102 lines
2.0 KiB
Ruby
102 lines
2.0 KiB
Ruby
# Create `/etc/prometheus.d/alerts`:
|
|
%w(/etc/prometheus.d/alerts).each do |d|
|
|
directory d do
|
|
owner 'root'
|
|
group 'root'
|
|
mode '0755'
|
|
end
|
|
end
|
|
|
|
# Deploy `alertmanager` file:
|
|
encrypted_remote_file '/etc/prometheus.d/alertmanager.yml' do
|
|
owner 'root'
|
|
group 'root'
|
|
mode '644'
|
|
|
|
source 'files/etc/prometheus.d/alertmanager.yml/'
|
|
password ENV['ITAMAE_PASSWORD']
|
|
|
|
notifies :restart, 'service[alertmanager]'
|
|
end
|
|
|
|
# Deploy alert setting file:
|
|
%w(node_exporter prometheus filestat services snmp).each do |conf|
|
|
remote_file "/etc/prometheus.d/alerts/#{conf}.yml" do
|
|
owner 'root'
|
|
group 'root'
|
|
mode '644'
|
|
|
|
notifies :restart, 'service[prometheus]'
|
|
end
|
|
end
|
|
|
|
# Deploy `systemd` config for `alertmanager`:
|
|
remote_file '/etc/systemd/system/alertmanager.service' do
|
|
owner 'root'
|
|
group 'root'
|
|
mode '644'
|
|
end
|
|
|
|
service 'alertmanager' do
|
|
action [:enable, :start]
|
|
end
|
|
|
|
# Deploy `rsyslog` config for `alertmanager`:
|
|
remote_file '/etc/rsyslog.d/30-alertmanager.conf' do
|
|
owner 'root'
|
|
group 'root'
|
|
mode '644'
|
|
|
|
notifies :restart, 'service[rsyslog]'
|
|
end
|
|
|
|
service 'rsyslog' do
|
|
action :nothing
|
|
end
|
|
|
|
# Deploy `logroted` config for `alertmanager`:
|
|
remote_file '/etc/logrotate.d/alertmanager' do
|
|
owner 'root'
|
|
group 'root'
|
|
mode '644'
|
|
end
|
|
|
|
# Deploy `vector` config for `alertmanager`:
|
|
remote_file '/etc/vector/alertmanager.toml' do
|
|
owner 'root'
|
|
group 'root'
|
|
mode '644'
|
|
|
|
notifies :restart, 'service[vector-alertmanager]'
|
|
end
|
|
|
|
remote_file '/etc/systemd/system/vector-alertmanager.service' do
|
|
owner 'root'
|
|
group 'root'
|
|
mode '644'
|
|
|
|
notifies :restart, 'service[vector-alertmanager]'
|
|
end
|
|
|
|
service 'vector-alertmanager' do
|
|
action [:enable, :start]
|
|
end
|
|
|
|
# Firewall settings here:
|
|
%w( 9093/tcp ).each do |p|
|
|
execute "ufw allow #{p}" do
|
|
user 'root'
|
|
|
|
not_if "LANG=c ufw status | grep #{p}"
|
|
|
|
notifies :run, 'execute[ufw reload-or-enable]'
|
|
end
|
|
end
|
|
|
|
execute 'ufw reload-or-enable' do
|
|
user 'root'
|
|
command 'LANG=C ufw reload | grep skipping && ufw --force enable || exit 0'
|
|
|
|
action :nothing
|
|
end
|