Add monitoring host with prometheus role

ansible/inventories/production/host_vars/monitoring.home.jthan.io/vars.yaml

@@ -0,0 +1,2 @@
+prometheus_version: 3.9.1
+prometheus_sha256: 86a6999dd6aacbd994acde93c77cfa314d4be1c8e7b7c58f444355c77b32c584

ansible/inventories/production/hosts.ini

@@ -9,3 +9,6 @@ pangolin.jthan.io
 
 [authentik]
 authentik.home.jthan.io ansible_host=192.168.1.8
+
+[monitoring]
+monitoring.home.jthan.io ansible_host=192.168.1.12

ansible/monitoring.yaml

@@ -0,0 +1,6 @@
+---
+# file: pangolin.yaml
+- hosts: monitoring
+  roles:
+    - common
+    - prometheus

ansible/roles/prometheus/handlers/main.yaml

@@ -0,0 +1,4 @@
+- name: Restart prometheus
+  service:
+    name: prometheus
+    state: restarted

ansible/roles/prometheus/tasks/main.yaml

@@ -0,0 +1,73 @@
+- name: Download and verify the prometheus archive
+  get_url:
+    url: https://github.com/prometheus/prometheus/releases/download/v{{ prometheus_version }}/prometheus-{{ prometheus_version }}.linux-amd64.tar.gz
+    dest: /tmp/prometheus-{{ prometheus_version }}.linux-amd64.tar.gz
+    checksum: "sha256:{{ prometheus_sha256 }}"
+  register: download_result
+
+- name: Unarchive prometheus binary
+  unarchive:
+    src: {{ download_result.dest }}
+    dest: /usr/local/bin/prometheus
+    remote_src: true # Indicates the source file is on the remote host
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Create a prometheus group
+  group:
+    name: prometheus
+    state: present
+    gid: 1051
+
+- name: Create a prometheus user
+  user:
+    name: prometheus
+    uid: 1051
+    group: 1051
+    comment: "prometheus user"
+    shell: /bin/bash
+    state: present
+    create_home: no
+
+- name: Create prometheus data and config directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0750
+    owner: prometheus
+    group: prometheus
+  loop:
+    - /var/lib/prometheus
+    - /etc/prometheus
+
+- name: Install prometheus config
+  template:
+    src: templates/prometheus.yml.j2
+    dest: /etc/prometheus/prometheus.yml
+    owner: prometheus
+    group: prometheus
+    mode: '0640'
+  notify: Restart prometheus
+
+- name: Install prometheus service
+  template:
+    src: templates/prometheus.service.j2
+    dest: /etc/systemd/system/prometheus.service
+    owner: root
+    group: root
+    mode: 0640
+  register: prometheus_service
+  notify: Restart prometheus
+
+- name: systemctl daemon-reload to pickup prometheus service changes
+  systemd_service:
+    daemon_reload: true
+  when: prometheus_service.changed
+  notify: Restart prometheus
+
+- name: Start and enable prometheus
+  service:
+    name: prometheus
+    state: started
+    enabled: true

ansible/roles/prometheus/tasks/templates/prometheus.service.j2

@@ -0,0 +1,15 @@
+[Unit]
+Description=Prometheus Server
+Documentation=https://prometheus.io
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+User=prometheus
+Group=prometheus
+Type=simple
+ExecStart=/usr/local/bin/prometheus --config.file=/etc/prometheus/prometheus.yml --storage.tsdb.path=/var/lib/prometheus/
+
+[Install]
+WantedBy=multi-user.target
+

ansible/roles/prometheus/tasks/templates/prometheus.yml.j2

@@ -0,0 +1,18 @@
+global:
+  scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
+  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
+
+alerting:
+  alertmanagers:
+    - static_configs:
+        - targets:
+          # - alertmanager:9093
+
+rule_files:
+  # - "first_rules.yml"
+  # - "second_rules.yml"
+
+scrape_configs:
+  - job_name: "prometheus"
+    static_configs:
+      - targets: ["localhost:9090"]

ansible/site.yaml

@@ -4,4 +4,5 @@
 - import_playbook: gitea.yaml
 - import_playbook: dns.yaml
 - import_playbook: pangolin.yaml
+- import_playbook: monitoring.yaml
 #- import_playbook: authentik.yaml