--- ### tags: ### update_config ### update_deployment ### update-digitalocean-metrics ### update-hetzner-metrics ### grafana-user-update - name: "Create/Resize LVM for datadir" include_role: name: lvm_with_hetzner_volumes vars: lvm_with_hetzner_volumes__volprefix: prometheus_datadir lvm_with_hetzner_volumes__volsize: "{{ prometheus_lvm_hcloudvol_size }}" lvm_with_hetzner_volumes__volcount: "{{ prometheus_lvm_hcloudvol_count }}" lvm_with_hetzner_volumes__mountpath: "{{ prometheus_lvm_hcloudvol_mountpath }}" - name: "Setup DNS configuration for <{{ inventory_hostname }}>" include_role: name: hetzner-ansible-dns vars: record_data: "{{ stage_server_ip }}" record_name: "{{ item }}" loop: - "{{ prometheus_id }}" - "{{ grafana_id }}" - "{{ alertmanager_id }}" - name: "Check if {{ inventory_hostname }}/docker-compose.yml exists" stat: path: "{{ service_base_path }}/{{ inventory_hostname }}/docker-compose.yml" register: check_docker_compose_file tags: - update_config - update_deployment - name: "Stop {{ inventory_hostname }}" community.docker.docker_compose: project_src: "{{ service_base_path }}/{{ inventory_hostname }}" state: absent when: check_docker_compose_file.stat.exists tags: - update_deployment - name: "Deploy docker templates for {{ inventory_hostname }}" include_role: name: hetzner-ansible-sma-deploy tasks_from: templates vars: current_config: "_docker" current_base_path: "{{ service_base_path }}" current_destination: "{{ inventory_hostname }}" current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" current_docker: "{{ prometheus_docker }}" tags: - update_deployment - name: "Update {{ inventory_hostname }}" community.docker.docker_compose: project_src: "{{ service_base_path }}/{{ inventory_hostname }}" state: present pull: yes tags: - update_deployment - name: "Updating prometheus configuration" include_tasks: _update_config.yml tags: - update_config - name: Create or update Grafana users community.grafana.grafana_user: url: "{{ http_s }}://{{ grafana_id }}.{{ domain }}" url_username: "{{ grafana_admin_username }}" url_password: "{{ grafana_admin_password }}" name: "{{ item.name }}" email: "{{ item.email }}" login: "{{ item.login }}" password: "{{ item.password }}" is_admin: false state: present loop: "{{ grafana_users }}" tags: - grafana-user-update - name: "Get all Dashboard uids from {{ http_s }}://{{ inventory_hostname }}-grafana.{{ domain }}" uri: url: "{{ http_s }}://{{ grafana_id }}.{{ domain }}/api/search" url_username: "{{ grafana_admin_username }}" url_password: "{{ grafana_admin_password }}" force_basic_auth: yes method: GET status_code: 200 return_content: yes register: grafana_dashboards until: grafana_dashboards.status == 200 retries: 10 delay: 60 tags: - grafana-user-update - name: "Get all existing Dashboard uids" set_fact: grafana_dashboards_uids: "{{ grafana_dashboards.json | json_query('[].uid') }}" tags: - grafana-user-update - name: "Printing Grafana Dashboard IDs" debug: msg: "{{ grafana_dashboards_uids }}" tags: - grafana-user-update when: - debug - name: Restrict admin dashboard permissions uri: url: "{{ http_s }}://{{ grafana_id }}.{{ domain }}/api/dashboards/uid/{{ item }}/permissions" url_username: "{{ grafana_admin_username }}" url_password: "{{ grafana_admin_password }}" force_basic_auth: yes method: POST headers: Content-Type: application/json body_format: json body: items: - role: Admin permission: 4 return_content: yes loop: "{{ grafana_dashboards_uids | difference(grafana_dashboard_whitelist) | list }}" tags: - grafana-user-update - name: Allow viewer dashboard permissions uri: url: "{{ http_s }}://{{ grafana_id }}.{{ domain }}/api/dashboards/uid/{{ item }}/permissions" url_username: "{{ grafana_admin_username }}" url_password: "{{ grafana_admin_password }}" force_basic_auth: yes method: POST headers: Content-Type: application/json body_format: json body: items: - role: Viewer permission: 1 return_content: yes loop: "{{ grafana_dashboard_whitelist }}" tags: - grafana-user-update - name: "Create digitalocean api metric script from template" template: src: digitalocean_api.sh.j2 dest: /root/digitalocean_api.sh mode: 0700 owner: root group: root tags: - update-digitalocean-metrics - name: "Create cronjob to exec digitalocean api metric script" ansible.builtin.cron: name: "update replication table" minute: "*" job: /root/digitalocean_api.sh tags: - update-digitalocean-metrics - name: "Create cronjob to exec digitalocean api metric script" ansible.builtin.cron: name: "update digitalocean metrics" minute: "*" job: /root/digitalocean_api.sh tags: - update-digitalocean-metrics - name: "Create hetzner api metric script from template" template: src: hetzner_api.py.j2 dest: /root/hetzner_api.py mode: 0700 owner: root group: root tags: - update-hetzner-metrics - name: "Create cronjob to exec hetzner api metric script" ansible.builtin.cron: name: "update hetzner metrics" minute: "*" job: /root/hetzner_api.py tags: - update-hetzner-metrics # remove after 31.12.2022 - name: "Remove old cronjob to exec digitalocean api metric script" ansible.builtin.cron: name: "update replication table" state: "absent" tags: - update-digitalocean-metrics # remove after 31.12.2022 - name: "Remove old digitalocean api metric script" ansible.builtin.file: path: /root/do_too_many_req_metrics.sh state: absent tags: - update-digitalocean-metrics # remove after 31.12.2022 - name: "Remove old hetzner api metric script" ansible.builtin.file: path: /root/hetzner_unattached_volumes.py state: absent tags: - update-hetzner-metrics