Initial Cortex role

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2020 Pawel Krupa and Julien Pivotto
+Copyright (c) 2020 Pawel Krupa, Matthias Antierens and Julien Pivotto
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -7,7 +7,7 @@
 
 ## Description
 
-Deploy [cortex](https://github.com/prometheus/cortex) using ansible.
+Deploy [cortex](https://github.com/cortexproject/cortex) using ansible.
 
 ## Requirements
 
@@ -19,7 +19,26 @@ All variables which can be overridden are stored in [defaults/main.yml](defaults
 
 | Name           | Default Value | Description                        |
 | -------------- | ------------- | -----------------------------------|
-| `cortex_web_listen_address` | "0.0.0.0:<<PORT>>" | Address on which cortex will listen |
+| `cortex_web_listen_address` | "0.0.0.0:9009" | Address on which cortex will listen |
+| `cortex_binary_local_dir` | "" | Allows to use local packages instead of ones distributed on github. As parameter it takes a directory where `cortex` binaries are stored on host on which ansible is ran. This overrides `cortex_version` parameter |
+| `cortex_interface` | "{{ ansible_default_ipv4.interface }}" | Network adapter that cortex will be using |
+| `cortex_config_dir` | "/etc/cortex" | Default directory for the cortex config |
+| `cortex_db_dir` | "/var/lib/cortex" | Path to the directory of the Cortex database |
+| `cortex_system_user` | "cortex" | Default Cortex user |
+| `cortex_system_group` | "cortex" | Default Cortex group |
+| `cortex_version` | "1.4.0-rc.1" | The cortex package version |
+| `cortex_auth_enabled` | "false" | Enables of disables the Cortex authentication |
+| `cortex_server` | [From block storage example][bse] | Cortex server. Compatible with [official configuration](https://cortexmetrics.io/docs/configuration/configuration-file/#server_config) |
+| `cortex_distributor` | [From block storage example][bse] | Cortex distributor. Compatible with [official configuration](https://cortexmetrics.io/docs/configuration/configuration-file/#distributor_config) |
+| `cortex_ingester_client` | [From block storage example][bse] | Cortex ingester client. Compatible with [official configuration](https://cortexmetrics.io/docs/configuration/configuration-file/#ingester_client_config) |
+| `cortex_ingester` | [From block storage example][bse] | Cortex ingester. Compatible with [official configuration](https://cortexmetrics.io/docs/configuration/configuration-file/#ingester_config) |
+| `cortex_storage` | [From block storage example][bse] | Cortex storage. Compatible with [official configuration](https://cortexmetrics.io/docs/configuration/configuration-file/#storage_config) |
+| `cortex_blocks_storage` | [From block storage example][bse] | Cortex blocks storage. Compatible with [official configuration](https://cortexmetrics.io/docs/configuration/configuration-file/#blocks_storage_config) |
+| `cortex_compactor` | [From block storage example][bse] | Cortex compactor. Compatible with [official configuration](https://cortexmetrics.io/docs/configuration/configuration-file/#compactor_config) |
+| `cortex_frontend_worker` | [From block storage example][bse] | Cortex frontend worker. Compatible with [official configuration](https://cortexmetrics.io/docs/configuration/configuration-file/#frontend_worker_config) |
+| `cortex_ruler` | [From block storage example][bse] | Cortex ruler. Compatible with [official configuration](https://cortexmetrics.io/docs/configuration/configuration-file/#ruler_config) |
+
+[bse]:https://github.com/cortexproject/cortex/blob/master/docs/configuration/single-process-config-blocks.yaml
 
 ## Example
 
@@ -31,11 +50,6 @@ Use it in a playbook as follows:
   roles:
     - cloudalchemy.cortex
 ```
-
-### Demo site
-
-We provide demo site for full monitoring solution based on prometheus and grafana. Repository with code and links to running instances is [available on github](https://github.com/prometheus/demo-site) and site is hosted on [DigitalOcean](https://digitalocean.com).
-
 ## Local Testing
 
 The preferred way of locally testing the role is to use Docker and [molecule](https://github.com/metacloud/molecule) (v2.x). You will have to install Docker on your system. See "Get started" for a Docker package suitable to for your system.

defaults/main.yml

@@ -1,2 +1,80 @@
 ---
-cortex_web_listen_address: "0.0.0.0:<<PORT>>"
+cortex_web_listen_address: "0.0.0.0:9009"
+cortex_binary_local_dir: ''
+cortex_skip_install: false
+
+cortex_interface: "{{ ansible_default_ipv4.interface }}"
+
+cortex_config_file: 'cortex.yml.j2'
+cortex_config_dir: /etc/cortex
+cortex_db_dir: /var/lib/cortex
+
+cortex_system_user: "cortex"
+cortex_system_group: "cortex"
+
+cortex_version: 1.4.0-rc.1
+
+cortex_auth_enabled: false
+
+cortex_server:
+  http_listen_port: 9009
+
+  # Configure the server to allow messages up to 100MB.
+  grpc_server_max_recv_msg_size: 104857600
+  grpc_server_max_send_msg_size: 104857600
+  grpc_server_max_concurrent_streams: 1000
+
+cortex_distributor:
+  shard_by_all_labels: true
+  pool:
+    health_check_ingesters: true
+
+cortex_ingester_client:
+  grpc_client_config:
+    max_recv_msg_size: 104857600
+    max_send_msg_size: 104857600
+    grpc_compression: gzip
+
+cortex_ingester:
+  lifecycler:
+    interface_names: [ "{{ cortex_interface }}" ]
+    join_after: 0
+    min_ready_duration: 0s
+    final_sleep: 0s
+    num_tokens: 512
+
+    ring:
+      kvstore:
+        store: inmemory
+      replication_factor: 1
+
+cortex_storage:
+  engine: blocks
+
+cortex_blocks_storage:
+  tsdb:
+    dir: /tmp/cortex/tsdb
+
+  bucket_store:
+    sync_dir: /tmp/cortex/tsdb-sync
+
+  backend: filesystem
+  filesystem:
+    dir: ./data/tsdb
+
+cortex_compactor:
+  data_dir: /tmp/cortex/compactor
+  sharding_ring:
+    kvstore:
+      store: inmemory
+
+cortex_frontend_worker:
+  match_max_concurrent: true
+
+cortex_ruler:
+  enable_api: true
+  enable_sharding: false
+  storage:
+    type: local
+    local:
+      directory: "{{ cortex_config_dir }}/rules"

handlers/main.yml

@@ -5,3 +5,8 @@
     daemon_reload: true
     name: cortex
     state: restarted
+- name: reload cortex
+  become: true
+  systemd:
+    name: cortex
+    state: reloaded

meta/main.yml

@@ -1,6 +1,6 @@
 ---
 galaxy_info:
-  author: Julien Pivotto, Pawel Krupa
+  author: Matthias Antierens, Julien Pivotto
   description: Deploy cortex
   role_name: cortex
   license: MIT

molecule/alternative/playbook.yml

@@ -1,6 +1,11 @@
 ---
-- hosts: all
+- name: Run role
+  hosts: all
   any_errors_fatal: true
   roles:
     - ansible-cortex
-  vars: []
+  vars:
+    cortex_config_dir: /cortex
+    cortex_db_dir: /cortexdb
+    cortex_system_user: "vortex"
+    cortex_system_group: "vortex"

molecule/alternative/tests/test_alternative.py

@@ -1,6 +1,52 @@
 import pytest
 import os
+import yaml
 import testinfra.utils.ansible_runner
 
+
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+@pytest.fixture()
+def AnsibleDefaults():
+    with open("../../defaults/main.yml", 'r') as stream:
+        return yaml.load(stream)
+
+
+@pytest.mark.parametrize("dirs", [
+    "/cortex",
+    "/cortex/rules",
+    "/cortexdb"
+])
+def test_directories(host, dirs):
+    d = host.file(dirs)
+    assert d.is_directory
+    assert d.exists
+
+
+@pytest.mark.parametrize("files", [
+    "/cortex/cortex.yml",
+    "/etc/systemd/system/cortex.service",
+    "/usr/local/bin/cortex-linux-amd64",
+])
+def test_files(host, files):
+    f = host.file(files)
+    assert f.exists
+    assert f.is_file
+
+
+def test_user(host):
+    assert host.group("vortex").exists
+    assert host.user("vortex").exists
+
+
+def test_service(host):
+    s = host.service("cortex")
+    # assert s.is_enabled
+    assert s.is_running
+
+
+def test_socket(host):
+    s = host.socket("tcp://0.0.0.0:9009")
+    assert s.is_listening

molecule/default/playbook.yml

@@ -2,4 +2,4 @@
 - hosts: all
   any_errors_fatal: true
   roles:
-    - ansible-cortex
+    - name: ansible-cortex

molecule/default/tests/test_default.py

@@ -1,5 +1,52 @@
+import pytest
 import os
+import yaml
 import testinfra.utils.ansible_runner
 
+
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+@pytest.fixture()
+def AnsibleDefaults():
+    with open("../../defaults/main.yml", 'r') as stream:
+        return yaml.load(stream)
+
+
+@pytest.mark.parametrize("dirs", [
+    "/etc/cortex",
+    "/etc/cortex/rules",
+    "/var/lib/cortex"
+])
+def test_directories(host, dirs):
+    d = host.file(dirs)
+    assert d.is_directory
+    assert d.exists
+
+
+@pytest.mark.parametrize("files", [
+    "/etc/cortex/cortex.yml",
+    "/etc/systemd/system/cortex.service",
+    "/usr/local/bin/cortex-linux-amd64",
+])
+def test_files(host, files):
+    f = host.file(files)
+    assert f.exists
+    assert f.is_file
+
+
+def test_user(host):
+    assert host.group("cortex").exists
+    assert host.user("cortex").exists
+
+
+def test_service(host):
+    s = host.service("cortex")
+    # assert s.is_enabled
+    assert s.is_running
+
+
+def test_socket(host):
+    s = host.socket("tcp://0.0.0.0:9009")
+    assert s.is_listening

tasks/configure.yml

@@ -7,3 +7,14 @@
     group: root
     mode: 0644
   notify: restart cortex
+
+- name: configure cortex
+  template:
+    src: "{{ cortex_config_file }}"
+    dest: "{{ cortex_config_dir }}/cortex.yml"
+    force: true
+    owner: root
+    group: "{{ cortex_system_user }}"
+    mode: 0640
+  notify:
+    - reload cortex

tasks/install.yml

@@ -14,3 +14,94 @@
     system: true
     createhome: false
     home: /
+
+- name: create cortex data directory
+  file:
+    path: "{{ cortex_db_dir }}"
+    state: directory
+    owner: "{{ cortex_system_user }}"
+    group: "{{ cortex_system_group }}"
+    mode: 0755
+
+
+- name: create cortex configuration directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ cortex_system_user }}"
+    group: "{{ cortex_system_group }}"
+    mode: 0770
+  with_items:
+    - "{{ cortex_config_dir }}"
+    - "{{ cortex_config_dir }}/rules"
+
+- block:
+    - name: download cortex binary and install it
+      become: false
+      get_url:
+        url: "https://github.com/cortexproject/cortex/releases/download/v{{ cortex_version  }}/cortex-linux-amd64"
+        dest: "/tmp/cortex-linux-amd64"
+        checksum: "sha256:{{ __cortex_checksum }}"
+      register: _download_archive
+      until: _download_archive is succeeded
+      retries: 5
+      delay: 2
+      delegate_to: localhost
+      check_mode: false
+
+    - name: propagate official cortex
+      copy:
+        src: "/tmp/cortex-linux-amd64"
+        dest: "{{ _cortex_binary_install_dir }}/cortex-linux-amd64"
+        mode: 0755
+        owner: root
+        group: root
+      notify: restart cortex
+
+  when:
+    - cortex_binary_local_dir | length == 0
+    - not cortex_skip_install
+
+- name: propagate locally distributed cortex
+  copy:
+    src: "{{ cortex_binary_local_dir }}/cortex-linux-amd64"
+    dest: "{{ _cortex_binary_install_dir }}/cortex-linux-amd64"
+    mode: 0755
+    owner: root
+    group: root
+  when:
+    - cortex_binary_local_dir | length > 0
+    - not cortex_skip_install
+
+- name: create systemd service unit
+  template:
+    src: cortex.service.j2
+    dest: /etc/systemd/system/cortex.service
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - restart cortex
+
+- name: Install SELinux dependencies
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ cortex_selinux_packages }}"
+  register: _install_packages
+  until: _install_packages is succeeded
+  retries: 5
+  delay: 2
+  when:
+    - ansible_version.full is version('2.4', '>=')
+    - ansible_selinux.status == "enabled"
+
+- name: Allow cortex to bind to port in SELinux
+  seport:
+    ports: "{{ cortex_web_listen_address.split(':')[1] }}"
+    proto: tcp
+    setype: http_port_t
+    state: present
+  when:
+    - ansible_version.full is version('2.4', '>=')
+    - ansible_selinux.status == "enabled"