Mirrors/ansible-collection-prometheus
2
0
Fork 0
mirror of https://github.com/prometheus-community/ansible synced 2024-11-10 14:24:25 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #3 from prometheus-community/superq/lint

Browse source 
Add ansible-lint to CI
This commit is contained in:
Ben Kochie 2022-11-25 09:11:21 -08:00 committed by GitHub
commit ebc4f242ec
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
61 changed files with 553 additions and 503 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.ansible-lint
View file

@ -1,6 +0,0 @@
---
skip_list:
- '106'
- '204'
- '208'
- '602'

18
.github/workflows/ansible-lint.yml vendored Normal file
View file

@ -0,0 +1,18 @@
---
name: Ansible Lint
on: [push, pull_request]
env:
ANSIBLE_FORCE_COLOR: true
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Lint roles
uses: ansible/ansible-lint-action@main
with:
path: roles

5
galaxy.yml
View file

@ -1,3 +1,4 @@
---
### REQUIRED
# The namespace of the collection. This can be a company/brand/organization or product namespace under which all
# content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with
@ -27,7 +28,9 @@ tags:
# collection label 'namespace.name'. The value is a version range
# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
# range specifiers can be set and are separated by ','
dependencies: {}
dependencies:
community.crypto: '>=2.0.0'
community.general: '>=1.0.0'
repository: https://github.com/prometheus-community/ansible
documentation: https://github.com/prometheus-community/ansible/blob/main/docs

1
meta/runtime.yml
View file

@ -1 +1,2 @@
---
requires_ansible: '>=2.9.10'

4
requirements.yml Normal file
View file

@ -0,0 +1,4 @@
---
collections:
- community.general
- community.crypto

10
roles/alertmanager/handlers/main.yml
View file

@ -1,13 +1,15 @@
---
- name: restart alertmanager
- name: Restart alertmanager
listen: "restart alertmanager"
become: true
systemd:
ansible.builtin.systemd:
daemon_reload: true
name: alertmanager
state: restarted
- name: reload alertmanager
- name: Reload alertmanager
listen: "reload alertmanager"
become: true
systemd:
ansible.builtin.systemd:
name: alertmanager
state: reloaded

16
roles/alertmanager/meta/main.yml
View file

@ -16,16 +16,16 @@ galaxy_info:
- buster
- name: EL
versions:
- 7
- 8
- '7'
- '8'
- name: Fedora
versions:
- 30
- 31
- '30'
- '31'
galaxy_tags:
- monitoring
- prometheus
- alerting
- alert
- monitoring
- prometheus
- alerting
- alert
dependencies: []

5
roles/alertmanager/molecule/alternative/playbook.yml
View file

@ -1,8 +1,9 @@
---
- hosts: all
- name: Converge
hosts: all
any_errors_fatal: true
roles:
- cloudalchemy.alertmanager
- alertmanager
vars:
alertmanager_binary_local_dir: '/tmp/alertmanager-linux-amd64'
alertmanager_config_dir: /opt/am/etc

15
roles/alertmanager/molecule/alternative/prepare.yml
View file

@ -3,14 +3,15 @@
hosts: localhost
gather_facts: false
vars:
# Version seeds to be specified here as molecule doesn't have access to ansible_version at this stage
# Version needs to be specified here as molecule doesn't have access to ansible_version at this stage
version: 0.19.0
tasks:
- name: download alertmanager binary to local folder
- name: Download alertmanager binary to local folder
become: false
get_url:
ansible.builtin.get_url:
url: "https://github.com/prometheus/alertmanager/releases/download/v{{ version }}/alertmanager-{{ version }}.linux-amd64.tar.gz"
dest: "/tmp/alertmanager-{{ version }}.linux-amd64.tar.gz"
mode: 0644
register: _download_archive
until: _download_archive is succeeded
retries: 5
@ -18,18 +19,18 @@
run_once: true
check_mode: false
- name: unpack alertmanager binaries
- name: Unpack alertmanager binaries
become: false
unarchive:
ansible.builtin.unarchive:
src: "/tmp/alertmanager-{{ version }}.linux-amd64.tar.gz"
dest: "/tmp"
creates: "/tmp/alertmanager-{{ version }}.linux-amd64/alertmanager"
run_once: true
check_mode: false
- name: link to alertmanager binaries directory
- name: Link to alertmanager binaries directory
become: false
file:
ansible.builtin.file:
src: "/tmp/alertmanager-{{ version }}.linux-amd64"
dest: "/tmp/alertmanager-linux-amd64"
state: link

5
roles/alertmanager/molecule/default/playbook.yml
View file

@ -1,8 +1,9 @@
---
- hosts: all
- name: Converge
hosts: all
any_errors_fatal: true
roles:
- cloudalchemy.alertmanager
- alertmanager
vars:
alertmanager_slack_api_url: "http://example.com"
alertmanager_receivers:

2
roles/alertmanager/molecule/latest/playbook.yml
View file

@ -3,7 +3,7 @@
hosts: all
any_errors_fatal: true
roles:
- cloudalchemy.alertmanager
- alertmanager
vars:
alertmanager_version: latest
alertmanager_slack_api_url: "http://example.com"

24
roles/alertmanager/tasks/configure.yml
View file

@ -1,42 +1,42 @@
---
- name: copy amtool config
template:
- name: Copy amtool config
ansible.builtin.template:
force: true
src: "{{ alertmanager_amtool_config_file }}"
dest: "{{ _alertmanager_amtool_config_dir }}/config.yml"
owner: alertmanager
group: alertmanager
ansible.builtin.group: alertmanager
mode: 0644
- name: copy alertmanager config
template:
- name: Copy alertmanager config
ansible.builtin.template:
force: true
src: "{{ alertmanager_config_file }}"
dest: "{{ alertmanager_config_dir }}/alertmanager.yml"
owner: alertmanager
group: alertmanager
ansible.builtin.group: alertmanager
mode: 0644
validate: "{{ _alertmanager_binary_install_dir }}/amtool check-config %s"
notify:
- restart alertmanager
- name: create systemd service unit
template:
- name: Create systemd service unit
ansible.builtin.template:
src: alertmanager.service.j2
dest: /etc/systemd/system/alertmanager.service
owner: root
group: root
ansible.builtin.group: root
mode: 0644
notify:
- restart alertmanager
- name: copy alertmanager template files
copy:
- name: Copy alertmanager template files
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ alertmanager_config_dir }}/templates/"
force: true
owner: alertmanager
group: alertmanager
ansible.builtin.group: alertmanager
mode: 0644
with_fileglob: "{{ alertmanager_template_files }}"
notify:

48
roles/alertmanager/tasks/install.yml
View file

@ -1,24 +1,24 @@
---
- name: create alertmanager system group
group:
- name: Create alertmanager system group
ansible.builtin.group:
name: alertmanager
system: true
state: present
- name: create alertmanager system user
user:
- name: Create alertmanager system user
ansible.builtin.user:
name: alertmanager
system: true
shell: "/usr/sbin/nologin"
group: alertmanager
ansible.builtin.group: alertmanager
createhome: false
- name: create alertmanager directories
file:
- name: Create alertmanager directories
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: alertmanager
group: alertmanager
ansible.builtin.group: alertmanager
mode: 0755
with_items:
- "{{ alertmanager_config_dir }}"
@ -26,24 +26,29 @@
- "{{ alertmanager_db_dir }}"
- "{{ _alertmanager_amtool_config_dir }}"
- block:
- name: download alertmanager binary to local folder
- name: Get alertmanager binary
when: alertmanager_binary_local_dir | length == 0
block:
- name: Download alertmanager binary to local folder
become: false
get_url:
url: "https://github.com/prometheus/alertmanager/releases/download/v{{ alertmanager_version }}/alertmanager-{{ alertmanager_version }}.linux-{{ go_arch }}.tar.gz"
ansible.builtin.get_url:
url: "https://github.com/prometheus/alertmanager/releases/download/v{{ alertmanager_version }}/
alertmanager-{{ alertmanager_version }}.linux-{{ go_arch }}.tar.gz"
dest: "/tmp/alertmanager-{{ alertmanager_version }}.linux-{{ go_arch }}.tar.gz"
checksum: "sha256:{{ __alertmanager_checksum }}"
mode: 0644
register: _download_archive
until: _download_archive is succeeded
retries: 5
delay: 2
# run_once: true # <-- this can't be set due to multi-arch support
# run_once: true # <-- this can't be set due to multi-arch support
delegate_to: localhost
check_mode: false
- name: unpack alertmanager binaries
- name: Unpack alertmanager binaries
become: false
unarchive:
ansible.builtin.unarchive:
src: "/tmp/alertmanager-{{ alertmanager_version }}.linux-{{ go_arch }}.tar.gz"
dest: "/tmp"
mode: 0755
@ -51,27 +56,26 @@
delegate_to: localhost
check_mode: false
- name: propagate official alertmanager and amtool binaries
copy:
- name: Propagate official alertmanager and amtool binaries
ansible.builtin.copy:
src: "/tmp/alertmanager-{{ alertmanager_version }}.linux-{{ go_arch }}/{{ item }}"
dest: "{{ _alertmanager_binary_install_dir }}/{{ item }}"
mode: 0755
owner: root
group: root
ansible.builtin.group: root
with_items:
- alertmanager
- amtool
notify:
- restart alertmanager
when: alertmanager_binary_local_dir | length == 0
- name: propagate locally distributed alertmanager and amtool binaries
copy:
- name: Propagate locally distributed alertmanager and amtool binaries
ansible.builtin.copy:
src: "{{ alertmanager_binary_local_dir }}/{{ item }}"
dest: "{{ _alertmanager_binary_install_dir }}/{{ item }}"
mode: 0755
owner: root
group: root
ansible.builtin.group: root
with_items:
- alertmanager
- amtool

30
roles/alertmanager/tasks/main.yml
View file

@ -1,29 +1,39 @@
---
- include: preflight.yml
- name: Preflight
ansible.builtin.include_tasks: preflight.yml
tags:
- alertmanager_install
- alertmanager_configure
- alertmanager_run
- include: install.yml
become: true
- name: Install
ansible.builtin.include_tasks:
file: install.yml
apply:
become: true
tags:
- alertmanager_install
- import_tasks: selinux.yml
become: true
- name: SELinux
ansible.builtin.include_tasks:
file: selinux.yml
apply:
become: true
when: ansible_selinux.status == "enabled"
tags:
- alertmanager_configure
- include: configure.yml
become: true
- name: Configure
ansible.builtin.include_tasks:
file: configure.yml
apply:
become: true
tags:
- alertmanager_configure
- name: ensure alertmanager service is started and enabled
- name: Ensure alertmanager service is started and enabled
become: true
systemd:
ansible.builtin.systemd:
daemon_reload: true
name: alertmanager
state: started
@ -32,4 +42,4 @@
- alertmanager_run
- name: Flush alertmangaer handlers after run.
meta: flush_handlers
ansible.builtin.meta: flush_handlers

93
roles/alertmanager/tasks/preflight.yml
View file

@ -1,11 +1,11 @@
---
- name: Assert usage of systemd as an init system
assert:
ansible.builtin.assert:
that: ansible_service_mgr == 'systemd'
msg: "This module only works with systemd"
- name: Get systemd version
command: systemctl --version
ansible.builtin.command: systemctl --version
changed_when: false
check_mode: false
register: __systemd_version
@ -13,18 +13,23 @@
- skip_ansible_lint
- name: Set systemd version fact
set_fact:
ansible.builtin.set_fact:
alertmanager_systemd_version: "{{ __systemd_version.stdout_lines[0].split(' ')[-1] }}"
- block:
- name: Discover latest version
when:
- alertmanager_version == "latest"
- alertmanager_binary_local_dir | length == 0
block:
- name: Get latest release
uri:
ansible.builtin.uri:
url: "https://api.github.com/repos/prometheus/alertmanager/releases/latest"
method: GET
return_content: true
status_code: 200
body_format: json
user: "{{ lookup('env', 'GH_USER') | default(omit) }}"
ansible.builtin.user: "{{ lookup('env', 'GH_USER') | default(omit) }}"
password: "{{ lookup('env', 'GH_TOKEN') | default(omit) }}"
no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
register: _latest_release
@ -32,32 +37,30 @@
retries: 5
- name: "Set alertmanager version to {{ _latest_release.json.tag_name[1:] }}"
set_fact:
ansible.builtin.set_fact:
alertmanager_version: "{{ _latest_release.json.tag_name[1:] }}"
alertmanager_checksum_url: "https://github.com/prometheus/alertmanager/releases/download/v{{ alertmanager_version }}/sha256sums.txt"
when:
- alertmanager_version == "latest"
- alertmanager_binary_local_dir | length == 0
- block:
- name: Get alertmanager binary checksum
delegate_to: localhost
when:
- alertmanager_binary_local_dir | length == 0
block:
- name: "Get checksum list"
set_fact:
ansible.builtin.set_fact:
__alertmanager_checksums: "{{ lookup('url', 'https://github.com/prometheus/alertmanager/releases/download/v' + alertmanager_version + '/sha256sums.txt', wantlist=True) | list }}"
run_once: true
- name: "Get checksum for {{ go_arch }} architecture"
set_fact:
- name: "Get checksum for {{ go_arch }}"
ansible.builtin.set_fact:
__alertmanager_checksum: "{{ item.split(' ')[0] }}"
with_items: "{{ __alertmanager_checksums }}"
when:
- "('linux-' + go_arch + '.tar.gz') in item"
delegate_to: localhost
when:
- alertmanager_binary_local_dir | length == 0
- name: Fail when extra config flags are duplicating ansible variables
fail:
ansible.builtin.fail:
msg: "Detected duplicate configuration entry. Please check your ansible variables and role README.md."
when:
(alertmanager_config_flags_extra['config.file'] is defined) or
@ -66,70 +69,74 @@
(alertmanager_config_flags_extra['web.external-url'] is defined)
- name: Fail when there are no receivers defined
fail:
ansible.builtin.fail:
msg: "Configure alert receivers (`alertmanager_receivers`). Otherwise alertmanager won't know where to send alerts."
when:
- alertmanager_config_file == 'alertmanager.yml.j2'
- alertmanager_receivers == []
- name: Fail when there is no alert route defined
fail:
ansible.builtin.fail:
msg: "Configure alert routing (`alertmanager_route`). Otherwise alertmanager won't know how to send alerts."
when:
- alertmanager_config_file == 'alertmanager.yml.j2'
- alertmanager_route == {}
- name: "DEPRECATION WARNING: alertmanager version 0.15 and earlier are no longer supported and will be dropped from future releases"
ignore_errors: true
fail:
failed_when: false
ansible.builtin.fail:
msg: "Please use `alertmanager_version >= v0.16.0`"
when: alertmanager_version is version_compare('0.16.0', '<')
- block:
- name: Check deprecated variable `alertmanager_cli_flags`
when: alertmanager_cli_flags is defined
block:
- name: Backward compatibility of variable [part 1]
set_fact:
ansible.builtin.set_fact:
alertmanager_config_flags_extra: "{{ alertmanager_cli_flags }}"
- name: "DEPRECATION WARNING: `alertmanager_cli_flags` is no longer supported and will be dropped from future releases"
ignore_errors: true
fail:
failed_when: false
ansible.builtin.fail:
msg: "Please use `alertmanager_config_flags_extra` instead of `alertmanager_cli_flags`"
when: alertmanager_cli_flags is defined
- block:
- name: Check deprecated variable `alertmanager_listen_address`
when: alertmanager_listen_address is defined
block:
- name: Backward compatibility of variable [part 2]
set_fact:
ansible.builtin.set_fact:
alertmanager_web_listen_address: "{{ alertmanager_listen_address }}"
- name: "DEPRECATION WARNING: `alertmanager_listen_address` is no longer supported and will be dropped from future releases"
ignore_errors: true
fail:
failed_when: false
ansible.builtin.fail:
msg: "Please use `alertmanager_web_listen_address` instead of `alertmanager_listen_address`"
when: alertmanager_listen_address is defined
- block:
- name: Check deprecated variable `alertmanager_external_url`
when: alertmanager_external_url is defined
block:
- name: Backward compatibility of variable [part 3]
set_fact:
ansible.builtin.set_fact:
alertmanager_web_external_url: "{{ alertmanager_external_url }}"
- name: "DEPRECATION WARNING: `alertmanager_external_url` is no longer supported and will be dropped from future releases"
ignore_errors: true
fail:
failed_when: false
ansible.builtin.fail:
msg: "Please use `alertmanager_web_external_url` instead of `alertmanager_external_url`"
when: alertmanager_external_url is defined
- block:
- name: Check deprecated variable `alertmanager_mesh`
when: alertmanager_mesh is defined
block:
- name: HA config compatibility with alertmanager<0.15.0
set_fact:
ansible.builtin.set_fact:
alertmanager_cluster: "{{ alertmanager_mesh }}"
- name: "DEPRECATION WARNING: `alertmanager_mesh` is no longer supported and will be dropped from future releases"
ignore_errors: true
fail:
failed_when: false
ansible.builtin.fail:
msg: "Please use `alertmanager_cluster` instead of `alertmanager_cluster`"
when: alertmanager_mesh is defined
- name: "`alertmanager_child_routes` is no longer supported"
fail:
ansible.builtin.fail:
msg: "Please move content of `alertmanager_child_routes` to `alertmanager_route.routes` as the former variable is deprecated and will be removed in future versions."
when: alertmanager_child_routes is defined

30
roles/alertmanager/tasks/selinux.yml
View file

@ -1,34 +1,18 @@
---
- name: Install selinux python packages [RHEL]
package:
name:
- "{{ ( (ansible_facts.distribution_major_version | int) < 8) | ternary('libselinux-python','python3-libselinux') }}"
- "{{ ( (ansible_facts.distribution_major_version | int) < 8) | ternary('libselinux-python','python3-policycoreutils') }}"
- name: Install selinux python packages [RedHat]
ansible.builtin.package:
name: "{{ ['libselinux-python', 'python-policycoreutils']
if ansible_python_version is version('3', '<') else
['python3-libselinux', 'python3-policycoreutils'] }}"
state: present
register: _install_selinux_packages
until: _install_selinux_packages is success
retries: 5
delay: 2
when:
- (ansible_distribution | lower == "redhat") or
(ansible_distribution | lower == "centos")
- name: Install selinux python packages [Fedora]
package:
name:
- "{{ ( (ansible_facts.distribution_major_version | int) < 29) | ternary('libselinux-python','python3-libselinux') }}"
- "{{ ( (ansible_facts.distribution_major_version | int) < 29) | ternary('libselinux-python','python3-policycoreutils') }}"
state: present
register: _install_selinux_packages
until: _install_selinux_packages is success
retries: 5
delay: 2
when:
- ansible_distribution | lower == "fedora"
when: ansible_os_family | lower == redhat
- name: Install selinux python packages [clearlinux]
package:
ansible.builtin.package:
name: sysadmin-basic
state: present
register: _install_selinux_packages

10
roles/blackbox_exporter/handlers/main.yml
View file

@ -1,13 +1,15 @@
---
- name: restart blackbox exporter
- name: Restart blackbox exporter
listen: "restart blackbox exporter"
become: true
systemd:
ansible.builtin.systemd:
daemon_reload: true
name: blackbox_exporter
state: restarted
- name: reload blackbox exporter
- name: Reload blackbox exporter
listen: "reload blackbox exporter"
become: true
systemd:
ansible.builtin.systemd:
name: blackbox_exporter
state: reloaded

20
roles/blackbox_exporter/meta/main.yml
View file

@ -16,18 +16,18 @@ galaxy_info:
- buster
- name: EL
versions:
- 7
- 8
- '7'
- '8'
- name: Fedora
versions:
- 30
- 31
- '30'
- '31'
galaxy_tags:
- exporter
- monitoring
- prometheus
- metrics
- blackbox
- probe
- exporter
- monitoring
- prometheus
- metrics
- blackbox
- probe
dependencies: []

2
roles/blackbox_exporter/molecule/alternative/playbook.yml
View file

@ -3,7 +3,7 @@
hosts: all
any_errors_fatal: true
roles:
- ansible-blackbox-exporter
- blackbox_exporter
vars:
blackbox_exporter_web_listen_address: "127.0.0.1:9000"
blackbox_exporter_cli_flags:

5
roles/blackbox_exporter/molecule/default/playbook.yml
View file

@ -1,5 +1,6 @@
---
- hosts: all
- name: Converge
hosts: all
any_errors_fatal: true
roles:
- ansible-blackbox-exporter
- blackbox_exporter

12
roles/blackbox_exporter/tasks/configure.yml
View file

@ -1,20 +1,20 @@
---
- name: create systemd service unit
template:
- name: Create systemd service unit
ansible.builtin.template:
src: blackbox_exporter.service.j2
dest: /etc/systemd/system/blackbox_exporter.service
owner: root
group: root
ansible.builtin.group: root
mode: 0644
notify:
- restart blackbox exporter
- name: configure blackbox exporter
template:
- name: Configure blackbox exporter
ansible.builtin.template:
src: blackbox_exporter.yml.j2
dest: /etc/blackbox_exporter.yml
owner: blackbox-exp
group: blackbox-exp
ansible.builtin.group: blackbox-exp
mode: 0644
notify:
- reload blackbox exporter

35
roles/blackbox_exporter/tasks/install.yml
View file

@ -1,25 +1,27 @@
---
- name: create blackbox_exporter system group
group:
- name: Create blackbox_exporter system group
ansible.builtin.group:
name: blackbox-exp
system: true
state: present
- name: create blackbox_exporter system user
user:
- name: Create blackbox_exporter system user
ansible.builtin.user:
name: blackbox-exp
system: true
shell: "/usr/sbin/nologin"
group: blackbox-exp
ansible.builtin.group: blackbox-exp
createhome: false
- name: download blackbox exporter binary to local folder
- name: Download blackbox exporter binary to local folder
become: false
unarchive:
src: "https://github.com/prometheus/blackbox_exporter/releases/download/v{{ blackbox_exporter_version }}/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz"
ansible.builtin.unarchive:
src: "https://github.com/prometheus/blackbox_exporter/releases/download/v{{ blackbox_exporter_version }}/
blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz"
dest: "/tmp"
remote_src: true
creates: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/blackbox_exporter"
creates: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/
blackbox_exporter"
register: _download_binary
until: _download_binary is succeeded
retries: 5
@ -27,18 +29,19 @@
delegate_to: localhost
check_mode: false
- name: propagate blackbox exporter binary
copy:
src: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/blackbox_exporter"
- name: Propagate blackbox exporter binary
ansible.builtin.copy:
src: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/
blackbox_exporter"
dest: "/usr/local/bin/blackbox_exporter"
mode: 0750
owner: blackbox-exp
group: blackbox-exp
ansible.builtin.group: blackbox-exp
notify:
- restart blackbox exporter
- name: Install libcap on Debian systems
package:
ansible.builtin.package:
name: "libcap2-bin"
state: present
register: _download_packages
@ -48,13 +51,13 @@
when: ansible_os_family | lower == "debian"
- name: Ensure blackbox exporter binary has cap_net_raw capability
capabilities:
community.general.capabilities:
path: '/usr/local/bin/blackbox_exporter'
capability: cap_net_raw+ep
state: present
when: not ansible_check_mode
- name: Check Debug Message
debug:
ansible.builtin.debug:
msg: "The capabilities module is skipped during check mode, as the file may not exist, causing execution to fail."
when: ansible_check_mode

21
roles/blackbox_exporter/tasks/main.yml
View file

@ -1,23 +1,30 @@
---
- include: preflight.yml
- name: Preflight
ansible.builtin.include_tasks: preflight.yml
tags:
- blackbox_exporter_install
- blackbox_exporter_configure
- blackbox_exporter_run
- include: install.yml
become: true
- name: Install
ansible.builtin.include_tasks:
file: install.yml
apply:
become: true
tags:
- blackbox_exporter_install
- include: configure.yml
become: true
- name: Configure
ansible.builtin.include_tasks:
file: configure.yml
apply:
become: true
tags:
- blackbox_exporter_configure
- name: ensure blackbox_exporter service is started and enabled
- name: Ensure blackbox_exporter service is started and enabled
become: true
systemd:
ansible.builtin.systemd:
daemon_reload: true
name: blackbox_exporter
state: started

8
roles/blackbox_exporter/tasks/preflight.yml
View file

@ -1,11 +1,11 @@
---
- name: Assert usage of systemd as an init system
assert:
ansible.builtin.assert:
that: ansible_service_mgr == 'systemd'
msg: "This role only works with systemd"
- name: Get systemd version
command: systemctl --version
ansible.builtin.command: systemctl --version
changed_when: false
check_mode: false
register: __systemd_version
@ -13,10 +13,10 @@
- skip_ansible_lint
- name: Set systemd version fact
set_fact:
ansible.builtin.set_fact:
blackbox_exporter_systemd_version: "{{ __systemd_version.stdout_lines[0] | regex_replace('^systemd\\s(\\d+).*$', '\\1') }}"
- name: Naive assertion of proper listen address
assert:
ansible.builtin.assert:
that:
- "':' in blackbox_exporter_web_listen_address"

5
roles/node_exporter/handlers/main.yml
View file

@ -1,7 +1,8 @@
---
- name: restart node_exporter
- name: Restart node_exporter
listen: "restart node_exporter"
become: true
systemd:
ansible.builtin.systemd:
daemon_reload: true
name: node_exporter
state: restarted

8
roles/node_exporter/meta/main.yml
View file

@ -16,12 +16,12 @@ galaxy_info:
- buster
- name: EL
versions:
- 7
- 8
- '7'
- '8'
- name: Fedora
versions:
- 30
- 31
- '30'
- '31'
galaxy_tags:
- monitoring
- prometheus

11
roles/node_exporter/molecule/alternative/playbook.yml
View file

@ -3,19 +3,22 @@
hosts: all
any_errors_fatal: true
roles:
- cloudalchemy.node_exporter
- node_exporter
pre_tasks:
- name: Create node_exporter cert dir
file:
ansible.builtin.file:
path: "{{ node_exporter_tls_server_config.cert_file | dirname }}"
state: directory
owner: root
group: root
mode: 0755
- name: Copy cert and key
copy:
ansible.builtin.copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
mode: "{{ item.mode | default(0644) }}"
loop:
- src: "/tmp/tls.cert"
dest: "{{ node_exporter_tls_server_config.cert_file }}"
- src: "/tmp/tls.key"

22
roles/node_exporter/molecule/alternative/prepare.yml
View file

@ -8,9 +8,11 @@
tasks:
- name: Download node_exporter binary to local folder
become: false
get_url:
url: "https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}.tar.gz"
ansible.builtin.get_url:
url: "https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/
node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}.tar.gz"
dest: "/tmp/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}.tar.gz"
mode: 0644
register: _download_binary
until: _download_binary is succeeded
retries: 5
@ -20,37 +22,37 @@
- name: Unpack node_exporter binary
become: false
unarchive:
ansible.builtin.unarchive:
src: "/tmp/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}.tar.gz"
dest: "/tmp"
creates: "/tmp/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}/node_exporter"
run_once: true
check_mode: false
- name: link to node_exporter binaries directory
- name: Link to node_exporter binaries directory
become: false
file:
ansible.builtin.file:
src: "/tmp/node_exporter-{{ node_exporter_version }}.linux-amd64"
dest: "/tmp/node_exporter-linux-amd64"
state: link
run_once: true
check_mode: false
- name: install pyOpenSSL for certificate generation
pip:
- name: Install pyOpenSSL for certificate generation
ansible.builtin.pip:
name: "pyOpenSSL"
- name: Create private key
openssl_privatekey:
community.crypto.openssl_privatekey:
path: "/tmp/tls.key"
- name: Create CSR
openssl_csr:
community.crypto.openssl_csr:
path: "/tmp/tls.csr"
privatekey_path: "/tmp/tls.key"
- name: Create certificate
openssl_certificate:
community.crypto.x509_certificate:
path: "/tmp/tls.cert"
csr_path: "/tmp/tls.csr"
privatekey_path: "/tmp/tls.key"

5
roles/node_exporter/molecule/default/playbook.yml
View file

@ -1,7 +1,8 @@
---
- hosts: all
- name: Converge
hosts: all
any_errors_fatal: true
roles:
- cloudalchemy.node_exporter
- node_exporter
vars:
node_exporter_web_listen_address: "127.0.0.1:9100"

2
roles/node_exporter/molecule/latest/playbook.yml
View file

@ -3,6 +3,6 @@
hosts: all
any_errors_fatal: true
roles:
- cloudalchemy.node_exporter
- node_exporter
vars:
node_exporter_version: latest

45
roles/node_exporter/tasks/configure.yml
View file

@ -1,47 +1,48 @@
---
- name: Copy the node_exporter systemd service file
template:
ansible.builtin.template:
src: node_exporter.service.j2
dest: /etc/systemd/system/node_exporter.service
owner: root
group: root
ansible.builtin.group: root
mode: 0644
notify: restart node_exporter
- block:
- name: Create node_exporter config directory
file:
path: "/etc/node_exporter"
state: directory
owner: root
group: root
mode: u+rwX,g+rwX,o=rX
- name: Copy the node_exporter config file
template:
src: config.yaml.j2
dest: /etc/node_exporter/config.yaml
owner: root
group: root
mode: 0644
notify: restart node_exporter
- name: Configure node_exporter
when:
( node_exporter_tls_server_config | length > 0 ) or
( node_exporter_http_server_config | length > 0 ) or
( node_exporter_basic_auth_users | length > 0 )
block:
- name: Create node_exporter config directory
ansible.builtin.file:
path: "/etc/node_exporter"
state: directory
owner: root
ansible.builtin.group: root
mode: u+rwX,g+rwX,o=rX
- name: Copy the node_exporter config file
ansible.builtin.template:
src: config.yaml.j2
dest: /etc/node_exporter/config.yaml
owner: root
ansible.builtin.group: root
mode: 0644
notify: restart node_exporter
- name: Create textfile collector dir
file:
ansible.builtin.file:
path: "{{ node_exporter_textfile_dir }}"
state: directory
owner: "{{ _node_exporter_system_user }}"
group: "{{ _node_exporter_system_group }}"
ansible.builtin.group: "{{ _node_exporter_system_group }}"
recurse: true
mode: u+rwX,g+rwX,o=rX
when: node_exporter_textfile_dir | length > 0
- name: Allow node_exporter port in SELinux on RedHat OS family
seport:
community.general.seport:
ports: "{{ node_exporter_web_listen_address.split(':')[-1] }}"
proto: tcp
setype: http_port_t

27
roles/node_exporter/tasks/install.yml
View file

@ -1,13 +1,13 @@
---
- name: Create the node_exporter group
group:
ansible.builtin.group:
name: "{{ _node_exporter_system_group }}"
state: present
system: true
when: _node_exporter_system_group != "root"
- name: Create the node_exporter user
user:
ansible.builtin.user:
name: "{{ _node_exporter_system_user }}"
groups: "{{ _node_exporter_system_group }}"
append: true
@ -17,11 +17,15 @@
home: /
when: _node_exporter_system_user != "root"
- block:
- name: Discover latest version
when: node_exporter_binary_local_dir | length == 0
block:
- name: Download node_exporter binary to local folder
become: false
get_url:
url: "https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}.tar.gz"
ansible.builtin.get_url:
url: "https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/
node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}.tar.gz"
dest: "/tmp/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}.tar.gz"
checksum: "sha256:{{ node_exporter_checksum }}"
mode: '0644'
@ -34,7 +38,7 @@
- name: Unpack node_exporter binary
become: false
unarchive:
ansible.builtin.unarchive:
src: "/tmp/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}.tar.gz"
dest: "/tmp"
creates: "/tmp/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}/node_exporter"
@ -42,22 +46,21 @@
check_mode: false
- name: Propagate node_exporter binaries
copy:
ansible.builtin.copy:
src: "/tmp/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}/node_exporter"
dest: "{{ _node_exporter_binary_install_dir }}/node_exporter"
mode: 0755
owner: root
group: root
ansible.builtin.group: root
notify: restart node_exporter
when: not ansible_check_mode
when: node_exporter_binary_local_dir | length == 0
- name: propagate locally distributed node_exporter binary
copy:
- name: Propagate locally distributed node_exporter binary
ansible.builtin.copy:
src: "{{ node_exporter_binary_local_dir }}/node_exporter"
dest: "{{ _node_exporter_binary_install_dir }}/node_exporter"
mode: 0755
owner: root
group: root
ansible.builtin.group: root
when: node_exporter_binary_local_dir | length > 0
notify: restart node_exporter

32
roles/node_exporter/tasks/main.yml
View file

@ -1,34 +1,46 @@
---
- import_tasks: preflight.yml
- name: Preflight
ansible.builtin.include_tasks: preflight.yml
tags:
- node_exporter_install
- node_exporter_configure
- node_exporter_run
- import_tasks: install.yml
become: true
- name: Install
ansible.builtin.include_tasks:
file: install.yml
apply:
become: true
when:
( not __node_exporter_is_installed.stat.exists ) or
( (__node_exporter_current_version_output.stderr_lines | length > 0) and (__node_exporter_current_version_output.stderr_lines[0].split(" ")[2] != node_exporter_version) ) or
( (__node_exporter_current_version_output.stdout_lines | length > 0) and (__node_exporter_current_version_output.stdout_lines[0].split(" ")[2] != node_exporter_version) ) or
( (__node_exporter_current_version_output.stderr_lines | length > 0)
and (__node_exporter_current_version_output.stderr_lines[0].split(" ")[2] != node_exporter_version) ) or
( (__node_exporter_current_version_output.stdout_lines | length > 0)
and (__node_exporter_current_version_output.stdout_lines[0].split(" ")[2] != node_exporter_version) ) or
( node_exporter_binary_local_dir | length > 0 )
tags:
- node_exporter_install
- import_tasks: selinux.yml
become: true
- name: SELinux
ansible.builtin.include_tasks:
file: selinux.yml
apply:
become: true
when: ansible_selinux.status == "enabled"
tags:
- node_exporter_configure
- import_tasks: configure.yml
become: true
- name: Configure
ansible.builtin.include_tasks:
file: configure.yml
apply:
become: true
tags:
- node_exporter_configure
- name: Ensure Node Exporter is enabled on boot
become: true
systemd:
ansible.builtin.systemd:
daemon_reload: true
name: node_exporter
enabled: true

59
roles/node_exporter/tasks/preflight.yml
View file

@ -1,11 +1,11 @@
---
- name: Assert usage of systemd as an init system
assert:
ansible.builtin.assert:
that: ansible_service_mgr == 'systemd'
msg: "This role only works with systemd"
- name: Get systemd version
command: systemctl --version
ansible.builtin.command: systemctl --version
changed_when: false
check_mode: false
register: __systemd_version
@ -13,46 +13,47 @@
- skip_ansible_lint
- name: Set systemd version fact
set_fact:
ansible.builtin.set_fact:
node_exporter_systemd_version: "{{ __systemd_version.stdout_lines[0] | regex_replace('^systemd\\s(\\d+).*$', '\\1') }}"
- name: Naive assertion of proper listen address
assert:
ansible.builtin.assert:
that:
- "':' in node_exporter_web_listen_address"
- name: Assert collectors are not both disabled and enabled at the same time
assert:
ansible.builtin.assert:
that:
- "item not in node_exporter_enabled_collectors"
with_items: "{{ node_exporter_disabled_collectors }}"
- block:
- name: Assert that TLS config is correct
when: node_exporter_tls_server_config | length > 0
block:
- name: Assert that TLS key and cert path are set
assert:
ansible.builtin.assert:
that:
- "node_exporter_tls_server_config.cert_file is defined"
- "node_exporter_tls_server_config.key_file is defined"
- name: Check existence of TLS cert file
stat:
ansible.builtin.stat:
path: "{{ node_exporter_tls_server_config.cert_file }}"
register: __node_exporter_cert_file
- name: Check existence of TLS key file
stat:
ansible.builtin.stat:
path: "{{ node_exporter_tls_server_config.key_file }}"
register: __node_exporter_key_file
- name: Assert that TLS key and cert are present
assert:
ansible.builtin.assert:
that:
- "{{ __node_exporter_cert_file.stat.exists }}"
- "{{ __node_exporter_key_file.stat.exists }}"
when: node_exporter_tls_server_config | length > 0
- name: Check if node_exporter is installed
stat:
ansible.builtin.stat:
path: "{{ _node_exporter_binary_install_dir }}/node_exporter"
register: __node_exporter_is_installed
check_mode: false
@ -60,7 +61,7 @@
- node_exporter_install
- name: Gather currently installed node_exporter version (if any)
command: "{{ _node_exporter_binary_install_dir }}/node_exporter --version"
ansible.builtin.command: "{{ _node_exporter_binary_install_dir }}/node_exporter --version"
args:
warn: false
changed_when: false
@ -71,15 +72,21 @@
- node_exporter_install
- skip_ansible_lint
- block:
- name: Discover latest version
when:
- node_exporter_version == "latest"
- node_exporter_binary_local_dir | length == 0
delegate_to: localhost
run_once: true
block:
- name: Get latest release
uri:
ansible.builtin.uri:
url: "https://api.github.com/repos/prometheus/node_exporter/releases/latest"
method: GET
return_content: true
status_code: 200
body_format: json
user: "{{ lookup('env', 'GH_USER') | default(omit) }}"
ansible.builtin.user: "{{ lookup('env', 'GH_USER') | default(omit) }}"
password: "{{ lookup('env', 'GH_TOKEN') | default(omit) }}"
no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
register: _latest_release
@ -87,25 +94,21 @@
retries: 5
- name: "Set node_exporter version to {{ _latest_release.json.tag_name[1:] }}"
set_fact:
ansible.builtin.set_fact:
node_exporter_version: "{{ _latest_release.json.tag_name[1:] }}"
when:
- node_exporter_version == "latest"
- node_exporter_binary_local_dir | length == 0
delegate_to: localhost
run_once: true
- block:
- name: Get node_exporter binary checksum
delegate_to: localhost
when: node_exporter_binary_local_dir | length == 0
block:
- name: Get checksum list from github
set_fact:
ansible.builtin.set_fact:
_checksums: "{{ lookup('url', 'https://github.com/prometheus/node_exporter/releases/download/v' + node_exporter_version + '/sha256sums.txt', wantlist=True) | list }}"
run_once: true
- name: "Get checksum for {{ go_arch }} architecture"
set_fact:
- name: "Get checksum for {{ go_arch }}"
ansible.builtin.set_fact:
node_exporter_checksum: "{{ item.split(' ')[0] }}"
with_items: "{{ _checksums }}"
when:
- "('linux-' + go_arch + '.tar.gz') in item"
delegate_to: localhost
when: node_exporter_binary_local_dir | length == 0

30
roles/node_exporter/tasks/selinux.yml
View file

@ -1,34 +1,18 @@
---
- name: Install selinux python packages [RHEL]
package:
name:
- "{{ ( (ansible_facts.distribution_major_version | int) < 8) | ternary('libselinux-python','python3-libselinux') }}"
- "{{ ( (ansible_facts.distribution_major_version | int) < 8) | ternary('policycoreutils-python','python3-policycoreutils') }}"
- name: Install selinux python packages [RedHat]
ansible.builtin.package:
name: "{{ ['libselinux-python', 'python-policycoreutils']
if ansible_python_version is version('3', '<') else
['python3-libselinux', 'python3-policycoreutils'] }}"
state: present
register: _install_selinux_packages
until: _install_selinux_packages is success
retries: 5
delay: 2
when:
- (ansible_distribution | lower == "redhat") or
(ansible_distribution | lower == "centos")
- name: Install selinux python packages [Fedora]
package:
name:
- "{{ ( (ansible_facts.distribution_major_version | int) < 29) | ternary('libselinux-python','python3-libselinux') }}"
- "{{ ( (ansible_facts.distribution_major_version | int) < 29) | ternary('policycoreutils-python','python3-policycoreutils') }}"
state: present
register: _install_selinux_packages
until: _install_selinux_packages is success
retries: 5
delay: 2
when:
- ansible_distribution | lower == "fedora"
when: ansible_os_family | lower == redhat
- name: Install selinux python packages [clearlinux]
package:
ansible.builtin.package:
name: sysadmin-basic
state: present
register: _install_selinux_packages

2
roles/prometheus/defaults/main.yml
View file

@ -90,7 +90,7 @@ prometheus_static_targets_files:
- prometheus/targets/*.yml
- prometheus/targets/*.json
prometheus_alert_rules:
prometheus_alert_rules: # noqa yaml[line-length] # noqa line-length
- alert: Watchdog
expr: vector(1)
for: 10m

10
roles/prometheus/handlers/main.yml
View file

@ -1,13 +1,15 @@
---
- name: restart prometheus
- name: Restart prometheus
listen: "restart prometheus"
become: true
systemd:
ansible.builtin.systemd:
daemon_reload: true
name: prometheus
state: restarted
- name: reload prometheus
- name: Reload prometheus
listen: "reload prometheus"
become: true
systemd:
ansible.builtin.systemd:
name: prometheus
state: reloaded

22
roles/prometheus/meta/main.yml
View file

@ -16,19 +16,19 @@ galaxy_info:
- buster
- name: EL
versions:
- 7
- 8
- '7'
- '8'
- name: Fedora
versions:
- 30
- 31
- '30'
- '31'
galaxy_tags:
- monitoring
- prometheus
- metrics
- alerts
- alerting
- molecule
- cloud
- monitoring
- prometheus
- metrics
- alerts
- alerting
- molecule
- cloud
dependencies: []

2
roles/prometheus/molecule/alternative/playbook.yml
View file

@ -3,7 +3,7 @@
hosts: all
any_errors_fatal: true
roles:
- cloudalchemy.prometheus
- prometheus
vars:
prometheus_binary_local_dir: '/tmp/prometheus-linux-amd64'
prometheus_config_dir: /opt/prom/etc

13
roles/prometheus/molecule/alternative/prepare.yml
View file

@ -7,11 +7,12 @@
# flag features in the systemd service file.
version: 2.25.2
tasks:
- name: download prometheus binary to local folder
- name: Download prometheus binary to local folder
become: false
get_url:
ansible.builtin.get_url:
url: "https://github.com/prometheus/prometheus/releases/download/v{{ version }}/prometheus-{{ version }}.linux-amd64.tar.gz"
dest: "/tmp/prometheus-{{ version }}.linux-amd64.tar.gz"
mode: 0644
register: _download_archive
until: _download_archive is succeeded
retries: 5
@ -19,18 +20,18 @@
run_once: true
check_mode: false
- name: unpack prometheus binaries
- name: Unpack prometheus binaries
become: false
unarchive:
ansible.builtin.unarchive:
src: "/tmp/prometheus-{{ version }}.linux-amd64.tar.gz"
dest: "/tmp"
creates: "/tmp/prometheus-{{ version }}.linux-amd64/prometheus"
run_once: true
check_mode: false
- name: link to prometheus binaries directory
- name: Link to prometheus binaries directory
become: false
file:
ansible.builtin.file:
src: "/tmp/prometheus-{{ version }}.linux-amd64"
dest: "/tmp/prometheus-linux-amd64"
state: link

2
roles/prometheus/molecule/default/playbook.yml
View file

@ -3,4 +3,4 @@
hosts: all
any_errors_fatal: true
roles:
- cloudalchemy.prometheus
- prometheus

2
roles/prometheus/molecule/latest/playbook.yml
View file

@ -3,6 +3,6 @@
hosts: all
any_errors_fatal: true
roles:
- cloudalchemy.prometheus
- prometheus
vars:
prometheus_version: latest

40
roles/prometheus/tasks/configure.yml
View file

@ -1,10 +1,10 @@
---
- name: alerting rules file
template:
- name: Alerting rules file
ansible.builtin.template:
src: "alert.rules.j2"
dest: "{{ prometheus_config_dir }}/rules/ansible_managed.rules"
owner: root
group: prometheus
ansible.builtin.group: prometheus
mode: 0640
validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s"
when:
@ -12,44 +12,44 @@
notify:
- reload prometheus
- name: copy custom alerting rule files
copy:
- name: Copy custom alerting rule files
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ prometheus_config_dir }}/rules/"
owner: root
group: prometheus
ansible.builtin.group: prometheus
mode: 0640
validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s"
with_fileglob: "{{ prometheus_alert_rules_files }}"
notify:
- reload prometheus
- name: configure prometheus
template:
- name: Configure prometheus
ansible.builtin.template:
src: "{{ prometheus_config_file }}"
dest: "{{ prometheus_config_dir }}/prometheus.yml"
force: true
owner: root
group: prometheus
ansible.builtin.group: prometheus
mode: 0640
validate: "{{ _prometheus_binary_install_dir }}/promtool check config %s"
notify:
- reload prometheus
- name: configure Prometheus web
copy:
content: "{{ prometheus_web_config | to_nice_yaml(indent=2,sort_keys=False) }}"
- name: Configure Prometheus web
ansible.builtin.template:
content: "{{ prometheus_web_config | to_nice_yaml(indent=2, sort_keys=False) }}"
dest: "{{ prometheus_config_dir }}/web.yml"
force: true
owner: root
group: prometheus
ansible.builtin.group: prometheus
mode: 0640
- name: configure prometheus static targets
copy:
- name: Configure prometheus static targets
ansible.builtin.template:
content: |
#jinja2: lstrip_blocks: True
{{ item.value | to_nice_yaml(indent=2,sort_keys=False) }}
{{ item.value | to_nice_yaml(indent=2, sort_keys=False) }}
lstrip_blocks: true
dest: "{{ prometheus_config_dir }}/file_sd/{{ item.key }}.yml"
force: true
owner: root
@ -58,12 +58,12 @@
with_dict: "{{ prometheus_targets }}"
when: prometheus_targets != {}
- name: copy prometheus custom static targets
copy:
- name: Copy prometheus custom static targets
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ prometheus_config_dir }}/file_sd/"
force: true
owner: root
group: prometheus
ansible.builtin.group: prometheus
mode: 0640
with_fileglob: "{{ prometheus_static_targets_files }}"

75
roles/prometheus/tasks/install.yml
View file

@ -1,46 +1,53 @@
---
- name: create prometheus system group
group:
- name: Create prometheus system group
ansible.builtin.group:
name: prometheus
system: true
state: present
- name: create prometheus system user
user:
- name: Create prometheus system user
ansible.builtin.user:
name: prometheus
system: true
shell: "/usr/sbin/nologin"
group: prometheus
ansible.builtin.group: prometheus
createhome: false
home: "{{ prometheus_db_dir }}"
- name: create prometheus data directory
file:
- name: Create prometheus data directory
ansible.builtin.file:
path: "{{ prometheus_db_dir }}"
state: directory
owner: prometheus
group: prometheus
ansible.builtin.group: prometheus
mode: 0755
- name: create prometheus configuration directories
file:
- name: Create prometheus configuration directories
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: root
group: prometheus
ansible.builtin.group: prometheus
mode: 0770
with_items:
- "{{ prometheus_config_dir }}"
- "{{ prometheus_config_dir }}/rules"
- "{{ prometheus_config_dir }}/file_sd"
- block:
- name: download prometheus binary to local folder
- name: Get prometheus binary
when:
- prometheus_binary_local_dir | length == 0
- not prometheus_skip_install
block:
- name: Download prometheus binary to local folder
become: false
get_url:
url: "https://github.com/prometheus/prometheus/releases/download/v{{ prometheus_version }}/prometheus-{{ prometheus_version }}.linux-{{ go_arch }}.tar.gz"
ansible.builtin.get_url:
url: "https://github.com/prometheus/prometheus/releases/download/v{{ prometheus_version }}/
prometheus-{{ prometheus_version }}.linux-{{ go_arch }}.tar.gz"
dest: "/tmp/prometheus-{{ prometheus_version }}.linux-{{ go_arch }}.tar.gz"
checksum: "sha256:{{ __prometheus_checksum }}"
mode: 0644
register: _download_archive
until: _download_archive is succeeded
retries: 5
@ -49,51 +56,48 @@
delegate_to: localhost
check_mode: false
- name: unpack prometheus binaries
- name: Unpack prometheus binaries
become: false
unarchive:
ansible.builtin.unarchive:
src: "/tmp/prometheus-{{ prometheus_version }}.linux-{{ go_arch }}.tar.gz"
dest: "/tmp"
creates: "/tmp/prometheus-{{ prometheus_version }}.linux-{{ go_arch }}/prometheus"
delegate_to: localhost
check_mode: false
- name: propagate official prometheus and promtool binaries
copy:
- name: Propagate official prometheus and promtool binaries
ansible.builtin.copy:
src: "/tmp/prometheus-{{ prometheus_version }}.linux-{{ go_arch }}/{{ item }}"
dest: "{{ _prometheus_binary_install_dir }}/{{ item }}"
mode: 0755
owner: root
group: root
ansible.builtin.group: root
with_items:
- prometheus
- promtool
notify:
- restart prometheus
- name: propagate official console templates
copy:
- name: Propagate official console templates
ansible.builtin.copy:
src: "/tmp/prometheus-{{ prometheus_version }}.linux-{{ go_arch }}/{{ item }}/"
dest: "{{ prometheus_config_dir }}/{{ item }}/"
mode: 0644
owner: root
group: root
ansible.builtin.group: root
with_items:
- console_libraries
- consoles
notify:
- restart prometheus
when:
- prometheus_binary_local_dir | length == 0
- not prometheus_skip_install
- name: propagate locally distributed prometheus and promtool binaries
copy:
- name: Propagate locally distributed prometheus and promtool binaries
ansible.builtin.copy:
src: "{{ prometheus_binary_local_dir }}/{{ item }}"
dest: "{{ _prometheus_binary_install_dir }}/{{ item }}"
mode: 0755
owner: root
group: root
ansible.builtin.group: root
with_items:
- prometheus
- promtool
@ -103,21 +107,20 @@
notify:
- restart prometheus
- name: create systemd service unit
template:
- name: Create systemd service unit
ansible.builtin.template:
src: prometheus.service.j2
dest: /etc/systemd/system/prometheus.service
owner: root
group: root
ansible.builtin.group: root
mode: 0644
notify:
- restart prometheus
- name: Install SELinux dependencies
package:
name: "{{ item }}"
ansible.builtin.package:
name: "{{ _prometheus_selinux_packages }}"
state: present
with_items: "{{ prometheus_selinux_packages }}"
register: _install_packages
until: _install_packages is succeeded
retries: 5
@ -127,7 +130,7 @@
- ansible_selinux.status == "enabled"
- name: Allow prometheus to bind to port in SELinux
seport:
ansible.builtin.seport:
ports: "{{ prometheus_web_listen_address.split(':')[1] }}"
proto: tcp
setype: http_port_t

33
roles/prometheus/tasks/main.yml
View file

@ -1,35 +1,30 @@
---
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version }}.yml"
- "{{ ansible_distribution | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_os_family | lower }}.yml"
- name: Preflight
ansible.builtin.include_tasks: preflight.yml
tags:
- prometheus_configure
- prometheus_install
- prometheus_run
- include: preflight.yml
tags:
- prometheus_configure
- prometheus_install
- prometheus_run
- include: install.yml
become: true
- name: Install
ansible.builtin.include_tasks:
file: install.yml
apply:
become: true
tags:
- prometheus_install
- include: configure.yml
become: true
- name: Configure
ansible.builtin.include_tasks:
file: configure.yml
apply:
become: true
tags:
- prometheus_configure
- name: ensure prometheus service is started and enabled
- name: Ensure prometheus service is started and enabled
become: true
systemd:
ansible.builtin.systemd:
daemon_reload: true
name: prometheus
state: started

65
roles/prometheus/tasks/preflight.yml
View file

@ -1,11 +1,11 @@
---
- name: Assert usage of systemd as an init system
assert:
ansible.builtin.assert:
that: ansible_service_mgr == 'systemd'
msg: "This module only works with systemd"
- name: Get systemd version
command: systemctl --version
ansible.builtin.command: systemctl --version
changed_when: false
check_mode: false
register: __systemd_version
@ -13,11 +13,11 @@
- skip_ansible_lint
- name: Set systemd version fact
set_fact:
ansible.builtin.set_fact:
prometheus_systemd_version: "{{ __systemd_version.stdout_lines[0].split(' ')[-1] }}"
- name: Assert no duplicate config flags
assert:
ansible.builtin.assert:
that:
- prometheus_config_flags_extra['config.file'] is not defined
- prometheus_config_flags_extra['storage.tsdb.path'] is not defined
@ -27,16 +27,16 @@
msg: "Detected duplicate configuration entry. Please check your ansible variables and role README.md."
- name: Assert external_labels aren't configured twice
assert:
ansible.builtin.assert:
that: prometheus_global.external_labels is not defined
msg: "Use prometheus_external_labels to define external labels"
- name: Set prometheus external metrics path
set_fact:
prometheus_metrics_path: "/{{ ( prometheus_web_external_url + '/metrics' ) | regex_replace('^(.*://)?(.*?)/') }}"
ansible.builtin.set_fact:
prometheus_metrics_path: "/{{ (prometheus_web_external_url + '/metrics') | regex_replace('^(.*://)?(.*?)/') }}"
- name: Fail when prometheus_config_flags_extra duplicates parameters set by other variables
fail:
ansible.builtin.fail:
msg: >
Whooops. You are duplicating configuration. Please look at your prometheus_config_flags_extra
and check against other variables in defaults/main.yml
@ -51,11 +51,11 @@
when: item in prometheus_config_flags_extra.keys()
- name: Get all file_sd files from scrape_configs
set_fact:
ansible.builtin.set_fact:
file_sd_files: "{{ prometheus_scrape_configs | json_query('[*][].file_sd_configs[*][].files[]') }}"
- name: Fail when file_sd targets are not defined in scrape_configs
fail:
ansible.builtin.fail:
msg: >
Oh, snap! `{{ item.key }}` couldn't be found in your scrape configs. Please ensure you provided
all targets from prometheus_targets in prometheus_scrape_configs
@ -64,7 +64,7 @@
with_dict: "{{ prometheus_targets }}"
- name: Alert when prometheus_alertmanager_config is empty, but prometheus_alert_rules is specified
debug:
ansible.builtin.debug:
msg: >
No alertmanager configuration was specified. If you want your alerts to be sent make sure to
specify a prometheus_alertmanager_config in defaults/main.yml.
@ -72,16 +72,22 @@
- prometheus_alertmanager_config == []
- prometheus_alert_rules != []
- block:
- name: Discover latest version
when:
- prometheus_version == "latest"
- prometheus_binary_local_dir | length == 0
- not prometheus_skip_install
block:
- name: Get latest release
uri:
ansible.builtin.uri:
url: "https://api.github.com/repos/prometheus/prometheus/releases/latest"
method: GET
return_content: true
status_code: 200
body_format: json
validate_certs: false
user: "{{ lookup('env', 'GH_USER') | default(omit) }}"
ansible.builtin.user: "{{ lookup('env', 'GH_USER') | default(omit) }}"
password: "{{ lookup('env', 'GH_TOKEN') | default(omit) }}"
no_log: "{{ not lookup('env', 'ANSIBLE_DEBUG') | bool }}"
register: _latest_release
@ -89,26 +95,23 @@
retries: 5
- name: "Set prometheus version to {{ _latest_release.json.tag_name[1:] }}"
set_fact:
ansible.builtin.set_fact:
prometheus_version: "{{ _latest_release.json.tag_name[1:] }}"
when:
- prometheus_version == "latest"
- prometheus_binary_local_dir | length == 0
- not prometheus_skip_install
- block:
- name: "Get checksum list"
set_fact:
__prometheus_checksums: "{{ lookup('url', 'https://github.com/prometheus/prometheus/releases/download/v' + prometheus_version + '/sha256sums.txt', wantlist=True) | list }}"
run_once: true
- name: "Get checksum for {{ go_arch }} architecture"
set_fact:
__prometheus_checksum: "{{ item.split(' ')[0] }}"
with_items: "{{ __prometheus_checksums }}"
when:
- "('linux-' + go_arch + '.tar.gz') in item"
- name: Get prometheus binary checksum
delegate_to: localhost
when:
- prometheus_binary_local_dir | length == 0
- not prometheus_skip_install
block:
- name: "Get checksum list"
ansible.builtin.set_fact:
__prometheus_checksums: "{{ lookup('url', 'https://github.com/prometheus/prometheus/releases/download/v' + prometheus_version + '/sha256sums.txt', wantlist=True) | list }}"
run_once: true
- name: "Get checksum for {{ go_arch }}"
ansible.builtin.set_fact:
__prometheus_checksum: "{{ item.split(' ')[0] }}"
with_items: "{{ __prometheus_checksums }}"
when:
- "('linux-' + go_arch + '.tar.gz') in item"

4
roles/prometheus/vars/centos-8.yml
View file

@ -1,4 +0,0 @@
---
prometheus_selinux_packages:
- python3-libselinux
- python3-policycoreutils

4
roles/prometheus/vars/centos.yml
View file

@ -1,4 +0,0 @@
---
prometheus_selinux_packages:
- libselinux-python
- policycoreutils-python

4
roles/prometheus/vars/debian.yml
View file

@ -1,4 +0,0 @@
---
prometheus_selinux_packages:
- python-selinux
- policycoreutils

4
roles/prometheus/vars/fedora.yml
View file

@ -1,4 +0,0 @@
---
prometheus_selinux_packages:
- python3-libselinux
- python3-policycoreutils

4
roles/prometheus/vars/main.yml
View file

@ -8,3 +8,7 @@ go_arch_map:
go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
_prometheus_binary_install_dir: '/usr/local/bin'
_prometheus_selinux_packages: "{{ ['libselinux-python', 'python-policycoreutils']
if ansible_python_version is version('3', '<') else
['python3-libselinux', 'python3-policycoreutils'] }}"

4
roles/prometheus/vars/redhat-8.yml
View file

@ -1,4 +0,0 @@
---
prometheus_selinux_packages:
- python3-libselinux
- python3-policycoreutils

4
roles/prometheus/vars/redhat.yml
View file

@ -1,4 +0,0 @@
---
prometheus_selinux_packages:
- libselinux-python
- policycoreutils-python

10
roles/snmp_exporter/handlers/main.yml
View file

@ -1,12 +1,14 @@
---
- name: reload snmp exporter
systemd:
- name: Reload snmp exporter
listen: "reload snmp exporter"
ansible.builtin.systemd:
daemon_reload: true
name: snmp_exporter
state: reloaded
- name: restart snmp exporter
systemd:
- name: Restart snmp exporter
listen: "restart snmp exporter"
ansible.builtin.systemd:
daemon_reload: true
name: snmp_exporter
state: restarted

20
roles/snmp_exporter/meta/main.yml
View file

@ -16,18 +16,18 @@ galaxy_info:
- buster
- name: EL
versions:
- 7
- 8
- '7'
- '8'
- name: Fedora
versions:
- 30
- 31
- '30'
- '31'
galaxy_tags:
- monitoring
- prometheus
- exporter
- system
- network
- metrics
- monitoring
- prometheus
- exporter
- system
- network
- metrics
dependencies: []

5
roles/snmp_exporter/molecule/alternative/playbook.yml
View file

@ -1,7 +1,8 @@
---
- hosts: all
- name: Converge
hosts: all
roles:
- ansible-snmp-exporter
- snmp_exporter
vars:
__testing_on_travis: true
snmp_exporter_web_listen_address: "127.0.0.1:9116"

5
roles/snmp_exporter/molecule/default/playbook.yml
View file

@ -1,7 +1,8 @@
---
- hosts: all
- name: Converge
hosts: all
roles:
- ansible-snmp-exporter
- snmp_exporter
vars:
__testing_on_travis: true
snmp_exporter_web_listen_address: "127.0.0.1:9116"

12
roles/snmp_exporter/tasks/configure.yml
View file

@ -1,21 +1,21 @@
---
- name: Copy the SNMP Exporter systemd service file
template:
ansible.builtin.template:
src: snmp_exporter.service.j2
dest: /etc/systemd/system/snmp_exporter.service
owner: root
group: root
ansible.builtin.group: root
mode: 0644
notify:
- restart snmp exporter
- name: Download snmp configuration file from github repository
get_url:
ansible.builtin.get_url:
url: "https://raw.githubusercontent.com/prometheus/snmp_exporter/v{{ snmp_exporter_version }}/snmp.yml"
dest: /etc/snmp_exporter/snmp.yml
validate_certs: false
owner: root
group: root
ansible.builtin.group: root
mode: 0644
register: _download_config
until: _download_config is success
@ -26,11 +26,11 @@
when: snmp_exporter_config_file == ""
- name: Copy configuration file
template:
ansible.builtin.template:
src: "{{ snmp_exporter_config_file }}"
dest: /etc/snmp_exporter/snmp.yml
owner: root
group: root
ansible.builtin.group: root
mode: 0644
no_log: "{{ 'true' if __testing_on_travis is defined else 'false' }}"
notify:

14
roles/snmp_exporter/tasks/install.yml
View file

@ -1,10 +1,12 @@
---
- name: Download snmp_exporter binary to local folder
become: false
get_url:
url: "https://github.com/prometheus/snmp_exporter/releases/download/v{{ snmp_exporter_version }}/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz"
ansible.builtin.get_url:
url: "https://github.com/prometheus/snmp_exporter/releases/download/v{{ snmp_exporter_version }}/
snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz"
dest: "/tmp"
checksum: "sha256:{{ snmp_exporter_checksum }}"
mode: 0644
register: _download_binary
until: _download_binary is success
retries: 5
@ -14,7 +16,7 @@
- name: Unpack snmp_exporter binary
become: false
unarchive:
ansible.builtin.unarchive:
src: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz"
dest: "/tmp"
creates: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/snmp_exporter"
@ -22,7 +24,7 @@
check_mode: false
- name: Propagate SNMP Exporter binaries
copy:
ansible.builtin.copy:
src: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/snmp_exporter"
dest: "/usr/local/bin/snmp_exporter"
mode: 0755
@ -30,9 +32,9 @@
- restart snmp exporter
- name: Create configuration directory
file:
ansible.builtin.file:
path: "/etc/snmp_exporter"
state: directory
owner: root
group: root
ansible.builtin.group: root
mode: 0755

21
roles/snmp_exporter/tasks/main.yml
View file

@ -1,23 +1,30 @@
---
- include: preflight.yml
- name: Preflight
ansible.builtin.include_tasks: preflight.yml
tags:
- snmp_exporter_install
- snmp_exporter_configure
- snmp_exporter_run
- include: install.yml
become: true
- name: Install
ansible.builtin.include_tasks:
file: install.yml
apply:
become: true
tags:
- snmp_exporter_install
- include: configure.yml
become: true
- name: Configure
ansible.builtin.include_tasks:
file: configure.yml
apply:
become: true
tags:
- snmp_exporter_configure
- name: ensure snmp_exporter service is started and enabled
- name: Ensure snmp_exporter service is started and enabled
become: true
systemd:
ansible.builtin.systemd:
daemon_reload: true
name: snmp_exporter
state: started

4
roles/snmp_exporter/tasks/preflight.yml
View file

@ -1,6 +1,6 @@
---
- name: "Get checksum for {{ go_arch_map[ansible_architecture] | default(ansible_architecture) }} architecture"
set_fact:
- name: "Get checksum for {{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
ansible.builtin.set_fact:
snmp_exporter_checksum: "{{ item.split(' ')[0] }}"
with_items:
- "{{ lookup('url', 'https://github.com/prometheus/snmp_exporter/releases/download/v' + snmp_exporter_version + '/sha256sums.txt', wantlist=True) | list }}"