ansible-collection-prometheus/roles/prometheus
prombot e39934bc49
fix: Don't log config deployments
Avoid logging on some config files may contain secrets.

Fixes: https://github.com/prometheus-community/ansible/issues/72

Signed-off-by: prombot <prometheus-team@googlegroups.com>
2023-03-17 11:34:30 +01:00
..
defaults Fixup version bumper job 2023-03-14 07:19:57 +01:00
handlers fix(lint): warning lint errors 2022-11-25 15:39:18 +00:00
meta Fixup version bumper job 2023-03-14 07:19:57 +01:00
molecule docs: Remove references to to previous named ansible collection cloudalchemy 2023-03-06 09:59:42 +01:00
tasks fix: Don't log config deployments 2023-03-17 11:34:30 +01:00
templates refactor: avoid using command module for systemd version fact 2023-03-08 18:03:00 +00:00
vars Fixup version bumper job 2023-03-14 07:19:57 +01:00
README.md docs: Fix links to prometheus.io and to default settings (codefiles) 2023-03-06 09:59:43 +01:00

prometheus logo

Ansible Role: prometheus

Description

Deploy Prometheus monitoring system using ansible.

Requirements

  • Ansible >= 2.7 (It might work on previous versions, but we cannot guarantee it)
  • gnu-tar on Mac deployer host (brew install gnu-tar)

Role Variables

All variables which can be overridden are stored in defaults/main.yml file as well as in table below.

Name Default Value Description
prometheus_version 2.27.0 Prometheus package version. Also accepts latest as parameter. Only prometheus 2.x is supported
prometheus_skip_install false Prometheus installation tasks gets skipped when set to true.
prometheus_binary_local_dir "" Allows to use local packages instead of ones distributed on github. As parameter it takes a directory where prometheus AND promtool binaries are stored on host on which ansible is ran. This overrides prometheus_version parameter
prometheus_config_dir /etc/prometheus Path to directory with prometheus configuration
prometheus_binary_url https://github.com/prometheus/prometheus/releases/download/v{{ prometheus_version }}/prometheus-{{ prometheus_version }}.linux-{{ go_arch }}.tar.gz URL of the prometheus binaries .tar.gz file
prometheus_checksums_url https://github.com/prometheus/prometheus/releases/download/v{{ prometheus_version }}/sha256sums.txt URL of the prometheus checksums file
prometheus_db_dir /var/lib/prometheus Path to directory with prometheus database
prometheus_read_only_dirs [] Additional paths that Prometheus is allowed to read (useful for SSL certs outside of the config directory)
prometheus_web_listen_address "0.0.0.0:9090" Address on which prometheus will be listening
prometheus_web_config {} A Prometheus web config yaml for configuring TLS and auth.
prometheus_web_external_url "" External address on which prometheus is available. Useful when behind reverse proxy. Ex. http://example.org/prometheus
prometheus_storage_retention "30d" Data retention period
prometheus_storage_retention_size "0" Data retention period by size
prometheus_config_flags_extra {} Additional configuration flags passed to prometheus binary at startup
prometheus_alertmanager_config [] Configuration responsible for pointing where alertmanagers are. This should be specified as list in yaml format. It is compatible with official <alertmanager_config>
prometheus_alert_relabel_configs [] Alert relabeling rules. This should be specified as list in yaml format. It is compatible with the official <alert_relabel_configs>
prometheus_global { scrape_interval: 60s, scrape_timeout: 15s, evaluation_interval: 15s } Prometheus global config. Compatible with official configuration
prometheus_remote_write [] Remote write. Compatible with official configuration
prometheus_remote_read [] Remote read. Compatible with official configuration
prometheus_external_labels environment: "{{ ansible_fqdn | default(ansible_host) | default(inventory_hostname) }}" Provide map of additional labels which will be added to any time series or alerts when communicating with external systems
prometheus_targets {} Targets which will be scraped.
prometheus_scrape_configs defaults/main.yml#L75 Prometheus scrape jobs provided in same format as in official docs
prometheus_config_file "prometheus.yml.j2" Variable used to provide custom prometheus configuration file in form of ansible template
prometheus_alert_rules defaults/main.yml#L97 Full list of alerting rules which will be copied to {{ prometheus_config_dir }}/rules/ansible_managed.rules. Alerting rules can be also provided by other files located in {{ prometheus_config_dir }}/rules/ which have *.rules extension
prometheus_alert_rules_files defaults/main.yml#L89 List of folders where ansible will look for files containing alerting rules which will be copied to {{ prometheus_config_dir }}/rules/. Files must have *.rules extension
prometheus_static_targets_files defaults/main.yml#L92 List of folders where ansible will look for files containing custom static target configuration files which will be copied to {{ prometheus_config_dir }}/file_sd/.

Relation between prometheus_scrape_configs and prometheus_targets

Short version

prometheus_targets is just a map used to create multiple files located in "{{ prometheus_config_dir }}/file_sd" directory. Where file names are composed from top-level keys in that map with .yml suffix. Those files store file_sd scrape targets data and they need to be read in prometheus_scrape_configs.

Long version

A part of prometheus.yml configuration file which describes what is scraped by prometheus is stored in prometheus_scrape_configs. For this variable same configuration options as described in prometheus docs are used.

Meanwhile prometheus_targets is our way of adopting prometheus scrape type file_sd. It defines a map of files with their content. A top-level keys are base names of files which need to have their own scrape job in prometheus_scrape_configs and values are a content of those files.

All this mean that you CAN use custom prometheus_scrape_configs with prometheus_targets set to {}. However when you set anything in prometheus_targets it needs to be mapped to prometheus_scrape_configs. If it isn't you'll get an error in preflight checks.

Example

Lets look at our default configuration, which shows all features. By default we have this prometheus_targets:

prometheus_targets:
  node:  # This is a base file name. File is located in "{{ prometheus_config_dir }}/file_sd/<<BASENAME>>.yml"
    - targets:              #
        - localhost:9100    # All this is a targets section in file_sd format
      labels:               #
        env: test           #

Such config will result in creating one file named node.yml in {{ prometheus_config_dir }}/file_sd directory.

Next this file needs to be loaded into scrape config. Here is modified version of our default prometheus_scrape_configs:

prometheus_scrape_configs:
  - job_name: "prometheus"    # Custom scrape job, here using `static_config`
    metrics_path: "/metrics"
    static_configs:
      - targets:
          - "localhost:9090"
  - job_name: "example-node-file-servicediscovery"
    file_sd_configs:
      - files:
          - "{{ prometheus_config_dir }}/file_sd/node.yml" # This line loads file created from `prometheus_targets`

Example

Playbook

---
- hosts: all
  roles:
  - prometheus.prometheus.prometheus
  vars:
    prometheus_targets:
      node:
      - targets:
        - localhost:9100
        - node.demo.do.prometheus.io
        labels:
          env: demosite

Demo site

Prometheus organization provide a demo site for full monitoring solution based on prometheus and grafana. Repository with code and links to running instances is available on github.

Defining alerting rules files

Alerting rules are defined in prometheus_alert_rules variable. Format is almost identical to one defined in Prometheus 2.0 documentation. Due to similarities in templating engines, every templates should be wrapped in {% raw %} and {% endraw %} statements. Example is provided in defaults/main.yml file.

Local Testing

The preferred way of locally testing the role is to use Docker and molecule (v2.x). You will have to install Docker on your system. See "Get started" for a Docker package suitable to for your system. We are using tox to simplify process of testing on multiple ansible versions. To install tox execute:

pip3 install tox

To run tests on all ansible versions (WARNING: this can take some time)

tox

To run a custom molecule command on custom environment with only default test scenario:

tox -e py35-ansible28 -- molecule test -s default

For more information about molecule go to their docs.

If you would like to run tests on remote docker host just specify DOCKER_HOST variable before running tox tests.

CircleCI

Combining molecule and CircleCI allows us to test how new PRs will behave when used with multiple ansible versions and multiple operating systems. This also allows use to create test scenarios for different role configurations. As a result we have a quite large test matrix which will take more time than local testing, so please be patient.

Contributing

See contributor guideline.

Troubleshooting

See troubleshooting.

License

This project is licensed under MIT License. See LICENSE for more details.