Compare commits
No commits in common. "main" and "1a2cb67f7a83e8b5c6f43afe896c54cc8e99f669" have entirely different histories.
main
...
1a2cb67f7a
482
LICENSE.md
482
LICENSE.md
@ -1,482 +0,0 @@
|
|||||||
THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS
|
|
||||||
COOPERATIVE NON-VIOLENT PUBLIC LICENSE (\"LICENSE\"). THE WORK IS
|
|
||||||
PROTECTED BY COPYRIGHT AND ALL OTHER APPLICABLE LAWS. ANY USE OF THE
|
|
||||||
WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS
|
|
||||||
PROHIBITED. BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED IN THIS
|
|
||||||
LICENSE, YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE.TO THE
|
|
||||||
EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR
|
|
||||||
GRANTS YOU THE RIGHTS CONTAINED HERE IN AS CONSIDERATION FOR ACCEPTING
|
|
||||||
THE TERMS AND CONDITIONS OF THIS LICENSE AND FOR AGREEING TO BE BOUND BY
|
|
||||||
THE TERMS AND CONDITIONS OF THIS LICENSE.
|
|
||||||
|
|
||||||
# Definitions
|
|
||||||
|
|
||||||
An Act of War is any action of one country against any group either with
|
|
||||||
an intention to provoke a conflict or an action that occurs during a
|
|
||||||
declared war or during armed conflict between military forces of any
|
|
||||||
origin. This includes but is not limited to enforcing sanctions or
|
|
||||||
sieges, supplying armed forces, or profiting from the manufacture of
|
|
||||||
tools or weaponry used in military conflict.
|
|
||||||
|
|
||||||
An Adaptation is a work based upon the Work, or upon the Work and other
|
|
||||||
pre-existing works, such as a translation, adaptation, derivative work,
|
|
||||||
arrangement of music or other alterations of a literary or artistic
|
|
||||||
work, or phonogram or performance and includes cinematographic
|
|
||||||
adaptations or any other form in which the Work may be recast,
|
|
||||||
transformed, or adapted including in any form recognizably derived from
|
|
||||||
the original, except that a work that constitutes a Collection will not
|
|
||||||
be considered an Adaptation for the purpose of this License. For the
|
|
||||||
avoidance of doubt, where the Work is a musical work, performance or
|
|
||||||
phonogram, the synchronization of the Work in timed-relation with a
|
|
||||||
moving image (\"synching\") will be considered an Adaptation for the
|
|
||||||
purpose of this License. In addition, where the Work is designed to
|
|
||||||
output a neural network the output of the neural network will be
|
|
||||||
considered an Adaptation for the purpose of this license.
|
|
||||||
|
|
||||||
Bodily Harm is any physical hurt or injury to a person that interferes
|
|
||||||
with the health or comfort of the person and that is more than merely
|
|
||||||
transient or trifling in nature.
|
|
||||||
|
|
||||||
Distribute is to make available to the public the original and copies of
|
|
||||||
the Work or Adaptation, as appropriate, through sale, gift or any other
|
|
||||||
transfer of possession or ownership.
|
|
||||||
|
|
||||||
Incarceration is Confinement in a jail, prison, or any other place where
|
|
||||||
individuals of any kind are held against either their will or (if their
|
|
||||||
will cannot be determined) the will of their legal guardian or
|
|
||||||
guardians. In the case of a conflict between the will of the individual
|
|
||||||
and the will of their legal guardian or guardians, the will of the
|
|
||||||
individual will take precedence.
|
|
||||||
|
|
||||||
Licensor is The individual, individuals, entity, or entities that
|
|
||||||
offer(s) the Work under the terms of this License
|
|
||||||
|
|
||||||
Original Author is in the case of a literary or artistic work, the
|
|
||||||
individual, individuals, entity or entities who created the Work or if
|
|
||||||
no individual or entity can be identified, the publisher; and in
|
|
||||||
addition
|
|
||||||
|
|
||||||
- in the case of a performance the actors, singers, musicians,
|
|
||||||
dancers, and other persons who act, sing, deliver, declaim, play in,
|
|
||||||
interpret or otherwise perform literary or artistic works or
|
|
||||||
expressions of folklore;
|
|
||||||
|
|
||||||
- in the case of a phonogram the producer being the person or legal
|
|
||||||
entity who first fixes the sounds of a performance or other sounds;
|
|
||||||
and,
|
|
||||||
|
|
||||||
- in the case of broadcasts, the organization that transmits the
|
|
||||||
broadcast.
|
|
||||||
|
|
||||||
Work is the literary and/or artistic work offered under the terms of
|
|
||||||
this License including without limitation any production in the
|
|
||||||
literary, scientific and artistic domain, whatever may be the mode or
|
|
||||||
form of its expression including digital form, such as a book, pamphlet
|
|
||||||
and other writing; a lecture, address, sermon or other work of the same
|
|
||||||
nature; a dramatic or dramatico-musical work; a choreographic work or
|
|
||||||
entertainment in dumb show; a musical composition with or without words;
|
|
||||||
a cinematographic work to which are assimilated works expressed by a
|
|
||||||
process analogous to cinematography; a work of drawing, painting,
|
|
||||||
architecture, sculpture, engraving or lithography; a photographic work
|
|
||||||
to which are assimilated works expressed by a process analogous to
|
|
||||||
photography; a work of applied art; an illustration, map, plan, sketch
|
|
||||||
or three-dimensional work relative to geography, topography,
|
|
||||||
architecture or science; a performance; a broadcast; a phonogram; a
|
|
||||||
compilation of data to the extent it is protected as a copyrightable
|
|
||||||
work; or a work performed by a variety or circus performer to the extent
|
|
||||||
it is not otherwise considered a literary or artistic work.
|
|
||||||
|
|
||||||
You means an individual or entity exercising rights under this License
|
|
||||||
who has not previously violated the terms of this License with respect
|
|
||||||
to the Work, or who has received express permission from the Licensor to
|
|
||||||
exercise rights under this License despite a previous violation.
|
|
||||||
|
|
||||||
Publicly Perform means to perform public recitations of the Work and to
|
|
||||||
communicate to the public those public recitations, by any means or
|
|
||||||
process, including by wire or wireless means or public digital
|
|
||||||
performances; to make available to the public Works in such a way that
|
|
||||||
members of the public may access these Works from a place and at a place
|
|
||||||
individually chosen by them; to perform the Work to the public by any
|
|
||||||
means or process and the communication to the public of the performances
|
|
||||||
of the Work, including by public digital performance; to broadcast and
|
|
||||||
rebroadcast the Work by any means including signs, sounds or images.
|
|
||||||
|
|
||||||
Reproduce is to make copies of the Work by any means including without
|
|
||||||
limitation by sound or visual recordings and the right of fixation and
|
|
||||||
reproducing fixations of the Work, including storage of a protected
|
|
||||||
performance or phonogram in digital form or other electronic medium.
|
|
||||||
|
|
||||||
Software is any digital Work which, through use of a third-party piece
|
|
||||||
of Software or through the direct usage of itself on a computer system,
|
|
||||||
the memory of the computer is modified dynamically or semi-dynamically.
|
|
||||||
\"Software\", secondly, processes or interprets information.
|
|
||||||
|
|
||||||
Source Code is Any digital Work which, through use of a third-party
|
|
||||||
piece of Software or through the direct usage of itself on a computer
|
|
||||||
system, the memory of the computer is modified dynamically or
|
|
||||||
semi-dynamically. \"Software\", secondly, processes or interprets
|
|
||||||
information.
|
|
||||||
|
|
||||||
Surveilling is the use of the Work to either overtly or covertly observe
|
|
||||||
and record persons and or their activities.
|
|
||||||
|
|
||||||
A Network Service is the use of a piece of Software to interpret or
|
|
||||||
modify information that is subsequently and directly served to users
|
|
||||||
over the Internet.
|
|
||||||
|
|
||||||
To Discriminate is the use of a piece of Software to interpret or modify
|
|
||||||
information that is subsequently and directly served to users over the
|
|
||||||
Internet.
|
|
||||||
|
|
||||||
Hate Speech is Communication or any form of expression which is solely
|
|
||||||
for the purpose of expressing hatred for some group or advocating a form
|
|
||||||
of Discrimination between humans.
|
|
||||||
|
|
||||||
Coercion is leveraging of the threat of force or use of force to
|
|
||||||
intimidate a person in order to gain compliance, or to offer large
|
|
||||||
incentives which aim to entice a person to act against their will.
|
|
||||||
|
|
||||||
# Fair Dealing Rights
|
|
||||||
|
|
||||||
Nothing in this License is intended to reduce, limit, or restrict any
|
|
||||||
uses free from copyright or rights arising from limitations or
|
|
||||||
exceptions that are provided for in connection with the copyright
|
|
||||||
protection under copyright law or other applicable laws.
|
|
||||||
|
|
||||||
# License Grant
|
|
||||||
|
|
||||||
Subject to the terms and conditions of this License, Licensor hereby
|
|
||||||
grants You a worldwide, royalty-free, non-exclusive, perpetual (for the
|
|
||||||
duration of the applicable copyright) license to exercise the rights in
|
|
||||||
the Work as stated below:
|
|
||||||
|
|
||||||
To Reproduce the Work, to incorporate the Work into one or more
|
|
||||||
Collections, and to Reproduce the Work as incorporated in the
|
|
||||||
Collections
|
|
||||||
|
|
||||||
To create and Reproduce Adaptations provided that any such Adaptation,
|
|
||||||
including any translation in any medium, takes reasonable steps to
|
|
||||||
clearly label, demarcate or otherwise identify that changes were made to
|
|
||||||
the original Work. For example, a translation could be marked \"The
|
|
||||||
original work was translated from English to Spanish,\" or a
|
|
||||||
modification could indicate \"The original work has been modified.\"
|
|
||||||
|
|
||||||
To Distribute and Publicly Perform the Work including as incorporated in
|
|
||||||
Collections.
|
|
||||||
|
|
||||||
To Distribute and Publicly Perform Adaptations. The above rights may be
|
|
||||||
exercised in all media and formats whether now known or hereafter
|
|
||||||
devised. The above rights include the right to make such modifications
|
|
||||||
as are technically necessary to exercise the rights in other media and
|
|
||||||
formats. This License constitutes the entire agreement between the
|
|
||||||
parties with respect to the Work licensed here. There are no
|
|
||||||
understandings, agreements or representations with respect to the Work
|
|
||||||
not specified here. Licensor shall not be bound by any additional
|
|
||||||
provisions that may appear in any communication from You. This License
|
|
||||||
may not be modified without the mutual written agreement of the Licensor
|
|
||||||
and You. All rights not expressly granted by Licensor are hereby
|
|
||||||
reserved, including but not limited to the rights set forth in
|
|
||||||
Non-waivable Compulsory License Schemes, Waivable Compulsory License
|
|
||||||
Schemes, and Voluntary License Schemes in the restrictions.
|
|
||||||
|
|
||||||
# Restrictions
|
|
||||||
|
|
||||||
The license granted in the license grant above is expressly made subject
|
|
||||||
to and limited by the following restrictions:
|
|
||||||
|
|
||||||
You may Distribute or Publicly Perform the Work only under the terms of
|
|
||||||
this License. You must include a copy of, or the Uniform Resource
|
|
||||||
Identifier (URI) for, this License with every copy of the Work You
|
|
||||||
Distribute or Publicly Perform. You may not offer or impose any terms on
|
|
||||||
the Work that restrict the terms of this License or the ability of the
|
|
||||||
recipient of the Work to exercise the rights granted to that recipient
|
|
||||||
under the terms of the License. You may not sublicense the Work. You
|
|
||||||
must keep intact all notices that refer to this License and to the
|
|
||||||
disclaimer of warranties with every copy of the Work You Distribute or
|
|
||||||
Publicly Perform. When You Distribute or Publicly Perform the Work, You
|
|
||||||
may not impose any effective technological measures on the Work that
|
|
||||||
restrict the ability of a recipient of the Work from You to exercise the
|
|
||||||
rights granted to that recipient under the terms of the License. This
|
|
||||||
Section applies to the Work as incorporated in a Collection, but this
|
|
||||||
does not require the Collection apart from the Work itself to be made
|
|
||||||
subject to the terms of this License. If You create a Collection, upon
|
|
||||||
notice from any Licensor You must, to the extent practicable, remove
|
|
||||||
from the Collection any credit as requested. If You create an
|
|
||||||
Adaptation, upon notice from any Licensor You must, to the extent
|
|
||||||
practicable, remove from the Adaptation any credit as requested.
|
|
||||||
|
|
||||||
## Commercial Restrictions
|
|
||||||
|
|
||||||
You may not exercise any of the rights granted to You in the above
|
|
||||||
section in any manner that is primarily intended for or directed toward
|
|
||||||
commercial advantage or private monetary compensation unless you meet
|
|
||||||
the following requirements.
|
|
||||||
|
|
||||||
i. You are a worker-owned business or worker-owned collective.
|
|
||||||
|
|
||||||
ii. after tax, all financial gain, surplus, profits and benefits
|
|
||||||
produced by the business or collective are distributed among the
|
|
||||||
worker-owners unless a set amount is to be allocated towards
|
|
||||||
community projects as decided by a previously-established consensus
|
|
||||||
agreement between the worker-owners where all worker-owners agreed.
|
|
||||||
|
|
||||||
iii. You are not using such rights on behalf of a business other than
|
|
||||||
those specified in (i) or (ii) above, nor are using such rights as
|
|
||||||
a proxy on behalf of a business with the intent to circumvent the
|
|
||||||
aforementioned restrictions on such a business.
|
|
||||||
|
|
||||||
The exchange of the Work for other copyrighted works by means of digital
|
|
||||||
file-sharing or otherwise shall not be considered to be intended for or
|
|
||||||
directed toward commercial advantage or private monetary compensation,
|
|
||||||
provided there is no payment of any monetary compensation in connection
|
|
||||||
with the exchange of copyrighted works.
|
|
||||||
|
|
||||||
If the Work meets the definition of Software, You may exercise the
|
|
||||||
rights granted in the license grant only if You provide a copy of the
|
|
||||||
corresponding Source Code from which the Work was derived in digital
|
|
||||||
form, or You provide a URI for the corresponding Source Code of the
|
|
||||||
Work, to any recipients upon request.
|
|
||||||
|
|
||||||
If the Work is used as or for a Network Service, You may exercise the
|
|
||||||
rights granted in the license grant only if You provide a copy of the
|
|
||||||
corresponding Source Code from which the Work was derived in digital
|
|
||||||
form, or You provide a URI for the corresponding Source Code to the
|
|
||||||
Work, to any recipients of the data served or modified by the Web
|
|
||||||
Service.
|
|
||||||
|
|
||||||
Any use by a business that is privately owned and managed, and that
|
|
||||||
seeks to generate profit from the labor of employees paid by salary or
|
|
||||||
other wages, is not permitted under this license.
|
|
||||||
|
|
||||||
##
|
|
||||||
|
|
||||||
You may exercise the rights granted in the license grant for any
|
|
||||||
purposes only if:
|
|
||||||
|
|
||||||
i. You do not use the Work for the purpose of inflicting Bodily Harm on
|
|
||||||
human beings (subject to criminal prosecution or otherwise) outside
|
|
||||||
of providing medical aid or undergoing a voluntary procedure under
|
|
||||||
no form of Coercion.
|
|
||||||
|
|
||||||
ii. You do not use the Work for the purpose of Surveilling or tracking
|
|
||||||
individuals for financial gain.
|
|
||||||
|
|
||||||
iii. You do not use the Work in an Act of War.
|
|
||||||
|
|
||||||
iv. You do not use the Work for the purpose of supporting or profiting
|
|
||||||
from an Act of War.
|
|
||||||
|
|
||||||
v. You do not use the Work for the purpose of Incarceration.
|
|
||||||
|
|
||||||
vi. You do not use the Work for the purpose of extracting, processing,
|
|
||||||
or refining, oil, gas, or coal. Or to in any other way to
|
|
||||||
deliberately pollute the environment as a byproduct of manufacturing
|
|
||||||
or irresponsible disposal of hazardous materials.
|
|
||||||
|
|
||||||
vii. You do not use the Work for the purpose of expediting,
|
|
||||||
coordinating, or facilitating paid work undertaken by individuals
|
|
||||||
under the age of 12 years.
|
|
||||||
|
|
||||||
viii. You do not use the Work to either Discriminate or spread Hate
|
|
||||||
Speech on the basis of sex, sexual orientation, gender identity,
|
|
||||||
race, age, disability, color, national origin, religion, caste, or
|
|
||||||
lower economic status.
|
|
||||||
|
|
||||||
##
|
|
||||||
|
|
||||||
If You Distribute, or Publicly Perform the Work or any Adaptations or
|
|
||||||
Collections, You must, unless a request has been made by any Licensor to
|
|
||||||
remove credit from a Collection or Adaptation, keep intact all copyright
|
|
||||||
notices for the Work and provide, reasonable to the medium or means You
|
|
||||||
are utilizing:
|
|
||||||
|
|
||||||
i. the name of the Original Author (or pseudonym, if applicable) if
|
|
||||||
supplied, and/or if the Original Author and/or Licensor designate
|
|
||||||
another party or parties (e.g., a sponsor institute, publishing
|
|
||||||
entity, journal) for attribution (\"Attribution Parties\") in
|
|
||||||
Licensor\'s copyright notice, terms of service or by other
|
|
||||||
reasonable means, the name of such party or parties;
|
|
||||||
|
|
||||||
ii. the title of the Work if supplied;
|
|
||||||
|
|
||||||
iii. to the extent reasonably practicable, the URI, if any, that
|
|
||||||
Licensor to be associated with the Work, unless such URI does not
|
|
||||||
refer to the copyright notice or licensing information for the
|
|
||||||
Work; and,
|
|
||||||
|
|
||||||
iv. in the case of an Adaptation, a credit identifying the use of the
|
|
||||||
Work in the Adaptation (e.g., \"French translation of the Work by
|
|
||||||
Original Author,\" or \"Screenplay based on original Work by
|
|
||||||
Original Author\").
|
|
||||||
|
|
||||||
If any Licensor has sent notice to request removing credit, You must, to
|
|
||||||
the extent practicable, remove any credit as requested. The credit
|
|
||||||
required by this Section may be implemented in any reasonable manner;
|
|
||||||
provided, however, that in the case of an Adaptation or Collection, at a
|
|
||||||
minimum such credit will appear, if a credit for all contributing
|
|
||||||
authors of the Adaptation or Collection appears, then as part of these
|
|
||||||
credits and in a manner at least as prominent as the credits for the
|
|
||||||
other contributing authors. For the avoidance of doubt, You may only use
|
|
||||||
the credit required by this Section for the purpose of attribution in
|
|
||||||
the manner set out above and, by exercising Your rights under this
|
|
||||||
License, You may not implicitly or explicitly assert or imply any
|
|
||||||
connection with, sponsorship or endorsement by the Original Author,
|
|
||||||
Licensor and/or Attribution Parties, as appropriate, of You or Your use
|
|
||||||
of the Work, without the separate, express prior written permission of
|
|
||||||
the Original Author, Licensor and/or Attribution Parties.
|
|
||||||
|
|
||||||
Non-waivable Compulsory License Schemes. In those jurisdictions in which
|
|
||||||
the right to collect royalties through any statutory or compulsory
|
|
||||||
licensing scheme cannot be waived, the Licensor reserves the exclusive
|
|
||||||
right to collect such royalties for any exercise by You of the rights
|
|
||||||
granted under this License
|
|
||||||
|
|
||||||
Waivable Compulsory License Schemes. In those jurisdictions in which the
|
|
||||||
right to collect royalties through any statutory or compulsory licensing
|
|
||||||
scheme can be waived, the Licensor reserves the exclusive right to
|
|
||||||
collect such royalties for any exercise by You of the rights granted
|
|
||||||
under this License if Your exercise of such rights is for a purpose or
|
|
||||||
use which is otherwise than noncommercial as permitted under Commercial
|
|
||||||
Restrictions and otherwise waives the right to collect royalties through
|
|
||||||
any statutory or compulsory licensing scheme.
|
|
||||||
|
|
||||||
Voluntary License Schemes. The Licensor reserves the right to collect
|
|
||||||
royalties, whether individually or, in the event that the Licensor is a
|
|
||||||
member of a collecting society that administers voluntary licensing
|
|
||||||
schemes, via that society, from any exercise by You of the rights
|
|
||||||
granted under this License that is for a purpose or use which is
|
|
||||||
otherwise than noncommercial as permitted under the license grant.
|
|
||||||
|
|
||||||
Except as otherwise agreed in writing by the Licensor or as may be
|
|
||||||
otherwise permitted by applicable law, if You Reproduce, Distribute or
|
|
||||||
Publicly Perform the Work either by itself or as part of any Adaptations
|
|
||||||
or Collections, You must not distort, mutilate, modify or take other
|
|
||||||
derogatory action in relation to the Work which would be prejudicial to
|
|
||||||
the Original Author\'shonor or reputation. Licensor agrees that in those
|
|
||||||
jurisdictions (e.g. Japan), in which any exercise of the right granted
|
|
||||||
in the license grant of this License (the right to make Adaptations)
|
|
||||||
would be deemed to be a distortion, mutilation, modification or other
|
|
||||||
derogatory action prejudicial to the Original Author\'s honor and
|
|
||||||
reputation, the Licensor will waive or not assert, as appropriate, this
|
|
||||||
Section, to the fullest extent permitted by the applicable national law,
|
|
||||||
to enable You to reasonably exercise Your right under the license grant
|
|
||||||
of this License (right to make Adaptations) but not otherwise.
|
|
||||||
|
|
||||||
Do not make any legal claim against anyone accusing the Work, with or
|
|
||||||
without changes, alone or with other works, of infringing any patent
|
|
||||||
claim.
|
|
||||||
|
|
||||||
# Representations Warranties and Disclaimer
|
|
||||||
|
|
||||||
UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR
|
|
||||||
OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY
|
|
||||||
KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE,
|
|
||||||
INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY,
|
|
||||||
FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF
|
|
||||||
LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS,
|
|
||||||
WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE
|
|
||||||
EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU.
|
|
||||||
|
|
||||||
# Limitation on Liability
|
|
||||||
|
|
||||||
EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL
|
|
||||||
LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL,
|
|
||||||
INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF
|
|
||||||
THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED
|
|
||||||
OF THE POSSIBILITY OF SUCH DAMAGES.
|
|
||||||
|
|
||||||
# Termination
|
|
||||||
|
|
||||||
This License and the rights granted hereunder will terminate
|
|
||||||
automatically upon any breach by You of the terms of this License.
|
|
||||||
Individuals or entities who have received Adaptations or Collections
|
|
||||||
from You under this License, however, will not have their licenses
|
|
||||||
terminated provided such individuals or entities remain in full
|
|
||||||
compliance with those licenses. The Sections on definitions, fair
|
|
||||||
dealing rights, representations, warranties, and disclaimer, limitation
|
|
||||||
on liability, termination, and revised license versions will survive any
|
|
||||||
termination of this License.
|
|
||||||
|
|
||||||
Subject to the above terms and conditions, the license granted here is
|
|
||||||
perpetual (for the duration of the applicable copyright in the Work).
|
|
||||||
Notwithstanding the above, Licensor reserves the right to release the
|
|
||||||
Work under different license terms or to stop distributing the Work at
|
|
||||||
any time; provided, however that any such election will not serve to
|
|
||||||
withdraw this License (or any other license that has been, or is
|
|
||||||
required to be, granted under the terms of this License), and this
|
|
||||||
License will continue in full force and effect unless terminated as
|
|
||||||
stated above.
|
|
||||||
|
|
||||||
# Revised License Versions
|
|
||||||
|
|
||||||
This License may receive future revisions in the original spirit of the
|
|
||||||
license intended to strengthen This License. Each version of This
|
|
||||||
License has an incrementing version number.
|
|
||||||
|
|
||||||
Unless otherwise specified like in the below subsection The Licensor has
|
|
||||||
only granted this current version of This License for The Work. In this
|
|
||||||
case future revisions do not apply.
|
|
||||||
|
|
||||||
The Licensor may specify that the latest available revision of This
|
|
||||||
License be used for The Work by either explicitly writing so or by
|
|
||||||
suffixing the License URI with a \"+\" symbol.
|
|
||||||
|
|
||||||
The Licensor may specify that The Work is also available under the terms
|
|
||||||
of This License\'s current revision as well as specific future
|
|
||||||
revisions. The Licensor may do this by writing it explicitly or
|
|
||||||
suffixing the License URI with any additional version numbers each
|
|
||||||
separated by a comma.
|
|
||||||
|
|
||||||
# Miscellaneous
|
|
||||||
|
|
||||||
Each time You Distribute or Publicly Perform the Work or a Collection,
|
|
||||||
the Licensor offers to the recipient a license to the Work on the same
|
|
||||||
terms and conditions as the license granted to You under this License.
|
|
||||||
|
|
||||||
Each time You Distribute or Publicly Perform an Adaptation, Licensor
|
|
||||||
offers to the recipient a license to the original Work on the same terms
|
|
||||||
and conditions as the license granted to You under this License.
|
|
||||||
|
|
||||||
If the Work is classified as Software, each time You Distribute or
|
|
||||||
Publicly Perform an Adaptation, Licensor offers to the recipient a copy
|
|
||||||
and/or URI of the corresponding Source Code on the same terms and
|
|
||||||
conditions as the license granted to You under this License.
|
|
||||||
|
|
||||||
If the Work is used as a Network Service, each time You Distribute or
|
|
||||||
Publicly Perform an Adaptation, or serve data derived from the Software,
|
|
||||||
the Licensor offers to any recipients of the data a copy and/or URI of
|
|
||||||
the corresponding Source Code on the same terms and conditions as the
|
|
||||||
license granted to You under this License.
|
|
||||||
|
|
||||||
If any provision of this License is invalid or unenforceable under
|
|
||||||
applicable law, it shall not affect the validity or enforceability of
|
|
||||||
the remainder of the terms of this License, and without further action
|
|
||||||
by the parties to this agreement, such provision shall be reformed to
|
|
||||||
the minimum extent necessary to make such provision valid and
|
|
||||||
enforceable.
|
|
||||||
|
|
||||||
No term or provision of this License shall be deemed waived and no
|
|
||||||
breach consented to unless such waiver or consent shall be in writing
|
|
||||||
and signed by the party to be charged with such waiver or consent.
|
|
||||||
|
|
||||||
This License constitutes the entire agreement between the parties with
|
|
||||||
respect to the Work licensed here. There are no understandings,
|
|
||||||
agreements or representations with respect to the Work not specified
|
|
||||||
here. Licensor shall not be bound by any additional provisions that may
|
|
||||||
appear in any communication from You. This License may not be modified
|
|
||||||
without the mutual written agreement of the Licensor and You.
|
|
||||||
|
|
||||||
The rights granted under, and the subject matter referenced, in this
|
|
||||||
License were drafted utilizing the terminology of the Berne Convention
|
|
||||||
for the Protection of Literary and Artistic Works (as amended on
|
|
||||||
September 28, 1979), the Rome Convention of 1961, the WIPO Copyright
|
|
||||||
Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and
|
|
||||||
the Universal Copyright Convention (as revised on July 24, 1971). These
|
|
||||||
rights and subject matter take effect in the relevant jurisdiction in
|
|
||||||
which the License terms are sought to be enforced according to the
|
|
||||||
corresponding provisions of the implementation of those treaty
|
|
||||||
provisions in the applicable national law. If the standard suite of
|
|
||||||
rights granted under applicable copyright law includes additional rights
|
|
||||||
not granted under this License, such additional rights are deemed to be
|
|
||||||
included in the License; this License is not intended to restrict the
|
|
||||||
license of any rights under applicable law.
|
|
36
README.md
36
README.md
@ -1,36 +0,0 @@
|
|||||||
# `finallycoffee.observability` ansible collection
|
|
||||||
|
|
||||||
## Overview
|
|
||||||
|
|
||||||
Ansible roles for running monitoring infrastructure, regardless of logs,
|
|
||||||
metrics or alerting.
|
|
||||||
|
|
||||||
## Roles
|
|
||||||
|
|
||||||
- [`alertmanager`](roles/alertmanager/README.md): Runs prometheus'
|
|
||||||
alertmanager for receiving alerts from prometheus and routing them
|
|
||||||
to the correct configured receivers.
|
|
||||||
|
|
||||||
- [`cadvisor`](roles/cadvisor/README.md): Run and configure cAdvisor, googles'
|
|
||||||
container performance and resource usage collection and aggregation daemon.
|
|
||||||
|
|
||||||
- [`grafana`](roles/grafana/README.md): a popular visualization and
|
|
||||||
dashboard creation tool able to use various datasources.
|
|
||||||
|
|
||||||
- [`matrix_alertmanager`](roles/matrix_alertmanager/README.md): An alert-
|
|
||||||
manager receiver which posts alerts to a configured matrix channel
|
|
||||||
using alertmanagers' webhooks.
|
|
||||||
|
|
||||||
- [`vmagent`](roles/vmagent/README.md): VictoriaMetrics agent
|
|
||||||
|
|
||||||
- [`vmtsdb`](roles/vmtsdb/README.md): VictoriaMetrics time series database.
|
|
||||||
|
|
||||||
- [`vmalert`](roles/vmalert/README.md): VictoriaMetrics alerting and
|
|
||||||
ruling engine.
|
|
||||||
|
|
||||||
- [`postgres_exporter`](roles/postgres_exporter/README.md): Prometheus
|
|
||||||
exporter for postgres databases, in a docker container.
|
|
||||||
|
|
||||||
## License
|
|
||||||
|
|
||||||
[CNPLv7+](LICENSE.md): Cooperative Nonviolent Public License
|
|
21
galaxy.yml
21
galaxy.yml
@ -1,21 +0,0 @@
|
|||||||
namespace: finallycoffee
|
|
||||||
name: observability
|
|
||||||
version: 0.1.4
|
|
||||||
readme: README.md
|
|
||||||
authors:
|
|
||||||
- transcaffeine <transcaffeine@finally.coffee>
|
|
||||||
description: Various ansible roles useful for automating infrastructure
|
|
||||||
dependencies:
|
|
||||||
"community.docker": "^3.0.0"
|
|
||||||
license_file: LICENSE.md
|
|
||||||
build_ignore:
|
|
||||||
- '*.tar.gz'
|
|
||||||
repository: https://git.finally.coffee/finallycoffee/observability
|
|
||||||
issues: https://codeberg.org/finallycoffee/ansible-collection-observability/issues
|
|
||||||
tags:
|
|
||||||
- observability
|
|
||||||
- monitoring
|
|
||||||
- prometheus
|
|
||||||
- victoriametrics
|
|
||||||
- grafana
|
|
||||||
- alertmanager
|
|
@ -1,2 +0,0 @@
|
|||||||
---
|
|
||||||
requires_ansible: ">=2.15"
|
|
@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Ensure alertmanager is configured and running
|
|
||||||
hosts: "{{ alertmanager_hosts | default('alertmanager') }}"
|
|
||||||
become: "{{ alertmanager_become | default(false, false) }}"
|
|
||||||
roles:
|
|
||||||
- role: finallycoffee.observability.alertmanager
|
|
@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Install and configure grafana
|
|
||||||
hosts: "{{ grafana_hosts | default('grafana') }}"
|
|
||||||
become: "{{ grafana_become | default(false, true) }}"
|
|
||||||
roles:
|
|
||||||
- role: finallycoffee.observability.grafana
|
|
@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Install and configure vmagent
|
|
||||||
hosts: "{{ vmagent_hosts | default('vmagent') }}"
|
|
||||||
become: "{{ vmagent_become | default(false) }}"
|
|
||||||
roles:
|
|
||||||
- role: finallycoffee.observability.vmagent
|
|
@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Install vmalert using docker
|
|
||||||
hosts: "{{ vmalert_hosts | default('vmalert') }}"
|
|
||||||
become: "{{ vmalert_become | default(false) }}"
|
|
||||||
roles:
|
|
||||||
- role: finallycoffee.observability.vmalert
|
|
@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Install vmtsdb using docker
|
|
||||||
hosts: "{{ vmtsdb_hosts | default('vmtsdb') }}"
|
|
||||||
become: "{{ vmtsdb_become | default(false) }}"
|
|
||||||
roles:
|
|
||||||
- role: finallycoffee.observability.vmtsdb
|
|
@ -1,10 +0,0 @@
|
|||||||
# `finallycoffee.observability.alertmanager` ansible role
|
|
||||||
|
|
||||||
## Description
|
|
||||||
|
|
||||||
This role configures and runs prometheus alertmanager in a docker container.
|
|
||||||
|
|
||||||
The config file is templated on the host and persisted in `alertmanager_config_file`.
|
|
||||||
|
|
||||||
The alertmanager config can be passed by setting `alertmanager_config`, which expects the same yaml
|
|
||||||
format as the "normal" alertmanager config file (with top-level keys `global`, `route` and `receivers`).
|
|
@ -1,8 +0,0 @@
|
|||||||
---
|
|
||||||
alertmanager_config_global: {}
|
|
||||||
alertmanager_config_route: {}
|
|
||||||
alertmanager_config_receivers: []
|
|
||||||
alertmanager_config:
|
|
||||||
global: "{{ alertmanager_config_global }}"
|
|
||||||
route: "{{ alertmanager_config_route }}"
|
|
||||||
receivers: "{{ alertmanager_config_receivers }}"
|
|
@ -1,29 +0,0 @@
|
|||||||
---
|
|
||||||
alertmanager_container_name: alertmanager
|
|
||||||
alertmanager_container_image_name: alertmanager
|
|
||||||
alertmanager_container_image_namespace: prometheus/
|
|
||||||
alertmanager_container_image_registry: quay.io
|
|
||||||
|
|
||||||
alertmanager_container_image_repository: >-
|
|
||||||
{{
|
|
||||||
(container_registries[alertmanager_container_image_registry] | default(alertmanager_container_image_registry))
|
|
||||||
+ '/' + (alertmanager_container_image_namespace | default(''))
|
|
||||||
+ alertmanager_container_image_name
|
|
||||||
}}
|
|
||||||
alertmanager_container_image_reference: >-
|
|
||||||
{{
|
|
||||||
alertmanager_container_image_repository + ':'
|
|
||||||
+ (alertmanager_container_image_tag | default('v' + alertmanager_version))
|
|
||||||
}}
|
|
||||||
alertmanager_container_image_source: pull
|
|
||||||
alertmanager_container_image_force_pull: "{{ alertmanager_container_image_tag is defined }}"
|
|
||||||
|
|
||||||
alertmanager_container_default_volumes:
|
|
||||||
- "{{ alertmanager_config_file }}:/etc/alertmanager/alertmanager.yml:ro"
|
|
||||||
- "{{ alertmanager_data_path }}:/alertmanager:rw"
|
|
||||||
alertmanager_container_volumes: >-
|
|
||||||
{{ alertmanager_container_default_volumes
|
|
||||||
+ alertmanager_container_extra_volumes | default([]) }}
|
|
||||||
alertmanager_container_restart_policy: "unless-stopped"
|
|
||||||
alertmanager_container_state: >-2
|
|
||||||
{{ (alertmanager_state == 'present') | ternary('started', 'absent') }}
|
|
@ -1,10 +0,0 @@
|
|||||||
---
|
|
||||||
alertmanager_user: alertmanager
|
|
||||||
alertmanager_version: 0.27.0
|
|
||||||
alertmanager_state: present
|
|
||||||
alertmanager_deployment_method: docker
|
|
||||||
alertmanager_base_path: /opt/alertmanager
|
|
||||||
alertmanager_config_path: "{{ alertmanager_base_path }}/config"
|
|
||||||
alertmanager_config_file: "{{ alertmanager_config_path }}/alertmanager.yml"
|
|
||||||
alertmanager_data_path: "{{ alertmanager_base_path }}/data"
|
|
||||||
|
|
@ -1,8 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Ensure alertmanager is restarted
|
|
||||||
community.docker.docker_container:
|
|
||||||
name: "{{ alertmanager_container_name }}"
|
|
||||||
state: "{{ alertmanager_container_state }}"
|
|
||||||
restart: true
|
|
||||||
listen: restart-alertmanager
|
|
||||||
when: alertmanager_deployment_method == 'docker'
|
|
@ -1,10 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: true
|
|
||||||
dependencies: []
|
|
||||||
galaxy_info:
|
|
||||||
role_name: alertmanager
|
|
||||||
description: Deploy and configure prometheus alertmanager
|
|
||||||
galaxy_tags:
|
|
||||||
- prometheus
|
|
||||||
- alertmanager
|
|
||||||
- observability
|
|
@ -1,21 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Ensure container image is {{ alertmanager_state }} on host
|
|
||||||
community.docker.docker_image:
|
|
||||||
name: "{{ alertmanager_container_image_reference }}"
|
|
||||||
state: "{{ alertmanager_state }}"
|
|
||||||
source: "{{ alertmanager_container_image_source }}"
|
|
||||||
force_source: "{{ alertmanager_container_image_force_pull | bool }}"
|
|
||||||
|
|
||||||
- name: Ensure container '{{ alertmanager_container_name }}' is {{ alertmanager_container_state }}
|
|
||||||
community.docker.docker_container:
|
|
||||||
name: "{{ alertmanager_container_name }}"
|
|
||||||
image: "{{ alertmanager_container_image_reference }}"
|
|
||||||
env: "{{ alertmanager_container_env | default(omit) }}"
|
|
||||||
user: "{{ alertmanager_user_info.uid | default(alertmanager_user) }}"
|
|
||||||
ports: "{{ alertmanager_container_ports | default(omit) }}"
|
|
||||||
volumes: "{{ alertmanager_container_volumes | default(omit) }}"
|
|
||||||
networks: "{{ alertmanager_container_networks | default(omit) }}"
|
|
||||||
purge_networks: "{{ alertmanager_container_purge_networks | default(omit) }}"
|
|
||||||
etc_hosts: "{{ alertmanager_container_etc_hosts | default(omit) }}"
|
|
||||||
restart_policy: "{{ alertmanager_container_restart_policy }}"
|
|
||||||
state: "{{ alertmanager_container_state }}"
|
|
@ -1,48 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Ensure state is valid
|
|
||||||
ansible.builtin.fail:
|
|
||||||
msg: >-2
|
|
||||||
Invalid state '{{ alertmanager_state }}'! Valid
|
|
||||||
states are {{ alertmanager_states | join(', ') }}.
|
|
||||||
when: alertmanager_state not in alertmanager_states
|
|
||||||
|
|
||||||
- name: Ensure deployment method is valid
|
|
||||||
ansible.builtin.fail:
|
|
||||||
msg: >-2
|
|
||||||
Invalid deployment method {{ alertmanager_deployment_method }}!
|
|
||||||
Supported deployment methods are {{ alertmanager_deployment_methods | join(', ') }}.
|
|
||||||
when: alertmanager_deployment_method not in alertmanager_deployment_methods
|
|
||||||
|
|
||||||
- name: Ensure alertmanager user '{{ alertmanager_user }}' is {{ alertmanager_state }}
|
|
||||||
ansible.builtin.user:
|
|
||||||
name: "{{ alertmanager_user }}"
|
|
||||||
state: "{{ alertmanager_state }}"
|
|
||||||
system: true
|
|
||||||
register: alertmanager_user_info
|
|
||||||
|
|
||||||
- name: Ensure mounts are {{ alertmanager_state }}
|
|
||||||
ansible.builtin.file:
|
|
||||||
dest: "{{ item.path }}"
|
|
||||||
state: "{{ (alertmanager_state == 'present') | ternary('directory', 'absent') }}"
|
|
||||||
owner: "{{ item.owner | default(alertmanager_user_info.uid | default(alertmanager_user)) }}"
|
|
||||||
group: "{{ item.owner | default(alertmanager_user_info.group | default(alertmanager_user)) }}"
|
|
||||||
mode: "{{ item.mode | default('0755') }}"
|
|
||||||
loop:
|
|
||||||
- path: "{{ alertmanager_base_path }}"
|
|
||||||
- path: "{{ alertmanager_data_path }}"
|
|
||||||
- path: "{{ alertmanager_config_path }}"
|
|
||||||
|
|
||||||
- name: Ensure config file is templated
|
|
||||||
ansible.builtin.copy:
|
|
||||||
dest: "{{ alertmanager_config_file }}"
|
|
||||||
content: "{{ alertmanager_config | to_nice_yaml }}"
|
|
||||||
owner: "{{ alertmanager_user_info.uid | default(alertmanager_user) }}"
|
|
||||||
group: "{{ alertmanager_user_info.group | default(alertmanager_user) }}"
|
|
||||||
mode: "0640"
|
|
||||||
when: alertmanager_state == 'present'
|
|
||||||
notify:
|
|
||||||
- restart-alertmanager
|
|
||||||
|
|
||||||
- name: Deploy alertmanager using {{ alertmanager_deployment_method }}
|
|
||||||
ansible.builtin.include_tasks:
|
|
||||||
file: "deploy-{{ alertmanager_deployment_method }}.yml"
|
|
@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
alertmanager_states:
|
|
||||||
- present
|
|
||||||
- absent
|
|
||||||
alertmanager_deployment_methods:
|
|
||||||
- docker
|
|
@ -1,24 +0,0 @@
|
|||||||
# `finallycoffee.observability.cadvisor` ansible role
|
|
||||||
|
|
||||||
## Overview
|
|
||||||
|
|
||||||
Deploys [cadvisor](https://github.com/google/cadvisor/), a daemon
|
|
||||||
for collecting and exporting information about running (docker)
|
|
||||||
containers in a docker container.
|
|
||||||
|
|
||||||
## Configuration
|
|
||||||
|
|
||||||
In order to scrape `/metrics` of running containers, it is recommended
|
|
||||||
to expose the default port of cadvisor to the host using
|
|
||||||
```yaml
|
|
||||||
cadvisor_container_ports:
|
|
||||||
- "127.0.0.1:8080:8080`
|
|
||||||
```
|
|
||||||
so that cadvisor metrics are exposed at `http://127.0.0.1:8080/metrics`.
|
|
||||||
|
|
||||||
### Enabling/Disabling collection of metrics
|
|
||||||
|
|
||||||
By setting `cadvisor_disabled_metrics`, the collection of metrics
|
|
||||||
can be disabled. The default list of disabled metrics is quite extensive,
|
|
||||||
so when enabling a disabled-by-default metric, it is recommended to
|
|
||||||
use `cadvisor_force_enable_metrics` instead, as it's empty by default.
|
|
@ -1,56 +0,0 @@
|
|||||||
---
|
|
||||||
cadvisor_container_image_registry: gcr.io
|
|
||||||
cadvisor_container_image_namespace: cadvisor
|
|
||||||
cadvisor_container_image_name: cadvisor
|
|
||||||
cadvisor_container_image: >-2
|
|
||||||
{{
|
|
||||||
[
|
|
||||||
cadvisor_container_image_registry,
|
|
||||||
cadvisor_container_image_namespace,
|
|
||||||
cadvisor_container_image_name,
|
|
||||||
] | flatten | join('/')
|
|
||||||
}}
|
|
||||||
cadvisor_container_image_tag: ~
|
|
||||||
cadvisor_container_image_ref: >-2
|
|
||||||
{{ cadvisor_container_image }}:{{ cadvisor_container_image_tag | default('v' + cadvisor_version, true) }}
|
|
||||||
cadvisor_container_image_source: pull
|
|
||||||
cadvisor_container_image_force_source: >-2
|
|
||||||
{{ cadvisor_container_image_tag | default(false, true) | bool }}
|
|
||||||
|
|
||||||
cadvisor_container_state: >-2
|
|
||||||
{{ (cadvisor_state == 'present') | ternary('started', 'absent') }}
|
|
||||||
|
|
||||||
cadvisor_container_name: cadvisor
|
|
||||||
cadvisor_container_volumes: >-2
|
|
||||||
{{ cadvisor_container_base_volumes + cadvisor_container_extra_volumes | default([], true) }}
|
|
||||||
cadvisor_container_extra_volumes: ~
|
|
||||||
cadvisor_container_env: ~
|
|
||||||
cadvisor_container_labels: >-2
|
|
||||||
{{ cadvisor_container_base_labels | combine(cadvisor_container_extra_labels) }}
|
|
||||||
cadvisor_container_extra_labels: {}
|
|
||||||
cadvisor_container_ports: ~
|
|
||||||
cadvisor_container_networks: ~
|
|
||||||
cadvisor_container_etc_hosts: ~
|
|
||||||
cadvisor_container_devices:
|
|
||||||
- "/dev/kmsg:/dev/kmsg:rwm"
|
|
||||||
cadvisor_container_privileged: true
|
|
||||||
cadvisor_container_pid_mode: "host"
|
|
||||||
cadvisor_container_userns_mode: "host"
|
|
||||||
cadvisor_container_capabilities: ~
|
|
||||||
cadvisor_container_restart_policy: "unless-stopped"
|
|
||||||
cadvisor_container_command: >-2
|
|
||||||
{{ ["--docker_only=false"]
|
|
||||||
+ (["--disable_metrics=" + cadvisor_disabled_metrics | join( ',' )]
|
|
||||||
if cadvisor_disabled_metrics | default(false, true) else [])
|
|
||||||
+ (["--enable_metrics=" + cadvisor_force_enable_metrics | join( ',' )]
|
|
||||||
if cadvisor_force_enable_metrics | default(false, true) else [])
|
|
||||||
}}
|
|
||||||
cadvisor_container_base_labels:
|
|
||||||
version: "{{ cadvisor_version }}"
|
|
||||||
cadvisor_container_base_volumes:
|
|
||||||
- "/:/rootfs:ro"
|
|
||||||
- "/var/run:/var/run:ro"
|
|
||||||
- "/sys:/sys:ro"
|
|
||||||
- "/var/lib/docker/:/var/lib/docker:ro"
|
|
||||||
- "/dev/disk/:/dev/disk:ro"
|
|
||||||
|
|
@ -1,18 +0,0 @@
|
|||||||
---
|
|
||||||
cadvisor_version: "0.51.0"
|
|
||||||
cadvisor_state: present
|
|
||||||
cadvisor_deployment_method: docker
|
|
||||||
|
|
||||||
cadvisor_disabled_metrics:
|
|
||||||
- advtcp
|
|
||||||
- cpu_topology
|
|
||||||
- cpuset
|
|
||||||
- hugetlb
|
|
||||||
- memory_numa
|
|
||||||
- process
|
|
||||||
- referenced_memory
|
|
||||||
- resctrl
|
|
||||||
- sched
|
|
||||||
- tcp
|
|
||||||
- udp
|
|
||||||
cadvisor_force_enable_metrics: []
|
|
@ -1,11 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: true
|
|
||||||
dependencies: []
|
|
||||||
galaxy_info:
|
|
||||||
role_name: cadvisor
|
|
||||||
description: Deploy cadvisor (Container Advisor), a container performance and resource usage aggregation daemon
|
|
||||||
galaxy_tags:
|
|
||||||
- cadvisor
|
|
||||||
- observability
|
|
||||||
- container
|
|
||||||
- docker
|
|
@ -1,25 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Ensure cadvisor container image '{{ cadvisor_container_image_ref }}' is {{ cadvisor_state }}
|
|
||||||
community.docker.docker_image:
|
|
||||||
name: "{{ cadvisor_container_image_ref }}"
|
|
||||||
state: "{{ cadvisor_state }}"
|
|
||||||
source: "{{ cadvisor_container_image_source }}"
|
|
||||||
force_source: "{{ cadvisor_container_image_force_source }}"
|
|
||||||
|
|
||||||
- name: Ensure cadvisor container '{{ cadvisor_container_name }}' is {{ cadvisor_container_state }}
|
|
||||||
community.docker.docker_container:
|
|
||||||
name: "{{ cadvisor_container_name }}"
|
|
||||||
image: "{{ cadvisor_container_image_ref }}"
|
|
||||||
env: "{{ cadvisor_container_env | default(omit, true) }}"
|
|
||||||
ports: "{{ cadvisor_container_ports | default(omit, true) }}"
|
|
||||||
labels: "{{ cadvisor_container_labels }}"
|
|
||||||
devices: "{{ cadvisor_container_devices }}"
|
|
||||||
volumes: "{{ cadvisor_container_volumes }}"
|
|
||||||
networks: "{{ cadvisor_container_networks | default(omit, true) }}"
|
|
||||||
etc_hosts: "{{ cadvisor_container_etc_hosts | default(omit, true) }}"
|
|
||||||
privileged: "{{ cadvisor_container_privileged }}"
|
|
||||||
command: "{{ cadvisor_container_command }}"
|
|
||||||
pid_mode: "{{ cadvisor_container_pid_mode | default(omit, true) }}"
|
|
||||||
userns_mode: "{{ cadvisor_container_userns_mode | default(omit, true) }}"
|
|
||||||
restart_policy: "{{ cadvisor_container_restart_policy }}"
|
|
||||||
state: "{{ cadvisor_container_state }}"
|
|
@ -1,18 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Ensure state is valid
|
|
||||||
ansible.builtin.fail:
|
|
||||||
msg: >-2
|
|
||||||
Unknown state '{{ cadvisor_state }}'! Supported
|
|
||||||
states are: {{ cadvisor_states | join(', ') }}.
|
|
||||||
when: cadvisor_state not in cadvisor_states
|
|
||||||
|
|
||||||
- name: Ensure deployment method is valid
|
|
||||||
ansible.builtin.fail:
|
|
||||||
msg: >-2
|
|
||||||
Unknown deployment method '{{ cadvisor_deployment_method }}'! Supported
|
|
||||||
deployment methods are: {{ cadvisor_deployment_methods | join(', ') }}.
|
|
||||||
when: cadvisor_deployment_method not in cadvisor_deployment_methods
|
|
||||||
|
|
||||||
- name: Deploy using {{ cadvisor_deployment_method }}
|
|
||||||
ansible.builtin.include_tasks:
|
|
||||||
file: "deploy-{{ cadvisor_deployment_method }}.yml"
|
|
@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
cadvisor_states:
|
|
||||||
- present
|
|
||||||
- absent
|
|
||||||
cadvisor_deployment_methods:
|
|
||||||
- docker
|
|
@ -1,13 +0,0 @@
|
|||||||
# `finallycoffee.observability.grafana` ansible role
|
|
||||||
|
|
||||||
Ansible role to install and configure grafana, currently only supports docker. For docker, the python library `docker` must be installed on the target host.
|
|
||||||
|
|
||||||
## Usage
|
|
||||||
|
|
||||||
Ensure the following variables are populated:
|
|
||||||
- `grafana_config_security_secret_key`
|
|
||||||
- `grafana_config_security_admin_password`
|
|
||||||
|
|
||||||
### Authentication via OAuth2
|
|
||||||
|
|
||||||
Set `grafna_config_auth_generic_oauth_enabled` to `true` and populate variables according to the grafana docs, all generic oauth configuration values are available prefixed with `grafana_config_auth_generic_oauth_`.
|
|
@ -1,189 +0,0 @@
|
|||||||
---
|
|
||||||
grafana_config_log_mode:
|
|
||||||
- console
|
|
||||||
- file
|
|
||||||
grafana_config_auth_generic_oauth_scopes:
|
|
||||||
- openid
|
|
||||||
- profile
|
|
||||||
- email
|
|
||||||
- roles
|
|
||||||
- offline_access
|
|
||||||
|
|
||||||
grafana_config_auth_generic_oauth_config:
|
|
||||||
enabled: "{{ grafana_config_auth_generic_oauth_enabled }}"
|
|
||||||
name: "{{ grafana_config_auth_generic_oauth_name }}"
|
|
||||||
client_id: "{{ grafana_config_auth_generic_oauth_client_id }}"
|
|
||||||
client_secret: "{{ grafana_config_auth_generic_oauth_client_secret }}"
|
|
||||||
scopes: "{{ grafana_config_auth_generic_oauth_scopes | join(' ') }}"
|
|
||||||
email_attribute_name: "{{ grafana_config_auth_generic_oauth_email_attribute_name | default('email') }}"
|
|
||||||
email_attribute_path: "{{ grafana_config_auth_generic_oauth_email_attribute_name | default('email') }}"
|
|
||||||
login_attribute_path: "{{ grafana_config_auth_generic_oauth_login_attribute_name | default('preferred_username') }}"
|
|
||||||
name_attribute_path: "{{ grafana_config_auth_generic_oauth_name_attribute_name | default('name') }}"
|
|
||||||
api_url: "{{ grafana_config_auth_generic_oauth_api_url }}"
|
|
||||||
auth_url: "{{ grafana_config_auth_generic_oauth_auth_url }}"
|
|
||||||
token_url: "{{ grafana_config_auth_generic_oauth_token_url }}"
|
|
||||||
role_attribute_path: "{{ grafana_config_auth_generic_oauth_role_attribute_path | default('') }}"
|
|
||||||
|
|
||||||
grafana_default_config:
|
|
||||||
DEFAULT:
|
|
||||||
app_mode: "{{ grafana_config_app_mode | default('production') }}"
|
|
||||||
instance_name: "{{ grafana_config_instance_name | default('${HOSTNAME}') }}"
|
|
||||||
paths:
|
|
||||||
data: "{{ grafana_config_paths_data | default('/var/lib/grafana') }}"
|
|
||||||
temp_data_lifetime: "{{ grafana_config_paths_temp_data_lifetime | default('24h') }}"
|
|
||||||
logs: "{{ grafana_config_paths_logs | default('/var/log/grafana') }}"
|
|
||||||
plugins: "{{ grafana_config_paths_plugins | default('/var/lib/grafana/plugins') }}"
|
|
||||||
provisioning: "{{ grafana_config_paths_provisioning | default('conf/provisioning') }}"
|
|
||||||
server:
|
|
||||||
protocol: "{{ grafana_config_server_protocol | default('http') }}"
|
|
||||||
http_addr: "{{ grafana_config_server_http_addr | default('\"\"') }}"
|
|
||||||
http_port: "{{ grafana_config_server_http_port | default(3000) }}"
|
|
||||||
domain: "{{ grafana_config_server_domain }}"
|
|
||||||
enforce_domain: "{{ grafana_config_server_enforce_domain | default(true) }}"
|
|
||||||
root_url: "{{ grafana_config_server_root_url | default('%(protocol)s://%(domain)s:%(http_port)s/') }}"
|
|
||||||
serve_from_subpath: "{{ grafana_config_server_serve_from_subpath | default(false) }}"
|
|
||||||
router_logging: "{{ grafana_config_server_router_logging | default(false) }}"
|
|
||||||
static_root_path: "{{ grafana_config_server_static_root_path | default('public') }}"
|
|
||||||
enable_gzip: "{{ grafana_config_server_enable_gzip | default(false) }}"
|
|
||||||
cert_file: "{{ grafana_config_server_cert_file | default('\"\"') }}"
|
|
||||||
cert_key: "{{ grafana_config_server_cert_key | default('\"\"') }}"
|
|
||||||
socket: "{{ grafana_config_server_socket | default('\"\"') }}"
|
|
||||||
database:
|
|
||||||
type: "{{ grafana_config_database_type | default('sqlite3') }}"
|
|
||||||
host: "{{ grafana_config_database_host | default('127.0.0.1:3306') }}"
|
|
||||||
name: "{{ grafana_config_database_name | default('grafana') }}"
|
|
||||||
user: "{{ grafana_config_database_user | default('root') }}"
|
|
||||||
password: "{{ grafana_config_database_password | default('') }}"
|
|
||||||
url: "{{ grafana_config_database_url | default('') }}"
|
|
||||||
ssl_mode: "{{ grafana_config_database_ssl_mode | default('disable') }}"
|
|
||||||
ca_cert_path: "{{ grafana_config_database_ca_cert_path | default('') }}"
|
|
||||||
client_key_path: "{{ grafana_config_database_client_key_path | default('') }}"
|
|
||||||
client_cert_path: "{{ grafana_config_database_client_cert_path | default('') }}"
|
|
||||||
server_cert_name: "{{ grafana_config_database_srver_cert_name | default('') }}"
|
|
||||||
path: "{{ grafana_config_database_path | default('grafana.db') }}"
|
|
||||||
max_idle_conn: "{{ grafana_config_database_max_idle_conn | default(2) }}"
|
|
||||||
max_open_conn: "{{ grafana_config_database_max_open_conn | default(0) }}"
|
|
||||||
conn_max_lifetime: "{{ grafana_config_database_conn_max_lifetime | default(14400) }}"
|
|
||||||
log_queries: "{{ grafana_config_database_log_queries | default(false) }}"
|
|
||||||
cache_mode: "{{ grafana_config_database_cache_mode | default('private') }}"
|
|
||||||
remote_cache:
|
|
||||||
type: "{{ grafana_config_config_remote_cache_type | default('database') }}"
|
|
||||||
connstr: "{{ grafana_config_remote_cache_connstr | default('') }}"
|
|
||||||
dataproxy:
|
|
||||||
logging: "{{ grafana_config_dataproxy_logging | default(false) }}"
|
|
||||||
timeout: "{{ grafana_config_dataproxy_timeout | default(30) }}"
|
|
||||||
send_user_header: "{{ grafana_config_dataproxy_send_header | default(false) }}"
|
|
||||||
analytics:
|
|
||||||
reporting_enabled: "{{ grafana_config_analytics_reporting_enabled | default(true) }}"
|
|
||||||
check_for_updates: "{{ grafana_config_analytics_check_for_updates | default(true) }}"
|
|
||||||
google_analytics_ua_id: "{{ grafana_config_analytics_google_analytics_ua_id | default('') }}"
|
|
||||||
google_tag_manager_id: "{{ grafana_config_analytics_google_tag_manager_id | default('') }}"
|
|
||||||
security:
|
|
||||||
disable_initial_admin_create: "{{ grafana_config_security_disable_initial_admin_creation | default(false) }}"
|
|
||||||
admin_user: "{{ grafana_config_security_admin_user | default('admin') }}"
|
|
||||||
admin_password: "{{ grafana_config_security_admin_password }}"
|
|
||||||
secret_key: "{{ grafana_config_security_secret_key }}"
|
|
||||||
disable_gravatar: "{{ grafana_config_security_disable_gravatar | default(true) }}"
|
|
||||||
data_source_proxy_whitelist: "{{ grafana_config_security_data_source_proxy_whitelist | default([]) | join(' ') }}"
|
|
||||||
disable_brute_force_login_protection: "{{ grafana_config_security_disable_brute_force_login_protection | default(false) }}"
|
|
||||||
cookie_secure: "{{ grafana_config_security_cookie_secure | default(false) }}"
|
|
||||||
cookie_samesite: "{{ grafana_config_security_cookie_samesite | default('lax') }}"
|
|
||||||
allow_embedding: "{{ grafana_config_security_allow_embedding | default(false) }}"
|
|
||||||
strict_transport_security: "{{ grafana_config_security_strict_transport_security | default(false) }}"
|
|
||||||
strict_transport_security_max_age_seconds: "{{ grafana_config_security_strict_transport_security_max_age_seconds | default(86400) }}"
|
|
||||||
strict_transport_security_preload: "{{ grafana_config_security_strict_transport_security_preload | default(false) }}"
|
|
||||||
strict_transport_security_subdomains: "{{ grafana_config_security_strict_transport_security_subdomains | default(false) }}"
|
|
||||||
x_content_type_options: "{{ grafana_config_security_x_content_type_options | default(false) }}"
|
|
||||||
x_xss_protection: "{{ grafana_config_security_x_xss_protection | default(true) }}"
|
|
||||||
snapshots:
|
|
||||||
external_enabled: "{{ grafana_config_snapshots_external_enabled | default(false) }}"
|
|
||||||
external_snapshot_url: "{{ grafana_config_snapshots_external | default('') }}"
|
|
||||||
external_snapshot_name: "{{ grafana_config_snapshots_external | default('') }}"
|
|
||||||
public_mode_: "{{ grafana_config_snapshots_public_mode | default(false) }}"
|
|
||||||
snapshot_remove_expired: "{{ grafana_config_snapshots_snapshot_remove_expired | default(true) }}"
|
|
||||||
dashboards:
|
|
||||||
versions_to_keep: "{{ grafana_config_dashboards_versions_to_keep | default(20) }}"
|
|
||||||
users:
|
|
||||||
allow_sign_up: "{{ grafana_config_users_allow_sign_up | default(true) }}"
|
|
||||||
allow_org_create: "{{ grafana_config_users_allow_org_create | default(false) }}"
|
|
||||||
auto_assign_org: "{{ grafana_config_users_auto_assign_org | default(true) }}"
|
|
||||||
auto_assign_org_id: "{{ grafana_config_users_auto_assign_org_id | default(1) }}"
|
|
||||||
auto_assign_org_role: "{{ grafana_config_users_auto_assign_org_role | default('Viewer') }}"
|
|
||||||
verify_email_enabled: "{{ grafana_config_users_verify_email_enabled | default(false) }}"
|
|
||||||
login_hint: "{{ grafana_config_users_login_hint | default('email or username') }}"
|
|
||||||
|
|
||||||
password_hint: "{{ grafana_config_users_password_hint | default('password') }}"
|
|
||||||
viewers_can_edit: "{{ grafana_config_users_viewers_can_edit | default(true) }}"
|
|
||||||
editors_can_admin: "{{ grafana_config_users_editors_can_admin | default(false) }}"
|
|
||||||
auth:
|
|
||||||
login_cookie_name: "{{ grafana_config_auth_login_cookie_name | default('grafana_session') }}"
|
|
||||||
login_maximum_inactive_lifetime_days: "{{ grafana_config_auth_login_maximum_inactive_lifetime_days | default(7) }}"
|
|
||||||
login_maximum_lifetime_days: "{{ grafana_config_auth_login_maximum_lifetime_days | default(30) }}"
|
|
||||||
token_rotation_interval_minutes: "{{ grafana_config_auth_token_rotation_interval_minutes | default(10) }}"
|
|
||||||
disable_login_form: "{{ grafana_config_auth_disable_login_form | default(false) }}"
|
|
||||||
disable_signout_menu: "{{ grafana_config_auth_disable_signout_menu | default(false) }}"
|
|
||||||
signout_redirect_url: "{{ grafana_config_auth_signout_redirect_url | default('') }}"
|
|
||||||
api_key_max_seconds_to_live: "{{ grafana_config_api_key_max_seconds_to_live | default(-1) }}"
|
|
||||||
oauth_auto_login: "{{ grafana_config_auth_oauth_auto_login | default(false) }}"
|
|
||||||
oauth_allow_insecure_email_lookup: "{{ grafana_config_oauth_allow_insecure_email_lookup | default(false) }}"
|
|
||||||
smtp:
|
|
||||||
enabled: "{{ grafana_config_smtp_enabled | default(false) }}"
|
|
||||||
host: "{{ grafana_config_smtp_host | default('localhost:25') }}"
|
|
||||||
user: "{{ grafana_config_smtp_user | default('') }}"
|
|
||||||
password: "{{ grafana_config_smtp_password | default('') }}"
|
|
||||||
cert_file: "{{ grafana_config_smtp_cert_file | default('') }}"
|
|
||||||
key_file: "{{ grafana_config_smtp_key_file | default('') }}"
|
|
||||||
skip_verify: "{{ grafana_config_smtp_skip_verify | default('') }}"
|
|
||||||
ehlo_identity: "{{ grafana_config_smtp_ehlo_identity | default('') }}"
|
|
||||||
from_address: "{{ grafana_config_smtp_from_address | default('admin@grafana.localhost') }}"
|
|
||||||
from_name: "{{ grafana_config_smtp_from_name | default('Grafana') }}"
|
|
||||||
emails:
|
|
||||||
welcome_email_on_sign_up: "{{ grafana_config_emails_welcome_email_on_sign_up | default(false) }}"
|
|
||||||
log:
|
|
||||||
mode: "{{ grafana_config_log_mode | join(' ') }}"
|
|
||||||
level: "{{ grafana_config_log_level | default('info') }}"
|
|
||||||
filters: "{{ grafana_config_log_filters | default('') }}"
|
|
||||||
"log.syslog":
|
|
||||||
format: "{{ grafana_config_log_syslog_format | default('text') }}"
|
|
||||||
quota:
|
|
||||||
enabled: "{{ grafana_config_quota_enabled | default(false) }}"
|
|
||||||
explore:
|
|
||||||
enabled: "{{ grafana_config_explore_enabled | default(true) }}"
|
|
||||||
metrics:
|
|
||||||
enabled: "{{ grafana_config_metrics_enabled | default(false) }}"
|
|
||||||
grafana_com:
|
|
||||||
url: "{{ grafana_config_grafana_com_url | default('https://grafana.com') }}"
|
|
||||||
|
|
||||||
grafana_merged_config: >-
|
|
||||||
{{
|
|
||||||
grafana_default_config
|
|
||||||
| combine({"auth.generic_oauth": grafana_config_auth_generic_oauth_config}
|
|
||||||
if grafana_config_auth_generic_oauth_enabled else {}, recursive=true)
|
|
||||||
| combine(grafana_config | default({}), recursive=true) }}
|
|
||||||
|
|
||||||
grafana_ldap_config:
|
|
||||||
log:
|
|
||||||
filters: "{{ grafana_ldap_config_log_filters | default('ldap:trace') }}"
|
|
||||||
servers: "{{ grafana_ldap_config_default_servers }}"
|
|
||||||
grafana_ldap_config_default_servers:
|
|
||||||
- host: "{{ grafana_ldap_config_servers_host }}"
|
|
||||||
port: "{{ grafana_ldap_config_servers_port }}"
|
|
||||||
use_ssl: "{{ grafana_ldap_config_servers_use_ssl | bool }}"
|
|
||||||
start_ssl: "{{ grafana_ldap_config_servers_start_ssl | bool }}"
|
|
||||||
ssl_skip_verify: "{{ grafana_ldap_config_servers_ssl_skip_verify | bool }}"
|
|
||||||
bind_dn: "{{ grafana_ldap_config_servers_bind_dn }}"
|
|
||||||
bind_passwort: "{{ grafana_ldap_config_servers_bind_passwort }}"
|
|
||||||
search_filter: "{{ grafana_ldap_config_servers_search_filter }}"
|
|
||||||
search_base_dns: "{{ grafana_ldap_config_servers_search_base_dns | to_json }}"
|
|
||||||
attributes:
|
|
||||||
name: "{{ grafana_ldap_config_servers_attributes_name | default('givenName') }}"
|
|
||||||
surname: "{{ grafana_ldap_config_servers_attributes_name | default('sn') }}"
|
|
||||||
username: "{{ grafana_ldap_config_servers_attributes_name | default('uid') }}"
|
|
||||||
member_of: "{{ grafana_ldap_config_servers_attributes_member_of | default('memberOf') }}"
|
|
||||||
email: "{{ grafana_ldap_config_servers_attributes_email | default('mail') }}"
|
|
||||||
group_mappings: "{{ grafana_ldap_config_default_group_mappings }}"
|
|
||||||
grafana_ldap_config_default_group_mappings:
|
|
||||||
- group_dn: "{{ grafana_ldap_config_servers_group_mappings_group_dn }}"
|
|
||||||
org_role: "{{ grafana_ldap_config_servers_group_mappings_org_role }}"
|
|
||||||
org_id: "{{ grafana_ldap_config_servers_group_mappings_org_id }}"
|
|
||||||
grafana_admin: "{{ grafana_ldap_config_servers_group_mappings_grafana_admin }}"
|
|
@ -1,26 +0,0 @@
|
|||||||
---
|
|
||||||
grafana_container_image_server: "docker.io"
|
|
||||||
grafana_container_image_namespace: "grafana"
|
|
||||||
grafana_container_image_container: "grafana"
|
|
||||||
grafana_container_image_name: >-2
|
|
||||||
{{
|
|
||||||
[
|
|
||||||
((grafana_container_image_server is defined)
|
|
||||||
| ternary([ grafana_container_image_server ], [])),
|
|
||||||
((grafana_container_image_namespace is defined)
|
|
||||||
| ternary([ grafana_container_image_namespace], [])),
|
|
||||||
grafana_container_image_container,
|
|
||||||
] | ansible.builtin.flatten | join('/')
|
|
||||||
}}
|
|
||||||
grafana_container_image: >-2
|
|
||||||
{{ grafana_container_image_name }}:{{ grafana_container_image_tag | default(grafana_version, true) }}
|
|
||||||
|
|
||||||
grafana_container_name: grafana
|
|
||||||
grafana_container_base_volumes:
|
|
||||||
- "{{ grafana_config_path }}:{{ grafana_container_config_path }}:ro"
|
|
||||||
- "{{ grafana_data_path }}:{{ grafana_container_data_path }}:rw"
|
|
||||||
- "{{ grafana_logs_path }}:{{ grafana_container_logs_path }}:rw"
|
|
||||||
grafana_container_volumes: []
|
|
||||||
grafana_container_collected_volumes: >-2
|
|
||||||
{{ grafana_container_base_volumes + grafana_container_volumes }}
|
|
||||||
grafana_container_restart_policy: "unless-stopped"
|
|
@ -1,20 +0,0 @@
|
|||||||
---
|
|
||||||
grafana_user: grafana
|
|
||||||
grafana_version: "11.4.0"
|
|
||||||
grafana_base_path: "/opt/grafana"
|
|
||||||
grafana_config_path: "{{ grafana_base_path }}/config"
|
|
||||||
grafana_config_file: "{{ grafana_config_path }}/grafana.ini"
|
|
||||||
grafana_ldap_config_file: "{{ grafana_config_path }}/ldap.toml"
|
|
||||||
grafana_provisioning_path: "{{ grafana_config_path }}/provisioning"
|
|
||||||
grafana_notifier_provisioning_path: "{{ grafana_provisioning_path }}/notifiers"
|
|
||||||
grafana_dashboard_provisioning_path: "{{ grafana_provisioning_path }}/dashboards"
|
|
||||||
grafana_datasource_provisioning_path: "{{ grafana_provisioning_path }}/datasources"
|
|
||||||
grafana_plugin_provisioning_path: "{{ grafana_provisioning_path }}/plugins"
|
|
||||||
grafana_data_path: "{{ grafana_base_path }}/data"
|
|
||||||
grafana_logs_path: "{{ grafana_base_path }}/logs"
|
|
||||||
grafana_state: present
|
|
||||||
|
|
||||||
grafana_run_user: >-
|
|
||||||
{{ ('uid' in (grafana_user_info | default([]))) | ternary(grafana_user_info.uid, grafana_user) }}
|
|
||||||
grafana_run_group: >-
|
|
||||||
{{ ('group' in (grafana_user_info | default([]))) | ternary(grafana_user_info.group, grafana_user) }}
|
|
@ -1,8 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Ensure grafana is restarted
|
|
||||||
community.general.docker_container:
|
|
||||||
name: "{{ grafana_container_name }}"
|
|
||||||
state: "started"
|
|
||||||
restart: true
|
|
||||||
when: "grafana_state == 'present'"
|
|
||||||
listen: grafana-restart
|
|
@ -1,11 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: true
|
|
||||||
dependencies: []
|
|
||||||
galaxy_info:
|
|
||||||
role_name: grafana
|
|
||||||
description: Deploy and configure the grafana
|
|
||||||
galaxy_tags:
|
|
||||||
- grafana
|
|
||||||
- monitoring
|
|
||||||
- prometheus
|
|
||||||
- docker
|
|
@ -1,86 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Ensure grafana_state is valid
|
|
||||||
ansible.builtin.assert:
|
|
||||||
that:
|
|
||||||
- "grafana_state in grafana_states"
|
|
||||||
fail_msg: >-
|
|
||||||
Only 'present' and 'absent' are allowed as values for grafana_state
|
|
||||||
|
|
||||||
- name: Ensure user '{{ grafana_user }}' is {{ grafana_state }}
|
|
||||||
ansible.builtin.user:
|
|
||||||
name: "{{ grafana_user }}"
|
|
||||||
state: "{{ grafana_state }}"
|
|
||||||
system: true
|
|
||||||
create_home: false
|
|
||||||
groups: "{{ grafana_user_groups | default(omit) }}"
|
|
||||||
append: "{{ grafana_user_groups_append | default(omit) }}"
|
|
||||||
register: grafana_user_info
|
|
||||||
|
|
||||||
- name: Ensure paths are {{ grafana_state }}
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ item.path }}"
|
|
||||||
state: >-
|
|
||||||
{{ (grafana_state == 'present') | ternary('directory', 'absent') }}
|
|
||||||
owner: "{{ grafana_run_user }}"
|
|
||||||
group: "{{ grafana_run_group }}"
|
|
||||||
mode: "{{ item.mode | default('0755') }}"
|
|
||||||
loop:
|
|
||||||
- path: "{{ grafana_base_path }}"
|
|
||||||
- path: "{{ grafana_config_path }}"
|
|
||||||
- path: "{{ grafana_provisioning_path }}"
|
|
||||||
- path: "{{ grafana_notifier_provisioning_path }}"
|
|
||||||
- path: "{{ grafana_dashboard_provisioning_path }}"
|
|
||||||
- path: "{{ grafana_datasource_provisioning_path }}"
|
|
||||||
- path: "{{ grafana_plugin_provisioning_path }}"
|
|
||||||
- path: "{{ grafana_data_path }}"
|
|
||||||
- path: "{{ grafana_logs_path }}"
|
|
||||||
|
|
||||||
- name: Ensure configuration file '{{ grafana_config_file }}' is templated
|
|
||||||
ansible.builtin.copy:
|
|
||||||
dest: "{{ grafana_config_file }}"
|
|
||||||
content: "{{ grafana_merged_config | community.general.to_ini }}"
|
|
||||||
owner: "{{ grafana_run_user }}"
|
|
||||||
group: "{{ grafana_run_group }}"
|
|
||||||
mode: "0640"
|
|
||||||
when: "grafana_state == 'present'"
|
|
||||||
tags:
|
|
||||||
- grafana-update-config
|
|
||||||
notify: grafana-restart
|
|
||||||
|
|
||||||
- name: Ensure ldap configuration file '{{ grafana_ldap_config_file }}' is templated if required
|
|
||||||
ansible.builtin.copy:
|
|
||||||
dest: "{{ grafana_ldap_config_file }}"
|
|
||||||
content: "{{ grafana_ldap_config | ansible.builtin.to_toml }}"
|
|
||||||
owner: "{{ grafana_run_user }}"
|
|
||||||
group: "{{ grafana_run_group }}"
|
|
||||||
mode: "0640"
|
|
||||||
when:
|
|
||||||
- "grafana_state == 'present'"
|
|
||||||
- "grafana_config_auth_ldap_enabled | default(false) | bool"
|
|
||||||
tags:
|
|
||||||
- grafana-update-config
|
|
||||||
notify: grafana-restart
|
|
||||||
|
|
||||||
- name: Ensure grafana container image '{{ grafana_container_image }}' is {{ grafana_state }}
|
|
||||||
community.docker.docker_image:
|
|
||||||
name: "{{ grafana_container_image }}"
|
|
||||||
state: "{{ grafana_state }}"
|
|
||||||
source: >-
|
|
||||||
{{ (grafana_state == 'present') | ternary('pull', omit) }}
|
|
||||||
force_source: >-
|
|
||||||
{{ (grafana_state == 'present') | ternary((grafana_container_image_tag is defined), omit) }}
|
|
||||||
|
|
||||||
- name: Ensure grafana container '{{ grafana_container_name }}' is {{ grafana_state }}
|
|
||||||
community.docker.docker_container:
|
|
||||||
name: "{{ grafana_container_name }}"
|
|
||||||
env: "{{ grafana_container_env | default(omit) }}"
|
|
||||||
user: "{{ grafana_run_user }}"
|
|
||||||
ports: "{{ grafana_container_ports | default(omit) }}"
|
|
||||||
groups: "{{ grafana_run_group }}"
|
|
||||||
labels: "{{ grafana_container_labels | default(omit) }}"
|
|
||||||
volumes: "{{ grafana_container_collected_volumes }}"
|
|
||||||
networks: "{{ grafana_container_networks | default(omit, true) }}"
|
|
||||||
restart_policy: "{{ grafana_container_restart_policy }}"
|
|
||||||
state: "{{ (grafana_state == 'present') | ternary('started', 'absent') }}"
|
|
||||||
comparisons:
|
|
||||||
'*': strict
|
|
@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
grafana_states:
|
|
||||||
- present
|
|
||||||
- absent
|
|
||||||
grafana_container_config_path: "/etc/grafana"
|
|
||||||
grafana_container_data_path: "/var/lib/grafana"
|
|
||||||
grafana_container_logs_path: "/var/log/grafana"
|
|
@ -19,7 +19,7 @@ matrix_alertmanager_container_image_tag: latest
|
|||||||
matrix_alertmanager_container_image: >-2
|
matrix_alertmanager_container_image: >-2
|
||||||
{{ matrix_alertmanager_container_image_name + ':' + matrix_alertmanager_container_image_tag }}
|
{{ matrix_alertmanager_container_image_name + ':' + matrix_alertmanager_container_image_tag }}
|
||||||
matrix_alertmanager_container_env: >-2
|
matrix_alertmanager_container_env: >-2
|
||||||
{{ matrix_alertmanager_container_base_env | combine(matrix_alertmanager_container_extra_env) }}
|
{{ matrix_alertmanager_container_base_env | combine(matrix_alertmanager_container_extra_env }}
|
||||||
matrix_alertmanager_container_extra_env: {}
|
matrix_alertmanager_container_extra_env: {}
|
||||||
matrix_alertmanager_container_ports: >-2
|
matrix_alertmanager_container_ports: >-2
|
||||||
{{ matrix_alertmanager_container_base_ports + matrix_alertmanager_container_extra_ports }}
|
{{ matrix_alertmanager_container_base_ports + matrix_alertmanager_container_extra_ports }}
|
||||||
@ -35,3 +35,5 @@ matrix_alertmanager_container_extra_labels: {}
|
|||||||
matrix_alertmanager_container_capabilities: ~
|
matrix_alertmanager_container_capabilities: ~
|
||||||
matrix_alertmanager_container_etc_hosts: ~
|
matrix_alertmanager_container_etc_hosts: ~
|
||||||
matrix_alertmanager_container_restart_policy: unless-stopped
|
matrix_alertmanager_container_restart_policy: unless-stopped
|
||||||
|
#matrix_alertmanager_
|
||||||
|
#matrix_alertmanager_
|
@ -5,12 +5,12 @@
|
|||||||
name: "{{ matrix_alertmanager_user }}"
|
name: "{{ matrix_alertmanager_user }}"
|
||||||
state: present
|
state: present
|
||||||
system: yes
|
system: yes
|
||||||
when: "matrix_alertmanager_user is string and matrix_alertmanager_user != 'root'"
|
when: matrix_alertmanager_user is string and matrix_alertmanager_user is not 'root'
|
||||||
register: matrix_alertmanager_user_info
|
register: matrix_alertmanager_user_info
|
||||||
|
|
||||||
- name: Ensure base directory '{{ matrix_alertmanager_base_path }}' exists
|
- name: Ensure base directory '{{ matrix_alertmanager_base_path }}' exists
|
||||||
file:
|
file:
|
||||||
path: "{{ matrix_alertmanager_base_path }}"
|
path: "{{ matrix_alertmanager_base_path }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ matrix_alertmanager_run_user }}"
|
owner: "{{ matrix_alertmanager_run_user }}"
|
||||||
group: "{{ matrix_alertmanager_run_group }}"
|
group: "{{ matrix_alertmanager_run_group }}"
|
||||||
@ -19,13 +19,13 @@
|
|||||||
- name: Ensure config file '{{ matrix_alertmanager_config_file_path }}' is templated
|
- name: Ensure config file '{{ matrix_alertmanager_config_file_path }}' is templated
|
||||||
template:
|
template:
|
||||||
src: env.j2
|
src: env.j2
|
||||||
dest: "{{ matrix_alertmanager_config_file_path }}"
|
dest: "{{ matrix_alertmanager_base_path }}"
|
||||||
owner: "{{ matrix_alertmanager_run_user }}"
|
owner: "{{ matrix_alertmanager_run_user }}"
|
||||||
group: "{{ matrix_alertmanager_run_group }}"
|
group: "{{ matrix_alertmanager_run_group }}"
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
vars:
|
vars:
|
||||||
matrix_alertmanager_rooms_flattened: >-2
|
matrix_alertmanager_rooms_flattened: >-2
|
||||||
{%- for receiver in matrix_alertmanager_rooms -%}
|
{%- for receiver in matrix_alertmanager_rooms_flattened -%}
|
||||||
{{ receiver.name }}/{{ receiver.room_id }}{{ '' if loop.last else '|' }}
|
{{ receiver.name }}/{{ receiver.room_id }}{{ '' if loop.last else '|' }}
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
|
||||||
@ -41,6 +41,6 @@
|
|||||||
networks: "{{ matrix_alertmanager_container_networks | default(omit, True) }}"
|
networks: "{{ matrix_alertmanager_container_networks | default(omit, True) }}"
|
||||||
capabilities: "{{ matrix_alertmanager_container_capabilities | default(omit, True) }}"
|
capabilities: "{{ matrix_alertmanager_container_capabilities | default(omit, True) }}"
|
||||||
purge_networks: "{{ matrix_alertmanager_container_purge_networks | default(omit, True) }}"
|
purge_networks: "{{ matrix_alertmanager_container_purge_networks | default(omit, True) }}"
|
||||||
etc_hosts: "{{ matrix_alertmanager_container_etc_hosts | default(omit, True) }}"
|
etc_hosts: "{{ matrix_alertmanager_container_etc_hosts | default(omit) }}"
|
||||||
restart_policy: "{{ matrix_alertmanager_container_restart_policy }}"
|
restart_policy: "{{ matrix_alertmanager_container_restart_policy }}"
|
||||||
state: started
|
state: started
|
@ -2,11 +2,11 @@
|
|||||||
|
|
||||||
matrix_alertmanager_run_user: >-2
|
matrix_alertmanager_run_user: >-2
|
||||||
{{ matrix_alertmanager_user_info.uid
|
{{ matrix_alertmanager_user_info.uid
|
||||||
if matrix_alertmanager_user != 'root'
|
if matrix_alertmanager_user is not 'root'
|
||||||
else matrix_alertmanager_user }}
|
else matrix_alertmanager_user }}
|
||||||
matrix_alertmanager_run_group: >-2
|
matrix_alertmanager_run_group: >-2
|
||||||
{{ matrix_alertmanager_user_info.group
|
{{ matrix_alertmanager_user_info.group
|
||||||
if matrix_alertmanager_user != 'root'
|
if matrix_alertmanager_user is not 'root'
|
||||||
else matrix_alertmanager_user }}
|
else matrix_alertmanager_user }}
|
||||||
|
|
||||||
matrix_alertmanager_container_base_env: {}
|
matrix_alertmanager_container_base_env: {}
|
@ -1,12 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: true
|
|
||||||
dependencies: []
|
|
||||||
galaxy_info:
|
|
||||||
role_name: matrix_alertmanager
|
|
||||||
description: Deploy matrix_alertmanager, an alertmanager receiver for matrix rooms
|
|
||||||
galaxy_tags:
|
|
||||||
- matrix_alertmanager
|
|
||||||
- alertmanager_receiver
|
|
||||||
- alertmanager
|
|
||||||
- matrix
|
|
||||||
- docker
|
|
@ -1,18 +0,0 @@
|
|||||||
# `finallycoffee.observability.postgres_exporter` ansible role
|
|
||||||
|
|
||||||
## Overview
|
|
||||||
|
|
||||||
Ansible role to deploy [`postgres_exporter`](https://github.com/prometheus-community/postgres_exporter),
|
|
||||||
running in a docker container.
|
|
||||||
|
|
||||||
## Configuration
|
|
||||||
|
|
||||||
Set `postgres_exporter_db_[host|post|user|pass]` according to your
|
|
||||||
databases configuration, and scrape the container on it's port `9187`
|
|
||||||
(e.g.: `http://{container_ip}:9187/metrics`).
|
|
||||||
|
|
||||||
For more configuration options using environment variables, see the
|
|
||||||
[official README](https://github.com/prometheus-community/postgres_exporter)
|
|
||||||
and set the configuration in `postgres_exporter_container_env` to override
|
|
||||||
the defaults.
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
postgres_exporter_version: "0.15.0"
|
postgres_exporter_version: "0.10.1"
|
||||||
postgres_exporter_user: root
|
postgres_exporter_user: root
|
||||||
postgres_exporter_create_user: false
|
postgres_exporter_create_user: false
|
||||||
|
|
||||||
@ -13,7 +13,7 @@ postgres_exporter_db_sslmode: false
|
|||||||
postgres_exporter_container_name: postgres_exporter
|
postgres_exporter_container_name: postgres_exporter
|
||||||
postgres_exporter_container_image_name: quay.io/prometheuscommunity/postgres-exporter
|
postgres_exporter_container_image_name: quay.io/prometheuscommunity/postgres-exporter
|
||||||
postgres_exporter_container_image_tag: ~
|
postgres_exporter_container_image_tag: ~
|
||||||
postgres_exporter_container_image_ref: "{{ postgres_exporter_container_image_name }}:{{ postgres_exporter_container_image_tag | default('v' + postgres_exporter_version, True) }}"
|
postgres_exporter_container_image_ref: "{{ postgres_exporter_container_image_name }}:{{ postgres_exporter_container_image_tag | default('v' + postgres_exporter_version) }}"
|
||||||
postgres_exporter_container_networks: ~
|
postgres_exporter_container_networks: ~
|
||||||
postgres_exporter_container_purge_networks: false
|
postgres_exporter_container_purge_networks: false
|
||||||
postgres_exporter_container_volumes: []
|
postgres_exporter_container_volumes: []
|
||||||
@ -23,9 +23,13 @@ postgres_exporter_container_env:
|
|||||||
user={{ postgres_exporter_db_user }}
|
user={{ postgres_exporter_db_user }}
|
||||||
host={{ postgres_exporter_db_host }}
|
host={{ postgres_exporter_db_host }}
|
||||||
sslmode={{ 'enable' if postgres_exporter_db_sslmode else 'disable' }}
|
sslmode={{ 'enable' if postgres_exporter_db_sslmode else 'disable' }}
|
||||||
{%- if postgres_exporter_db_pass -%} pass={{ postgres_exporter_db_pass }}{% endif -%}
|
{% if postgres_exporter_db_pass %}
|
||||||
{%- if postgres_exporter_db_port -%} port={{ postgres_exporter_db_port }}{% endif -%}
|
pass={{ postgres_exporter_db_pass }}
|
||||||
|
{% endif %}
|
||||||
|
{% if postgres_exporter_db_port %}
|
||||||
|
port={{ postgres_exporter_db_port }}
|
||||||
|
{% endif %}
|
||||||
postgres_exporter_container_labels:
|
postgres_exporter_container_labels:
|
||||||
VERSION: "{{ postgres_exporter_version }}"
|
VERSION: "{{ postgres_exporter_version }}"
|
||||||
postgres_exporter_container_user: "{{ postgres_exporter_user if not postgres_exporter_create_user else postgres_exporter_user_info.uid }}"
|
postgres_exporter_container_user: "{{ postgres_exporter_user_info.uid if postgres_exporter_user_info is defined else postgres_exporter_user }}"
|
||||||
postgres_exporter_container_restart_policy: unless-stopped
|
postgres_exporter_container_restart_policy: unless-stopped
|
||||||
|
@ -1,12 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: true
|
|
||||||
dependencies: []
|
|
||||||
galaxy_info:
|
|
||||||
role_name: postgres_exporter
|
|
||||||
description: Deploy and configure the prometheus-maintained postgres_exporter
|
|
||||||
galaxy_tags:
|
|
||||||
- postgres_exporter
|
|
||||||
- prometheus
|
|
||||||
- postgresql
|
|
||||||
- postgres
|
|
||||||
- docker
|
|
@ -9,11 +9,11 @@
|
|||||||
when: postgres_exporter_create_user
|
when: postgres_exporter_create_user
|
||||||
|
|
||||||
- name: Ensure container image '{{ postgres_exporter_container_image_ref }}' is available
|
- name: Ensure container image '{{ postgres_exporter_container_image_ref }}' is available
|
||||||
community.docker.docker_image:
|
docker_container_image:
|
||||||
name: "{{ postgres_exporter_container_image_ref }}"
|
name: "{{ postgres_exporter_container_image_ref }}"
|
||||||
state: present
|
state: present
|
||||||
source: pull
|
source: pull
|
||||||
force_source: "{{ 'yes' if postgres_exporter_container_image_tag else 'no' }}"
|
force_source: "{{ postgres_exporter_container_image_tag|bool }}"
|
||||||
|
|
||||||
- name: Ensure postgres exporter container '{{ postgres_exporter_container_name }}' is running
|
- name: Ensure postgres exporter container '{{ postgres_exporter_container_name }}' is running
|
||||||
docker_container:
|
docker_container:
|
||||||
|
@ -1,27 +0,0 @@
|
|||||||
# `finallycoffee.observability.vmagent` ansible role
|
|
||||||
|
|
||||||
Install and configure the
|
|
||||||
[victoriametrics agent `vmagent`](https://docs.victoriametrics.com/vmagent/)
|
|
||||||
using the [supported deployment types (see `vars/main.yml#L5`)](vars/main.yml#L5).
|
|
||||||
|
|
||||||
## Configuration
|
|
||||||
|
|
||||||
Set scrape job configuration as complex data in `vmagent_config_scrape_configs`.
|
|
||||||
To tune the scrape interval, override `vmagent_config_global_scrape_interval`,
|
|
||||||
or modify / extend `vmagent_config` directly.
|
|
||||||
|
|
||||||
### Prometheus remote write api with basic auth
|
|
||||||
|
|
||||||
One of the more common methods of sending the collected metrics to a
|
|
||||||
central prometheus server. Set the following variables to archieve this:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
vmagent_flags:
|
|
||||||
remoteWrite_url: https://my.prometheus.instance.example.com/api/v1/write
|
|
||||||
remoteWrite_basicAuth_username: my_prom_user
|
|
||||||
remoteWrite_basicAuth_passwordFile: /path/to/password/file.key
|
|
||||||
```
|
|
||||||
|
|
||||||
For the full set of options, see either the
|
|
||||||
[vmagents' "Advanced usage" documentation](https://docs.victoriametrics.com/vmagent/#advanced-usage)
|
|
||||||
or run `vmagent -help` for the same output.
|
|
@ -1,17 +0,0 @@
|
|||||||
---
|
|
||||||
vmagent_config_global_scrape_interval: "30s"
|
|
||||||
vmagent_config_global_scrape_timeout: "10s"
|
|
||||||
vmagent_config_global_external_labels: {}
|
|
||||||
vmagent_config_scrape_configs: []
|
|
||||||
|
|
||||||
vmagent_config: ~
|
|
||||||
vmagent_base_config:
|
|
||||||
global:
|
|
||||||
scrape_interval: "{{ vmagent_config_global_scrape_interval }}"
|
|
||||||
scrape_timeout: "{{ vmagent_config_global_scrape_timeout }}"
|
|
||||||
external_labels: "{{ vmagent_config_global_external_labels }}"
|
|
||||||
scrape_configs: "{{ vmagent_config_scrape_configs }}"
|
|
||||||
|
|
||||||
vmagent_merged_config: >-2
|
|
||||||
{{ (vmagent_base_config | default({}, true))
|
|
||||||
| combine(vmagent_config | default({}, true), recursive=True) }}
|
|
@ -1,59 +0,0 @@
|
|||||||
---
|
|
||||||
vmagent_container_image_registry: "docker.io"
|
|
||||||
vmagent_container_image_namespace: "victoriametrics"
|
|
||||||
vmagent_container_image_name: "vmagent"
|
|
||||||
vmagent_container_image_tag: ~
|
|
||||||
vmagent_container_image: >-2
|
|
||||||
{{
|
|
||||||
([
|
|
||||||
vmagent_container_image_registry,
|
|
||||||
vmagent_container_image_namespace,
|
|
||||||
vmagent_container_image_name,
|
|
||||||
] | join('/'))
|
|
||||||
+ ':'
|
|
||||||
+ (vmagent_container_image_tag
|
|
||||||
| default('v' + vmagent_version, true))
|
|
||||||
}}
|
|
||||||
vmagent_container_image_source: pull
|
|
||||||
vmagent_container_image_force_source: >-2
|
|
||||||
{{ vmagent_container_image_tag | default(false, true) | bool }}
|
|
||||||
vmagent_container_image_network_retries: 3
|
|
||||||
vmagent_container_image_network_delay: 5
|
|
||||||
|
|
||||||
vmagent_container_name: vmagent
|
|
||||||
vmagent_container_user: ~
|
|
||||||
vmagent_container_ports: ~
|
|
||||||
vmagent_container_labels: ~
|
|
||||||
vmagent_container_command: >-2
|
|
||||||
{% for flag in vmagent_all_flags -%}
|
|
||||||
-{{ flag }}
|
|
||||||
{% endfor -%}
|
|
||||||
vmagent_container_networks: ~
|
|
||||||
vmagent_container_network_mode: ~
|
|
||||||
vmagent_container_etc_hosts: ~
|
|
||||||
vmagent_container_dns_servers: ~
|
|
||||||
vmagent_container_restart_policy: >-2
|
|
||||||
{{ (vmagent_deployment_type == 'docker')
|
|
||||||
| ternary('unless-stopped', 'on-failure') }}
|
|
||||||
vmagent_container_state: >-2
|
|
||||||
{{ (vmagent_state == 'present') | ternary('started', 'absent') }}
|
|
||||||
|
|
||||||
vmagent_container_base_volumes:
|
|
||||||
- "{{ vmagent_scrape_config_file }}:{{ vmagent_scrape_config_file }}:ro"
|
|
||||||
- "{{ vmagent_cache_path }}:{{ vmagent_cache_path }}:z"
|
|
||||||
vmagent_container_volumes: ~
|
|
||||||
vmagent_container_all_volumes: >-2
|
|
||||||
{{ (vmagent_container_base_volumes | default([], true))
|
|
||||||
+ (vmagent_container_volumes | default([], true)) }}
|
|
||||||
|
|
||||||
vmagent_container_base_env:
|
|
||||||
remoteWrite_tmpDataPath: "{{ vmagent_cache_path }}"
|
|
||||||
promscrape_config: "{{ vmagent_scrape_config_file }}"
|
|
||||||
vmagent_container_env: ~
|
|
||||||
vmagent_container_merged_env: >-2
|
|
||||||
{{ (vmagent_container_base_env | default({}, true))
|
|
||||||
| combine(vmagent_container_env | default({})) }}
|
|
||||||
vmagent_container_comparisons:
|
|
||||||
env: allow_more_present
|
|
||||||
image: strict
|
|
||||||
labels: allow_more_present
|
|
@ -1,16 +0,0 @@
|
|||||||
---
|
|
||||||
vmagent_user: vmagent
|
|
||||||
vmagent_version: "1.109.1"
|
|
||||||
vmagent_state: present
|
|
||||||
vmagent_deployment_method: "docker"
|
|
||||||
|
|
||||||
vmagent_scrape_config_file: "/etc/vmagent/scrape_config.yml"
|
|
||||||
vmagent_config_path: "{{ vmagent_scrape_config_file | dirname }}"
|
|
||||||
vmagent_cache_path: "/var/cache/vmagent"
|
|
||||||
|
|
||||||
vmagent_base_flags:
|
|
||||||
- "enableTCP6"
|
|
||||||
- "envflag.enable"
|
|
||||||
vmagent_flags: ~
|
|
||||||
vmagent_all_flags: >-2
|
|
||||||
{{ vmagent_base_flags + (vmagent_flags | default([], true)) }}
|
|
@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
vmagent_user_groups: ~
|
|
||||||
|
|
||||||
vmagent_run_user_id: >-2
|
|
||||||
{{ vmagent_user_info.uid | default(vmagent_user) }}
|
|
||||||
vmagent_run_group_id: >-2
|
|
||||||
{{ vmagent_user_info.group | default(vmagent_user) }}
|
|
@ -1,9 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Ensure vmagent container '{{ vmagent_container_name }}' is restarted
|
|
||||||
community.docker.docker_container:
|
|
||||||
name: "{{ vmagent_container_name }}"
|
|
||||||
state: "{{ vmagent_container_state }}"
|
|
||||||
restart: true
|
|
||||||
listen: "vmagent-reload"
|
|
||||||
ignore_errors: "{{ ansible_check_mode }}"
|
|
||||||
when: vmagent_deployment_method == 'docker'
|
|
@ -1,10 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: true
|
|
||||||
dependencies: []
|
|
||||||
galaxy_info:
|
|
||||||
role_name: vmagent
|
|
||||||
description: Deploy and configure the victoriametrics agent `vmagent`
|
|
||||||
galaxy_tags:
|
|
||||||
- victoriametrics
|
|
||||||
- vmagent
|
|
||||||
- prometheus
|
|
@ -1,29 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Ensure container image '{{ vmagent_container_image }}' is {{ vmagent_state }}
|
|
||||||
community.docker.docker_image:
|
|
||||||
name: "{{ vmagent_container_image }}"
|
|
||||||
state: "{{ vmagent_state }}"
|
|
||||||
source: "{{ vmagent_container_image_source }}"
|
|
||||||
force_source: "{{ vmagent_container_image_force_source }}"
|
|
||||||
register: vmagent_container_image_info
|
|
||||||
until: vmagent_container_image_info is success
|
|
||||||
retries: "{{ vmagent_container_image_network_retries }}"
|
|
||||||
delay: "{{ vmagent_container_image_network_delay }}"
|
|
||||||
|
|
||||||
- name: Ensure container '{{ vmagent_container_name }}' is {{ vmagent_container_state }}
|
|
||||||
community.docker.docker_container:
|
|
||||||
name: "{{ vmagent_container_name }}"
|
|
||||||
image: "{{ vmagent_container_image }}"
|
|
||||||
env: "{{ vmagent_container_merged_env }}"
|
|
||||||
user: "{{ vmagent_container_user }}"
|
|
||||||
ports: "{{ vmagent_container_ports | default(omit, true) }}"
|
|
||||||
labels: "{{ vmagent_container_labels | default(omit, true) }}"
|
|
||||||
command: "{{ vmagent_container_command }}"
|
|
||||||
volumes: "{{ vmagent_container_all_volumes }}"
|
|
||||||
networks: "{{ vmagent_container_networks | default(omit, true) }}"
|
|
||||||
etc_hosts: "{{ vmagent_container_etc_hosts | default(omit, true) }}"
|
|
||||||
dns_servers: "{{ vmagent_container_dns_servers | default(omit, true) }}"
|
|
||||||
network_mode: "{{ vmagent_container_network_mode | default(omit, true) }}"
|
|
||||||
restart_policy: "{{ vmagent_container_restart_policy | default(omit, true) }}"
|
|
||||||
comparisons: "{{ vmagent_container_comparisons | default(omit, true) }}"
|
|
||||||
state: "{{ vmagent_container_state }}"
|
|
@ -1,54 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Check that `vmagent_state` is valid
|
|
||||||
ansible.builtin.fail:
|
|
||||||
msg: >-2
|
|
||||||
Unsupported state '{{ vmagent_state }}'! Supported states
|
|
||||||
are {{ vmagent_states | join(', ') }}.
|
|
||||||
when: vmagent_state not in vmagent_states
|
|
||||||
|
|
||||||
- name: Check that `vmagent_deployment_method` is valid
|
|
||||||
ansible.builtin.fail:
|
|
||||||
msg: >-2
|
|
||||||
Unsupported deployment method '{{ vmagent_deployment_method }}'!
|
|
||||||
Supported are: {{ vmagent_deployment_methods | join(', ') }}.
|
|
||||||
when: vmagent_deployment_method not in vmagent_deployment_methods
|
|
||||||
|
|
||||||
- name: Ensure vmagent user '{{ vmagent_user }}' is {{ vmagent_state }}
|
|
||||||
ansible.builtin.user:
|
|
||||||
name: "{{ vmagent_user }}"
|
|
||||||
state: "{{ vmagent_state }}"
|
|
||||||
system: "{{ vmagent_user_system | default(true, true) }}"
|
|
||||||
groups: "{{ vmagent_user_groups | default(omit, true) }}"
|
|
||||||
append: "{{ (vmagent_user_groups | default([], true)) | length > 0 }}"
|
|
||||||
create_home: "{{ vmagent_user_create_home | default(false, true) }}"
|
|
||||||
register: vmagent_user_info
|
|
||||||
|
|
||||||
- name: Ensure configuration file '{{ vmagent_scrape_config_file }}' is {{ vmagent_state }}
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ vmagent_scrape_config_file }}"
|
|
||||||
state: "{{ vmagent_state }}"
|
|
||||||
when: vmagent_state == 'absent'
|
|
||||||
|
|
||||||
- name: Ensure config directory '{{ vmagent_config_path }}' is {{ vmagent_state }}
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ vmagent_config_path }}"
|
|
||||||
state: >-2
|
|
||||||
{{ (vmagent_state == 'present') | ternary('directory', 'absent') }}
|
|
||||||
owner: "{{ vmagent_run_user_id }}"
|
|
||||||
group: "{{ vmagent_run_group_id }}"
|
|
||||||
mode: "0755"
|
|
||||||
|
|
||||||
- name: Ensure configuration file '{{ vmagent_scrape_config_file }}' is {{ vmagent_state }}
|
|
||||||
ansible.builtin.copy:
|
|
||||||
dest: "{{ vmagent_scrape_config_file }}"
|
|
||||||
content: "{{ vmagent_merged_config | to_nice_yaml(indent=4, width=1000) }}"
|
|
||||||
owner: "{{ vmagent_run_user_id }}"
|
|
||||||
group: "{{ vmagent_run_group_id }}"
|
|
||||||
mode: "0644"
|
|
||||||
when: vmagent_state == 'present'
|
|
||||||
notify:
|
|
||||||
- vmagent-reload
|
|
||||||
|
|
||||||
- name: Ensure vmagent is deployed using {{ vmagent_deployment_method }}
|
|
||||||
ansible.builtin.include_tasks:
|
|
||||||
file: "deploy-{{ vmagent_deployment_method }}.yml"
|
|
@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
vmagent_states:
|
|
||||||
- present
|
|
||||||
- absent
|
|
||||||
vmagent_deployment_methods:
|
|
||||||
- docker
|
|
@ -1,11 +0,0 @@
|
|||||||
# `finallycoffee.observability.vmalert` ansible role
|
|
||||||
|
|
||||||
## Description
|
|
||||||
|
|
||||||
This role configures `vmalert` and runs it in the officially distributed docker container.
|
|
||||||
|
|
||||||
The default configuration file for recording rules is `vmalert_recording_config` and the default file for alerts is `vmalert_alert_config`. To set rules in a prometheus-like syntax, supply them to the role using `vmalert_alerts` or `vmalert_records`.
|
|
||||||
|
|
||||||
It is also possible to pass extra rule-files to load using `vmalert_rule_files`, though care must be taken to also mount them to the location in the container by populating `vmalert_container_volumes`.
|
|
||||||
|
|
||||||
VM alert runs with the `envflag.enable` flag by default, so configuration to vmalert can be passed using `vmalert_container_env` with the syntax found on the official victoriametrics documentation.
|
|
@ -1,57 +0,0 @@
|
|||||||
---
|
|
||||||
vmalert_state: present
|
|
||||||
vmalert_user: vmalert
|
|
||||||
vmalert_version: "1.109.1"
|
|
||||||
vmalert_base_path: "/opt/vmalert"
|
|
||||||
vmalert_config_path: "{{ vmalert_base_path }}/config"
|
|
||||||
vmalert_alert_config: "{{ vmalert_config_path }}/alerts.yml"
|
|
||||||
vmalert_recording_config: "{{ vmalert_config_path }}/records.yml"
|
|
||||||
|
|
||||||
vmalert_alerts: {}
|
|
||||||
vmalert_records: {}
|
|
||||||
vmalert_rule_files: []
|
|
||||||
vmalert_default_rule_files:
|
|
||||||
- "{{ vmalert_alert_config }}"
|
|
||||||
- "{{ vmalert_recording_config }}"
|
|
||||||
vmalert_merged_rule_files: >-
|
|
||||||
{{ vmalert_default_rule_files + vmalert_rule_files }}
|
|
||||||
|
|
||||||
vmalert_container_image_server: docker.io
|
|
||||||
vmalert_container_image_namespace: "victoriametrics"
|
|
||||||
vmalert_container_image_container: "vmalert"
|
|
||||||
vmalert_container_image_name: >-2
|
|
||||||
{{
|
|
||||||
vmalert_container_image_server
|
|
||||||
+ ((vmalert_container_image_namespace is defined)
|
|
||||||
| ternary('/' ~ vmalert_container_image_namespace, ''))
|
|
||||||
+ '/' + vmalert_container_image_container
|
|
||||||
}}
|
|
||||||
#vmalert_container_image_tag:
|
|
||||||
vmalert_container_image: >-2
|
|
||||||
{{ vmalert_container_image_name }}:{{ vmalert_container_image_tag | default('v' + vmalert_version, false) }}
|
|
||||||
|
|
||||||
vmalert_user_id: >-
|
|
||||||
{{ (vmalert_user_info is defined and 'uid' in vmalert_user_info) | ternary(vmalert_user_info.uid, vmalert_user) }}
|
|
||||||
vmalert_group_id: >-
|
|
||||||
{{ (vmalert_user_info is defined and 'group' in vmalert_user_info) | ternary(vmalert_user_info.group, vmalert_user) }}
|
|
||||||
vmalert_container_user: "{{ vmalert_user_id }}"
|
|
||||||
vmalert_container_group: "{{ vmalert_group_id }}"
|
|
||||||
vmalert_container_name: "vmalert"
|
|
||||||
vmalert_container_command: []
|
|
||||||
vmalert_container_default_command:
|
|
||||||
- "-enableTCP6"
|
|
||||||
- "-envflag.enable"
|
|
||||||
vmalert_container_merged_command: >-
|
|
||||||
{{ vmalert_container_default_command + (vmalert_container_command | default([], false)) }}
|
|
||||||
vmalert_container_env: {}
|
|
||||||
vmalert_container_default_env:
|
|
||||||
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
|
||||||
rule: "{{ vmalert_merged_rule_files | join(',') }}"
|
|
||||||
vmalert_container_merged_env: >-
|
|
||||||
{{ vmalert_container_default_env | combine(vmalert_container_env) }}
|
|
||||||
vmalert_container_volumes: []
|
|
||||||
vmalert_container_default_volumes:
|
|
||||||
- "{{ vmalert_config_path }}:{{ vmalert_config_path }}:z"
|
|
||||||
vmalert_container_merged_volumes: >-
|
|
||||||
{{ vmalert_container_default_volumes | combine(vmalert_container_volumes) }}
|
|
||||||
vmalert_container_restart_policy: "unless-stopped"
|
|
@ -1,11 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: true
|
|
||||||
dependencies: []
|
|
||||||
galaxy_info:
|
|
||||||
role_name: vmalert
|
|
||||||
description: Deploy and configure the victoriametrics alerting engine `vmalert`
|
|
||||||
galaxy_tags:
|
|
||||||
- victoriametrics
|
|
||||||
- vmalert
|
|
||||||
- alerting
|
|
||||||
- prometheus
|
|
@ -1,69 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Ensure user {{ vmalert_user }} is {{ vmalert_state }}
|
|
||||||
ansible.builtin.user:
|
|
||||||
name: "{{ vmalert_user }}"
|
|
||||||
state: present
|
|
||||||
system: true
|
|
||||||
create_home: false
|
|
||||||
register: vmalert_user_info
|
|
||||||
|
|
||||||
- name: Ensure directories for vmalert are {{ vmalert_state }}
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ item.path }}"
|
|
||||||
state: "{{ (vmalert_state == 'present') | ternary('directory', 'absent') }}"
|
|
||||||
owner: "{{ item.owner | default(vmalert_user_id) }}"
|
|
||||||
group: "{{ item.group | default(vmalert_group_id) }}"
|
|
||||||
mode: "{{ item.mode | default('0775') }}"
|
|
||||||
loop:
|
|
||||||
- path: "{{ vmalert_base_path }}"
|
|
||||||
- path: "{{ vmalert_config_path }}"
|
|
||||||
mode: "0755"
|
|
||||||
loop_control:
|
|
||||||
label: "{{ item.path }}"
|
|
||||||
|
|
||||||
- name: Ensure alert configuration is present
|
|
||||||
ansible.builtin.copy:
|
|
||||||
dest: "{{ vmalert_alert_config }}"
|
|
||||||
content: |
|
|
||||||
{{ ({ 'groups': vmalert_alerts})
|
|
||||||
| to_nice_yaml(indent=2, width=1024, default_style='"') }}
|
|
||||||
owner: "{{ item.owner | default(vmalert_user_id) }}"
|
|
||||||
group: "{{ item.group | default(vmalert_group_id) }}"
|
|
||||||
mode: "{{ item.mode | default('0775') }}"
|
|
||||||
when: vmalert_state == 'present'
|
|
||||||
|
|
||||||
- name: Ensure recording rule configuration is present
|
|
||||||
ansible.builtin.copy:
|
|
||||||
dest: "{{ vmalert_recording_config }}"
|
|
||||||
content: |
|
|
||||||
{{ ({ 'groups': vmalert_records})
|
|
||||||
| to_nice_yaml(indent=2, width=1024, default_style='"') }}
|
|
||||||
owner: "{{ item.owner | default(vmalert_user_id) }}"
|
|
||||||
group: "{{ item.group | default(vmalert_group_id) }}"
|
|
||||||
mode: "{{ item.mode | default('0775') }}"
|
|
||||||
when: vmalert_state == 'present'
|
|
||||||
|
|
||||||
- name: Ensure container image {{ vmalert_container_image }} is {{ vmalert_state }}
|
|
||||||
community.docker.docker_image:
|
|
||||||
name: "{{ vmalert_container_image }}"
|
|
||||||
state: "{{ vmalert_state }}"
|
|
||||||
source: "{{ (vmalert_state == 'present') | ternary('pull', omit) }}"
|
|
||||||
force_source: >-2
|
|
||||||
{{ (vmalert_container_image == 'present') | ternary(vmalert_container_image_tag, omit) }}
|
|
||||||
|
|
||||||
- name: Ensure vmalert container is {{ vmalert_state }}
|
|
||||||
community.docker.docker_container:
|
|
||||||
name: "{{ vmalert_container_name}}"
|
|
||||||
image: "{{ vmalert_container_image }}"
|
|
||||||
env: "{{ vmalert_container_merged_env }}"
|
|
||||||
user: "{{ vmalert_container_user }}"
|
|
||||||
ports: "{{ vmalert_container_ports | default(omit) }}"
|
|
||||||
groups: "{{ vmalert_container_group }}"
|
|
||||||
labels: "{{ vmalert_container_labels | default(omit) }}"
|
|
||||||
volumes: "{{ vmalert_container_merged_volumes }}"
|
|
||||||
command: "{{ vmalert_container_merged_command }}"
|
|
||||||
networks: "{{ vmalert_container_networks | default(omit) }}"
|
|
||||||
etc_hosts: "{{ vmalert_container_etc_hosts | default(omit )}}"
|
|
||||||
purge_networks: "{{ vmalert_container_purge_networks | default(omit) }}"
|
|
||||||
restart_policy: "{{ vmalert_container_restart_policy | default(omit) }}"
|
|
||||||
state: "{{ (vmalert_state == 'present') | ternary('started', 'absent') }}"
|
|
@ -1,7 +0,0 @@
|
|||||||
# `finallycoffee.observability.vmtsdb` ansible role
|
|
||||||
|
|
||||||
## Description
|
|
||||||
|
|
||||||
This role configures `vmtsdb`, the time-series database part of victoria metrics, run in a docker container.
|
|
||||||
|
|
||||||
Per default `enableTCP6` and `envflag.enable` flags are passed to victoriametrics, enabling configuration using `vmtsdb_container_env`, using the syntax found on the official victoriametrics documentation.
|
|
@ -1,45 +0,0 @@
|
|||||||
---
|
|
||||||
vmtsdb_state: present
|
|
||||||
vmtsdb_user: vmtsdb
|
|
||||||
vmtsdb_version: "1.109.1"
|
|
||||||
vmtsdb_base_path: "/opt/vmtsdb"
|
|
||||||
vmtsdb_data_path: "{{ vmtsdb_base_path }}/data"
|
|
||||||
|
|
||||||
vmtsdb_container_image_server: docker.io
|
|
||||||
vmtsdb_container_image_namespace: "victoriametrics"
|
|
||||||
vmtsdb_container_image_container: "victoria-metrics"
|
|
||||||
vmtsdb_container_image_name: >-2
|
|
||||||
{{
|
|
||||||
vmtsdb_container_image_server
|
|
||||||
+ ((vmtsdb_container_image_namespace is defined)
|
|
||||||
| ternary('/' ~ vmtsdb_container_image_namespace, ''))
|
|
||||||
+ '/' + vmtsdb_container_image_container
|
|
||||||
}}
|
|
||||||
#vmtsdb_container_image_tag:
|
|
||||||
vmtsdb_container_image: >-2
|
|
||||||
{{ vmtsdb_container_image_name }}:{{ vmtsdb_container_image_tag | default('v' + vmtsdb_version, false) }}
|
|
||||||
|
|
||||||
vmtsdb_user_id: >-
|
|
||||||
{{ (vmtsdb_user_info is defined and 'uid' in vmtsdb_user_info) | ternary(vmtsdb_user_info.uid, vmtsdb_user) }}
|
|
||||||
vmtsdb_group_id: >-
|
|
||||||
{{ (vmtsdb_user_info is defined and 'group' in vmtsdb_user_info) | ternary(vmtsdb_user_info.group, vmtsdb_user) }}
|
|
||||||
vmtsdb_container_user: "{{ vmtsdb_user_id }}"
|
|
||||||
vmtsdb_container_group: "{{ vmtsdb_group_id }}"
|
|
||||||
vmtsdb_container_name: "vmtsdb"
|
|
||||||
vmtsdb_container_command: []
|
|
||||||
vmtsdb_container_default_command:
|
|
||||||
- "-enableTCP6"
|
|
||||||
- "-envflag.enable"
|
|
||||||
vmtsdb_container_merged_command: >-
|
|
||||||
{{ vmtsdb_container_default_command + (vmtsdb_container_command | default([], false)) }}
|
|
||||||
vmtsdb_container_env: {}
|
|
||||||
vmtsdb_container_default_env:
|
|
||||||
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
|
||||||
vmtsdb_container_merged_env: >-
|
|
||||||
{{ vmtsdb_container_default_env | combine(vmtsdb_container_env) }}
|
|
||||||
vmtsdb_container_volumes: []
|
|
||||||
vmtsdb_container_default_volumes:
|
|
||||||
- "{{ vmtsdb_data_path }}:/victoria-metrics-data:z"
|
|
||||||
vmtsdb_container_merged_volumes: >-
|
|
||||||
{{ vmtsdb_container_default_volumes | combine(vmtsdb_container_volumes) }}
|
|
||||||
vmtsdb_container_restart_policy: "unless-stopped"
|
|
@ -1,10 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: true
|
|
||||||
dependencies: []
|
|
||||||
galaxy_info:
|
|
||||||
role_name: vmtsdb
|
|
||||||
description: Deploy and configure the victoriametrics time-series database `vmtsdb`
|
|
||||||
galaxy_tags:
|
|
||||||
- victoriametrics
|
|
||||||
- vmtsdb
|
|
||||||
- prometheus
|
|
@ -1,50 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Ensure user {{ vmtsdb_user }} is {{ vmtsdb_state }}
|
|
||||||
ansible.builtin.user:
|
|
||||||
name: "{{ vmtsdb_user }}"
|
|
||||||
state: present
|
|
||||||
system: true
|
|
||||||
create_home: false
|
|
||||||
register: vmtsdb_user_info
|
|
||||||
|
|
||||||
- name: Ensure directories for vmtsdb are {{ vmtsdb_state }}
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ item.path }}"
|
|
||||||
state: "{{ (vmtsdb_state == 'present') | ternary('directory', 'absent') }}"
|
|
||||||
owner: "{{ item.owner | default(vmtsdb_user_id) }}"
|
|
||||||
group: "{{ item.group | default(vmtsdb_group_id) }}"
|
|
||||||
mode: "{{ item.mode | default('0775') }}"
|
|
||||||
loop:
|
|
||||||
- path: "{{ vmtsdb_base_path }}"
|
|
||||||
- path: "{{ vmtsdb_data_path }}"
|
|
||||||
mode: "0755"
|
|
||||||
loop_control:
|
|
||||||
label: "{{ item.path }}"
|
|
||||||
|
|
||||||
- name: Ensure container image {{ vmtsdb_container_image }} is {{ vmtsdb_state }}
|
|
||||||
community.docker.docker_image:
|
|
||||||
name: "{{ vmtsdb_container_image }}"
|
|
||||||
state: "{{ vmtsdb_state }}"
|
|
||||||
source: "{{ (vmtsdb_state == 'present') | ternary('pull', omit) }}"
|
|
||||||
force_source: >-2
|
|
||||||
{{ (vmtsdb_container_image == 'present') | ternary(vmtsdb_container_image_tag, omit) }}
|
|
||||||
|
|
||||||
- name: Ensure vmtsdb container is {{ vmtsdb_state }}
|
|
||||||
community.docker.docker_container:
|
|
||||||
name: "{{ vmtsdb_container_name}}"
|
|
||||||
image: "{{ vmtsdb_container_image }}"
|
|
||||||
env: "{{ vmtsdb_container_merged_env }}"
|
|
||||||
user: "{{ vmtsdb_container_user }}"
|
|
||||||
ports: "{{ vmtsdb_container_ports | default(omit) }}"
|
|
||||||
groups: "{{ vmtsdb_container_group }}"
|
|
||||||
labels: "{{ vmtsdb_container_labels | default(omit) }}"
|
|
||||||
volumes: "{{ vmtsdb_container_merged_volumes }}"
|
|
||||||
command: "{{ vmtsdb_container_merged_command }}"
|
|
||||||
networks: "{{ vmtsdb_container_networks | default(omit) }}"
|
|
||||||
etc_hosts: "{{ vmtsdb_container_etc_hosts | default(omit )}}"
|
|
||||||
purge_networks: "{{ vmtsdb_container_purge_networks | default(omit) }}"
|
|
||||||
restart_policy: "{{ vmtsdb_container_restart_policy | default(omit) }}"
|
|
||||||
state: "{{ (vmtsdb_state == 'present') | ternary('started', 'absent') }}"
|
|
||||||
comparisons:
|
|
||||||
labels: strict
|
|
||||||
env: strict
|
|
Loading…
x
Reference in New Issue
Block a user