diff options
| -rw-r--r-- | ansible/roles/alloy/README.md | 26 | ||||
| -rw-r--r-- | ansible/roles/alloy/defaults/main.yml | 4 | ||||
| -rw-r--r-- | ansible/roles/alloy/handlers/main.yml | 7 | ||||
| -rw-r--r-- | ansible/roles/alloy/tasks/main.yml | 45 | ||||
| -rw-r--r-- | ansible/roles/alloy/templates/config.alloy.j2 | 3 |
5 files changed, 85 insertions, 0 deletions
diff --git a/ansible/roles/alloy/README.md b/ansible/roles/alloy/README.md new file mode 100644 index 0000000..3cb4004 --- /dev/null +++ b/ansible/roles/alloy/README.md @@ -0,0 +1,26 @@ +# Grafana Alloy + +This role deploys an instance of Grafana Alloy with configuration that by +default: +- Exports the system journal to the configured Loki instance +- Exports other log files to the configured Loki instance, including: + - `/var/log/auth.log` + +It requires the addition of the Grafana package repository to allow Alloy to be +installed with `apt`. This is handled by the role. + +## Configuration values + +Required user configuration options: + +- `alloy_loki_endpoint`: The Loki log push endpoint to stream logs into. + +Defaulted configuration options: + +- `alloy_grafana_signing_key`: Signing key URL to use for Grafana packages + (default: `https://apt.grafana.com/gpg.key`) +- `alloy_grafana_signing_key_fingerprint`: Expected key fingerprint from above + configuration key, used to prevent malicious tampering (default: most recent + known fingerprint of above address) +- `alloy_grafana_repository`: Repository to configure and add to aptitude + (default: `deb https://apt.grafana.com stable main`) diff --git a/ansible/roles/alloy/defaults/main.yml b/ansible/roles/alloy/defaults/main.yml new file mode 100644 index 0000000..fac8845 --- /dev/null +++ b/ansible/roles/alloy/defaults/main.yml @@ -0,0 +1,4 @@ +--- +alloy_grafana_signing_key: "https://apt.grafana.com/gpg.key" +alloy_grafana_signing_key_fingerprint: "B53AE77BADB630A683046005963FA27710458545" +alloy_grafana_repository: "deb https://apt.grafana.com stable main" diff --git a/ansible/roles/alloy/handlers/main.yml b/ansible/roles/alloy/handlers/main.yml new file mode 100644 index 0000000..e38b3c6 --- /dev/null +++ b/ansible/roles/alloy/handlers/main.yml @@ -0,0 +1,7 @@ +--- +- name: Reload the alloy service + service: + name: alloy + state: reloaded + tags: + - role::alloy diff --git a/ansible/roles/alloy/tasks/main.yml b/ansible/roles/alloy/tasks/main.yml new file mode 100644 index 0000000..f593e61 --- /dev/null +++ b/ansible/roles/alloy/tasks/main.yml @@ -0,0 +1,45 @@ +--- + +- name: Add apt signing key for Grafana repo + ansible.builtin.apt_key: + url: "{{ alloy_grafana_signing_key }}" + state: present + id: "{{ alloy_grafana_signing_key_fingerprint }}" + keyring: "/etc/apt/trusted.gpg.d/grafana.gpg" + tags: + - role::alloy + +- name: Add Grafana apt repository to apt lists + ansible.builtin.apt_repository: + repo: "{{ alloy_grafana_repository }}" + filename: grafana + state: present + tags: + - role::alloy + +- name: Install Alloy package from Grafana repository + package: + name: alloy + state: present + tags: + - role::alloy + +- name: Template Alloy configuration file into Alloy configuration + template: + src: config.alloy.j2 + dest: /etc/alloy/config.alloy + group: root + owner: root + mode: "0644" + tags: + - role::alloy + notify: + - Reload the alloy service + +- name: Start and enable the Alloy service + service: + name: alloy + state: started + enabled: true + tags: + - role::alloy diff --git a/ansible/roles/alloy/templates/config.alloy.j2 b/ansible/roles/alloy/templates/config.alloy.j2 new file mode 100644 index 0000000..ac27875 --- /dev/null +++ b/ansible/roles/alloy/templates/config.alloy.j2 @@ -0,0 +1,3 @@ +logging { + level = "info" +} |