itamae/cookbooks/prometheus/alertmanager_setup.rb

102 lines
2.0 KiB
Ruby
Raw Normal View History

# Create `/etc/prometheus.d/alerts`:
%w(/etc/prometheus.d/alerts).each do |d|
directory d do
owner 'root'
group 'root'
mode '0755'
end
end
# Deploy `alertmanager` file:
2023-02-05 04:35:44 +00:00
encrypted_remote_file '/etc/prometheus.d/alertmanager.yml' do
owner 'root'
group 'root'
mode '644'
source 'files/etc/prometheus.d/alertmanager.yml/'
password ENV['ITAMAE_PASSWORD']
2023-02-21 14:12:51 +00:00
notifies :restart, 'service[alertmanager]'
end
# Deploy alert setting file:
%w(node_exporter prometheus filestat services snmp).each do |conf|
2020-07-18 16:06:26 +00:00
remote_file "/etc/prometheus.d/alerts/#{conf}.yml" do
owner 'root'
group 'root'
mode '644'
2023-02-21 14:12:51 +00:00
notifies :restart, 'service[prometheus]'
2020-07-18 16:06:26 +00:00
end
end
# Deploy `systemd` config for `alertmanager`:
remote_file '/etc/systemd/system/alertmanager.service' do
owner 'root'
group 'root'
mode '644'
end
service 'alertmanager' do
action [:enable, :start]
end
# Deploy `rsyslog` config for `alertmanager`:
remote_file '/etc/rsyslog.d/30-alertmanager.conf' do
owner 'root'
group 'root'
mode '644'
notifies :restart, 'service[rsyslog]'
end
service 'rsyslog' do
action :nothing
end
# Deploy `logroted` config for `alertmanager`:
remote_file '/etc/logrotate.d/alertmanager' do
owner 'root'
group 'root'
mode '644'
end
# Deploy `vector` config for `alertmanager`:
remote_file '/etc/vector/alertmanager.toml' do
owner 'root'
group 'root'
mode '644'
notifies :restart, 'service[vector-alertmanager]'
end
remote_file '/etc/systemd/system/vector-alertmanager.service' do
owner 'root'
group 'root'
mode '644'
notifies :restart, 'service[vector-alertmanager]'
end
service 'vector-alertmanager' do
action [:enable, :start]
end
# Firewall settings here:
%w( 9093/tcp ).each do |p|
execute "ufw allow #{p}" do
user 'root'
not_if "LANG=c ufw status | grep #{p}"
notifies :run, 'execute[ufw reload-or-enable]'
end
end
execute 'ufw reload-or-enable' do
user 'root'
command 'LANG=C ufw reload | grep skipping && ufw --force enable || exit 0'
action :nothing
end