Erich Blume
9931829d03
## Summary - Add pre-commit framework with hooks for YAML, Ansible, Python, shell, TOML, JSON, and secret detection - Fix all 91+ ansible-lint violations (variable naming, handler capitalization, changed_when) - Fix shellcheck warnings in mise-tasks scripts - Document pre-commit setup in README.md ## Deployment and Testing - [x] All pre-commit hooks pass (`uvx pre-commit run --all-files`) - [x] Test ansible playbook with `--check` mode - [x] Run `mise run indri-services-check` after deploy 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/19
75 lines
2.1 KiB
YAML
75 lines
2.1 KiB
YAML
---
|
|
# Grafana Alloy installation and configuration
|
|
# Replaces node_exporter for metrics, adds log collection
|
|
|
|
- name: Install grafana-alloy via homebrew
|
|
community.general.homebrew:
|
|
name: grafana-alloy
|
|
state: present
|
|
|
|
- name: Ensure alloy config directory exists
|
|
ansible.builtin.file:
|
|
path: "{{ alloy_config_dir }}"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Ensure alloy data directory exists
|
|
ansible.builtin.file:
|
|
path: "{{ alloy_data_dir }}"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Ensure textfile collector directory exists
|
|
ansible.builtin.file:
|
|
path: "{{ alloy_textfile_dir }}"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
# === Fetch PostgreSQL password from 1Password ===
|
|
# Skipped when running full playbook (pre_tasks sets it)
|
|
# but runs when using --tags alloy
|
|
|
|
- name: Fetch PostgreSQL metrics password from 1Password
|
|
ansible.builtin.command:
|
|
cmd: >-
|
|
op --vault {{ alloy_op_vault }} item get {{ alloy_op_postgres_item }}
|
|
--fields {{ alloy_op_postgres_field }} --reveal
|
|
delegate_to: localhost
|
|
register: alloy_postgres_password_result
|
|
changed_when: false
|
|
no_log: true
|
|
when:
|
|
- alloy_collect_postgres | default(false)
|
|
- alloy_postgres_password is not defined
|
|
|
|
- name: Set PostgreSQL password fact
|
|
ansible.builtin.set_fact:
|
|
alloy_postgres_password: "{{ alloy_postgres_password_result.stdout }}"
|
|
no_log: true
|
|
when:
|
|
- alloy_collect_postgres | default(false)
|
|
- alloy_postgres_password is not defined
|
|
|
|
# === Deploy configuration ===
|
|
|
|
- name: Deploy PostgreSQL custom queries config
|
|
ansible.builtin.template:
|
|
src: postgres_queries.yaml.j2
|
|
dest: "{{ alloy_config_dir }}/postgres_queries.yaml"
|
|
mode: '0600'
|
|
notify: Restart alloy
|
|
when: alloy_collect_postgres | default(false)
|
|
|
|
- name: Deploy alloy configuration
|
|
ansible.builtin.template:
|
|
src: config.alloy.j2
|
|
dest: "{{ alloy_config_dir }}/config.alloy"
|
|
mode: '0600'
|
|
notify: Restart alloy
|
|
no_log: true
|
|
|
|
- name: Ensure alloy service is started
|
|
ansible.builtin.command: brew services start grafana-alloy
|
|
register: alloy_brew_start
|
|
changed_when: "'Successfully started' in alloy_brew_start.stdout"
|
|
failed_when: false
|