feat(loki): add role for deployment using ansible

README.md

@@ -15,11 +15,6 @@ metrics or alerting.
   manager receiver which posts alerts to a configured matrix channel
   using alertmanagers' webhooks.
 
-- [`vmtsdb`](roles/vmtsdb/README.md): VictoriaMetrics time series database.
-
-- [`vmalert`](roles/vmalert/README.md): VictoriaMetrics alerting and
-  ruling engine.
-
 - [`postgres_exporter`](roles/postgres_exporter/README.md): Prometheus
   exporter for postgres databases, in a docker container.
 

playbooks/loki.yml

@@ -0,0 +1,6 @@
+---
+- name: Install loki
+  hosts: "{{ loki_hosts | default('loki') }}"
+  become: true
+  roles:
+    - role: finallycoffee.observability.loki

playbooks/vmalert.yml

@@ -1,6 +0,0 @@
----
-- name: Install vmalert using docker
-  hosts: "{{ vmalert_hosts | default('vmalert') }}"
-  become: "{{ vmalert_become | default(false) }}"
-  roles:
-    - role: finallycoffee.observability.vmalert

playbooks/vmtsdb.yml

@@ -1,6 +0,0 @@
----
-- name: Install vmtsdb using docker
-  hosts: "{{ vmtsdb_hosts | default('vmtsdb') }}"
-  become: "{{ vmtsdb_become | default(false) }}"
-  roles:
-    - role: finallycoffee.observability.vmtsdb

roles/loki/README.md

@@ -0,0 +1,14 @@
+# `finallycoffee.observability.loki` ansible role
+
+## Overview
+
+Runs [loki](https://github.com/grafana/loki) in a docker container.
+
+## Configuration
+
+Listens on `3100` per default, and can be changed using `loki_config_server_http_listen_port` / `loki_config_server_http_listen_addr`.
+
+### Required configuration
+
+Loki's storage config can be provided in `loki_config_storage_config`,
+the schema configs can be provided in `loki_config_schema_config_configs`.

roles/loki/defaults/main.yml

@@ -0,0 +1,45 @@
+---
+loki_user: loki
+loki_version: "2.9.1"
+loki_base_path: "/opt/loki"
+loki_config_path: "{{ loki_base_path }}/config"
+loki_config_file: "{{ loki_config_path }}/config.yml"
+loki_state: present
+loki_container_state: >-
+  {{ (loki_state == 'present') | ternary('started', 'absent') }}
+loki_run_user: "{{ loki_user_info.uid | default(loki_user) }}"
+loki_run_group: "{{ loki_user_info.group | default(loki_user) }}"
+loki_all_host_directories: >-
+  {{ loki_required_host_directories + loki_host_directories | default([]) }}
+loki_required_host_directories:
+  - path: "{{ loki_base_path }}"
+  - path: "{{ loki_config_path }}"
+
+loki_container_name: loki
+loki_container_image_name: "loki"
+loki_container_image_namespace: "grafana"
+loki_container_image_registry: "docker.io"
+loki_container_image_tag: ~
+loki_container_image: >-
+  {{ loki_container_image_registry
+    + (('/' + loki_container_image_namespace)
+    if loki_container_image_namespace | default(false, true) else '')
+    + '/' + loki_container_image_name
+    + ':' + (loki_container_image_tag | default(loki_version, true))
+  }}
+loki_container_env: {}
+loki_container_base_volumes:
+  - "{{ loki_config_file }}:/etc/loki/local-config.yaml:ro"
+loki_container_all_volumes: >-2
+  {{ loki_container_base_volumes + loki_container_volumes | default([]) }}
+loki_container_all_labels: >-2
+  {{ loki_container_base_labels | combine(loki_container_labels | default({})) }}
+loki_container_restart_policy: "unless-stopped"
+
+loki_config_target: "all"
+loki_config_auth_enabled: false
+loki_config_server_http_listen_port: 3100
+loki_config_server_http_listen_address: 127.0.0.1
+loki_config_storage_config: {}
+loki_config_schema_config_configs: []
+loki_config_limits_config: []

roles/loki/handlers/main.yml

@@ -0,0 +1,10 @@
+---
+- name: Ensure loki is reloaded
+  listen: loki_reload
+  community.docker.docker_container:
+    name: "{{ loki_container_name }}"
+    state: "started"
+    restart: true
+    force_kill: true
+    kill_signal: "HUP"
+  when: "loki_container_state in ['started', 'present']"

roles/loki/tasks/main.yml

@@ -0,0 +1,56 @@
+---
+- name: Ensure loki user '{{ loki_user }}' is {{ loki_state }}
+  ansible.builtin.user:
+    name: "{{ loki_user }}"
+    state: "{{ loki_state }}"
+    system: true
+    create_home: false
+  register: loki_user_info
+
+- name: Ensure loki host directories are {{ loki_state }}
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: >-
+      {{ (loki_state == 'present') | ternary('directory', 'absent') }}
+    owner: "{{ item.owner | default(loki_run_user) }}"
+    group: "{{ item.group | default(loki_run_group) }}"
+    mode: "{{ item.mode | default('0755') }}"
+  loop: "{{ loki_all_host_directories }}"
+
+- name: Ensure loki configuration file is templated
+  ansible.builtin.copy:
+    content: "{{ loki_final_config | to_nice_yaml(width=10000, indent=2) }}"
+    dest: "{{ loki_config_file }}"
+    owner: "{{ loki_run_user }}"
+    group: "{{ loki_run_group }}"
+    mode: "0640"
+  notify: loki_reload
+
+- name: Ensure loki container image '{{ loki_container_image }}' is {{ loki_state }}
+  community.docker.docker_image:
+    name: "{{ loki_container_image }}"
+    state: "{{ loki_state }}"
+    source: "pull"
+    force_source: >-
+      {{ loki_container_image_force_source
+        | default(loki_container_image_tag | default(false, true)) }}
+  register: loki_container_image_info
+  until: loki_container_image_info is success
+  retries: 3
+  delay: 5
+
+- name: Ensure loki container '{{ loki_container_name }}' is {{ loki_container_state }}
+  community.docker.docker_container:
+    name: "{{ loki_container_name }}"
+    image: "{{ loki_container_image }}"
+    env: "{{ loki_container_env }}"
+    user: "{{ loki_run_user }}:{{ loki_run_group }}"
+    ports: "{{ loki_container_ports | default(omit, true) }}"
+    labels: "{{ loki_container_all_labels }}"
+    volumes: "{{ loki_container_all_volumes }}"
+    networks: "{{ loki_container_networks | default(omit, true) }}"
+    purge_networks: "{{ loki_container_purge_networks | default(omit, true) }}"
+    etc_hosts: "{{ loki_container_etc_hosts | default(omit, true) }}"
+    hostname: "{{ loki_container_hostname | default(omit, true) }}"
+    restart_policy: "{{ loki_container_restart_policy }}"
+    state: "{{ loki_container_state }}"

roles/loki/vars/main.yml

@@ -0,0 +1,14 @@
+loki_default_config:
+  target: "{{ loki_config_target }}"
+  auth_enabled: "{{ loki_config_auth_enabled }}"
+  server:
+    http_listen_address: "{{ loki_config_server_http_listen_address }}"
+    http_listen_port: "{{ loki_config_server_http_listen_port }}"
+  storage_config: "{{ loki_config_storage_config }}"
+  limits_config: "{{ loki_config_limits_config }}"
+  schema_config:
+    configs: "{{ loki_config_schema_config_configs }}"
+loki_final_config: >-
+  {{ loki_default_config | combine(loki_config | default({}), recursive=True) }}
+loki_container_base_labels:
+  version: "{{ loki_version }}"

roles/vmalert/README.md

@@ -1,11 +0,0 @@
-# `finallycoffee.observability.vmalert` ansible role
-
-## Description
-
-This role configures `vmalert` and runs it in the officially distributed docker container.
-
-The default configuration file for recording rules is `vmalert_recording_config` and the default file for alerts is `vmalert_alert_config`. To set rules in a prometheus-like syntax, supply them to the role using `vmalert_alerts` or `vmalert_records`.
-
-It is also possible to pass extra rule-files to load using `vmalert_rule_files`, though care must be taken to also mount them to the location in the container by populating `vmalert_container_volumes`.
-
-VM alert runs with the `envflag.enable` flag by default, so configuration to vmalert can be passed using `vmalert_container_env` with the syntax found on the official victoriametrics documentation.

roles/vmalert/defaults/main.yml

@@ -1,57 +0,0 @@
----
-vmalert_state: present
-vmalert_user: vmalert
-vmalert_version: "1.87.5"
-vmalert_base_path: "/opt/vmalert"
-vmalert_config_path: "{{ vmalert_base_path }}/config"
-vmalert_alert_config: "{{ vmalert_config_path }}/alerts.yml"
-vmalert_recording_config: "{{ vmalert_config_path }}/records.yml"
-
-vmalert_alerts: {}
-vmalert_records: {}
-vmalert_rule_files: []
-vmalert_default_rule_files:
-  - "{{ vmalert_alert_config }}"
-  - "{{ vmalert_recording_config }}"
-vmalert_merged_rule_files: >-
-  {{ vmalert_default_rule_files + vmalert_rule_files }}
-
-vmalert_container_image_server: docker.io
-vmalert_container_image_namespace: "victoriametrics"
-vmalert_container_image_container: "vmalert"
-vmalert_container_image_name: >-2
-  {{
-    vmalert_container_image_server
-    + ((vmalert_container_image_namespace is defined)
-      | ternary('/' ~ vmalert_container_image_namespace, ''))
-    + '/' + vmalert_container_image_container
-  }}
-#vmalert_container_image_tag:
-vmalert_container_image: >-2
-  {{ vmalert_container_image_name }}:{{ vmalert_container_image_tag | default('v' + vmalert_version, false) }}
-
-vmalert_user_id: >-
-  {{ (vmalert_user_info is defined and 'uid' in vmalert_user_info) | ternary(vmalert_user_info.uid, vmalert_user) }}
-vmalert_group_id: >-
-  {{ (vmalert_user_info is defined and 'group' in vmalert_user_info) | ternary(vmalert_user_info.group, vmalert_user) }}
-vmalert_container_user: "{{ vmalert_user_id }}"
-vmalert_container_group: "{{ vmalert_group_id }}"
-vmalert_container_name: "vmalert"
-vmalert_container_command: []
-vmalert_container_default_command:
-  - "-enableTCP6"
-  - "-envflag.enable"
-vmalert_container_merged_command: >-
-  {{ vmalert_container_default_command + (vmalert_container_command | default([], false)) }}
-vmalert_container_env: {}
-vmalert_container_default_env:
-  PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-  rule: "{{ vmalert_merged_rule_files | join(',') }}"
-vmalert_container_merged_env: >-
-  {{ vmalert_container_default_env | combine(vmalert_container_env) }} 
-vmalert_container_volumes: []
-vmalert_container_default_volumes:
-  - "{{ vmalert_config_path }}:{{ vmalert_config_path }}:z"
-vmalert_container_merged_volumes: >-
-  {{ vmalert_container_default_volumes | combine(vmalert_container_volumes) }}
-vmalert_container_restart_policy: "unless-stopped"

roles/vmalert/tasks/main.yml

@@ -1,69 +0,0 @@
----
-- name: Ensure user {{ vmalert_user }} is {{ vmalert_state }}
-  ansible.builtin.user:
-    name: "{{ vmalert_user }}"
-    state: present
-    system: true
-    create_home: false
-  register: vmalert_user_info
-
-- name: Ensure directories for vmalert are {{ vmalert_state }}
-  ansible.builtin.file:
-    path: "{{ item.path }}"
-    state: "{{ (vmalert_state == 'present') | ternary('directory', 'absent') }}"
-    owner: "{{ item.owner | default(vmalert_user_id) }}"
-    group: "{{ item.group | default(vmalert_group_id) }}"
-    mode: "{{ item.mode | default('0775') }}"
-  loop:
-    - path: "{{ vmalert_base_path }}"
-    - path: "{{ vmalert_config_path }}"
-      mode: "0755"
-  loop_control:
-    label: "{{ item.path }}"
-
-- name: Ensure alert configuration is present
-  ansible.builtin.copy:
-    dest: "{{ vmalert_alert_config }}"
-    content: |
-      {{ ({ 'groups': vmalert_alerts})
-      | to_nice_yaml(indent=2, width=1024, default_style='"') }}
-    owner: "{{ item.owner | default(vmalert_user_id) }}"
-    group: "{{ item.group | default(vmalert_group_id) }}"
-    mode: "{{ item.mode | default('0775') }}"
-  when: vmalert_state == 'present'
-
-- name: Ensure recording rule configuration is present
-  ansible.builtin.copy:
-    dest: "{{ vmalert_recording_config }}"
-    content: |
-      {{ ({ 'groups': vmalert_records})
-      | to_nice_yaml(indent=2, width=1024, default_style='"') }}
-    owner: "{{ item.owner | default(vmalert_user_id) }}"
-    group: "{{ item.group | default(vmalert_group_id) }}"
-    mode: "{{ item.mode | default('0775') }}"
-  when: vmalert_state == 'present'
-
-- name: Ensure container image {{ vmalert_container_image }} is {{ vmalert_state }}
-  community.docker.docker_image:
-    name: "{{ vmalert_container_image }}"
-    state: "{{ vmalert_state }}"
-    source: "{{ (vmalert_state == 'present') | ternary('pull', omit) }}"
-    force_source: >-2
-      {{ (vmalert_container_image == 'present') | ternary(vmalert_container_image_tag, omit) }}
-
-- name: Ensure vmalert container is {{ vmalert_state }}
-  community.docker.docker_container:
-    name: "{{ vmalert_container_name}}"
-    image: "{{ vmalert_container_image }}"
-    env: "{{ vmalert_container_merged_env }}"
-    user: "{{ vmalert_container_user }}"
-    ports: "{{ vmalert_container_ports | default(omit) }}"
-    groups: "{{ vmalert_container_group }}"
-    labels: "{{ vmalert_container_labels | default(omit) }}"
-    volumes: "{{ vmalert_container_merged_volumes }}"
-    command: "{{ vmalert_container_merged_command }}"
-    networks: "{{ vmalert_container_networks | default(omit) }}"
-    etc_hosts: "{{ vmalert_container_etc_hosts | default(omit )}}"
-    purge_networks: "{{ vmalert_container_purge_networks | default(omit) }}"
-    restart_policy: "{{ vmalert_container_restart_policy | default(omit) }}"
-    state: "{{ (vmalert_state == 'present') | ternary('started', 'absent') }}"

roles/vmtsdb/README.md

@@ -1,7 +0,0 @@
-# `finallycoffee.observability.vmtsdb` ansible role
-
-## Description
-
-This role configures `vmtsdb`, the time-series database part of victoria metrics, run in a docker container.
-
-Per default `enableTCP6` and `envflag.enable` flags are passed to victoriametrics, enabling configuration using `vmtsdb_container_env`, using the syntax found on the official victoriametrics documentation.

roles/vmtsdb/defaults/main.yml

@@ -1,45 +0,0 @@
----
-vmtsdb_state: present
-vmtsdb_user: vmtsdb
-vmtsdb_version: "1.87.5"
-vmtsdb_base_path: "/opt/vmtsdb"
-vmtsdb_data_path: "{{ vmtsdb_base_path }}/data"
-
-vmtsdb_container_image_server: docker.io
-vmtsdb_container_image_namespace: "victoriametrics"
-vmtsdb_container_image_container: "victoria-metrics"
-vmtsdb_container_image_name: >-2
-  {{
-    vmtsdb_container_image_server
-    + ((vmtsdb_container_image_namespace is defined)
-      | ternary('/' ~ vmtsdb_container_image_namespace, ''))
-    + '/' + vmtsdb_container_image_container
-  }}
-#vmtsdb_container_image_tag:
-vmtsdb_container_image: >-2
-  {{ vmtsdb_container_image_name }}:{{ vmtsdb_container_image_tag | default('v' + vmtsdb_version, false) }}
-
-vmtsdb_user_id: >-
-  {{ (vmtsdb_user_info is defined and 'uid' in vmtsdb_user_info) | ternary(vmtsdb_user_info.uid, vmtsdb_user) }}
-vmtsdb_group_id: >-
-  {{ (vmtsdb_user_info is defined and 'group' in vmtsdb_user_info) | ternary(vmtsdb_user_info.group, vmtsdb_user) }}
-vmtsdb_container_user: "{{ vmtsdb_user_id }}"
-vmtsdb_container_group: "{{ vmtsdb_group_id }}"
-vmtsdb_container_name: "vmtsdb"
-vmtsdb_container_command: []
-vmtsdb_container_default_command:
-  - "-enableTCP6"
-  - "-envflag.enable"
-vmtsdb_container_merged_command: >-
-  {{ vmtsdb_container_default_command + (vmtsdb_container_command | default([], false)) }}
-vmtsdb_container_env: {}
-vmtsdb_container_default_env:
-  PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-vmtsdb_container_merged_env: >-
-  {{ vmtsdb_container_default_env | combine(vmtsdb_container_env) }} 
-vmtsdb_container_volumes: []
-vmtsdb_container_default_volumes:
-  - "{{ vmtsdb_data_path }}:/victoria-metrics-data:z"
-vmtsdb_container_merged_volumes: >-
-  {{ vmtsdb_container_default_volumes | combine(vmtsdb_container_volumes) }}
-vmtsdb_container_restart_policy: "unless-stopped"

roles/vmtsdb/tasks/main.yml

@@ -1,47 +0,0 @@
----
-- name: Ensure user {{ vmtsdb_user }} is {{ vmtsdb_state }}
-  ansible.builtin.user:
-    name: "{{ vmtsdb_user }}"
-    state: present
-    system: true
-    create_home: false
-  register: vmtsdb_user_info
-
-- name: Ensure directories for vmtsdb are {{ vmtsdb_state }}
-  ansible.builtin.file:
-    path: "{{ item.path }}"
-    state: "{{ (vmtsdb_state == 'present') | ternary('directory', 'absent') }}"
-    owner: "{{ item.owner | default(vmtsdb_user_id) }}"
-    group: "{{ item.group | default(vmtsdb_group_id) }}"
-    mode: "{{ item.mode | default('0775') }}"
-  loop:
-    - path: "{{ vmtsdb_base_path }}"
-    - path: "{{ vmtsdb_data_path }}"
-      mode: "0755"
-  loop_control:
-    label: "{{ item.path }}"
-
-- name: Ensure container image {{ vmtsdb_container_image }} is {{ vmtsdb_state }}
-  community.docker.docker_image:
-    name: "{{ vmtsdb_container_image }}"
-    state: "{{ vmtsdb_state }}"
-    source: "{{ (vmtsdb_state == 'present') | ternary('pull', omit) }}"
-    force_source: >-2
-      {{ (vmtsdb_container_image == 'present') | ternary(vmtsdb_container_image_tag, omit) }}
-
-- name: Ensure vmtsdb container is {{ vmtsdb_state }}
-  community.docker.docker_container:
-    name: "{{ vmtsdb_container_name}}"
-    image: "{{ vmtsdb_container_image }}"
-    env: "{{ vmtsdb_container_merged_env }}"
-    user: "{{ vmtsdb_container_user }}"
-    ports: "{{ vmtsdb_container_ports | default(omit) }}"
-    groups: "{{ vmtsdb_container_group }}"
-    labels: "{{ vmtsdb_container_labels | default(omit) }}"
-    volumes: "{{ vmtsdb_container_merged_volumes }}"
-    command: "{{ vmtsdb_container_merged_command }}"
-    networks: "{{ vmtsdb_container_networks | default(omit) }}"
-    etc_hosts: "{{ vmtsdb_container_etc_hosts | default(omit )}}"
-    purge_networks: "{{ vmtsdb_container_purge_networks | default(omit) }}"
-    restart_policy: "{{ vmtsdb_container_restart_policy | default(omit) }}"
-    state: "{{ (vmtsdb_state == 'present') | ternary('started', 'absent') }}"