mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
mysql_dashboard
infrastructure/roles/prometheus_exporters/tasks/main.yml
Jelle van der Waa feaccbdd75
Install systemd service/timer as 644 
Resolve warning from systemd that setting service/timer files to 600
is useless, as systemd still makes them accessible via APIs without
restrictions.

Closes: #222
2021-01-02 17:15:54 +01:00

142 lines
7.1 KiB
YAML
Raw Permalink Blame History

---
- name: install prometheus-node-exporter
pacman: name=prometheus-node-exporter,arch-audit,pacman-contrib state=present
- name: install prometheus-blackbox-exporter
pacman: name=prometheus-blackbox-exporter state=present
when: "'prometheus' in group_names"
- name: install prometheus-memcached-exporter
pacman: name=prometheus-memcached-exporter state=present
when: "'memcached' in group_names"
- name: install jq for rebuilderd-textcollector
pacman: name=jq state=present
when: "'rebuilderd' in group_names"
- name: add node_exporter to rebuilderd group
user: name=node_exporter groups=rebuilderd append=yes
when: "'rebuilderd' in group_names"
- name: install prometheus-mysqld-exporter
pacman: name=prometheus-mysqld-exporter state=present
when: "'mysql_servers' in group_names"
- name: create prometheus mysqld database user
mysql_user:
name: '{{ prometheus_mysqld_user }}'
password: '{{ vault_monitoring_mysql_password }}'
priv: "*.*:PROCESS,REPLICATION CLIENT"
state: present
resource_limits:
MAX_USER_CONNECTIONS: 3
when: "'mysql_servers' in group_names"
- name: copy prometheus mysqld exporter configuration
template: src=prometheus-mysqld-exporter.j2 dest=/etc/conf.d/prometheus-mysqld-exporter owner=root group=root mode=600
when: "'mysql_servers' in group_names"
- name: enable prometheus-mysqld-exporter service
systemd: name=prometheus-mysqld-exporter enabled=yes daemon_reload=yes state=started
when: "'mysql_servers' in group_names"
- name: copy prometheus memcached exporter configuration
template: src=prometheus-memcached-exporter.j2 dest=/etc/conf.d/prometheus-memcached-exporter owner=root group=root mode=600
when: "'memcached' in group_names"
- name: install node exporter configuration
template: src=prometheus-node-exporter.env.j2 dest=/etc/conf.d/prometheus-node-exporter owner=root group=root mode=600
- name: create textcollector directory
file: path="{{ prometheus_textfile_dir }}" state=directory owner=node_exporter group=node_exporter mode=700
- name: install node exporter textcollector scripts
copy: src={{ item }} dest=/usr/local/bin/{{ item }} owner=root group=root mode=0755
with_items:
- arch-textcollector.sh
- borg-textcollector.sh
- rebuilderd-textcollector.sh
- rebuilderd-status-textcollector.py
- archive-textcollector.sh
- name: install arch textcollector service
template: src=prometheus-arch-textcollector.service.j2 dest=/etc/systemd/system/prometheus-arch-textcollector.service owner=root group=root mode=644
- name: install arch textcollector timer
template: src=prometheus-arch-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-arch-textcollector.timer owner=root group=root mode=644
- name: enable and start prometheus arch textcollector timer
systemd: name=prometheus-arch-textcollector.timer enabled=yes daemon_reload=yes state=started
- name: install borg textcollector service
template: src=prometheus-borg-textcollector.service.j2 dest=/etc/systemd/system/prometheus-borg-textcollector.service owner=root group=root mode=644
when: "'borg_clients' in group_names"
- name: install borg textcollector timer
template: src=prometheus-borg-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-borg-textcollector.timer owner=root group=root mode=644
when: "'borg_clients' in group_names"
- name: enable and start prometheus borg textcollector timer
systemd: name=prometheus-borg-textcollector.timer enabled=yes daemon_reload=yes state=started
when: "'borg_clients' in group_names"
- name: install blackbox exporter configuration
copy: src=blackbox.yml dest=/etc/prometheus/blackbox.yml owner=root group=root mode=0755
when: "'prometheus' in group_names"
- name: install rebuilderd textcollector service
template: src=prometheus-rebuilderd-textcollector.service.j2 dest=/etc/systemd/system/prometheus-rebuilderd-textcollector.service owner=root group=root mode=644
when: "'rebuilderd' in group_names"
- name: install rebuilderd textcollector timer
template: src=prometheus-rebuilderd-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-rebuilderd-textcollector.timer owner=root group=root mode=644
when: "'rebuilderd' in group_names"
- name: enable and start prometheus rebuilderd textcollector timer
systemd: name=prometheus-rebuilderd-textcollector.timer enabled=yes daemon_reload=yes state=started
when: "'rebuilderd' in group_names"
- name: install rebuilderd textcollector service
template: src=prometheus-archive-textcollector.service.j2 dest=/etc/systemd/system/prometheus-archive-textcollector.service owner=root group=root mode=644
when: "'archive_mirrors' in group_names or inventory_hostname == 'gemini.archlinux.org'"
- name: install rebuilderd textcollector timer
template: src=prometheus-archive-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-archive-textcollector.timer owner=root group=root mode=644
when: "'archive_mirrors' in group_names or inventory_hostname == 'gemini.archlinux.org'"
- name: enable and start prometheus archive textcollector timer
systemd: name=prometheus-archive-textcollector.timer enabled=yes daemon_reload=yes state=started
when: "'archive_mirrors' in group_names or inventory_hostname == 'gemini.archlinux.org'"
- name: enable prometheus-node-exporter service
systemd: name=prometheus-node-exporter enabled=yes daemon_reload=yes state=started
- name: enable prometheus-blackbox-exporter service
systemd: name=prometheus-blackbox-exporter enabled=yes daemon_reload=yes state=started
when: "'prometheus' in group_names"
- name: enable prometheus-memcached-exporter service
systemd: name=prometheus-memcached-exporter enabled=yes daemon_reload=yes state=started
when: "'memcached' in group_names"
- name: open prometheus-node-exporter ipv4 port for monitoring.archlinux.org
ansible.posix.firewalld: state=enabled permanent=true immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ prometheus_exporter_port }} accept"
when: "'prometheus' not in group_names"
- name: open gitlab exporter ipv4 port for monitoring.archlinux.org
ansible.posix.firewalld: state=enabled permanent=true immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ gitlab_runner_exporter_port }} accept"
when: "'gitlab_runners' in group_names"
- name: open prometheus mysqld exporter ipv4 port for monitoring.archlinux.org
ansible.posix.firewalld: state=enabled permanent=true immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ prometheus_mysqld_exporter_port }} accept"
when: "'mysql_servers' in group_names"
- name: open prometheus memcached exporter ipv4 port for monitoring.archlinux.org
ansible.posix.firewalld: state=enabled permanent=true immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ prometheus_memcached_exporter_port }} accept"
when: "'memcached' in group_names"
View Git Blame Copy Permalink