diff --git a/defaults/main.yml b/defaults/main.yml index c6cfa5c..bbb1c65 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -64,3 +64,15 @@ prometheus_postgres_exporter_port: 5432 prometheus_redis_exporter_addr: "redis://localhost:6379" prometheus_redis_exporter_user: "" prometheus_redis_exporter_password: "" + +## grafana + +grafana_auth_anonymous_enabled: false +grafana_auth_anonymous_org_role: Editor # Viewer +grafana_auth_anonymous_org_name: 'Main Org.' +grafana_auth_disable_login_form: false +grafana_editors_can_admin: false +grafana_users_viewers_can_edit: false +grafana_log_level: error +grafana_router_logging: false +grafana_disable_sanitize_html: true diff --git a/handlers/main.yml b/handlers/main.yml index 9ad332f..f49ff0d 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,9 +1,10 @@ --- -- name: 'prometheus | server | restart container' - docker_container: - name: prometheus - restart: yes - tags: ['prometheus'] +- name: 'grafana-prometheus | server | restart container' + systemd: + name: docker-compose@grafana-prometheus.service + state: restarted + enabled: yes + tags: ['grafana-prometheus'] - name: 'prometheus | node exporter | restart service' systemd: diff --git a/tasks/server/prometheus.yml b/tasks/server/prometheus.yml index e17ae3b..86d8eaf 100644 --- a/tasks/server/prometheus.yml +++ b/tasks/server/prometheus.yml @@ -32,33 +32,67 @@ mode: 0644 tags: ['prometheus_server'] notify: - - 'prometheus | server | restart container' + - 'grafana-prometheus | server | restart container' -- name: 'prometheus | server | deploy container' - docker_container: - name: prometheus - hostname: '{{ inventory_hostname }}' - image: prom/prometheus:{{ prometheus_server_version }} - volumes: - - /etc/prometheus/:/etc/prometheus/ - - prometheus_data:/prometheus - command: - - '--config.file=/etc/prometheus/prometheus.yml' - - '--storage.tsdb.path=/prometheus' - - '--storage.tsdb.retention.time={{ prometheus_retention_time }}' - - '--web.console.libraries=/usr/share/prometheus/console_libraries' - - '--web.console.templates=/usr/share/prometheus/consoles' - - '--web.enable-admin-api' - networks: - - name: '{{ prometheus_docker_network }}' - ports: - - "9090:9090" - log_driver: syslog - log_options: - tag: docker_prometheus - restart_policy: 'unless-stopped' - pull: '{{ prometheus_docker_pull }}' - etc_hosts: '{{ prometheus_nodes_ip }}' - tags: ['prometheus_server'] - notify: - - 'prometheus | server | restart container' +- name: "grafana-prometheus | create docker-compose directory" + file: + path: /opt/docker-compose/grafana-prometheus + state: directory + mode: '0755' + tags: [ 'grafana-prometheus', 'prometheus_server' ] + +- name: "grafana-prometheus | copy docker-compose file" + template: + src: compose/grafana-prometheus.yml.j2 + dest: /opt/docker-compose/grafana-prometheus/docker-compose.yml + owner: root + group: root + mode: 0644 + notify: "grafana-prometheus | server | restart container" + tags: [ 'grafana-prometheus' ] + +- name: "grafana-prometheus | create grafana.ini file" + file: + path: /opt/docker-compose/grafana-prometheus/grafana.ini + owner: '1000' + group: '1000' + mode: '0750' + state: touch + notify: "grafana-prometheus | server | restart container" + tags: [ 'grafana-prometheus' ] + ignore_errors: '{{ ansible_check_mode }}' + +- name: "grafana-prometheus | import grafana provisioned datasources" + synchronize: + src: "{{ grafana_provisioned_datasources_path }}" + dest: /opt/docker-compose/grafana-prometheus/ + when: grafana_provisioned_datasources_path is defined + notify: "grafana-prometheus | server | restart container" + tags: [ 'grafana-prometheus' ] + +- name: "grafana-prometheus | import grafana provisioned dashboards" + synchronize: + src: "{{ grafana_provisioned_dashboards_path }}" + dest: /opt/docker-compose/grafana-prometheus/ + when: grafana_provisioned_datasources_path is defined + notify: "grafana-prometheus | server | restart container" + tags: [ 'grafana-prometheus' ] + +- name: "grafana-prometheus | install unit file to systemd" + vars: + exporter: "grafana-prometheus" + template: + src: systemd/docker-compose.service.j2 + dest: /etc/systemd/system/docker-compose@grafana-prometheus.service + owner: root + group: root + mode: 0600 + tags: [ 'grafana-prometheus' ] + +- name: "grafana-prometheus | enable service" + systemd: + daemon_reload: yes + name: docker-compose@grafana-prometheus + enabled: true + ignore_errors: '{{ ansible_check_mode }}' + tags: [ 'grafana-prometheus' ] diff --git a/templates/compose/grafana-prometheus.yml.j2 b/templates/compose/grafana-prometheus.yml.j2 new file mode 100644 index 0000000..3a85b63 --- /dev/null +++ b/templates/compose/grafana-prometheus.yml.j2 @@ -0,0 +1,104 @@ +version: "3" + +networks: + grafana: + name: grafana +{% if grafana_traefik_enable is defined %} + traefik: + external: true +{% endif %} + +volumes: + prometheus-data: + grafana-data: + +services: + grafana: + image: grafana/grafana:{{ grafana_version | default('main') }} + container_name: grafana + user: "1000:1000" + restart: unless-stopped + volumes: + - grafana-data:/var/lib/grafana + - ./grafana.ini:/etc/grafana/grafana.ini + - ./dashboards:/etc/grafana/provisioning/dashboards/ + - ./datasources:/etc/grafana/provisioning/datasources/ + environment: + GF_AUTH_ANONYMOUS_ENABLED: "{{ grafana_auth_anonymous_enabled|string|lower }}" + GF_AUTH_ANONYMOUS_ORG_ROLE: "{{ grafana_auth_anonymous_org_role }}" + GF_AUTH_ANONYMOUS_ORG_NAME: "{{ grafana_auth_anonymous_org_name }}" + GF_AUTH_DISABLE_LOGIN_FORM: "{{ grafana_auth_disable_login_form|string|lower }}" + GF_AUTH_EDITORS_CAN_ADMIN: "{{ grafana_editors_can_admin|string|lower }}" +{% if grafana_admin_password is defined %} + GF_SECURITY_ADMIN_PASSWORD: "{{ grafana_admin_password }}" +{% endif %} + GF_USERS_VIEWERS_CAN_EDIT: "{{ grafana_users_viewers_can_edit|string|lower }}" +{% if grafana_admin_password is defined %} + GF_ROOT_URL: "{{ grafana_domain }}" +{% endif %} + GF_LOG_LEVEL: "{{ grafana_log_level|string }}" + GF_ROUTER_LOGGING: "{{ grafana_router_logging|string|lower }}" + GF_PANELS_DISABLE_SANITIZE_HTML: "{{ grafana_disable_sanitize_html|string|lower }}" +{% if grafana_install_plugins is defined %} + GF_INSTALL_PLUGINS: "{{ grafana_install_plugins|string|lower }}" +{% endif %} +{% if grafana_smtp_enabled is defined %} + GF_SMTP_ENABLED: "{{ grafana_smtp_enabled|string|lower }}" + GF_SMTP_HOST: "{{ grafana_smtp_host|string }}" + GF_SMTP_FROM_ADDRESS: "{{ grafana_smtp_from_address|string }}" + GF_SMTP_FROM_NAME: "{{ grafana_smtp_from_name|string }}" + GF_SMTP_SKIP_VERIFY: "{{ grafana_smtp_skip_verify|string|lower }}" +{% else %} + GF_SMTP_ENABLED: "false" +{% endif %} + networks: + - grafana +{% if grafana_traefik_enable is defined %} + - traefik + labels: + traefik.enable: true + traefik.docker.network: traefik + traefik.http.routers.grafana.rule: Host(`{{ grafana_domain|default(omit) }}`) + traefik.http.routers.grafana.tls: true + traefik.http.routers.grafana.tls.certresolver: letsencrypt + traefik.http.routers.grafana.entrypoints: websecure + traefik.http.services.grafana.loadbalancer.server.port: 3000 +{% else %} + ports: + - "{{ grafana_port | default(3000) }}:3000" +{% endif %} + + prometheus: + container_name: prometheus + image: prom/prometheus:{{ grafana_prometheus_version | default('latest') }} + volumes: + - /etc/prometheus/:/etc/prometheus/ + - prometheus-data:/prometheus + command: + - '--config.file=/etc/prometheus/prometheus.yml' + - '--storage.tsdb.path=/prometheus' + - '--storage.tsdb.retention.time={{ prometheus_retention_time }}' + - '--web.enable-lifecycle' + networks: + - grafana +{% if grafana_traefik_enable is defined %} + - traefik + labels: + traefik.enable: true + traefik.docker.network: traefik + traefik.http.routers.prometheus.rule: Host(`{{ prometheus_domain|default(omit) }}`) + traefik.http.routers.prometheus.tls: true + traefik.http.routers.prometheus.tls.certresolver: letsencrypt + traefik.http.routers.prometheus.entrypoints: websecure + traefik.http.services.prometheus.loadbalancer.server.port: 9090 +{% else %} + ports: + - "{{ prometheus_port | default(9090) }}:9090" +{% endif %} +{% if prometheus_nodes_ip is defined %} + extra_hosts: +{% for key, value in prometheus_nodes_ip.items() %} + - "{{ key }}:{{ value }}" +{% endfor %} +{% endif %} + restart: unless-stopped diff --git a/templates/conf/prometheus.yml.j2 b/templates/conf/prometheus.yml.j2 index d208c49..9661eef 100644 --- a/templates/conf/prometheus.yml.j2 +++ b/templates/conf/prometheus.yml.j2 @@ -46,8 +46,8 @@ scrape_configs: target_label: instance regex: '(.*):9100' replacement: '${1}' -{% endif %} +{% endif %} {% if prometheus_mysqld_exporter_targets is defined %} # mysql exporter # - job_name: mysql @@ -74,8 +74,8 @@ scrape_configs: target_label: instance regex: '(.*):9104' replacement: '${1}' -{% endif %} +{% endif %} {% if prometheus_mongodb_exporter_targets is defined %} # mongoDB exporter # - job_name: mongodb @@ -97,8 +97,8 @@ scrape_configs: - {{ target }}:9216 {% endfor %} {% endif %} -{% endif %} +{% endif %} {% if prometheus_postgres_exporter_targets is defined %} # postgresql exporter # - job_name: postgresql @@ -120,8 +120,8 @@ scrape_configs: - {{ target }}:9187 {% endfor %} {% endif %} -{% endif %} +{% endif %} {% if prometheus_phpfpm_exporter_targets is defined %} # PHP-FPM exporter # - job_name: phpfpm @@ -137,8 +137,8 @@ scrape_configs: target_label: instance regex: '(.*):9253' replacement: '${1}' -{% endif %} +{% endif %} {% if prometheus_opcache_exporter_targets is defined %} # opcache exporter # - job_name: opcache @@ -154,8 +154,8 @@ scrape_configs: target_label: instance regex: '(.*):9101' replacement: '${1}' -{% endif %} +{% endif %} {% if prometheus_apache_exporter_targets is defined %} # apache exporter # - job_name: apache @@ -171,8 +171,8 @@ scrape_configs: target_label: instance regex: '(.*):9117' replacement: '${1}' -{% endif %} +{% endif %} {% if prometheus_haproxy_exporter_targets is defined %} # haproxy exporter # - job_name: haproxy @@ -188,8 +188,8 @@ scrape_configs: target_label: instance regex: '(.*):8404' replacement: '${1}' -{% endif %} +{% endif %} {% if prometheus_varnish_exporter_targets is defined %} # Varnish exporter # - job_name: varnish @@ -205,8 +205,8 @@ scrape_configs: target_label: instance regex: '(.*):9131' replacement: '${1}' -{% endif %} +{% endif %} {% if prometheus_blackbox_exporter is defined %} # blackbox # {% if prometheus_blackbox_exporter_http is defined %} @@ -250,8 +250,8 @@ scrape_configs: - target_label: __address__ replacement: {{ prometheus_blackbox_exporter_host }}:9115 {% endif %} -{% endif %} +{% endif %} {% if prometheus_redis_multi_instances_exporter_targets is defined %} # Redis exporter # - job_name: 'redis_exporter_targets' @@ -270,8 +270,8 @@ scrape_configs: target_label: __address__ regex: 'redis://(.*):63..' replacement: '${1}:9121' -{% endif %} +{% endif %} {% if prometheus_redis_exporter_targets is defined %} # Redis exporter # - job_name: redis @@ -287,8 +287,8 @@ scrape_configs: target_label: instance regex: '(.*):9121' replacement: '${1}' -{% endif %} +{% endif %} {% if prometheus_proxysql_exporter_targets is defined %} # ProxySQL exporter # - job_name: proxysql @@ -304,8 +304,8 @@ scrape_configs: regex: '(.*):6070' replacement: '${1}' {% endfor %} -{% endif %} +{% endif %} {% if prometheus_kong_exporter_targets is defined %} # Kong exporter # - job_name: kong @@ -320,8 +320,8 @@ scrape_configs: {% for target in prometheus_kong_exporter_targets %} - {{ target }} {% endfor %} -{% endif %} +{% endif %} {% if prometheus_memcached_exporter_targets is defined %} # Memcached exporter # - job_name: memcached @@ -337,8 +337,8 @@ scrape_configs: target_label: instance regex: '(.*):9150' replacement: '${1}' -{% endif %} +{% endif %} {% if prometheus_docker_exporter_targets is defined %} # Docker exporter # - job_name: docker @@ -354,8 +354,8 @@ scrape_configs: target_label: instance regex: '(.*):9323' replacement: '${1}' -{% endif %} +{% endif %} {% if prometheus_cadvisor_exporter_targets is defined %} # cadvisor # - job_name: cadvisor @@ -370,8 +370,8 @@ scrape_configs: target_label: instance regex: '(.*):8080' replacement: '${1}' -{% endif %} +{% endif %} {% if prometheus_cloudflare_exporter_targets is defined %} # cloudflare # - job_name: cloudflare @@ -386,8 +386,8 @@ scrape_configs: target_label: instance regex: '(.*):8082' replacement: '${1}' -{% endif %} +{% endif %} {% if prometheus_pve_exporter_targets is defined %} # proxmox # - job_name: pve