prometheus: First version of role

roles/prometheus/files/prometheus.service

@@ -0,0 +1,23 @@
+[Unit]
+Description=Prometheus
+After=network-online.target
+Requires=local-fs.target
+After=local-fs.target
+
+[Service]
+Type=simple
+Environment="GOMAXPROCS={{ ansible_processor_vcpus|default(ansible_processor_count) }}"
+User=prometheus
+Group=prometheus
+UMask=007
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStart=/usr/local/sbin/prometheus \
+    --config.file=/srv/prometheus/prometheus.yml \
+    --log.level=info \
+    --storage.tsdb.path=/srv/prometheus/data \
+    --storage.tsdb.retention.time=365d \
+    --web.console.libraries=/usr/local/share/prometheus/console_libraries
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

roles/prometheus/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Restart prometheus
+  ansible.builtin.service:
+    name: prometheus
+    state: restarted

roles/prometheus/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - {role: nginx/server}

roles/prometheus/tasks/main.yml

@@ -0,0 +1,115 @@
+---
+- name: Create group
+  ansible.builtin.group:
+    name: prometheus
+    gid: 305
+
+- name: Create user
+  ansible.builtin.user:
+    name: prometheus
+    comment: Service Prometheus
+    createhome: false
+    group: prometheus
+    home: /var/empty
+    shell: /sbin/nologin
+    uid: 305
+
+- name: Extract package
+  ansible.builtin.unarchive:
+    src: https://github.com/prometheus/prometheus/releases/download/v2.45.0/prometheus-2.45.0.linux-amd64.tar.gz
+    dest: /usr/local/src
+    owner: root
+    group: "{{ ansible_wheel }}"
+    remote_src: true
+
+- name: Copy binaries
+  ansible.builtin.copy:
+    dest: "/usr/local/sbin/{{ item }}"
+    src: "/usr/local/src/prometheus-2.45.0.linux-amd64/{{ item }}"
+    mode: "0755"
+    owner: root
+    group: "{{ ansible_wheel }}"
+    remote_src: true
+  with_items:
+    - promtool
+    - prometheus
+
+- name: Create data directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: "0750"
+    owner: root
+    group: prometheus
+  with_items:
+    - /export/prometheus
+    - /export/prometheus/node.d
+
+- name: Link data directory
+  ansible.builtin.file:
+    path: /srv/prometheus
+    src: /export/prometheus
+    state: link
+    owner: root
+    group: "{{ ansible_wheel }}"
+    follow: false
+
+- name: Create database directory
+  ansible.builtin.file:
+    path: /srv/prometheus/data
+    state: directory
+    mode: "0770"
+    owner: root
+    group: prometheus
+
+- name: Create configuration
+  ansible.builtin.template:
+    dest: /srv/prometheus/prometheus.yml
+    src: prometheus.yml.j2
+    mode: "0640"
+    owner: root
+    group: prometheus
+  notify: Restart prometheus
+
+- name: Create host configs
+  ansible.builtin.template:
+    dest: "/srv/prometheus/node.d/{{ item }}"
+    src: node.json.j2
+    mode: "0640"
+    owner: root
+    group: prometheus
+  notify: Restart prometheus
+  with_items: "{{ groups['all'] }}"
+
+- name: Create service file
+  ansible.builtin.copy:
+    dest: /etc/systemd/system/prometheus.service
+    src: prometheus.service
+    mode: "0644"
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart prometheus
+
+- name: Enable service
+  ansible.builtin.service:
+    name: prometheus
+    state: started
+    enabled: true
+
+- name: Allow nginx to connect prometheus
+  ansible.posix.seboolean:
+    name: httpd_can_network_connect
+    state: true
+    persistent: true
+
+- name: Copy nginx config
+  ansible.builtin.copy:
+    dest: "/etc/nginx/conf.d/{{ inventory_hostname }}/prometheus.conf"
+    content: |
+      location / {
+        proxy_pass http://127.0.0.1:9090;
+      }
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart nginx

roles/prometheus/templates/node.json.j2

@@ -0,0 +1,10 @@
+[
+  {
+    "labels": {
+      "instance": "{{ item }}"
+    },
+    "targets": [
+      "{{ item }}"
+    ]
+  }
+]

roles/prometheus/templates/prometheus.yml.j2

@@ -0,0 +1,16 @@
+---
+global:
+  scrape_interval: 1m
+  scrape_timeout: 10s
+  evaluation_interval: 1m
+
+scrape_configs:
+  - job_name: node
+    scheme: https
+    tls_config:
+      ca_file: "{{ tls_certs }}/ca.crt"
+      key_file: "{{ tls_private }}/{{ inventory_hostname }}.key"
+      cert_file: "{{ tls_certs }}/{{ inventory_hostname }}.crt"
+    file_sd_configs:
+      - files:
+        - /srv/prometheus/node.d/*.json