| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231 |
- ---
- # set facts
- - include_tasks: facts.yaml
- # namespace
- - name: Add prometheus project
- oc_project:
- state: present
- name: "{{ openshift_prometheus_namespace }}"
- node_selector: "{{ openshift_prometheus_node_selector | lib_utils_oo_selector_to_string_list() }}"
- description: Prometheus
- # secrets
- - name: Set alert, alertmanager and prometheus secrets
- oc_secret:
- state: present
- name: "{{ item }}-proxy"
- namespace: "{{ openshift_prometheus_namespace }}"
- contents:
- - path: session_secret
- data: "{{ 43 | lib_utils_oo_random_word }}="
- with_items:
- - prometheus
- - alerts
- - alertmanager
- # serviceaccount
- - name: create prometheus serviceaccount
- oc_serviceaccount:
- state: present
- name: "{{ openshift_prometheus_service_name }}"
- namespace: "{{ openshift_prometheus_namespace }}"
- changed_when: no
- # TODO remove this when annotations are supported by oc_serviceaccount
- - name: annotate serviceaccount
- command: >
- {{ openshift_client_binary }} annotate --overwrite -n {{ openshift_prometheus_namespace }}
- serviceaccount {{ openshift_prometheus_service_name }} {{ item }}
- with_items:
- "{{ openshift_prometheus_serviceaccount_annotations }}"
- # create clusterrolebinding for prometheus serviceaccount
- - name: Set cluster-reader permissions for prometheus
- oc_adm_policy_user:
- state: present
- namespace: "{{ openshift_prometheus_namespace }}"
- resource_kind: cluster-role
- resource_name: cluster-reader
- user: "system:serviceaccount:{{ openshift_prometheus_namespace }}:{{ openshift_prometheus_service_name }}"
- - name: create services for prometheus
- oc_service:
- name: "{{ openshift_prometheus_service_name }}"
- namespace: "{{ openshift_prometheus_namespace }}"
- labels:
- name: prometheus
- annotations:
- oprometheus.io/scrape: 'true'
- oprometheus.io/scheme: https
- service.alpha.openshift.io/serving-cert-secret-name: prometheus-tls
- ports:
- - name: prometheus
- port: "{{ openshift_prometheus_service_port }}"
- targetPort: "{{ openshift_prometheus_service_targetport }}"
- protocol: TCP
- selector:
- app: prometheus
- - name: create services for alert buffer
- oc_service:
- name: "{{ openshift_prometheus_alerts_service_name }}"
- namespace: "{{ openshift_prometheus_namespace }}"
- labels:
- name: prometheus
- annotations:
- service.alpha.openshift.io/serving-cert-secret-name: alerts-tls
- ports:
- - name: prometheus
- port: "{{ openshift_prometheus_service_port }}"
- targetPort: "{{ openshift_prometheus_alerts_service_targetport }}"
- protocol: TCP
- selector:
- app: prometheus
- - name: create services for alertmanager
- oc_service:
- name: "{{ openshift_prometheus_alertmanager_service_name }}"
- namespace: "{{ openshift_prometheus_namespace }}"
- labels:
- name: prometheus
- annotations:
- service.alpha.openshift.io/serving-cert-secret-name: alertmanager-tls
- ports:
- - name: prometheus
- port: "{{ openshift_prometheus_service_port }}"
- targetPort: "{{ openshift_prometheus_alertmanager_service_targetport }}"
- protocol: TCP
- selector:
- app: prometheus
- # create prometheus and alerts routes
- # TODO: oc_route module should support insecureEdgeTerminationPolicy: Redirect
- - name: create prometheus and alerts routes
- oc_route:
- state: present
- name: "{{ item.name }}"
- host: "{{ item.host }}"
- namespace: "{{ openshift_prometheus_namespace }}"
- service_name: "{{ item.name }}"
- tls_termination: reencrypt
- with_items:
- - name: prometheus
- host: "{{ openshift_prometheus_hostname }}"
- - name: alerts
- host: "{{ openshift_prometheus_alerts_hostname }}"
- - name: alertmanager
- host: "{{ openshift_prometheus_alertmanager_hostname }}"
- # Storage
- - name: create prometheus pvc
- oc_pvc:
- namespace: "{{ openshift_prometheus_namespace }}"
- name: "{{ openshift_prometheus_pvc_name }}"
- access_modes: "{{ openshift_prometheus_pvc_access_modes }}"
- volume_capacity: "{{ openshift_prometheus_pvc_size }}"
- selector: "{{ openshift_prometheus_pvc_pv_selector }}"
- storage_class_name: "{{ openshift_prometheus_sc_name }}"
- when: openshift_prometheus_storage_type == 'pvc'
- - name: create alertmanager pvc
- oc_pvc:
- namespace: "{{ openshift_prometheus_namespace }}"
- name: "{{ openshift_prometheus_alertmanager_pvc_name }}"
- access_modes: "{{ openshift_prometheus_alertmanager_pvc_access_modes }}"
- volume_capacity: "{{ openshift_prometheus_alertmanager_pvc_size }}"
- selector: "{{ openshift_prometheus_alertmanager_pvc_pv_selector }}"
- storage_class_name: "{{ openshift_prometheus_alertmanager_sc_name }}"
- when: openshift_prometheus_alertmanager_storage_type == 'pvc'
- - name: create alertbuffer pvc
- oc_pvc:
- namespace: "{{ openshift_prometheus_namespace }}"
- name: "{{ openshift_prometheus_alertbuffer_pvc_name }}"
- access_modes: "{{ openshift_prometheus_alertbuffer_pvc_access_modes }}"
- volume_capacity: "{{ openshift_prometheus_alertbuffer_pvc_size }}"
- selector: "{{ openshift_prometheus_alertbuffer_pvc_pv_selector }}"
- storage_class_name: "{{ openshift_prometheus_alertbuffer_sc_name }}"
- when: openshift_prometheus_alertbuffer_storage_type == 'pvc'
- # prometheus configmap
- # Copy the additional rules file if it is defined
- - name: Copy additional rules file to host
- copy:
- src: "{{ openshift_prometheus_additional_rules_file }}"
- dest: "{{ tempdir }}/prometheus.additional.rules"
- when:
- - openshift_prometheus_additional_rules_file is defined
- - openshift_prometheus_additional_rules_file is not none
- - openshift_prometheus_additional_rules_file | trim | length > 0
- - stat:
- path: "{{ tempdir }}/prometheus.additional.rules"
- register: additional_rules_stat
- - template:
- src: prometheus.yml.j2
- dest: "{{ tempdir }}/prometheus.yml"
- changed_when: no
- - template:
- src: prometheus.rules.j2
- dest: "{{ tempdir }}/prometheus.rules"
- changed_when: no
- # In prometheus configmap create "additional.rules" section if file exists
- - name: Set prometheus configmap
- oc_configmap:
- state: present
- name: "prometheus"
- namespace: "{{ openshift_prometheus_namespace }}"
- from_file:
- prometheus.rules: "{{ tempdir }}/prometheus.rules"
- prometheus.additional.rules: "{{ tempdir }}/prometheus.additional.rules"
- prometheus.yml: "{{ tempdir }}/prometheus.yml"
- when: additional_rules_stat.stat.exists == True
- - name: Set prometheus configmap
- oc_configmap:
- state: present
- name: "prometheus"
- namespace: "{{ openshift_prometheus_namespace }}"
- from_file:
- prometheus.rules: "{{ tempdir }}/prometheus.rules"
- prometheus.yml: "{{ tempdir }}/prometheus.yml"
- when: additional_rules_stat.stat.exists == False
- # alertmanager configmap
- - template:
- src: alertmanager.yml.j2
- dest: "{{ tempdir }}/alertmanager.yml"
- changed_when: no
- - name: Set alertmanager configmap
- oc_configmap:
- state: present
- name: "alertmanager"
- namespace: "{{ openshift_prometheus_namespace }}"
- from_file:
- alertmanager.yml: "{{ tempdir }}/alertmanager.yml"
- # create prometheus stateful set
- - name: Set prometheus template
- template:
- src: prometheus.j2
- dest: "{{ tempdir }}/templates/prometheus.yaml"
- vars:
- namespace: "{{ openshift_prometheus_namespace }}"
- # prom_replicas: "{{ openshift_prometheus_replicas }}"
- - name: Set prometheus stateful set
- oc_obj:
- state: present
- name: "prometheus"
- namespace: "{{ openshift_prometheus_namespace }}"
- kind: statefulset
- files:
- - "{{ tempdir }}/templates/prometheus.yaml"
- delete_after: true
|
