homelab/roles/prometheus/tasks/main.yml

72 lines
2.3 KiB
YAML

- name: Install Prometheus node exporter
ansible.builtin.apt:
name: prometheus-node-exporter
state: present
- name: Run Prometheus node exporter
ansible.builtin.service:
name: prometheus-node-exporter
state: started
- name: Create Prometheus data directory
ansible.builtin.file:
path: "{{ prom_root }}/prometheus"
state: directory
owner: nobody
- name: Create Prometheus config directory
ansible.builtin.file:
path: "{{ prom_root }}/config"
state: directory
- name: Install Prometheus configuration
ansible.builtin.template:
src: prometheus.yml.j2
dest: "{{ prom_root }}/config/prometheus.yml"
- name: Create Prometheus network
community.general.docker_network:
name: "{{ prom_name }}"
- name: Start Prometheus container
community.general.docker_container:
name: "{{ prom_name }}"
image: prom/prometheus:{{ prom_version }}
state: started
restart_policy: always
volumes:
- "{{ prom_root }}/config:/etc/prometheus"
- "{{ prom_root }}/prometheus:/prometheus"
networks_cli_compatible: true
networks:
- name: "{{ prom_name }}"
- name: traefik
labels:
traefik.http.routers.prometheus.rule: "Host(`{{ prom_domain }}`)"
traefik.http.routers.prometheus.entrypoints: websecure
traefik.http.routers.prometheus.middlewares: "securehttps@file,localonly"
traefik.http.routers.prometheus.tls.certresolver: letsencrypt
traefik.http.middlewares.localonly.ipwhitelist.sourcerange: "{{ traefik_localonly }}"
traefik.docker.network: traefik
traefik.enable: "true"
- name: Start Grafana container
community.general.docker_container:
name: "{{ grafana_name }}"
image: grafana/grafana:{{ grafana_version }}
state: started
restart_policy: always
user: root
volumes: "{{ grafana_root }}:/var/lib/grafana"
networks_cli_compatible: true
networks:
- name: "{{ prom_name }}"
- name: traefik
labels:
traefik.http.routers.grafana.rule: "Host(`{{ grafana_domain }}`)"
traefik.http.routers.grafana.entrypoints: websecure
traefik.http.routers.grafana.tls.certresolver: letsencrypt
traefik.http.routers.grafana.middlewares: "securehttps@file"
traefik.docker.network: traefik
traefik.enable: "true"