# PrometheusWithGrafana

**Repository Path**: bestmem/PrometheusWithGrafana

## Basic Information

- **Project Name**: PrometheusWithGrafana
- **Description**: Use ansible-playbook to deploy grafana, prometheus with tls and basic auth, node_exporter, alertmanager, etc.
- **Primary Language**: Unknown
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2021-10-15
- **Last Updated**: 2022-06-08

## Categories & Tags

**Categories**: Uncategorized

**Tags**: Ansible, playbook

## README

[TOC]

# PrometheusWithGrafana

## 介绍

该项目由ansible-playbook编写完成，用于针对服务器资源快速部署监控告警平台。

> node_exporter配置了tls和basic auth认证，符合生产环境部署的安全要求。

## 项目结构

```
[root@harbor PrometheusWithGrafana]# ansible-playbook -i hosts site.yml --list-tasks

playbook: site.yml

  play #1 (tls): tls    TAGS: [tls]
    tasks:
      tls : Generate key pair   TAGS: [tls]
      tls : Copy public key to prometheus role  TAGS: [tls]
      tls : Move public key and private key to node_exporter role       TAGS: [tls]

  play #2 (grafana): grafana    TAGS: [grafana]
    tasks:
      Determine whether the grafana container is already exists TAGS: [grafana]
      Check whether the port that grafana will use is already occupied  TAGS: [grafana]
      debug     TAGS: [grafana]
      Download grafana docker image     TAGS: [grafana]
      Create grafana work directory     TAGS: [grafana]
      Create grafana directory which used to persist data       TAGS: [grafana]
      Copy grafana.ini  TAGS: [grafana]
      Run grafana container     TAGS: [grafana]

  play #3 (prometheus): prometheus      TAGS: [prometheus]
    tasks:
      Generate prometheus config file from template     TAGS: [prometheus, test]
      Determine whether the prometheus container is already exists      TAGS: [prometheus]
      Check whether the port that prometheus will use is already occupied       TAGS: [prometheus]
      debug     TAGS: [prometheus]
      Download prometheus docker image  TAGS: [prometheus]
      Create prometheus work directory and a rule directory for storing alter yaml file and tls directory       TAGS: [prometheus]
      Create a prometheus data directory for persistent data    TAGS: [prometheus]
      Generate prometheus config file from template     TAGS: [prometheus]
      prometheus : Distribute public key        TAGS: [prometheus]
      prometheus : Copy rule file       TAGS: [prometheus]
      Run prometheus container  TAGS: [prometheus]

  play #4 (node_exporter): node_exporter        TAGS: [node_exporter]
    tasks:
      Check whether the port that node_exporter will use is already occupied    TAGS: [node_exporter]
      debug     TAGS: [node_exporter]
      Create node_exporter work directory       TAGS: [node_exporter]
      Distribute node_exporter-{{ node_exporter_version }}.linux-amd64.tar.gz and archive       TAGS: [node_exporter]
      Create node_exporter tls directory        TAGS: [node_exporter]
      node_exporter : Distribute public key and private key     TAGS: [node_exporter]
      node_exporter : Distribute config.yml to enable TLS       TAGS: [node_exporter]
      Generate node_exporter.service file from template TAGS: [node_exporter]
      Startup node_exporter service     TAGS: [node_exporter]

  play #5 (prometheusalert_center): prometheusalert_center      TAGS: [prometheusalert-center]
    tasks:
      Determine whether the prometheusalert-center container is already exists  TAGS: [prometheusalert-center]
      Check whether the port that prometheusalert-center will use is already occupied   TAGS: [prometheusalert-center]
      debug     TAGS: [prometheusalert-center]
      Download prometheusalert-center docker image      TAGS: [prometheusalert-center]
      Create prometheusalert-center work directory      TAGS: [prometheusalert-center]
      prometheusalert-center : Generate app.conf from template  TAGS: [prometheusalert-center]
      Distribute views directory that change default prometheusalert-center index page  TAGS: [prometheusalert-center]
      Distribute PrometheusAlertDB.db data file that change default prometheusalert-center alerttemplate        TAGS: [prometheusalert-center]
      Run prometheusalert-center container      TAGS: [prometheusalert-center]

  play #6 (alertmanager): alertmanager  TAGS: [alertmanager]
    tasks:
      Determine whether the alertmanager container is already exists    TAGS: [alertmanager]
      Check whether the port that alertmanager will use is already occupied     TAGS: [alertmanager]
      debug     TAGS: [alertmanager]
      Download alertmanager docker image        TAGS: [alertmanager]
      Create alertmanager work directory        TAGS: [alertmanager]
      Copy alertmanager.yml     TAGS: [alertmanager]
      Run alertmanager container        TAGS: [alertmanager]
```

默认安装版本信息及部署方式：

| 组件                   | 版本    | 部署方式 |
| ---------------------- | ------- | -------- |
| grafana                | 8.2.0   | docker   |
| prometheus             | v2.30.3 | docker   |
| node_exporter          | 1.2.2   | 二进制   |
| alertmanager           | v0.23.0 | docker   |
| prometheusalert-center | v-4.6.1 | docker   |

## 安装教程

```
$ git clone https://gitee.com/bestmem/PrometheusWithGrafana.git
$ cd PrometheusWithGrafana.git
$ ls
group_vars  hosts  README.md  roles  site.yml
```

1. 我们需要修改`hosts`文件，该文件记录了你想要将对应的服务部署在哪些服务器上，其中`tls`不需要改动。

   ```
   $ cat hosts
   [tls]
   localhost
   [grafana]
   192.168.71.132
   [prometheus]
   192.168.71.132
   [node_exporter]
   192.168.71.132
   192.168.71.133
   192.168.71.134
   [alertmanager]
   192.168.71.132
   [prometheusalert_center]
   192.168.71.132
   ```

2. 修改`group_vars/all`全局变量文件：

   ```
   $ cat group_vars/all
   basic_auth_username: prometheus
   basic_auth_password: cT1iIjc8`4/w^%
   basic_auth_encrypt_password: $2y$12$UaIrGMrPyX.v5Mk14JhZi.CSsCXweO1.WQsu040m6Kadz1K8rz3vK
   ```

   > 该文件记录了node_exporter配置baisc auth需要使用的用户名，密码，
   >
   > + basic_auth_username：指定用户名
   > + basic_auth_password：指定明文密码
   > + basic_auth_encrypt_password：指定加密后的密码
   >
   > 可以自行更换密码，通过`yum install httpd-tools -y`后，使用命令` htpasswd -nBC 12 '' | tr -d ':\n'`来对明文密码进行加密。

3. 其他各个模块的局部变量可进入相对应role目录下查看，包含了镜像名称、安装目录、使用端口、指定版本等，如：

   ```
   $ cat roles/grafana/vars/main.yml
   ---
   # vars file for grafana
   grafana_work_dir: /usr/local/software/grafana
   grafana_version: 8.2.0
   grafana_docker_port: 3000
   ```

以上变量根据自身情况进行修改，修改完成后即可部署：

```
# 对于初次部署的可执行以下命令进行部署，playbook会自动检查容器是否运行，端口是否被占用来决定是否跳过相应的task，可重复使用该命令，已部署的应用不会受到影响。
$ ansible-playbook -i hosts site.yml
# 已部署部分服务，仅需要部署其他监控组件的可通过查看tags后，通过-t参数指定对应的tags进行部署。
$ ansible-playbook -i hosts site.yml --list-tags
$ ansible-playbook -i hosts site.yml -t node_exporter
```

## 知识点

1. playbook魔法变量：`{{ playbook_dir }}`可用于获取playbook入口文件`site.yml`的绝对目录。

2. ```
   当使用jinja模板过滤器时，如：{{ basic_auth_username|default("prometheus") }}用于设置当basic_auth_username变量不存在时，设置默认值为prometheus，但是ansible默认的配置导致当basic_auth_username变量不存在时，会报错变量basic_auth_username未定义。
   此时需要修改ansible配置文件/etc/ansible/ansible.cfg，取消error_on_undefined_vars = False的注释，才可正常使用过滤器。
   ```