ff1dac07ba
* Add filename prefix to playbooks * Inventory: clean up & rename role ffmwu-prereq to test-prerequisites Remove all hosts which aren't set up by ansible, yet. Prepare to start from scratch. Only add hosts to the inventory which will be set up completly by ansible. * Role test-prerequisites: improve tasks; update OS to current debian stable * Add a bunch of new roles - Update Readme - Update ansible.cfg - Add playbook to set up gateways - Add group variables * Roles: add role documentation * Some restructuring (#3) * Modify prerequisites role and integrate prerequisites role into all playbooks (#4) * Add relaxed yamllint config and fix errors * Add role service-rclocal * Add role service-bird * Move localtestvm to separate role (untested) (#6) * Add role git-repos * Add role service-bird-icvpn; add python3-yaml package to server-basic role * Add role service-bird-ffrl * Set 'become' default to True (#7) * Retouch tasks due to 'become' defaults to True * Add role service-bird-ffrl to playbook gateways * Role service-bird-ffrl: correct ipaddr filters * Update readme of roles service-fastd-mesh + service-fastd-intragate * Update Readme.md - update passwordstore lookup for fastd secrets - add explanation about sensible informations * Role server-basic: add package bridge-utils * Add role service-tinc * Add role system-sysctl-gateway * Add version to git modules in roles: - git-fastd-peers - git-repos - service-tinc * Add readme for role prerequisites * Add role network-iptables-gateway - move netfilter specific sysctl settings * Role kmod-batman: load kernel modules * Role service-bird-icvpn: use a task and not a handler to set file attrs * Add role service-bind-slave * Restructure network interfaces in order to use ifupdown2 - rewrite interface templates for batman, fastd, ffrl and meshbridge - add package ethtool to role server-basic - use more ipaddr filters and get rid of unneeded variables in dict ffrl_exit_server - change ffrl_public_ipv4_nat variable to ip/prefix format - update readme files * Role service-dhcpd: fix disabled notify * Role service-fastd-mesh + service-fastd-intragate: fix mac address format * Restructure service-fastd roles - migrate role git-fastd-peers - add role service-fastd - add repo clone for ffbin peers (currently hardcoded) - add role dependency to role service-fastd-mesh + service-fastd-intragate - add systemd handlers * Role service-tinc: use a task instead of a handler for systemd stuff * Role service-radvd: update handlers * Update loop keys * Role service-radvd: optimize ipaddr filters * Role service-radvd: make more parameters configurable * Update Readme.md * Role service-fastd-mesh: add systemd unit + timer to update mesh peers * Role service-bird + service-bird-icvpn: add systemd unit + timer to update roa+peers+tinc hosts * Role git-repos: change branch of backend-scripts repo to drop-photon * Role service-bind-slave: fix file permissions * Role service-bind-slave: add systemd unit + timer to update icvpn bind config * Role service-bird-icvpn: rename systemd unit+timer icvpn-update to icvpn-tinc-bgp-update * Roles service-fastd-mesh + service-fastd-intragate: rename fastd socket * Role service-rclocal: fix wrong interface * Role network-iptables-gateway: rename var internet_exit_mtu_ipv[4|6] to internet_exit_tcp_mss_ipv[4|6] * FFRL Internet Exit: move IPv4 NAT address to a single dummy interface * Roles service-bird[|-ffrl|-icvpn]: rework handlers * Update some ipaddr filters * Fix wrong IP subnet calculation in roles service-radvd + service-rclocal * Role service-fastd-mesh: move peer limit to a separate file which isn't managed by ansible * Role service-fastd: ensure fastd service is masked * Role service-fastd-mesh: add systemd timer for fastd peer limit update script * Update Readme.md * Migrate nested dictionary `meshes` into a list of dictionaries - migrate dictionary `ipv6` into two simple lists - migrate dictionary `forward_zones` into a list * Restructure fastd configuration to define multiple instances easily - introduce mesh subdictionary `fastd` - change fastd instance naming - change fastd network interface naming (identical with fastd instance names) - change mac address prefixes * Roles service-fastd-[mesh|intragate]: update role dependencies * Role network-batman: update batman-ifaces due to fastd instance change - update README.md * Role network-fastd: update README.md * Readme.md: add control machine requirements * Role service-fastd-mesh: fix typo in handler * Role service-fastd: use own systemd unit fastd@.service - original uses %I which does not escaping, so dashes will be replaced by slashes - use %i instead of %I * Add role network-routing - move static routes from role service-rclocal to scripts run by systemd unit - mv routing specific sysctl settings * Use package module where possible instead of apt * Remove unnecessary handlers * Move all handlers to one single role * Update Readme.md * Move IP rules from role `service-rclocal` to role `network-routing` - add scripts to configure and delete IP rules via a systemd unit - delete role `service-rclocal` - update README.md - add new handler * Role network-routing: fix typos in ffmwu-del-ip-rules.sh template * Add role service-respondd * Roles service-fastd-[intragate|mesh]: update mac prefixes due to fastd instances change * Fix some whitespaces * Ensure systemd units are started * Add role service-nginx * Add role service-nginx-firmware * Add missing variables for role service-nginx-firmware * Add roles service-nginx(-firmware) to playbook gateways * Role service-nginx: add autoindex options to default vhost * Flush handlers after configuring network interfaces * Role service-respondd: also listen on fastd-interfaces * Update fastd peer limit configuration * add list of legacy gateways (temporarily) * change backend-scripts branch to ansible * Role server-basic: ensure ffmwu config directory is present * Role service-fastd: add fastd-status script * role service-fastd-mesh: add templating for fastd peer limit configuration * Update Readme.md * Lowercase all network interface names * Inventory: add new gateway uffschnitt.freifunk-mwu.de * Role server-repos: change ffmwu repo to stretch * Role service-respondd: install python3 module dependency * Role server-repos: remove universe-factory repo since fastd package is available in debian upstream * Pretty format ansible.cfg * Inventory host_vars: use single file instead of subfolder * Role prerequisites: add cname asserts * Role network-meshbridge: workaround to set mac address on boot and get ipv6 address configured correctly * Playbook gateways: reorder roles * Rename role server-repos to server-apt-repos - Role server-apt-repos: add readme * Role server-basic: add locale setting * Roles service-fastd-mesh + service-fastd-intragate - remove on-up|on-down stanzas from fastd.conf - update readme * Move dummy module from role kmod-batman to server-basic * Roles service-fastd-[mesh|intragate]: reload networking on fastd instance start * Rework passwordstore lookup handling in roles service-fastd-mesh und service-fastd-intragate * Role service-tinc: rework passwordstore lookup * Role network-iptables-gateway: fix freifunk bridge rules * Role service-fastd-mesh: ensure fastd_status.json file is present; reorder nginx roles * Role network-routing: add missing service dependency for ffmwu-static-routes service unit * Role service-tinc: add task to enable post-merge script * Add prometheus role (#9)
239 lines
4.4 KiB
Markdown
239 lines
4.4 KiB
Markdown
|
|
FFMWU prometheus
|
|
============
|
|
|
|
|
|
## Summary
|
|
|
|
Prometheus ansible role based on **[williamyeh.prometheus](https://galaxy.ansible.com/williamyeh/prometheus/)**
|
|
|
|
This Ansible role has the following features for [Prometheus](http://prometheus.io/):
|
|
|
|
- Install specific versions of [Prometheus server](https://github.com/prometheus/prometheus), [Node exporter](https://github.com/prometheus/node_exporter), [Alertmanager](https://github.com/prometheus/alertmanager).
|
|
- Handlers for restart/reload/stop events;
|
|
- Bare bone configuration (*real* configuration should be left to user's template files; see **Usage** section below).
|
|
|
|
## Role Variables
|
|
|
|
|
|
### Mandatory variables
|
|
|
|
The components to be installed:
|
|
|
|
```yaml
|
|
# Supported components:
|
|
#
|
|
# [Server components]
|
|
# - "prometheus"
|
|
# - "alertmanager"
|
|
#
|
|
# [Exporter components]
|
|
# - "node_exporter"
|
|
#
|
|
prometheus_components
|
|
```
|
|
|
|
|
|
|
|
### Optional variables: general settings
|
|
|
|
|
|
User-configurable defaults:
|
|
|
|
```yaml
|
|
# user and group
|
|
prometheus_user: prometheus
|
|
prometheus_group: prometheus
|
|
|
|
|
|
# directory for executable files
|
|
prometheus_install_path: /opt/prometheus
|
|
|
|
# directory for configuration files
|
|
prometheus_config_path: /etc/prometheus
|
|
|
|
# directory for PID files
|
|
prometheus_pid_path: /var/run/prometheus
|
|
|
|
# directory for temporary files
|
|
prometheus_download_path: /tmp
|
|
|
|
# version of helper utility "gosu"
|
|
gosu_version: "1.10"
|
|
```
|
|
|
|
### Optional variables: Prometheus server
|
|
|
|
User-configurable defaults:
|
|
|
|
```yaml
|
|
# which version?
|
|
prometheus_version: 2.0.0
|
|
|
|
# directory for rule files
|
|
prometheus_rule_path: {{ prometheus_config_path }}/rules
|
|
|
|
# directory for file_sd files
|
|
prometheus_file_sd_config_path: {{ prometheus_config_path }}/tgroups
|
|
|
|
# directory for runtime database
|
|
prometheus_db_path: /var/lib/prometheus
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
User-installable configuration file (see [doc](http://prometheus.io/docs/operating/configuration/) for details):
|
|
|
|
|
|
```yaml
|
|
# main conf template relative to `playbook_dir`;
|
|
# to be installed to "{{ prometheus_config_path }}/prometheus.yml"
|
|
prometheus_conf_main
|
|
```
|
|
|
|
|
|
User-installable rule files (see [doc](http://prometheus.io/docs/alerting/rules/) for details):
|
|
|
|
|
|
```yaml
|
|
# rule files to be installed to "{{ prometheus_rule_path }}" directory;
|
|
# dict fields:
|
|
# - key: memo for this rule
|
|
# - value:
|
|
# - src: file relative to `playbook_dir`
|
|
# - dest: target file relative to `{{ prometheus_rule_path }}`
|
|
prometheus_rule_files
|
|
```
|
|
|
|
|
|
Additional command-line arguments, if any (use `prometheus --help` to see the full list of arguments):
|
|
|
|
```yaml
|
|
prometheus_opts
|
|
```
|
|
|
|
|
|
### Optional variables: Node exporter
|
|
|
|
|
|
User-configurable defaults:
|
|
|
|
```yaml
|
|
# which version?
|
|
node_exporter_version: 0.15.1
|
|
```
|
|
|
|
Additional command-line arguments, if any (use `node_exporter --help` to see the full list of arguments):
|
|
|
|
```yaml
|
|
node_exporter_opts
|
|
```
|
|
|
|
|
|
### Optional variables: Alertmanager
|
|
|
|
|
|
User-configurable defaults:
|
|
|
|
```yaml
|
|
# which version?
|
|
alertmanager_version: 0.10.0
|
|
|
|
# directory for runtime database (currently for `silences.json`)
|
|
alertmanager_db_path: /var/lib/alertmanager
|
|
```
|
|
|
|
User-installable alertmanager conf file (see [doc](http://prometheus.io/docs/alerting/alertmanager/) for details):
|
|
See files directory alertmanager.yml
|
|
|
|
|
|
Additional command-line arguments, if any (use `alertmanager --help` to see the full list of arguments):
|
|
|
|
```yaml
|
|
prometheus_alertmanager_opts
|
|
```
|
|
|
|
|
|
|
|
|
|
## Handlers
|
|
|
|
Prometheus server:
|
|
|
|
- `reload prometheus`
|
|
|
|
Alertmanager:
|
|
|
|
- `reload alertmanager`
|
|
|
|
|
|
## Usage
|
|
|
|
|
|
### Step 1: add role
|
|
|
|
Add role name `service-prometheus` to your playbook file.
|
|
|
|
|
|
### Step 2: add variables
|
|
|
|
Set vars in your playbook file, if necessary.
|
|
|
|
Simple example:
|
|
|
|
```yaml
|
|
---
|
|
# file: simple-playbook.yml
|
|
|
|
- hosts: all
|
|
become: True
|
|
roles:
|
|
- service-prometheus
|
|
|
|
vars:
|
|
prometheus_components: [ "prometheus", "alertmanager" ]
|
|
```
|
|
|
|
|
|
### Step 3: copy user's config files, if necessary
|
|
|
|
|
|
More practical example:
|
|
|
|
```yaml
|
|
---
|
|
# file: complex-playbook.yml
|
|
|
|
- hosts: all
|
|
become: True
|
|
roles:
|
|
- service-prometheus
|
|
|
|
vars:
|
|
prometheus_components:
|
|
- prometheus
|
|
- node_exporter
|
|
- alertmanager
|
|
|
|
prometheus_rule_files:
|
|
this_is_rule_1_InstanceDown:
|
|
src: some/path/basic.rules
|
|
dest: basic.rules
|
|
```
|
|
|
|
|
|
### Step 4: browse the default Prometheus pages
|
|
|
|
Open the page in your browser:
|
|
|
|
- Prometheus - `http://HOST:9090` or `http://HOST:9090/consoles/node.html`
|
|
|
|
- Alertmanager - `http://HOST:9093`
|
|
|
|
|
|
## License
|
|
|
|
MIT License. See the [LICENSE file](LICENSE) for details.
|