create molecule scenario for monitoring role

roles/common/handlers/main.yml

@@ -17,10 +17,6 @@
 - name: update postfix secrets
   command: postmap {{ postfix_sasl_secrets_path }}
 
-- name: reload nginx
-  include_tasks: ../handlers/nginx.yml
-  when: nginx_started is not changed
-
 - name: reload autofs
   service:
     name: autofs

roles/common/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+  - shared-handlers

roles/monitoring/defaults/main.yml

@@ -1,6 +1,7 @@
 ---
 # defaults file for roles/prometheus
 grafana_admin_user: admin
+grafana_admin_password: password
 grafana_domain: "{{ inventory_hostname }}"
 grafana_web_path: /grafana
 grafana_protocol: http
@@ -9,9 +10,11 @@ grafana_port: 3000
 prometheus_domain: "{{ inventory_hostname }}"
 prometheus_web_path: /prometheus
 prometheus_port: 9090
+prometheus_password: password
 
 nginx_default_path: "{{ grafana_web_path }}"
 
 alertmanager_domain: "{{ inventory_hostname }}"
 alertmanager_web_path: /alertmanager
 alertmanager_port: 9093
+alertmanager_password: password

roles/monitoring/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+  - shared-handlers

roles/monitoring/molecule/default/INSTALL.rst

@@ -0,0 +1,23 @@
+*********************************
+Vagrant driver installation guide
+*********************************
+
+Requirements
+============
+
+* Vagrant
+* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+    $ pip install 'molecule_vagrant'

roles/monitoring/molecule/default/converge.yml

@@ -0,0 +1,13 @@
+---
+- name: Converge
+  hosts: all
+  become: yes
+
+  pre_tasks:
+    - name: Install and configure node-exporter
+      import_role:
+        name: common
+        tasks_from: node_exporter.yml
+        
+  roles:
+    - monitoring

roles/monitoring/molecule/default/molecule.yml

@@ -0,0 +1,50 @@
+---
+.hardware: &hardware
+  memory: 1024
+  cpu: 2
+
+dependency:
+  name: galaxy
+driver:
+  name: vagrant
+  provider:
+    name: virtualbox
+platforms:
+  - name: debian-buster.mol
+    box: debian/buster64
+    <<: *hardware
+    interfaces:
+      - network_name: private_network
+        type: dhcp
+        auto_config: true
+      - network_name: forwarded_port
+        guest: 80
+        host: 18080
+      - network_name: forwarded_port
+        guest: 443
+        host: 18443
+    options:
+      append_platform_to_hostname: no
+  - name: ubuntu-focal.mol
+    box: ubuntu/focal64
+    <<: *hardware
+    interfaces:
+      - network_name: private_network
+        type: dhcp
+        auto_config: true
+      - network_name: forwarded_port
+        guest: 80
+        host: 28080
+      - network_name: forwarded_port
+        guest: 443
+        host: 28443
+    options:
+      append_platform_to_hostname: no
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      interpreter_python: /usr/bin/python3
+      vault_password_file: "${MOLECULE_PROJECT_DIRECTORY}/../../.vault.secret"
+verifier:
+  name: ansible

roles/monitoring/molecule/default/prepare.yml

@@ -0,0 +1,19 @@
+- hosts: all
+  become: yes
+
+  pre_tasks:
+  - name: Update apt cache
+    apt:
+      update_cache: yes
+      cache_valid_time: 3600
+
+  tasks:
+    - name: Install and configure UFW
+      import_role:
+        name: common
+        tasks_from: ufw.yml
+
+    - name: Install and configure Nginx
+      import_role:
+        name: common
+        tasks_from: nginx.yml

roles/monitoring/tasks/grafana.yml

@@ -1,36 +1,39 @@
-- name: add grafana GPG apt key
+- name: Install GPG package
+  package:
+    name: gpg
+    state: present
+
+- name: Add Grafana GPG apt key
   apt_key:
     url: https://packages.grafana.com/gpg.key
     state: present
 
-- block:
-  - name: add grafana repository
-    apt_repository:
-      repo: deb https://packages.grafana.com/oss/deb stable main
-      state: present
-    register: grafana_repo
-    notify: restart grafana
+- name: Add Grafana repository
+  apt_repository:
+    repo: deb https://packages.grafana.com/oss/deb stable main
+    state: present
+  register: grafana_repo
+  notify: restart grafana
 
-  - name: update apt cache
-    apt:
-      update_cache: yes
-      cache_valid_time: 3600
-    when: grafana_repo is changed
+- name: Update apt cache
+  apt:
+    update_cache: yes
+    cache_valid_time: 3600
+  when: grafana_repo is changed
 
-  - name: install grafana package
-    apt:
-      pkg: grafana
-      state: present
-    notify: restart grafana
+- name: Install grafana package
+  package:
+    name: grafana
+    state: present
+  notify: restart grafana
 
-- name: copy grafana config
+- name: Copy Grafana config
   template:
     src: grafana.ini.j2
     dest: /etc/grafana/grafana.ini
-  become: yes
   notify: restart grafana
     
-- name: enable grafana service
+- name: Start and enable Grafana service
   systemd:
     name: grafana-server
     state: started
@@ -53,12 +56,13 @@
       includes:
       - "{{ nginx_config_dir }}/{{ inventory_hostname }}.d/*.conf"
 
-- name: ensure nginx config directory exists
+- name: Ensure Nginx config directory exists
   file:
     path: "{{ nginx_config_dir }}/{{ inventory_hostname }}.d"
     state: directory
 
-- include_role:
+- name: Configure Nginx for Grafana
+  include_role:
     name: nginx
     tasks_from: configure
   vars:

roles/monitoring/tasks/main.yml

@@ -1,6 +1,5 @@
 ---
 - import_tasks: grafana.yml
-  become: yes
   tags: grafana
 - import_tasks: alertmanager.yml
   tags: alertmanager

roles/monitoring/vars/main.yml

@@ -0,0 +1,17 @@
+
+alertmanager_receivers:
+  - name: default-receiver
+    email_configs:
+      - to: ahoy@example.com
+
+alertmanager_route:
+  receiver: 'default-receiver'
+  group_wait: 30s
+  group_interval: 5m
+  repeat_interval: 3h
+
+alertmanager_smtp:
+  from: ahoy@example.com
+  smarthost: mail.example.com:587
+  auth_username: ahoy@example.com
+  auth_password: password

roles/nginx/defaults/main.yml

@@ -1,5 +1,6 @@
 ---
 # defaults file for roles/nginx
-nginx_user: www-data
-nginx_htpasswd_user: admin
+nginx_owner: www-data
+nginx_group: "{{ nginx_owner }}"
 nginx_template_file: nginx.conf.j2
+nginx_config_dir: /etc/nginx/conf.d

roles/nginx/tasks/configure.yml

@@ -5,15 +5,14 @@
     password: "{{ location.basic_auth.password }}"
     state: present
     create: yes
-    owner: "{{ nginx_user }}"
-    group: "{{ nginx_user }}"
+    owner: "{{ nginx_owner }}"
+    group: "{{ nginx_group }}"
     mode: 0600
   loop: "{{ nginx_server.locations }}"
   loop_control:
     loop_var: location
     label: "{{ location.path }}"
   when: "location.basic_auth is defined"
-  
   notify:
   - reload nginx
 
@@ -21,8 +20,8 @@
   template:
     src: "{{ nginx_template_file }}"
     dest: "{{ nginx_config_dir }}/{{ nginx_config_file }}"
-    owner: "{{ nginx_user }}"
-    group: "{{ nginx_user }}"
+    owner: "{{ nginx_owner }}"
+    group: "{{ nginx_group }}"
     mode: 0644
   notify:
   - reload nginx

roles/shared-handlers/handlers/main.yml

@@ -0,0 +1,2 @@
+- name: reload nginx
+  include_tasks: ../handlers/nginx.yml