2021-10-06 13:24:58 +02:00
|
|
|
---
|
|
|
|
|
- name: Install Prometheus Alert Manager
|
|
|
|
|
apt:
|
|
|
|
|
name:
|
|
|
|
|
- prometheus-alertmanager
|
|
|
|
|
state: latest
|
|
|
|
|
update_cache: true
|
|
|
|
|
register: apt_result
|
|
|
|
|
retries: 3
|
|
|
|
|
until: apt_result is succeeded
|
|
|
|
|
|
|
|
|
|
- name: Setup the arguments for alertmanager
|
|
|
|
|
template:
|
|
|
|
|
src: prometheus-alertmanager
|
|
|
|
|
dest: /etc/default/prometheus-alertmanager
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: '0644'
|
|
|
|
|
notify: Restart Alertmanager
|
|
|
|
|
vars:
|
|
|
|
|
args:
|
|
|
|
|
- name: web.listen-address
|
2021-10-06 16:38:53 +02:00
|
|
|
value: "127.0.0.1:9093"
|
2021-10-06 13:24:58 +02:00
|
|
|
|
2021-10-06 16:38:53 +02:00
|
|
|
- name: Copy the CA cert
|
|
|
|
|
copy:
|
|
|
|
|
content: "{{ ca_cert }}"
|
|
|
|
|
dest: /etc/prometheus/ca.crt
|
|
|
|
|
notify:
|
|
|
|
|
- Restart Alertmanager
|
|
|
|
|
- Reload nginx
|
|
|
|
|
|
|
|
|
|
- name: Generate certificate
|
|
|
|
|
include_role:
|
|
|
|
|
name: generate-cert
|
|
|
|
|
vars:
|
|
|
|
|
directory: /etc/prometheus/
|
|
|
|
|
cname: "alertmanager-{{ lan_address }}"
|
|
|
|
|
owner: prometheus
|
|
|
|
|
group: prometheus
|
|
|
|
|
key_mode: u=rw,g=,o=
|
|
|
|
|
subject_alt_name: "IP:{{ lan_address }}"
|
|
|
|
|
# Need an equivalent to notify here
|
|
|
|
|
|
2021-10-09 18:24:01 +02:00
|
|
|
- name: Ensured the certificate is monitored
|
|
|
|
|
import_tasks: register-cert-to-monitoring.yml
|
|
|
|
|
vars:
|
|
|
|
|
target: "{{ lan_address }}:9093|alertmanager-{{ lan_address }}|{{ ansible_facts['nodename'] }}"
|
|
|
|
|
|
2021-10-07 21:37:16 +02:00
|
|
|
- name: Setup the alertmanager config
|
|
|
|
|
template:
|
|
|
|
|
src: alertmanager.yml
|
|
|
|
|
dest: /etc/prometheus/alertmanager.yml
|
|
|
|
|
owner: prometheus
|
|
|
|
|
group: prometheus
|
|
|
|
|
mode: '0640'
|
|
|
|
|
notify: Restart Alertmanager
|
|
|
|
|
|
2021-10-06 16:38:53 +02:00
|
|
|
# Here we go, using nginx to add mSSL to prometheus... because who need to authentication on the server with ALL the jucy data?
|
|
|
|
|
# Think prometheus, think!
|
|
|
|
|
- name: Copy the nginx config
|
|
|
|
|
template:
|
|
|
|
|
src: atrocious_nginx_stub
|
|
|
|
|
dest: "/etc/nginx/sites-available/internal-alertmanager"
|
|
|
|
|
notify: Reload nginx
|
|
|
|
|
|
|
|
|
|
- name: Activate the config
|
|
|
|
|
file:
|
|
|
|
|
src: "/etc/nginx/sites-available/internal-alertmanager"
|
|
|
|
|
dest: "/etc/nginx/sites-enabled/internal-alertmanager"
|
|
|
|
|
state: link
|
|
|
|
|
force: yes
|
2021-10-07 21:37:16 +02:00
|
|
|
|
|
|
|
|
- name: Setup the matrix bot
|
|
|
|
|
import_tasks: kassandra.yml
|
