana_provisioning_path }}/notifiers"
grafana_dashboard_provisioning_path: "{{ grafana_provisioning_path }}/dashboards"
grafana_datasource_provisioning_path: "{{ grafana_provisioning_path }}/datasources"
grafana_plugin_provisioning_path: "{{ grafana_provisioning_path }}/plugins"
grafana_data_path: "{{ grafana_base_path }}/data"
grafana_logs_path: "{{ grafana_base_path }}/logs"
grafana_state: present
grafana_run_user: >-
{{ ('uid' in (grafana_user_info | default([]))) | ternary(grafana_user_info.uid, grafana_user) }}
grafana_run_group: >-
{{ ('group' in (grafana_user_info | default([]))) | ternary(grafana_user_info.group, grafana_user) }}

View File

@ -1,8 +0,0 @@
---
- name: Ensure grafana is restarted
community.general.docker_container:
name: "{{ grafana_container_name }}"
state: "started"
restart: true
when: "grafana_state == 'present'"
listen: grafana-restart

View File

@ -1,11 +0,0 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: grafana
description: Deploy and configure the grafana
galaxy_tags:
- grafana
- monitoring
- prometheus
- docker

View File

@ -1,86 +0,0 @@
---
- name: Ensure grafana_state is valid
ansible.builtin.assert:
that:
- "grafana_state in grafana_states"
fail_msg: >-
Only 'present' and 'absent' are allowed as values for grafana_state
- name: Ensure user '{{ grafana_user }}' is {{ grafana_state }}
ansible.builtin.user:
name: "{{ grafana_user }}"
state: "{{ grafana_state }}"
system: true
create_home: false
groups: "{{ grafana_user_groups | default(omit) }}"
append: "{{ grafana_user_groups_append | default(omit) }}"
register: grafana_user_info
- name: Ensure paths are {{ grafana_state }}
ansible.builtin.file:
path: "{{ item.path }}"
state: >-
{{ (grafana_state == 'present') | ternary('directory', 'absent') }}
owner: "{{ grafana_run_user }}"
group: "{{ grafana_run_group }}"
mode: "{{ item.mode | default('0755') }}"
loop:
- path: "{{ grafana_base_path }}"
- path: "{{ grafana_config_path }}"
- path: "{{ grafana_provisioning_path }}"
- path: "{{ grafana_notifier_provisioning_path }}"
- path: "{{ grafana_dashboard_provisioning_path }}"
- path: "{{ grafana_datasource_provisioning_path }}"
- path: "{{ grafana_plugin_provisioning_path }}"
- path: "{{ grafana_data_path }}"
- path: "{{ grafana_logs_path }}"
- name: Ensure configuration file '{{ grafana_config_file }}' is templated
ansible.builtin.copy:
dest: "{{ grafana_config_file }}"
content: "{{ grafana_merged_config | community.general.to_ini }}"
owner: "{{ grafana_run_user }}"
group: "{{ grafana_run_group }}"
mode: "0640"
when: "grafana_state == 'present'"
tags:
- grafana-update-config
notify: grafana-restart
- name: Ensure ldap configuration file '{{ grafana_ldap_config_file }}' is templated if required
ansible.builtin.copy:
dest: "{{ grafana_ldap_config_file }}"
content: "{{ grafana_ldap_config | ansible.builtin.to_toml }}"
owner: "{{ grafana_run_user }}"
group: "{{ grafana_run_group }}"
mode: "0640"
when:
- "grafana_state == 'present'"
- "grafana_config_auth_ldap_enabled | default(false) | bool"
tags:
- grafana-update-config
notify: grafana-restart
- name: Ensure grafana container image '{{ grafana_container_image }}' is {{ grafana_state }}
community.docker.docker_image:
name: "{{ grafana_container_image }}"
state: "{{ grafana_state }}"
source: >-
{{ (grafana_state == 'present') | ternary('pull', omit) }}
force_source: >-
{{ (grafana_state == 'present') | ternary((grafana_container_image_tag is defined), omit) }}
- name: Ensure grafana container '{{ grafana_container_name }}' is {{ grafana_state }}
community.docker.docker_container:
name: "{{ grafana_container_name }}"
env: "{{ grafana_container_env | default(omit) }}"
user: "{{ grafana_run_user }}"
ports: "{{ grafana_container_ports | default(omit) }}"
groups: "{{ grafana_run_group }}"
labels: "{{ grafana_container_labels | default(omit) }}"
volumes: "{{ grafana_container_collected_volumes }}"
networks: "{{ grafana_container_networks | default(omit, true) }}"
restart_policy: "{{ grafana_container_restart_policy }}"
state: "{{ (grafana_state == 'present') | ternary('started', 'absent') }}"
comparisons:
'*': strict

View File

@ -1,7 +0,0 @@
---
grafana_states:
- present
- absent
grafana_container_config_path: "/etc/grafana"
grafana_container_data_path: "/var/lib/grafana"
grafana_container_logs_path: "/var/log/grafana"

View File

@ -19,7 +19,7 @@ matrix_alertmanager_container_image_tag: latest
matrix_alertmanager_container_image: >-2 matrix_alertmanager_container_image: >-2
{{ matrix_alertmanager_container_image_name + ':' + matrix_alertmanager_container_image_tag }} {{ matrix_alertmanager_container_image_name + ':' + matrix_alertmanager_container_image_tag }}
matrix_alertmanager_container_env: >-2 matrix_alertmanager_container_env: >-2
{{ matrix_alertmanager_container_base_env | combine(matrix_alertmanager_container_extra_env) }} {{ matrix_alertmanager_container_base_env | combine(matrix_alertmanager_container_extra_env }}
matrix_alertmanager_container_extra_env: {} matrix_alertmanager_container_extra_env: {}
matrix_alertmanager_container_ports: >-2 matrix_alertmanager_container_ports: >-2
{{ matrix_alertmanager_container_base_ports + matrix_alertmanager_container_extra_ports }} {{ matrix_alertmanager_container_base_ports + matrix_alertmanager_container_extra_ports }}
@ -35,3 +35,5 @@ matrix_alertmanager_container_extra_labels: {}
matrix_alertmanager_container_capabilities: ~ matrix_alertmanager_container_capabilities: ~
matrix_alertmanager_container_etc_hosts: ~ matrix_alertmanager_container_etc_hosts: ~
matrix_alertmanager_container_restart_policy: unless-stopped matrix_alertmanager_container_restart_policy: unless-stopped
#matrix_alertmanager_
#matrix_alertmanager_

View File

@ -5,12 +5,12 @@
name: "{{ matrix_alertmanager_user }}" name: "{{ matrix_alertmanager_user }}"
state: present state: present
system: yes system: yes
when: "matrix_alertmanager_user is string and matrix_alertmanager_user != 'root'" when: matrix_alertmanager_user is string and matrix_alertmanager_user is not 'root'
register: matrix_alertmanager_user_info register: matrix_alertmanager_user_info
- name: Ensure base directory '{{ matrix_alertmanager_base_path }}' exists - name: Ensure base directory '{{ matrix_alertmanager_base_path }}' exists
file: file:
path: "{{ matrix_alertmanager_base_path }}" path: "{{ matrix_alertmanager_base_path }}"
state: directory state: directory
owner: "{{ matrix_alertmanager_run_user }}" owner: "{{ matrix_alertmanager_run_user }}"
group: "{{ matrix_alertmanager_run_group }}" group: "{{ matrix_alertmanager_run_group }}"
@ -19,13 +19,13 @@
- name: Ensure config file '{{ matrix_alertmanager_config_file_path }}' is templated - name: Ensure config file '{{ matrix_alertmanager_config_file_path }}' is templated
template: template:
src: env.j2 src: env.j2
dest: "{{ matrix_alertmanager_config_file_path }}" dest: "{{ matrix_alertmanager_base_path }}"
owner: "{{ matrix_alertmanager_run_user }}" owner: "{{ matrix_alertmanager_run_user }}"
group: "{{ matrix_alertmanager_run_group }}" group: "{{ matrix_alertmanager_run_group }}"
mode: "0640" mode: "0640"
vars: vars:
matrix_alertmanager_rooms_flattened: >-2 matrix_alertmanager_rooms_flattened: >-2
{%- for receiver in matrix_alertmanager_rooms -%} {%- for receiver in matrix_alertmanager_rooms_flattened -%}
{{ receiver.name }}/{{ receiver.room_id }}{{ '' if loop.last else '|' }} {{ receiver.name }}/{{ receiver.room_id }}{{ '' if loop.last else '|' }}
{%- endfor %} {%- endfor %}
@ -41,6 +41,6 @@
networks: "{{ matrix_alertmanager_container_networks | default(omit, True) }}" networks: "{{ matrix_alertmanager_container_networks | default(omit, True) }}"
capabilities: "{{ matrix_alertmanager_container_capabilities | default(omit, True) }}" capabilities: "{{ matrix_alertmanager_container_capabilities | default(omit, True) }}"
purge_networks: "{{ matrix_alertmanager_container_purge_networks | default(omit, True) }}" purge_networks: "{{ matrix_alertmanager_container_purge_networks | default(omit, True) }}"
etc_hosts: "{{ matrix_alertmanager_container_etc_hosts | default(omit, True) }}" etc_hosts: "{{ matrix_alertmanager_container_etc_hosts | default(omit) }}"
restart_policy: "{{ matrix_alertmanager_container_restart_policy }}" restart_policy: "{{ matrix_alertmanager_container_restart_policy }}"
state: started state: started

View File

@ -2,11 +2,11 @@
matrix_alertmanager_run_user: >-2 matrix_alertmanager_run_user: >-2
{{ matrix_alertmanager_user_info.uid {{ matrix_alertmanager_user_info.uid
if matrix_alertmanager_user != 'root' if matrix_alertmanager_user is not 'root'
else matrix_alertmanager_user }} else matrix_alertmanager_user }}
matrix_alertmanager_run_group: >-2 matrix_alertmanager_run_group: >-2
{{ matrix_alertmanager_user_info.group {{ matrix_alertmanager_user_info.group
if matrix_alertmanager_user != 'root' if matrix_alertmanager_user is not 'root'
else matrix_alertmanager_user }} else matrix_alertmanager_user }}
matrix_alertmanager_container_base_env: {} matrix_alertmanager_container_base_env: {}

View File

@ -1,12 +0,0 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: matrix_alertmanager
description: Deploy matrix_alertmanager, an alertmanager receiver for matrix rooms
galaxy_tags:
- matrix_alertmanager
- alertmanager_receiver
- alertmanager
- matrix
- docker

View File

@ -1,18 +0,0 @@
# `finallycoffee.observability.postgres_exporter` ansible role
## Overview
Ansible role to deploy [`postgres_exporter`](https://github.com/prometheus-community/postgres_exporter),
running in a docker container.
## Configuration
Set `postgres_exporter_db_[host|post|user|pass]` according to your
databases configuration, and scrape the container on it's port `9187`
(e.g.: `http://{container_ip}:9187/metrics`).
For more configuration options using environment variables, see the
[official README](https://github.com/prometheus-community/postgres_exporter)
and set the configuration in `postgres_exporter_container_env` to override
the defaults.

View File

@ -1,6 +1,6 @@
--- ---
postgres_exporter_version: "0.15.0" postgres_exporter_version: "0.10.1"
postgres_exporter_user: root postgres_exporter_user: root
postgres_exporter_create_user: false postgres_exporter_create_user: false
@ -13,7 +13,7 @@ postgres_exporter_db_sslmode: false
postgres_exporter_container_name: postgres_exporter postgres_exporter_container_name: postgres_exporter
postgres_exporter_container_image_name: quay.io/prometheuscommunity/postgres-exporter postgres_exporter_container_image_name: quay.io/prometheuscommunity/postgres-exporter
postgres_exporter_container_image_tag: ~ postgres_exporter_container_image_tag: ~
postgres_exporter_container_image_ref: "{{ postgres_exporter_container_image_name }}:{{ postgres_exporter_container_image_tag | default('v' + postgres_exporter_version, True) }}" postgres_exporter_container_image_ref: "{{ postgres_exporter_container_image_name }}:{{ postgres_exporter_container_image_tag | default('v' + postgres_exporter_version) }}"
postgres_exporter_container_networks: ~ postgres_exporter_container_networks: ~
postgres_exporter_container_purge_networks: false postgres_exporter_container_purge_networks: false
postgres_exporter_container_volumes: [] postgres_exporter_container_volumes: []
@ -23,9 +23,13 @@ postgres_exporter_container_env:
user={{ postgres_exporter_db_user }} user={{ postgres_exporter_db_user }}
host={{ postgres_exporter_db_host }} host={{ postgres_exporter_db_host }}
sslmode={{ 'enable' if postgres_exporter_db_sslmode else 'disable' }} sslmode={{ 'enable' if postgres_exporter_db_sslmode else 'disable' }}
{%- if postgres_exporter_db_pass -%} pass={{ postgres_exporter_db_pass }}{% endif -%} {% if postgres_exporter_db_pass %}
{%- if postgres_exporter_db_port -%} port={{ postgres_exporter_db_port }}{% endif -%} pass={{ postgres_exporter_db_pass }}
{% endif %}
{% if postgres_exporter_db_port %}
port={{ postgres_exporter_db_port }}
{% endif %}
postgres_exporter_container_labels: postgres_exporter_container_labels:
VERSION: "{{ postgres_exporter_version }}" VERSION: "{{ postgres_exporter_version }}"
postgres_exporter_container_user: "{{ postgres_exporter_user if not postgres_exporter_create_user else postgres_exporter_user_info.uid }}" postgres_exporter_container_user: "{{ postgres_exporter_user_info.uid if postgres_exporter_user_info is defined else postgres_exporter_user }}"
postgres_exporter_container_restart_policy: unless-stopped postgres_exporter_container_restart_policy: unless-stopped

View File

@ -1,12 +0,0 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: postgres_exporter
description: Deploy and configure the prometheus-maintained postgres_exporter
galaxy_tags:
- postgres_exporter
- prometheus
- postgresql
- postgres
- docker

View File

@ -9,11 +9,11 @@
when: postgres_exporter_create_user when: postgres_exporter_create_user
- name: Ensure container image '{{ postgres_exporter_container_image_ref }}' is available - name: Ensure container image '{{ postgres_exporter_container_image_ref }}' is available
community.docker.docker_image: docker_container_image:
name: "{{ postgres_exporter_container_image_ref }}" name: "{{ postgres_exporter_container_image_ref }}"
state: present state: present
source: pull source: pull
force_source: "{{ 'yes' if postgres_exporter_container_image_tag else 'no' }}" force_source: "{{ postgres_exporter_container_image_tag|bool }}"
- name: Ensure postgres exporter container '{{ postgres_exporter_container_name }}' is running - name: Ensure postgres exporter container '{{ postgres_exporter_container_name }}' is running
docker_container: docker_container:

View File

@ -1,27 +0,0 @@
# `finallycoffee.observability.vmagent` ansible role
Install and configure the
[victoriametrics agent `vmagent`](https://docs.victoriametrics.com/vmagent/)
using the [supported deployment types (see `vars/main.yml#L5`)](vars/main.yml#L5).
## Configuration
Set scrape job configuration as complex data in `vmagent_config_scrape_configs`.
To tune the scrape interval, override `vmagent_config_global_scrape_interval`,
or modify / extend `vmagent_config` directly.
### Prometheus remote write api with basic auth
One of the more common methods of sending the collected metrics to a
central prometheus server. Set the following variables to archieve this:
```yaml
vmagent_flags:
remoteWrite_url: https://my.prometheus.instance.example.com/api/v1/write
remoteWrite_basicAuth_username: my_prom_user
remoteWrite_basicAuth_passwordFile: /path/to/password/file.key
```
For the full set of options, see either the
[vmagents' "Advanced usage" documentation](https://docs.victoriametrics.com/vmagent/#advanced-usage)
or run `vmagent -help` for the same output.

View File

@ -1,17 +0,0 @@
---
vmagent_config_global_scrape_interval: "30s"
vmagent_config_global_scrape_timeout: "10s"
vmagent_config_global_external_labels: {}
vmagent_config_scrape_configs: []
vmagent_config: ~
vmagent_base_config:
global:
scrape_interval: "{{ vmagent_config_global_scrape_interval }}"
scrape_timeout: "{{ vmagent_config_global_scrape_timeout }}"
external_labels: "{{ vmagent_config_global_external_labels }}"
scrape_configs: "{{ vmagent_config_scrape_configs }}"
vmagent_merged_config: >-2
{{ (vmagent_base_config | default({}, true))
| combine(vmagent_config | default({}, true), recursive=True) }}

View File

@ -1,59 +0,0 @@
---
vmagent_container_image_registry: "docker.io"
vmagent_container_image_namespace: "victoriametrics"
vmagent_container_image_name: "vmagent"
vmagent_container_image_tag: ~
vmagent_container_image: >-2
{{
([
vmagent_container_image_registry,
vmagent_container_image_namespace,
vmagent_container_image_name,
] | join('/'))
+ ':'
+ (vmagent_container_image_tag
| default('v' + vmagent_version, true))
}}
vmagent_container_image_source: pull
vmagent_container_image_force_source: >-2
{{ vmagent_container_image_tag | default(false, true) | bool }}
vmagent_container_image_network_retries: 3
vmagent_container_image_network_delay: 5
vmagent_container_name: vmagent
vmagent_container_user: ~
vmagent_container_ports: ~
vmagent_container_labels: ~
vmagent_container_command: >-2
{% for flag in vmagent_all_flags -%}
-{{ flag }}
{% endfor -%}
vmagent_container_networks: ~
vmagent_container_network_mode: ~
vmagent_container_etc_hosts: ~
vmagent_container_dns_servers: ~
vmagent_container_restart_policy: >-2
{{ (vmagent_deployment_type == 'docker')
| ternary('unless-stopped', 'on-failure') }}
vmagent_container_state: >-2
{{ (vmagent_state == 'present') | ternary('started', 'absent') }}
vmagent_container_base_volumes:
- "{{ vmagent_scrape_config_file }}:{{ vmagent_scrape_config_file }}:ro"
- "{{ vmagent_cache_path }}:{{ vmagent_cache_path }}:z"
vmagent_container_volumes: ~
vmagent_container_all_volumes: >-2
{{ (vmagent_container_base_volumes | default([], true))
+ (vmagent_container_volumes | default([], true)) }}
vmagent_container_base_env:
remoteWrite_tmpDataPath: "{{ vmagent_cache_path }}"
promscrape_config: "{{ vmagent_scrape_config_file }}"
vmagent_container_env: ~
vmagent_container_merged_env: >-2
{{ (vmagent_container_base_env | default({}, true))
| combine(vmagent_container_env | default({})) }}
vmagent_container_comparisons:
env: allow_more_present
image: strict
labels: allow_more_present

View File

@ -1,16 +0,0 @@
---
vmagent_user: vmagent
vmagent_version: "1.109.1"
vmagent_state: present
vmagent_deployment_method: "docker"
vmagent_scrape_config_file: "/etc/vmagent/scrape_config.yml"
vmagent_config_path: "{{ vmagent_scrape_config_file | dirname }}"
vmagent_cache_path: "/var/cache/vmagent"
vmagent_base_flags:
- "enableTCP6"
- "envflag.enable"
vmagent_flags: ~
vmagent_all_flags: >-2
{{ vmagent_base_flags + (vmagent_flags | default([], true)) }}

View File

@ -1,7 +0,0 @@
---
vmagent_user_groups: ~
vmagent_run_user_id: >-2
{{ vmagent_user_info.uid | default(vmagent_user) }}
vmagent_run_group_id: >-2
{{ vmagent_user_info.group | default(vmagent_user) }}

View File

@ -1,9 +0,0 @@
---
- name: Ensure vmagent container '{{ vmagent_container_name }}' is restarted
community.docker.docker_container:
name: "{{ vmagent_container_name }}"
state: "{{ vmagent_container_state }}"
restart: true
listen: "vmagent-reload"
ignore_errors: "{{ ansible_check_mode }}"
when: vmagent_deployment_method == 'docker'

View File

@ -1,10 +0,0 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: vmagent
description: Deploy and configure the victoriametrics agent `vmagent`
galaxy_tags:
- victoriametrics
- vmagent
- prometheus

View File

@ -1,29 +0,0 @@
---
- name: Ensure container image '{{ vmagent_container_image }}' is {{ vmagent_state }}
community.docker.docker_image:
name: "{{ vmagent_container_image }}"
state: "{{ vmagent_state }}"
source: "{{ vmagent_container_image_source }}"
force_source: "{{ vmagent_container_image_force_source }}"
register: vmagent_container_image_info
until: vmagent_container_image_info is success
retries: "{{ vmagent_container_image_network_retries }}"
delay: "{{ vmagent_container_image_network_delay }}"
- name: Ensure container '{{ vmagent_container_name }}' is {{ vmagent_container_state }}
community.docker.docker_container:
name: "{{ vmagent_container_name }}"
image: "{{ vmagent_container_image }}"
env: "{{ vmagent_container_merged_env }}"
user: "{{ vmagent_container_user }}"
ports: "{{ vmagent_container_ports | default(omit, true) }}"
labels: "{{ vmagent_container_labels | default(omit, true) }}"
command: "{{ vmagent_container_command }}"
volumes: "{{ vmagent_container_all_volumes }}"
networks: "{{ vmagent_container_networks | default(omit, true) }}"
etc_hosts: "{{ vmagent_container_etc_hosts | default(omit, true) }}"
dns_servers: "{{ vmagent_container_dns_servers | default(omit, true) }}"
network_mode: "{{ vmagent_container_network_mode | default(omit, true) }}"
restart_policy: "{{ vmagent_container_restart_policy | default(omit, true) }}"
comparisons: "{{ vmagent_container_comparisons | default(omit, true) }}"
state: "{{ vmagent_container_state }}"

View File

@ -1,54 +0,0 @@
---
- name: Check that `vmagent_state` is valid
ansible.builtin.fail:
msg: >-2
Unsupported state '{{ vmagent_state }}'! Supported states
are {{ vmagent_states | join(', ') }}.
when: vmagent_state not in vmagent_states
- name: Check that `vmagent_deployment_method` is valid
ansible.builtin.fail:
msg: >-2
Unsupported deployment method '{{ vmagent_deployment_method }}'!
Supported are: {{ vmagent_deployment_methods | join(', ') }}.
when: vmagent_deployment_method not in vmagent_deployment_methods
- name: Ensure vmagent user '{{ vmagent_user }}' is {{ vmagent_state }}
ansible.builtin.user:
name: "{{ vmagent_user }}"
state: "{{ vmagent_state }}"
system: "{{ vmagent_user_system | default(true, true) }}"
groups: "{{ vmagent_user_groups | default(omit, true) }}"
append: "{{ (vmagent_user_groups | default([], true)) | length > 0 }}"
create_home: "{{ vmagent_user_create_home | default(false, true) }}"
register: vmagent_user_info
- name: Ensure configuration file '{{ vmagent_scrape_config_file }}' is {{ vmagent_state }}
ansible.builtin.file:
path: "{{ vmagent_scrape_config_file }}"
state: "{{ vmagent_state }}"
when: vmagent_state == 'absent'
- name: Ensure config directory '{{ vmagent_config_path }}' is {{ vmagent_state }}
ansible.builtin.file:
path: "{{ vmagent_config_path }}"
state: >-2
{{ (vmagent_state == 'present') | ternary('directory', 'absent') }}
owner: "{{ vmagent_run_user_id }}"
group: "{{ vmagent_run_group_id }}"
mode: "0755"
- name: Ensure configuration file '{{ vmagent_scrape_config_file }}' is {{ vmagent_state }}
ansible.builtin.copy:
dest: "{{ vmagent_scrape_config_file }}"
content: "{{ vmagent_merged_config | to_nice_yaml(indent=4, width=1000) }}"
owner: "{{ vmagent_run_user_id }}"
group: "{{ vmagent_run_group_id }}"
mode: "0644"
when: vmagent_state == 'present'
notify:
- vmagent-reload
- name: Ensure vmagent is deployed using {{ vmagent_deployment_method }}
ansible.builtin.include_tasks:
file: "deploy-{{ vmagent_deployment_method }}.yml"

View File

@ -1,6 +0,0 @@
---
vmagent_states:
- present
- absent
vmagent_deployment_methods:
- docker

View File

@ -1,11 +0,0 @@
# `finallycoffee.observability.vmalert` ansible role
## Description
This role configures `vmalert` and runs it in the officially distributed docker container.
The default configuration file for recording rules is `vmalert_recording_config` and the default file for alerts is `vmalert_alert_config`. To set rules in a prometheus-like syntax, supply them to the role using `vmalert_alerts` or `vmalert_records`.
It is also possible to pass extra rule-files to load using `vmalert_rule_files`, though care must be taken to also mount them to the location in the container by populating `vmalert_container_volumes`.
VM alert runs with the `envflag.enable` flag by default, so configuration to vmalert can be passed using `vmalert_container_env` with the syntax found on the official victoriametrics documentation.

View File

@ -1,57 +0,0 @@
---
vmalert_state: present
vmalert_user: vmalert
vmalert_version: "1.109.1"
vmalert_base_path: "/opt/vmalert"
vmalert_config_path: "{{ vmalert_base_path }}/config"
vmalert_alert_config: "{{ vmalert_config_path }}/alerts.yml"
vmalert_recording_config: "{{ vmalert_config_path }}/records.yml"
vmalert_alerts: {}
vmalert_records: {}
vmalert_rule_files: []
vmalert_default_rule_files:
- "{{ vmalert_alert_config }}"
- "{{ vmalert_recording_config }}"
vmalert_merged_rule_files: >-
{{ vmalert_default_rule_files + vmalert_rule_files }}
vmalert_container_image_server: docker.io
vmalert_container_image_namespace: "victoriametrics"
vmalert_container_image_container: "vmalert"
vmalert_container_image_name: >-2
{{
vmalert_container_image_server
+ ((vmalert_container_image_namespace is defined)
| ternary('/' ~ vmalert_container_image_namespace, ''))
+ '/' + vmalert_container_image_container
}}
#vmalert_container_image_tag:
vmalert_container_image: >-2
{{ vmalert_container_image_name }}:{{ vmalert_container_image_tag | default('v' + vmalert_version, false) }}
vmalert_user_id: >-
{{ (vmalert_user_info is defined and 'uid' in vmalert_user_info) | ternary(vmalert_user_info.uid, vmalert_user) }}
vmalert_group_id: >-
{{ (vmalert_user_info is defined and 'group' in vmalert_user_info) | ternary(vmalert_user_info.group, vmalert_user) }}
vmalert_container_user: "{{ vmalert_user_id }}"
vmalert_container_group: "{{ vmalert_group_id }}"
vmalert_container_name: "vmalert"
vmalert_container_command: []
vmalert_container_default_command:
- "-enableTCP6"
- "-envflag.enable"
vmalert_container_merged_command: >-
{{ vmalert_container_default_command + (vmalert_container_command | default([], false)) }}
vmalert_container_env: {}
vmalert_container_default_env:
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
rule: "{{ vmalert_merged_rule_files | join(',') }}"
vmalert_container_merged_env: >-
{{ vmalert_container_default_env | combine(vmalert_container_env) }}
vmalert_container_volumes: []
vmalert_container_default_volumes:
- "{{ vmalert_config_path }}:{{ vmalert_config_path }}:z"
vmalert_container_merged_volumes: >-
{{ vmalert_container_default_volumes | combine(vmalert_container_volumes) }}
vmalert_container_restart_policy: "unless-stopped"

View File

@ -1,11 +0,0 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: vmalert
description: Deploy and configure the victoriametrics alerting engine `vmalert`
galaxy_tags:
- victoriametrics
- vmalert
- alerting
- prometheus

View File

@ -1,69 +0,0 @@
---
- name: Ensure user {{ vmalert_user }} is {{ vmalert_state }}
ansible.builtin.user:
name: "{{ vmalert_user }}"
state: present
system: true
create_home: false
register: vmalert_user_info
- name: Ensure directories for vmalert are {{ vmalert_state }}
ansible.builtin.file:
path: "{{ item.path }}"
state: "{{ (vmalert_state == 'present') | ternary('directory', 'absent') }}"
owner: "{{ item.owner | default(vmalert_user_id) }}"
group: "{{ item.group | default(vmalert_group_id) }}"
mode: "{{ item.mode | default('0775') }}"
loop:
- path: "{{ vmalert_base_path }}"
- path: "{{ vmalert_config_path }}"
mode: "0755"
loop_control:
label: "{{ item.path }}"
- name: Ensure alert configuration is present
ansible.builtin.copy:
dest: "{{ vmalert_alert_config }}"
content: |
{{ ({ 'groups': vmalert_alerts})
| to_nice_yaml(indent=2, width=1024, default_style='"') }}
owner: "{{ item.owner | default(vmalert_user_id) }}"
group: "{{ item.group | default(vmalert_group_id) }}"
mode: "{{ item.mode | default('0775') }}"
when: vmalert_state == 'present'
- name: Ensure recording rule configuration is present
ansible.builtin.copy:
dest: "{{ vmalert_recording_config }}"
content: |
{{ ({ 'groups': vmalert_records})
| to_nice_yaml(indent=2, width=1024, default_style='"') }}
owner: "{{ item.owner | default(vmalert_user_id) }}"
group: "{{ item.group | default(vmalert_group_id) }}"
mode: "{{ item.mode | default('0775') }}"
when: vmalert_state == 'present'
- name: Ensure container image {{ vmalert_container_image }} is {{ vmalert_state }}
community.docker.docker_image:
name: "{{ vmalert_container_image }}"
state: "{{ vmalert_state }}"
source: "{{ (vmalert_state == 'present') | ternary('pull', omit) }}"
force_source: >-2
{{ (vmalert_container_image == 'present') | ternary(vmalert_container_image_tag, omit) }}
- name: Ensure vmalert container is {{ vmalert_state }}
community.docker.docker_container:
name: "{{ vmalert_container_name}}"
image: "{{ vmalert_container_image }}"
env: "{{ vmalert_container_merged_env }}"
user: "{{ vmalert_container_user }}"
ports: "{{ vmalert_container_ports | default(omit) }}"
groups: "{{ vmalert_container_group }}"
labels: "{{ vmalert_container_labels | default(omit) }}"
volumes: "{{ vmalert_container_merged_volumes }}"
command: "{{ vmalert_container_merged_command }}"
networks: "{{ vmalert_container_networks | default(omit) }}"
etc_hosts: "{{ vmalert_container_etc_hosts | default(omit )}}"
purge_networks: "{{ vmalert_container_purge_networks | default(omit) }}"
restart_policy: "{{ vmalert_container_restart_policy | default(omit) }}"
state: "{{ (vmalert_state == 'present') | ternary('started', 'absent') }}"

View File

@ -1,7 +0,0 @@
# `finallycoffee.observability.vmtsdb` ansible role
## Description
This role configures `vmtsdb`, the time-series database part of victoria metrics, run in a docker container.
Per default `enableTCP6` and `envflag.enable` flags are passed to victoriametrics, enabling configuration using `vmtsdb_container_env`, using the syntax found on the official victoriametrics documentation.

View File

@ -1,45 +0,0 @@
---
vmtsdb_state: present
vmtsdb_user: vmtsdb
vmtsdb_version: "1.109.1"
vmtsdb_base_path: "/opt/vmtsdb"
vmtsdb_data_path: "{{ vmtsdb_base_path }}/data"
vmtsdb_container_image_server: docker.io
vmtsdb_container_image_namespace: "victoriametrics"
vmtsdb_container_image_container: "victoria-metrics"
vmtsdb_container_image_name: >-2
{{
vmtsdb_container_image_server
+ ((vmtsdb_container_image_namespace is defined)
| ternary('/' ~ vmtsdb_container_image_namespace, ''))
+ '/' + vmtsdb_container_image_container
}}
#vmtsdb_container_image_tag:
vmtsdb_container_image: >-2
{{ vmtsdb_container_image_name }}:{{ vmtsdb_container_image_tag | default('v' + vmtsdb_version, false) }}
vmtsdb_user_id: >-
{{ (vmtsdb_user_info is defined and 'uid' in vmtsdb_user_info) | ternary(vmtsdb_user_info.uid, vmtsdb_user) }}
vmtsdb_group_id: >-
{{ (vmtsdb_user_info is defined and 'group' in vmtsdb_user_info) | ternary(vmtsdb_user_info.group, vmtsdb_user) }}
vmtsdb_container_user: "{{ vmtsdb_user_id }}"
vmtsdb_container_group: "{{ vmtsdb_group_id }}"
vmtsdb_container_name: "vmtsdb"
vmtsdb_container_command: []
vmtsdb_container_default_command:
- "-enableTCP6"
- "-envflag.enable"
vmtsdb_container_merged_command: >-
{{ vmtsdb_container_default_command + (vmtsdb_container_command | default([], false)) }}
vmtsdb_container_env: {}
vmtsdb_container_default_env:
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
vmtsdb_container_merged_env: >-
{{ vmtsdb_container_default_env | combine(vmtsdb_container_env) }}
vmtsdb_container_volumes: []
vmtsdb_container_default_volumes:
- "{{ vmtsdb_data_path }}:/victoria-metrics-data:z"
vmtsdb_container_merged_volumes: >-
{{ vmtsdb_container_default_volumes | combine(vmtsdb_container_volumes) }}
vmtsdb_container_restart_policy: "unless-stopped"

View File

@ -1,10 +0,0 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: vmtsdb
description: Deploy and configure the victoriametrics time-series database `vmtsdb`
galaxy_tags:
- victoriametrics
- vmtsdb
- prometheus

View File

@ -1,50 +0,0 @@
---
- name: Ensure user {{ vmtsdb_user }} is {{ vmtsdb_state }}
ansible.builtin.user:
name: "{{ vmtsdb_user }}"
state: present
system: true
create_home: false
register: vmtsdb_user_info
- name: Ensure directories for vmtsdb are {{ vmtsdb_state }}
ansible.builtin.file:
path: "{{ item.path }}"
state: "{{ (vmtsdb_state == 'present') | ternary('directory', 'absent') }}"
owner: "{{ item.owner | default(vmtsdb_user_id) }}"
group: "{{ item.group | default(vmtsdb_group_id) }}"
mode: "{{ item.mode | default('0775') }}"
loop:
- path: "{{ vmtsdb_base_path }}"
- path: "{{ vmtsdb_data_path }}"
mode: "0755"
loop_control:
label: "{{ item.path }}"
- name: Ensure container image {{ vmtsdb_container_image }} is {{ vmtsdb_state }}
community.docker.docker_image:
name: "{{ vmtsdb_container_image }}"
state: "{{ vmtsdb_state }}"
source: "{{ (vmtsdb_state == 'present') | ternary('pull', omit) }}"
force_source: >-2
{{ (vmtsdb_container_image == 'present') | ternary(vmtsdb_container_image_tag, omit) }}
- name: Ensure vmtsdb container is {{ vmtsdb_state }}
community.docker.docker_container:
name: "{{ vmtsdb_container_name}}"
image: "{{ vmtsdb_container_image }}"
env: "{{ vmtsdb_container_merged_env }}"
user: "{{ vmtsdb_container_user }}"
ports: "{{ vmtsdb_container_ports | default(omit) }}"
groups: "{{ vmtsdb_container_group }}"
labels: "{{ vmtsdb_container_labels | default(omit) }}"
volumes: "{{ vmtsdb_container_merged_volumes }}"
command: "{{ vmtsdb_container_merged_command }}"
networks: "{{ vmtsdb_container_networks | default(omit) }}"
etc_hosts: "{{ vmtsdb_container_etc_hosts | default(omit )}}"
purge_networks: "{{ vmtsdb_container_purge_networks | default(omit) }}"
restart_policy: "{{ vmtsdb_container_restart_policy | default(omit) }}"
state: "{{ (vmtsdb_state == 'present') | ternary('started', 'absent') }}"
comparisons:
labels: strict
env: strict