--- - name: Install Prometheus Components apt: name: - prometheus - prometheus-pushgateway state: latest update_cache: true register: apt_result retries: 3 until: apt_result is succeeded - name: Ensure the alert folder exist file: path: /etc/prometheus/alerts state: directory group: prometheus owner: prometheus mode: u=rwx,g=rx,o=rx - name: Ensure the target folder exist file: path: /etc/prometheus/targets state: directory group: prometheus owner: prometheus mode: u=rwx,g=rx,o=rx - name: Copy the CA cert copy: content: "{{ ca_cert }}" dest: /etc/prometheus/ca.crt notify: - Restart prometheus - Reload nginx - name: Generate certificate include_role: name: generate-cert vars: directory: /etc/prometheus/ cname: "prometheus-{{ lan_address }}" owner: prometheus group: prometheus key_mode: u=rw,g=,o= subject_alt_name: "IP:{{ lan_address }}" # Need an equivalent to notify here - name: Ensured the certificate is monitored import_tasks: register-cert-to-monitoring.yml vars: target: "{{ lan_address }}:9090|prometheus-{{ lan_address }}|{{ ansible_facts['nodename'] }}" - name: Setup the prometheus config template: src: prometheus.yml dest: /etc/prometheus/prometheus.yml owner: prometheus group: prometheus mode: '0640' notify: Restart prometheus no_log: true - name: Add node targets file template: src: node-targets.json dest: "/etc/prometheus/targets/{{ item }}-targets.json" owner: prometheus group: prometheus mode: '0640' force: no notify: Restart prometheus loop: - blackbox-http-down - blackbox-http-up - blackbox-tls-internal - node - name: Copy the web-config folder template: src: web-config.yaml dest: /etc/prometheus/web-config.yaml group: prometheus owner: prometheus mode: u=rw,g=r,o=r notify: Restart prometheus - name: Setup the arguments for prometheus template: src: prometheus dest: /etc/default/prometheus owner: root group: root mode: '0644' notify: Restart prometheus vars: args: - name: web.listen-address value: "127.0.0.1:9090" # value: "{{ lan_address }}:9090" # - name: web.config.file # Not available before 2.24, and it sucks # value: /etc/prometheus/web-config.yaml # Here we go, using nginx to add mSSL to prometheus... because who need to authentication on the server with ALL the jucy data? # Think prometheus, think! - name: Copy the nginx config template: src: atrocious_nginx_stub dest: "/etc/nginx/sites-available/internal-prometheus" notify: Reload nginx - name: Activate the config file: src: "/etc/nginx/sites-available/internal-prometheus" dest: "/etc/nginx/sites-enabled/internal-prometheus" state: link force: yes