Added first version of prometheus role

roles/service-prometheus/defaults/main.yml

@@ -0,0 +1,7 @@
+prometheus_user: prometheus
+prometheus_group: prometheus
+prometheus_home: /opt/prometheus
+prometheus_version: "1.4.1"
+prometheus_download_url: "https://github.com/prometheus/prometheus/releases/download/v{{ prometheus_version }}/prometheus-{{ prometheus_version }}.linux-amd64.tar.gz"
+prometheus_domain: prometheus.ffdo.de
+prometheus_web_url: "https://{{ prometheus_domain }}"

roles/service-prometheus/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Restart prometheus
+  service: name=prometheus state=restarted
+
+- name: Reload nginx
+  service: name=nginx state=reloaded

roles/service-prometheus/tasks/main.yml

@@ -0,0 +1,61 @@
+---
+
+- name: Ensure prometheus group exists
+  become: yes
+  group:
+    name: "{{ prometheus_group }}"
+    system: yes
+    state: present
+
+- name: Ensure prometheus user exists
+  become: yes
+  user:
+    name: "{{ prometheus_user }}"
+    group: "{{ prometheus_group }}"
+    home: "{{ prometheus_home }}"
+    system: yes
+    createhome: yes
+    state: present
+
+- name: Download and extract prometheus {{ prometheus_version }}
+  unarchive:
+    remote_src: yes
+    src: "{{ prometheus_download_url }}"
+    dest: "{{ prometheus_home }}"
+    owner: "{{ prometheus_user }}"
+    group: "{{ prometheus_group }}"
+
+- name: Ensure link to default prometheus directory is up to date
+  file:
+    state: link
+    src: "{{ prometheus_home }}/prometheus-{{ prometheus_version }}.linux-amd64"
+    dest: "{{ prometheus_home }}/prometheus"
+
+- name: Ensure prometheus config is up to date
+  template:
+    src: prometheus_config.j2
+    dest: "{{ prometheus_home }}/config.yml"
+    owner: "{{ prometheus_user }}"
+    group: "{{ prometheus_group }}"
+  notify: Restart prometheus
+
+- name: Ensure prometheus systemd unit is up to date
+  become: yes
+  register: prometheus_systemd
+  template:
+    src: prometheus.service.j2
+    dest: /etc/systemd/system/prometheus.service
+  notify: Restart prometheus
+
+- name: Reload systemd units
+  become: yes
+  when: prometheus_systemd|changed
+  shell: systemctl daemon-reload
+
+- name: Ensure prometheus is running and enabled
+  service:
+    name: prometheus
+    state: started
+    enabled: yes
+
+- include: nginx.yml

roles/service-prometheus/tasks/nginx.yml

@@ -0,0 +1,33 @@
+---
+- name: Ensure nginx configuration is up to date
+  become: yes
+  template:
+    src: "prometheus_nginx.conf.j2"
+    dest: "/etc/nginx/sites-available/prometheus.conf"
+  notify: Reload nginx
+
+- name: Ensure nginx is running
+  become: yes
+  service:
+    name: nginx
+    state: started
+
+- stat:
+    path: "/var/lib/acme/live/{{ prometheus_domain }}/privkey"
+  become: yes
+  register: prometheus_key_file_stat
+
+- name: Let acmetool generate a key and a certificate
+  become: yes
+  when: not prometheus_key_file_stat.stat.exists
+  shell: /usr/bin/acmetool want --batch {{ prometheus_domain }}
+  notify: Restart nginx
+
+
+- name: Ensure prometheus configuration for nginx is enabled
+  become: yes
+  file: 
+    state: link
+    dest: /etc/nginx/sites-enabled/prometheus.conf
+    src: /etc/nginx/sites-available/prometheus.conf 
+  notify: Reload nginx

roles/service-prometheus/templates/prometheus.service.j2

@@ -0,0 +1,16 @@
+[Unit]
+Description=Prometheus monitoring system
+After=syslog.target
+After=network.target
+
+[Service]
+Type=simple
+User={{ prometheus_user }}
+Group={{ prometheus_group }}
+WorkingDirectory={{ prometheus_home }}
+ExecStart={{ prometheus_home }}/prometheus/prometheus -config.file {{ prometheus_home }}/config.yml -web.listen-address 127.0.0.1:9090 -web.external-url {{ prometheus_web_url }}
+Restart=always
+Environment=USER={{ prometheus_user }} HOME={{ prometheus_home }}
+
+[Install]
+WantedBy=multi-user.target

roles/service-prometheus/templates/prometheus_config.j2

@@ -0,0 +1,19 @@
+global:
+  scrape_interval:     15s # By default, scrape targets every 15 seconds.
+
+  # Attach these labels to any time series or alerts when communicating with
+  # external systems (federation, remote storage, Alertmanager).
+  external_labels:
+    monitor: 'ffdo'
+
+# A scrape configuration containing exactly one endpoint to scrape:
+# Here it's Prometheus itself.
+scrape_configs:
+  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
+  - job_name: 'prometheus'
+
+    # Override the global default and scrape targets from this job every 5 seconds.
+    scrape_interval: 5s
+
+    static_configs:
+      - targets: ['localhost:9090']

roles/service-prometheus/templates/prometheus_nginx.conf.j2

@@ -0,0 +1,23 @@
+server {
+  listen          443 ssl http2 default_server;
+  listen          [::]:443 ssl http2 default_server;
+  server_name     {{ prometheus_domain }};
+
+  include /etc/nginx/ssl.conf;
+
+  ssl_certificate /var/lib/acme/live/{{ prometheus_domain }}/fullchain;
+  ssl_certificate_key /var/lib/acme/live/{{ prometheus_domain }}/privkey;
+
+  access_log off;
+
+  location / {
+    proxy_http_version      1.1;
+    proxy_set_header        Host $host;
+    proxy_set_header        X-Real-IP $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Forwarded-Proto $scheme;
+
+    proxy_pass              http://localhost:9090;
+    proxy_redirect          off;
+  }
+}