add prometheus

don't publish traefik api
2023-02-07 22:54:07 +01:00 · 2023-02-07 22:54:07 +01:00 · 9cc5fba042
commit 9cc5fba042
parent 68981f3f66
12 changed files with 68 additions and 11 deletions
--- a/roles/forgejo/templates/docker-compose.yml.j2
+++ b/roles/forgejo/templates/docker-compose.yml.j2
@ -24,7 +24,7 @@ services:
      - traefik.http.routers.forgejo.rule=Host(`git.pizzapim.nl`)
      - traefik.http.routers.forgejo.tls=true
      - traefik.http.routers.forgejo.tls.certresolver=pizzapim
-      - traefik.tcp.routers.forgejo.service=forgejo
+      - traefik.http.routers.forgejo.service=forgejo
      - traefik.http.services.forgejo.loadbalancer.server.port=3000

      - traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`)
--- a/roles/nsd/files/zones/pizzapim.nl
+++ b/roles/nsd/files/zones/pizzapim.nl
@ -1,7 +1,7 @@
 $ORIGIN pizzapim.nl.
 $TTL 60

-pizzapim.nl.	IN 	SOA	ns.pizzapim.nl. pim.kunis.nl. 2023012200 1800 3600 1209600 3600
+pizzapim.nl.	IN 	SOA	ns.pizzapim.nl. pim.kunis.nl. 2023020701 1800 3600 1209600 3600

 			NS	ns.pizzapim.nl.
 			NS	ns0.transip.net.
@ -18,10 +18,8 @@ www		IN	A	84.245.14.149
 			AAAA	2a02:58:19a:f730:b62e:99ff:fe77:1bda
 ns		IN	A	84.245.14.149
 			AAAA	2a02:58:19a:f730:b62e:99ff:fe77:1bda
-cloud		IN	CNAME	www.pizzapim.nl.
 social		IN	CNAME	www.pizzapim.nl.
 dav		IN	CNAME	www.pizzapim.nl.
 git		IN	CNAME	www.pizzapim.nl.
 meet            IN      CNAME   www.pizzapim.nl.
 rss             IN      CNAME   www.pizzapim.nl.
-traefik         IN      CNAME   www.pizzapim.nl.
--- a/roles/prometheus/meta/main.yml
+++ b/roles/prometheus/meta/main.yml
@ -0,0 +1,3 @@
+dependencies:
+  - role: common
+  - role: docker
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@ -0,0 +1,19 @@
+- name: Create app directory
+  file:
+    path: "{{ service_dir }}"
+    state: directory
+- name: Copy Docker Compose script
+  template:
+    src: "{{ role_path }}/templates/docker-compose.yml.j2"
+    dest: "{{ service_dir }}/docker-compose.yml"
+- name: Copy prometheus.yml
+  template:
+    src: "{{ role_path }}/templates/prometheus.yml.j2"
+    dest: "{{ service_dir }}/prometheus.yml"
+  register: config
+- name: Start Docker Compose
+  docker_compose:
+    project_src: "{{ service_dir }}"
+    pull: true
+    remove_orphans: true
+    restarted: "{{ config.changed }}"
--- a/roles/prometheus/templates/docker-compose.yml.j2
+++ b/roles/prometheus/templates/docker-compose.yml.j2
@ -0,0 +1,13 @@
+version: "3.8"
+
+services:
+  prometheus:
+    image: prom/prometheus
+    container_name: prometheus
+    restart: always
+    volumes:
+      - "{{ service_dir }}/prometheus.yml:/etc/prometheus/prometheus.yml"
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    ports:
+      - "{{ prometheus_port }}:9090"
--- a/roles/prometheus/templates/prometheus.yml.j2
+++ b/roles/prometheus/templates/prometheus.yml.j2
@ -0,0 +1,14 @@
+global:
+  scrape_interval:     15s
+
+scrape_configs:
+
+  - job_name: 'prometheus'
+    scrape_interval: 5s
+    static_configs:
+      - targets: ['localhost:9090']
+
+  - job_name: 'traefik'
+    scrape_interval: 5s
+    static_configs:
+      - targets: ['host.docker.internal:{{ traefik_api_port }}']
--- a/roles/prometheus/vars/main.yml
+++ b/roles/prometheus/vars/main.yml
@ -0,0 +1,3 @@
+service_name: prometheus
+data_dir: "{{ base_data_dir }}/{{ service_name }}"
+service_dir: "{{ base_service_dir }}/{{ service_name }}"
--- a/roles/traefik/templates/docker-compose.yml.j2
+++ b/roles/traefik/templates/docker-compose.yml.j2
@ -13,6 +13,7 @@ services:
      - "443:443"
      - "80:80"
      - "{{ git_ssh_port }}:{{ git_ssh_port }}"
+      - "{{ traefik_api_port }}:{{ traefik_api_port }}"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml
@ -29,10 +30,6 @@ services:
      - traefik.http.routers.esrom.tls=true
      - traefik.http.routers.esrom.tls.certresolver=geokunis

-      - traefik.http.routers.traefik.rule=Host(`traefik.pizzapim.nl`)
-      - traefik.http.routers.traefik.entrypoints=websecure
-      - traefik.http.routers.traefik.tls=true
-      - traefik.http.routers.traefik.tls.certresolver=pizzapim
+      - traefik.http.routers.traefik.rule=Host(`max.lan`)
+      - traefik.http.routers.traefik.entrypoints=internal
      - traefik.http.routers.traefik.service=api@internal
-      - traefik.http.routers.traefik.middlewares=whitelist-local
-      - "traefik.http.middlewares.whitelist-local.ipwhitelist.sourcerange=127.0.0.1/32,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,::1,fc00::/7"
--- a/roles/traefik/templates/traefik.toml.j2
+++ b/roles/traefik/templates/traefik.toml.j2
@ -13,11 +13,17 @@ loglevel = "DEBUG"
    address = ":{{ git_ssh_port }}"
  [entryPoints.video]
    address = ":{{ jitsi_videobridge_port }}/udp"
+  [entryPoints.internal]
+    address = ":{{ traefik_api_port }}"

 [api]
  insecure = false
  dashboard = true

+[metrics]
+  [metrics.prometheus]
+    entryPoint = "internal"
+
 [providers.docker]
  endpoint = "unix:///var/run/docker.sock"