diff --git a/group_vars/all.yml b/group_vars/all.yml index 47a761d..2732950 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -83,3 +83,20 @@ firemon_networks: - 172.24.16.0/20 - 172.28.33.0/24 - 10.64.11.0/24 + +promtail_clients: +- url: https://loki.pyrocufflink.blue/loki/api/v1/push + tls_config: + ca_file: /etc/promtail/ca.crt +promtail_ca: | + -----BEGIN CERTIFICATE----- + MIIBgTCCATOgAwIBAgIUTf/ZBSJEi8IQb8Ndoxp4/tHB/lcwBQYDK2VwMEAxCzAJ + BgNVBAYTAlVTMRgwFgYDVQQKDA9EdXN0aW4gQy4gSGF0Y2gxFzAVBgNVBAMMDkRD + SCBSb290IENBIFIzMB4XDTI0MDIxNzIwMjkzNloXDTM0MDIxNzIwMjkzNlowQDEL + MAkGA1UEBhMCVVMxGDAWBgNVBAoMD0R1c3RpbiBDLiBIYXRjaDEXMBUGA1UEAwwO + RENIIFJvb3QgQ0EgUjMwKjAFBgMrZXADIQDORylVcWcxwGDJvsJIc2NctfNfDaIU + T6mLebahKdshaKM/MD0wHQYDVR0OBBYEFLZoxAHBvWqbLWMga/DAAlG9ido5MA8G + A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMAUGAytlcANBANLV79joVd9s9bmL + 0a91HqvOotOnN/416Ek4UTl95jIqy/TvTfRjXX56wSALXqP1iYQM5i3zk3gVEhh4 + DaY+6wQ= + -----END CERTIFICATE----- diff --git a/promtail.yml b/promtail.yml new file mode 100644 index 0000000..4a5625d --- /dev/null +++ b/promtail.yml @@ -0,0 +1,3 @@ +- hosts: '!kubelet' + roles: + - promtail diff --git a/roles/promtail/defaults/main.yml b/roles/promtail/defaults/main.yml new file mode 100644 index 0000000..e5066e7 --- /dev/null +++ b/roles/promtail/defaults/main.yml @@ -0,0 +1,24 @@ +promtail_positions_file: /tmp/positions.yaml + +promtail_clients: + - url: http://localhost:3100/loki/api/v1/push + +promtail_scrape_configs: +- '{{ promtail_default_scrape.journal }}' + +promtail_ca: '' + +promtail_config: + server: + http_listen_port: 9080 + grpc_listen_port: 0 + + positions: + filename: >- + {{ promtail_positions_file }} + + clients: >- + {{ promtail_clients }} + + scrape_configs: >- + {{ promtail_scrape_configs }} diff --git a/roles/promtail/files/grafana-promtail.repo b/roles/promtail/files/grafana-promtail.repo new file mode 100644 index 0000000..bb3cdd4 --- /dev/null +++ b/roles/promtail/files/grafana-promtail.repo @@ -0,0 +1,8 @@ +[grafana-promtail] +name=grafana-promtail +baseurl=https://rpm.grafana.com +repo_gpgcheck=1 +enabled=1 +gpgcheck=1 +gpgkey=https://rpm.grafana.com/gpg.key +includepkgs=promtail diff --git a/roles/promtail/handlers/main.yml b/roles/promtail/handlers/main.yml new file mode 100644 index 0000000..4438971 --- /dev/null +++ b/roles/promtail/handlers/main.yml @@ -0,0 +1,4 @@ +- name: reload promtail + service: + name: promtail + state: restarted diff --git a/roles/promtail/tasks/deploy.yml b/roles/promtail/tasks/deploy.yml new file mode 100644 index 0000000..dbdb7c5 --- /dev/null +++ b/roles/promtail/tasks/deploy.yml @@ -0,0 +1,64 @@ +- name: ensure promtail user is a member of systemd-journal group + user: + name: promtail + system: true + groups: systemd-journal + append: true + shell: /bin/false + state: present + tags: + - user + +- name: ensure promtail is configured + copy: + content: | + {{ promtail_config | to_nice_yaml(indent=2) }} + dest: /etc/promtail/config.yml + mode: u=rw,go=r + owner: root + group: root + notify: + - reload promtail + tags: + - config + +- name: ensure promtail ca certificate is set + copy: + content: |- + {{ promtail_ca }} + dest: /etc/promtail/ca.crt + owner: root + group: root + mode: u=rw,go=r + notify: + - reload promtail + tags: + - config + - cert + +- name: ensure promtail service starts at boot + service: + name: promtail + enabled: true + tags: + - service + +- name: ensure promtail is running + service: + name: promtail + state: started + tags: + - service + +- name: ensure promtail http port is open in the firewall + firewalld: + port: >- + {{ promtail_config.server.http_listen_port }}/tcp + permanent: true + immediate: true + state: enabled + when: >- + promtail_config.server.http_listen_port|d(0) > 0 + and host_uses_firewalld|d(true) + tags: + - firewall diff --git a/roles/promtail/tasks/install.yml b/roles/promtail/tasks/install.yml new file mode 100644 index 0000000..d1e7126 --- /dev/null +++ b/roles/promtail/tasks/install.yml @@ -0,0 +1,14 @@ +- name: ensure grafana-promtail yum repository is configured + copy: + src: grafana-promtail.repo + dest: /etc/yum.repos.d/grafana-promtail.repo + owner: root + group: root + mode: u=rw,go=r + tags: + - repo + +- name: ensure promtail is installed + package: + name: promtail + state: present diff --git a/roles/promtail/tasks/main.yml b/roles/promtail/tasks/main.yml new file mode 100644 index 0000000..9323bff --- /dev/null +++ b/roles/promtail/tasks/main.yml @@ -0,0 +1,7 @@ +- block: + - import_tasks: install.yml + tags: + - install + - import_tasks: deploy.yml + tags: + - promtail diff --git a/roles/promtail/vars/main.yml b/roles/promtail/vars/main.yml new file mode 100644 index 0000000..da4dd58 --- /dev/null +++ b/roles/promtail/vars/main.yml @@ -0,0 +1,29 @@ +promtail_default_scrape: + journal: + job_name: journal + journal: + json: false + labels: + job: systemd-journal + relabel_configs: + - source_labels: + - __journal__hostname + target_label: hostname + - source_labels: + - __journal__systemd_unit + target_label: unit + - source_labels: + - __journal_syslog_identifier + target_label: syslog_identifier + - source_labels: + - __journal_priority + target_label: priority + - source_labels: + - __journal_message_id + target_label: message_id + - source_labels: + - __journal__comm + target_label: command + - source_labels: + - __journal__transport + target_label: transport