kolla-ansible/ansible/roles/prometheus/tasks/config.yml
Christian Berendt 4f78c696c2 Do not become root when searching for custom prometheus alert rules files
Change-Id: I6da412d6d3e7d067c8d903ee884711ac509d24aa
2021-10-04 09:49:58 +02:00

214 lines
7.3 KiB
YAML

---
- name: Ensuring config directories exist
become: true
file:
path: "{{ node_config_directory }}/{{ item.key }}"
state: "directory"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ prometheus_services }}"
- include_tasks: copy-certs.yml
when:
- kolla_copy_ca_into_containers | bool
- name: Copying over config.json files
become: true
template:
src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
mode: "0660"
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ prometheus_services }}"
notify:
- Restart {{ item.key }} container
- name: Find custom prometheus alert rules files
find:
path: "{{ node_custom_config }}/prometheus/"
pattern: "*.rules"
run_once: True
delegate_to: localhost
register: prometheus_alert_rules
when:
- enable_prometheus_alertmanager | bool
- name: Copying over custom prometheus alert rules files
become: true
vars:
service: "{{ prometheus_services['prometheus-server'] }}"
copy:
src: "{{ item.path }}"
dest: "{{ node_config_directory }}/prometheus-server/{{ item.path | basename }}"
mode: "0660"
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool and enable_prometheus_alertmanager | bool
- prometheus_alert_rules is defined and prometheus_alert_rules.files | length > 0
with_items: "{{ prometheus_alert_rules.files }}"
notify:
- Restart prometheus-server container
- name: Find prometheus common config overrides
find:
# NOTE(wszumski): Non-existent paths don't produce a failure
paths:
- "{{ node_custom_config }}/prometheus/prometheus.yml.d"
patterns: "*.yml"
delegate_to: localhost
register: prometheus_common_config_overrides_result
run_once: true
- name: Find prometheus host config overrides
find:
# NOTE(wszumski): Non-existent paths don't produce a failure
paths:
- "{{ node_custom_config }}/prometheus/{{ inventory_hostname }}/prometheus.yml.d"
patterns: "*.yml"
delegate_to: localhost
register: prometheus_host_config_overrides_result
# NOTE(yoctozepto): this cannot be run_once
run_once: false
- name: Copying over prometheus config file
become: true
vars:
service: "{{ prometheus_services['prometheus-server'] }}"
common_overrides: "{{ prometheus_common_config_overrides_result.files | map(attribute='path') | list }}"
host_overrides: "{{ prometheus_host_config_overrides_result.files | map(attribute='path') | list }}"
merge_yaml:
sources: "{{ [item] + common_overrides + host_overrides }}"
dest: "{{ node_config_directory }}/prometheus-server/prometheus.yml"
mode: "0660"
extend_lists: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_first_found:
- "{{ node_custom_config }}/prometheus/{{ inventory_hostname }}/prometheus.yml"
- "{{ node_custom_config }}/prometheus/prometheus.yml"
- "{{ role_path }}/templates/prometheus.yml.j2"
notify:
- Restart prometheus-server container
- name: Copying over prometheus alertmanager config file
become: true
vars:
service: "{{ prometheus_services['prometheus-alertmanager'] }}"
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/prometheus-alertmanager/prometheus-alertmanager.yml"
mode: "0660"
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_first_found:
- "{{ node_custom_config }}/prometheus/{{ inventory_hostname }}/prometheus-alertmanager.yml"
- "{{ node_custom_config }}/prometheus/prometheus-alertmanager.yml"
- "{{ role_path }}/templates/prometheus-alertmanager.yml.j2"
notify:
- Restart prometheus-alertmanager container
- name: Copying over my.cnf for mysqld_exporter
become: true
vars:
service: "{{ prometheus_services['prometheus-mysqld-exporter'] }}"
merge_configs:
sources:
- "{{ node_custom_config }}/prometheus-mysqld-exporter/{{ inventory_hostname }}/my.cnf"
- "{{ node_custom_config }}/prometheus-mysqld-exporter/my.cnf"
- "{{ role_path }}/templates/my.cnf.j2"
dest: "{{ node_config_directory }}/prometheus-mysqld-exporter/my.cnf"
mode: "0660"
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
notify:
- Restart prometheus-mysqld-exporter container
- name: Copying cloud config file for openstack exporter
become: true
vars:
service: "{{ prometheus_services['prometheus-openstack-exporter'] }}"
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/prometheus-openstack-exporter/clouds.yml"
mode: "0660"
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_first_found:
- "{{ node_custom_config }}/prometheus-openstack-exporter/{{ inventory_hostname }}/clouds.yml"
- "{{ node_custom_config }}/prometheus-openstack-exporter/clouds.yml"
- "{{ role_path }}/templates/clouds.yml.j2"
notify:
- Restart prometheus-openstack-exporter container
- name: Copying config file for blackbox exporter
become: true
vars:
service: "{{ prometheus_services['prometheus-blackbox-exporter'] }}"
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/prometheus-blackbox-exporter/prometheus-blackbox-exporter.yml"
mode: "0660"
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_first_found:
- "{{ node_custom_config }}/prometheus/{{ inventory_hostname }}/prometheus-blackbox-exporter.yml"
- "{{ node_custom_config }}/prometheus/prometheus-blackbox-exporter.yml"
- "{{ role_path }}/templates/prometheus-blackbox-exporter.yml.j2"
notify:
- Restart prometheus-blackbox-exporter container
- block:
- name: Find extra prometheus server config files
find:
paths: "{{ node_custom_config }}/prometheus/extras/"
patterns: "*"
recurse: true
delegate_to: localhost
register: prometheus_config_extras_result
run_once: true
- name: Create subdirectories for extra config files
become: true
vars:
dirs: >-
{{ prometheus_config_extras_result.files | default([])
| map(attribute='path') | map('dirname') | unique
| map('relpath', base) | list }}
file:
path: "{{ node_config_directory }}/prometheus-server/{{ item }}"
state: "directory"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
recurse: true
with_items: "{{ dirs }}"
- name: Template extra prometheus server config files
become: true
vars:
relpath: "{{ item | relpath(base) }}"
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/prometheus-server/{{ relpath }}"
mode: "0660"
with_items: "{{ prometheus_config_extras_result.files | default([]) | map(attribute='path') | list }}"
notify:
- Restart prometheus-server container
vars:
base: "{{ node_custom_config }}/prometheus/"
service: "{{ prometheus_services['prometheus-server'] }}"
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool