From 68bdac0af7f929b27fc2b52ba05599a6adf68f38 Mon Sep 17 00:00:00 2001 From: Ranabir Chakraborty Date: Sat, 26 Oct 2024 20:31:28 +0530 Subject: [PATCH] Removing AWS from the collection and making it general --- README.md | 29 +--- galaxy.yml | 7 +- inventory/cloud_aws_ec2.yml | 19 --- inventory/group_vars/all.yml | 3 - inventory/group_vars/eu_central_1.yml | 2 +- inventory/group_vars/rhbk.yml | 2 +- inventory/group_vars/us_east_2.yml | 2 +- playbooks/infra-down.yml | 8 - playbooks/infra-up.yml | 8 - playbooks/roles/aws/README.md | 67 -------- playbooks/roles/aws/defaults/main.yml | 79 --------- playbooks/roles/aws/files | 1 - playbooks/roles/aws/handlers/main.yml | 2 - playbooks/roles/aws/meta/argument_specs.yml | 38 ----- playbooks/roles/aws/tasks/create.yml | 152 ------------------ playbooks/roles/aws/tasks/destroy.yml | 77 --------- playbooks/roles/aws/tasks/destroy_net.yml | 39 ----- playbooks/roles/aws/tasks/instance.yml | 95 ----------- playbooks/roles/aws/tasks/main.yml | 3 - playbooks/roles/aws/tasks/vpc.yml | 60 ------- playbooks/roles/aws/tasks/vpc_subnet.yml | 23 --- requirements.yml | 2 - roles/certificates/README.md | 45 ++++++ roles/certificates/defaults/main.yml | 6 + roles/certificates/files/keystore.jks | Bin 0 -> 2265 bytes roles/certificates/files/my-root-ca.crt.pem | 23 +++ roles/certificates/handlers/main.yml | 4 + roles/certificates/meta/main.yml | 21 +++ roles/certificates/tasks/main.yml | 37 +++++ roles/fastpackages/README.md | 39 +++++ roles/fastpackages/defaults/main.yml | 2 + roles/fastpackages/meta/main.yml | 20 +++ roles/fastpackages/tasks/main.yml | 17 ++ roles/promtail/README.md | 45 ++++++ roles/promtail/defaults/main.yml | 8 + roles/promtail/handlers/main.yml | 12 ++ .../aws => roles/promtail}/meta/main.yml | 7 +- roles/promtail/tasks/main.yml | 64 ++++++++ roles/promtail/templates/promtail.service.j2 | 19 +++ roles/promtail/templates/promtail.yml.j2 | 33 ++++ roles => roles/roles | 0 41 files changed, 412 insertions(+), 708 deletions(-) delete mode 100644 inventory/cloud_aws_ec2.yml delete mode 100644 playbooks/infra-down.yml delete mode 100644 playbooks/infra-up.yml delete mode 100644 playbooks/roles/aws/README.md delete mode 100644 playbooks/roles/aws/defaults/main.yml delete mode 120000 playbooks/roles/aws/files delete mode 100644 playbooks/roles/aws/handlers/main.yml delete mode 100644 playbooks/roles/aws/meta/argument_specs.yml delete mode 100644 playbooks/roles/aws/tasks/create.yml delete mode 100644 playbooks/roles/aws/tasks/destroy.yml delete mode 100644 playbooks/roles/aws/tasks/destroy_net.yml delete mode 100644 playbooks/roles/aws/tasks/instance.yml delete mode 100644 playbooks/roles/aws/tasks/main.yml delete mode 100644 playbooks/roles/aws/tasks/vpc.yml delete mode 100644 playbooks/roles/aws/tasks/vpc_subnet.yml create mode 100644 roles/certificates/README.md create mode 100644 roles/certificates/defaults/main.yml create mode 100644 roles/certificates/files/keystore.jks create mode 100644 roles/certificates/files/my-root-ca.crt.pem create mode 100644 roles/certificates/handlers/main.yml create mode 100644 roles/certificates/meta/main.yml create mode 100644 roles/certificates/tasks/main.yml create mode 100644 roles/fastpackages/README.md create mode 100644 roles/fastpackages/defaults/main.yml create mode 100644 roles/fastpackages/meta/main.yml create mode 100644 roles/fastpackages/tasks/main.yml create mode 100644 roles/promtail/README.md create mode 100644 roles/promtail/defaults/main.yml create mode 100644 roles/promtail/handlers/main.yml rename {playbooks/roles/aws => roles/promtail}/meta/main.yml (69%) create mode 100644 roles/promtail/tasks/main.yml create mode 100644 roles/promtail/templates/promtail.service.j2 create mode 100644 roles/promtail/templates/promtail.yml.j2 rename roles => roles/roles (100%) diff --git a/README.md b/README.md index 2ec3d75..8c1768f 100644 --- a/README.md +++ b/README.md @@ -2,24 +2,23 @@ [![CI](https://github.com/ansible-middleware/rhbk-ha-cluster/actions/workflows/ci.yml/badge.svg)](https://github.com/ansible-middleware/rhbk-ha-cluster/actions/workflows/ci.yml) -Provision and deploy a Red Hat Build of Keycloak authentication service on multiple AWS regions via Ansible +Provision and deploy a Red Hat Build of Keycloak authentication service on multi-region clusters via Ansible ### Use case of rhbk-ha-cluster collection -The primary use case of the `rhbk-ha-cluster` collection is to install Red Hat Build of Keycloak (RHBK) with high availability (HA) across multiple AWS regions. This ensures that the authentication service is resilient, fault-tolerant, and capable of serving users even in the event of a regional failure. By leveraging AWS infrastructure, the collection automates the setup of RHBK in a highly available architecture, integrating with Data Grid for distributed caching and ensuring smooth, secure authentication. +The primary use case of the `rhbk-ha-cluster` collection is to install Red Hat Build of Keycloak (RHBK) with high availability (HA) across multi-region clusters. This ensures that the authentication service is resilient, fault-tolerant, and capable of serving users even in the event of a regional failure. The collection automates the setup of RHBK in a highly available architecture, integrating with Data Grid for distributed caching and ensuring smooth, secure authentication. ### 0. prerequisites -* The two regions that will host the authentication service (ie. us-east-1 and us-west-2) -* An AWS account with permissions on `ec2` on said regions with default profile in $HOME/.aws/credentials that will be used to provision ec2 compute nodes -* A database service that can be accessed from the deployment regions; or otherwise, `rds` permissions on the AWS account so an Aurora service can be provisioned +* Setup multi-region clusters infrastructure. +* A database service that can be accessed from the deployment regions. * TLS certificates for the desired domain name to provide the authentication service ### 1. create ansible.cfg ``` [defaults] -remote_user=ec2-user +remote_user= private_key_file= host_key_checking=False gathering=smart @@ -39,7 +38,6 @@ token= Set the `token` to the value you get after authentication on automation hub. - ### 2. install dependencies The following command will download and install the dependencies. @@ -47,15 +45,6 @@ The following command will download and install the dependencies. # pip install -r requirements.txt # ansible-galaxy collection install -r requirements.yml - -### 3. create key pair - -This key pair will be used by ansible to connect to the EC2 instances. - -* Paste the path to the private key in ansible.cfg option `private_key_file` -* Copy the public key file to `files/id_rsa_aws.pub` - - ### 4. domain names and certificates * Update the configuration to reflect your domain and certificate details for secure access. @@ -64,16 +53,12 @@ This key pair will be used by ansible to connect to the EC2 instances. To edit the configuration, you would need to modify the ansible.cfg file and relevant playbook variables. This includes: -* Setting the private_key_file path in ansible.cfg to allow Ansible to connect to EC2 instances. -* Specifying AWS regions, database information, and TLS certificates in the playbooks or group variables (typically located in group_vars/). +* Provide Ansible Automation Hub token in ansible.cfg +* Database information, and TLS certificates in the playbooks or group variables (typically located in group_vars/). * Configuring other parameters like the domain names for Keycloak and Data Grid. These configurations ensure the infrastructure is tailored to your specific setup requirements before provisioning and deploying. -### 6. run the infra provisioning - -Inside `playbooks/roles` path we have `infra-up.yml` and `infra-down.yml` run both according to you need. - ### 7. run the deployment of data_grid and rhbk Inside `playbooks/roles` path we have `deploy.yml` playbook to deploy data_grid and rhbk. diff --git a/galaxy.yml b/galaxy.yml index 8eaa067..9f2021c 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,11 +1,12 @@ --- namespace: infra -name: rhbk_datagrid_aws +name: rhbk_ha_cluster version: "1.0.0" readme: README.md authors: - Guido Grazioli -description: Provision and deploy a Red Hat Build of Keycloak multi-regional authentication service on AWS + - Ranabir Chakraborty +description: Provision and deploy a Red Hat Build of Keycloak multi-regional authentication service on clusters. license_file: "LICENSE" tags: - keycloak @@ -23,8 +24,8 @@ tags: - middleware - datagrid - infinispan - - AWS - a4mw + - cluster dependencies: "redhat.rhbk": ">=2.0.0" "redhat.data_grid": ">=1.1.4" diff --git a/inventory/cloud_aws_ec2.yml b/inventory/cloud_aws_ec2.yml deleted file mode 100644 index 3bbb3ac..0000000 --- a/inventory/cloud_aws_ec2.yml +++ /dev/null @@ -1,19 +0,0 @@ -plugin: amazon.aws.aws_ec2 -regions: - - us-east-2 - - eu-central-1 -filters: - tag:Created-By: ansible - tag:Application: rhbk - tag:Environment: rhbk-ha-cluster -hostnames: - - tag:Name -leading_separator: no -keyed_groups: - - key: tags.Role - - key: tags.Site - - key: placement.region - - key: tags.Cloud -strict_permissions: False -compose: - ansible_host: public_ip_address diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index 01e76d2..86d5436 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -2,9 +2,6 @@ jvm_package: java-17-openjdk-headless domain_name: '.internal.ansiblemiddleware.com' external_domain_name: 'rhbk.demos.ansiblemiddleware.com' -regions: - - eu-central-1 - - us-east-2 resource_tags: Environment: rhbk-ha-cluster Application: rhbk diff --git a/inventory/group_vars/eu_central_1.yml b/inventory/group_vars/eu_central_1.yml index 5845ba6..89c50c3 100644 --- a/inventory/group_vars/eu_central_1.yml +++ b/inventory/group_vars/eu_central_1.yml @@ -1,3 +1,3 @@ --- -aurora_endpoint: rhbk-ha-cluster.cluster-cqy2krcosm24.eu-central-1.rds.amazonaws.com:5432 +db_endpoint: rhbk-ha-cluster.cluster-cqy2krcosm24.eu-central-1:5432 data_grid_jgroups_relay_site: eu-central-1 diff --git a/inventory/group_vars/rhbk.yml b/inventory/group_vars/rhbk.yml index cf4953e..d0a11a6 100644 --- a/inventory/group_vars/rhbk.yml +++ b/inventory/group_vars/rhbk.yml @@ -2,7 +2,7 @@ rhbk_ha_enabled: True rhbk_frontend_url: "https://{{ external_domain_name }}/auth/" rhbk_jdbc_engine: postgres -rhbk_jdbc_url: "jdbc:postgresql://{{ aurora_endpoint }}/keycloak?socketTimeout=10000" +rhbk_jdbc_url: "jdbc:postgresql://{{ db_endpoint }}/keycloak?socketTimeout=10000" rhbk_db_user: keycloak rhbk_configure_firewalld: True diff --git a/inventory/group_vars/us_east_2.yml b/inventory/group_vars/us_east_2.yml index 8826cf3..2dd31d3 100644 --- a/inventory/group_vars/us_east_2.yml +++ b/inventory/group_vars/us_east_2.yml @@ -1,3 +1,3 @@ --- -aurora_endpoint: rhbk-datagrid-global-cluster-1.cluster-cpthunyvi99s.us-east-2.rds.amazonaws.com:5432 +db_endpoint: rhbk-datagrid-global-cluster-1.cluster-cpthunyvi99s.us-east-2:5432 data_grid_jgroups_relay_site: us-east-2 diff --git a/playbooks/infra-down.yml b/playbooks/infra-down.yml deleted file mode 100644 index 41b58e9..0000000 --- a/playbooks/infra-down.yml +++ /dev/null @@ -1,8 +0,0 @@ -- name: Terminate AWS VMs - hosts: localhost - connection: local - tasks: - - name: Terminate VMs on AWS. - ansible.builtin.include_role: - name: 'aws' - tasks_from: destroy.yml diff --git a/playbooks/infra-up.yml b/playbooks/infra-up.yml deleted file mode 100644 index 91647e1..0000000 --- a/playbooks/infra-up.yml +++ /dev/null @@ -1,8 +0,0 @@ -- name: Create AWS VMs - hosts: localhost - gather_facts: false - connection: local - tasks: - - name: Create resources on AWS - ansible.builtin.include_role: - name: 'aws' diff --git a/playbooks/roles/aws/README.md b/playbooks/roles/aws/README.md deleted file mode 100644 index de6acfd..0000000 --- a/playbooks/roles/aws/README.md +++ /dev/null @@ -1,67 +0,0 @@ -AWS role -======== - -The role handles create instances and configures then on AWS cloud. - - -Role Defaults -------------- - -* No defaults - -Role Variables --------------- - -| Variable | Description | Default | -|:-------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------| -| `virtualnetwork_name` | Name of the network interface. | `ansible-middileware-vn` | -| `subnet_name` | Name of the subnet network interface. | `ansible-middileware-subnet` | -| `offer` | The image used to build the VM. | `RHEL` | -| `publisher` | VM image publisher. | `RedHat` | -| `image_version` | Verison of the Image. | `latest` | -| `vm_size` | A valid Azure VM size value. Choices vary depending on the subscription and location. | `Standard_D2s_v3` | -| `public_ip_address_name` | Name of the Public IP address name. | `ansible-middileware-public-ip` | -| `domain_name` | The customizable portion of the FQDN assigned to public IP address. This is an explicit setting. If no value is provided, any existing value will be removed on an existing public IP. | `eapamq` | -| `privatednszone` | Name of the private DNS zone. | `internal.ansiblemiddleware.com` | -| `vn_peering_name` | Name of the VM Peering. | `eastus-centralus-peering` | -| `allow_virtual_network_access` | Allows VMs in the remote VNet to access all VMs in the local VNet. | `true` | -| `allow_forwarded_traffic` | Allows forwarded traffic from the VMs in the remote VNet. | `true` | -| `profile_status` | The status of the Traffic Manager profile. | `Enabled` | -| `ttl` | The DNS Time-To-Live (TTL), in seconds. | `60` | -| `protocol` | The protocol (HTTP, HTTPS or TCP) used to probe for endpoint health. | `HTTPS` | -| `port` | The TCP port used to probe for endpoint health. | `443` | -| `path` | The path relative to the endpoint domain name used to probe for endpoint health. | `/` | -| `timeout_in_seconds` | The monitor timeout for endpoints in this profile.. | `10` | -| `interval_in_seconds` | The monitor interval for endpoints in this profile. | `30` | -| `tolerated_number_of_failures` | The number of consecutive failed health check before declaring an endpoint in this profile Degraded after the next failed health check. | `3` | -| `relative_name` | The relative DNS name provided by this Traffic Manager profile. | `eapamq` | -| `record_type` | The type of record set to create or delete. | `CNAME` | -| `dns_name` | Name of the public DNS. | `None` | -| `loadbalancer_ip` | Provide the loadbalancer ip to associate the CNAME. | `loadbalancer0-ip` | -| `resource_groups` | Dictionary to get the details of resource groups. | `None` | -| `vm` | Dictionary to get the details of VM created for the intance" | `None` | -| `db_vm` | List of VM's for unmanaged maria db. | `None` | - - - -Dependencies ------------- - -* amazon.aws -* community.aws -* community.general - -Example Playbook ----------------- - -License -------- - -[Apache License Version 2.0](https://github.com/ansible-middleware/rhbk-ha-cluster/blob/main/LICENSE) - -Author Information ------------------- - -* [Guido Grazioli](https://github.com/guidograzioli) -* [Harsha Cherukuri](https://github.com/hcherukuri) -* [Ranabir Chakraborty](https://github.com/RanabirChakraborty) diff --git a/playbooks/roles/aws/defaults/main.yml b/playbooks/roles/aws/defaults/main.yml deleted file mode 100644 index bd3baa2..0000000 --- a/playbooks/roles/aws/defaults/main.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- -domain_name: "ansiblefest" -privatednszone: "internal.ansiblemiddleware.com" -relative_name: "ansiblefest" -dns_name: "demos.ansiblemiddleware.com" -regions: - - us-east-1 - - us-west-2 -base_cidr_netmask: 24 -base_cidr_address: 10.0.0.0 -base_cidr_block: '{{ base_cidr_address }}/{{ base_cidr_netmask }}' -vpc: {} -security_groups: - - name: datagrid - description: Ingress rules for DataGrid - rules: - - rule_desc: 'ssh' - from_port: '22' - to_port: '22' - proto: tcp - cidr_ip: 0.0.0.0/0 - - rule_desc: 'jgroups - DataGrid' - from_port: '7800' - to_port: '7801' - proto: tcp - cidr_ip: 10.0.0.0/16 - - rule_desc: 'rest - DataGrid' - from_port: '11222' - to_port: '11222' - proto: tcp - cidr_ip: 10.0.0.0/16 - - name: rhbk - description: Ingress rules for Red Hat Build of Keycloak - rules: - - rule_desc: 'ssh' - from_port: '22' - to_port: '22' - proto: tcp - cidr_ip: 0.0.0.0/0 - - rule_desc: 'http - Single Sign-on' - from_port: '8080' - to_port: '8080' - proto: tcp - cidr_ip: 10.0.0.0/16 - - rule_desc: 'https - Single Sign-on' - from_port: '443' - to_port: '443' - proto: tcp - cidr_ip: 10.0.0.0/16 - - rule_desc: 'jgroups - Single Sign-on' - from_port: '7800' - to_port: '7801' - proto: tcp - cidr_ip: 10.0.0.0/16 - -datagrid_ec2_type: t3a.micro -datagrid_ec2_count: [0, 1] -rhbk_ec2_type: t3a.micro -rhbk_ec2_count: [0] -ec2_vm: - datagrid: - type: "{{ datagrid_ec2_type }}" - count: "{{ datagrid_ec2_count }}" - rhbk: - type: "{{ rhbk_ec2_type }}" - count: "{{ rhbk_ec2_count }}" -vm: [] - -# Everything that supports tagging will be tagged at least with these: -resource_tags: - Environment: ansiblefest-demo - Application: multicloud-rhbk-datagrid - Created-By: ansible - Cloud: AWS - -ssh_key_name: ansiblefest-demo - -ttl: 60 -destroy_networking: true diff --git a/playbooks/roles/aws/files b/playbooks/roles/aws/files deleted file mode 120000 index 7faf4cd..0000000 --- a/playbooks/roles/aws/files +++ /dev/null @@ -1 +0,0 @@ -../../../files/ \ No newline at end of file diff --git a/playbooks/roles/aws/handlers/main.yml b/playbooks/roles/aws/handlers/main.yml deleted file mode 100644 index bd45e41..0000000 --- a/playbooks/roles/aws/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for aws diff --git a/playbooks/roles/aws/meta/argument_specs.yml b/playbooks/roles/aws/meta/argument_specs.yml deleted file mode 100644 index 737d575..0000000 --- a/playbooks/roles/aws/meta/argument_specs.yml +++ /dev/null @@ -1,38 +0,0 @@ -argument_specs: - main: - options: - domain_name: - # line 14 of aws/defaults/main.yml - required: true - description: "The customizable portion of the FQDN assigned to public IP address. This is an explicit setting. If no value is provided, any existing value will be removed on an existing public IP." - type: "str" - privatednszone: - # line 15 of aws/defaults/main.yml - required: true - description: "Name of the private DNS zone." - type: "str" - ttl: - # line 35 of aws/defaults/main.yml - required: true - description: "The DNS Time-To-Live (TTL), in seconds." - type: "int" - relative_name: - # line 43 of aws/defaults/main.yml - required: true - description: "The relative DNS name provided by this Traffic Manager profile." - type: "str" - dns_name: - # line 46 of aws/defaults/main.yml - required: false - description: "Name of the public DNS" - type: "str" - vpc: - # line 49 of aws/defaults/main.yml - required: true - description: "dict of regions consisting of lists of VPCs to create" - type: "dict" - vm: - # line 91 of aws/defaults/main.yml - required: true - description: "Dictionary to get the details of VM created for the intance" - type: "list" diff --git a/playbooks/roles/aws/tasks/create.yml b/playbooks/roles/aws/tasks/create.yml deleted file mode 100644 index cc7a63b..0000000 --- a/playbooks/roles/aws/tasks/create.yml +++ /dev/null @@ -1,152 +0,0 @@ ---- -- name: Check if vpc parameter is passed in - ansible.builtin.set_fact: - build_vpc: true - when: vpc.keys() | length == 0 - -- name: Set vpc - ansible.builtin.set_fact: - vpc: >- - {{ vpc | default({}) | combine({ - item: { - 'name': 'rhbk-' + item, - 'cidr_block': cidr_block, - 'subnets': [ cidr_block ] - } - }) - }} - loop: "{{ regions }}" - loop_control: - index_var: vpc_idx - when: build_vpc - vars: - cidr_block: "{{ base_cidr_block | ansible.utils.ipsubnet(base_cidr_netmask + 2, vpc_idx + 1) }}" - -- name: Find RHEL8 AMIs - ec2_ami_info: - region: "{{ item }}" - filters: - name: RHEL-8.9.0_HVM-* - architecture: x86_64 - root-device-type: ebs - virtualization-type: hvm - loop: "{{ vpc | list }}" - register: rhel8_amis - -- name: Select latest RHEL8 AMI - ansible.builtin.set_fact: - latest_ami: >- - {{ latest_ami | default({}) - | combine( { item.invocation.module_args.region: - item.images - | sort(attribute='creation_date') - | map(attribute='image_id') - | list - | last - }) - }} - loop: "{{ rhel8_amis.results }}" - -- name: VPC result - ansible.builtin.set_fact: - vpc_result: "{{ vpc }}" - -- name: Create VPC, subnet and SG for each region - loop: "{{ vpc | dict2items }}" - ansible.builtin.include_tasks: vpc.yml - vars: - region: "{{ item.key }}" - vpc_data: "{{ item.value }}" - -# TODO the VPC peering/routes does not scale to 3+ regions -- name: Create VPC peering - ec2_vpc_peer: - region: "{{ vpc_result | list | first }}" - vpc_id: "{{ (vpc_result | dict2items | first).value.vpc_id }}" - peer_region: "{{ vpc_result | list | last }}" - peer_vpc_id: "{{ (vpc_result | dict2items | last).value.vpc_id }}" - tags: "{{ resource_tags }}" - wait: True - when: vpc_result | dict2items | length > 1 - register: created_peering - -- name: Accept peering connection from peer region - community.aws.ec2_vpc_peer: - region: "{{ vpc_result | list | last }}" - peering_id: "{{ created_peering.peering_id }}" - state: accept - when: vpc_result | dict2items | length > 1 - register: vpc_peer - -- name: Route table for peering - community.aws.ec2_vpc_route_table: - vpc_id: "{{ (vpc_result | dict2items | first).value.vpc_id }}" - region: "{{ vpc_result | list | first }}" - subnets: "{{ (vpc_result | dict2items | first).value.subnets | list }}" - purge_routes: False - routes: - - dest: "{{ (vpc_result | dict2items | last).value.cidr_block }}" - vpc_peering_connection_id: "{{ created_peering.peering_id }}" - tags: "{{ resource_tags | combine({'Name': 'Main Route Table', 'Cloud': 'AWS'}) }}" - when: vpc_result | dict2items | length > 1 - -- name: Reverse route table for peering - ec2_vpc_route_table: - vpc_id: "{{ (vpc_result | dict2items | last).value.vpc_id }}" - region: "{{ vpc_result | list | last }}" - subnets: "{{ (vpc_result | dict2items | last).value.subnets | list }}" - purge_routes: False - routes: - - dest: "{{ (vpc_result | dict2items | first).value.cidr_block }}" - vpc_peering_connection_id: "{{ created_peering.peering_id }}" - tags: "{{ resource_tags| combine({'Name': 'Main Route Table', 'Cloud': 'AWS'}) }}" - when: vpc_result | dict2items | length > 1 - -- name: Create key pair using key_material - amazon.aws.ec2_key: - name: "{{ ssh_key_name }}" - region: "{{ item }}" - key_material: "{{ lookup('file', 'id_rsa_aws.pub') }}" - loop: "{{ vpc | list }}" - -- name: VM result - ansible.builtin.set_fact: - vm_result: [] - -- name: Check if vm parameter is passed in - ansible.builtin.set_fact: - build_vm: true - when: vm | length == 0 - -- name: "Reporting vpc result" - ansible.builtin.debug: - msg: vpc_result - -- name: Set ec2 compute resources - ansible.builtin.set_fact: - vm: >- - {{ vm | default([]) + [{ - 'name': item.1 + '-' + item.0.0.key + '-' + (item.0.1 + 1) | string, - 'role': item.0.0.key, - 'region': item.1, - 'subnet': (vpc_result[item.1].subnets | dict2items | first).value, - 'type': item.0.0.value.type - }] - }} - loop: "{{ ec2_vm | dict2items | subelements('value.count') | product(regions) | list }}" - when: build_vm - -- name: Create EC2 instances for services - ansible.builtin.include_tasks: instance.yml - loop: "{{ vm }}" - loop_control: - loop_var: instance - index_var: vm_idx - -- name: "Report of generated networking" - ansible.builtin.debug: - var: vpc_result - -- name: "Report of generated instances" - ansible.builtin.debug: - var: vm_result diff --git a/playbooks/roles/aws/tasks/destroy.yml b/playbooks/roles/aws/tasks/destroy.yml deleted file mode 100644 index 1e3aa29..0000000 --- a/playbooks/roles/aws/tasks/destroy.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- -- name: "Query for existing running instances" - community.aws.ec2_instance_info: - region: "{{ item }}" - filters: - "tag:Environment": "{{ resource_tags['Environment'] }}" - "tag:Application": "{{ resource_tags['Application'] }}" - instance-state-name: [ "running", "pending" ] - register: instances - loop: "{{ vpc | list }}" - -- name: "Report of instances" - ansible.builtin.debug: - var: instances - -- name: "Report of vpc" - ansible.builtin.debug: - msg: "{{ instances | community.general.json_query(querystr) | flatten }}" - loop: "{{ vpc | list }}" - vars: - querystr: "results[*].instances[?contains(placement.availability_zone, '{{ item }}')].instance_id" - -- name: "Terminate EC2 instances" - community.aws.ec2_instance: - region: "{{ item }}" - instance_ids: "{{ instances | community.general.json_query(querystr) | flatten }}" - state: absent - retries: 3 - delay: 5 - loop: "{{ vpc | list }}" - when: instances | community.general.json_query(querystr) | flatten | length > 0 - vars: - querystr: "results[*].instances[?contains(placement.availability_zone, '{{ item }}')].instance_id" - register: ec2_instances - async: 7200 - poll: 0 - -- name: "Report of ec2_instances" - ansible.builtin.debug: - var: ec2_instances - -- name: Wait for instance termination to complete - ansible.builtin.async_status: - jid: "{{ item.ansible_job_id }}" - register: ec2_jobs - until: ec2_jobs.finished - retries: 300 - loop: "{{ ec2_instances.results }}" - when: item.ansible_job_id is defined - -- name: Retrieve details for instance DNS record - community.aws.route53: - state: get - zone: "{{ privatednszone }}" - record: "{{ item.name }}.{{ privatednszone }}" - type: A - register: rec - loop: "{{ vm }}" - -- name: "Delete instance A record {{ item.set.record }} {{ item.set.value }}" - community.aws.route53: - state: absent - zone: "{{ privatednszone }}" - record: "{{ item.set.record }}" - ttl: "{{ item.set.ttl }}" - type: "{{ item.set.type }}" - value: "{{ item.set.value }}" - loop: "{{ rec.results }}" - when: item.set is defined and item.set | length > 0 - -- name: "Include networking teardown" - ansible.builtin.include_tasks: destroy_net.yml - when: destroy_networking - loop: "{{ vpc | dict2items }}" - vars: - region: "{{ item.key }}" - vpc_data: "{{ item.value }}" diff --git a/playbooks/roles/aws/tasks/destroy_net.yml b/playbooks/roles/aws/tasks/destroy_net.yml deleted file mode 100644 index c1da8be..0000000 --- a/playbooks/roles/aws/tasks/destroy_net.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- name: Gather information about a particular VPC using VPC name - ec2_vpc_net_info: - region: "{{ region }}" - filters: - "tag:Name": "{{ vpc_data.name }}" - "tag:Environment": "{{ resource_tags['Environment'] }}" - "tag:Application": "{{ resource_tags['Application'] }}" - "tag:Created-By": "ansible" - register: vpc_info - -- name: "Report of vpc_info" - ansible.builtin.debug: - var: vpc_info - -- name: Gather information about VPC subnets - ec2_vpc_subnet_info: - region: "{{ region }}" - filters: - vpc-id: "{{ vpc_info.vpcs[0].vpc_id }}" - register: subnet_info - -- name: Remove subnets - ec2_vpc_subnet: - cidr: "{{ subnet.cidr_block }}" - vpc_id: "{{ vpc_info.vpcs[0].vpc_id }}" - region: "{{ region }}" - state: absent - wait: yes - loop: "{{ subnet_info.subnets }}" - loop_control: - loop_var: subnet - -- name: Tear down VPC - ec2_vpc_net: - cidr_block: "{{ vpc_info.vpcs[0].cidr_block }}" - name: "{{ vpc_data.name }}" - region: "{{ region }}" - state: absent diff --git a/playbooks/roles/aws/tasks/instance.yml b/playbooks/roles/aws/tasks/instance.yml deleted file mode 100644 index b229d9d..0000000 --- a/playbooks/roles/aws/tasks/instance.yml +++ /dev/null @@ -1,95 +0,0 @@ ---- -- name: "Query for existing running instance: {{ instance.name }}" - amazon.aws.ec2_instance_info: - region: "{{ instance.region }}" - filters: - "tag:Name": "{{ instance.name }}" - instance-state-name: [ "running", "pending" ] - register: running_instance - -- name: "Create EC2 instance: {{ instance.name }}" - community.aws.ec2_instance: - region: "{{ instance.region }}" - name: "{{ instance.name }}" - instance_ids: "{{ instance.name }}" - instance_type: "{{ instance.type | default('t3.micro') }}" - vpc_subnet_id: "{{ instance.subnet.subnet_id | default(omit) }}" - key_name: "{{ ssh_key_name }}" - security_group: "{{ vpc_result[instance.region].name }}-{{ instance.role }}" - tags: "{{ resource_tags | combine({'Role': instance.role, 'Site': instance.region, 'Region': instance.region}) }}" - image_id: "{{ latest_ami[instance.region] }}" - termination_protection: False - volumes: - - device_name: /dev/sda1 - ebs: - volume_size: 20 - delete_on_termination: true - register: new_instance - retries: 3 - delay: 5 - when: running_instance.instances | length == 0 - -- name: "Query for running instance: {{ instance.name }}" - amazon.aws.ec2_instance_info: - region: "{{ instance.region }}" - filters: - "tag:Name": "{{ instance.name }}" - instance-state-name: [ "running", "pending" ] - retries: 10 - delay: 5 - until: running_instance.instances[0].private_ip_address is defined and (running_instance.instances[0].public_ip_address is defined and running_instance.instances[0].state.name == 'running' or instance.role != 'loadbalancer') - register: running_instance - -- name: "Setting vars for running instances" - ansible.builtin.set_fact: - private_ip: "{{ running_instance.instances[0].private_ip_address }}" - public_ip: "{{ running_instance.instances[0].public_ip_address | default('') }}" - vm_result: "{{ vm_result + [{ - 'name': instance.name, - 'site': instance.region, - 'region': instance.region, - 'role': instance.role, - 'subnet': instance.subnet, - 'private_ip': running_instance.instances[0].private_ip_address, - 'public_ip': running_instance.instances[0].public_ip_address | default(''), - 'az': running_instance.instances[0].placement.availability_zone, - 'instance_id': running_instance.instances[0].instance_id }] }}" - -- name: Allocate a new elastic IP for loadbalancer - community.aws.ec2_eip: - device_id: "{{ running_instance.instances[0].instance_id }}" - region: "{{ instance.region }}" - state: present - tags: "{{ resource_tags }}" - reuse_existing_ip_allowed: true - release_on_disassociation: true - in_vpc: True - register: instance_eip - when: "instance.role == 'loadbalancer'" - -- name: "Add instance A record {{ instance.name }}.{{ privatednszone }} with private IP {{ private_ip }}" - amazon.aws.route53: - state: present - zone: "{{ privatednszone }}" - record: "{{ instance.name }}.{{ privatednszone }}" - type: A - ttl: "{{ ttl }}" - value: "{{ private_ip }}" - overwrite: yes - retries: 3 - delay: 5 - -- name: "Add latency A record for {{ relative_name }}.{{ dns_name }} with public IP {{ instance_eip.public_ip }}" - amazon.aws.route53: - state: present - identifier: "{{ instance.region }}-{{ instance.name }}" - region: "{{ instance.region }}" - zone: "{{ dns_name }}" - record: "{{ relative_name }}.{{ dns_name }}" - type: A - ttl: "{{ ttl }}" - value: "{{ instance_eip.public_ip }}" - overwrite: yes - retries: 3 - delay: 5 - when: "instance.role == 'loadbalancer'" diff --git a/playbooks/roles/aws/tasks/main.yml b/playbooks/roles/aws/tasks/main.yml deleted file mode 100644 index 948f554..0000000 --- a/playbooks/roles/aws/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: "Starts creating aws instances" - ansible.builtin.include_tasks: "{{ action | default('create') }}.yml" \ No newline at end of file diff --git a/playbooks/roles/aws/tasks/vpc.yml b/playbooks/roles/aws/tasks/vpc.yml deleted file mode 100644 index 2e97ecf..0000000 --- a/playbooks/roles/aws/tasks/vpc.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -- name: Create virtual private network - amazon.aws.ec2_vpc_net: - region: "{{ region }}" - name: "{{ vpc_data.name }}" - cidr_block: "{{ vpc_data.cidr_block }}" - tags: "{{ resource_tags }}" - register: created_vpc - -- name: Create Internet GateWay - amazon.aws.ec2_vpc_igw: - vpc_id: "{{ created_vpc.vpc.id }}" - region: "{{ region }}" - tags: "{{ resource_tags }}" - register: created_igw - -- name: Update vpc data - ansible.builtin.set_fact: - vpc_result: "{{ vpc_result | combine( - { region: vpc_data | combine( - { 'vpc_id': created_vpc.vpc.id, - 'igw_id': created_igw.gateway_id - }, recursive=True ) - }) }}" - -- name: Create subnets in VPC - loop: "{{ vpc_data.subnets | list }}" - loop_control: - loop_var: subnet - ansible.builtin.include_tasks: vpc_subnet.yml - -- name: Route table for subnet/IGW - amazon.aws.ec2_vpc_route_table: - vpc_id: "{{ created_vpc.vpc.id }}" - region: "{{ region }}" - subnets: "{{ vpc_data.subnets | list }}" - purge_routes: False - routes: - - dest: 0.0.0.0/0 - gateway_id: "{{ created_igw.gateway_id }}" - tags: "{{ resource_tags | combine({'Name': 'Main Route Table', 'Cloud': 'AWS'})}}" - register: created_rtb - -- name: Create security groups - amazon.aws.ec2_group: - vpc_id: "{{ created_vpc.vpc.id }}" - region: "{{ region }}" - name: "{{ vpc_data.name }}-{{ sg.name }}" - description: "{{ sg.description }}" - rules: "{{ sg.rules }}" - rules_egress: - - rule_desc: 'allow outbound traffic to anywhere' - from_port: '0' - to_port: '65535' - proto: tcp - cidr_ip: 0.0.0.0/0 - tags: "{{ resource_tags }}" - loop: "{{ security_groups }}" - loop_control: - loop_var: sg diff --git a/playbooks/roles/aws/tasks/vpc_subnet.yml b/playbooks/roles/aws/tasks/vpc_subnet.yml deleted file mode 100644 index 4c787e2..0000000 --- a/playbooks/roles/aws/tasks/vpc_subnet.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Create subnet - amazon.aws.ec2_vpc_subnet: - vpc_id: "{{ created_vpc.vpc.id }}" - region: "{{ region }}" - cidr: "{{ subnet }}" - tags: "{{ resource_tags }}" - az: "{{ vpc[region].subnets[subnet].az | default(omit) }}" - map_public: yes - register: created_subnet - retries: 3 - delay: 5 - -- name: "Setting vpc result" - ansible.builtin.set_fact: - vpc_result: "{{ vpc_result | combine( - { region: - { 'subnets': - { subnet: - { 'subnet_id': created_subnet.subnet.id, 'az': created_subnet.subnet.availability_zone } - } - } - }, recursive=True) }}" diff --git a/requirements.yml b/requirements.yml index c25a347..a84cbf0 100644 --- a/requirements.yml +++ b/requirements.yml @@ -3,5 +3,3 @@ collections: - name: redhat.rhbk - name: redhat.data_grid version: '>=1.1.4' - - name: community.aws - - name: amazon.aws diff --git a/roles/certificates/README.md b/roles/certificates/README.md new file mode 100644 index 0000000..ed3c502 --- /dev/null +++ b/roles/certificates/README.md @@ -0,0 +1,45 @@ +certificates +======== + +The role is used to install required certificates and keystore. + + +Role Defaults +------------- + +* No defaults + +Role Variables +-------------- + +| Variable | Description | Default | +|:-------------------------------------|:----------------------------------------------------|:-------------------| +| `certificates_install_keystore` | Certificates inatll keystore boolean value | `False` | +| `certificates_install_trust_ca` | Certificates inatll keystore CA certs boolean value | `True` | +| `certificates_ca_cn` | CA certificate for which url | `rhssocrossdc.com` | +| `certificates_trust_ca_password` | Certificate CA password | `changeit` | +| `certificates_tls_certs_lookup_path` | Certificates TLS certs lookup path | ` ` | + + + +Dependencies +------------ + +* amazon.aws +* community.aws +* community.general + +Example Playbook +---------------- + +License +------- + +[Apache License Version 2.0](https://github.com/ansible-middleware/rhbk-ha-cluster/blob/main/LICENSE) + +Author Information +------------------ + +* [Guido Grazioli](https://github.com/guidograzioli) +* [Harsha Cherukuri](https://github.com/hcherukuri) +* [Ranabir Chakraborty](https://github.com/RanabirChakraborty) diff --git a/roles/certificates/defaults/main.yml b/roles/certificates/defaults/main.yml new file mode 100644 index 0000000..2d036c7 --- /dev/null +++ b/roles/certificates/defaults/main.yml @@ -0,0 +1,6 @@ +--- +certificates_install_keystore: False +certificates_install_trust_ca: True +certificates_ca_cn: rhssocrossdc.com +certificates_trust_ca_password: changeit +certificates_tls_certs_lookup_path: '' diff --git a/roles/certificates/files/keystore.jks b/roles/certificates/files/keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..43259876269097046dee32913f52296b3b021430 GIT binary patch literal 2265 zcmcIlX*|@68vf6WnV6YKMOi||I-wax#@bk7uIwTt8e=k+A;w;orWj)E$C86WWQ(*& zvW%rgAAV~*3MW))780O`gT9v56_3^eVz~R@AfQ2ZK0Bm66mD=)`n!u!1 zXPP@V5s%$|Y#;WF@)k)-&s3?+ya<>-ROXHkuMY}V>F_#!+)|Iz>vL7Z^tn8H&5vel zeL0;@+u3ZX==UQVr8$y2fl-`(+V357>fMw^il@0A!>EH8s92d1q1bbJz$XST0M7fw z4J?ZKMCwU%I(kuL+oYG8ofd04r3)IG$~fCrM)78875Q4vOeJQQ7?qsPUc2jwkLe+P z2l@K<;qW3GiegV8kD9TYQuex^_J3b#Q~- z7(3>p(_)23vfa&n?JcK^-5hT(S*c1+l(^CV z+Y{MBvTrrY-`Gml7KmgbWQ=LO#xXR5A`xtH*4*V%MmOsXxi#dny{0>8X4>+~Zpj-o zEkjJoEIV(sYzZhza+(sgaTf=L#3fzAnQ3y`%bO?89Z<<@^V2g3pX`GJ_^VkbmPZOPz=;peYvWgU#s z{I9k8^FA#&k6kCd5HF=HP3i6t67KFjm#Ivx=fBl-&CHleOZur_H9NQ-^0!nLuysZs z$s3FtbCI^M0tJswZB2u_+50VU zE2pDgWTH3nlt@D3wnv;=&_d-jQHtJ=-A;gG25MHt6Tjdj&L6y>b#+H-yyflV;NW)2 z7P`(`$pd`3x#TkIYb$zeX9h(f7TCk*72)t4PAc=r7c5Uhqsb1wAHIGge0 zj-{bbHOfHIO?%e0=mQM%T%-_zDqPb3O)-T_WCc?Vg)QA=@ER+XI@cz=6rrP`1~OU8 z8GMI06=VS+>1dMZnXvo*yj>Pln2NvB_zdnoYoPv_uR5}n%`Pps9-d!sXTB6nS1F%w z(Cw^|3{0(xBgb;uJo556wVCLwWXZ0@?HyhX4P^i@iIPJ--*%KR??x-nGt;uv6_W30 zx@K~l5%C3InBJy-!o~H+1ak7&I59{6ilLt44_ObtTAA?Gg=RrEIc^FI#)ixbA8oQX z+^<}^a3vp^Yxz%QLR~bpF}eT%iNG)*bPNN00en~;KpZ7VWYBDyScg8Mq#yjL>vjUO zA0~uOBqna|2Z0b!027EsV1!^0CjrG3zUnAQ4B@hNk z1lXIy!3+=x_@GI&=hEI>Th8%J5f=zt>xuM-`n(mCu|-2%Ym64R+ex) zs@Gpdb?wC>bTyEmno$`Bz^>LgE2(U)IOv5AO@->lPnQ^4=-tWV2oRRy?bdv!a2Lmh zYp*X)Em3cM@?7;HN8eY*rWA_T7Tp_(aRC-PPf+uUCZDE$k0|Ju)$p7HJl@l4A4_lO z{*DmDf*~LP^lL(UN3@p^2yop&yL?7gbxemBT~!o08R=)M)g_&K_`#WLYZ@W{l0`oZ z``(4F>5?Z@n|htP*eYPyhjXnE753@&Gv5g7EZ=v^J;@qPbjh~e$v#__|B@~ +Role Defaults +------------- + +* No defaults + +Role Variables +-------------- + +| Variable | Description | Default | +|:-----------------------------|:--------------------------------------------------|:--------| +| `fastpackages_packages_list` | Provide the packages list which will be installed | ` ` | + + + +Dependencies +------------ + +* community.general + +Example Playbook +---------------- + +License +------- + +[Apache License Version 2.0](https://github.com/ansible-middleware/rhbk-ha-cluster/blob/main/LICENSE) + +Author Information +------------------ + +* [Guido Grazioli](https://github.com/guidograzioli) +* [Harsha Cherukuri](https://github.com/hcherukuri) +* [Ranabir Chakraborty](https://github.com/RanabirChakraborty) diff --git a/roles/fastpackages/defaults/main.yml b/roles/fastpackages/defaults/main.yml new file mode 100644 index 0000000..4c059d5 --- /dev/null +++ b/roles/fastpackages/defaults/main.yml @@ -0,0 +1,2 @@ +--- +fastpackages_packages_list: '' \ No newline at end of file diff --git a/roles/fastpackages/meta/main.yml b/roles/fastpackages/meta/main.yml new file mode 100644 index 0000000..4810ffa --- /dev/null +++ b/roles/fastpackages/meta/main.yml @@ -0,0 +1,20 @@ +--- +galaxy_info: + role_name: fastpackages + namespace: infra + author: Guido Grazioli, Ranabir Chakraborty + description: The role is used to install required packages into the system. + company: Red Hat + + license: Apache License 2.0 + + min_ansible_version: "2.14" + + galaxy_tags: + - java + - rhbk + - ansible + - datagrid + - packages + +dependencies: [] diff --git a/roles/fastpackages/tasks/main.yml b/roles/fastpackages/tasks/main.yml new file mode 100644 index 0000000..38d0991 --- /dev/null +++ b/roles/fastpackages/tasks/main.yml @@ -0,0 +1,17 @@ +--- +- name: "Check if packages are already installed" # noqa command-instead-of-module this runs faster + ansible.builtin.command: "rpm -q {{ fastpackages_packages_list | join(' ') }}" + register: rpm_info + changed_when: false + failed_when: false + +- name: "Add missing packages to the yum install list" + ansible.builtin.set_fact: + packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}" + +- name: "Install packages: {{ packages_to_install }}" + become: true + ansible.builtin.dnf: + name: "{{ packages_to_install }}" + state: present + when: packages_to_install | default([]) | length > 0 diff --git a/roles/promtail/README.md b/roles/promtail/README.md new file mode 100644 index 0000000..35d30a0 --- /dev/null +++ b/roles/promtail/README.md @@ -0,0 +1,45 @@ +promtail +======== + +The role is used to setup and configure Promtail. + + +Role Defaults +------------- + +* No defaults + +Role Variables +-------------- + +| Variable | Description | Default | +|:---------------------|:-------------------------------------|:----------------------------------------------------------------------| +| `promtail_directory` | promtail directory path | `/opt/promtail` | +| `promtail_loki_url` | promtail loki URL | `http://grafana.internal.ansiblemiddleware.com:3100/loki/api/v1/push` | +| `promtail_job_name` | promtail job name | `default` | +| `promtail_logfile` | promtail logfile path | `/var/log/messages` | +| `promtail_region` | promtail configured for which region | `us-east-1` | +| `promtail_host` | promtail hostnames | `"{{ inventory_hostname }}"` | +| `promtail_version` | promtail versions | `2.5.0` | + + + +Dependencies +------------ + +* community.general + +Example Playbook +---------------- + +License +------- + +[Apache License Version 2.0](https://github.com/ansible-middleware/rhbk-ha-cluster/blob/main/LICENSE) + +Author Information +------------------ + +* [Guido Grazioli](https://github.com/guidograzioli) +* [Harsha Cherukuri](https://github.com/hcherukuri) +* [Ranabir Chakraborty](https://github.com/RanabirChakraborty) diff --git a/roles/promtail/defaults/main.yml b/roles/promtail/defaults/main.yml new file mode 100644 index 0000000..1814d6a --- /dev/null +++ b/roles/promtail/defaults/main.yml @@ -0,0 +1,8 @@ +--- +promtail_directory: /opt/promtail +promtail_loki_url: http://grafana.internal.ansiblemiddleware.com:3100/loki/api/v1/push +promtail_job_name: default +promtail_logfile: /var/log/messages +promtail_region: us-east-1 +promtail_host: "{{ inventory_hostname }}" +promtail_version: 2.5.0 diff --git a/roles/promtail/handlers/main.yml b/roles/promtail/handlers/main.yml new file mode 100644 index 0000000..c59b969 --- /dev/null +++ b/roles/promtail/handlers/main.yml @@ -0,0 +1,12 @@ +--- +- name: Systemd reload + become: True + ansible.builtin.systemd: + daemon_reload: yes + +- name: Restart promtail + become: True + ansible.builtin.service: + name: promtail.service + state: restarted + enabled: yes diff --git a/playbooks/roles/aws/meta/main.yml b/roles/promtail/meta/main.yml similarity index 69% rename from playbooks/roles/aws/meta/main.yml rename to roles/promtail/meta/main.yml index 3b8ac75..9e4f5d8 100644 --- a/playbooks/roles/aws/meta/main.yml +++ b/roles/promtail/meta/main.yml @@ -1,9 +1,9 @@ --- galaxy_info: - role_name: aws + role_name: promtail namespace: infra author: Guido Grazioli, Ranabir Chakraborty - description: This role is for creating and deleting VM's on aws EC2. + description: The role is used to setup and configure Promtail. company: Red Hat license: Apache License 2.0 @@ -15,7 +15,6 @@ galaxy_info: - rhbk - ansible - datagrid - - aws - - cloud + - promtail dependencies: [] diff --git a/roles/promtail/tasks/main.yml b/roles/promtail/tasks/main.yml new file mode 100644 index 0000000..b58c0d1 --- /dev/null +++ b/roles/promtail/tasks/main.yml @@ -0,0 +1,64 @@ +--- +- name: Ensure unzip is installed + ansible.builtin.include_role: + name: fastpackages + vars: + fastpackages_packages_list: + - unzip + +- name: Setup promtail data directory + become: True + ansible.builtin.file: + state: directory + dest: "{{ promtail_directory }}" + owner: root + group: root + mode: 0750 + +- name: Fetch promtail binary + become: True + ansible.builtin.get_url: + url: "https://github.com/grafana/loki/releases/download/v{{ promtail_version }}/promtail-linux-amd64.zip" + dest: "{{ promtail_directory }}/" + mode: 0750 + register: new_archive + +- name: Unarchive promtail + become: True + ansible.builtin.unarchive: + src: "{{ promtail_directory }}/promtail-linux-amd64.zip" + dest: "{{ promtail_directory }}/" + copy: no + when: new_archive.changed + notify: + - Restart promtail + +- name: Grant exec bit to promtail binary + become: True + ansible.builtin.file: + dest: "{{ promtail_directory }}/promtail-linux-amd64" + mode: a+x + when: new_archive.changed + +- name: Setup promtail systemd unit + become: True + ansible.builtin.template: + dest: "/etc/systemd/system/promtail.service" + src: promtail.service.j2 + owner: root + group: root + mode: 0444 + notify: + - Systemd reload + - Restart promtail + +- name: Configure promtail + become: True + ansible.builtin.template: + dest: '{{ promtail_directory }}/promtail.yml' + src: 'promtail.yml.j2' + owner: root + group: root + mode: 0440 + notify: + - Restart promtail diff --git a/roles/promtail/templates/promtail.service.j2 b/roles/promtail/templates/promtail.service.j2 new file mode 100644 index 0000000..f0a02ca --- /dev/null +++ b/roles/promtail/templates/promtail.service.j2 @@ -0,0 +1,19 @@ +# {{ansible_managed}} + +[Unit] +Description=promtail service +After=network.target + +[Service] +Type=simple +WorkingDirectory={{ promtail_directory }} +ExecStartPre=/bin/sleep 3 +ExecStart={{ promtail_directory }}/promtail-linux-amd64 -config.file {{ promtail_directory }}/promtail.yml +SuccessExitStatus=143 +TimeoutStopSec=10 +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=multi-user.target + diff --git a/roles/promtail/templates/promtail.yml.j2 b/roles/promtail/templates/promtail.yml.j2 new file mode 100644 index 0000000..3f54758 --- /dev/null +++ b/roles/promtail/templates/promtail.yml.j2 @@ -0,0 +1,33 @@ +--- +server: + http_listen_port: 28080 + grpc_listen_port: 0 + +positions: + filename: {{ promtail_directory }}/positions.yaml + +clients: + - url: {{ promtail_loki_url }} + +scrape_configs: + - job_name: {{ promtail_job_name }} + pipeline_stages: + - regex: + expression: '(?P\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}[,]\d{3}) (?P[A-Z]{4,8}) \[.*?\]( \(.*?\))? (?P[A-Z0-9]*): ' + - labels: + level: + code: + - timestamp: + source: timestamp + format: '2006-01-02 15:04:05,000' + - multiline: + firstline: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}[,]\d{3}' + max_wait_time: 3s + static_configs: + - targets: + - localhost + labels: + job: {{ promtail_job_name }} + __path__: {{ promtail_logfile }} + region: {{ promtail_region }} + host: {{ promtail_host }} diff --git a/roles b/roles/roles similarity index 100% rename from roles rename to roles/roles