diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..d485ed2 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,3 @@ +skip_list: + - '204' + - '303' diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..05176ca --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.kitchen/ +.vagrant/ +playbook.retry diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..c995400 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,4 @@ +include: + - project: "public-group/gitlab-shared-pipelines" + ref: master + file: "/gitlab-ansible-tests.yml" diff --git a/.kitchen.yml b/.kitchen.yml new file mode 100644 index 0000000..bed335b --- /dev/null +++ b/.kitchen.yml @@ -0,0 +1,25 @@ +--- +driver: + name: vagrant + +provisioner: + hosts: test-kitchen + name: ansible_playbook + ansible_connection: ssh + require_chef_for_busser: false + require_ruby_for_busser: false + ansible_version: 2.7.10-1ppa~trusty + ansible_host_key_checking: false + ansible_verbosity: 2 + ansible_verbose: true + playbook: tests/playbook.yml + +platforms: + - name: debian/stretch64-9.6 + driver: + box: debian/stretch64 + box_version: 9.6 + +suites: + - name: default + diff --git a/README.md b/README.md new file mode 100644 index 0000000..4235dda --- /dev/null +++ b/README.md @@ -0,0 +1,51 @@ +Role Name +========= + +VictoriaMetrics + +Role Variables +-------------- + +``` +--- +victoriametrics_repo_url: "https://github.com/VictoriaMetrics/VictoriaMetrics" +victoriametrics_download_url: "{{ victoriametrics_repo_url }}/releases/download/{{ victoriametrics_version }}/victoria-metrics-{{ victoriametrics_version }}.tar.gz" +victoriametrics_version: "v1.28.0" +victoriametrics_system_user: "victoriametrics" +victoriametrics_system_group: "{{ victoriametrics_system_user }}" +victoriametrics_delete_auth_key: "secret" +victoriametrics_snapshot_auth_key: "secret" +victoriametrics_service_args: "" +``` + + +Example Playbook +---------------- + +``` +- hosts: servers + roles: + - "ansible-victoriametrics-role" +``` + +Tests +------------ +``` +# deps +gem install kitchen-ansible --no-document +gem install kitchen-vagrant --no-document + +# test +kitchen converge + +``` + +License +------- + +BSD + +Author Information +------------------ + +sre@dreamteam.gg diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..39333c6 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,10 @@ +--- +# defaults file for VictoriaMetrics +victoriametrics_repo_url: "https://github.com/VictoriaMetrics/VictoriaMetrics" +victoriametrics_download_url: "{{ victoriametrics_repo_url }}/releases/download/{{ victoriametrics_version }}/victoria-metrics-{{ victoriametrics_version }}.tar.gz" +victoriametrics_version: "v1.13.0" +victoriametrics_system_user: "victoriametrics" +victoriametrics_system_group: "{{ victoriametrics_system_user }}" +victoriametrics_data_dir: "/var/opt/victoria-metrics/" +victoriametrics_service_args: "-storageDataPath {{ victoriametrics_data_dir }}" +victoriametrics_max_open_files: 2097152 diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..ac489d5 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,8 @@ +# handlers file for VictoriaMetrics +--- +- name: Restart VictoriaMetrics service + become: true + systemd: + daemon_reload: true + name: victoriametrics + state: restarted diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..b509422 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,13 @@ +galaxy_info: + author: sre@dreamteam.gg + description: Role for VictoriaMetrics + company: Dreamteam + license: BSD + min_ansible_version: 2.4 + galaxy_tags: [] + platforms: + - name: Debian + versions: + - 9 +dependencies: [] + diff --git a/tasks/configure.yml b/tasks/configure.yml new file mode 100644 index 0000000..f240d9e --- /dev/null +++ b/tasks/configure.yml @@ -0,0 +1,10 @@ +--- +- name: Copy VictoriaMetrics systemd unit file + template: + src: victoriametrics.service.j2 + dest: /etc/systemd/system/victoriametrics.service + owner: root + group: root + mode: 0644 + notify: Restart VictoriaMetrics service + no_log: True diff --git a/tasks/install.yml b/tasks/install.yml new file mode 100644 index 0000000..2fe4473 --- /dev/null +++ b/tasks/install.yml @@ -0,0 +1,42 @@ +--- +- name: Create VictoriaMetrics system group + group: + name: "{{ victoriametrics_system_group }}" + state: present + system: true + when: victoriametrics_system_group != "root" + +- name: Create VictoriaMetrics system user + user: + name: "{{ victoriametrics_system_user }}" + groups: "{{ victoriametrics_system_group }}" + append: true + shell: /usr/sbin/nologin + system: true + createhome: false + when: victoriametrics_system_user != "root" + +- name: Ensure existense of /usr/local/bin + file: + path: /usr/local/bin + state: directory + mode: 0755 + +- name: Ensure existense of VictoriaMetrics storage directory + file: + path: "{{ victoriametrics_data_dir }}" + state: directory + mode: 0755 + owner: "{{ victoriametrics_system_user }}" + group: "{{ victoriametrics_system_group }}" + +- name: Download and unarchive VictoriaMetrics release binary + unarchive: + src: "{{ victoriametrics_download_url }}" + dest: /usr/local/bin + mode: 0750 + owner: "{{ victoriametrics_system_user }}" + group: "{{ victoriametrics_system_group }}" + remote_src: yes + notify: Restart VictoriaMetrics service + when: not ansible_check_mode diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..6163cf6 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,13 @@ +--- +# tasks file for VictoriaMetrics +- import_tasks: preinstall.yml +- import_tasks: install.yml +- import_tasks: configure.yml + +- name: Ensure VictoriaMetrics service is enabled on boot + become: true + systemd: + daemon_reload: true + name: victoriametrics + enabled: true + state: started diff --git a/tasks/preinstall.yml b/tasks/preinstall.yml new file mode 100644 index 0000000..523b814 --- /dev/null +++ b/tasks/preinstall.yml @@ -0,0 +1,15 @@ +--- +- name: Assert usage of systemd as an init system + assert: + that: ansible_service_mgr == 'systemd' + msg: "This role only works with systemd" + +- name: Get systemd version + command: systemctl --version + changed_when: false + check_mode: false + register: __systemd_version + +- name: Set systemd version fact + set_fact: + victoriametrics_systemd_version: "{{ __systemd_version.stdout_lines[0].split(' ')[-1] }}" diff --git a/templates/victoriametrics.service.j2 b/templates/victoriametrics.service.j2 new file mode 100644 index 0000000..54ecf5a --- /dev/null +++ b/templates/victoriametrics.service.j2 @@ -0,0 +1,31 @@ +{{ ansible_managed | comment }} + +[Unit] +Description=Description=VictoriaMetrics service +After=network.target + +[Service] +Type=simple +LimitNOFILE={{ victoriametrics_max_open_files }} +User={{ victoriametrics_system_user }} +Group={{ victoriametrics_system_group }} +ExecStart=/usr/local/bin/victoria-metrics-prod \ + {{ victoriametrics_service_args }} + +SyslogIdentifier=victoriametrics +Restart=always + +PrivateTmp=yes +ProtectHome=yes +NoNewPrivileges=yes + +ProtectSystem=full + +{% if victoriametrics_systemd_version | int >= 232 %} +ProtectControlGroups=true +ProtectKernelModules=true +ProtectKernelTunables=yes +{% endif %} + +[Install] +WantedBy=multi-user.target diff --git a/tests/playbook.yml b/tests/playbook.yml new file mode 100644 index 0000000..1a3e82e --- /dev/null +++ b/tests/playbook.yml @@ -0,0 +1,5 @@ +--- +- hosts: all + become: true + roles: + - "ansible-victoriametrics-role"