From dcd1d63b69d9f1540464c837beb719c6d5cd390f Mon Sep 17 00:00:00 2001 From: ethinot Date: Wed, 9 Oct 2024 11:53:27 +0200 Subject: [PATCH 1/3] =?UTF-8?q?[Alloy]=C2=A0Init=20role=20and=20molecule?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- molecule/alloy/converge.yml | 60 +++++++++++++++ molecule/alloy/fixtures/template.j2 | 1 + molecule/alloy/goss/config.yaml.j2 | 19 +++++ molecule/alloy/goss/default.yaml.j2 | 22 ++++++ molecule/alloy/molecule.yml | 0 molecule/alloy/prepare.yml | 12 +++ roles/alloy/README.md | 95 ++++++++++++++++++++++++ roles/alloy/defaults/main.yaml | 11 +++ roles/alloy/meta/main.yaml | 22 ++++++ roles/alloy/tasks/config.yaml | 12 +++ roles/alloy/tasks/install.yaml | 10 +++ roles/alloy/tasks/main.yaml | 20 +++++ roles/alloy/tasks/services.yaml | 20 +++++ roles/alloy/templates/config/_default.j2 | 3 + 14 files changed, 307 insertions(+) create mode 100644 molecule/alloy/converge.yml create mode 100644 molecule/alloy/fixtures/template.j2 create mode 100644 molecule/alloy/goss/config.yaml.j2 create mode 100644 molecule/alloy/goss/default.yaml.j2 create mode 100644 molecule/alloy/molecule.yml create mode 100644 molecule/alloy/prepare.yml create mode 100644 roles/alloy/README.md create mode 100644 roles/alloy/defaults/main.yaml create mode 100644 roles/alloy/meta/main.yaml create mode 100644 roles/alloy/tasks/config.yaml create mode 100644 roles/alloy/tasks/install.yaml create mode 100644 roles/alloy/tasks/main.yaml create mode 100644 roles/alloy/tasks/services.yaml create mode 100644 roles/alloy/templates/config/_default.j2 diff --git a/molecule/alloy/converge.yml b/molecule/alloy/converge.yml new file mode 100644 index 000000000..22aab1cc1 --- /dev/null +++ b/molecule/alloy/converge.yml @@ -0,0 +1,60 @@ +--- + +########### +# Default # +########### + +- name: Default + tags: [default] + hosts: debian + tasks: + - block: # noqa: name[missing] + - name: Role + ansible.builtin.import_role: + name: manala.roles.alloy + always: + - name: Goss + ansible.builtin.command: + cmd: goss --gossfile - validate --retry-timeout 10s + stdin: "{{ lookup('ansible.builtin.template', 'goss/default.yaml.j2') }}" + changed_when: false + +########## +# Config # +########## + +- name: Config + tags: [config] + hosts: debian + vars: + tests_dir: /molecule/alloy/config + tasks: + - name: Clean tests dir # noqa: risky-file-permissions + ansible.builtin.file: + path: "{{ tests_dir }}" + state: "{{ item }}" + loop: [absent, directory] + - block: # noqa: name[missing] + - name: Role - Content + ansible.builtin.import_role: + name: manala.roles.alloy + tasks_from: config + vars: + manala_alloy_config_file: "{{ tests_dir }}/content" + manala_alloy_config_template: ~ + manala_alloy_config: | + Content + - name: Role - Template + ansible.builtin.import_role: + name: manala.roles.alloy + tasks_from: config + vars: + manala_alloy_config_file: "{{ tests_dir }}/template" + manala_alloy_config_template: fixtures/template.j2 + manala_alloy_config: ~ + always: + - name: Goss + ansible.builtin.command: + cmd: goss --gossfile - validate + stdin: "{{ lookup('ansible.builtin.template', 'goss/config.yaml.j2') }}" + changed_when: false diff --git a/molecule/alloy/fixtures/template.j2 b/molecule/alloy/fixtures/template.j2 new file mode 100644 index 000000000..1cea569fe --- /dev/null +++ b/molecule/alloy/fixtures/template.j2 @@ -0,0 +1 @@ +Template diff --git a/molecule/alloy/goss/config.yaml.j2 b/molecule/alloy/goss/config.yaml.j2 new file mode 100644 index 000000000..aabd82033 --- /dev/null +++ b/molecule/alloy/goss/config.yaml.j2 @@ -0,0 +1,19 @@ +--- + +file: + {{ tests_dir }}/content: + exists: true + filetype: file + owner: root + group: root + mode: "0644" + contents: | + Content + {{ tests_dir }}/template: + exists: true + filetype: file + owner: root + group: root + mode: "0644" + contents: | + Template diff --git a/molecule/alloy/goss/default.yaml.j2 b/molecule/alloy/goss/default.yaml.j2 new file mode 100644 index 000000000..885b57179 --- /dev/null +++ b/molecule/alloy/goss/default.yaml.j2 @@ -0,0 +1,22 @@ +--- + +package: + alloy: + installed: true + +service: + alloy: + enabled: true + running: true + +process: + alloy: + running: true + +file: + {{ manala_alloy_config_file }}: + exists: true + filetype: file + owner: root + group: root + mode: "0644" diff --git a/molecule/alloy/molecule.yml b/molecule/alloy/molecule.yml new file mode 100644 index 000000000..e69de29bb diff --git a/molecule/alloy/prepare.yml b/molecule/alloy/prepare.yml new file mode 100644 index 000000000..0094ea366 --- /dev/null +++ b/molecule/alloy/prepare.yml @@ -0,0 +1,12 @@ +--- + +- name: Prepare + tags: [always] + hosts: debian + tasks: + - name: Apt + ansible.builtin.import_role: + name: manala.roles.apt + vars: + manala_apt_preferences: + - alloy@grafana diff --git a/roles/alloy/README.md b/roles/alloy/README.md new file mode 100644 index 000000000..e4390b6c7 --- /dev/null +++ b/roles/alloy/README.md @@ -0,0 +1,95 @@ +# Ansible Role: Alloy + +This role will deal with the configuration of [Alloy](https://grafana.com/docs/alloy/latest/). + +It's part of the [Manala Ansible Collection](https://galaxy.ansible.com/manala/roles). + +## Requirements + +This role is made to work with the __Alloy__ official debian packages, available on the [__grafana__ debian repository](https://grafana.com/docs/agent/latest/set-up/install-agent-linux/#install-on-debian-or-ubuntu). Please use the [**manala.roles.apt**](../apt/) role to handle it properly. + +```yaml +manala_apt_preferences: + - alloy@grafana +``` + +## Dependencies + +None. + +## Installation + +Installation instructions can be found in the main [README.md](https://github.com/manala/ansible-roles/blob/main/README.md) + +## Role Variables + +You can find all variables and default values used by this role in the [defaults/main.yaml](./defaults/main.yaml) file + +### Configuration example + +See : https://grafana.com/docs/alloy/latest/configure/ + + +``` +manala_alloy_config: | + # Sample config for Alloy + # For a full configuration reference, see: https://grafana.com/docs/alloy/latest/get-started/configuration-syntax/. + + // Collection: mount a local directory with a certain path spec + local.file_match "applogs" { + path_targets = [{"__path__" = "/tmp/app-logs/app.log"}] + } + + // Collection: Take the file match as input, and scrape those mounted log files + loki.source.file "local_files" { + targets = local.file_match.applogs.targets + + // This specifies which component should process the logs next, the "link in the chain" + forward_to = [loki.process.add_new_label.receiver] + } + + // Transformation: pull some data out of the log message, and turn it into a label + loki.process "add_new_label" { + stage.logfmt { + mapping = { + "extracted_level" = "level", + } + } + + // Add the value of "extracted_level" from the extracted map as a "level" label + stage.labels { + values = { + "level" = "extracted_level", + } + } + + // The next link in the chain is the local_loki "receiver" (receives the telemetry) + forward_to = [loki.write.local_loki.receiver] + } + + // Anything that comes into this component gets written to the loki remote API + loki.write "local_loki" { + endpoint { + url = "http://loki:3100/loki/api/v1/push" + } + } +``` + +## Example playbook + +```yaml +- hosts: foo + tasks: + - ansible.builtin.import_role: + name: manala.roles.alloy +``` + +# Licencing + +This collection is distributed under the MIT license. + +See [LICENSE](https://opensource.org/licenses/MIT) to see the full text. + +# Author information + +Manala [**(http://www.manala.io/)**](http://www.manala.io) diff --git a/roles/alloy/defaults/main.yaml b/roles/alloy/defaults/main.yaml new file mode 100644 index 000000000..87760f982 --- /dev/null +++ b/roles/alloy/defaults/main.yaml @@ -0,0 +1,11 @@ +--- + +# Install +manala_alloy_install_packages: ~ +manala_alloy_install_packages_default: + - alloy + +# Config +manala_alloy_config_file: /etc/alloy/config.alloy +manala_alloy_config_template: ~ +manala_alloy_config: ~ diff --git a/roles/alloy/meta/main.yaml b/roles/alloy/meta/main.yaml new file mode 100644 index 000000000..3540df041 --- /dev/null +++ b/roles/alloy/meta/main.yaml @@ -0,0 +1,22 @@ +--- + +dependencies: [] + +galaxy_info: + + role_name: alloy + author: Manala + company: Manala + description: Handle alloy + license: MIT + min_ansible_version: 2.15.0 + issue_tracker_url: https://github.com/manala/ansible-roles/issues + platforms: + - name: Debian + versions: + - buster + - bullseye + - bookworm + galaxy_tags: + - monitoring + - alloy diff --git a/roles/alloy/tasks/config.yaml b/roles/alloy/tasks/config.yaml new file mode 100644 index 000000000..156a870c5 --- /dev/null +++ b/roles/alloy/tasks/config.yaml @@ -0,0 +1,12 @@ +--- + +- name: Config > Template + ansible.builtin.template: + src: "{{ manala_alloy_config_template | ternary(manala_alloy_config_template, 'config/_default.j2') }}" + dest: "{{ manala_alloy_config_file }}" + owner: root + group: root + mode: "0644" + when: manala_alloy_config_template + or manala_alloy_config + register: __manala_alloy_config_template_result diff --git a/roles/alloy/tasks/install.yaml b/roles/alloy/tasks/install.yaml new file mode 100644 index 000000000..25bc4c9df --- /dev/null +++ b/roles/alloy/tasks/install.yaml @@ -0,0 +1,10 @@ +--- + +- name: Install > Packages + ansible.builtin.apt: + name: "{{ item }}" + install_recommends: false + update_cache: true + cache_valid_time: 3600 + loop: + - "{{ manala_alloy_install_packages | default(manala_alloy_install_packages_default, True) }}" diff --git a/roles/alloy/tasks/main.yaml b/roles/alloy/tasks/main.yaml new file mode 100644 index 000000000..d8a1122fd --- /dev/null +++ b/roles/alloy/tasks/main.yaml @@ -0,0 +1,20 @@ +--- + +- name: Install + ansible.builtin.import_tasks: install.yaml + tags: + - manala_alloy + - manala_alloy.install + +- name: Config + ansible.builtin.import_tasks: config.yaml + tags: + - manala_alloy + - manala_alloy.config + +- name: Services + ansible.builtin.import_tasks: services.yaml + tags: + - manala_alloy + - manala_alloy.services + - manala.services diff --git a/roles/alloy/tasks/services.yaml b/roles/alloy/tasks/services.yaml new file mode 100644 index 000000000..9fc193551 --- /dev/null +++ b/roles/alloy/tasks/services.yaml @@ -0,0 +1,20 @@ +--- + +- name: Services > Services + ansible.builtin.service: + name: "{{ item }}" + state: |- + {{ + 'restarted' + if ( + __manala_alloy_config_template_result | default({}) is changed + ) else + 'started' + }} + enabled: true + # Ensure `systemctl daemon-reload` is run, even if package post-install script + # does not handle it properly. + # See: https://github.com/grafana/agent/issues/2653 + daemon_reload: true + loop: + - alloy diff --git a/roles/alloy/templates/config/_default.j2 b/roles/alloy/templates/config/_default.j2 new file mode 100644 index 000000000..7e992cd83 --- /dev/null +++ b/roles/alloy/templates/config/_default.j2 @@ -0,0 +1,3 @@ +{%- set config = manala_alloy_config -%} + +{{ config }} From 7ba0e49ba1f97099ca473079a687c14bf0171f9f Mon Sep 17 00:00:00 2001 From: ethinot Date: Wed, 9 Oct 2024 11:53:27 +0200 Subject: [PATCH 2/3] =?UTF-8?q?[Alloy]=C2=A0Init=20role=20and=20molecule?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/molecule.alloy.yaml | 25 +++++++++++++++++++++++++ CHANGELOG.md | 4 ++++ roles/alloy/tasks/services.yaml | 4 ---- 3 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/molecule.alloy.yaml diff --git a/.github/workflows/molecule.alloy.yaml b/.github/workflows/molecule.alloy.yaml new file mode 100644 index 000000000..e8e1abef6 --- /dev/null +++ b/.github/workflows/molecule.alloy.yaml @@ -0,0 +1,25 @@ +name: Molecule - Alloy + +on: + pull_request: + paths: + - .manala.yaml + - .github/workflows/molecule.alloy.yaml + - .config/molecule/config.yml + - molecule/Dockerfile.* + - molecule/alloy/** + - roles/alloy/** + workflow_dispatch: + inputs: + debug: + type: boolean + description: Run with tmate debugging + required: false + default: false + +jobs: + alloy: + uses: ./.github/workflows/molecule.yaml + with: + debug: ${{ inputs.debug == true }} + scenario: alloy diff --git a/CHANGELOG.md b/CHANGELOG.md index 34247b9c0..c57ec000f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Added +- [Alloy] Add installation and basics configuration role and test it with molecule + + ## [4.2.2] - 2024-09-20 ### Fixed - [Fail2ban] Fix Bookworm sshd jail by installing python3-systemd diff --git a/roles/alloy/tasks/services.yaml b/roles/alloy/tasks/services.yaml index 9fc193551..4f9350cd7 100644 --- a/roles/alloy/tasks/services.yaml +++ b/roles/alloy/tasks/services.yaml @@ -12,9 +12,5 @@ 'started' }} enabled: true - # Ensure `systemctl daemon-reload` is run, even if package post-install script - # does not handle it properly. - # See: https://github.com/grafana/agent/issues/2653 - daemon_reload: true loop: - alloy From f1277ff7b5093dfdcb09032f7ac4ed51f0e60cf7 Mon Sep 17 00:00:00 2001 From: ethinot Date: Wed, 9 Oct 2024 11:53:27 +0200 Subject: [PATCH 3/3] =?UTF-8?q?[Alloy]=C2=A0Init=20role=20and=20molecule?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/alloy/tasks/services.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/alloy/tasks/services.yaml b/roles/alloy/tasks/services.yaml index 4f9350cd7..8265b5a38 100644 --- a/roles/alloy/tasks/services.yaml +++ b/roles/alloy/tasks/services.yaml @@ -12,5 +12,6 @@ 'started' }} enabled: true + daemon_reload: "{{ (ansible_facts.distribution_release in ['buster']) | ternary(True, omit) }}" loop: - alloy