Erich Blume
5894d134a8
Introduces pre-commit framework with hooks for: - General file hygiene (trailing whitespace, EOF, large files) - Secret detection (TruffleHog) - YAML linting (yamllint) - Ansible linting (ansible-lint) - Python linting/formatting (ruff) - Shell script analysis (shellcheck, shfmt) - TOML formatting (taplo) - JSON formatting (prettier) Fixes 91+ ansible-lint violations: - Renamed variables to use role prefixes (e.g., brew_start -> alloy_brew_start) - Capitalized handler names per convention - Added changed_when to command tasks - Fixed template usage in task names Fixes shellcheck warnings: - Removed unused variables - Fixed SC2155 (declare and assign separately) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
75 lines
2.1 KiB
YAML
75 lines
2.1 KiB
YAML
---
|
|
# Grafana Alloy installation and configuration
|
|
# Replaces node_exporter for metrics, adds log collection
|
|
|
|
- name: Install grafana-alloy via homebrew
|
|
community.general.homebrew:
|
|
name: grafana-alloy
|
|
state: present
|
|
|
|
- name: Ensure alloy config directory exists
|
|
ansible.builtin.file:
|
|
path: "{{ alloy_config_dir }}"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Ensure alloy data directory exists
|
|
ansible.builtin.file:
|
|
path: "{{ alloy_data_dir }}"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Ensure textfile collector directory exists
|
|
ansible.builtin.file:
|
|
path: "{{ alloy_textfile_dir }}"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
# === Fetch PostgreSQL password from 1Password ===
|
|
# Skipped when running full playbook (pre_tasks sets it)
|
|
# but runs when using --tags alloy
|
|
|
|
- name: Fetch PostgreSQL metrics password from 1Password
|
|
ansible.builtin.command:
|
|
cmd: >-
|
|
op --vault {{ alloy_op_vault }} item get {{ alloy_op_postgres_item }}
|
|
--fields {{ alloy_op_postgres_field }} --reveal
|
|
delegate_to: localhost
|
|
register: alloy_postgres_password_result
|
|
changed_when: false
|
|
no_log: true
|
|
when:
|
|
- alloy_collect_postgres | default(false)
|
|
- alloy_postgres_password is not defined
|
|
|
|
- name: Set PostgreSQL password fact
|
|
ansible.builtin.set_fact:
|
|
alloy_postgres_password: "{{ alloy_postgres_password_result.stdout }}"
|
|
no_log: true
|
|
when:
|
|
- alloy_collect_postgres | default(false)
|
|
- alloy_postgres_password is not defined
|
|
|
|
# === Deploy configuration ===
|
|
|
|
- name: Deploy PostgreSQL custom queries config
|
|
ansible.builtin.template:
|
|
src: postgres_queries.yaml.j2
|
|
dest: "{{ alloy_config_dir }}/postgres_queries.yaml"
|
|
mode: '0600'
|
|
notify: Restart alloy
|
|
when: alloy_collect_postgres | default(false)
|
|
|
|
- name: Deploy alloy configuration
|
|
ansible.builtin.template:
|
|
src: config.alloy.j2
|
|
dest: "{{ alloy_config_dir }}/config.alloy"
|
|
mode: '0600'
|
|
notify: Restart alloy
|
|
no_log: true
|
|
|
|
- name: Ensure alloy service is started
|
|
ansible.builtin.command: brew services start grafana-alloy
|
|
register: alloy_brew_start
|
|
changed_when: "'Successfully started' in alloy_brew_start.stdout"
|
|
failed_when: false
|