107 lines
2.1 KiB
YAML
107 lines
2.1 KiB
YAML
- name: ensure victoria logs group exists
|
|
group:
|
|
name: victoria-logs
|
|
system: true
|
|
tags:
|
|
- user
|
|
- group
|
|
- name: ensure victoria logs user exists
|
|
user:
|
|
name: victoria-logs
|
|
system: true
|
|
home: /var/lib/victoria-logs
|
|
group: victoria-logs
|
|
createhome: false
|
|
register: victoria_logs_user
|
|
tags:
|
|
- user
|
|
|
|
- name: ensure podman is installed
|
|
package:
|
|
name: podman
|
|
state: present
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure victoria logs container image is present
|
|
podman_image:
|
|
name: '{{ victoria_logs_container_image_repo }}'
|
|
tag: '{{ victoria_logs_container_image_tag }}'
|
|
state: present
|
|
tags:
|
|
- container
|
|
- container-image
|
|
|
|
- name: ensure victoria logs systemd container unit is configured
|
|
template:
|
|
src: victoria-logs.container.j2
|
|
dest: /etc/containers/systemd/victoria-logs.container
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
notify:
|
|
- reload systemd
|
|
- restart victoria-logs
|
|
tags:
|
|
- systemd
|
|
- container
|
|
|
|
- name: flush handlers
|
|
meta: flush_handlers
|
|
|
|
- name: ensure victoria logs is running
|
|
service:
|
|
name: victoria-logs
|
|
state: started
|
|
tags:
|
|
- service
|
|
|
|
- name: ensure firewall is configured for victoria logs
|
|
firewalld:
|
|
port: '{{ item }}'
|
|
immediate: true
|
|
permanent: true
|
|
state: enabled
|
|
loop: '{{ victoria_logs_firewall_ports }}'
|
|
when: host_uses_firewalld|d(true)
|
|
tags:
|
|
- firewalld
|
|
|
|
- name: ensure caddy tls client auth ca certificate is installed
|
|
copy:
|
|
dest: /etc/caddy/victoria-logs-ca.crt
|
|
content: |+
|
|
{{ victoria_logs_tls_ca_cert }}
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
when: victoria_logs_tls_ca_cert|d(none)
|
|
notify:
|
|
- reload caddy
|
|
tags:
|
|
- caddy
|
|
- cert
|
|
- name: ensure caddy is configured to proxy for victoria logs
|
|
template:
|
|
src: Caddyfile.j2
|
|
dest: /etc/caddy/Caddyfile.d/victoria-logs.caddyfile
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
notify:
|
|
- reload caddy
|
|
tags:
|
|
- caddy
|
|
- config
|
|
|
|
- name: flush_handlers
|
|
meta: flush_handlers
|
|
|
|
- name: ensure caddy is running
|
|
service:
|
|
name: caddy
|
|
state: started
|
|
tags:
|
|
- caddy
|
|
- service
|