S37: Ansible monitoring-client role + promtail template
- SHA
82c7a0ba63ce7f8cba7593b8327e89df9d5ec6f1- Parents
-
3ab6f7d - Tree
6bfa38f
tenseleyflow/shithub
/
82c7a0b
Browse files
3 changed files
deploy/ansible/roles/monitoring-client/handlers/main.ymladded@@ -0,0 +1,5 @@ | ||
| 1 | +--- | |
| 2 | +- name: daemon-reload | |
| 3 | + systemd: { daemon_reload: yes } | |
| 4 | +- name: restart promtail | |
| 5 | + systemd: { name: promtail, state: restarted, enabled: yes } | |
deploy/ansible/roles/monitoring-client/tasks/main.ymladded@@ -0,0 +1,48 @@ | ||
| 1 | +--- | |
| 2 | +# SPDX-License-Identifier: AGPL-3.0-or-later | |
| 3 | +# Promtail (logs → Loki) + node_exporter (metrics → Prometheus). | |
| 4 | +# Both scrape over the WireGuard mesh from the bare-metal box; the | |
| 5 | +# droplet's metrics endpoints aren't exposed to the public internet. | |
| 6 | + | |
| 7 | +- name: node_exporter — install | |
| 8 | + apt: { name: prometheus-node-exporter, state: present } | |
| 9 | + | |
| 10 | +- name: node_exporter — service started | |
| 11 | + systemd: { name: prometheus-node-exporter, state: started, enabled: yes } | |
| 12 | + | |
| 13 | +- name: Promtail — install | |
| 14 | + shell: | | |
| 15 | + if ! command -v promtail >/dev/null; then | |
| 16 | + VER=2.9.4 | |
| 17 | + curl -sSL "https://github.com/grafana/loki/releases/download/v${VER}/promtail-linux-amd64.zip" -o /tmp/promtail.zip | |
| 18 | + unzip -o /tmp/promtail.zip -d /usr/local/bin/ | |
| 19 | + mv /usr/local/bin/promtail-linux-amd64 /usr/local/bin/promtail | |
| 20 | + chmod +x /usr/local/bin/promtail | |
| 21 | + fi | |
| 22 | + args: | |
| 23 | + creates: /usr/local/bin/promtail | |
| 24 | + | |
| 25 | +- name: promtail config | |
| 26 | + template: | |
| 27 | + src: promtail-config.yml.j2 | |
| 28 | + dest: /etc/promtail/config.yml | |
| 29 | + mode: "0644" | |
| 30 | + notify: restart promtail | |
| 31 | + | |
| 32 | +- name: promtail systemd unit | |
| 33 | + copy: | |
| 34 | + dest: /etc/systemd/system/promtail.service | |
| 35 | + content: | | |
| 36 | + [Unit] | |
| 37 | + Description=Promtail log shipper | |
| 38 | + After=network.target | |
| 39 | + [Service] | |
| 40 | + ExecStart=/usr/local/bin/promtail -config.file=/etc/promtail/config.yml | |
| 41 | + Restart=on-failure | |
| 42 | + [Install] | |
| 43 | + WantedBy=multi-user.target | |
| 44 | + mode: "0644" | |
| 45 | + notify: [daemon-reload, restart promtail] | |
| 46 | + | |
| 47 | +- name: promtail enabled | |
| 48 | + systemd: { name: promtail, state: started, enabled: yes } | |
deploy/ansible/roles/monitoring-client/templates/promtail-config.yml.j2added@@ -0,0 +1,34 @@ | ||
| 1 | +# Managed by Ansible. Ships caddy + journald (shithubd) logs to Loki | |
| 2 | +# on the bare-metal monitoring host over WireGuard. | |
| 3 | + | |
| 4 | +server: | |
| 5 | + http_listen_port: 9080 | |
| 6 | + grpc_listen_port: 0 | |
| 7 | + | |
| 8 | +positions: | |
| 9 | + filename: /var/lib/promtail/positions.yaml | |
| 10 | + | |
| 11 | +clients: | |
| 12 | + - url: http://10.7.0.1:3100/loki/api/v1/push # WG IP of metal box | |
| 13 | + | |
| 14 | +scrape_configs: | |
| 15 | + - job_name: caddy | |
| 16 | + static_configs: | |
| 17 | + - targets: [localhost] | |
| 18 | + labels: | |
| 19 | + job: caddy | |
| 20 | + host: {{ ansible_hostname }} | |
| 21 | + __path__: /var/log/caddy/*.log | |
| 22 | + | |
| 23 | + - job_name: shithubd | |
| 24 | + journal: | |
| 25 | + max_age: 12h | |
| 26 | + labels: | |
| 27 | + job: shithubd | |
| 28 | + host: {{ ansible_hostname }} | |
| 29 | + relabel_configs: | |
| 30 | + - source_labels: ['__journal__systemd_unit'] | |
| 31 | + regex: 'shithubd-.+\.service' | |
| 32 | + action: keep | |
| 33 | + - source_labels: ['__journal__systemd_unit'] | |
| 34 | + target_label: 'unit' | |