ansible/roles/prometheus/tasks/main.yml

118 lines
2.9 KiB
YAML
Raw Normal View History

2021-09-05 21:32:21 +02:00
---
- name: Install Prometheus Components
apt:
name:
- prometheus
- prometheus-pushgateway
state: latest
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
2021-09-05 22:02:48 +02:00
- name: Ensure the alert folder exist
file:
path: /etc/prometheus/alerts
state: directory
group: prometheus
owner: prometheus
mode: u=rwx,g=rx,o=rx
2021-10-08 19:39:44 +02:00
- name: Ensure the target folder exist
file:
path: /etc/prometheus/targets
state: directory
group: prometheus
owner: prometheus
mode: u=rwx,g=rx,o=rx
- name: Copy the CA cert
copy:
content: "{{ ca_cert }}"
dest: /etc/prometheus/ca.crt
notify:
- Restart prometheus
- Reload nginx
- name: Generate certificate
include_role:
name: generate-cert
vars:
directory: /etc/prometheus/
cname: "prometheus-{{ lan_address }}"
owner: prometheus
group: prometheus
key_mode: u=rw,g=,o=
subject_alt_name: "IP:{{ lan_address }}"
# Need an equivalent to notify here
- name: Ensured the certificate is monitored
import_tasks: register-cert-to-monitoring.yml
vars:
target: "{{ lan_address }}:9090|prometheus-{{ lan_address }}|{{ ansible_facts['nodename'] }}"
2021-09-05 22:02:48 +02:00
- name: Setup the prometheus config
template:
src: prometheus.yml
dest: /etc/prometheus/prometheus.yml
2021-09-06 00:55:47 +02:00
owner: prometheus
group: prometheus
2021-09-05 22:02:48 +02:00
mode: '0640'
notify: Restart prometheus
2022-07-21 18:27:55 +02:00
no_log: {{ enable_no_log | default('true') }}
2021-09-05 22:02:48 +02:00
2021-09-21 12:04:22 +02:00
- name: Add node targets file
template:
src: node-targets.json
2021-10-08 19:39:44 +02:00
dest: "/etc/prometheus/targets/{{ item }}-targets.json"
2021-09-21 12:04:22 +02:00
owner: prometheus
group: prometheus
mode: '0640'
force: no
notify: Restart prometheus
2021-10-08 19:39:44 +02:00
loop:
2021-10-10 01:33:08 +02:00
- blackbox-http-down
- blackbox-http-up
- blackbox-tls-internal
2021-10-08 19:39:44 +02:00
- node
2021-09-21 12:04:22 +02:00
2021-09-24 22:44:10 +02:00
- name: Copy the web-config folder
template:
src: web-config.yaml
dest: /etc/prometheus/web-config.yaml
group: prometheus
owner: prometheus
mode: u=rw,g=r,o=r
notify: Restart prometheus
2021-09-21 12:04:22 +02:00
- name: Setup the arguments for prometheus
template:
src: prometheus
dest: /etc/default/prometheus
owner: root
group: root
mode: '0644'
notify: Restart prometheus
vars:
args:
- name: web.listen-address
value: "127.0.0.1:9090"
# value: "{{ lan_address }}:9090"
# - name: web.config.file # Not available before 2.24, and it sucks
# value: /etc/prometheus/web-config.yaml
# Here we go, using nginx to add mSSL to prometheus... because who need to authentication on the server with ALL the jucy data?
# Think prometheus, think!
- name: Copy the nginx config
template:
src: atrocious_nginx_stub
dest: "/etc/nginx/sites-available/internal-prometheus"
notify: Reload nginx
- name: Activate the config
file:
src: "/etc/nginx/sites-available/internal-prometheus"
dest: "/etc/nginx/sites-enabled/internal-prometheus"
state: link
force: yes