aboutsummaryrefslogtreecommitdiffstats
path: root/ansible
diff options
context:
space:
mode:
Diffstat (limited to 'ansible')
-rw-r--r--ansible/roles/alloy/README.md26
-rw-r--r--ansible/roles/alloy/defaults/main.yml4
-rw-r--r--ansible/roles/alloy/handlers/main.yml7
-rw-r--r--ansible/roles/alloy/tasks/main.yml45
-rw-r--r--ansible/roles/alloy/templates/config.alloy.j23
5 files changed, 85 insertions, 0 deletions
diff --git a/ansible/roles/alloy/README.md b/ansible/roles/alloy/README.md
new file mode 100644
index 0000000..3cb4004
--- /dev/null
+++ b/ansible/roles/alloy/README.md
@@ -0,0 +1,26 @@
+# Grafana Alloy
+
+This role deploys an instance of Grafana Alloy with configuration that by
+default:
+- Exports the system journal to the configured Loki instance
+- Exports other log files to the configured Loki instance, including:
+ - `/var/log/auth.log`
+
+It requires the addition of the Grafana package repository to allow Alloy to be
+installed with `apt`. This is handled by the role.
+
+## Configuration values
+
+Required user configuration options:
+
+- `alloy_loki_endpoint`: The Loki log push endpoint to stream logs into.
+
+Defaulted configuration options:
+
+- `alloy_grafana_signing_key`: Signing key URL to use for Grafana packages
+ (default: `https://apt.grafana.com/gpg.key`)
+- `alloy_grafana_signing_key_fingerprint`: Expected key fingerprint from above
+ configuration key, used to prevent malicious tampering (default: most recent
+ known fingerprint of above address)
+- `alloy_grafana_repository`: Repository to configure and add to aptitude
+ (default: `deb https://apt.grafana.com stable main`)
diff --git a/ansible/roles/alloy/defaults/main.yml b/ansible/roles/alloy/defaults/main.yml
new file mode 100644
index 0000000..fac8845
--- /dev/null
+++ b/ansible/roles/alloy/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+alloy_grafana_signing_key: "https://apt.grafana.com/gpg.key"
+alloy_grafana_signing_key_fingerprint: "B53AE77BADB630A683046005963FA27710458545"
+alloy_grafana_repository: "deb https://apt.grafana.com stable main"
diff --git a/ansible/roles/alloy/handlers/main.yml b/ansible/roles/alloy/handlers/main.yml
new file mode 100644
index 0000000..e38b3c6
--- /dev/null
+++ b/ansible/roles/alloy/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+- name: Reload the alloy service
+ service:
+ name: alloy
+ state: reloaded
+ tags:
+ - role::alloy
diff --git a/ansible/roles/alloy/tasks/main.yml b/ansible/roles/alloy/tasks/main.yml
new file mode 100644
index 0000000..f593e61
--- /dev/null
+++ b/ansible/roles/alloy/tasks/main.yml
@@ -0,0 +1,45 @@
+---
+
+- name: Add apt signing key for Grafana repo
+ ansible.builtin.apt_key:
+ url: "{{ alloy_grafana_signing_key }}"
+ state: present
+ id: "{{ alloy_grafana_signing_key_fingerprint }}"
+ keyring: "/etc/apt/trusted.gpg.d/grafana.gpg"
+ tags:
+ - role::alloy
+
+- name: Add Grafana apt repository to apt lists
+ ansible.builtin.apt_repository:
+ repo: "{{ alloy_grafana_repository }}"
+ filename: grafana
+ state: present
+ tags:
+ - role::alloy
+
+- name: Install Alloy package from Grafana repository
+ package:
+ name: alloy
+ state: present
+ tags:
+ - role::alloy
+
+- name: Template Alloy configuration file into Alloy configuration
+ template:
+ src: config.alloy.j2
+ dest: /etc/alloy/config.alloy
+ group: root
+ owner: root
+ mode: "0644"
+ tags:
+ - role::alloy
+ notify:
+ - Reload the alloy service
+
+- name: Start and enable the Alloy service
+ service:
+ name: alloy
+ state: started
+ enabled: true
+ tags:
+ - role::alloy
diff --git a/ansible/roles/alloy/templates/config.alloy.j2 b/ansible/roles/alloy/templates/config.alloy.j2
new file mode 100644
index 0000000..ac27875
--- /dev/null
+++ b/ansible/roles/alloy/templates/config.alloy.j2
@@ -0,0 +1,3 @@
+logging {
+ level = "info"
+}