├── CODEOWNERS ├── meta └── runtime.yml ├── .gitignore ├── roles ├── vmauth │ ├── meta │ │ └── main.yml │ ├── templates │ │ ├── auth.yaml.j2 │ │ ├── vmauth.conf.j2 │ │ └── vmauth.service.j2 │ ├── molecule │ │ ├── default │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ ├── enterprise │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ ├── download-to-control │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ └── proxy │ │ │ ├── tests │ │ │ └── test_default.yml │ │ │ ├── molecule.yml │ │ │ ├── converge.yml │ │ │ └── verify.yml │ ├── handlers │ │ └── main.yml │ ├── vars │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ ├── configure.yml │ │ ├── preinstall_license.yml │ │ ├── preinstall.yml │ │ └── install.yml │ └── defaults │ │ └── main.yml ├── vlsingle │ ├── .gitignore │ ├── meta │ │ └── main.yml │ ├── .ansible-lint │ ├── tests │ │ └── playbook.yml │ ├── molecule │ │ ├── default │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ ├── download-to-control │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ └── proxy │ │ │ ├── tests │ │ │ └── test_default.yml │ │ │ ├── molecule.yml │ │ │ ├── converge.yml │ │ │ └── verify.yml │ ├── handlers │ │ └── main.yml │ ├── vars │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ ├── configure.yml │ │ └── preinstall.yml │ ├── .yamllint │ ├── templates │ │ └── victorialogs.service.j2 │ └── defaults │ │ └── main.yml ├── vmagent │ ├── .gitignore │ ├── meta │ │ └── main.yml │ ├── .ansible-lint │ ├── templates │ │ ├── prometheus_scrape.yml.j2 │ │ ├── stream_aggregation.yml.j2 │ │ ├── vmagent.service.j2 │ │ └── upstart.j2 │ ├── molecule │ │ ├── default │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ ├── enterprise │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ ├── download-to-control │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ └── proxy │ │ │ ├── tests │ │ │ └── test_default.yml │ │ │ ├── molecule.yml │ │ │ ├── converge.yml │ │ │ └── verify.yml │ ├── tasks │ │ ├── check.yml │ │ ├── main.yml │ │ ├── preinstall_license.yml │ │ ├── preinstall.yml │ │ ├── configure.yml │ │ └── install.yml │ ├── handlers │ │ └── main.yml │ ├── vars │ │ └── main.yml │ ├── .yamllint │ └── defaults │ │ └── main.yml ├── vmalert │ ├── .gitignore │ ├── meta │ │ └── main.yml │ ├── .ansible-lint │ ├── tests │ │ └── playbook.yml │ ├── molecule │ │ ├── default │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ ├── enterprise │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ ├── download-to-control │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ └── proxy │ │ │ ├── tests │ │ │ └── test_default.yml │ │ │ ├── molecule.yml │ │ │ ├── converge.yml │ │ │ └── verify.yml │ ├── vars │ │ └── main.yml │ ├── templates │ │ ├── alerts.yml.j2 │ │ ├── systemd-service.j2 │ │ └── upstart.j2 │ ├── tasks │ │ ├── main.yml │ │ ├── preinstall_license.yml │ │ ├── preinstall.yml │ │ └── configure.yml │ ├── handlers │ │ └── main.yml │ ├── .yamllint │ └── defaults │ │ └── main.yml ├── vminsert │ ├── meta │ │ └── main.yml │ ├── templates │ │ ├── relabeling.yaml.j2 │ │ ├── vminsert.conf.j2 │ │ └── vminsert.service.j2 │ ├── molecule │ │ ├── default │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ ├── enterprise │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ ├── download-to-control │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ └── proxy │ │ │ ├── tests │ │ │ └── test_default.yml │ │ │ ├── molecule.yml │ │ │ ├── converge.yml │ │ │ └── verify.yml │ ├── handlers │ │ └── main.yml │ ├── vars │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ ├── configure.yml │ │ ├── preinstall_license.yml │ │ └── preinstall.yml │ └── defaults │ │ └── main.yml ├── vmselect │ ├── meta │ │ └── main.yml │ ├── molecule │ │ ├── default │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ ├── enterprise │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ ├── download-to-control │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ └── proxy │ │ │ ├── tests │ │ │ └── test_default.yml │ │ │ ├── molecule.yml │ │ │ ├── converge.yml │ │ │ └── verify.yml │ ├── handlers │ │ └── main.yml │ ├── templates │ │ ├── vmselect.conf.j2 │ │ └── vmselect.service.j2 │ ├── vars │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ ├── configure.yml │ │ ├── preinstall_license.yml │ │ └── preinstall.yml │ └── defaults │ │ └── main.yml ├── vmsingle │ ├── .gitignore │ ├── meta │ │ └── main.yml │ ├── .ansible-lint │ ├── tests │ │ └── playbook.yml │ ├── molecule │ │ ├── default │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ ├── enterprise │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── molecule.yml │ │ │ └── converge.yml │ │ ├── download-to-control │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ └── proxy │ │ │ ├── tests │ │ │ └── test_default.yml │ │ │ ├── molecule.yml │ │ │ ├── converge.yml │ │ │ └── verify.yml │ ├── templates │ │ ├── creds.j2 │ │ └── victoriametrics.service.j2 │ ├── handlers │ │ └── main.yml │ ├── vars │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ ├── preinstall_license.yml │ │ └── preinstall.yml │ ├── .yamllint │ └── defaults │ │ └── main.yml ├── vmstorage │ ├── meta │ │ └── main.yml │ ├── molecule │ │ ├── default │ │ │ ├── verify.yml │ │ │ ├── converge.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ └── molecule.yml │ │ ├── enterprise │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ ├── download-to-control │ │ │ ├── verify.yml │ │ │ ├── tests │ │ │ │ └── test_default.yml │ │ │ ├── converge.yml │ │ │ └── molecule.yml │ │ └── proxy │ │ │ ├── tests │ │ │ └── test_default.yml │ │ │ ├── molecule.yml │ │ │ ├── converge.yml │ │ │ └── verify.yml │ ├── handlers │ │ └── main.yml │ ├── templates │ │ ├── vmstorage.conf.j2 │ │ └── vmstorage.service.j2 │ ├── vars │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ ├── configure.yml │ │ ├── preinstall_license.yml │ │ └── preinstall.yml │ └── defaults │ │ └── main.yml └── vtsingle │ ├── meta │ └── main.yml │ ├── tests │ └── playbook.yml │ ├── molecule │ ├── default │ │ ├── verify.yml │ │ ├── tests │ │ │ └── test_default.yml │ │ ├── converge.yml │ │ └── molecule.yml │ ├── download-to-control │ │ ├── verify.yml │ │ ├── tests │ │ │ └── test_default.yml │ │ ├── converge.yml │ │ └── molecule.yml │ └── proxy │ │ ├── tests │ │ └── test_default.yml │ │ ├── molecule.yml │ │ ├── converge.yml │ │ └── verify.yml │ ├── handlers │ └── main.yml │ ├── vars │ └── main.yml │ ├── tasks │ ├── main.yml │ ├── configure.yml │ └── preinstall.yml │ ├── templates │ └── victoriatraces.service.j2 │ └── defaults │ └── main.yml ├── ansible.cfg ├── inventory_example ├── single-inventory └── cluster-inventory ├── vm-cluster.png ├── playbooks ├── molecule │ ├── cluster │ │ ├── tests │ │ │ └── test_default.yml │ │ ├── verify.yml │ │ └── converge.yml │ └── cluster-enterprise │ │ ├── tests │ │ └── test_default.yml │ │ └── verify.yml ├── vmsingle.yml ├── cluster.yml └── testing │ └── goss.yml ├── requirements.txt ├── .ansible-lint.yaml ├── .github └── workflows │ ├── lint.yml │ ├── test.yml │ └── release.yml ├── .yamllint └── galaxy.yml /CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @zekker6 2 | -------------------------------------------------------------------------------- /meta/runtime.yml: -------------------------------------------------------------------------------- 1 | --- 2 | requires_ansible: ">=2.10" 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | .vagrant 3 | .vscode 4 | .venv 5 | .ansible 6 | -------------------------------------------------------------------------------- /roles/vmauth/meta/main.yml: -------------------------------------------------------------------------------- 1 | dependencies: [] # noqa: meta-no-info 2 | -------------------------------------------------------------------------------- /roles/vlsingle/.gitignore: -------------------------------------------------------------------------------- 1 | .kitchen/ 2 | .vagrant/ 3 | playbook.retry 4 | -------------------------------------------------------------------------------- /roles/vlsingle/meta/main.yml: -------------------------------------------------------------------------------- 1 | dependencies: [] # noqa: meta-no-info 2 | -------------------------------------------------------------------------------- /roles/vmagent/.gitignore: -------------------------------------------------------------------------------- 1 | .kitchen/ 2 | .vagrant/ 3 | playbook.retry 4 | -------------------------------------------------------------------------------- /roles/vmagent/meta/main.yml: -------------------------------------------------------------------------------- 1 | dependencies: [] # noqa: meta-no-info 2 | -------------------------------------------------------------------------------- /roles/vmalert/.gitignore: -------------------------------------------------------------------------------- 1 | .kitchen/ 2 | .vagrant/ 3 | playbook.retry 4 | -------------------------------------------------------------------------------- /roles/vmalert/meta/main.yml: -------------------------------------------------------------------------------- 1 | dependencies: [] # noqa: meta-no-info 2 | -------------------------------------------------------------------------------- /roles/vminsert/meta/main.yml: -------------------------------------------------------------------------------- 1 | dependencies: [] # noqa: meta-no-info 2 | -------------------------------------------------------------------------------- /roles/vmselect/meta/main.yml: -------------------------------------------------------------------------------- 1 | dependencies: [] # noqa: meta-no-info 2 | -------------------------------------------------------------------------------- /roles/vmsingle/.gitignore: -------------------------------------------------------------------------------- 1 | .kitchen/ 2 | .vagrant/ 3 | playbook.retry 4 | -------------------------------------------------------------------------------- /roles/vmsingle/meta/main.yml: -------------------------------------------------------------------------------- 1 | dependencies: [] # noqa: meta-no-info 2 | -------------------------------------------------------------------------------- /roles/vmstorage/meta/main.yml: -------------------------------------------------------------------------------- 1 | dependencies: [] # noqa: meta-no-info 2 | -------------------------------------------------------------------------------- /roles/vtsingle/meta/main.yml: -------------------------------------------------------------------------------- 1 | dependencies: [] # noqa: meta-no-info 2 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | roles_path = ./roles/ 3 | stdout_callback = yaml -------------------------------------------------------------------------------- /inventory_example/single-inventory: -------------------------------------------------------------------------------- 1 | [all] 2 | vm-single ansible_host=x.x.x.x 3 | -------------------------------------------------------------------------------- /roles/vlsingle/.ansible-lint: -------------------------------------------------------------------------------- 1 | skip_list: 2 | - '204' 3 | - '303' 4 | - '701' 5 | -------------------------------------------------------------------------------- /roles/vmagent/.ansible-lint: -------------------------------------------------------------------------------- 1 | skip_list: 2 | - '204' 3 | - '303' 4 | - '701' 5 | -------------------------------------------------------------------------------- /roles/vmalert/.ansible-lint: -------------------------------------------------------------------------------- 1 | skip_list: 2 | - '204' 3 | - '303' 4 | - '701' 5 | -------------------------------------------------------------------------------- /roles/vmsingle/.ansible-lint: -------------------------------------------------------------------------------- 1 | skip_list: 2 | - '204' 3 | - '303' 4 | - '701' 5 | -------------------------------------------------------------------------------- /vm-cluster.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VictoriaMetrics/ansible-playbooks/HEAD/vm-cluster.png -------------------------------------------------------------------------------- /playbooks/molecule/cluster/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vmauth": 3 | enabled: true 4 | running: true 5 | -------------------------------------------------------------------------------- /playbooks/vmsingle.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Setup VM single 3 | become: true 4 | hosts: all 5 | roles: 6 | - vmsingle 7 | -------------------------------------------------------------------------------- /playbooks/molecule/cluster-enterprise/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vmauth": 3 | enabled: true 4 | running: true 5 | -------------------------------------------------------------------------------- /roles/vlsingle/tests/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Test role 3 | hosts: all 4 | become: true 5 | roles: 6 | - "vlsingle" 7 | -------------------------------------------------------------------------------- /roles/vmauth/templates/auth.yaml.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | 3 | {{ vmauth_auth_config | default('') | indent(2) }} 4 | -------------------------------------------------------------------------------- /roles/vminsert/templates/relabeling.yaml.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | 3 | {{ vminsert_relabel_config | default('') }} 4 | -------------------------------------------------------------------------------- /roles/vmsingle/tests/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Test role 3 | hosts: all 4 | become: true 5 | roles: 6 | - "vmsingle" 7 | -------------------------------------------------------------------------------- /roles/vtsingle/tests/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Test role 3 | hosts: all 4 | become: true 5 | roles: 6 | - "vtsingle" 7 | -------------------------------------------------------------------------------- /roles/vmagent/templates/prometheus_scrape.yml.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | 3 | {{ vmagent_scrape_config | to_nice_yaml }} 4 | -------------------------------------------------------------------------------- /roles/vmagent/templates/stream_aggregation.yml.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | 3 | {{ vmagent_aggregation_config | to_nice_yaml }} 4 | -------------------------------------------------------------------------------- /roles/vmalert/tests/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Test vmalert role 3 | hosts: all 4 | become: true 5 | roles: 6 | - "vmalert" 7 | -------------------------------------------------------------------------------- /roles/vlsingle/molecule/default/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmagent/molecule/default/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmalert/molecule/default/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmauth/molecule/default/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vminsert/molecule/default/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmselect/molecule/default/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmsingle/molecule/default/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vtsingle/molecule/default/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmagent/molecule/enterprise/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmalert/molecule/enterprise/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmauth/molecule/enterprise/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vminsert/molecule/enterprise/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmselect/molecule/enterprise/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmsingle/molecule/enterprise/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmstorage/molecule/default/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmstorage/molecule/enterprise/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmauth/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart vmauth service 3 | ansible.builtin.systemd: 4 | daemon_reload: true 5 | name: vmauth 6 | state: restarted 7 | -------------------------------------------------------------------------------- /roles/vmauth/molecule/download-to-control/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmauth/molecule/proxy/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vmauth": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8427: 8 | listening: true 9 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | ansible-compat==25.8.2 2 | ansible-core==2.19.3 3 | ansible-lint==25.9.2 4 | docker==7.1.0 5 | molecule==25.9.0 6 | molecule-plugins==25.8.12 7 | yamllint==1.37.1 8 | -------------------------------------------------------------------------------- /roles/vlsingle/molecule/download-to-control/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmagent/molecule/download-to-control/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmalert/molecule/download-to-control/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmauth/molecule/default/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vmauth": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8427: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vmauth/molecule/enterprise/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vmauth": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8427: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vminsert/molecule/download-to-control/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vminsert/molecule/enterprise/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vminsert": 3 | enabled: true 4 | running: true 5 | port: 6 | tcp:8480: 7 | listening: true 8 | -------------------------------------------------------------------------------- /roles/vminsert/molecule/proxy/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vminsert": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8480: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vmselect/molecule/default/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vmselect": 3 | enabled: true 4 | running: true 5 | port: 6 | tcp:8481: 7 | listening: true 8 | -------------------------------------------------------------------------------- /roles/vmselect/molecule/download-to-control/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmselect/molecule/enterprise/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vmselect": 3 | enabled: true 4 | running: true 5 | port: 6 | tcp:8481: 7 | listening: true 8 | -------------------------------------------------------------------------------- /roles/vmselect/molecule/proxy/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vmselect": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8481: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vmsingle/molecule/download-to-control/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vmsingle/templates/creds.j2: -------------------------------------------------------------------------------- 1 | [default] 2 | aws_access_key_id = {{ victoriametrics_backup_access_key }} 3 | aws_secret_access_key = {{ victoriametrics_backup_secret_key }} 4 | -------------------------------------------------------------------------------- /roles/vmstorage/molecule/download-to-control/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vtsingle/molecule/download-to-control/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | become: true 4 | ansible.builtin.import_playbook: "../../../../playbooks/testing/goss.yml" 5 | -------------------------------------------------------------------------------- /roles/vlsingle/molecule/default/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "victorialogs": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:9428: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vlsingle/molecule/proxy/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "victorialogs": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:9428: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vmagent/molecule/default/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vic-vmagent": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8429: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vmagent/molecule/proxy/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vic-vmagent": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8429: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vmagent/tasks/check.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure vic-vmagent service started 3 | ansible.builtin.service: 4 | name: vic-vmagent 5 | state: started 6 | enabled: yes 7 | -------------------------------------------------------------------------------- /roles/vmalert/molecule/default/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vic-vmalert": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:9431: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vmalert/molecule/proxy/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vic-vmalert": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:9431: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vmauth/templates/vmauth.conf.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | 3 | {% for key, value in vmauth_config.items() | default({}) %} 4 | {{- key }}={{ value }} 5 | {% endfor %} 6 | -------------------------------------------------------------------------------- /roles/vminsert/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart vminsert service 3 | ansible.builtin.systemd: 4 | daemon_reload: true 5 | name: vminsert 6 | state: restarted 7 | -------------------------------------------------------------------------------- /roles/vminsert/molecule/default/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vminsert": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8480: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vmselect/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart vmselect service 3 | ansible.builtin.systemd: 4 | daemon_reload: true 5 | name: vmselect 6 | state: restarted 7 | -------------------------------------------------------------------------------- /roles/vmstorage/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart vmstorage service 3 | ansible.builtin.systemd: 4 | daemon_reload: true 5 | name: vmstorage 6 | state: restarted 7 | -------------------------------------------------------------------------------- /roles/vtsingle/molecule/default/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "victoriatraces": 3 | enabled: true 4 | running: true 5 | port: 6 | tcp:10428: 7 | listening: true 8 | -------------------------------------------------------------------------------- /roles/vmagent/molecule/enterprise/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vic-vmagent": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8429: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vmalert/molecule/enterprise/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vic-vmalert": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:9431: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vmauth/molecule/download-to-control/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vmauth": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8427: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vmselect/templates/vmselect.conf.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | 3 | {% for key, value in vmselect_config.items() | default({}) %} 4 | {{- key }}={{ value }} 5 | {% endfor %} 6 | -------------------------------------------------------------------------------- /roles/vmsingle/molecule/proxy/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "victoriametrics": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8428: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vtsingle/molecule/proxy/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "victoriatraces": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:10428: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vmagent/molecule/download-to-control/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vic-vmagent": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8429: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vmalert/molecule/download-to-control/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vic-vmalert": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:9431: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vminsert/molecule/download-to-control/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vminsert": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8480: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vmselect/molecule/download-to-control/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vmselect": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8481: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vmstorage/templates/vmstorage.conf.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | 3 | {% for key, value in vmstorage_config.items() | default({}) %} 4 | {{- key }}={{ value }} 5 | {% endfor %} 6 | -------------------------------------------------------------------------------- /roles/vlsingle/molecule/download-to-control/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "victorialogs": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:9428: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vmsingle/molecule/download-to-control/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "victoriametrics": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8428: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vtsingle/molecule/download-to-control/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "victoriatraces": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:10428: 8 | listening: true 9 | -------------------------------------------------------------------------------- /roles/vtsingle/handlers/main.yml: -------------------------------------------------------------------------------- 1 | # handlers file for VictoriaTraces 2 | --- 3 | - name: Restart VictoriaTraces service 4 | ansible.builtin.systemd: 5 | name: victoriatraces 6 | state: restarted 7 | -------------------------------------------------------------------------------- /roles/vmagent/handlers/main.yml: -------------------------------------------------------------------------------- 1 | # handlers file for VictoriaMetrics 2 | --- 3 | - name: Restart VMagent service 4 | become: true 5 | ansible.builtin.service: 6 | name: vic-vmagent 7 | state: restarted 8 | -------------------------------------------------------------------------------- /roles/vlsingle/handlers/main.yml: -------------------------------------------------------------------------------- 1 | # handlers file for VictoriaLogs 2 | --- 3 | - name: Restart VictoriaLogs service 4 | become: true 5 | ansible.builtin.systemd: 6 | name: victorialogs 7 | state: restarted 8 | -------------------------------------------------------------------------------- /roles/vmalert/molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | tasks: 6 | - name: "Include vmalert" 7 | ansible.builtin.include_role: 8 | name: "vmalert" 9 | -------------------------------------------------------------------------------- /roles/vmauth/molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | tasks: 6 | - name: "Include vmauth" 7 | ansible.builtin.include_role: 8 | name: "vmauth" 9 | -------------------------------------------------------------------------------- /roles/vmselect/molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | tasks: 6 | - name: "Include vmselect" 7 | ansible.builtin.include_role: 8 | name: "vmselect" 9 | -------------------------------------------------------------------------------- /roles/vmstorage/molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | tasks: 6 | - name: "Include vmstorage" 7 | ansible.builtin.include_role: 8 | name: "vmstorage" 9 | -------------------------------------------------------------------------------- /roles/vmsingle/handlers/main.yml: -------------------------------------------------------------------------------- 1 | # handlers file for VictoriaMetrics 2 | --- 3 | - name: Restart VictoriaMetrics service 4 | become: true 5 | ansible.builtin.systemd: 6 | name: victoriametrics 7 | state: restarted 8 | -------------------------------------------------------------------------------- /roles/vmsingle/molecule/default/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "victoriametrics": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8428: 8 | listening: true 9 | tcp:12345: 10 | listening: true 11 | -------------------------------------------------------------------------------- /roles/vmsingle/molecule/enterprise/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "victoriametrics": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8428: 8 | listening: true 9 | tcp:12345: 10 | listening: true 11 | -------------------------------------------------------------------------------- /roles/vlsingle/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | go_arch_map: 3 | i386: '386' 4 | x86_64: 'amd64' 5 | aarch64: 'arm64' 6 | armv7l: 'arm' 7 | armv6l: 'arm6vl' 8 | 9 | go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" 10 | -------------------------------------------------------------------------------- /roles/vmagent/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | go_arch_map: 3 | i386: '386' 4 | x86_64: 'amd64' 5 | aarch64: 'arm64' 6 | armv7l: 'arm' 7 | armv6l: 'arm6vl' 8 | 9 | go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" 10 | -------------------------------------------------------------------------------- /roles/vmalert/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | go_arch_map: 3 | i386: '386' 4 | x86_64: 'amd64' 5 | aarch64: 'arm64' 6 | armv7l: 'arm' 7 | armv6l: 'arm6vl' 8 | 9 | go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" 10 | -------------------------------------------------------------------------------- /roles/vmauth/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | go_arch_map: 3 | i386: '386' 4 | x86_64: 'amd64' 5 | aarch64: 'arm64' 6 | armv7l: 'arm' 7 | armv6l: 'arm6vl' 8 | 9 | go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" 10 | -------------------------------------------------------------------------------- /roles/vminsert/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | go_arch_map: 3 | i386: '386' 4 | x86_64: 'amd64' 5 | aarch64: 'arm64' 6 | armv7l: 'arm' 7 | armv6l: 'arm6vl' 8 | 9 | go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" 10 | -------------------------------------------------------------------------------- /roles/vmselect/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | go_arch_map: 3 | i386: '386' 4 | x86_64: 'amd64' 5 | aarch64: 'arm64' 6 | armv7l: 'arm' 7 | armv6l: 'arm6vl' 8 | 9 | go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" 10 | -------------------------------------------------------------------------------- /roles/vmsingle/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | go_arch_map: 3 | i386: '386' 4 | x86_64: 'amd64' 5 | aarch64: 'arm64' 6 | armv7l: 'arm' 7 | armv6l: 'arm6vl' 8 | 9 | go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" 10 | -------------------------------------------------------------------------------- /roles/vmstorage/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | go_arch_map: 3 | i386: '386' 4 | x86_64: 'amd64' 5 | aarch64: 'arm64' 6 | armv7l: 'arm' 7 | armv6l: 'arm6vl' 8 | 9 | go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" 10 | -------------------------------------------------------------------------------- /roles/vtsingle/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | go_arch_map: 3 | i386: '386' 4 | x86_64: 'amd64' 5 | aarch64: 'arm64' 6 | armv7l: 'arm' 7 | armv6l: 'arm6vl' 8 | 9 | go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" 10 | -------------------------------------------------------------------------------- /roles/vmalert/templates/alerts.yml.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | # Great examples of alerts - https://awesome-prometheus-alerts.grep.to/rules.html 3 | 4 | groups: 5 | {{ vic_vm_alert_rules | to_nice_yaml(indent=2, sort_keys=False) | indent(2, False) }} 6 | -------------------------------------------------------------------------------- /roles/vmstorage/molecule/default/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vmstorage": 3 | enabled: true 4 | running: true 5 | port: 6 | tcp:8482: 7 | listening: true 8 | tcp:8400: 9 | listening: true 10 | tcp:8401: 11 | listening: true 12 | -------------------------------------------------------------------------------- /roles/vmstorage/molecule/enterprise/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vmstorage": 3 | enabled: true 4 | running: true 5 | port: 6 | tcp:8482: 7 | listening: true 8 | tcp:8400: 9 | listening: true 10 | tcp:8401: 11 | listening: true 12 | -------------------------------------------------------------------------------- /roles/vmstorage/molecule/proxy/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vmstorage": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8482: 8 | listening: true 9 | tcp:8400: 10 | listening: true 11 | tcp:8401: 12 | listening: true 13 | -------------------------------------------------------------------------------- /roles/vlsingle/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for VictoriaLogs 3 | - name: Preinstall checks 4 | ansible.builtin.import_tasks: preinstall.yml 5 | - name: Install 6 | ansible.builtin.import_tasks: install.yml 7 | - name: Configure 8 | ansible.builtin.import_tasks: configure.yml 9 | -------------------------------------------------------------------------------- /roles/vmstorage/molecule/download-to-control/tests/test_default.yml: -------------------------------------------------------------------------------- 1 | service: 2 | "vmstorage": 3 | enabled: true 4 | running: true 5 | 6 | port: 7 | tcp:8482: 8 | listening: true 9 | tcp:8400: 10 | listening: true 11 | tcp:8401: 12 | listening: true 13 | -------------------------------------------------------------------------------- /roles/vtsingle/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for VictoriaTraces 3 | - name: Preinstall checks 4 | ansible.builtin.import_tasks: preinstall.yml 5 | - name: Install 6 | ansible.builtin.import_tasks: install.yml 7 | - name: Configure 8 | ansible.builtin.import_tasks: configure.yml 9 | -------------------------------------------------------------------------------- /roles/vmauth/molecule/download-to-control/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | vars: 6 | vmauth_install_download_to_control: true 7 | tasks: 8 | - name: "Include vmauth" 9 | ansible.builtin.include_role: 10 | name: "vmauth" 11 | -------------------------------------------------------------------------------- /roles/vmalert/molecule/download-to-control/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | vars: 6 | vmalert_install_download_to_control: true 7 | tasks: 8 | - name: "Include vmalert" 9 | ansible.builtin.include_role: 10 | name: "vmalert" 11 | -------------------------------------------------------------------------------- /roles/vminsert/molecule/download-to-control/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | vars: 6 | vminsert_install_download_to_control: true 7 | tasks: 8 | - name: "Include vminsert" 9 | ansible.builtin.include_role: 10 | name: "vminsert" 11 | -------------------------------------------------------------------------------- /roles/vmselect/molecule/download-to-control/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | vars: 6 | vmselect_install_download_to_control: true 7 | tasks: 8 | - name: "Include vmselect" 9 | ansible.builtin.include_role: 10 | name: "vmselect" 11 | -------------------------------------------------------------------------------- /roles/vmstorage/molecule/download-to-control/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | vars: 6 | vmstorage_install_download_to_control: true 7 | tasks: 8 | - name: "Include vmstorage" 9 | ansible.builtin.include_role: 10 | name: "vmstorage" 11 | -------------------------------------------------------------------------------- /roles/vtsingle/molecule/download-to-control/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | vars: 6 | victoriatraces_install_download_to_control: true 7 | tasks: 8 | - name: "Include vtsingle" 9 | ansible.builtin.include_role: 10 | name: "vtsingle" 11 | -------------------------------------------------------------------------------- /roles/vminsert/templates/vminsert.conf.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | 3 | {% for key, value in vminsert_config.items() | default({}) %} 4 | {{- key }}={{ value }} 5 | {% endfor %} 6 | 7 | {% if vminsert_relabel_config != "" %} 8 | relabelConfig={{ vminsert_config_dir }}/relabel.yaml 9 | {% endif %} 10 | -------------------------------------------------------------------------------- /roles/vmauth/molecule/enterprise/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | tasks: 6 | - name: "Include vmauth" 7 | vars: 8 | vmauth_enterprise: true 9 | vmauth_license_key_file: "/tmp/vm-license" 10 | ansible.builtin.include_role: 11 | name: "vmauth" 12 | -------------------------------------------------------------------------------- /roles/vmselect/molecule/enterprise/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | tasks: 6 | - name: "Include vmselect" 7 | vars: 8 | vmselect_enterprise: true 9 | vmselect_license_key_file: "/tmp/vm-license" 10 | ansible.builtin.include_role: 11 | name: "vmselect" 12 | -------------------------------------------------------------------------------- /roles/vmalert/molecule/enterprise/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | tasks: 6 | - name: "Include vmalert" 7 | vars: 8 | vic_vm_alert_enterprise: true 9 | vic_vm_alert_license_key_file: "/tmp/vm-license" 10 | ansible.builtin.include_role: 11 | name: "vmalert" 12 | -------------------------------------------------------------------------------- /roles/vmstorage/molecule/enterprise/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | tasks: 6 | - name: "Include vmstorage" 7 | vars: 8 | vmstorage_enterprise: true 9 | vmstorage_license_key_file: "/tmp/vm-license" 10 | ansible.builtin.include_role: 11 | name: "vmstorage" 12 | -------------------------------------------------------------------------------- /roles/vmauth/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: License preinstall checks 3 | ansible.builtin.import_tasks: preinstall_license.yml 4 | - name: Preinstall checks 5 | ansible.builtin.import_tasks: preinstall.yml 6 | - name: Install 7 | ansible.builtin.import_tasks: install.yml 8 | - name: Configure 9 | ansible.builtin.import_tasks: configure.yml 10 | -------------------------------------------------------------------------------- /inventory_example/cluster-inventory: -------------------------------------------------------------------------------- 1 | [vmstorage] 2 | vmstorage-01 3 | vmstorage-02 4 | vmstorage-03 5 | 6 | [vminsert] 7 | vminsert-01 8 | vminsert-02 9 | vminsert-03 10 | 11 | [vmselect] 12 | vmselect-01 13 | vmselect-02 14 | 15 | [victoria_cluster:children] 16 | vmselect 17 | vminsert 18 | vmstorage 19 | 20 | [vmauth] 21 | vmauth-01 22 | vmauth-02 23 | -------------------------------------------------------------------------------- /roles/vmalert/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: License preinstall checks 3 | ansible.builtin.import_tasks: preinstall_license.yml 4 | - name: Preinstall checks 5 | ansible.builtin.import_tasks: preinstall.yml 6 | - name: Install 7 | ansible.builtin.import_tasks: install.yml 8 | - name: Configure 9 | ansible.builtin.import_tasks: configure.yml 10 | -------------------------------------------------------------------------------- /roles/vminsert/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: License preinstall checks 3 | ansible.builtin.import_tasks: preinstall_license.yml 4 | - name: Preinstall checks 5 | ansible.builtin.import_tasks: preinstall.yml 6 | - name: Install 7 | ansible.builtin.import_tasks: install.yml 8 | - name: Configure 9 | ansible.builtin.import_tasks: configure.yml 10 | -------------------------------------------------------------------------------- /roles/vmselect/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: License preinstall checks 3 | ansible.builtin.import_tasks: preinstall_license.yml 4 | - name: Preinstall checks 5 | ansible.builtin.import_tasks: preinstall.yml 6 | - name: Install 7 | ansible.builtin.import_tasks: install.yml 8 | - name: Configure 9 | ansible.builtin.import_tasks: configure.yml 10 | -------------------------------------------------------------------------------- /roles/vmstorage/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: License preinstall checks 3 | ansible.builtin.import_tasks: preinstall_license.yml 4 | - name: Preinstall checks 5 | ansible.builtin.import_tasks: preinstall.yml 6 | - name: Install 7 | ansible.builtin.import_tasks: install.yml 8 | - name: Configure 9 | ansible.builtin.import_tasks: configure.yml 10 | -------------------------------------------------------------------------------- /roles/vmalert/handlers/main.yml: -------------------------------------------------------------------------------- 1 | # handlers file for VictoriaMetrics 2 | --- 3 | - name: "Restart VMalert service {{ vic_vm_alert_service_name }}" 4 | become: true 5 | ansible.builtin.service: 6 | name: "{{ vic_vm_alert_service_name }}" 7 | state: restarted 8 | ignore_errors: '{{ ansible_check_mode }}' 9 | listen: "Restart VMalert service" 10 | -------------------------------------------------------------------------------- /roles/vmsingle/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for VictoriaMetrics 3 | - name: License preinstall checks 4 | ansible.builtin.import_tasks: preinstall_license.yml 5 | - name: Preinstall checks 6 | ansible.builtin.import_tasks: preinstall.yml 7 | - name: Install 8 | ansible.builtin.import_tasks: install.yml 9 | - name: Configure 10 | ansible.builtin.import_tasks: configure.yml 11 | -------------------------------------------------------------------------------- /roles/vtsingle/molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | vars: 6 | victoriatraces_data_dir: "/tmp/victoria-traces/" 7 | victoriatraces_service_args: 8 | storageDataPath: "{{ victoriatraces_data_dir }}" 9 | tasks: 10 | - name: "Include vtsingle" 11 | ansible.builtin.include_role: 12 | name: "vtsingle" 13 | -------------------------------------------------------------------------------- /roles/vlsingle/molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | vars: 6 | victoriametrics_data_dir: "/tmp/victoria-logs/" 7 | victoriametrics_service_args: 8 | storageDataPath: "{{ victoriametrics_data_dir }}" 9 | tasks: 10 | - name: "Include vlsingle" 11 | ansible.builtin.include_role: 12 | name: "vlsingle" 13 | -------------------------------------------------------------------------------- /.ansible-lint.yaml: -------------------------------------------------------------------------------- 1 | skip_list: 2 | - 'var-naming[no-role-prefix]' 3 | 4 | kinds: 5 | - playbook: "playbooks/{cluster,vmsingle}.yml" 6 | - playbook: "playbooks/testing/molecule/*/converge.{yml,yaml}" 7 | - tasks: "roles/*/tasks/*.yml" 8 | - vars: "roles/*/vars/*.yml" 9 | - meta: "roles/*/meta/main.yml" 10 | 11 | exclude_paths: 12 | - .cache 13 | - .ansible 14 | - roles/*/molecule/ 15 | -------------------------------------------------------------------------------- /roles/vmagent/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: License preinstall checks 3 | ansible.builtin.import_tasks: preinstall_license.yml 4 | - name: Preinstall checks 5 | ansible.builtin.import_tasks: preinstall.yml 6 | - name: Install 7 | ansible.builtin.import_tasks: install.yml 8 | - name: Configure 9 | ansible.builtin.import_tasks: configure.yml 10 | - name: Check 11 | ansible.builtin.import_tasks: check.yml 12 | -------------------------------------------------------------------------------- /roles/vminsert/molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | tasks: 6 | - name: "Include vminsert" 7 | vars: 8 | vminsert_relabel_config: |- 9 | - source_labels: [__address__] 10 | target_label: instance 11 | regex: '(.+):.*' 12 | replacement: '${1}' 13 | ansible.builtin.include_role: 14 | name: "vminsert" 15 | -------------------------------------------------------------------------------- /roles/vmagent/molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | tasks: 6 | - name: "Include vmagent" 7 | vars: 8 | vmagent_service_args: 9 | "remoteWrite.url": 10 | - "http://url1/api/v1/write" 11 | - "http://url2/api/v1/write" 12 | "remoteWrite.tmpDataPath": /tmp/vmagent 13 | ansible.builtin.include_role: 14 | name: "vmagent" 15 | -------------------------------------------------------------------------------- /roles/vlsingle/molecule/download-to-control/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | vars: 6 | victoriametrics_data_dir: "/tmp/victoria-logs/" 7 | victorialogs_install_download_to_control: true 8 | victoriametrics_service_args: 9 | storageDataPath: "{{ victoriametrics_data_dir }}" 10 | tasks: 11 | - name: "Include vlsingle" 12 | ansible.builtin.include_role: 13 | name: "vlsingle" 14 | 15 | -------------------------------------------------------------------------------- /roles/vmsingle/molecule/download-to-control/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | vars: 6 | victoriametrics_data_dir: "/tmp/victoria-metrics/" 7 | victoriametrics_install_download_to_control: true 8 | victoriametrics_service_args: 9 | storageDataPath: "{{ victoriametrics_data_dir }}" 10 | tasks: 11 | - name: "Include vmsingle" 12 | ansible.builtin.include_role: 13 | name: "vmsingle" 14 | -------------------------------------------------------------------------------- /roles/vmagent/molecule/download-to-control/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | vars: 6 | vmagent_install_download_to_control: true 7 | tasks: 8 | - name: "Include vmagent" 9 | vars: 10 | vmagent_service_args: 11 | "remoteWrite.url": 12 | - "http://url1/api/v1/write" 13 | - "http://url2/api/v1/write" 14 | "remoteWrite.tmpDataPath": /tmp/vmagent 15 | ansible.builtin.include_role: 16 | name: "vmagent" 17 | -------------------------------------------------------------------------------- /roles/vminsert/molecule/enterprise/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | tasks: 6 | - name: "Include vminsert" 7 | vars: 8 | vminsert_enterprise: true 9 | vminsert_license_key_file: "/tmp/vm-license" 10 | vminsert_relabel_config: |- 11 | - source_labels: [__address__] 12 | target_label: instance 13 | regex: '(.+):.*' 14 | replacement: '${1}' 15 | ansible.builtin.include_role: 16 | name: "vminsert" 17 | -------------------------------------------------------------------------------- /roles/vmagent/molecule/enterprise/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | tasks: 6 | - name: "Include vmagent" 7 | vars: 8 | vmagent_enterprise: true 9 | vmagent_license_key_file: "/tmp/vm-license" 10 | vmagent_service_args: 11 | "remoteWrite.url": 12 | - "http://url1/api/v1/write" 13 | - "http://url2/api/v1/write" 14 | "remoteWrite.tmpDataPath": /tmp/vmagent 15 | ansible.builtin.include_role: 16 | name: "vmagent" 17 | -------------------------------------------------------------------------------- /.github/workflows/lint.yml: -------------------------------------------------------------------------------- 1 | name: 'Lint' 2 | on: 3 | pull_request: { } 4 | push: { } 5 | 6 | jobs: 7 | lint: 8 | name: 'Lint' 9 | runs-on: ubuntu-latest 10 | steps: 11 | - name: 'Checkout' 12 | uses: actions/checkout@v4 13 | 14 | - name: Cache .venv directory 15 | uses: actions/cache@v3 16 | with: 17 | path: .venv 18 | key: ${{ runner.os }}-venv-${{ hashFiles('**/requirements.txt') }} 19 | 20 | - name: Lint 21 | run: | 22 | make init-venv 23 | 24 | make lint 25 | -------------------------------------------------------------------------------- /roles/vmsingle/molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | vars: 6 | victoriametrics_data_dir: "/tmp/victoria-metrics/" 7 | victoriametrics_backup_enabled: false 8 | victoriametrics_service_envflag_enabled: true 9 | victoriametrics_service_envflag_data: 10 | - "graphiteListenAddr=127.0.0.1:12345" 11 | victoriametrics_service_args: 12 | storageDataPath: "{{ victoriametrics_data_dir }}" 13 | tasks: 14 | - name: "Include vmsingle" 15 | ansible.builtin.include_role: 16 | name: "vmsingle" 17 | -------------------------------------------------------------------------------- /roles/vmauth/molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmauth-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vlsingle/molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vlsingle-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vmagent/molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmagent-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: "../../../" 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vmalert/molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmalert-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vminsert/molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vminsert-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vmselect/molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmselect-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vmsingle/molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmsingle-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vtsingle/molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vtsingle-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vmselect/molecule/enterprise/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmselect-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vmstorage/molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmstorage-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vmauth/molecule/enterprise/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmauth-debian13-enterprise 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vmagent/molecule/enterprise/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmagent-debian13-enterprise 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: "../../../" 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vmalert/molecule/enterprise/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmalert-debian13-enterprise 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vminsert/molecule/enterprise/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vminsert-debian13-enterprise 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vmsingle/molecule/enterprise/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmsingle-debian13-enterprise 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vmstorage/molecule/enterprise/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmstorage-debian13-enterprise 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vmagent/molecule/download-to-control/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmagent-download-to-control-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vmalert/molecule/download-to-control/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmalert-download-to-control-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vmauth/molecule/download-to-control/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmauth-download-to-control-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vminsert/molecule/download-to-control/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vminsert-download-to-control-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vmselect/molecule/download-to-control/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmselect-download-to-control-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vmsingle/molecule/download-to-control/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmsingle-download-to-control-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vmstorage/molecule/download-to-control/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmstorage-download-to-control-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vtsingle/molecule/download-to-control/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vtsingle-download-to-control-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | -------------------------------------------------------------------------------- /roles/vlsingle/molecule/download-to-control/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vlsingle-download-to-control-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | provisioner: 19 | name: ansible 20 | env: 21 | ANSIBLE_ROLES_PATH: ../../../ 22 | verifier: 23 | name: ansible 24 | 25 | -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- 1 | name: 'Molecule Test' 2 | on: 3 | pull_request: { } 4 | push: 5 | branches: 6 | - master 7 | 8 | jobs: 9 | lint: 10 | name: 'Test' 11 | runs-on: ubuntu-latest 12 | steps: 13 | - name: 'Checkout' 14 | uses: actions/checkout@v4 15 | 16 | - name: Cache .venv directory 17 | uses: actions/cache@v3 18 | with: 19 | path: .venv 20 | key: ${{ runner.os }}-venv-${{ hashFiles('**/requirements.txt') }} 21 | 22 | - name: Converge 23 | run: | 24 | make init-venv 25 | 26 | make molecule-converge 27 | make molecule-converge-integration 28 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | 4 | rules: 5 | braces: 6 | level: warning 7 | max-spaces-inside: 1 8 | brackets: 9 | level: warning 10 | max-spaces-inside: 1 11 | colons: 12 | level: warning 13 | commas: 14 | level: warning 15 | comments: 16 | min-spaces-from-content: 1 17 | comments-indentation: disable 18 | document-start: disable 19 | empty-lines: 20 | level: warning 21 | hyphens: 22 | level: warning 23 | indentation: 24 | level: warning 25 | indent-sequences: consistent 26 | line-length: disable 27 | truthy: disable 28 | octal-values: 29 | forbid-implicit-octal: true 30 | forbid-explicit-octal: true 31 | -------------------------------------------------------------------------------- /roles/vmsingle/molecule/enterprise/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: yes 5 | vars: 6 | victoriametrics_enterprise: true 7 | victoriametrics_license_key_file: "/tmp/vm-license" 8 | victoriametrics_data_dir: "/tmp/victoria-metrics/" 9 | victoriametrics_backup_enabled: false 10 | victoriametrics_service_envflag_enabled: true 11 | victoriametrics_service_envflag_data: 12 | - "graphiteListenAddr=127.0.0.1:12345" 13 | victoriametrics_service_args: 14 | storageDataPath: "{{ victoriametrics_data_dir }}" 15 | tasks: 16 | - name: "Include vmsingle" 17 | ansible.builtin.include_role: 18 | name: "vmsingle" 19 | -------------------------------------------------------------------------------- /galaxy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | namespace: "victoriametrics" 3 | name: "cluster" 4 | version: "0.0.0" 5 | readme: "README.md" 6 | authors: 7 | - "Zakhar Bessarab " 8 | license: 9 | - "Apache-2.0" 10 | tags: 11 | - victoriametrics 12 | - monitoring 13 | repository: "https://github.com/VictoriaMetrics/ansible-playbooks" 14 | build_ignore: 15 | - .git 16 | - .github 17 | - build 18 | - inventory_example 19 | - Vagrantfile 20 | - '*.tar.gz' 21 | - Makefile 22 | - requirements.txt 23 | homepage: "https://github.com/VictoriaMetrics/ansible-playbooks" 24 | documentation: "https://github.com/VictoriaMetrics/ansible-playbooks" 25 | issues: "https://github.com/VictoriaMetrics/ansible-playbooks/issues" 26 | -------------------------------------------------------------------------------- /roles/vlsingle/.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | # Based on ansible-lint config 3 | extends: default 4 | 5 | rules: 6 | braces: 7 | max-spaces-inside: 1 8 | level: error 9 | brackets: 10 | max-spaces-inside: 1 11 | level: error 12 | colons: 13 | max-spaces-after: -1 14 | level: error 15 | commas: 16 | max-spaces-after: -1 17 | level: error 18 | comments: disable 19 | comments-indentation: disable 20 | document-start: disable 21 | empty-lines: 22 | max: 3 23 | level: error 24 | hyphens: 25 | level: error 26 | indentation: disable 27 | key-duplicates: enable 28 | line-length: disable 29 | new-line-at-end-of-file: disable 30 | new-lines: 31 | type: unix 32 | trailing-spaces: disable 33 | truthy: disable 34 | -------------------------------------------------------------------------------- /roles/vmagent/.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | # Based on ansible-lint config 3 | extends: default 4 | 5 | rules: 6 | braces: 7 | max-spaces-inside: 1 8 | level: error 9 | brackets: 10 | max-spaces-inside: 1 11 | level: error 12 | colons: 13 | max-spaces-after: -1 14 | level: error 15 | commas: 16 | max-spaces-after: -1 17 | level: error 18 | comments: disable 19 | comments-indentation: disable 20 | document-start: disable 21 | empty-lines: 22 | max: 3 23 | level: error 24 | hyphens: 25 | level: error 26 | indentation: disable 27 | key-duplicates: enable 28 | line-length: disable 29 | new-line-at-end-of-file: disable 30 | new-lines: 31 | type: unix 32 | trailing-spaces: disable 33 | truthy: disable 34 | -------------------------------------------------------------------------------- /roles/vmalert/.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | # Based on ansible-lint config 3 | extends: default 4 | 5 | rules: 6 | braces: 7 | max-spaces-inside: 1 8 | level: error 9 | brackets: 10 | max-spaces-inside: 1 11 | level: error 12 | colons: 13 | max-spaces-after: -1 14 | level: error 15 | commas: 16 | max-spaces-after: -1 17 | level: error 18 | comments: disable 19 | comments-indentation: disable 20 | document-start: disable 21 | empty-lines: 22 | max: 3 23 | level: error 24 | hyphens: 25 | level: error 26 | indentation: disable 27 | key-duplicates: enable 28 | line-length: disable 29 | new-line-at-end-of-file: disable 30 | new-lines: 31 | type: unix 32 | trailing-spaces: disable 33 | truthy: disable 34 | -------------------------------------------------------------------------------- /roles/vmsingle/.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | # Based on ansible-lint config 3 | extends: default 4 | 5 | rules: 6 | braces: 7 | max-spaces-inside: 1 8 | level: error 9 | brackets: 10 | max-spaces-inside: 1 11 | level: error 12 | colons: 13 | max-spaces-after: -1 14 | level: error 15 | commas: 16 | max-spaces-after: -1 17 | level: error 18 | comments: disable 19 | comments-indentation: disable 20 | document-start: disable 21 | empty-lines: 22 | max: 3 23 | level: error 24 | hyphens: 25 | level: error 26 | indentation: disable 27 | key-duplicates: enable 28 | line-length: disable 29 | new-line-at-end-of-file: disable 30 | new-lines: 31 | type: unix 32 | trailing-spaces: disable 33 | truthy: disable 34 | -------------------------------------------------------------------------------- /roles/vminsert/templates/vminsert.service.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | [Unit] 3 | Description=VictoriaMetrics vminsert service 4 | After=network.target 5 | 6 | [Service] 7 | Type=simple 8 | User={{ vminsert_system_user }} 9 | Group={{ vminsert_system_group }} 10 | Restart=always 11 | EnvironmentFile={{ vminsert_config_dir }}/vminsert.conf 12 | ExecStart={{ vminsert_bin_dir }}/vminsert-prod -envflag.enable 13 | 14 | PrivateTmp=yes 15 | ProtectHome={{ vminsert_systemd_protect_home }} 16 | NoNewPrivileges=yes 17 | 18 | ProtectSystem=full 19 | 20 | {% if vminsert_systemd_version | int >= 232 %} 21 | ProtectControlGroups=true 22 | ProtectKernelModules=true 23 | ProtectKernelTunables=yes 24 | {% endif %} 25 | 26 | {% if vminsert_exec_start_post != "" %} 27 | ExecStartPost={{ vminsert_exec_start_post }} 28 | {% endif %} 29 | 30 | {% if vminsert_exec_stop != "" %} 31 | ExecStop={{ vminsert_exec_stop }} 32 | {% endif %} 33 | 34 | [Install] 35 | WantedBy=multi-user.target 36 | -------------------------------------------------------------------------------- /roles/vmselect/templates/vmselect.service.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | [Unit] 3 | Description=VictoriaMetrics vmselect service 4 | After=network.target 5 | 6 | [Service] 7 | Type=simple 8 | User={{ vmselect_system_user }} 9 | Group={{ vmselect_system_group }} 10 | Restart=always 11 | EnvironmentFile={{ vmselect_config_dir }}/vmselect.conf 12 | ExecStart={{ vmselect_bin_dir }}/vmselect-prod -envflag.enable 13 | 14 | PrivateTmp=yes 15 | ProtectHome={{ vmselect_systemd_protect_home }} 16 | NoNewPrivileges=yes 17 | 18 | ProtectSystem=full 19 | 20 | {% if vmselect_systemd_version | int >= 232 %} 21 | ProtectControlGroups=true 22 | ProtectKernelModules=true 23 | ProtectKernelTunables=yes 24 | {% endif %} 25 | 26 | {% if vmselect_exec_start_post != "" %} 27 | ExecStartPost={{ vmselect_exec_start_post }} 28 | {% endif %} 29 | 30 | {% if vmselect_exec_stop != "" %} 31 | ExecStop={{ vmselect_exec_stop }} 32 | {% endif %} 33 | 34 | [Install] 35 | WantedBy=multi-user.target 36 | -------------------------------------------------------------------------------- /roles/vmstorage/templates/vmstorage.service.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | [Unit] 3 | Description=VictoriaMetrics vmstorage service 4 | After=network.target 5 | 6 | [Service] 7 | Type=simple 8 | User={{ vmstorage_system_user }} 9 | Group={{ vmstorage_system_group }} 10 | Restart=always 11 | EnvironmentFile={{ vmstorage_config_dir }}/vmstorage.conf 12 | ExecStart={{ vmstorage_bin_dir }}/vmstorage-prod -envflag.enable 13 | 14 | PrivateTmp=yes 15 | ProtectHome={{ vmstorage_systemd_protect_home }} 16 | NoNewPrivileges=yes 17 | 18 | ProtectSystem=full 19 | 20 | {% if vmstorage_systemd_version | int >= 232 %} 21 | ProtectControlGroups=true 22 | ProtectKernelModules=true 23 | ProtectKernelTunables=yes 24 | {% endif %} 25 | 26 | {% if vmstorage_exec_start_post != "" %} 27 | ExecStartPost={{ vmstorage_exec_start_post }} 28 | {% endif %} 29 | 30 | {% if vmstorage_exec_stop != "" %} 31 | ExecStop={{ vmstorage_exec_stop }} 32 | {% endif %} 33 | 34 | [Install] 35 | WantedBy=multi-user.target 36 | -------------------------------------------------------------------------------- /roles/vmalert/templates/systemd-service.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | 3 | [Unit] 4 | Description=Description=VictoriaMetrics VMalert service 5 | After=network.target 6 | 7 | [Service] 8 | Type=simple 9 | User={{ vic_vm_alert_system_user }} 10 | Group={{ vic_vm_alert_system_group }} 11 | ExecStart=/usr/local/bin/vmalert-prod {%- for flag, flag_values in vic_vm_alert_service_args.items() -%} 12 | {%- if flag_values | type_debug == "list" -%} 13 | {% for flag_value in flag_values %} --{{ flag }}={{ flag_value }} {% endfor %} 14 | {% else %} --{{ flag }}={{ flag_values }} {% endif %} 15 | {% endfor %} 16 | 17 | SyslogIdentifier={{ vic_vm_alert_service_name }} 18 | Restart=always 19 | 20 | PrivateTmp=yes 21 | ProtectHome=yes 22 | NoNewPrivileges=yes 23 | 24 | ProtectSystem=full 25 | 26 | {% if vic_vm_alert_systemd_version | int >= 232 %} 27 | ProtectControlGroups=true 28 | ProtectKernelModules=true 29 | ProtectKernelTunables=yes 30 | {% endif %} 31 | 32 | [Install] 33 | WantedBy=multi-user.target 34 | -------------------------------------------------------------------------------- /roles/vmauth/molecule/proxy/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmauth-proxy-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | networks: 19 | - name: vmauth 20 | - name: vmauth-proxy-server 21 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 22 | command: ${MOLECULE_DOCKER_COMMAND:-""} 23 | volumes: 24 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 25 | cgroupns_mode: host 26 | privileged: true 27 | pre_build_image: true 28 | networks: 29 | - name: vmauth 30 | 31 | provisioner: 32 | name: ansible 33 | env: 34 | ANSIBLE_ROLES_PATH: ../../../ 35 | verifier: 36 | name: ansible 37 | -------------------------------------------------------------------------------- /roles/vmagent/molecule/proxy/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmagent-proxy-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | networks: 19 | - name: vmagent 20 | - name: vmagent-proxy-server 21 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 22 | command: ${MOLECULE_DOCKER_COMMAND:-""} 23 | volumes: 24 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 25 | cgroupns_mode: host 26 | privileged: true 27 | pre_build_image: true 28 | networks: 29 | - name: vmagent 30 | 31 | provisioner: 32 | name: ansible 33 | env: 34 | ANSIBLE_ROLES_PATH: ../../../ 35 | verifier: 36 | name: ansible 37 | -------------------------------------------------------------------------------- /roles/vmalert/molecule/proxy/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmalert-proxy-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | networks: 19 | - name: vmalert 20 | - name: vmalert-proxy-server 21 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 22 | command: ${MOLECULE_DOCKER_COMMAND:-""} 23 | volumes: 24 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 25 | cgroupns_mode: host 26 | privileged: true 27 | pre_build_image: true 28 | networks: 29 | - name: vmalert 30 | 31 | provisioner: 32 | name: ansible 33 | env: 34 | ANSIBLE_ROLES_PATH: ../../../ 35 | verifier: 36 | name: ansible 37 | -------------------------------------------------------------------------------- /roles/vminsert/molecule/proxy/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vminsert-proxy-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | networks: 19 | - name: vminsert 20 | - name: vminsert-proxy-server 21 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 22 | command: ${MOLECULE_DOCKER_COMMAND:-""} 23 | volumes: 24 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 25 | cgroupns_mode: host 26 | privileged: true 27 | pre_build_image: true 28 | networks: 29 | - name: vminsert 30 | 31 | provisioner: 32 | name: ansible 33 | env: 34 | ANSIBLE_ROLES_PATH: ../../../ 35 | verifier: 36 | name: ansible 37 | -------------------------------------------------------------------------------- /roles/vmselect/molecule/proxy/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmselect-proxy-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | networks: 19 | - name: vmselect 20 | - name: vmselect-proxy-server 21 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 22 | command: ${MOLECULE_DOCKER_COMMAND:-""} 23 | volumes: 24 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 25 | cgroupns_mode: host 26 | privileged: true 27 | pre_build_image: true 28 | networks: 29 | - name: vmselect 30 | 31 | provisioner: 32 | name: ansible 33 | env: 34 | ANSIBLE_ROLES_PATH: ../../../ 35 | verifier: 36 | name: ansible 37 | -------------------------------------------------------------------------------- /roles/vmsingle/molecule/proxy/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmsingle-proxy-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | networks: 19 | - name: vmsingle 20 | - name: vmsingle-proxy-server 21 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 22 | command: ${MOLECULE_DOCKER_COMMAND:-""} 23 | volumes: 24 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 25 | cgroupns_mode: host 26 | privileged: true 27 | pre_build_image: true 28 | networks: 29 | - name: vmsingle 30 | 31 | provisioner: 32 | name: ansible 33 | env: 34 | ANSIBLE_ROLES_PATH: ../../../ 35 | verifier: 36 | name: ansible 37 | -------------------------------------------------------------------------------- /roles/vtsingle/molecule/proxy/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vtsingle-proxy-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | networks: 19 | - name: vtsingle 20 | - name: vtsingle-proxy-server 21 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 22 | command: ${MOLECULE_DOCKER_COMMAND:-""} 23 | volumes: 24 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 25 | cgroupns_mode: host 26 | privileged: true 27 | pre_build_image: true 28 | networks: 29 | - name: vtsingle 30 | 31 | provisioner: 32 | name: ansible 33 | env: 34 | ANSIBLE_ROLES_PATH: ../../../ 35 | verifier: 36 | name: ansible 37 | -------------------------------------------------------------------------------- /roles/vmstorage/molecule/proxy/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vmstorage-proxy-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | networks: 19 | - name: vmstorage 20 | - name: vmstorage-proxy-server 21 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 22 | command: ${MOLECULE_DOCKER_COMMAND:-""} 23 | volumes: 24 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 25 | cgroupns_mode: host 26 | privileged: true 27 | pre_build_image: true 28 | networks: 29 | - name: vmstorage 30 | 31 | provisioner: 32 | name: ansible 33 | env: 34 | ANSIBLE_ROLES_PATH: ../../../ 35 | verifier: 36 | name: ansible 37 | -------------------------------------------------------------------------------- /roles/vlsingle/molecule/proxy/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lint: | 3 | yamllint . 4 | ansible-lint . 5 | dependency: 6 | name: galaxy 7 | driver: 8 | name: docker 9 | platforms: 10 | - name: vlsingle-proxy-debian13 11 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 12 | command: ${MOLECULE_DOCKER_COMMAND:-""} 13 | volumes: 14 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 15 | cgroupns_mode: host 16 | privileged: true 17 | pre_build_image: true 18 | networks: 19 | - name: vlsingle 20 | - name: vlsingle-proxy-server 21 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" 22 | command: ${MOLECULE_DOCKER_COMMAND:-""} 23 | volumes: 24 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 25 | cgroupns_mode: host 26 | privileged: true 27 | pre_build_image: true 28 | networks: 29 | - name: vlsingle 30 | 31 | provisioner: 32 | name: ansible 33 | env: 34 | ANSIBLE_ROLES_PATH: ../../../ 35 | verifier: 36 | name: ansible 37 | 38 | -------------------------------------------------------------------------------- /roles/vmauth/templates/vmauth.service.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | [Unit] 3 | Description=VictoriaMetrics vmauth service 4 | After=network.target 5 | 6 | [Service] 7 | Type=simple 8 | User={{ vmauth_system_user }} 9 | Group={{ vmauth_system_group }} 10 | Restart=always 11 | EnvironmentFile={{ vmauth_config_dir }}/vmauth.conf 12 | ExecStart={{ vmauth_bin_dir }}/vmauth-prod -envflag.enable -auth.config={{ vmauth_config_dir }}/auth.yaml {% for flag, flag_value in vmauth_service_args.items() %}--{{ flag }}={{ flag_value }} {% endfor %} 13 | 14 | PrivateTmp=yes 15 | ProtectHome={{ vmauth_systemd_protect_home }} 16 | NoNewPrivileges=yes 17 | 18 | ProtectSystem=full 19 | 20 | {% if vmauth_systemd_version | int >= 232 %} 21 | ProtectControlGroups=true 22 | ProtectKernelModules=true 23 | ProtectKernelTunables=yes 24 | {% endif %} 25 | 26 | {% if vmauth_exec_start_post != "" %} 27 | ExecStartPost={{ vmauth_exec_start_post }} 28 | {% endif %} 29 | 30 | {% if vmauth_exec_stop != "" %} 31 | ExecStop={{ vmauth_exec_stop }} 32 | {% endif %} 33 | 34 | [Install] 35 | WantedBy=multi-user.target 36 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Publish releases 3 | 4 | permissions: 5 | contents: write 6 | 7 | on: 8 | push: 9 | tags: 10 | - 'v[0-9]+\.[0-9]+\.[0-9]+' 11 | 12 | jobs: 13 | release: 14 | runs-on: ubuntu-latest 15 | container: 16 | image: python:3.11-alpine 17 | steps: 18 | - name: checkout 19 | uses: actions/checkout@v4 20 | 21 | - name: Publish collection to ansible galaxy 22 | env: 23 | GALAXY_API_KEY: "${{ secrets.galaxy_api_key }}" 24 | run: | 25 | set -ex 26 | apk add --update --no-cache --virtual build_dependencies gcc musl-dev libffi-dev openssl-dev rust cargo 27 | pip install --no-cache-dir ansible-core 28 | sed -i "s/0.0.0/${GITHUB_REF_NAME/v/}/" galaxy.yml 29 | ansible-galaxy collection build --output-path ./build 30 | ansible-galaxy collection publish --token ${GALAXY_API_KEY} $(find ./build/ -type f) 31 | 32 | - name: Release to github 33 | uses: softprops/action-gh-release@v1 34 | with: 35 | files: ./build 36 | generate_release_notes: true 37 | -------------------------------------------------------------------------------- /roles/vmauth/molecule/proxy/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Setup Proxy Server 3 | hosts: vmauth-proxy-server 4 | become: yes 5 | tasks: 6 | - name: Install squid proxy 7 | ansible.builtin.apt: 8 | name: squid 9 | state: present 10 | update_cache: yes 11 | 12 | - name: Configure squid to allow all 13 | ansible.builtin.copy: 14 | content: | 15 | http_port 3128 16 | acl localnet src 0.0.0.0/0 17 | http_access allow localnet 18 | http_access allow localhost 19 | http_access deny all 20 | dest: /etc/squid/squid.conf 21 | mode: '0644' 22 | 23 | - name: Start squid service 24 | ansible.builtin.service: 25 | name: squid 26 | state: started 27 | enabled: yes 28 | 29 | - name: Converge 30 | hosts: vmauth-proxy-debian13 31 | become: yes 32 | vars: 33 | vmauth_install_download_to_control: false 34 | vm_proxy_http: "http://vmauth-proxy-server:3128" 35 | vm_proxy_https: "http://vmauth-proxy-server:3128" 36 | tasks: 37 | - name: "Include vmauth" 38 | ansible.builtin.include_role: 39 | name: "vmauth" 40 | -------------------------------------------------------------------------------- /roles/vmalert/molecule/proxy/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Setup Proxy Server 3 | hosts: vmalert-proxy-server 4 | become: yes 5 | tasks: 6 | - name: Install squid proxy 7 | ansible.builtin.apt: 8 | name: squid 9 | state: present 10 | update_cache: yes 11 | 12 | - name: Configure squid to allow all 13 | ansible.builtin.copy: 14 | content: | 15 | http_port 3128 16 | acl localnet src 0.0.0.0/0 17 | http_access allow localnet 18 | http_access allow localhost 19 | http_access deny all 20 | dest: /etc/squid/squid.conf 21 | mode: '0644' 22 | 23 | - name: Start squid service 24 | ansible.builtin.service: 25 | name: squid 26 | state: started 27 | enabled: yes 28 | 29 | - name: Converge 30 | hosts: vmalert-proxy-debian13 31 | become: yes 32 | vars: 33 | vic_vm_alert_install_download_to_control: false 34 | vm_proxy_http: "http://vmalert-proxy-server:3128" 35 | vm_proxy_https: "http://vmalert-proxy-server:3128" 36 | tasks: 37 | - name: "Include vmalert" 38 | ansible.builtin.include_role: 39 | name: "vmalert" 40 | -------------------------------------------------------------------------------- /roles/vlsingle/templates/victorialogs.service.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | 3 | [Unit] 4 | Description=Description=VictoriaLogs service 5 | After=network.target 6 | 7 | [Service] 8 | Type=simple 9 | LimitNOFILE={{ victorialogs_max_open_files }} 10 | User={{ victorialogs_system_user }} 11 | Group={{ victorialogs_system_group }} 12 | ExecStart=/usr/local/bin/victoria-logs-prod {% if (victorialogs_service_envflag_enabled | bool) %} -envflag.enable {% endif %} {% for flag, flag_value in victorialogs_service_args.items() %}-{{ flag }}={{ flag_value }} {% endfor %} 13 | 14 | SyslogIdentifier=victorialogs 15 | Restart=always 16 | 17 | PrivateTmp=yes 18 | ProtectHome=yes 19 | NoNewPrivileges=yes 20 | 21 | ProtectSystem=full 22 | 23 | {% if victorialogs_systemd_version | int >= 232 %} 24 | ProtectControlGroups=true 25 | ProtectKernelModules=true 26 | ProtectKernelTunables=yes 27 | {% endif %} 28 | 29 | {% if victorialogs_service_envflag_enabled | bool %} 30 | {% for v in victorialogs_service_envflag_data %} 31 | Environment="{{ v }}" 32 | {% endfor %} 33 | 34 | EnvironmentFile={{ victorialogs_service_envflag_file }} 35 | {% endif %} 36 | 37 | [Install] 38 | WantedBy=multi-user.target 39 | -------------------------------------------------------------------------------- /roles/vminsert/molecule/proxy/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Setup Proxy Server 3 | hosts: vminsert-proxy-server 4 | become: yes 5 | tasks: 6 | - name: Install squid proxy 7 | ansible.builtin.apt: 8 | name: squid 9 | state: present 10 | update_cache: yes 11 | 12 | - name: Configure squid to allow all 13 | ansible.builtin.copy: 14 | content: | 15 | http_port 3128 16 | acl localnet src 0.0.0.0/0 17 | http_access allow localnet 18 | http_access allow localhost 19 | http_access deny all 20 | dest: /etc/squid/squid.conf 21 | mode: '0644' 22 | 23 | - name: Start squid service 24 | ansible.builtin.service: 25 | name: squid 26 | state: started 27 | enabled: yes 28 | 29 | - name: Converge 30 | hosts: vminsert-proxy-debian13 31 | become: yes 32 | vars: 33 | vminsert_install_download_to_control: false 34 | vm_proxy_http: "http://vminsert-proxy-server:3128" 35 | vm_proxy_https: "http://vminsert-proxy-server:3128" 36 | tasks: 37 | - name: "Include vminsert" 38 | ansible.builtin.include_role: 39 | name: "vminsert" 40 | -------------------------------------------------------------------------------- /roles/vmselect/molecule/proxy/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Setup Proxy Server 3 | hosts: vmselect-proxy-server 4 | become: yes 5 | tasks: 6 | - name: Install squid proxy 7 | ansible.builtin.apt: 8 | name: squid 9 | state: present 10 | update_cache: yes 11 | 12 | - name: Configure squid to allow all 13 | ansible.builtin.copy: 14 | content: | 15 | http_port 3128 16 | acl localnet src 0.0.0.0/0 17 | http_access allow localnet 18 | http_access allow localhost 19 | http_access deny all 20 | dest: /etc/squid/squid.conf 21 | mode: '0644' 22 | 23 | - name: Start squid service 24 | ansible.builtin.service: 25 | name: squid 26 | state: started 27 | enabled: yes 28 | 29 | - name: Converge 30 | hosts: vmselect-proxy-debian13 31 | become: yes 32 | vars: 33 | vmselect_install_download_to_control: false 34 | vm_proxy_http: "http://vmselect-proxy-server:3128" 35 | vm_proxy_https: "http://vmselect-proxy-server:3128" 36 | tasks: 37 | - name: "Include vmselect" 38 | ansible.builtin.include_role: 39 | name: "vmselect" 40 | -------------------------------------------------------------------------------- /roles/vtsingle/molecule/proxy/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Setup Proxy Server 3 | hosts: vtsingle-proxy-server 4 | become: yes 5 | tasks: 6 | - name: Install squid proxy 7 | ansible.builtin.apt: 8 | name: squid 9 | state: present 10 | update_cache: yes 11 | 12 | - name: Configure squid to allow all 13 | ansible.builtin.copy: 14 | content: | 15 | http_port 3128 16 | acl localnet src 0.0.0.0/0 17 | http_access allow localnet 18 | http_access allow localhost 19 | http_access deny all 20 | dest: /etc/squid/squid.conf 21 | mode: '0644' 22 | 23 | - name: Start squid service 24 | ansible.builtin.service: 25 | name: squid 26 | state: started 27 | enabled: yes 28 | 29 | - name: Converge 30 | hosts: vtsingle-proxy-debian13 31 | become: yes 32 | vars: 33 | victoriatraces_install_download_to_control: false 34 | vm_proxy_http: "http://vtsingle-proxy-server:3128" 35 | vm_proxy_https: "http://vtsingle-proxy-server:3128" 36 | tasks: 37 | - name: "Include vtsingle" 38 | ansible.builtin.include_role: 39 | name: "vtsingle" 40 | -------------------------------------------------------------------------------- /roles/vmstorage/molecule/proxy/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Setup Proxy Server 3 | hosts: vmstorage-proxy-server 4 | become: yes 5 | tasks: 6 | - name: Install squid proxy 7 | ansible.builtin.apt: 8 | name: squid 9 | state: present 10 | update_cache: yes 11 | 12 | - name: Configure squid to allow all 13 | ansible.builtin.copy: 14 | content: | 15 | http_port 3128 16 | acl localnet src 0.0.0.0/0 17 | http_access allow localnet 18 | http_access allow localhost 19 | http_access deny all 20 | dest: /etc/squid/squid.conf 21 | mode: '0644' 22 | 23 | - name: Start squid service 24 | ansible.builtin.service: 25 | name: squid 26 | state: started 27 | enabled: yes 28 | 29 | - name: Converge 30 | hosts: vmstorage-proxy-debian13 31 | become: yes 32 | vars: 33 | vmstorage_install_download_to_control: false 34 | vm_proxy_http: "http://vmstorage-proxy-server:3128" 35 | vm_proxy_https: "http://vmstorage-proxy-server:3128" 36 | tasks: 37 | - name: "Include vmstorage" 38 | ansible.builtin.include_role: 39 | name: "vmstorage" 40 | -------------------------------------------------------------------------------- /roles/vmagent/templates/vmagent.service.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | 3 | [Unit] 4 | Description=Description=VictoriaMetrics vmagent service 5 | After=network.target 6 | 7 | [Service] 8 | Type=simple 9 | User={{ vmagent_system_user }} 10 | Group={{ vmagent_system_group }} 11 | ExecStart=/usr/local/bin/vmagent-prod {%- for flag, flag_values in vmagent_service_args.items() -%} 12 | {%- if flag_values | type_debug == "list" -%} 13 | {% for flag_value in flag_values %} --{{ flag }}={{ flag_value }} {% endfor %} 14 | {% else %} --{{ flag }}={{ flag_values }} {% endif %} 15 | {% endfor %} 16 | 17 | SyslogIdentifier=vic-vmagent 18 | Restart=always 19 | 20 | PrivateTmp=yes 21 | ProtectHome={{ vmagent_systemd_protect_home }} 22 | NoNewPrivileges=yes 23 | 24 | ProtectSystem=full 25 | 26 | {% if vmagent_systemd_version | int >= 232 %} 27 | ProtectControlGroups=true 28 | ProtectKernelModules=true 29 | ProtectKernelTunables=yes 30 | {% endif %} 31 | 32 | {% if vmagent_exec_start_post != "" %} 33 | ExecStartPost={{ vmagent_exec_start_post }} 34 | {% endif %} 35 | 36 | {% if vmagent_exec_stop != "" %} 37 | ExecStop={{ vmagent_exec_stop }} 38 | {% endif %} 39 | 40 | [Install] 41 | WantedBy=multi-user.target 42 | -------------------------------------------------------------------------------- /roles/vtsingle/templates/victoriatraces.service.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | 3 | [Unit] 4 | Description=Description=VictoriaTraces service 5 | After=network.target 6 | 7 | [Service] 8 | Type=simple 9 | LimitNOFILE={{ victoriatraces_max_open_files }} 10 | User={{ victoriatraces_system_user }} 11 | Group={{ victoriatraces_system_group }} 12 | ExecStart=/usr/local/bin/victoria-traces-prod {% if (victoriatraces_service_envflag_enabled | bool) %} -envflag.enable {% endif %} {% for flag, flag_value in victoriatraces_service_args.items() %}-{{ flag }}={{ flag_value }} {% endfor %} 13 | 14 | SyslogIdentifier=victoriatraces 15 | Restart=always 16 | 17 | PrivateTmp=yes 18 | ProtectHome=yes 19 | NoNewPrivileges=yes 20 | 21 | ProtectSystem=full 22 | 23 | {% if victoriatraces_systemd_version | int >= 232 %} 24 | ProtectControlGroups=true 25 | ProtectKernelModules=true 26 | ProtectKernelTunables=yes 27 | {% endif %} 28 | 29 | {% if victoriatraces_service_envflag_enabled | bool %} 30 | {% for v in victoriatraces_service_envflag_data %} 31 | Environment="{{ v }}" 32 | {% endfor %} 33 | 34 | EnvironmentFile={{ victoriatraces_service_envflag_file }} 35 | {% endif %} 36 | 37 | [Install] 38 | WantedBy=multi-user.target 39 | -------------------------------------------------------------------------------- /roles/vmsingle/templates/victoriametrics.service.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | 3 | [Unit] 4 | Description=Description=VictoriaMetrics service 5 | After=network.target 6 | 7 | [Service] 8 | Type=simple 9 | LimitNOFILE={{ victoriametrics_max_open_files }} 10 | User={{ victoriametrics_system_user }} 11 | Group={{ victoriametrics_system_group }} 12 | ExecStart=/usr/local/bin/victoria-metrics-prod {% if (victoriametrics_service_envflag_enabled | bool) %} -envflag.enable {% endif %} {% for flag, flag_value in victoriametrics_service_args.items() %}-{{ flag }}={{ flag_value }} {% endfor %} 13 | 14 | SyslogIdentifier=victoriametrics 15 | Restart=always 16 | 17 | PrivateTmp=yes 18 | ProtectHome=yes 19 | NoNewPrivileges=yes 20 | 21 | ProtectSystem=full 22 | 23 | {% if victoriametrics_systemd_version | int >= 232 %} 24 | ProtectControlGroups=true 25 | ProtectKernelModules=true 26 | ProtectKernelTunables=yes 27 | {% endif %} 28 | 29 | {% if victoriametrics_service_envflag_enabled | bool %} 30 | {% for v in victoriametrics_service_envflag_data %} 31 | Environment="{{ v }}" 32 | {% endfor %} 33 | 34 | EnvironmentFile={{ victoriametrics_service_envflag_file }} 35 | {% endif %} 36 | 37 | [Install] 38 | WantedBy=multi-user.target 39 | -------------------------------------------------------------------------------- /roles/vmselect/tasks/configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Systemd | Copy vmselect systemd unit file" 3 | ansible.builtin.template: 4 | src: vmselect.service.j2 5 | dest: /etc/systemd/system/vmselect.service 6 | owner: root 7 | group: root 8 | mode: "0644" 9 | notify: Restart vmselect service 10 | 11 | - name: "Systemd | ensure vmselect service is enabled" # noqa: no-handler 12 | become: true 13 | ansible.builtin.systemd: 14 | name: vmselect 15 | enabled: true 16 | 17 | - name: Prepare configuration dir 18 | ansible.builtin.file: 19 | state: directory 20 | path: "{{ vmselect_config_dir }}" 21 | mode: "0751" 22 | owner: "{{ vmselect_system_user }}" 23 | group: "{{ vmselect_system_group }}" 24 | 25 | - name: Setup environment file 26 | ansible.builtin.template: 27 | dest: "{{ vmselect_config_dir }}/vmselect.conf" 28 | src: "vmselect.conf.j2" 29 | owner: "{{ vmselect_system_user }}" 30 | group: "{{ vmselect_system_group }}" 31 | mode: "0644" 32 | notify: Restart vmselect service 33 | 34 | - name: Prepare cache dir 35 | ansible.builtin.file: 36 | state: directory 37 | path: "{{ vmselect_cache_dir }}" 38 | mode: "0751" 39 | owner: "{{ vmselect_system_user }}" 40 | group: "{{ vmselect_system_group }}" 41 | -------------------------------------------------------------------------------- /roles/vmstorage/tasks/configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Systemd | Copy vmstorage systemd unit file" 3 | ansible.builtin.template: 4 | src: vmstorage.service.j2 5 | dest: /etc/systemd/system/vmstorage.service 6 | owner: root 7 | group: root 8 | mode: "0644" 9 | notify: Restart vmstorage service 10 | 11 | - name: "Systemd | ensure vmstorage service is enabled" # noqa: no-handler 12 | become: true 13 | ansible.builtin.systemd: 14 | name: vmstorage 15 | enabled: true 16 | 17 | - name: Prepare configuration dir 18 | ansible.builtin.file: 19 | state: directory 20 | path: "{{ vmstorage_config_dir }}" 21 | mode: "0751" 22 | owner: "{{ vmstorage_system_user }}" 23 | group: "{{ vmstorage_system_group }}" 24 | 25 | - name: Setup environment file 26 | ansible.builtin.template: 27 | dest: "{{ vmstorage_config_dir }}/vmstorage.conf" 28 | src: "vmstorage.conf.j2" 29 | owner: "{{ vmstorage_system_user }}" 30 | group: "{{ vmstorage_system_group }}" 31 | mode: "0644" 32 | notify: Restart vmstorage service 33 | 34 | - name: Prepare data dir 35 | ansible.builtin.file: 36 | state: directory 37 | path: "{{ vmstorage_data_dir }}" 38 | mode: "0751" 39 | owner: "{{ vmstorage_system_user }}" 40 | group: "{{ vmstorage_system_group }}" 41 | -------------------------------------------------------------------------------- /roles/vlsingle/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | victorialogs_version: "v1.42.0" 3 | 4 | victorialogs_platform: "linux" 5 | victorialogs_repo_url: "https://github.com/VictoriaMetrics/VictoriaLogs" 6 | victorialogs_download_url: "{{ victorialogs_repo_url }}/releases/download/{{ victorialogs_version }}/victoria-logs-{{ victorialogs_platform }}-{{ go_arch }}-{{ victorialogs_version }}.tar.gz" 7 | 8 | victorialogs_system_user: "victorialogs" 9 | victorialogs_system_group: "{{ victorialogs_system_user }}" 10 | victorialogs_data_dir: "/var/lib/victoria-logs/" 11 | victorialogs_retention_period_months: "12" 12 | 13 | # more on envflags usage 14 | # https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#environment-variables 15 | victorialogs_service_envflag_enabled: "false" 16 | # Array of strings to pass 17 | victorialogs_service_envflag_data: [] 18 | # - "graphiteListenAddr=127.0.0.1:12345" 19 | victorialogs_service_envflag_file: "/etc/default/victoriametrics" 20 | 21 | # Download behavior 22 | victorialogs_install_download_to_control: false 23 | 24 | # Proxy environment for downloads 25 | vm_proxy_http: "" 26 | vm_proxy_https: "" 27 | 28 | victorialogs_service_args: 29 | storageDataPath: "{{ victorialogs_data_dir }}" 30 | retentionPeriod: "{{ victorialogs_retention_period_months }}" 31 | 32 | victorialogs_max_open_files: 2097152 33 | -------------------------------------------------------------------------------- /roles/vlsingle/molecule/proxy/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Setup Proxy Server 3 | hosts: vlsingle-proxy-server 4 | become: yes 5 | tasks: 6 | - name: Install squid proxy 7 | ansible.builtin.apt: 8 | name: squid 9 | state: present 10 | update_cache: yes 11 | 12 | - name: Configure squid to allow all 13 | ansible.builtin.copy: 14 | content: | 15 | http_port 3128 16 | acl localnet src 0.0.0.0/0 17 | http_access allow localnet 18 | http_access allow localhost 19 | http_access deny all 20 | dest: /etc/squid/squid.conf 21 | mode: '0644' 22 | 23 | - name: Start squid service 24 | ansible.builtin.service: 25 | name: squid 26 | state: started 27 | enabled: yes 28 | 29 | - name: Converge 30 | hosts: vlsingle-proxy-debian13 31 | become: yes 32 | vars: 33 | victoriametrics_data_dir: "/tmp/victoria-logs/" 34 | victorialogs_install_download_to_control: false 35 | vm_proxy_http: "http://vlsingle-proxy-server:3128" 36 | vm_proxy_https: "http://vlsingle-proxy-server:3128" 37 | victoriametrics_service_args: 38 | storageDataPath: "{{ victoriametrics_data_dir }}" 39 | tasks: 40 | - name: "Include vlsingle" 41 | ansible.builtin.include_role: 42 | name: "vlsingle" 43 | 44 | -------------------------------------------------------------------------------- /roles/vmsingle/molecule/proxy/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Setup Proxy Server 3 | hosts: vmsingle-proxy-server 4 | become: yes 5 | tasks: 6 | - name: Install squid proxy 7 | ansible.builtin.apt: 8 | name: squid 9 | state: present 10 | update_cache: yes 11 | 12 | - name: Configure squid to allow all 13 | ansible.builtin.copy: 14 | content: | 15 | http_port 3128 16 | acl localnet src 0.0.0.0/0 17 | http_access allow localnet 18 | http_access allow localhost 19 | http_access deny all 20 | dest: /etc/squid/squid.conf 21 | mode: '0644' 22 | 23 | - name: Start squid service 24 | ansible.builtin.service: 25 | name: squid 26 | state: started 27 | enabled: yes 28 | 29 | - name: Converge 30 | hosts: vmsingle-proxy-debian13 31 | become: yes 32 | vars: 33 | victoriametrics_data_dir: "/tmp/victoria-metrics/" 34 | victoriametrics_install_download_to_control: false 35 | vm_proxy_http: "http://vmsingle-proxy-server:3128" 36 | vm_proxy_https: "http://vmsingle-proxy-server:3128" 37 | victoriametrics_service_args: 38 | storageDataPath: "{{ victoriametrics_data_dir }}" 39 | tasks: 40 | - name: "Include vmsingle" 41 | ansible.builtin.include_role: 42 | name: "vmsingle" 43 | -------------------------------------------------------------------------------- /playbooks/cluster.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Setup storage 3 | become: true 4 | hosts: vmstorage 5 | roles: 6 | - vmstorage 7 | 8 | - name: Setup vmselect 9 | become: true 10 | hosts: vmselect 11 | vars: 12 | vmselect_cache_dir: "/var/lib/vmselect" 13 | vmselect_config: 14 | cacheDataPath: "/var/lib/vmselect" 15 | storageNode: "{{ groups['vmstorage'] | join(',') }}" 16 | roles: 17 | - vmselect 18 | 19 | - name: Setup vminsert 20 | become: true 21 | hosts: vminsert 22 | vars: 23 | vminsert_config: 24 | storageNode: "{{ groups['vmstorage'] | join(',') }}" 25 | roles: 26 | - vminsert 27 | 28 | - name: Setup vmauth 29 | become: true 30 | hosts: vmauth 31 | vars: 32 | # See: https://docs.victoriametrics.com/vmauth/#load-balancer-for-victoriametrics-cluster 33 | vmauth_auth_config: |- 34 | unauthorized_user: 35 | url_map: 36 | - src_paths: 37 | - "/insert/.+" 38 | url_prefix: 39 | {% for insert in groups['vminsert'] %} 40 | - "http://{{ insert }}:8480/" 41 | {% endfor %} 42 | - src_paths: 43 | - "/select/.+" 44 | url_prefix: 45 | {% for select in groups['vmselect'] %} 46 | - "http://{{ select }}:8481/" 47 | {% endfor %} 48 | 49 | roles: 50 | - vmauth 51 | -------------------------------------------------------------------------------- /roles/vmauth/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | vmauth_version: "v1.132.0" 3 | vmauth_enterprise: false 4 | vmauth_license_key: "" 5 | vmauth_license_key_file: "" 6 | 7 | vmauth_repo_url: "https://github.com/VictoriaMetrics/VictoriaMetrics" 8 | vmauth_platform: "{% if vmauth_version.replace('v', '') is version('1.79.0', '>=') %}-linux{% endif %}" 9 | vmauth_download_url: "{{ vmauth_repo_url }}/releases/download/{{ vmauth_version }}/vmutils{{ vmauth_platform }}-{{ go_arch }}-{{ vmauth_version }}{%if vmauth_enterprise %}-enterprise{% endif %}.tar.gz" 10 | 11 | vmauth_system_user: "victoriametrics" 12 | vmauth_system_group: "{{ vmauth_system_user }}" 13 | 14 | vmauth_service_state: started 15 | vmauth_service_enabled: true 16 | vmauth_service_args: {} 17 | 18 | vmauth_exec_start_post: "" 19 | vmauth_exec_stop: "" 20 | 21 | vmauth_config_dir: "/opt/victoriametrics-vmauth" 22 | vmauth_bin_dir: /usr/local/bin 23 | 24 | vmauth_config: {} 25 | 26 | # See: https://docs.victoriametrics.com/vmauth/#use-cases 27 | vmauth_auth_config: |- 28 | unauthorized_user: 29 | url_prefix: "http://vmselect/" 30 | 31 | vmauth_install_download_to_control: false 32 | 33 | vm_proxy_http: "" 34 | vm_proxy_https: "" 35 | 36 | # See https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome= 37 | # Available options: 'yes', 'read-only', 'tmpfs' 38 | vmauth_systemd_protect_home: "yes" 39 | -------------------------------------------------------------------------------- /roles/vmauth/tasks/configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Systemd | Copy vmauth systemd unit file" 3 | ansible.builtin.template: 4 | src: vmauth.service.j2 5 | dest: /etc/systemd/system/vmauth.service 6 | owner: root 7 | group: root 8 | mode: "0644" 9 | notify: Restart vmauth service 10 | 11 | - name: "Systemd | ensure vmauth service is enabled" # noqa: no-handler 12 | become: true 13 | ansible.builtin.systemd: 14 | name: vmauth 15 | enabled: true 16 | 17 | - name: Prepare configuration dir 18 | ansible.builtin.file: 19 | state: directory 20 | path: "{{ vmauth_config_dir }}" 21 | mode: "0751" 22 | owner: "{{ vmauth_system_user }}" 23 | group: "{{ vmauth_system_group }}" 24 | 25 | - name: Template auth config 26 | ansible.builtin.template: 27 | src: auth.yaml.j2 28 | dest: "{{ vmauth_config_dir }}/auth.yaml" 29 | owner: "{{ vmauth_system_user }}" 30 | group: "{{ vmauth_system_group }}" 31 | mode: "0600" 32 | no_log: true 33 | when: 34 | - vmauth_auth_config != "" 35 | notify: Restart vmauth service 36 | 37 | - name: Setup environment file 38 | ansible.builtin.template: 39 | dest: "{{ vmauth_config_dir }}/vmauth.conf" 40 | src: "vmauth.conf.j2" 41 | owner: "{{ vmauth_system_user }}" 42 | group: "{{ vmauth_system_group }}" 43 | mode: "0600" 44 | notify: Restart vmauth service 45 | -------------------------------------------------------------------------------- /roles/vmselect/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | vmselect_version: "v1.132.0" 3 | vmselect_enterprise: false 4 | vmselect_license_key: "" 5 | vmselect_license_key_file: "" 6 | 7 | vmselect_repo_url: "https://github.com/VictoriaMetrics/VictoriaMetrics" 8 | vmselect_platform: "{% if vmselect_version.replace('v', '') is version('1.79.0', '>=') %}-linux{% endif %}" 9 | vmselect_download_url: "{{ vmselect_repo_url }}/releases/download/{{ vmselect_version }}/victoria-metrics{{ vmselect_platform }}-{{ go_arch }}-{{ vmselect_version }}{%if vmselect_enterprise %}-enterprise{% endif %}-cluster.tar.gz" 10 | 11 | vmselect_system_user: "victoriametrics" 12 | vmselect_system_group: "{{ vmselect_system_user }}" 13 | 14 | vmselect_service_state: started 15 | vmselect_service_enabled: true 16 | vmselect_exec_start_post: "" 17 | vmselect_exec_stop: "" 18 | 19 | vmselect_config_dir: "/opt/victoriametrics-vmselect" 20 | vmselect_cache_dir: "/var/lib/vmselect" 21 | vmselect_bin_dir: /usr/local/bin 22 | 23 | vmselect_config: 24 | storageNode: vmstorage1,vmstorage2 25 | cacheDataPath: "{{ vmselect_cache_dir }}" 26 | 27 | vmselect_install_download_to_control: false 28 | 29 | vm_proxy_http: "" 30 | vm_proxy_https: "" 31 | 32 | # See https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome= 33 | # Available options: 'yes', 'read-only', 'tmpfs' 34 | vmselect_systemd_protect_home: "yes" 35 | -------------------------------------------------------------------------------- /roles/vtsingle/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | victoriatraces_version: "v0.3.0" 3 | 4 | victoriatraces_platform: "linux" 5 | victoriatraces_repo_url: "https://github.com/VictoriaMetrics/VictoriaTraces" 6 | victoriatraces_download_url: "{{ victoriatraces_repo_url }}/releases/download/{{ victoriatraces_version }}/victoria-traces-{{ victoriatraces_platform }}-{{ go_arch }}-{{ victoriatraces_version }}.tar.gz" 7 | 8 | victoriatraces_system_user: "victoriatraces" 9 | victoriatraces_system_group: "{{ victoriatraces_system_user }}" 10 | victoriatraces_data_dir: "/var/lib/victoria-traces/" 11 | victoriatraces_retention_period_months: "12" 12 | 13 | # more on envflags usage 14 | # https://docs.victoriametrics.com/victoriametrics/single-server-victoriametrics/#environment-variables 15 | victoriatraces_service_envflag_enabled: "false" 16 | # Array of strings to pass 17 | victoriatraces_service_envflag_data: [] 18 | # - "graphiteListenAddr=127.0.0.1:12345" 19 | victoriatraces_service_envflag_file: "/etc/default/victoriatraces" 20 | 21 | # Download behavior 22 | victoriatraces_install_download_to_control: false 23 | 24 | # Proxy environment for downloads 25 | vm_proxy_http: "" 26 | vm_proxy_https: "" 27 | 28 | victoriatraces_service_args: 29 | storageDataPath: "{{ victoriatraces_data_dir }}" 30 | retentionPeriod: "{{ victoriatraces_retention_period_months }}" 31 | 32 | victoriatraces_max_open_files: 2097152 33 | -------------------------------------------------------------------------------- /roles/vmagent/molecule/proxy/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Setup Proxy Server 3 | hosts: vmagent-proxy-server 4 | become: yes 5 | tasks: 6 | - name: Install squid proxy 7 | ansible.builtin.apt: 8 | name: squid 9 | state: present 10 | update_cache: yes 11 | 12 | - name: Configure squid to allow all 13 | ansible.builtin.copy: 14 | content: | 15 | http_port 3128 16 | acl localnet src 0.0.0.0/0 17 | http_access allow localnet 18 | http_access allow localhost 19 | http_access deny all 20 | dest: /etc/squid/squid.conf 21 | mode: '0644' 22 | 23 | - name: Start squid service 24 | ansible.builtin.service: 25 | name: squid 26 | state: started 27 | enabled: yes 28 | 29 | - name: Converge 30 | hosts: vmagent-proxy-debian13 31 | become: yes 32 | vars: 33 | vmagent_install_download_to_control: false 34 | vm_proxy_http: "http://vmagent-proxy-server:3128" 35 | vm_proxy_https: "http://vmagent-proxy-server:3128" 36 | tasks: 37 | - name: "Include vmagent" 38 | vars: 39 | vmagent_service_args: 40 | "remoteWrite.url": 41 | - "http://url1/api/v1/write" 42 | - "http://url2/api/v1/write" 43 | "remoteWrite.tmpDataPath": /tmp/vmagent 44 | ansible.builtin.include_role: 45 | name: "vmagent" 46 | -------------------------------------------------------------------------------- /roles/vminsert/tasks/configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Systemd | Copy vminsert systemd unit file" 3 | ansible.builtin.template: 4 | src: vminsert.service.j2 5 | dest: /etc/systemd/system/vminsert.service 6 | owner: root 7 | group: root 8 | mode: "0644" 9 | notify: Restart vminsert service 10 | 11 | - name: "Systemd | ensure vminsert service is enabled" # noqa: no-handler 12 | become: true 13 | ansible.builtin.systemd: 14 | name: vminsert 15 | enabled: true 16 | 17 | - name: Prepare configuration dir 18 | ansible.builtin.file: 19 | state: directory 20 | path: "{{ vminsert_config_dir }}" 21 | mode: "0751" 22 | owner: "{{ vminsert_system_user }}" 23 | group: "{{ vminsert_system_group }}" 24 | 25 | - name: Template relabel config 26 | ansible.builtin.template: 27 | src: relabeling.yaml.j2 28 | dest: "{{ vminsert_config_dir }}/relabel.yaml" 29 | owner: "{{ vminsert_system_user }}" 30 | group: "{{ vminsert_system_group }}" 31 | mode: "0600" 32 | when: 33 | - vminsert_relabel_config != "" 34 | notify: Restart vminsert service 35 | 36 | - name: Setup environment file 37 | ansible.builtin.template: 38 | dest: "{{ vminsert_config_dir }}/vminsert.conf" 39 | src: "vminsert.conf.j2" 40 | owner: "{{ vminsert_system_user }}" 41 | group: "{{ vminsert_system_group }}" 42 | mode: "0644" 43 | notify: Restart vminsert service 44 | -------------------------------------------------------------------------------- /roles/vmauth/tasks/preinstall_license.yml: -------------------------------------------------------------------------------- 1 | - name: Ensure license key is provided 2 | ansible.builtin.assert: 3 | that: vmauth_license_key != "" or vmauth_license_key_file != "" 4 | msg: Either license key or license key file location must be provided. 5 | when: vmauth_enterprise | bool 6 | 7 | - name: Ensure only one of key or file is provided 8 | ansible.builtin.assert: 9 | that: vmauth_license_key_file == "" 10 | msg: Only one of license key or license key file must be provided. 11 | when: 12 | - vmauth_enterprise | bool 13 | - vmauth_license_key != "" 14 | 15 | - name: Ensure only one of key or file is provided 16 | ansible.builtin.assert: 17 | that: vmauth_license_key == "" 18 | msg: Only one of license key or license key file must be provided. 19 | when: 20 | - vmauth_enterprise | bool 21 | - vmauth_license_key_file != "" 22 | 23 | 24 | - name: Add license key parameter to service config 25 | ansible.builtin.set_fact: 26 | vmauth_service_args: "{{ vmauth_service_args | combine({'license': vmauth_license_key}) }}" 27 | when: 28 | - vmauth_enterprise | bool 29 | - vmauth_license_key != "" 30 | 31 | 32 | - name: Add license key parameter to service config 33 | ansible.builtin.set_fact: 34 | vmauth_service_args: "{{ vmauth_service_args | combine({'licenseFile': vmauth_license_key_file}) }}" 35 | when: 36 | - vmauth_enterprise | bool 37 | - vmauth_license_key_file != "" 38 | -------------------------------------------------------------------------------- /roles/vmstorage/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | vmstorage_version: "v1.132.0" 3 | vmstorage_enterprise: false 4 | vmstorage_license_key: "" 5 | vmstorage_license_key_file: "" 6 | 7 | vmstorage_repo_url: "https://github.com/VictoriaMetrics/VictoriaMetrics" 8 | vmstorage_platform: "{% if vmstorage_version.replace('v', '') is version('1.79.0', '>=') %}-linux{% endif %}" 9 | vmstorage_download_url: "{{ vmstorage_repo_url }}/releases/download/{{ vmstorage_version }}/victoria-metrics{{ vmstorage_platform }}-{{ go_arch }}-{{ vmstorage_version }}{%if vmstorage_enterprise %}-enterprise{% endif %}-cluster.tar.gz" 10 | 11 | vmstorage_system_user: "victoriametrics" 12 | vmstorage_system_group: "{{ vmstorage_system_user }}" 13 | 14 | vmstorage_service_state: started 15 | vmstorage_service_enabled: true 16 | vmstorage_exec_start_post: "" 17 | vmstorage_exec_stop: "" 18 | 19 | vmstorage_config_dir: "/opt/victoriametrics-vmstorage" 20 | vmstorage_data_dir: "/var/lib/vmstorage" 21 | vmstorage_bin_dir: /usr/local/bin 22 | vmstorage_retention_period: 1 23 | 24 | vmstorage_config: 25 | retentionPeriod: "{{ vmstorage_retention_period }}" 26 | storageDataPath: "{{ vmstorage_data_dir }}" 27 | 28 | vmstorage_install_download_to_control: false 29 | 30 | vm_proxy_http: "" 31 | vm_proxy_https: "" 32 | 33 | # See https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome= 34 | # Available options: 'yes', 'read-only', 'tmpfs' 35 | vmstorage_systemd_protect_home: "yes" 36 | -------------------------------------------------------------------------------- /roles/vminsert/tasks/preinstall_license.yml: -------------------------------------------------------------------------------- 1 | - name: Ensure license key is provided 2 | ansible.builtin.assert: 3 | that: vminsert_license_key != "" or vminsert_license_key_file != "" 4 | msg: Either license key or license key file location must be provided. 5 | when: vminsert_enterprise | bool 6 | 7 | - name: Ensure only one of key or file is provided 8 | ansible.builtin.assert: 9 | that: vminsert_license_key_file == "" 10 | msg: Only one of license key or license key file must be provided. 11 | when: 12 | - vminsert_enterprise | bool 13 | - vminsert_license_key != "" 14 | 15 | - name: Ensure only one of key or file is provided 16 | ansible.builtin.assert: 17 | that: vminsert_license_key == "" 18 | msg: Only one of license key or license key file must be provided. 19 | when: 20 | - vminsert_enterprise | bool 21 | - vminsert_license_key_file != "" 22 | 23 | 24 | - name: Add license key parameter to service config 25 | ansible.builtin.set_fact: 26 | vminsert_config: "{{ vminsert_config | combine({'license': vminsert_license_key}) }}" 27 | when: 28 | - vminsert_enterprise | bool 29 | - vminsert_license_key != "" 30 | 31 | 32 | - name: Add license key parameter to service config 33 | ansible.builtin.set_fact: 34 | vminsert_config: "{{ vminsert_config | combine({'licenseFile': vminsert_license_key_file}) }}" 35 | when: 36 | - vminsert_enterprise | bool 37 | - vminsert_license_key_file != "" 38 | -------------------------------------------------------------------------------- /roles/vmselect/tasks/preinstall_license.yml: -------------------------------------------------------------------------------- 1 | - name: Ensure license key is provided 2 | ansible.builtin.assert: 3 | that: vmselect_license_key != "" or vmselect_license_key_file != "" 4 | msg: Either license key or license key file location must be provided. 5 | when: vmselect_enterprise | bool 6 | 7 | - name: Ensure only one of key or file is provided 8 | ansible.builtin.assert: 9 | that: vmselect_license_key_file == "" 10 | msg: Only one of license key or license key file must be provided. 11 | when: 12 | - vmselect_enterprise | bool 13 | - vmselect_license_key != "" 14 | 15 | - name: Ensure only one of key or file is provided 16 | ansible.builtin.assert: 17 | that: vmselect_license_key == "" 18 | msg: Only one of license key or license key file must be provided. 19 | when: 20 | - vmselect_enterprise | bool 21 | - vmselect_license_key_file != "" 22 | 23 | 24 | - name: Add license key parameter to service config 25 | ansible.builtin.set_fact: 26 | vmselect_config: "{{ vmselect_config | combine({'license': vmselect_license_key}) }}" 27 | when: 28 | - vmselect_enterprise | bool 29 | - vmselect_license_key != "" 30 | 31 | 32 | - name: Add license key parameter to service config 33 | ansible.builtin.set_fact: 34 | vmselect_config: "{{ vmselect_config | combine({'licenseFile': vmselect_license_key_file}) }}" 35 | when: 36 | - vmselect_enterprise | bool 37 | - vmselect_license_key_file != "" 38 | -------------------------------------------------------------------------------- /roles/vmagent/tasks/preinstall_license.yml: -------------------------------------------------------------------------------- 1 | - name: Ensure license key is provided 2 | ansible.builtin.assert: 3 | that: vmagent_license_key != "" or vmagent_license_key_file != "" 4 | msg: Either license key or license key file location must be provided. 5 | when: vmagent_enterprise | bool 6 | 7 | - name: Ensure only one of key or file is provided 8 | ansible.builtin.assert: 9 | that: vmagent_license_key_file == "" 10 | msg: Only one of license key or license key file must be provided. 11 | when: 12 | - vmagent_enterprise | bool 13 | - vmagent_license_key != "" 14 | 15 | - name: Ensure only one of key or file is provided 16 | ansible.builtin.assert: 17 | that: vmagent_license_key == "" 18 | msg: Only one of license key or license key file must be provided. 19 | when: 20 | - vmagent_enterprise | bool 21 | - vmagent_license_key_file != "" 22 | 23 | 24 | - name: Add license key parameter to service config 25 | ansible.builtin.set_fact: 26 | vmagent_service_args: "{{ vmagent_service_args | combine({'license': vmagent_license_key}) }}" 27 | when: 28 | - vmagent_enterprise | bool 29 | - vmagent_license_key != "" 30 | 31 | 32 | - name: Add license key parameter to service config 33 | ansible.builtin.set_fact: 34 | vmagent_service_args: "{{ vmagent_service_args | combine({'licenseFile': vmagent_license_key_file}) }}" 35 | when: 36 | - vmagent_enterprise | bool 37 | - vmagent_license_key_file != "" 38 | -------------------------------------------------------------------------------- /roles/vmstorage/tasks/preinstall_license.yml: -------------------------------------------------------------------------------- 1 | - name: Ensure license key is provided 2 | ansible.builtin.assert: 3 | that: vmstorage_license_key != "" or vmstorage_license_key_file != "" 4 | msg: Either license key or license key file location must be provided. 5 | when: vmstorage_enterprise | bool 6 | 7 | - name: Ensure only one of key or file is provided 8 | ansible.builtin.assert: 9 | that: vmstorage_license_key_file == "" 10 | msg: Only one of license key or license key file must be provided. 11 | when: 12 | - vmstorage_enterprise | bool 13 | - vmstorage_license_key != "" 14 | 15 | - name: Ensure only one of key or file is provided 16 | ansible.builtin.assert: 17 | that: vmstorage_license_key == "" 18 | msg: Only one of license key or license key file must be provided. 19 | when: 20 | - vmstorage_enterprise | bool 21 | - vmstorage_license_key_file != "" 22 | 23 | - name: Add license key parameter to service config 24 | ansible.builtin.set_fact: 25 | vmstorage_config: "{{ vmstorage_config | combine({'license': vmstorage_license_key}) }}" 26 | when: 27 | - vmstorage_enterprise | bool 28 | - vmstorage_license_key != "" 29 | 30 | - name: Add license key parameter to service config 31 | ansible.builtin.set_fact: 32 | vmstorage_config: "{{ vmstorage_config | combine({'licenseFile': vmstorage_license_key_file}) }}" 33 | when: 34 | - vmstorage_enterprise | bool 35 | - vmstorage_license_key_file != "" 36 | -------------------------------------------------------------------------------- /roles/vlsingle/tasks/configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Configure env 3 | when: victorialogs_service_envflag_enabled | bool 4 | block: 5 | - name: Check envfile presence 6 | ansible.builtin.stat: 7 | path: "{{ victorialogs_service_envflag_file }}" 8 | register: envfile_state 9 | 10 | - name: Setup envfile 11 | ansible.builtin.file: 12 | state: touch 13 | path: "{{ victorialogs_service_envflag_file }}" 14 | owner: root 15 | group: root 16 | mode: "0644" 17 | access_time: preserve 18 | notify: Restart VictoriaLogs service 19 | when: envfile_state.stat.exists is defined and not envfile_state.stat.exists 20 | 21 | - name: Copy VictoriaMetrics systemd unit file 22 | ansible.builtin.template: 23 | src: victorialogs.service.j2 24 | dest: /etc/systemd/system/victorialogs.service 25 | owner: root 26 | group: root 27 | mode: "0644" 28 | register: config_template 29 | no_log: True 30 | 31 | - name: Daemon-reload VictoriaMetrics service 32 | become: true 33 | notify: Restart VictoriaLogs service 34 | ansible.builtin.systemd: 35 | daemon_reload: true 36 | name: victorialogs 37 | when: config_template is changed # noqa: no-handler 38 | changed_when: config_template is changed 39 | 40 | - name: Ensure VictoriaLogs service is enabled on boot 41 | become: true 42 | ansible.builtin.systemd: 43 | name: victorialogs 44 | enabled: true 45 | state: started 46 | -------------------------------------------------------------------------------- /roles/vtsingle/tasks/configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Configure env 3 | when: victoriatraces_service_envflag_enabled | bool 4 | block: 5 | - name: Check envfile presence 6 | ansible.builtin.stat: 7 | path: "{{ victoriatraces_service_envflag_file }}" 8 | register: envfile_state 9 | 10 | - name: Setup envfile 11 | ansible.builtin.file: 12 | state: touch 13 | path: "{{ victoriatraces_service_envflag_file }}" 14 | owner: root 15 | group: root 16 | mode: "0644" 17 | access_time: preserve 18 | notify: Restart VictoriaTraces service 19 | when: envfile_state.stat.exists is defined and not envfile_state.stat.exists 20 | 21 | - name: Copy VictoriaTraces systemd unit file 22 | ansible.builtin.template: 23 | src: victoriatraces.service.j2 24 | dest: /etc/systemd/system/victoriatraces.service 25 | owner: root 26 | group: root 27 | mode: "0644" 28 | register: config_template 29 | no_log: True 30 | 31 | - name: Daemon-reload VictoriaTraces service 32 | become: true 33 | notify: Restart VictoriaTraces service 34 | ansible.builtin.systemd: 35 | daemon_reload: true 36 | name: victoriatraces 37 | when: config_template is changed # noqa: no-handler 38 | changed_when: config_template is changed 39 | 40 | - name: Ensure VictoriaTraces service is enabled on boot 41 | become: true 42 | ansible.builtin.systemd: 43 | name: victoriatraces 44 | enabled: true 45 | state: started 46 | -------------------------------------------------------------------------------- /roles/vminsert/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | vminsert_version: "v1.132.0" 3 | vminsert_enterprise: false 4 | vminsert_license_key: "" 5 | vminsert_license_key_file: "" 6 | 7 | vminsert_repo_url: "https://github.com/VictoriaMetrics/VictoriaMetrics" 8 | vminsert_platform: "{% if vminsert_version.replace('v', '') is version('1.79.0', '>=') %}-linux{% endif %}" 9 | vminsert_download_url: "{{ vminsert_repo_url }}/releases/download/{{ vminsert_version }}/victoria-metrics{{ vminsert_platform }}-{{ go_arch }}-{{ vminsert_version }}{%if vminsert_enterprise %}-enterprise{% endif %}-cluster.tar.gz" 10 | 11 | vminsert_system_user: "victoriametrics" 12 | vminsert_system_group: "{{ vminsert_system_user }}" 13 | 14 | vminsert_service_state: started 15 | vminsert_service_enabled: true 16 | vminsert_exec_start_post: "" 17 | vminsert_exec_stop: "" 18 | 19 | vminsert_config_dir: "/opt/victoriametrics-vminsert" 20 | vminsert_bin_dir: /usr/local/bin 21 | 22 | vminsert_config: 23 | replicationFactor: 1 24 | storageNode: vmstorage1,vmstorage2,vmstorage3 25 | 26 | vminsert_relabel_config: "" 27 | 28 | # vminsert_relabel_config: | 29 | # - source_labels: [__name__] 30 | # regex: '(.*)' 31 | # target_label: __name__ 32 | # replacement: '${1}' 33 | # action: replace 34 | 35 | vminsert_install_download_to_control: false 36 | 37 | vm_proxy_http: "" 38 | vm_proxy_https: "" 39 | 40 | # See https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome= 41 | # Available options: 'yes', 'read-only', 'tmpfs' 42 | vminsert_systemd_protect_home: "yes" 43 | -------------------------------------------------------------------------------- /roles/vmalert/tasks/preinstall_license.yml: -------------------------------------------------------------------------------- 1 | - name: Ensure license key is provided 2 | ansible.builtin.assert: 3 | that: vic_vm_alert_license_key != "" or vic_vm_alert_license_key_file != "" 4 | msg: Either license key or license key file location must be provided. 5 | when: vic_vm_alert_enterprise | bool 6 | 7 | - name: Ensure only one of key or file is provided 8 | ansible.builtin.assert: 9 | that: vic_vm_alert_license_key_file == "" 10 | msg: Only one of license key or license key file must be provided. 11 | when: 12 | - vic_vm_alert_enterprise | bool 13 | - vic_vm_alert_license_key != "" 14 | 15 | - name: Ensure only one of key or file is provided 16 | ansible.builtin.assert: 17 | that: vic_vm_alert_license_key == "" 18 | msg: Only one of license key or license key file must be provided. 19 | when: 20 | - vic_vm_alert_enterprise | bool 21 | - vic_vm_alert_license_key_file != "" 22 | 23 | - name: Add license key parameter to service config 24 | ansible.builtin.set_fact: 25 | vic_vm_alert_service_args: "{{ vic_vm_alert_service_args | combine({'license': vic_vm_alert_license_key}) }}" 26 | when: 27 | - vic_vm_alert_enterprise | bool 28 | - vic_vm_alert_license_key != "" 29 | 30 | 31 | - name: Add license key parameter to service config 32 | ansible.builtin.set_fact: 33 | vic_vm_alert_service_args: "{{ vic_vm_alert_service_args | combine({'licenseFile': vic_vm_alert_license_key_file}) }}" 34 | when: 35 | - vic_vm_alert_enterprise | bool 36 | - vic_vm_alert_license_key_file != "" 37 | -------------------------------------------------------------------------------- /roles/vmsingle/tasks/preinstall_license.yml: -------------------------------------------------------------------------------- 1 | - name: Ensure license key is provided 2 | ansible.builtin.assert: 3 | that: victoriametrics_license_key != "" or victoriametrics_license_key_file != "" 4 | msg: Either license key or license key file location must be provided. 5 | when: victoriametrics_enterprise | bool 6 | 7 | - name: Ensure only one of key or file is provided 8 | ansible.builtin.assert: 9 | that: victoriametrics_license_key_file == "" 10 | msg: Only one of license key or license key file must be provided. 11 | when: 12 | - victoriametrics_enterprise | bool 13 | - victoriametrics_license_key != "" 14 | 15 | 16 | - name: Ensure only one of key or file is provided 17 | ansible.builtin.assert: 18 | that: victoriametrics_license_key == "" 19 | msg: Only one of license key or license key file must be provided. 20 | when: 21 | - victoriametrics_enterprise | bool 22 | - victoriametrics_license_key_file != "" 23 | 24 | 25 | - name: Add license key parameter to service config 26 | ansible.builtin.set_fact: 27 | victoriametrics_service_args: "{{ victoriametrics_service_args | combine({'license': victoriametrics_license_key}) }}" 28 | when: 29 | - victoriametrics_enterprise | bool 30 | - victoriametrics_license_key != "" 31 | 32 | 33 | - name: Add license key parameter to service config 34 | ansible.builtin.set_fact: 35 | victoriametrics_service_args: "{{ victoriametrics_service_args | combine({'licenseFile': victoriametrics_license_key_file}) }}" 36 | when: 37 | - victoriametrics_enterprise | bool 38 | - victoriametrics_license_key_file != "" 39 | -------------------------------------------------------------------------------- /roles/vmagent/templates/upstart.j2: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | ### BEGIN INIT INFO 3 | # Provides: vic-vmagent 4 | # Required-Start: $syslog 5 | # Required-Stop: $syslog 6 | # Should-Start: $local_fs 7 | # Should-Stop: $local_fs 8 | # Default-Start: 2 3 4 5 9 | # Default-Stop: 0 1 6 10 | # Short-Description: vic-vmagent - VictoriaMetrics scrape agent 11 | # Description: vic-vmagent - VictoriaMetrics scrape agent 12 | ### END INIT INFO 13 | 14 | 15 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 16 | DAEMON=/usr/local/bin/vmagent-prod 17 | DAEMON_ARGS="{% for flag, flag_value in vmagent_service_args.items() %}--{{ flag }}={{ flag_value }} {% endfor %}" 18 | NAME=vic-vmagent 19 | DESC="VictoriaMetrics scrape agent" 20 | 21 | test -x $DAEMON || exit 0 22 | test -x $DAEMONBOOTSTRAP || exit 0 23 | 24 | set -e 25 | 26 | case "$1" in 27 | start) 28 | echo -n "Starting $DESC: " 29 | if start-stop-daemon --start --quiet --umask 007 --chuid {{ vmagent_system_user }}:{{ vmagent_system_group }} --background --exec $DAEMON -- $DAEMON_ARGS 30 | then 31 | echo "$NAME." 32 | else 33 | echo "failed" 34 | fi 35 | ;; 36 | stop) 37 | echo -n "Stopping $DESC: " 38 | if start-stop-daemon --stop --retry=TERM/30/KILL/5 --quiet --oknodo --exec $DAEMON 39 | then 40 | echo "$NAME." 41 | else 42 | echo "failed" 43 | fi 44 | rm -f $PIDFILE 45 | ;; 46 | restart|force-reload) 47 | ${0} stop 48 | ${0} start 49 | ;; 50 | *) 51 | echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2 52 | exit 1 53 | ;; 54 | esac 55 | 56 | exit 0 -------------------------------------------------------------------------------- /roles/vlsingle/tasks/preinstall.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Assert usage of systemd as an init system 3 | ansible.builtin.assert: 4 | that: ansible_service_mgr == 'systemd' 5 | msg: "This role only works with systemd" 6 | 7 | - name: Get systemd version 8 | ansible.builtin.command: systemctl --version 9 | changed_when: false 10 | check_mode: false 11 | register: __systemd_version 12 | 13 | - name: Set systemd version fact 14 | ansible.builtin.set_fact: 15 | victorialogs_systemd_version: "{{ __systemd_version.stdout_lines[0].split(' ')[-1] }}" 16 | 17 | - name: Check if VictoriaLogs is installed 18 | ansible.builtin.stat: 19 | path: /usr/local/bin/victoria-logs-prod 20 | changed_when: false 21 | check_mode: false 22 | register: victorialogs_is_installed 23 | 24 | - name: Check current VictoriaLogs version 25 | ansible.builtin.command: /usr/local/bin/victoria-logs-prod --version 26 | changed_when: false 27 | failed_when: false 28 | check_mode: false 29 | register: victorialogs_current_version 30 | when: victorialogs_is_installed.stat.exists | bool 31 | 32 | - name: Get latest VictoriaLogs version via GitHub redirect 33 | ansible.builtin.uri: 34 | url: "{{ victorialogs_repo_url }}/releases/latest" 35 | method: HEAD 36 | return_content: false 37 | follow_redirects: false 38 | status_code: 302,200 39 | register: gh_redirect 40 | when: victorialogs_version == "latest" 41 | 42 | - name: Extract version from Location header 43 | ansible.builtin.set_fact: 44 | victorialogs_version: "{{ (gh_redirect.location | regex_search('/releases/tag/(v[0-9].*)', '\\1'))[0] }}" 45 | when: victorialogs_version == "latest" 46 | -------------------------------------------------------------------------------- /roles/vmauth/tasks/preinstall.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Assert usage of systemd or upstart as an init system 3 | ansible.builtin.assert: 4 | that: ansible_service_mgr == 'systemd' 5 | msg: "This role only works with systemd" 6 | 7 | - name: Get systemd version 8 | ansible.builtin.command: systemctl --version 9 | changed_when: false 10 | check_mode: false 11 | register: __systemd_version 12 | when: ansible_service_mgr == 'systemd' 13 | 14 | - name: Set systemd version fact 15 | ansible.builtin.set_fact: 16 | vmauth_systemd_version: "{{ __systemd_version.stdout_lines[0].split(' ')[-1] }}" 17 | when: ansible_service_mgr == 'systemd' 18 | 19 | - name: Check if vmauth is installed 20 | ansible.builtin.stat: 21 | path: /usr/local/bin/vmauth-prod 22 | changed_when: false 23 | check_mode: false 24 | register: vmauth_is_installed 25 | 26 | - name: Check current vmauth version 27 | ansible.builtin.command: /usr/local/bin/vmauth-prod --version 28 | changed_when: false 29 | failed_when: false 30 | check_mode: false 31 | register: vmauth_current_version 32 | when: vmauth_is_installed.stat.exists | bool 33 | 34 | - name: Get latest VMauth version via GitHub redirect 35 | ansible.builtin.uri: 36 | url: "{{ vmauth_repo_url }}/releases/latest" 37 | method: HEAD 38 | return_content: false 39 | follow_redirects: false 40 | status_code: 302,200 41 | register: gh_redirect 42 | when: vmauth_version == "latest" 43 | 44 | - name: Extract version from Location header 45 | ansible.builtin.set_fact: 46 | vmauth_version: "{{ (gh_redirect.location | regex_search('/releases/tag/(v[0-9].*)', '\\1'))[0] }}" 47 | when: vmauth_version == "latest" 48 | -------------------------------------------------------------------------------- /roles/vtsingle/tasks/preinstall.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Assert usage of systemd as an init system 3 | ansible.builtin.assert: 4 | that: ansible_service_mgr == 'systemd' 5 | msg: "This role only works with systemd" 6 | 7 | - name: Get systemd version 8 | ansible.builtin.command: systemctl --version 9 | changed_when: false 10 | check_mode: false 11 | register: __systemd_version 12 | 13 | - name: Set systemd version fact 14 | ansible.builtin.set_fact: 15 | victoriatraces_systemd_version: "{{ __systemd_version.stdout_lines[0].split(' ')[-1] }}" 16 | 17 | - name: Check if VictoriaTraces is installed 18 | ansible.builtin.stat: 19 | path: /usr/local/bin/victoria-traces-prod 20 | changed_when: false 21 | check_mode: false 22 | register: victoriatraces_is_installed 23 | 24 | - name: Check current VictoriaTraces version 25 | ansible.builtin.command: /usr/local/bin/victoria-traces-prod --version 26 | changed_when: false 27 | failed_when: false 28 | check_mode: false 29 | register: victoriatraces_current_version 30 | when: victoriatraces_is_installed.stat.exists | bool 31 | 32 | - name: Get latest VictoriaTraces version via GitHub redirect 33 | ansible.builtin.uri: 34 | url: "{{ victoriatraces_repo_url }}/releases/latest" 35 | method: HEAD 36 | return_content: false 37 | follow_redirects: false 38 | status_code: 302,200 39 | register: gh_redirect 40 | when: victoriatraces_version == "latest" 41 | 42 | - name: Extract version from Location header 43 | ansible.builtin.set_fact: 44 | victoriatraces_version: "{{ (gh_redirect.location | regex_search('/releases/tag/(v[0-9].*)', '\\1'))[0] }}" 45 | when: victoriatraces_version == "latest" 46 | -------------------------------------------------------------------------------- /roles/vminsert/tasks/preinstall.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Assert usage of systemd or upstart as an init system 3 | ansible.builtin.assert: 4 | that: ansible_service_mgr == 'systemd' 5 | msg: "This role only works with systemd" 6 | 7 | - name: Get systemd version 8 | ansible.builtin.command: systemctl --version 9 | changed_when: false 10 | check_mode: false 11 | register: __systemd_version 12 | when: ansible_service_mgr == 'systemd' 13 | 14 | - name: Set systemd version fact 15 | ansible.builtin.set_fact: 16 | vminsert_systemd_version: "{{ __systemd_version.stdout_lines[0].split(' ')[-1] }}" 17 | when: ansible_service_mgr == 'systemd' 18 | 19 | - name: Check if vminsert is installed 20 | ansible.builtin.stat: 21 | path: /usr/local/bin/vminsert-prod 22 | changed_when: false 23 | check_mode: false 24 | register: vminsert_is_installed 25 | 26 | - name: Check current vminsert version 27 | ansible.builtin.command: /usr/local/bin/vminsert-prod --version 28 | changed_when: false 29 | failed_when: false 30 | check_mode: false 31 | register: vminsert_current_version 32 | when: vminsert_is_installed.stat.exists | bool 33 | 34 | - name: Get latest VMinsert version via GitHub redirect 35 | ansible.builtin.uri: 36 | url: "{{ vminsert_repo_url }}/releases/latest" 37 | method: HEAD 38 | return_content: false 39 | follow_redirects: false 40 | status_code: 302,200 41 | register: gh_redirect 42 | when: vminsert_version == "latest" 43 | 44 | - name: Extract version from Location header 45 | ansible.builtin.set_fact: 46 | vminsert_version: "{{ (gh_redirect.location | regex_search('/releases/tag/(v[0-9].*)', '\\1'))[0] }}" 47 | when: vminsert_version == "latest" 48 | -------------------------------------------------------------------------------- /roles/vmselect/tasks/preinstall.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Assert usage of systemd or upstart as an init system 3 | ansible.builtin.assert: 4 | that: ansible_service_mgr == 'systemd' 5 | msg: "This role only works with systemd" 6 | 7 | - name: Get systemd version 8 | ansible.builtin.command: systemctl --version 9 | changed_when: false 10 | check_mode: false 11 | register: __systemd_version 12 | when: ansible_service_mgr == 'systemd' 13 | 14 | - name: Set systemd version fact 15 | ansible.builtin.set_fact: 16 | vmselect_systemd_version: "{{ __systemd_version.stdout_lines[0].split(' ')[-1] }}" 17 | when: ansible_service_mgr == 'systemd' 18 | 19 | - name: Check if vmselect is installed 20 | ansible.builtin.stat: 21 | path: /usr/local/bin/vmselect-prod 22 | changed_when: false 23 | check_mode: false 24 | register: vmselect_is_installed 25 | 26 | - name: Check current vmselect version 27 | ansible.builtin.command: /usr/local/bin/vmselect-prod --version 28 | changed_when: false 29 | failed_when: false 30 | check_mode: false 31 | register: vmselect_current_version 32 | when: vmselect_is_installed.stat.exists | bool 33 | 34 | - name: Get latest VMselect version via GitHub redirect 35 | ansible.builtin.uri: 36 | url: "{{ vmselect_repo_url }}/releases/latest" 37 | method: HEAD 38 | return_content: false 39 | follow_redirects: false 40 | status_code: 302,200 41 | register: gh_redirect 42 | when: vmselect_version == "latest" 43 | 44 | - name: Extract version from Location header 45 | ansible.builtin.set_fact: 46 | vmselect_version: "{{ (gh_redirect.location | regex_search('/releases/tag/(v[0-9].*)', '\\1'))[0] }}" 47 | when: vmselect_version == "latest" 48 | -------------------------------------------------------------------------------- /roles/vmstorage/tasks/preinstall.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Assert usage of systemd or upstart as an init system 3 | ansible.builtin.assert: 4 | that: ansible_service_mgr == 'systemd' 5 | msg: "This role only works with systemd" 6 | 7 | - name: Get systemd version 8 | ansible.builtin.command: systemctl --version 9 | changed_when: false 10 | check_mode: false 11 | register: __systemd_version 12 | when: ansible_service_mgr == 'systemd' 13 | 14 | - name: Set systemd version fact 15 | ansible.builtin.set_fact: 16 | vmstorage_systemd_version: "{{ __systemd_version.stdout_lines[0].split(' ')[-1] }}" 17 | when: ansible_service_mgr == 'systemd' 18 | 19 | - name: Check if vmstorage is installed 20 | ansible.builtin.stat: 21 | path: /usr/local/bin/vmstorage-prod 22 | changed_when: false 23 | check_mode: false 24 | register: vmstorage_is_installed 25 | 26 | - name: Check current vmstorage version 27 | ansible.builtin.command: /usr/local/bin/vmstorage-prod --version 28 | changed_when: false 29 | failed_when: false 30 | check_mode: false 31 | register: vmstorage_current_version 32 | when: vmstorage_is_installed.stat.exists | bool 33 | 34 | - name: Get latest VMstorage version via GitHub redirect 35 | ansible.builtin.uri: 36 | url: "{{ vmstorage_repo_url }}/releases/latest" 37 | method: HEAD 38 | return_content: false 39 | follow_redirects: false 40 | status_code: 302,200 41 | register: gh_redirect 42 | when: vmstorage_version == "latest" 43 | 44 | - name: Extract version from Location header 45 | ansible.builtin.set_fact: 46 | vmstorage_version: "{{ (gh_redirect.location | regex_search('/releases/tag/(v[0-9].*)', '\\1'))[0] }}" 47 | when: vmstorage_version == "latest" 48 | -------------------------------------------------------------------------------- /roles/vmalert/templates/upstart.j2: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | ### BEGIN INIT INFO 3 | # Provides: {{ vic_vm_alert_service_name }} 4 | # Required-Start: $syslog 5 | # Required-Stop: $syslog 6 | # Should-Start: $local_fs 7 | # Should-Stop: $local_fs 8 | # Default-Start: 2 3 4 5 9 | # Default-Stop: 0 1 6 10 | # Short-Description: {{ vic_vm_alert_service_name }} - VictoriaMetrics scrape agent 11 | # Description: {{ vic_vm_alert_service_name }} - VictoriaMetrics scrape agent 12 | ### END INIT INFO 13 | 14 | 15 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 16 | DAEMON=/usr/local/bin/VMalert-prod 17 | DAEMON_ARGS="{% for flag, flag_value in vic_vm_alert_service_args.items() %}--{{ flag }}={{ flag_value }} {% endfor %}" 18 | NAME={{ vic_vm_alert_service_name }} 19 | DESC="VictoriaMetrics scrape agent" 20 | 21 | test -x $DAEMON || exit 0 22 | test -x $DAEMONBOOTSTRAP || exit 0 23 | 24 | set -e 25 | 26 | case "$1" in 27 | start) 28 | echo -n "Starting $DESC: " 29 | if start-stop-daemon --start --quiet --umask 007 --chuid {{ vic_vm_alert_system_user }}:{{ vic_vm_alert_system_group }} --background --exec $DAEMON -- $DAEMON_ARGS 30 | then 31 | echo "$NAME." 32 | else 33 | echo "failed" 34 | fi 35 | ;; 36 | stop) 37 | echo -n "Stopping $DESC: " 38 | if start-stop-daemon --stop --retry=TERM/30/KILL/5 --quiet --oknodo --exec $DAEMON 39 | then 40 | echo "$NAME." 41 | else 42 | echo "failed" 43 | fi 44 | rm -f $PIDFILE 45 | ;; 46 | restart|force-reload) 47 | ${0} stop 48 | ${0} start 49 | ;; 50 | *) 51 | echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2 52 | exit 1 53 | ;; 54 | esac 55 | 56 | exit 0 -------------------------------------------------------------------------------- /roles/vmagent/tasks/preinstall.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Assert usage of systemd or upstart as an init system 3 | ansible.builtin.assert: 4 | that: ansible_service_mgr == 'systemd' or ansible_service_mgr == "upstart" 5 | msg: "This role only works with systemd and upstart" 6 | 7 | 8 | - name: Get systemd version 9 | ansible.builtin.command: systemctl --version 10 | changed_when: false 11 | check_mode: false 12 | register: __systemd_version 13 | when: ansible_service_mgr == 'systemd' 14 | 15 | - name: Set systemd version fact 16 | ansible.builtin.set_fact: 17 | vmagent_systemd_version: "{{ __systemd_version.stdout_lines[0].split(' ')[-1] }}" 18 | when: ansible_service_mgr == 'systemd' 19 | 20 | - name: Check if VMagent is installed 21 | ansible.builtin.stat: 22 | path: /usr/local/bin/vmagent-prod 23 | changed_when: false 24 | check_mode: false 25 | register: vmagent_is_installed 26 | 27 | - name: Check current VMagent version 28 | ansible.builtin.command: /usr/local/bin/vmagent-prod --version 29 | changed_when: false 30 | failed_when: false 31 | check_mode: false 32 | register: vmagent_current_version 33 | when: vmagent_is_installed.stat.exists | bool 34 | 35 | - name: Get latest VMagent version via GitHub redirect 36 | ansible.builtin.uri: 37 | url: "{{ vmagent_repo_url }}/releases/latest" 38 | method: HEAD 39 | return_content: false 40 | follow_redirects: false 41 | status_code: 302,200 42 | register: gh_redirect 43 | when: vmagent_version == "latest" 44 | 45 | - name: Extract version from Location header 46 | ansible.builtin.set_fact: 47 | vmagent_version: "{{ (gh_redirect.location | regex_search('/releases/tag/(v[0-9].*)', '\\1'))[0] }}" 48 | when: vmagent_version == "latest" 49 | -------------------------------------------------------------------------------- /roles/vmagent/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | vmagent_version: "v1.132.0" 3 | vmagent_enterprise: false 4 | vmagent_license_key: "" 5 | vmagent_license_key_file: "" 6 | 7 | vmagent_repo_url: "https://github.com/VictoriaMetrics/VictoriaMetrics" 8 | vmagent_platform: "{% if vmagent_version.replace('v', '') is version('1.79.0', '>=') %}-linux{% endif %}" 9 | vmagent_download_url: "{{ vmagent_repo_url }}/releases/download/{{ vmagent_version }}/vmutils{{ vmagent_platform }}-{{ go_arch }}-{{ vmagent_version }}{%if vmagent_enterprise %}-enterprise{% endif %}.tar.gz" 10 | 11 | vmagent_system_user: "vic_vm_agent" 12 | vmagent_system_group: "{{ vmagent_system_user }}" 13 | 14 | vmagent_config_dir: "/opt/vic-vmagent" 15 | vmagent_sd_config_dir: "{{ vmagent_config_dir }}/file_sd_configs" 16 | vmagent_tmp_data_path: "/tmp/vmagent" 17 | 18 | vmagent_remote_write_host: "http://localhost:8428" 19 | vmagent_service_args: 20 | "remoteWrite.url": "{{ vmagent_remote_write_host }}/api/v1/write" 21 | # "remoteWrite.url": 22 | # - "{{ vmagent_remote_write_host_0 }}/api/v1/write" 23 | # - "{{ vmagent_remote_write_host_1 }}/api/v1/write" 24 | "promscrape.config": "{{ vmagent_config_dir }}/config.yml" 25 | "remoteWrite.tmpDataPath": "{{ vmagent_tmp_data_path }}" 26 | "remoteWrite.streamAggr.config": "{{ vmagent_config_dir }}/aggregation.yml" 27 | 28 | vmagent_scrape_config: 29 | scrape_configs: 30 | - job_name: localhost 31 | static_configs: 32 | - targets: [] 33 | # - "127.0.0.1:9100" 34 | 35 | vmagent_aggregation_config: [] 36 | 37 | vmagent_install_download_to_control: false 38 | 39 | vm_proxy_http: "" 40 | vm_proxy_https: "" 41 | 42 | vmagent_exec_start_post: "" 43 | vmagent_exec_stop: "" 44 | 45 | # See https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome= 46 | # Available options: 'yes', 'read-only', 'tmpfs' 47 | vmagent_systemd_protect_home: "yes" 48 | -------------------------------------------------------------------------------- /roles/vmsingle/tasks/preinstall.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Assert usage of systemd as an init system 3 | ansible.builtin.assert: 4 | that: ansible_service_mgr == 'systemd' 5 | msg: "This role only works with systemd" 6 | 7 | - name: Get systemd version 8 | ansible.builtin.command: systemctl --version 9 | changed_when: false 10 | check_mode: false 11 | register: __systemd_version 12 | 13 | - name: Set systemd version fact 14 | ansible.builtin.set_fact: 15 | victoriametrics_systemd_version: "{{ __systemd_version.stdout_lines[0].split(' ')[-1] }}" 16 | 17 | - name: Check if VictoriaMetrics is installed 18 | ansible.builtin.stat: 19 | path: /usr/local/bin/victoria-metrics-prod 20 | changed_when: false 21 | check_mode: false 22 | register: victoriametrics_is_installed 23 | 24 | - name: Check current VictoriaMetrics version 25 | ansible.builtin.command: /usr/local/bin/victoria-metrics-prod --version 26 | changed_when: false 27 | failed_when: false 28 | check_mode: false 29 | register: victoriametrics_current_version 30 | when: victoriametrics_is_installed.stat.exists | bool 31 | 32 | - name: Check if crontab is present 33 | ansible.builtin.raw: which crontab 34 | check_mode: false 35 | changed_when: false 36 | failed_when: false 37 | register: crontab_which 38 | 39 | - name: Get latest VictoriaMetrics version via GitHub redirect 40 | ansible.builtin.uri: 41 | url: "{{ victoriametrics_repo_url }}/releases/latest" 42 | method: HEAD 43 | return_content: false 44 | follow_redirects: false 45 | status_code: 302,200 46 | register: gh_redirect 47 | when: victoriametrics_version == "latest" 48 | 49 | - name: Extract version from Location header 50 | ansible.builtin.set_fact: 51 | victoriametrics_version: "{{ (gh_redirect.location | regex_search('/releases/tag/(v[0-9].*)', '\\1'))[0] }}" 52 | when: victoriametrics_version == "latest" 53 | -------------------------------------------------------------------------------- /roles/vmalert/tasks/preinstall.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Assert usage of systemd or upstart as an init system 3 | ansible.builtin.assert: 4 | that: ansible_service_mgr == 'systemd' or ansible_service_mgr == "upstart" 5 | msg: "This role only works with systemd and upstart" 6 | 7 | - name: Get systemd version 8 | ansible.builtin.command: systemctl --version 9 | changed_when: false 10 | check_mode: false 11 | register: __systemd_version 12 | when: ansible_service_mgr == 'systemd' 13 | 14 | - name: Set systemd version fact 15 | ansible.builtin.set_fact: 16 | vic_vm_alert_systemd_version: "{{ __systemd_version.stdout_lines[0].split(' ')[-1] }}" 17 | when: ansible_service_mgr == 'systemd' 18 | 19 | - name: Check if VMalert is installed 20 | ansible.builtin.stat: 21 | path: /usr/local/bin/vmalert-prod 22 | changed_when: false 23 | check_mode: false 24 | register: vic_vm_alert_is_installed 25 | 26 | - name: Check current VMalert version 27 | ansible.builtin.command: /usr/local/bin/vmalert-prod --version 28 | changed_when: false 29 | failed_when: false 30 | check_mode: false 31 | register: vic_vm_alert_current_version 32 | when: vic_vm_alert_is_installed.stat.exists | bool 33 | 34 | - name: Add rule parameter to service config for default rules 35 | ansible.builtin.set_fact: 36 | vic_vm_alert_service_args: "{{ vic_vm_alert_service_args | combine({'rule': vic_vm_alert_rules_config_path}) }}" 37 | when: vic_vm_alert_rules_config_path | length > 0 38 | 39 | - name: Get latest VMalert version via GitHub redirect 40 | ansible.builtin.uri: 41 | url: "{{ vic_vm_alert_repo_url }}/releases/latest" 42 | method: HEAD 43 | return_content: false 44 | follow_redirects: false 45 | status_code: 302,200 46 | register: gh_redirect 47 | when: vic_vm_alert_version == "latest" 48 | 49 | - name: Extract version from Location header 50 | ansible.builtin.set_fact: 51 | vic_vm_alert_version: "{{ (gh_redirect.location | regex_search('/releases/tag/(v[0-9].*)', '\\1'))[0] }}" 52 | when: vic_vm_alert_version == "latest" 53 | -------------------------------------------------------------------------------- /roles/vmalert/tasks/configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Configure unit 3 | when: ansible_service_mgr == "systemd" 4 | block: 5 | - name: "Systemd | Copy VMalert systemd unit file" 6 | ansible.builtin.template: 7 | src: systemd-service.j2 8 | dest: "/etc/systemd/system/{{ vic_vm_alert_service_name }}.service" 9 | owner: root 10 | group: root 11 | mode: "0644" 12 | register: config_template 13 | notify: Restart VMalert service 14 | no_log: True 15 | 16 | - name: "Systemd | daemon-reload VMalert service" # noqa: no-handler 17 | become: true 18 | ansible.builtin.systemd: 19 | daemon_reload: true 20 | when: config_template is changed 21 | changed_when: config_template is changed 22 | 23 | - name: Ensure VMalert service is enabled on boot 24 | become: true 25 | ansible.builtin.systemd: 26 | name: "{{ vic_vm_alert_service_name }}" 27 | enabled: true 28 | ignore_errors: '{{ ansible_check_mode }}' 29 | 30 | - name: Configure upstart 31 | when: ansible_service_mgr == "upstart" 32 | block: 33 | - name: "Upstart | Install service file {{ vic_vm_alert_service_name }}" 34 | ansible.builtin.template: 35 | src: "upstart.j2" 36 | dest: "/etc/init.d/{{ vic_vm_alert_service_name }}" 37 | mode: "0755" 38 | owner: root 39 | group: root 40 | notify: Restart VMalert service 41 | register: config_template 42 | 43 | - name: "Upstart | Enable service {{ vic_vm_alert_service_name }}" 44 | ansible.builtin.service: 45 | name: "{{ vic_vm_alert_service_name }}" 46 | enabled: "yes" 47 | 48 | - name: Prepare configuration dir 49 | ansible.builtin.file: 50 | state: directory 51 | path: "{{ vic_vm_alert_config_dir }}" 52 | mode: "0751" 53 | owner: "{{ vic_vm_alert_system_user }}" 54 | group: "{{ vic_vm_alert_system_group }}" 55 | 56 | - name: Configure alerts config 57 | ansible.builtin.template: 58 | src: alerts.yml.j2 59 | dest: "{{ vic_vm_alert_rules_config_path }}" 60 | mode: "0600" 61 | owner: "{{ vic_vm_alert_system_user }}" 62 | group: "{{ vic_vm_alert_system_group }}" 63 | validate: "/usr/local/bin/vmalert-prod {% for k, v in vic_vm_alert_service_args.items() %}{% if k.startswith('license') %} -{{ k }}={{ v }} {%endif %}{% endfor %} -dryRun -rule %s" 64 | backup: yes 65 | notify: Restart VMalert service 66 | when: vic_vm_alert_default_rules_enabled | bool 67 | -------------------------------------------------------------------------------- /roles/vmalert/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | vic_vm_alert_version: "v1.132.0" 3 | vic_vm_alert_enterprise: false 4 | vic_vm_alert_license_key: "" 5 | vic_vm_alert_license_key_file: "" 6 | vic_vm_alert_service_name: vic-vmalert 7 | 8 | vic_vm_alert_repo_url: "https://github.com/VictoriaMetrics/VictoriaMetrics" 9 | vic_vm_alert_platform: "{% if vic_vm_alert_version.replace('v', '') is version('1.79.0', '>=') %}-linux{% endif %}" 10 | vic_vm_alert_download_url: "{{ vic_vm_alert_repo_url }}/releases/download/{{ vic_vm_alert_version }}/vmutils{{ vic_vm_alert_platform }}-{{ go_arch }}-{{ vic_vm_alert_version }}{%if vic_vm_alert_enterprise %}-enterprise{% endif %}.tar.gz" 11 | vic_vm_alert_system_user: "vic_vm_alert" 12 | vic_vm_alert_system_group: "{{ vic_vm_alert_system_user }}" 13 | vic_vm_alert_config_dir: "/opt/vic-vmalert" 14 | vic_vm_alert_default_rules_enabled: true 15 | vic_vm_alert_rules_config_path: "/opt/vic-vmalert/rules.yml" 16 | vic_vm_alert_alertmanager_url: "http://localhost:9093" 17 | vic_vm_alert_datasource_url: "http://localhost:8428" 18 | vic_vm_alert_evaluation_interval: "30s" 19 | vic_vm_alert_service_args: 20 | "httpListenAddr": "127.0.0.1:9431" 21 | "datasource.url": "{{ vic_vm_alert_datasource_url }}" 22 | "notifier.url": "{{ vic_vm_alert_alertmanager_url }}" 23 | # It is possible to use list of values to specify multiple Alertmanager endpoints, for example: 24 | # "notifier.url": 25 | # - "http://host1:9093" 26 | # - "http://host2:9093" 27 | # - "http://host3:9093" 28 | "evaluationInterval": "{{ vic_vm_alert_evaluation_interval }}" 29 | 30 | vic_vm_alert_max_open_files: 2097152 31 | 32 | vic_vm_alert_rules_enabled: true 33 | # Great examples of alerts - https://awesome-prometheus-alerts.grep.to/rules.html 34 | vic_vm_alert_rules: 35 | - name: ansible managed alert rules 36 | rules: 37 | - alert: HostOutOfMemory 38 | expr: node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes * 100 < 10 39 | for: 2m 40 | labels: 41 | severity: warning 42 | annotations: 43 | summary: '{% raw %}Host out of memory (instance {{ $labels.instance }}){% endraw %}' 44 | description: '{% raw %}"Node memory is filling up (< 10% left)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"{% endraw %}' 45 | 46 | # Download behavior 47 | vic_vm_alert_install_download_to_control: false 48 | 49 | # Proxy environment for downloads 50 | vm_proxy_http: "" 51 | vm_proxy_https: "" 52 | -------------------------------------------------------------------------------- /roles/vmsingle/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | victoriametrics_version: "v1.132.0" 3 | victoriametrics_enterprise: false 4 | victoriametrics_license_key: "" 5 | victoriametrics_license_key_file: "" 6 | 7 | victoriametrics_platform: "{% if victoriametrics_version.replace('v', '') is version('1.79.0', '>=') %}-linux{% endif %}" 8 | victoriametrics_repo_url: "https://github.com/VictoriaMetrics/VictoriaMetrics" 9 | victoriametrics_download_url: "{{ victoriametrics_repo_url }}/releases/download/{{ victoriametrics_version }}/victoria-metrics{{ victoriametrics_platform }}-{{ go_arch }}-{{ victoriametrics_version }}{%if victoriametrics_enterprise %}-enterprise{% endif %}.tar.gz" 10 | 11 | victoriametrics_utils_download_url: "{{ victoriametrics_repo_url }}/releases/download/{{ victoriametrics_version }}/vmutils{{ victoriametrics_platform }}-{{ go_arch }}-{{ victoriametrics_version }}.tar.gz" 12 | victoriametrics_system_user: "victoriametrics" 13 | victoriametrics_system_group: "{{ victoriametrics_system_user }}" 14 | victoriametrics_data_dir: "/var/lib/victoria-metrics/" 15 | victoriametrics_self_scrape_interval: "30s" 16 | victoriametrics_retention_period_months: "12" 17 | victoriametrics_search_max_unique_timeseries: "900000" 18 | 19 | # more on envflags usage 20 | # https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#environment-variables 21 | victoriametrics_service_envflag_enabled: "false" 22 | # Array of strings to pass 23 | victoriametrics_service_envflag_data: [] 24 | # - "graphiteListenAddr=127.0.0.1:12345" 25 | victoriametrics_service_envflag_file: "/etc/default/victoriametrics" 26 | 27 | 28 | victoriametrics_service_args: 29 | storageDataPath: "{{ victoriametrics_data_dir }}" 30 | selfScrapeInterval: "{{ victoriametrics_self_scrape_interval }}" 31 | retentionPeriod: "{{ victoriametrics_retention_period_months }}" 32 | maxConcurrentInserts: 32 33 | "search.maxUniqueTimeseries": "{{ victoriametrics_search_max_unique_timeseries }}" 34 | 35 | victoriametrics_max_open_files: 2097152 36 | victoriametrics_backup_proxy_enable: false 37 | 38 | # Download behavior 39 | victoriametrics_install_download_to_control: false 40 | 41 | # Proxy environment for downloads 42 | vm_proxy_http: "" 43 | vm_proxy_https: "" 44 | 45 | victoriametrics_backup_enabled: false 46 | victoriametrics_backup_destination: "s3://" 47 | 48 | victoriametrics_backup_cron_minute: "0" 49 | victoriametrics_backup_cron_hour: "*/2" 50 | victoriametrics_backup_cron_day: "*" 51 | victoriametrics_backup_cron_weekday: "*" 52 | victoriametrics_backup_cron_month: "*" 53 | 54 | victoriametrics_backup_access_key: "" 55 | victoriametrics_backup_secret_key: "" 56 | victoriametrics_backup_custom_s3_endpoint: "" 57 | -------------------------------------------------------------------------------- /roles/vmagent/tasks/configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Configure systemd 3 | when: ansible_service_mgr == "systemd" 4 | block: 5 | - name: "Systemd | Copy VMagent systemd unit file" 6 | ansible.builtin.template: 7 | src: vmagent.service.j2 8 | dest: /etc/systemd/system/vic-vmagent.service 9 | owner: root 10 | group: root 11 | mode: "0644" 12 | register: config_template 13 | no_log: True 14 | notify: Restart VMagent service 15 | 16 | - name: "Systemd | daemon-reload VMagent service" # noqa: no-handler 17 | become: true 18 | ansible.builtin.systemd: 19 | daemon_reload: true 20 | when: config_template is changed 21 | changed_when: config_template is changed 22 | 23 | - name: Ensure VMagent service is enabled on boot 24 | become: true 25 | ansible.builtin.systemd: 26 | name: vic-vmagent 27 | enabled: true 28 | 29 | - name: Configure upstart 30 | when: ansible_service_mgr == "upstart" 31 | block: 32 | - name: "Upstart | Install vic-vmagent service file" 33 | ansible.builtin.template: 34 | src: "upstart.j2" 35 | dest: "/etc/init.d/vic-vmagent" 36 | mode: "0755" 37 | owner: root 38 | group: root 39 | notify: Restart VMagent service 40 | register: config_template 41 | 42 | - name: "Upstart | Enable vic-vmagent service" # noqa: no-handler 43 | ansible.builtin.service: 44 | name: "vic-vmagent" 45 | enabled: "yes" 46 | when: 47 | - config_template is changed 48 | 49 | - name: Prepare configuration dir 50 | ansible.builtin.file: 51 | state: directory 52 | path: "{{ vmagent_config_dir }}" 53 | mode: "0751" 54 | owner: "{{ vmagent_system_user }}" 55 | group: "{{ vmagent_system_group }}" 56 | 57 | - name: Prepare sd configuration dir 58 | ansible.builtin.file: 59 | state: directory 60 | path: "{{ vmagent_sd_config_dir }}" 61 | mode: "0777" 62 | owner: "{{ vmagent_system_user }}" 63 | group: "{{ vmagent_system_group }}" 64 | 65 | - name: Configure promscrape config 66 | ansible.builtin.template: 67 | src: prometheus_scrape.yml.j2 68 | dest: "{{ vmagent_config_dir }}/config.yml" 69 | mode: "0751" 70 | owner: "{{ vmagent_system_user }}" 71 | group: "{{ vmagent_system_group }}" 72 | validate: "/usr/local/bin/vmagent-prod -promscrape.config %s -dryRun" 73 | notify: Restart VMagent service 74 | 75 | - name: Configure stream aggregation config 76 | ansible.builtin.template: 77 | src: stream_aggregation.yml.j2 78 | dest: "{{ vmagent_config_dir }}/aggregation.yml" 79 | mode: "0751" 80 | owner: "{{ vmagent_system_user }}" 81 | group: "{{ vmagent_system_group }}" 82 | validate: "/usr/local/bin/vmagent-prod -streamAggr.config %s -dryRun" 83 | notify: Restart VMagent service 84 | 85 | - name: Prepare tmp data dir 86 | ansible.builtin.file: 87 | state: directory 88 | path: "{{ vmagent_tmp_data_path }}" 89 | mode: "0751" 90 | owner: "{{ vmagent_system_user }}" 91 | group: "{{ vmagent_system_group }}" 92 | -------------------------------------------------------------------------------- /playbooks/testing/goss.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | hosts: all 4 | become: true 5 | vars: 6 | goss_version: v0.4.9 7 | goss_arch: amd64 8 | goss_bin: /usr/local/bin/goss 9 | goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" 10 | goss_test_directory: /tmp/molecule/goss 11 | goss_format: documentation 12 | tasks: 13 | - name: Download and install Goss 14 | ansible.builtin.get_url: 15 | url: "{{ goss_url }}" 16 | dest: "{{ goss_bin }}" 17 | mode: "u=rwx,go=rx" 18 | register: download_goss 19 | until: download_goss is succeeded 20 | retries: 3 21 | 22 | - name: Create Molecule directory for test files 23 | ansible.builtin.file: 24 | path: "{{ goss_test_directory }}" 25 | state: directory 26 | mode: "0755" 27 | 28 | - name: Find Goss tests on localhost 29 | ansible.builtin.find: 30 | paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" 31 | patterns: 32 | - "test[-.\\w]*.yml" 33 | - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" 34 | excludes: 35 | - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" 36 | use_regex: true 37 | delegate_to: localhost 38 | register: test_files 39 | changed_when: false 40 | become: false 41 | 42 | - name: Debug 43 | ansible.builtin.debug: 44 | msg: "{{ test_files.files }}" 45 | verbosity: 3 46 | 47 | - name: Copy Goss tests to remote 48 | ansible.builtin.copy: 49 | src: "{{ item.path }}" 50 | dest: "{{ goss_test_directory }}/{{ item.path | basename }}" 51 | mode: "0644" 52 | with_items: 53 | - "{{ test_files.files }}" 54 | loop_control: 55 | label: "{{ item.path | basename }}" 56 | 57 | - name: Register test files 58 | ansible.builtin.find: 59 | paths: 60 | - "{{ goss_test_directory }}" 61 | patterns: 62 | - "test_*.yml" 63 | register: test_files 64 | 65 | - name: Run verify 66 | when: test_files is succeeded 67 | block: 68 | - name: Execute Goss tests # noqa: no-changed-when 69 | ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" 70 | register: test_results 71 | with_items: "{{ test_files.files | map(attribute='path') | list }}" 72 | loop_control: 73 | label: "{{ item | basename }}" 74 | failed_when: false 75 | 76 | - name: Display details about the Goss results 77 | ansible.builtin.debug: 78 | msg: "{{ item.stdout_lines }}" 79 | with_items: "{{ test_results.results }}" 80 | loop_control: 81 | label: "{{ item[item.ansible_loop_var] | basename }}" 82 | 83 | - name: Fail when tests fail 84 | ansible.builtin.fail: 85 | msg: "Goss failed to validate" 86 | when: item.rc != 0 87 | with_items: "{{ test_results.results }}" 88 | loop_control: 89 | label: "{{ item[item.ansible_loop_var] | basename }}" 90 | -------------------------------------------------------------------------------- /roles/vlsingle/molecule/proxy/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | hosts: vlsingle-proxy-debian13 4 | become: true 5 | vars: 6 | goss_version: v0.4.9 7 | goss_arch: amd64 8 | goss_bin: /usr/local/bin/goss 9 | goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" 10 | goss_test_directory: /tmp/molecule/goss 11 | goss_format: documentation 12 | tasks: 13 | - name: Download and install Goss 14 | ansible.builtin.get_url: 15 | url: "{{ goss_url }}" 16 | dest: "{{ goss_bin }}" 17 | mode: "u=rwx,go=rx" 18 | register: download_goss 19 | until: download_goss is succeeded 20 | retries: 3 21 | 22 | - name: Create Molecule directory for test files 23 | ansible.builtin.file: 24 | path: "{{ goss_test_directory }}" 25 | state: directory 26 | mode: "0755" 27 | 28 | - name: Find Goss tests on localhost 29 | ansible.builtin.find: 30 | paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" 31 | patterns: 32 | - "test[-.\\w]*.yml" 33 | - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" 34 | excludes: 35 | - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" 36 | use_regex: true 37 | delegate_to: localhost 38 | register: test_files 39 | changed_when: false 40 | become: false 41 | 42 | - name: Debug 43 | ansible.builtin.debug: 44 | msg: "{{ test_files.files }}" 45 | verbosity: 3 46 | 47 | - name: Copy Goss tests to remote 48 | ansible.builtin.copy: 49 | src: "{{ item.path }}" 50 | dest: "{{ goss_test_directory }}/{{ item.path | basename }}" 51 | mode: "0644" 52 | with_items: 53 | - "{{ test_files.files }}" 54 | loop_control: 55 | label: "{{ item.path | basename }}" 56 | 57 | - name: Register test files 58 | ansible.builtin.find: 59 | paths: 60 | - "{{ goss_test_directory }}" 61 | patterns: 62 | - "test_*.yml" 63 | register: test_files 64 | 65 | - name: Run verify 66 | when: test_files is succeeded 67 | block: 68 | - name: Execute Goss tests # noqa: no-changed-when 69 | ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" 70 | register: test_results 71 | with_items: "{{ test_files.files | map(attribute='path') | list }}" 72 | loop_control: 73 | label: "{{ item | basename }}" 74 | failed_when: false 75 | 76 | - name: Display details about the Goss results 77 | ansible.builtin.debug: 78 | msg: "{{ item.stdout_lines }}" 79 | with_items: "{{ test_results.results }}" 80 | loop_control: 81 | label: "{{ item[item.ansible_loop_var] | basename }}" 82 | 83 | - name: Fail when tests fail 84 | ansible.builtin.fail: 85 | msg: "Goss failed to validate" 86 | when: item.rc != 0 87 | with_items: "{{ test_results.results }}" 88 | loop_control: 89 | label: "{{ item[item.ansible_loop_var] | basename }}" 90 | -------------------------------------------------------------------------------- /roles/vmagent/molecule/proxy/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | hosts: vmagent-proxy-debian13 4 | become: true 5 | vars: 6 | goss_version: v0.4.9 7 | goss_arch: amd64 8 | goss_bin: /usr/local/bin/goss 9 | goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" 10 | goss_test_directory: /tmp/molecule/goss 11 | goss_format: documentation 12 | tasks: 13 | - name: Download and install Goss 14 | ansible.builtin.get_url: 15 | url: "{{ goss_url }}" 16 | dest: "{{ goss_bin }}" 17 | mode: "u=rwx,go=rx" 18 | register: download_goss 19 | until: download_goss is succeeded 20 | retries: 3 21 | 22 | - name: Create Molecule directory for test files 23 | ansible.builtin.file: 24 | path: "{{ goss_test_directory }}" 25 | state: directory 26 | mode: "0755" 27 | 28 | - name: Find Goss tests on localhost 29 | ansible.builtin.find: 30 | paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" 31 | patterns: 32 | - "test[-.\\w]*.yml" 33 | - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" 34 | excludes: 35 | - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" 36 | use_regex: true 37 | delegate_to: localhost 38 | register: test_files 39 | changed_when: false 40 | become: false 41 | 42 | - name: Debug 43 | ansible.builtin.debug: 44 | msg: "{{ test_files.files }}" 45 | verbosity: 3 46 | 47 | - name: Copy Goss tests to remote 48 | ansible.builtin.copy: 49 | src: "{{ item.path }}" 50 | dest: "{{ goss_test_directory }}/{{ item.path | basename }}" 51 | mode: "0644" 52 | with_items: 53 | - "{{ test_files.files }}" 54 | loop_control: 55 | label: "{{ item.path | basename }}" 56 | 57 | - name: Register test files 58 | ansible.builtin.find: 59 | paths: 60 | - "{{ goss_test_directory }}" 61 | patterns: 62 | - "test_*.yml" 63 | register: test_files 64 | 65 | - name: Run verify 66 | when: test_files is succeeded 67 | block: 68 | - name: Execute Goss tests # noqa: no-changed-when 69 | ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" 70 | register: test_results 71 | with_items: "{{ test_files.files | map(attribute='path') | list }}" 72 | loop_control: 73 | label: "{{ item | basename }}" 74 | failed_when: false 75 | 76 | - name: Display details about the Goss results 77 | ansible.builtin.debug: 78 | msg: "{{ item.stdout_lines }}" 79 | with_items: "{{ test_results.results }}" 80 | loop_control: 81 | label: "{{ item[item.ansible_loop_var] | basename }}" 82 | 83 | - name: Fail when tests fail 84 | ansible.builtin.fail: 85 | msg: "Goss failed to validate" 86 | when: item.rc != 0 87 | with_items: "{{ test_results.results }}" 88 | loop_control: 89 | label: "{{ item[item.ansible_loop_var] | basename }}" 90 | -------------------------------------------------------------------------------- /roles/vmalert/molecule/proxy/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | hosts: vmalert-proxy-debian13 4 | become: true 5 | vars: 6 | goss_version: v0.4.9 7 | goss_arch: amd64 8 | goss_bin: /usr/local/bin/goss 9 | goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" 10 | goss_test_directory: /tmp/molecule/goss 11 | goss_format: documentation 12 | tasks: 13 | - name: Download and install Goss 14 | ansible.builtin.get_url: 15 | url: "{{ goss_url }}" 16 | dest: "{{ goss_bin }}" 17 | mode: "u=rwx,go=rx" 18 | register: download_goss 19 | until: download_goss is succeeded 20 | retries: 3 21 | 22 | - name: Create Molecule directory for test files 23 | ansible.builtin.file: 24 | path: "{{ goss_test_directory }}" 25 | state: directory 26 | mode: "0755" 27 | 28 | - name: Find Goss tests on localhost 29 | ansible.builtin.find: 30 | paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" 31 | patterns: 32 | - "test[-.\\w]*.yml" 33 | - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" 34 | excludes: 35 | - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" 36 | use_regex: true 37 | delegate_to: localhost 38 | register: test_files 39 | changed_when: false 40 | become: false 41 | 42 | - name: Debug 43 | ansible.builtin.debug: 44 | msg: "{{ test_files.files }}" 45 | verbosity: 3 46 | 47 | - name: Copy Goss tests to remote 48 | ansible.builtin.copy: 49 | src: "{{ item.path }}" 50 | dest: "{{ goss_test_directory }}/{{ item.path | basename }}" 51 | mode: "0644" 52 | with_items: 53 | - "{{ test_files.files }}" 54 | loop_control: 55 | label: "{{ item.path | basename }}" 56 | 57 | - name: Register test files 58 | ansible.builtin.find: 59 | paths: 60 | - "{{ goss_test_directory }}" 61 | patterns: 62 | - "test_*.yml" 63 | register: test_files 64 | 65 | - name: Run verify 66 | when: test_files is succeeded 67 | block: 68 | - name: Execute Goss tests # noqa: no-changed-when 69 | ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" 70 | register: test_results 71 | with_items: "{{ test_files.files | map(attribute='path') | list }}" 72 | loop_control: 73 | label: "{{ item | basename }}" 74 | failed_when: false 75 | 76 | - name: Display details about the Goss results 77 | ansible.builtin.debug: 78 | msg: "{{ item.stdout_lines }}" 79 | with_items: "{{ test_results.results }}" 80 | loop_control: 81 | label: "{{ item[item.ansible_loop_var] | basename }}" 82 | 83 | - name: Fail when tests fail 84 | ansible.builtin.fail: 85 | msg: "Goss failed to validate" 86 | when: item.rc != 0 87 | with_items: "{{ test_results.results }}" 88 | loop_control: 89 | label: "{{ item[item.ansible_loop_var] | basename }}" 90 | -------------------------------------------------------------------------------- /roles/vmauth/molecule/proxy/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | hosts: vmauth-proxy-debian13 4 | become: true 5 | vars: 6 | goss_version: v0.4.9 7 | goss_arch: amd64 8 | goss_bin: /usr/local/bin/goss 9 | goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" 10 | goss_test_directory: /tmp/molecule/goss 11 | goss_format: documentation 12 | tasks: 13 | - name: Download and install Goss 14 | ansible.builtin.get_url: 15 | url: "{{ goss_url }}" 16 | dest: "{{ goss_bin }}" 17 | mode: "u=rwx,go=rx" 18 | register: download_goss 19 | until: download_goss is succeeded 20 | retries: 3 21 | 22 | - name: Create Molecule directory for test files 23 | ansible.builtin.file: 24 | path: "{{ goss_test_directory }}" 25 | state: directory 26 | mode: "0755" 27 | 28 | - name: Find Goss tests on localhost 29 | ansible.builtin.find: 30 | paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" 31 | patterns: 32 | - "test[-.\\w]*.yml" 33 | - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" 34 | excludes: 35 | - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" 36 | use_regex: true 37 | delegate_to: localhost 38 | register: test_files 39 | changed_when: false 40 | become: false 41 | 42 | - name: Debug 43 | ansible.builtin.debug: 44 | msg: "{{ test_files.files }}" 45 | verbosity: 3 46 | 47 | - name: Copy Goss tests to remote 48 | ansible.builtin.copy: 49 | src: "{{ item.path }}" 50 | dest: "{{ goss_test_directory }}/{{ item.path | basename }}" 51 | mode: "0644" 52 | with_items: 53 | - "{{ test_files.files }}" 54 | loop_control: 55 | label: "{{ item.path | basename }}" 56 | 57 | - name: Register test files 58 | ansible.builtin.find: 59 | paths: 60 | - "{{ goss_test_directory }}" 61 | patterns: 62 | - "test_*.yml" 63 | register: test_files 64 | 65 | - name: Run verify 66 | when: test_files is succeeded 67 | block: 68 | - name: Execute Goss tests # noqa: no-changed-when 69 | ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" 70 | register: test_results 71 | with_items: "{{ test_files.files | map(attribute='path') | list }}" 72 | loop_control: 73 | label: "{{ item | basename }}" 74 | failed_when: false 75 | 76 | - name: Display details about the Goss results 77 | ansible.builtin.debug: 78 | msg: "{{ item.stdout_lines }}" 79 | with_items: "{{ test_results.results }}" 80 | loop_control: 81 | label: "{{ item[item.ansible_loop_var] | basename }}" 82 | 83 | - name: Fail when tests fail 84 | ansible.builtin.fail: 85 | msg: "Goss failed to validate" 86 | when: item.rc != 0 87 | with_items: "{{ test_results.results }}" 88 | loop_control: 89 | label: "{{ item[item.ansible_loop_var] | basename }}" 90 | -------------------------------------------------------------------------------- /roles/vminsert/molecule/proxy/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | hosts: vminsert-proxy-debian13 4 | become: true 5 | vars: 6 | goss_version: v0.4.9 7 | goss_arch: amd64 8 | goss_bin: /usr/local/bin/goss 9 | goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" 10 | goss_test_directory: /tmp/molecule/goss 11 | goss_format: documentation 12 | tasks: 13 | - name: Download and install Goss 14 | ansible.builtin.get_url: 15 | url: "{{ goss_url }}" 16 | dest: "{{ goss_bin }}" 17 | mode: "u=rwx,go=rx" 18 | register: download_goss 19 | until: download_goss is succeeded 20 | retries: 3 21 | 22 | - name: Create Molecule directory for test files 23 | ansible.builtin.file: 24 | path: "{{ goss_test_directory }}" 25 | state: directory 26 | mode: "0755" 27 | 28 | - name: Find Goss tests on localhost 29 | ansible.builtin.find: 30 | paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" 31 | patterns: 32 | - "test[-.\\w]*.yml" 33 | - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" 34 | excludes: 35 | - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" 36 | use_regex: true 37 | delegate_to: localhost 38 | register: test_files 39 | changed_when: false 40 | become: false 41 | 42 | - name: Debug 43 | ansible.builtin.debug: 44 | msg: "{{ test_files.files }}" 45 | verbosity: 3 46 | 47 | - name: Copy Goss tests to remote 48 | ansible.builtin.copy: 49 | src: "{{ item.path }}" 50 | dest: "{{ goss_test_directory }}/{{ item.path | basename }}" 51 | mode: "0644" 52 | with_items: 53 | - "{{ test_files.files }}" 54 | loop_control: 55 | label: "{{ item.path | basename }}" 56 | 57 | - name: Register test files 58 | ansible.builtin.find: 59 | paths: 60 | - "{{ goss_test_directory }}" 61 | patterns: 62 | - "test_*.yml" 63 | register: test_files 64 | 65 | - name: Run verify 66 | when: test_files is succeeded 67 | block: 68 | - name: Execute Goss tests # noqa: no-changed-when 69 | ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" 70 | register: test_results 71 | with_items: "{{ test_files.files | map(attribute='path') | list }}" 72 | loop_control: 73 | label: "{{ item | basename }}" 74 | failed_when: false 75 | 76 | - name: Display details about the Goss results 77 | ansible.builtin.debug: 78 | msg: "{{ item.stdout_lines }}" 79 | with_items: "{{ test_results.results }}" 80 | loop_control: 81 | label: "{{ item[item.ansible_loop_var] | basename }}" 82 | 83 | - name: Fail when tests fail 84 | ansible.builtin.fail: 85 | msg: "Goss failed to validate" 86 | when: item.rc != 0 87 | with_items: "{{ test_results.results }}" 88 | loop_control: 89 | label: "{{ item[item.ansible_loop_var] | basename }}" 90 | -------------------------------------------------------------------------------- /roles/vmselect/molecule/proxy/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | hosts: vmselect-proxy-debian13 4 | become: true 5 | vars: 6 | goss_version: v0.4.9 7 | goss_arch: amd64 8 | goss_bin: /usr/local/bin/goss 9 | goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" 10 | goss_test_directory: /tmp/molecule/goss 11 | goss_format: documentation 12 | tasks: 13 | - name: Download and install Goss 14 | ansible.builtin.get_url: 15 | url: "{{ goss_url }}" 16 | dest: "{{ goss_bin }}" 17 | mode: "u=rwx,go=rx" 18 | register: download_goss 19 | until: download_goss is succeeded 20 | retries: 3 21 | 22 | - name: Create Molecule directory for test files 23 | ansible.builtin.file: 24 | path: "{{ goss_test_directory }}" 25 | state: directory 26 | mode: "0755" 27 | 28 | - name: Find Goss tests on localhost 29 | ansible.builtin.find: 30 | paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" 31 | patterns: 32 | - "test[-.\\w]*.yml" 33 | - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" 34 | excludes: 35 | - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" 36 | use_regex: true 37 | delegate_to: localhost 38 | register: test_files 39 | changed_when: false 40 | become: false 41 | 42 | - name: Debug 43 | ansible.builtin.debug: 44 | msg: "{{ test_files.files }}" 45 | verbosity: 3 46 | 47 | - name: Copy Goss tests to remote 48 | ansible.builtin.copy: 49 | src: "{{ item.path }}" 50 | dest: "{{ goss_test_directory }}/{{ item.path | basename }}" 51 | mode: "0644" 52 | with_items: 53 | - "{{ test_files.files }}" 54 | loop_control: 55 | label: "{{ item.path | basename }}" 56 | 57 | - name: Register test files 58 | ansible.builtin.find: 59 | paths: 60 | - "{{ goss_test_directory }}" 61 | patterns: 62 | - "test_*.yml" 63 | register: test_files 64 | 65 | - name: Run verify 66 | when: test_files is succeeded 67 | block: 68 | - name: Execute Goss tests # noqa: no-changed-when 69 | ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" 70 | register: test_results 71 | with_items: "{{ test_files.files | map(attribute='path') | list }}" 72 | loop_control: 73 | label: "{{ item | basename }}" 74 | failed_when: false 75 | 76 | - name: Display details about the Goss results 77 | ansible.builtin.debug: 78 | msg: "{{ item.stdout_lines }}" 79 | with_items: "{{ test_results.results }}" 80 | loop_control: 81 | label: "{{ item[item.ansible_loop_var] | basename }}" 82 | 83 | - name: Fail when tests fail 84 | ansible.builtin.fail: 85 | msg: "Goss failed to validate" 86 | when: item.rc != 0 87 | with_items: "{{ test_results.results }}" 88 | loop_control: 89 | label: "{{ item[item.ansible_loop_var] | basename }}" 90 | -------------------------------------------------------------------------------- /roles/vmsingle/molecule/proxy/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | hosts: vmsingle-proxy-debian13 4 | become: true 5 | vars: 6 | goss_version: v0.4.9 7 | goss_arch: amd64 8 | goss_bin: /usr/local/bin/goss 9 | goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" 10 | goss_test_directory: /tmp/molecule/goss 11 | goss_format: documentation 12 | tasks: 13 | - name: Download and install Goss 14 | ansible.builtin.get_url: 15 | url: "{{ goss_url }}" 16 | dest: "{{ goss_bin }}" 17 | mode: "u=rwx,go=rx" 18 | register: download_goss 19 | until: download_goss is succeeded 20 | retries: 3 21 | 22 | - name: Create Molecule directory for test files 23 | ansible.builtin.file: 24 | path: "{{ goss_test_directory }}" 25 | state: directory 26 | mode: "0755" 27 | 28 | - name: Find Goss tests on localhost 29 | ansible.builtin.find: 30 | paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" 31 | patterns: 32 | - "test[-.\\w]*.yml" 33 | - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" 34 | excludes: 35 | - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" 36 | use_regex: true 37 | delegate_to: localhost 38 | register: test_files 39 | changed_when: false 40 | become: false 41 | 42 | - name: Debug 43 | ansible.builtin.debug: 44 | msg: "{{ test_files.files }}" 45 | verbosity: 3 46 | 47 | - name: Copy Goss tests to remote 48 | ansible.builtin.copy: 49 | src: "{{ item.path }}" 50 | dest: "{{ goss_test_directory }}/{{ item.path | basename }}" 51 | mode: "0644" 52 | with_items: 53 | - "{{ test_files.files }}" 54 | loop_control: 55 | label: "{{ item.path | basename }}" 56 | 57 | - name: Register test files 58 | ansible.builtin.find: 59 | paths: 60 | - "{{ goss_test_directory }}" 61 | patterns: 62 | - "test_*.yml" 63 | register: test_files 64 | 65 | - name: Run verify 66 | when: test_files is succeeded 67 | block: 68 | - name: Execute Goss tests # noqa: no-changed-when 69 | ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" 70 | register: test_results 71 | with_items: "{{ test_files.files | map(attribute='path') | list }}" 72 | loop_control: 73 | label: "{{ item | basename }}" 74 | failed_when: false 75 | 76 | - name: Display details about the Goss results 77 | ansible.builtin.debug: 78 | msg: "{{ item.stdout_lines }}" 79 | with_items: "{{ test_results.results }}" 80 | loop_control: 81 | label: "{{ item[item.ansible_loop_var] | basename }}" 82 | 83 | - name: Fail when tests fail 84 | ansible.builtin.fail: 85 | msg: "Goss failed to validate" 86 | when: item.rc != 0 87 | with_items: "{{ test_results.results }}" 88 | loop_control: 89 | label: "{{ item[item.ansible_loop_var] | basename }}" 90 | -------------------------------------------------------------------------------- /roles/vtsingle/molecule/proxy/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | hosts: vtsingle-proxy-debian13 4 | become: true 5 | vars: 6 | goss_version: v0.4.9 7 | goss_arch: amd64 8 | goss_bin: /usr/local/bin/goss 9 | goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" 10 | goss_test_directory: /tmp/molecule/goss 11 | goss_format: documentation 12 | tasks: 13 | - name: Download and install Goss 14 | ansible.builtin.get_url: 15 | url: "{{ goss_url }}" 16 | dest: "{{ goss_bin }}" 17 | mode: "u=rwx,go=rx" 18 | register: download_goss 19 | until: download_goss is succeeded 20 | retries: 3 21 | 22 | - name: Create Molecule directory for test files 23 | ansible.builtin.file: 24 | path: "{{ goss_test_directory }}" 25 | state: directory 26 | mode: "0755" 27 | 28 | - name: Find Goss tests on localhost 29 | ansible.builtin.find: 30 | paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" 31 | patterns: 32 | - "test[-.\\w]*.yml" 33 | - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" 34 | excludes: 35 | - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" 36 | use_regex: true 37 | delegate_to: localhost 38 | register: test_files 39 | changed_when: false 40 | become: false 41 | 42 | - name: Debug 43 | ansible.builtin.debug: 44 | msg: "{{ test_files.files }}" 45 | verbosity: 3 46 | 47 | - name: Copy Goss tests to remote 48 | ansible.builtin.copy: 49 | src: "{{ item.path }}" 50 | dest: "{{ goss_test_directory }}/{{ item.path | basename }}" 51 | mode: "0644" 52 | with_items: 53 | - "{{ test_files.files }}" 54 | loop_control: 55 | label: "{{ item.path | basename }}" 56 | 57 | - name: Register test files 58 | ansible.builtin.find: 59 | paths: 60 | - "{{ goss_test_directory }}" 61 | patterns: 62 | - "test_*.yml" 63 | register: test_files 64 | 65 | - name: Run verify 66 | when: test_files is succeeded 67 | block: 68 | - name: Execute Goss tests # noqa: no-changed-when 69 | ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" 70 | register: test_results 71 | with_items: "{{ test_files.files | map(attribute='path') | list }}" 72 | loop_control: 73 | label: "{{ item | basename }}" 74 | failed_when: false 75 | 76 | - name: Display details about the Goss results 77 | ansible.builtin.debug: 78 | msg: "{{ item.stdout_lines }}" 79 | with_items: "{{ test_results.results }}" 80 | loop_control: 81 | label: "{{ item[item.ansible_loop_var] | basename }}" 82 | 83 | - name: Fail when tests fail 84 | ansible.builtin.fail: 85 | msg: "Goss failed to validate" 86 | when: item.rc != 0 87 | with_items: "{{ test_results.results }}" 88 | loop_control: 89 | label: "{{ item[item.ansible_loop_var] | basename }}" 90 | -------------------------------------------------------------------------------- /roles/vmstorage/molecule/proxy/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | hosts: vmstorage-proxy-debian13 4 | become: true 5 | vars: 6 | goss_version: v0.4.9 7 | goss_arch: amd64 8 | goss_bin: /usr/local/bin/goss 9 | goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" 10 | goss_test_directory: /tmp/molecule/goss 11 | goss_format: documentation 12 | tasks: 13 | - name: Download and install Goss 14 | ansible.builtin.get_url: 15 | url: "{{ goss_url }}" 16 | dest: "{{ goss_bin }}" 17 | mode: "u=rwx,go=rx" 18 | register: download_goss 19 | until: download_goss is succeeded 20 | retries: 3 21 | 22 | - name: Create Molecule directory for test files 23 | ansible.builtin.file: 24 | path: "{{ goss_test_directory }}" 25 | state: directory 26 | mode: "0755" 27 | 28 | - name: Find Goss tests on localhost 29 | ansible.builtin.find: 30 | paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" 31 | patterns: 32 | - "test[-.\\w]*.yml" 33 | - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" 34 | excludes: 35 | - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" 36 | use_regex: true 37 | delegate_to: localhost 38 | register: test_files 39 | changed_when: false 40 | become: false 41 | 42 | - name: Debug 43 | ansible.builtin.debug: 44 | msg: "{{ test_files.files }}" 45 | verbosity: 3 46 | 47 | - name: Copy Goss tests to remote 48 | ansible.builtin.copy: 49 | src: "{{ item.path }}" 50 | dest: "{{ goss_test_directory }}/{{ item.path | basename }}" 51 | mode: "0644" 52 | with_items: 53 | - "{{ test_files.files }}" 54 | loop_control: 55 | label: "{{ item.path | basename }}" 56 | 57 | - name: Register test files 58 | ansible.builtin.find: 59 | paths: 60 | - "{{ goss_test_directory }}" 61 | patterns: 62 | - "test_*.yml" 63 | register: test_files 64 | 65 | - name: Run verify 66 | when: test_files is succeeded 67 | block: 68 | - name: Execute Goss tests # noqa: no-changed-when 69 | ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" 70 | register: test_results 71 | with_items: "{{ test_files.files | map(attribute='path') | list }}" 72 | loop_control: 73 | label: "{{ item | basename }}" 74 | failed_when: false 75 | 76 | - name: Display details about the Goss results 77 | ansible.builtin.debug: 78 | msg: "{{ item.stdout_lines }}" 79 | with_items: "{{ test_results.results }}" 80 | loop_control: 81 | label: "{{ item[item.ansible_loop_var] | basename }}" 82 | 83 | - name: Fail when tests fail 84 | ansible.builtin.fail: 85 | msg: "Goss failed to validate" 86 | when: item.rc != 0 87 | with_items: "{{ test_results.results }}" 88 | loop_control: 89 | label: "{{ item[item.ansible_loop_var] | basename }}" 90 | -------------------------------------------------------------------------------- /playbooks/molecule/cluster/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Molecule Goss Tests 3 | 4 | - name: Verify 5 | hosts: all 6 | become: true 7 | vars: 8 | goss_version: v0.3.10 9 | goss_arch: amd64 10 | goss_bin: /usr/local/bin/goss 11 | goss_sha256sum: 150f25495ca0d1d4fd2ef8d0e750dbd767a15e9a522505f99b61dd1dd40a76d4 12 | goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" 13 | goss_test_directory: /tmp/molecule/goss 14 | goss_format: documentation 15 | tasks: 16 | - name: Download and install Goss 17 | ansible.builtin.get_url: 18 | url: "{{ goss_url }}" 19 | dest: "{{ goss_bin }}" 20 | sha256sum: "{{ goss_sha256sum }}" # noqa: args[module] 21 | mode: "u=rwx,go=rx" 22 | register: download_goss 23 | until: download_goss is succeeded 24 | retries: 3 25 | 26 | - name: Create Molecule directory for test files 27 | ansible.builtin.file: 28 | path: "{{ goss_test_directory }}" 29 | state: directory 30 | mode: "0755" 31 | 32 | - name: Find Goss tests on localhost 33 | ansible.builtin.find: 34 | paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" 35 | patterns: 36 | - "test[-.\\w]*.yml" 37 | - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" 38 | excludes: 39 | - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" 40 | use_regex: true 41 | delegate_to: localhost 42 | register: test_files 43 | changed_when: false 44 | become: false 45 | 46 | - name: Debug 47 | ansible.builtin.debug: 48 | msg: "{{ test_files.files }}" 49 | verbosity: 3 50 | 51 | - name: Copy Goss tests to remote 52 | ansible.builtin.copy: 53 | src: "{{ item.path }}" 54 | dest: "{{ goss_test_directory }}/{{ item.path | basename }}" 55 | mode: "0644" 56 | with_items: 57 | - "{{ test_files.files }}" 58 | loop_control: 59 | label: "{{ item.path | basename }}" 60 | 61 | - name: Register test files 62 | ansible.builtin.find: 63 | paths: 64 | - "{{ goss_test_directory }}" 65 | patterns: 66 | - "test_*.yml" 67 | register: test_files 68 | 69 | - name: Run verify 70 | when: test_files is succeeded 71 | block: 72 | - name: Execute Goss tests # noqa: no-changed-when 73 | ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" 74 | register: test_results 75 | with_items: "{{ test_files.files | map(attribute='path') | list }}" 76 | loop_control: 77 | label: "{{ item | basename }}" 78 | failed_when: false 79 | 80 | - name: Display details about the Goss results 81 | ansible.builtin.debug: 82 | msg: "{{ item.stdout_lines }}" 83 | with_items: "{{ test_results.results }}" 84 | loop_control: 85 | label: "{{ item[item.ansible_loop_var] | basename }}" 86 | 87 | - name: Fail when tests fail 88 | ansible.builtin.fail: 89 | msg: "Goss failed to validate" 90 | when: item.rc != 0 91 | with_items: "{{ test_results.results }}" 92 | loop_control: 93 | label: "{{ item[item.ansible_loop_var] | basename }}" 94 | -------------------------------------------------------------------------------- /playbooks/molecule/cluster-enterprise/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Molecule Goss Tests 3 | 4 | - name: Verify 5 | hosts: all 6 | become: true 7 | vars: 8 | goss_version: v0.3.10 9 | goss_arch: amd64 10 | goss_bin: /usr/local/bin/goss 11 | goss_sha256sum: 150f25495ca0d1d4fd2ef8d0e750dbd767a15e9a522505f99b61dd1dd40a76d4 12 | goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" 13 | goss_test_directory: /tmp/molecule/goss 14 | goss_format: documentation 15 | tasks: 16 | - name: Download and install Goss 17 | ansible.builtin.get_url: 18 | url: "{{ goss_url }}" 19 | dest: "{{ goss_bin }}" 20 | sha256sum: "{{ goss_sha256sum }}" # noqa: args[module] 21 | mode: "u=rwx,go=rx" 22 | register: download_goss 23 | until: download_goss is succeeded 24 | retries: 3 25 | 26 | - name: Create Molecule directory for test files 27 | ansible.builtin.file: 28 | path: "{{ goss_test_directory }}" 29 | state: directory 30 | mode: "0755" 31 | 32 | - name: Find Goss tests on localhost 33 | ansible.builtin.find: 34 | paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" 35 | patterns: 36 | - "test[-.\\w]*.yml" 37 | - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" 38 | excludes: 39 | - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" 40 | use_regex: true 41 | delegate_to: localhost 42 | register: test_files 43 | changed_when: false 44 | become: false 45 | 46 | - name: Debug 47 | ansible.builtin.debug: 48 | msg: "{{ test_files.files }}" 49 | verbosity: 3 50 | 51 | - name: Copy Goss tests to remote 52 | ansible.builtin.copy: 53 | src: "{{ item.path }}" 54 | dest: "{{ goss_test_directory }}/{{ item.path | basename }}" 55 | mode: "0644" 56 | with_items: 57 | - "{{ test_files.files }}" 58 | loop_control: 59 | label: "{{ item.path | basename }}" 60 | 61 | - name: Register test files 62 | ansible.builtin.find: 63 | paths: 64 | - "{{ goss_test_directory }}" 65 | patterns: 66 | - "test_*.yml" 67 | register: test_files 68 | 69 | - name: Run verify 70 | when: test_files is succeeded 71 | block: 72 | - name: Execute Goss tests # noqa: no-changed-when 73 | ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" 74 | register: test_results 75 | with_items: "{{ test_files.files | map(attribute='path') | list }}" 76 | loop_control: 77 | label: "{{ item | basename }}" 78 | failed_when: false 79 | 80 | - name: Display details about the Goss results 81 | ansible.builtin.debug: 82 | msg: "{{ item.stdout_lines }}" 83 | with_items: "{{ test_results.results }}" 84 | loop_control: 85 | label: "{{ item[item.ansible_loop_var] | basename }}" 86 | 87 | - name: Fail when tests fail 88 | ansible.builtin.fail: 89 | msg: "Goss failed to validate" 90 | when: item.rc != 0 91 | with_items: "{{ test_results.results }}" 92 | loop_control: 93 | label: "{{ item[item.ansible_loop_var] | basename }}" 94 | -------------------------------------------------------------------------------- /playbooks/molecule/cluster/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Setup storage 3 | become: true 4 | hosts: vmstorage 5 | roles: 6 | - vmstorage 7 | 8 | - name: Setup vmselect 9 | become: true 10 | hosts: vmselect 11 | vars: 12 | vmselect_cache_dir: "/var/lib/vmselect" 13 | vmselect_config: 14 | cacheDataPath: "/var/lib/vmselect" 15 | storageNode: "{{ groups['vmstorage'] | join(',') }}" 16 | roles: 17 | - vmselect 18 | 19 | - name: Setup vminsert 20 | become: true 21 | hosts: vminsert 22 | vars: 23 | vminsert_config: 24 | storageNode: "{{ groups['vmstorage'] | join(',') }}" 25 | roles: 26 | - vminsert 27 | # 28 | - name: Setup vmauth 29 | become: true 30 | hosts: vmauth 31 | vars: 32 | # See: https://docs.victoriametrics.com/vmauth/#load-balancer-for-victoriametrics-cluster 33 | vmauth_auth_config: |- 34 | unauthorized_user: 35 | url_map: 36 | - src_paths: 37 | - "/insert/.+" 38 | url_prefix: 39 | {% for insert in groups['vminsert'] %} 40 | - "http://{{ insert }}:8480/" 41 | {% endfor %} 42 | - src_paths: 43 | - "/select/.+" 44 | url_prefix: 45 | {% for select in groups['vmselect'] %} 46 | - "http://{{ select }}:8481/" 47 | {% endfor %} 48 | 49 | roles: 50 | - vmauth 51 | 52 | - name: Setup vmagent MoM 53 | become: true 54 | hosts: vmagent-mom 55 | vars: 56 | vmstorage_targets: [ ] 57 | vminsert_targets: [ ] 58 | vmselect_targets: [ ] 59 | 60 | vmagent_mom_targets: [ ] 61 | vmagent_enterprise: true 62 | vmagent_license_key: "fake" 63 | vmagent_service_args: 64 | "remoteWrite.url": "http://{{ groups['vmauth'] | first }}:8427/insert/10/prometheus/api/v1/write" 65 | "promscrape.config": "{{ vmagent_config_dir }}/config.yml" 66 | "remoteWrite.tmpDataPath": "{{ vmagent_tmp_data_path }}" 67 | vmagent_scrape_config: 68 | scrape_configs: 69 | - job_name: vmagent 70 | static_configs: 71 | - targets: "{{ vmagent_mom_targets }}" 72 | - job_name: vmstorage 73 | static_configs: 74 | - targets: "{{ vmstorage_targets }}" 75 | 76 | - job_name: vmselect 77 | static_configs: 78 | - targets: "{{ vmselect_targets }}" 79 | 80 | - job_name: vminsert 81 | static_configs: 82 | - targets: "{{ vminsert_targets }}" 83 | pre_tasks: 84 | - name: Prepare vmstorage list 85 | ansible.builtin.set_fact: 86 | vmstorage_targets: "{{ vmstorage_targets + [item + ':8482'] }}" 87 | loop: "{{ groups['vmstorage'] }}" 88 | 89 | - name: Prepare vminsert list 90 | ansible.builtin.set_fact: 91 | vminsert_targets: "{{ vminsert_targets + [item + ':8480'] }}" 92 | loop: "{{ groups['vminsert'] }}" 93 | 94 | - name: Prepare vmselect list 95 | ansible.builtin.set_fact: 96 | vmselect_targets: "{{ vmselect_targets + [item + ':8481'] }}" 97 | loop: "{{ groups['vmselect'] }}" 98 | 99 | - name: Prepare vmagent-mom list 100 | ansible.builtin.set_fact: 101 | vmagent_mom_targets: "{{ vmagent_mom_targets + [item + ':8429'] }}" 102 | loop: "{{ groups['vmagent-mom'] }}" 103 | roles: 104 | - vmagent 105 | -------------------------------------------------------------------------------- /roles/vmauth/tasks/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create vmauth system group 3 | ansible.builtin.group: 4 | name: "{{ vmauth_system_group }}" 5 | state: present 6 | system: true 7 | when: vmauth_system_group != "root" 8 | 9 | - name: Create vmauth system user 10 | ansible.builtin.user: 11 | name: "{{ vmauth_system_user }}" 12 | groups: "{{ vmauth_system_group }}" 13 | append: true 14 | shell: /usr/sbin/nologin 15 | system: true 16 | createhome: false 17 | when: vmauth_system_user != "root" 18 | 19 | - name: Ensure existence of /usr/local/bin 20 | ansible.builtin.file: 21 | path: /usr/local/bin 22 | state: directory 23 | mode: "0755" 24 | 25 | - name: Delete existing vmauth version if it's different. 26 | ansible.builtin.file: 27 | path: /usr/local/bin/vmauth-prod 28 | state: absent 29 | when: 30 | - vmauth_is_installed.stat.exists | bool 31 | - vmauth_version not in vmauth_current_version.stdout 32 | 33 | - name: Install via control host 34 | when: vmauth_install_download_to_control 35 | block: 36 | - name: Download and unarchive vmauth release binary 37 | environment: 38 | http_proxy: "{{ vm_proxy_http }}" 39 | https_proxy: "{{ vm_proxy_https }}" 40 | ansible.builtin.unarchive: 41 | src: "{{ vmauth_download_url }}" 42 | dest: /tmp 43 | remote_src: yes 44 | delegate_to: localhost 45 | become: no 46 | when: 47 | - not ansible_check_mode 48 | - not vmauth_is_installed.stat.exists or 49 | vmauth_version not in vmauth_current_version.stdout 50 | 51 | - name: Copy vmauth binary to target host 52 | notify: Restart vmauth service 53 | ansible.builtin.copy: 54 | src: /tmp/vmauth-prod 55 | dest: /tmp/vmauth-prod 56 | mode: "0751" 57 | owner: "{{ vmauth_system_user }}" 58 | group: "{{ vmauth_system_group }}" 59 | when: 60 | - not ansible_check_mode 61 | - not vmauth_is_installed.stat.exists or 62 | vmauth_version not in vmauth_current_version.stdout 63 | 64 | - name: Replace vmauth binary at target dir # noqa: no-changed-when 65 | notify: Restart vmauth service 66 | ansible.builtin.shell: | 67 | mv /tmp/vmauth-prod /usr/local/bin/vmauth-prod 68 | when: 69 | - not ansible_check_mode 70 | - not vmauth_is_installed.stat.exists or 71 | vmauth_version not in vmauth_current_version.stdout 72 | 73 | - name: Install directly to target host 74 | when: not vmauth_install_download_to_control 75 | block: 76 | - name: Download and unarchive vmauth release binary 77 | environment: 78 | http_proxy: "{{ vm_proxy_http }}" 79 | https_proxy: "{{ vm_proxy_https }}" 80 | ansible.builtin.unarchive: 81 | src: "{{ vmauth_download_url }}" 82 | dest: /tmp 83 | remote_src: yes 84 | extra_opts: 85 | - --no-same-owner 86 | when: 87 | - not ansible_check_mode 88 | - not vmauth_is_installed.stat.exists or 89 | vmauth_version not in vmauth_current_version.stdout 90 | 91 | - name: Replace vmauth binary at target dir # noqa: no-changed-when 92 | notify: Restart vmauth service 93 | ansible.builtin.shell: | 94 | mv /tmp/vmauth-prod /usr/local/bin/vmauth-prod 95 | chmod 0751 /usr/local/bin/vmauth-prod 96 | chown {{ vmauth_system_user }}:{{ vmauth_system_group }} /usr/local/bin/vmauth-prod 97 | when: 98 | - not ansible_check_mode 99 | - not vmauth_is_installed.stat.exists or 100 | vmauth_version not in vmauth_current_version.stdout 101 | -------------------------------------------------------------------------------- /roles/vmagent/tasks/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create VMagent system group 3 | ansible.builtin.group: 4 | name: "{{ vmagent_system_group }}" 5 | state: present 6 | system: true 7 | when: vmagent_system_group != "root" 8 | 9 | - name: Create VMagent system user 10 | ansible.builtin.user: 11 | name: "{{ vmagent_system_user }}" 12 | groups: "{{ vmagent_system_group }}" 13 | append: true 14 | shell: /usr/sbin/nologin 15 | system: true 16 | createhome: false 17 | when: vmagent_system_user != "root" 18 | 19 | - name: Ensure existence of /usr/local/bin 20 | ansible.builtin.file: 21 | path: /usr/local/bin 22 | state: directory 23 | mode: "0755" 24 | 25 | - name: Delete existing VMagent version if it's different. 26 | ansible.builtin.file: 27 | path: /usr/local/bin/vmagent-prod 28 | state: absent 29 | when: 30 | - vmagent_is_installed.stat.exists | bool 31 | - vmagent_version not in vmagent_current_version.stdout 32 | 33 | - name: Install via control host 34 | when: vmagent_install_download_to_control 35 | block: 36 | - name: Download and unarchive VMagent release binary 37 | environment: 38 | http_proxy: "{{ vm_proxy_http }}" 39 | https_proxy: "{{ vm_proxy_https }}" 40 | ansible.builtin.unarchive: 41 | src: "{{ vmagent_download_url }}" 42 | dest: /tmp 43 | remote_src: yes 44 | delegate_to: localhost 45 | become: no 46 | when: 47 | - not ansible_check_mode 48 | - not vmagent_is_installed.stat.exists or 49 | vmagent_version not in vmagent_current_version.stdout 50 | 51 | - name: Copy vmagent binary to target host 52 | notify: Restart VMagent service 53 | ansible.builtin.copy: 54 | src: /tmp/vmagent-prod 55 | dest: /tmp/vmagent-prod 56 | mode: "0751" 57 | owner: "{{ vmagent_system_user }}" 58 | group: "{{ vmagent_system_group }}" 59 | when: 60 | - not ansible_check_mode 61 | - not vmagent_is_installed.stat.exists or 62 | vmagent_version not in vmagent_current_version.stdout 63 | 64 | - name: Replace vmagent binary at target dir # noqa: no-changed-when 65 | notify: Restart VMagent service 66 | ansible.builtin.shell: | 67 | mv /tmp/vmagent-prod /usr/local/bin/vmagent-prod 68 | when: 69 | - not ansible_check_mode 70 | - not vmagent_is_installed.stat.exists or 71 | vmagent_version not in vmagent_current_version.stdout 72 | 73 | - name: Install directly to target host 74 | when: not vmagent_install_download_to_control 75 | block: 76 | - name: Download and unarchive VMagent release binary 77 | environment: 78 | http_proxy: "{{ vm_proxy_http }}" 79 | https_proxy: "{{ vm_proxy_https }}" 80 | ansible.builtin.unarchive: 81 | src: "{{ vmagent_download_url }}" 82 | dest: /tmp 83 | remote_src: yes 84 | extra_opts: 85 | - --no-same-owner 86 | when: 87 | - not ansible_check_mode 88 | - not vmagent_is_installed.stat.exists or 89 | vmagent_version not in vmagent_current_version.stdout 90 | 91 | - name: Replace vmagent binary at target dir # noqa: no-changed-when 92 | notify: Restart VMagent service 93 | ansible.builtin.shell: | 94 | mv /tmp/vmagent-prod /usr/local/bin/vmagent-prod 95 | chmod 0751 /usr/local/bin/vmagent-prod 96 | chown {{ vmagent_system_user }}:{{ vmagent_system_group }} /usr/local/bin/vmagent-prod 97 | when: 98 | - not ansible_check_mode 99 | - not vmagent_is_installed.stat.exists or 100 | vmagent_version not in vmagent_current_version.stdout 101 | --------------------------------------------------------------------------------