ansible-ffibk/roles/service-prometheus/README.md
kokel ff1dac07ba
Restructure ansible (#8)
* Add filename prefix to playbooks

* Inventory: clean up & rename role ffmwu-prereq to test-prerequisites

Remove all hosts which aren't set up by ansible, yet. Prepare to start
from scratch. Only add hosts to the inventory which will be set up
completly by ansible.

* Role test-prerequisites: improve tasks; update OS to current debian
stable

* Add a bunch of new roles

- Update Readme
- Update ansible.cfg
- Add playbook to set up gateways
- Add group variables

* Roles: add role documentation

* Some restructuring (#3)

* Modify prerequisites role and integrate prerequisites role into all playbooks (#4)

* Add relaxed yamllint config and fix errors

* Add role service-rclocal

* Add role service-bird

* Move localtestvm to separate role (untested) (#6)

* Add role git-repos

* Add role service-bird-icvpn; add python3-yaml package to server-basic
role

* Add role service-bird-ffrl

* Set 'become' default to True (#7)

* Retouch tasks due to 'become' defaults to True

* Add role service-bird-ffrl to playbook gateways

* Role service-bird-ffrl: correct ipaddr filters

* Update readme of roles service-fastd-mesh + service-fastd-intragate

* Update Readme.md

- update passwordstore lookup for fastd secrets
- add explanation about sensible informations

* Role server-basic: add package bridge-utils

* Add role service-tinc

* Add role system-sysctl-gateway

* Add version to git modules in roles:

- git-fastd-peers
- git-repos
- service-tinc

* Add readme for role prerequisites

* Add role network-iptables-gateway

 - move netfilter specific sysctl settings

* Role kmod-batman: load kernel modules

* Role service-bird-icvpn: use a task and not a handler to set file attrs

* Add role service-bind-slave

* Restructure network interfaces in order to use ifupdown2

- rewrite interface templates for batman, fastd, ffrl and meshbridge
- add package ethtool to role server-basic
- use more ipaddr filters and get rid of unneeded variables in dict
ffrl_exit_server
- change ffrl_public_ipv4_nat variable to ip/prefix format
- update readme files

* Role service-dhcpd: fix disabled notify

* Role service-fastd-mesh + service-fastd-intragate: fix mac address format

* Restructure service-fastd roles

- migrate role git-fastd-peers
- add role service-fastd
- add repo clone for ffbin peers (currently hardcoded)
- add role dependency to role service-fastd-mesh +
service-fastd-intragate
- add systemd handlers

* Role service-tinc: use a task instead of a handler for systemd stuff

* Role service-radvd: update handlers

* Update loop keys

* Role service-radvd: optimize ipaddr filters

* Role service-radvd: make more parameters configurable

* Update Readme.md

* Role service-fastd-mesh: add systemd unit + timer to update mesh peers

* Role service-bird + service-bird-icvpn: add systemd unit + timer to update roa+peers+tinc hosts

* Role git-repos: change branch of backend-scripts repo to drop-photon

* Role service-bind-slave: fix file permissions

* Role service-bind-slave: add systemd unit + timer to update icvpn bind config

* Role service-bird-icvpn: rename systemd unit+timer icvpn-update to icvpn-tinc-bgp-update

* Roles service-fastd-mesh + service-fastd-intragate: rename fastd socket

* Role service-rclocal: fix wrong interface

* Role network-iptables-gateway: rename var internet_exit_mtu_ipv[4|6] to internet_exit_tcp_mss_ipv[4|6]

* FFRL Internet Exit: move IPv4 NAT address to a single dummy interface

* Roles service-bird[|-ffrl|-icvpn]: rework handlers

* Update some ipaddr filters

* Fix wrong IP subnet calculation in roles service-radvd + service-rclocal

* Role service-fastd-mesh: move peer limit to a separate file which isn't managed by ansible

* Role service-fastd: ensure fastd service is masked

* Role service-fastd-mesh: add systemd timer for fastd peer limit update script

* Update Readme.md

* Migrate nested dictionary `meshes` into a list of dictionaries

 - migrate dictionary `ipv6` into two simple lists
 - migrate dictionary `forward_zones` into a list

* Restructure fastd configuration to define multiple instances easily

 - introduce mesh subdictionary `fastd`
 - change fastd instance naming
 - change fastd network interface naming (identical with fastd instance
names)
 - change mac address prefixes

* Roles service-fastd-[mesh|intragate]: update role dependencies

* Role network-batman: update batman-ifaces due to fastd instance change

 - update README.md

* Role network-fastd: update README.md

* Readme.md: add control machine requirements

* Role service-fastd-mesh: fix typo in handler

* Role service-fastd: use own systemd unit fastd@.service

- original uses %I which does not escaping, so dashes will be replaced
by slashes
- use %i instead of %I

* Add role network-routing

- move static routes from role service-rclocal to scripts run by systemd
unit
- mv routing specific sysctl settings

* Use package module where possible instead of apt

* Remove unnecessary handlers

* Move all handlers to one single role

* Update Readme.md

* Move IP rules from role `service-rclocal` to role `network-routing`

- add scripts to configure and delete IP rules via a systemd unit
- delete role `service-rclocal`
- update README.md
- add new handler

* Role network-routing: fix typos in ffmwu-del-ip-rules.sh template

* Add role service-respondd

* Roles service-fastd-[intragate|mesh]: update mac prefixes due to fastd instances change

* Fix some whitespaces

* Ensure systemd units are started

* Add role service-nginx

* Add role service-nginx-firmware

* Add missing variables for role service-nginx-firmware

* Add roles service-nginx(-firmware) to playbook gateways

* Role service-nginx: add autoindex options to default vhost

* Flush handlers after configuring network interfaces

* Role service-respondd: also listen on fastd-interfaces

* Update fastd peer limit configuration

 * add list of legacy gateways (temporarily)
 * change backend-scripts branch to ansible
 * Role server-basic: ensure ffmwu config directory is present
 * Role service-fastd: add fastd-status script
 * role service-fastd-mesh: add templating for fastd peer limit
configuration

* Update Readme.md

* Lowercase all network interface names

* Inventory: add new gateway uffschnitt.freifunk-mwu.de

* Role server-repos: change ffmwu repo to stretch

* Role service-respondd: install python3 module dependency

* Role server-repos: remove universe-factory repo since fastd package is available in debian upstream

* Pretty format ansible.cfg

* Inventory host_vars: use single file instead of subfolder

* Role prerequisites: add cname asserts

* Role network-meshbridge: workaround to set mac address on boot and get ipv6 address configured correctly

* Playbook gateways: reorder roles

* Rename role server-repos to server-apt-repos

- Role server-apt-repos: add readme

* Role server-basic: add locale setting

* Roles service-fastd-mesh + service-fastd-intragate

- remove on-up|on-down stanzas from fastd.conf
- update readme

* Move dummy module from role kmod-batman to server-basic

* Roles service-fastd-[mesh|intragate]: reload networking on fastd instance start

* Rework passwordstore lookup handling in roles service-fastd-mesh und service-fastd-intragate

* Role service-tinc: rework passwordstore lookup

* Role network-iptables-gateway: fix freifunk bridge rules

* Role service-fastd-mesh: ensure fastd_status.json file is present; reorder nginx roles

* Role network-routing: add missing service dependency for ffmwu-static-routes service unit

* Role service-tinc: add task to enable post-merge script

* Add prometheus role (#9)
2017-12-05 05:59:06 +01:00

239 lines
4.4 KiB
Markdown

FFMWU prometheus
============
## Summary
Prometheus ansible role based on **[williamyeh.prometheus](https://galaxy.ansible.com/williamyeh/prometheus/)**
This Ansible role has the following features for [Prometheus](http://prometheus.io/):
- Install specific versions of [Prometheus server](https://github.com/prometheus/prometheus), [Node exporter](https://github.com/prometheus/node_exporter), [Alertmanager](https://github.com/prometheus/alertmanager).
- Handlers for restart/reload/stop events;
- Bare bone configuration (*real* configuration should be left to user's template files; see **Usage** section below).
## Role Variables
### Mandatory variables
The components to be installed:
```yaml
# Supported components:
#
# [Server components]
# - "prometheus"
# - "alertmanager"
#
# [Exporter components]
# - "node_exporter"
#
prometheus_components
```
### Optional variables: general settings
User-configurable defaults:
```yaml
# user and group
prometheus_user: prometheus
prometheus_group: prometheus
# directory for executable files
prometheus_install_path: /opt/prometheus
# directory for configuration files
prometheus_config_path: /etc/prometheus
# directory for PID files
prometheus_pid_path: /var/run/prometheus
# directory for temporary files
prometheus_download_path: /tmp
# version of helper utility "gosu"
gosu_version: "1.10"
```
### Optional variables: Prometheus server
User-configurable defaults:
```yaml
# which version?
prometheus_version: 2.0.0
# directory for rule files
prometheus_rule_path: {{ prometheus_config_path }}/rules
# directory for file_sd files
prometheus_file_sd_config_path: {{ prometheus_config_path }}/tgroups
# directory for runtime database
prometheus_db_path: /var/lib/prometheus
```
User-installable configuration file (see [doc](http://prometheus.io/docs/operating/configuration/) for details):
```yaml
# main conf template relative to `playbook_dir`;
# to be installed to "{{ prometheus_config_path }}/prometheus.yml"
prometheus_conf_main
```
User-installable rule files (see [doc](http://prometheus.io/docs/alerting/rules/) for details):
```yaml
# rule files to be installed to "{{ prometheus_rule_path }}" directory;
# dict fields:
# - key: memo for this rule
# - value:
# - src: file relative to `playbook_dir`
# - dest: target file relative to `{{ prometheus_rule_path }}`
prometheus_rule_files
```
Additional command-line arguments, if any (use `prometheus --help` to see the full list of arguments):
```yaml
prometheus_opts
```
### Optional variables: Node exporter
User-configurable defaults:
```yaml
# which version?
node_exporter_version: 0.15.1
```
Additional command-line arguments, if any (use `node_exporter --help` to see the full list of arguments):
```yaml
node_exporter_opts
```
### Optional variables: Alertmanager
User-configurable defaults:
```yaml
# which version?
alertmanager_version: 0.10.0
# directory for runtime database (currently for `silences.json`)
alertmanager_db_path: /var/lib/alertmanager
```
User-installable alertmanager conf file (see [doc](http://prometheus.io/docs/alerting/alertmanager/) for details):
See files directory alertmanager.yml
Additional command-line arguments, if any (use `alertmanager --help` to see the full list of arguments):
```yaml
prometheus_alertmanager_opts
```
## Handlers
Prometheus server:
- `reload prometheus`
Alertmanager:
- `reload alertmanager`
## Usage
### Step 1: add role
Add role name `service-prometheus` to your playbook file.
### Step 2: add variables
Set vars in your playbook file, if necessary.
Simple example:
```yaml
---
# file: simple-playbook.yml
- hosts: all
become: True
roles:
- service-prometheus
vars:
prometheus_components: [ "prometheus", "alertmanager" ]
```
### Step 3: copy user's config files, if necessary
More practical example:
```yaml
---
# file: complex-playbook.yml
- hosts: all
become: True
roles:
- service-prometheus
vars:
prometheus_components:
- prometheus
- node_exporter
- alertmanager
prometheus_rule_files:
this_is_rule_1_InstanceDown:
src: some/path/basic.rules
dest: basic.rules
```
### Step 4: browse the default Prometheus pages
Open the page in your browser:
- Prometheus - `http://HOST:9090` or `http://HOST:9090/consoles/node.html`
- Alertmanager - `http://HOST:9093`
## License
MIT License. See the [LICENSE file](LICENSE) for details.