Initial commit: Ansible configuration for monitoring stack

Contains: - Production inventory (inventories/production/hosts) - VictoriaMetrics installation (playbooks/monitoring/install_victoriametrics.yml) - Vault setup and secrets management (playbooks/vault/) - Base system configuration (playbooks/infrastructure/) - Directory structure for monitoring components
2026-02-02 11:22:24 +00:00
commit 30d35bc401
12 changed files with 548 additions and 0 deletions
--- a/playbooks/infrastructure/01-system-update.yml
+++ b/playbooks/infrastructure/01-system-update.yml
@ -0,0 +1,31 @@
+---
+- name: System update and cleanup
+  hosts: all_except_ansible
+  become: yes
+  
+  tasks:
+    - name: Stop unattended upgrades
+      systemd:
+        name: unattended-upgrades
+        state: stopped
+        
+    - name: Clean any apt locks
+      shell: |
+        pkill -9 apt-get apt dpkg 2>/dev/null || true
+        rm -f /var/lib/apt/lists/lock /var/lib/dpkg/lock*
+        dpkg --configure -a 2>/dev/null || true
+      ignore_errors: yes
+      
+    - name: Update apt cache
+      apt:
+        update_cache: yes
+        cache_valid_time: 86400
+        
+    - name: Upgrade system packages
+      apt:
+        upgrade: safe
+        autoremove: yes
+        
+    - name: Clean apt cache
+      apt:
+        autoclean: yes
--- a/playbooks/infrastructure/02-install-essentials.yml
+++ b/playbooks/infrastructure/02-install-essentials.yml
@ -0,0 +1,21 @@
+---
+- name: Install essential packages
+  hosts: all_except_ansible
+  become: yes
+  
+  tasks:
+    - name: Install system utilities
+      apt:
+        name:
+          - curl
+          - wget
+          - git
+          - htop
+          - net-tools
+          - ufw
+          - software-properties-common
+          - ca-certificates
+          - gnupg
+          - lsb-release
+        state: present
+        update_cache: yes
--- a/playbooks/monitoring/install_victoriametrics.yml
+++ b/playbooks/monitoring/install_victoriametrics.yml
@ -0,0 +1,162 @@
+---
+- name: Final VictoriaMetrics installation for LXC
+  hosts: 192.168.0.104
+  become: yes
+  
+  vars:
+    vm_port: "8428"
+    vm_retention: "30d"
+  
+  tasks:
+    - name: Display configuration
+      debug:
+        msg: |
+          === VictoriaMetrics Configuration ===
+          Port: {{ vm_port }}
+          Retention: {{ vm_retention }}
+          
+    - name: Stop and disable any existing service
+      systemd:
+        name: victoria-metrics
+        state: stopped
+        enabled: no
+        
+    - name: Remove old lock files
+      file:
+        path: "{{ item }}"
+        state: absent
+      loop:
+        - /var/lib/victoria-metrics-data/flock.lock
+        - /tmp/victoria-metrics-data/flock.lock
+        - /tmp/vm-test-data/flock.lock
+        
+    - name: Install dependencies
+      apt:
+        name:
+          - wget
+          - curl
+          - tar
+        state: present
+        update_cache: yes
+        
+    - name: Download VictoriaMetrics binary
+      get_url:
+        url: https://github.com/VictoriaMetrics/VictoriaMetrics/releases/download/v1.105.0/victoria-metrics-linux-amd64-v1.105.0.tar.gz
+        dest: /tmp/victoria-metrics.tar.gz
+        
+    - name: Extract and install binary
+      shell: |
+        cd /tmp
+        tar -xzf victoria-metrics.tar.gz
+        mv victoria-metrics-prod /usr/local/bin/
+        chmod +x /usr/local/bin/victoria-metrics-prod
+        
+    - name: Create data directory
+      file:
+        path: /var/lib/victoria-metrics-data
+        state: directory
+        owner: root
+        group: root
+        mode: '0755'
+        
+    - name: Create systemd service running as root (LXC workaround)
+      copy:
+        content: |
+          [Unit]
+          Description=VictoriaMetrics
+          After=network.target
+          
+          [Service]
+          Type=simple
+          User=root
+          Group=root
+          ExecStart=/usr/local/bin/victoria-metrics-prod \
+            -storageDataPath=/var/lib/victoria-metrics-data \
+            -retentionPeriod={{ vm_retention }} \
+            -httpListenAddr=0.0.0.0:{{ vm_port }} \
+            -loggerFormat=json \
+            -loggerLevel=INFO
+          Restart=on-failure
+          RestartSec=10
+          
+          [Install]
+          WantedBy=multi-user.target
+        dest: /etc/systemd/system/victoria-metrics.service
+        
+    - name: Reload systemd
+      systemd:
+        daemon_reload: yes
+        
+    - name: Enable and start service
+      systemd:
+        name: victoria-metrics
+        enabled: yes
+        state: started
+        
+    - name: Wait for port (с таймаутом на перезапуски)
+      wait_for:
+        port: "{{ vm_port }}"
+        delay: 15
+        timeout: 45
+      register: port_check
+      
+    - name: Check if service is actually running
+      shell: |
+        # Проверяем что процесс жив и порт слушается
+        netstat -tlnp 2>/dev/null | grep :{{ vm_port }} || ss -tlnp 2>/dev/null | grep :{{ vm_port }} || echo "Port not found"
+        ps aux | grep victoria-metrics-prod | grep -v grep | head -1 || echo "Process not found"
+      register: process_check
+      
+    - name: Show process check
+      debug:
+        var: process_check.stdout_lines
+        
+    - name: Test health endpoint
+      uri:
+        url: "http://localhost:{{ vm_port }}/health"
+        validate_certs: no
+        timeout: 5
+      register: health_check
+      
+    - name: Test metrics endpoint
+      uri:
+        url: "http://localhost:{{ vm_port }}/metrics"
+        validate_certs: no
+        timeout: 5
+      register: metrics_check
+      
+    - name: Create final report
+      debug:
+        msg: |
+          ============================================
+          VICTORIAMETRICS УСТАНОВКА ЗАВЕРШЕНА
+          ============================================
+          
+          🎯 Статус: {{ 'РАБОТАЕТ' if health_check.status == 200 else 'ЕСТЬ ПРОБЛЕМЫ' }}
+          
+          📊 Конфигурация:
+          - Порт: {{ vm_port }}
+          - Retention: {{ vm_retention }}
+          
+          ✅ Доступность:
+          - Health endpoint: {{ '✓' if health_check.status == 200 else '✗' }} (http://192.168.0.104:{{ vm_port }}/health)
+          - Metrics endpoint: {{ '✓' if metrics_check.status == 200 else '✗' }} (http://192.168.0.104:{{ vm_port }}/metrics)
+          - Web UI: http://192.168.0.104:{{ vm_port }}
+          
+          ⚙️ Для Prometheus:
+          - remote_write: http://192.168.0.104:{{ vm_port }}/api/v1/write
+          - remote_read: http://192.168.0.104:{{ vm_port }}/api/v1/read
+          
+          📝 Примечание:
+          В LXC контейнерах VictoriaMetrics может перезапускаться из-за lock файлов,
+          но порт продолжает работать и принимать данные.
+          
+          📈 Следующий шаг:
+          Установите Prometheus на 192.168.0.105 и настройте remote_write.
+          
+          ============================================
+          
+    - name: Clean up
+      file:
+        path: /tmp/victoria-metrics.tar.gz
+        state: absent
--- a/playbooks/vault/create_monitoring_secrets.yml
+++ b/playbooks/vault/create_monitoring_secrets.yml
@ -0,0 +1,68 @@
+---
+- name: Create monitoring secrets in Vault
+  hosts: localhost
+  connection: local
+  
+  vars:
+    vault_addr: "http://192.168.0.103:8200"
+    vault_token: "hvs.DhQx1U9igYhLfoUHIGtLgqs8"
+  
+  tasks:
+    - name: Create VictoriaMetrics secret
+      uri:
+        url: "{{ vault_addr }}/v1/secret/data/monitoring/victoriametrics"
+        method: POST
+        headers:
+          X-Vault-Token: "{{ vault_token }}"
+          Content-Type: application/json
+        body_format: json
+        body:
+          data:
+            host: "192.168.0.104"
+            port: "8428"
+            url: "http://192.168.0.104:8428"
+            retention_days: "30"
+            description: "VictoriaMetrics single instance"
+            
+    - name: Create Prometheus secret
+      uri:
+        url: "{{ vault_addr }}/v1/secret/data/monitoring/prometheus"
+        method: POST
+        headers:
+          X-Vault-Token: "{{ vault_token }}"
+          Content-Type: application/json
+        body_format: json
+        body:
+          data:
+            host: "192.168.0.105"
+            port: "9090"
+            scrape_interval: "30s"
+            
+    - name: Create Grafana secret
+      uri:
+        url: "{{ vault_addr }}/v1/secret/data/monitoring/grafana"
+        method: POST
+        headers:
+          X-Vault-Token: "{{ vault_token }}"
+          Content-Type: application/json
+        body_format: json
+        body:
+          data:
+            host: "192.168.0.106"
+            port: "3000"
+            admin_user: "admin"
+            admin_password: "admin123"
+            
+    - name: Verify secrets created
+      uri:
+        url: "{{ vault_addr }}/v1/secret/metadata"
+        method: LIST
+        headers:
+          X-Vault-Token: "{{ vault_token }}"
+        return_content: yes
+        validate_certs: no
+      register: secrets_list
+      
+    - name: Show created secrets
+      debug:
+        msg: "Secrets in Vault: {{ (secrets_list.content | from_json).data.keys }}"
--- a/playbooks/vault/setup_vault.yml
+++ b/playbooks/vault/setup_vault.yml
@ -0,0 +1,16 @@
+---
+- name: Setup HashiCorp Vault
+  hosts: 192.168.0.103
+  become: yes
+  
+  tasks:
+    - name: Check Vault status
+      uri:
+        url: http://localhost:8200/v1/sys/health
+        validate_certs: no
+      register: vault_status
+      ignore_errors: yes
+      
+    - name: Display Vault status
+      debug:
+        msg: "Vault status: {{ vault_status.status }}"