89 lines
1.7 KiB
YAML
89 lines
1.7 KiB
YAML
- name: ensure promtail user is a member of systemd-journal group
|
|
user:
|
|
name: promtail
|
|
system: true
|
|
groups: systemd-journal
|
|
append: true
|
|
shell: /bin/false
|
|
state: present
|
|
tags:
|
|
- user
|
|
|
|
- name: ensure promtail is configured
|
|
copy:
|
|
content: |
|
|
{{ promtail_config | to_nice_yaml(indent=2) }}
|
|
dest: /etc/promtail/config.yml
|
|
mode: u=rw,go=r
|
|
owner: root
|
|
group: root
|
|
notify:
|
|
- restart promtail
|
|
tags:
|
|
- config
|
|
|
|
- name: ensure promtail ca certificate is set
|
|
copy:
|
|
content: |-
|
|
{{ promtail_ca }}
|
|
dest: /etc/promtail/ca.crt
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
notify:
|
|
- restart promtail
|
|
tags:
|
|
- config
|
|
- cert
|
|
|
|
- name: ensure promtail systemd unit extension directory exists
|
|
file:
|
|
path: /etc/systemd/system/promtail.service.d
|
|
owner: root
|
|
group: root
|
|
mode: u=rwx,go=rx
|
|
state: directory
|
|
tags:
|
|
- systemd
|
|
- name: ensure promtail service capabilities are configured
|
|
template:
|
|
src: capabilities.conf.j2
|
|
dest: /etc/systemd/system/promtail.service.d/capabilities.conf
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
notify:
|
|
- reload systemd
|
|
- restart promtail
|
|
tags:
|
|
- systemd
|
|
|
|
- name: ensure promtail service starts at boot
|
|
service:
|
|
name: promtail
|
|
enabled: true
|
|
tags:
|
|
- service
|
|
|
|
- meta: flush_handlers
|
|
|
|
- name: ensure promtail is running
|
|
service:
|
|
name: promtail
|
|
state: started
|
|
tags:
|
|
- service
|
|
|
|
- name: ensure promtail http port is open in the firewall
|
|
firewalld:
|
|
port: >-
|
|
{{ promtail_config.server.http_listen_port }}/tcp
|
|
permanent: true
|
|
immediate: true
|
|
state: enabled
|
|
when: >-
|
|
promtail_config.server.http_listen_port|d(0) > 0
|
|
and host_uses_firewalld|d(true)
|
|
tags:
|
|
- firewall
|