michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
edcf509a4fdb0be3b96d255d185759f813e219d7
michaelschiemer/deployment/ansible/roles/monitoring/tasks/main.yml
Michael Schiemer edcf509a4f feat: add PHP ini management system and update infrastructure configs 
- Add PHP ini management classes (Access, IniDirective, IniKey, PhpIni)
- Update deployment configurations (Wireguard, Traefik, Monitoring)
- Add DNS stack and Ansible role
- Add deployment debugging playbooks
- Update framework components (FilePath, RedisConnectionPool)
- Update .gitignore and documentation
2025-11-02 15:29:41 +01:00

122 lines
3.1 KiB
YAML
Raw Blame History

---
- name: Check if monitoring vault file exists
stat:
path: "{{ monitoring_vault_file }}"
delegate_to: localhost
register: monitoring_vault_stat
become: no
tags:
- monitoring
- name: Optionally load monitoring secrets from vault
include_vars:
file: "{{ monitoring_vault_file }}"
when: monitoring_vault_stat.stat.exists
no_log: yes
delegate_to: localhost
become: no
ignore_errors: yes
tags:
- monitoring
- name: Set Grafana admin password from vault or generate
set_fact:
grafana_admin_password: "{{ vault_grafana_admin_password | default(lookup('password', '/dev/null length=25 chars=ascii_letters,digits')) }}"
no_log: yes
tags:
- monitoring
- name: Set Prometheus password from vault or generate
set_fact:
prometheus_password: "{{ vault_prometheus_password | default(lookup('password', '/dev/null length=25 chars=ascii_letters,digits')) }}"
no_log: yes
tags:
- monitoring
- name: Generate Prometheus BasicAuth hash
shell: |
docker run --rm httpd:alpine htpasswd -nbB admin "{{ prometheus_password }}" 2>/dev/null | cut -d ":" -f 2
register: prometheus_auth_hash
changed_when: false
no_log: yes
tags:
- monitoring
- name: Set Prometheus BasicAuth string
set_fact:
prometheus_auth: "admin:{{ prometheus_auth_hash.stdout }}"
no_log: yes
tags:
- monitoring
- name: Build VPN IP whitelist with endpoints
set_fact:
monitoring_vpn_ip_whitelist_ranges: "{{ [wireguard_network_default | default('10.8.0.0/24')] }}"
tags:
- monitoring
- name: Set VPN IP whitelist for monitoring
set_fact:
monitoring_vpn_ip_whitelist: "{{ monitoring_vpn_ip_whitelist_ranges | join(',') }}"
tags:
- monitoring
- name: Set Traefik stack path
set_fact:
traefik_stack_path: "{{ stacks_base_path }}/traefik"
tags:
- monitoring
- name: Update Traefik middleware with dynamic VPN IPs
template:
src: "{{ role_path }}/../../templates/traefik-middlewares.yml.j2"
dest: "{{ traefik_stack_path }}/dynamic/middlewares.yml"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: '0644'
vars:
vpn_network: "{{ wireguard_network_default | default('10.8.0.0/24') }}"
tags:
- monitoring
- name: Ensure monitoring stack directory exists
file:
path: "{{ monitoring_stack_path }}"
state: directory
mode: '0755'
tags:
- monitoring
- name: Create monitoring stack .env file
template:
src: "{{ monitoring_env_template }}"
dest: "{{ monitoring_stack_path }}/.env"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: '0600'
no_log: yes
tags:
- monitoring
- name: Deploy Monitoring stack
community.docker.docker_compose_v2:
project_src: "{{ monitoring_stack_path }}"
state: present
pull: always
register: monitoring_compose_result
tags:
- monitoring
- name: Wait for Monitoring to be ready
wait_for:
timeout: "{{ monitoring_wait_timeout }}"
when: monitoring_compose_result.changed
tags:
- monitoring
- name: Record monitoring deployment facts
set_fact:
monitoring_stack_changed: "{{ monitoring_compose_result.changed | default(false) }}"
tags:
- monitoring
Reference in New Issue View Git Blame Copy Permalink