benschubert.infrastructure

benschubert.infrastructure.monitoring role – Configure all services required to monitor services and systems.

Note

This role is part of the benschubert.infrastructure collection (version 0.0.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install benschubert.infrastructure.

To use it in a playbook, specify: benschubert.infrastructure.monitoring.

Entry point `agent` – Configure a Grafana alloy service to monitor some systems 

Synopsis 

This role configures a Grafana Alloy container to monitor the provided services.

Parameters 

Parameter	Comments
auth_authentik_hostname string / required	The hostname at which the Authentik service is reachable
auth_authentik_token string / required	The token to use to connect to Authentik
ingress_custom_ca_cert string	The path on disk to a custom certificate to validate the TLS certificates when ansible makes requests if they are not available in the root certificate authorities
ingress_https_port integer	The port at which the service is exposed via the ingress, in order to be able to make API calls to the service Default: `443`
ingress_validate_certs boolean	Whether the TLS certificate should be verified when ansible makes API calls Choices: `false` `true` ← (default)
monitoring_agent_alloy_image string	The container image path and tag to use for Alloy Default: `"docker.io/grafana/alloy:latest"`
monitoring_agent_config_path string / required	The path on disk where to store the agent’s configuration
monitoring_agent_data_path string / required	The path on disk where the agent can store it’s own data
monitoring_agent_networks list / elements=string / required	The networks that the agent should be joining
monitoring_agent_pod string / required	The name of the pod to deploy the agent in. It will be also used to create a user in Authentik to allow access protected services
monitoring_agent_postgres_instances list / elements=dictionary	A list of PostgreSQL databases to monitor Default: `[]`
database string / required	The name of the database to which to connect
instance string / required	The hostname of the database to which to connect
password string / required	The password to use to connect to the database
username string / required	The username to use to connect to the database
monitoring_agent_product_name string / required	A human readable name of what this agent monitors. Used in alerting to group alerts together.
monitoring_agent_prometheus_endpoints list / elements=dictionary	A list of Prometheus endpoints to monitor Default: `[]`
address string / required	The endpoint on which to fetch the Prometheus metrics
alerting_rules_template string	A Jinja template defining Prometheus rules to generate alerts The variable `job_name` and `name` are available to uniquely identify the job.
metrics_path string	The path under which to scrape the metrics Default: `"/metrics"`
name string / required	A human-readable name for the service to monitor. Will be also used as the `instance` label.
monitoring_agent_redis_instances list / elements=dictionary	A list of Redis instances to monitor Default: `[]`
name string / required	The hostname of the Redis instance
password string / required	The password for the user to use for metrics collection on Redis, to use to authenticate.
user string / required	The username to use to authenticate against Redis
monitoring_agent_user_group string	A group name to which to add the role account that is created for monitoring the requested services. This is useful if you want to restrict apps per user, so you can have those bots publish their metrics correctly.
monitoring_mimir_hostname string / required	The hostname at which to find the Mimir deployment

Entry point `dashboard` – Install the provided dashboard on Grafana 

Synopsis 

This role allows setting up a dashboard on Grafana

Parameters 

Parameter	Comments
content string / required	The JSON content of the dashboard to setup
destination string / required	The name of the dashboard on the file-system. Can contain one level of directory For example, `mydashboard.json` or `services/grafana.json`
monitoring_grafana_config_path string / required	The path to where the Grafana configuration is kept

Entry point `main` – Configure all services required to monitor services and systems.

Synopsis 

This role configures a suite of services that are used to monitor services.
It will configure the following:
Grafana
Mimir, including AlertManager
Loki
Grafana Alloy

Parameters 

Parameter	Comments
auth_authentik_hostname string / required	The hostname at which the Authentik service is reachable
auth_authentik_token string / required	The token to use to connect to Authentik
ingress_custom_ca_cert string	The path on disk to a custom certificate to validate the TLS certificates when ansible makes requests if they are not available in the root certificate authorities
ingress_https_port integer	The port at which the service is exposed via the ingress Default: `443`
ingress_traefik_certificates_resolvers dictionary	The configuration for the certificate resolvers When created, it expects at least a ‘default’ entry, which will be used for all services that don’t specify an explicit resolver in their configuration ‘storage’ MUST be set as `/etc/traefik/acme.json` See Traefik’s documentation for more information Default: `{}`
ingress_validate_certs boolean	Whether the TLS certificate should be verified when ansible makes API calls Choices: `false` `true` ← (default)
monitoring_grafana_admin_bootstrap_password string	The password to give to the Grafana admin user
monitoring_grafana_admin_group_name string	The name of the group in Authentik that should be admins in Grafana Default: `"Grafana Admins"`
monitoring_grafana_admin_password string	The password to authenticate as admin on Grafana for setting up dashboards and other resources Defaults to monitoring_grafana_admin_bootstrap_password if not set. Default: `"{{ monitoring_grafana_admin_bootstrap_password }}"`
monitoring_grafana_admin_user string	The name of the admin user for Grafana. This user will not exist on the Authentik service Default: `"admin"`
monitoring_grafana_allowlisted_groups list / elements=string	A list of groups to restrict Grafana to. Users not in any of the specified groups won’t be able to see or login to Grafana. `null` or `[]` doesn’t restrict the access. When setting this, you should at least add `{{ monitoring_grafana_admin_group_name }}` to it.
monitoring_grafana_config_path string / required	The path to where the Grafana configuration is to be kept
monitoring_grafana_data_path string / required	The directory in which the Grafana data will be stored
monitoring_grafana_hostname string / required	The hostname at which the Grafana instance is reachable
monitoring_grafana_image string	The container image path and tag to use for Grafana Default: `"docker.io/grafana/grafana:latest"`
monitoring_grafana_postgres_data_path string / required	The path on disk where the PostgreSQL instance for Grafana should store its data
monitoring_grafana_postgres_image string	The container image path and tag to use for Postgres Default: `"See I(postgres_image) from the Postgres role"`
monitoring_grafana_postgres_password string / required	The password used to connect to PostgreSQL database
monitoring_grafana_secret_key string / required	The secret key to use in Grafana to encrypt various sensitive data
monitoring_loki_allowlisted_groups list / elements=string	A list of groups to restrict Loki to. Users not in any of the specified groups won’t be able to see or login to Loki. `null` or `[]` doesn’t restrict the access.
monitoring_loki_config_path string / required	The path on disk where the Loki configuration files should be stored.
monitoring_loki_data_path string / required	The path on disk where the Loki data should be stored.
monitoring_loki_hostname string / required	The hostname at which the Loki instance is reachable.
monitoring_loki_image string	The container image path and tag to use for Loki Default: `"docker.io/grafana/loki:latest"`
monitoring_mimir_additional_networks list / elements=string	A list of additional podman networks that need to be attached to the Mimir pod. This is useful if you want to configure a SMTP gateway for sending emails via AlertManager. Default: `[]`
monitoring_mimir_alertmanager_config_template string	The name of the template to use to configure the AlertManager routing Default: `"mimir-alertmanager-fallback-config.yml.j2"`
monitoring_mimir_allowlisted_groups list / elements=string	A list of groups to restrict Mimir to. Users not in any of the specified groups won’t be able to see or login to Mimir. `null` or `[]` doesn’t restrict the access.
monitoring_mimir_config_path string / required	The path on disk where the Mimir configuration files should be stored.
monitoring_mimir_data_path string / required	The path on disk where the Mimir data should be stored.
monitoring_mimir_hostname string / required	The hostname at which the Mimir instance is reachable.
monitoring_mimir_image string	The container image path and tag to use for Mimir Default: `"docker.io/grafana/mimir:latest"`
monitoring_mimir_secrets dictionary	A list of secrets to inject into the Mimir container as <key: value> The secrets will be exposed under /run/secrets/monitoring-mimir-<key> with the key having ‘_’ replaced by ‘-’ Default: `{}`
monitoring_monitor_agent_alloy_image string	The container image path and tag to use for Alloy Default: `"See I(monitoring_agent_alloy_image) from the Monitoring role"`
monitoring_monitor_agent_config_path string / required	The path at which the Grafana Alloy monitoring the monitoring stack should store its configuration
monitoring_monitor_agent_data_path string / required	The path at which the Grafana Alloy monitoring the monitoring stack should store its data
monitoring_monitor_agent_user_group string	A group name to which to add the role account that is created for monitoring the monitoring stack. This is useful if you want to restrict apps per user, so you can have those bots publish their metrics correctly.

Collection links