Merge pull request 'node-exporters' (#5) from node-exporters into main

Reviewed-on: http://192.168.2.61/DmitriyA/ansible-playbooks/pulls/5

.gitignore

@@ -1,2 +1,2 @@
-**/inventory.ini
 .vscode/settings.json
+.idea

docker/inventory.ini

@@ -0,0 +1,2 @@
+[developers]
+192.168.2.39 ansible_user=developers ansible_password=developers ansible_become_pass=developers

docker/roles/docker-common/README.md

@@ -1,38 +1,37 @@
-Role Name
+# Роль Ansible: Установка Docker
-=========
 
-A brief description of the role goes here.
+## Описание
 
-Requirements
+Данная роль предназначена для установки и настройки Docker на серверах с Debian/Ubuntu. В рамках выполнения роли:
-------------
 
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+1. Удаляются старые версии Docker и связанных пакетов.
+2. Обновляется кэш `apt`.
+3. Устанавливаются необходимые пакеты для работы с репозиториями.
+4. Загружается GPG-ключ Docker и добавляется официальный репозиторий.
+5. Обновляется кэш пакетов после добавления репозитория.
+6. Устанавливаются необходимые компоненты Docker.
+7. Обеспечивается запуск и автозапуск службы Docker.
 
-Role Variables
+## Требования
---------------
 
-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+- Поддерживаемая версия ОС: Debian/Ubuntu
+- Ansible с правами `root` (например, через `become: yes`)
 
-Dependencies
+## Зависимости
-------------
 
-A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+Данная роль не имеет зависимостей от других ролей.
 
-Example Playbook
+## Пример Playbook
-----------------
 
-Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+Пример использования роли в Playbook:
 
-    - hosts: servers
+```yaml
-      roles:
+- hosts: all
-         - { role: username.rolename, x: 42 }
+  become: yes
+  roles:
+    - docker-install
+```
 
-License
+## Автор
--------
 
-BSD
+Автор: [Юрий Обрезков]
-
-Author Information
-------------------
-
-An optional section for the role authors to include contact information, or a website (HTML is not allowed).

docker/roles/docker-common/tasks/main.yml

@@ -11,48 +11,42 @@
     - podman-docker
     - containerd
     - runc
-  become: yes
 
-- name: Update apt cache
+- name: Update APT cache
   apt:
     update_cache: yes
-  become: yes
 
-- name: Install required packages
+- name: Install dependencies
   apt:
     name:
       - ca-certificates
       - curl
+      - gnupg
     state: present
-  become: yes
 
-- name: Create directory for Docker keyring
+- name: Create directory for GPG keys
   file:
     path: /etc/apt/keyrings
     state: directory
     mode: '0755'
-  become: yes
 
 - name: Download Docker GPG key
   get_url:
     url: https://download.docker.com/linux/debian/gpg
     dest: /etc/apt/keyrings/docker.asc
     mode: '0644'
-  become: yes
 
 - name: Add Docker repository
-  apt_repository:
+  shell: |
-    repo: "deb [arch={{ ansible_architecture }} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \
-    state: present
+    https://download.docker.com/linux/debian $(lsb_release -cs) stable" \
-    filename: docker.list
+    | tee /etc/apt/sources.list.d/docker.list > /dev/null
-  become: yes
 
-- name: Update apt cache after adding Docker repository
+- name: Update APT cache after adding Docker repository
   apt:
     update_cache: yes
-  become: yes
 
-- name: Install Docker packages
+- name: Install Docker and required packages
   apt:
     name:
       - docker-ce
@@ -61,11 +55,9 @@
       - docker-buildx-plugin
       - docker-compose-plugin
     state: present
-  become: yes
 
-- name: Ensure Docker service is running and enabled
+- name: Enable and start Docker service
-  service:
+  systemd:
     name: docker
-    state: started
     enabled: yes
-  become: yes
+    state: started

inventory.ini

@@ -1,10 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-36326338343966663165373732326261623264396335386137356339363562353364373434313938
-3335353137343230306563623464336630343532353035610a383736643433376133393038623135
-34313638383030613464366537653735613166353264646263643433613161393666356461666633
-3331366464393830620a313566623035636337323864393366316334343063323761626462303936
-64626530663763336436396164363931393034353834666538383761303634666531396464316430
-63646438633062303363383135396662653733336330353462663433306534383936373334386466
-65303034323436363830383361366535663238316561393365353864323337666330326635323261
-31306265326362653835633839343961646265643730333961616633316136313832303730373362
-66373532333634373165336665303363663565643833333230616332643866323562

k8s/inventory.ini

@@ -1,5 +0,0 @@
-[master]
-192.168.2.34 ansible_user=user ansible_password=k8sstand1 ansible_become_pass=k8sstand1
-
-[worker]
-192.168.2.35 ansible_user=user ansible_password=k8sstand2 ansible_become_pass=k8sstand2

k8s/roles/common-kubernetes/README.md

@@ -1,20 +1,39 @@
-Role Name
+# Роль Ansible: node-exporters-common
-=========
 
-Это базовый набор, необходимый для инициализации кластера.
+## Описание
-Тут происходит установка всех модулей, необходимых для настройки кластера K8s
 
-Requirements
+Данная роль предназначена для установки и настройки **Node Exporter** для сбора метрик с хостов и их отправки в Prometheus. В рамках выполнения роли:
-------------
 
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+1. Устанавливается и запускается контейнер **Node Exporter**.
+2. Настроены необходимые параметры для работы контейнера, включая монтирование файловой системы хоста и правильную настройку прав.
+3. Контейнер настраивается с использованием параметров, таких как `--path.rootfs=/host` для корректной работы с файловой системой хоста.
 
-Role Variables
+## Требования
---------------
 
-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+- Поддерживаемая версия ОС: Debian/Ubuntu, CentOS, RHEL
+- Установлен Docker на целевых хостах.
+- Ansible с правами `root` (например, через `become: yes`)
 
-Dependencies
+## TODO: Переменные роли 
-------------
 
-A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+| Переменная                | Значение по умолчанию                   | Описание |
+|--------------------------|----------------------------------------|----------|
+| `node_exporter_image`     | `quay.io/prometheus/node-exporter:latest` | Образ контейнера для Node Exporter |
+| `node_exporter_container_name` | `node_exporter`                    | Имя контейнера Node Exporter |
+| `node_exporter_restart_policy` | `always`                           | Политика перезапуска контейнера |
+| `node_exporter_volumes`   | `['/host:/host:ro,rslave']`            | Монтирование томов для доступа к файловой системе хоста |
+| `node_exporter_command`   | `'--path.rootfs=/host'`                | Команда для запуска контейнера |
+
+## Зависимости
+
+Данная роль не имеет зависимостей от других ролей.
+
+## Пример Playbook
+
+Пример использования роли в Playbook:
+
+```yaml
+- hosts: all
+  become: yes
+  roles:
+    - node-exporters-common

k8s/roles/kubernetes-master/README.md

@@ -1,20 +1,45 @@
-Role Name
+# Роль Ansible: Инициализация мастер-ноды K8s
-=========
 
-Здесь производится инициализация мастер ноды.
+## Описание
 
-Requirements
+Данная роль предназначена для настройки и инициализации мастер-ноды в кластере Kubernetes. В рамках выполнения роли:
-------------
 
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+1. Инициализируется мастер-узел Kubernetes с заданными параметрами.
+2. Создается директория `.kube` для хранения конфигурации Kubernetes.
+3. Копируется конфигурационный файл `kubeconfig` в домашний каталог пользователя.
+4. Устанавливаются корректные права доступа для `kubeconfig`.
+5. Устанавливается сетевой аддон Flannel.
 
-Role Variables
+## Требования
---------------
 
-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+- Поддерживаемая версия ОС: Debian/Ubuntu
+- Ansible с правами `root` (например, через `become: yes`)
 
-Dependencies
+## Переменные роли
-------------
 
-A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+| Переменная         | Значение по умолчанию |
--------------
+|-------------------|--------------------|
+| `cidr_network`    | `10.244.0.0/16` |
+| `host_ip_address` | `192.168.2.34` |
+| `ansible_user_dir` | `/home/user` |
+| `ansible_user_id` | `1000` |
+| `ansible_user_gid` | `1000` |
+
+## Зависимости
+
+Данная роль не имеет зависимостей от других ролей.
+
+## Пример Playbook
+
+Пример использования роли в Playbook:
+
+```yaml
+- hosts: all
+  become: yes
+  roles:
+    - kubernetes-master
+```
+
+## Автор
+
+Автор: [Юрий обрезков]

k8s/roles/kubernetes-worker/README.md

@@ -1,20 +1,35 @@
-Role Name
+# Роль Ansible: Инициализация worker-ноды K8s
-=========
 
-Здесь воркер присоединяется к кластеру с помощью токена присоединения, который достаётся из мастеры ноды. Для каждого кластера рекомендуется использовать группировку по [master] [worker], а так же самим указывать необходимые значения (как минимум креды)
+## Описание
 
-Requirements
+Данная роль предназначена для присоединения worker-узлов к кластеру Kubernetes. В рамках выполнения роли:
-------------
 
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+1. Генерируется токен присоединения на мастер-ноде.
+2. Токен передается в worker-ноды.
+3. Проверяется, был ли узел уже добавлен в кластер.
+4. Выполняется присоединение worker-ноды к кластеру.
 
-Role Variables
+## Требования
---------------
 
-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+- Поддерживаемая версия ОС: Debian/Ubuntu
+- Ansible с правами `root` (например, через `become: yes`)
+- Группировка хостов в `inventory` по `[master]` и `[worker]`
 
-Dependencies
+## Зависимости
-------------
 
-A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+Данная роль не имеет зависимостей от других ролей.
 
+## Пример Playbook
+
+Пример использования роли в Playbook:
+
+```yaml
+- hosts: workers
+  become: yes
+  roles:
+    - kubernetes-worker
+```
+
+## Автор
+
+Автор: [Юрий Обрезков]

monitoring/inventory.ini

@@ -0,0 +1,2 @@
+[prometheus]
+192.168.2.34 ansible_user=user ansible_password=k8sstand1 ansible_become_pass=k8sstand1

monitoring/main.yml

@@ -0,0 +1,13 @@
+- name: Installing prometheus
+  become: yes
+  hosts: all
+  roles:
+    - role: prometheus-common
+      tags: prometheus
+
+- name: Installing grafana
+  become: yes
+  hosts: all
+  roles:
+    - role: grafana-common
+      tags: grafana

monitoring/roles/grafana-common/README.md

@@ -0,0 +1,24 @@
+# grafana
+
+## Описание роли
+
+Эта роль предназначена для установки и настройки Grafana на целевой машине. Она скачивает нужный deb-пакет, устанавливает все необходимые зависимости, выполняет установку Grafana, а также настраивает и запускает сервис Grafana.
+
+## Требования
+
+- Ansible версии 2.9 или выше
+- Операционная система на базе Debian (Ubuntu, Debian и другие)
+
+## Переменные роли
+
+Следующие переменные могут быть настроены в файле `vars/main.yml`, `defaults/main.yml` или переданы непосредственно в playbook:
+
+- `grafana_version`: Версия Grafana для установки. По умолчанию `"11.4.0"`.
+- `grafana_arch`: Архитектура системы для пакета Grafana. По умолчанию `"amd64"`.
+- `destination_directory`: Каталог для загрузки пакета. По умолчанию `"/home/user"`.
+
+Эти переменные можно изменить в соответствии с требованиями вашей системы.
+
+## Зависимости
+
+Нет.

monitoring/roles/grafana-common/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for grafana-common

monitoring/roles/grafana-common/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for grafana-common

monitoring/roles/grafana-common/meta/main.yml

@@ -0,0 +1,34 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

monitoring/roles/grafana-common/tasks/main.yml

@@ -0,0 +1,34 @@
+---
+- name: Download Grafana deb package
+  ansible.builtin.get_url:
+    url: "https://dl.grafana.com/oss/release/grafana_{{ grafana_version }}_{{ grafana_arch }}.deb"
+    dest: "{{ destination_directory }}"  
+- name: Update repos and upgrade system
+  apt:
+    update_cache: yes
+    upgrade: dist
+    autoremove: yes
+        
+- name: Install dependencies
+  apt:
+    name:
+      - adduser
+      - libfontconfig1
+      - musl
+    state: present
+        
+- name: Install Grafana from deb package
+  ansible.builtin.apt:
+    deb: "{{ destination_directory }}/grafana_{{ grafana_version }}_{{ grafana_arch }}.deb"
+    state: present
+        
+- name: Remove downloaded deb package
+  ansible.builtin.file:
+    path: "{{ destination_directory }}/grafana_{{ grafana_version }}_{{ grafana_arch }}.deb"
+    state: absent
+        
+- name: Enable and start Grafana service
+  ansible.builtin.systemd:
+    name: grafana-server
+    enabled: yes
+    state: started

monitoring/roles/grafana-common/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

monitoring/roles/grafana-common/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - grafana-common

monitoring/roles/grafana-common/vars/main.yml

@@ -0,0 +1,4 @@
+---
+grafana_version: 11.4.0
+grafana_arch: amd64
+destination_directory: /home/user

monitoring/roles/prometheus-common/README.md

@@ -0,0 +1,39 @@
+# prometheus-common
+
+## Описание роли
+
+Эта роль устанавливает и настраивает Prometheus на целевой машине, обеспечивая создание всех необходимых директорий и зависимостей, скачивание и установку Prometheus, а также развертывание файлов конфигурации и systemd-сервиса. Роль также гарантирует, что Prometheus будет запущен как фоновый сервис и настроен на автозапуск при старте системы.
+
+## Требования
+
+- Версия Ansible 2.9 или выше
+- Операционная система на базе Debian (Ubuntu, Debian и другие)
+- Указание версии Prometheus в файле `vars/main.yml`
+
+## Переменные роли
+
+Следующие переменные могут быть настроены в файлах `vars/main.yml` или `defaults/main.yml`, или переданы напрямую в роль:
+
+- `prometheus_user`: Пользователь, под которым будет работать Prometheus. По умолчанию `prometheus`.
+- `prometheus_group`: Группа, под которой будет работать Prometheus. По умолчанию `prometheus`.
+- `prometheus_install_dir`: Каталог, в который будет установлен Prometheus. По умолчанию `/usr/local/bin`.
+- `prometheus_data_dir`: Каталог для хранения данных Prometheus. По умолчанию `/var/lib/prometheus`.
+- `prometheus_config_dir`: Каталог для хранения конфигурации Prometheus. По умолчанию `/etc/prometheus`.
+- `prometheus_version`: Версия Prometheus для установки. По умолчанию `2.35.0`.
+
+Эти значения можно изменить в соответствии с требованиями вашей системы или инфраструктуры.
+
+## Зависимости
+
+Нет.
+
+## Пример использования
+
+Вот пример playbook, который использует эту роль:
+
+```yaml
+---
+- hosts: servers
+  become: yes
+  roles:
+    - prometheus-common

monitoring/roles/prometheus-common/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for prometheus-common

monitoring/roles/prometheus-common/files/prometheus.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=Background service of Prometheus
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+User=prometheus
+Group=prometheus
+Type=simple
+ExecStart=/usr/local/bin/prometheus \
+	--config.file /etc/prometheus/prometheus.yml \
+	--storage.tsdb.path /var/lib/prometheus/ \
+	--web.console.templates=/etc/prometheus/consoles \
+	--web.console.libraries=/etc/prometheus/console_libraries
+
+[Install]
+WantedBy=multi-user.target

monitoring/roles/prometheus-common/files/prometheus.yml

@@ -0,0 +1,7 @@
+global:
+  scrape_interval: 15s
+  evaluation_interval: 15s 
+scrape_configs:
+  - job_name: "prometheus"
+    static_configs:
+      - targets: ["192.168.2.34:9100"]

monitoring/roles/prometheus-common/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart prometheus
+  systemd:
+    name: prometheus
+    state: restarted

monitoring/roles/prometheus-common/meta/main.yml

@@ -0,0 +1,34 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

monitoring/roles/prometheus-common/tasks/main.yml

@@ -0,0 +1,86 @@
+---
+- name: Install dependencies
+  apt:
+    name:
+      - wget
+      - tar
+      - curl
+    state: present
+    update_cache: yes
+  when: ansible_os_family == "Debian"
+
+- name: Create prometheus user and group
+  user:
+    name: "{{ prometheus_user }}"
+    group: "{{ prometheus_group }}"
+    system: yes
+    create_home: no
+
+- name: Create required directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ prometheus_user }}"
+    group: "{{ prometheus_group }}"
+    mode: '0755'
+  with_items:
+    - "{{ prometheus_install_dir }}"
+    - "{{ prometheus_data_dir }}"
+    - "{{ prometheus_config_dir }}"
+
+- name: Download Prometheus
+  get_url:
+    url: "https://github.com/prometheus/prometheus/releases/download/v{{ prometheus_version }}/prometheus-{{ prometheus_version }}.linux-amd64.tar.gz"
+    dest: "/tmp/prometheus-{{ prometheus_version }}.tar.gz"
+
+- name: Extract Prometheus
+  unarchive:
+    src: "/tmp/prometheus-{{ prometheus_version }}.tar.gz"
+    dest: "{{ prometheus_install_dir }}"
+    remote_src: yes
+
+- name: Move binaries to /usr/local/bin
+  command:
+    cmd: mv "{{ prometheus_install_dir }}/prometheus-{{ prometheus_version }}.linux-amd64/{{ item }}" /usr/local/bin/
+  with_items:
+    - "prometheus"
+    - "promtool"
+
+- name: Set ownership of Prometheus files
+  file:
+    path: "{{ item }}"
+    owner: "{{ prometheus_user }}"
+    group: "{{ prometheus_group }}"
+    recurse: yes
+  with_items:
+    - "{{ prometheus_install_dir }}"
+    - "{{ prometheus_data_dir }}"
+    - "{{ prometheus_config_dir }}"
+
+- name: Copy prometheus.yml configuration
+  copy:
+    src: prometheus.yml
+    dest: "{{ prometheus_config_dir }}/prometheus.yml"
+    owner: "{{ prometheus_user }}"
+    group: "{{ prometheus_group }}"
+    mode: '0644'
+  notify:
+    - restart prometheus
+
+- name: Copy systemd service file
+  copy:
+    src: prometheus.service
+    dest: /etc/systemd/system/prometheus.service
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Reload systemd
+  systemd:
+    daemon_reload: yes
+
+- name: Enable Prometheus service
+  systemd:
+    name: prometheus
+    enabled: yes
+    state: started

monitoring/roles/prometheus-common/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

monitoring/roles/prometheus-common/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - prometheus-common

monitoring/roles/prometheus-common/vars/main.yml

@@ -0,0 +1,9 @@
+---
+prometheus_version: "3.1.0"
+prometheus_user: "prometheus"
+prometheus_group: "prometheus"
+prometheus_install_dir: "/opt/prometheus"
+prometheus_data_dir: "/var/lib/prometheus"
+prometheus_config_dir: "/etc/prometheus"
+prometheus_bin: "/usr/local/bin/prometheus"
+prometheus_web_listen_address: ":9090"

node-exporters/roles/cadvisor-common/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

node-exporters/roles/cadvisor-common/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for cadvisor-common

node-exporters/roles/cadvisor-common/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for cadvisor-common

node-exporters/roles/cadvisor-common/meta/main.yml

@@ -0,0 +1,34 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

node-exporters/roles/cadvisor-common/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+- name: install cadvisor
+  community.docker.docker_container:
+    name: cadvisor
+    image:  gcr.io/cadvisor/cadvisor:latest
+    restart_policy: always
+    detach: true
+    ports:
+      - 9101:8080
+    volumes:
+      - '/:/rootfs:ro'
+      - '/var/run:/var/run:ro'
+      - '/sys:/sys:ro'
+      - '/var/lib/docker/:/var/lib/docker:ro'

node-exporters/roles/cadvisor-common/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

node-exporters/roles/cadvisor-common/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - cadvisor-common

node-exporters/roles/cadvisor-common/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for cadvisor-common

node-exporters/roles/node-exporters-common/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

node-exporters/roles/node-exporters-common/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for node-exporters-common

node-exporters/roles/node-exporters-common/meta/main.yml

@@ -0,0 +1,34 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

node-exporters/roles/node-exporters-common/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+- name: install node exporter
+  community.docker.docker_container:
+    name: node_exporter
+    image: quay.io/prometheus/node-exporter:latest
+    restart_policy: always
+    command: '--path.rootfs=/host'
+    network_mode: host
+    pid_mode: host
+    volumes:
+      - '/:/host:ro,rslave'

node-exporters/roles/node-exporters-common/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

node-exporters/roles/node-exporters-common/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - node-exporters-common

node-exporters/roles/node-exporters-common/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for node-exporters-common

playbooks/ansible.cfg

@@ -0,0 +1,4 @@
+[defaults]
+roles_path = ./roles:../docker/roles:../k8s/roles:../monitoring/roles:../ssh/roles:../node-exporters/roles
+
+inventory = ./inventory.ini

playbooks/inventory.ini

@@ -0,0 +1,40 @@
+$ANSIBLE_VAULT;1.1;AES256
+37363438356361313835356463333732653863666533313565623366356137343764343864393636
+6466363730386333316133633131333233316464356331650a643965363565323664383864366538
+31353863393762653931376461663738313731326635363630666534653839386539366535383334
+6161666538366133650a383338343935323133323862353663383761303238623336626336663365
+65656634636461636232383832616462666362616531333662643361373933626264653632643838
+62623865626638303864353062343539643330383331383563636634656165383764393161613866
+36366635626130366130643135363864326337666132643333616230303633373931303432643365
+33356265316239646436303561333661666466666332353934363261343733646133316339626166
+34643436323731333732356431393731306434643131393732346664643634626161383761656566
+31393431376463373437303430316233353337636536623631666239316461393363386161343565
+32313461656361353037333264613933646264383636626234303336316532636238386462306465
+62346139626164663766313930303864396361333832343566333564646335326133316630643733
+63333562366330663366363837653436333830656235623530363538396237613762316131396465
+35303565656666633635356164363339656161303839366637613963633934333635373831376339
+30393163366339316333346331656439353736636137636165306631393566646364616332346131
+35323030326439313938316431393332383464383362313631306265646537653761316538363065
+31376239366363353533386465616366356133303334663565646532333438376330643564636435
+33636639376465356637343635373133346266326265393930626536363939316539643666636133
+64636366333534393862303832613935653864663639653638323336323166646237663432663265
+37346162346163646163313732306232623362643563343232643138656266373430306238376135
+38313336323236366262373535316634656163313433383439383238323239373765353532313830
+35613735633430646536653466383936396436643739363831336565313332393464643635616365
+39336330363865663831306333623536663462613263623534653632316336623230626434316632
+35323561376333373634313964663238383365656535373634386235313932393165336537626662
+36386534333735303535333431653163343531353439633764323837303732363565613035656262
+65373437613962343134633534373465363362646464313631373765613465303563616532623330
+66343962303334313962373538613666313732656363633864333166343036396236316533303061
+38616564336238396263653035323136343861363864336261396265636161636566633531643562
+37663233386131383563336331353433346431653261363735396562353063646437383762633137
+36646332666439346265373061366165666239343533326337366335663039353433316337353461
+33326138636535386238386563653430623661323335396434376532313739643265633331646130
+33633230653463326639376634303336653433656131303437336634663334646631336435343234
+38386239396662306137383137656230366332353535393163636233643039643137626639323632
+34653636323137623932313634336461336363333033333636613332663232373236646639396232
+61666131623431376233616261373361383432323336323931653934363031366637363036643163
+62646239633562396137613063356233643734356362393365643237383365363037383436303337
+62396534633334383761616436363531366336313831613539313039323039623135656432636461
+64656639643239663938656161646632383634653137626638653337333235653534393439356662
+396663306633323131663233306262363962

playbooks/monitoring.yml

@@ -0,0 +1,21 @@
+---
+- name: Install node exporter
+  become: true
+  hosts: monitoring
+  tasks:
+    - name: Verify if Docker is installed
+      command: "docker version"
+      register: docker_rc
+      ignore_errors: true
+
+    - name: Install Docker if not installed
+      include_role:
+        name: docker-common
+      when: docker_rc.rc != 0
+
+    - name: Install node exporter container
+      include_role:
+        name: node-exporters-common
+    - name: Install cadvisor container
+      include_role:
+        name: cadvisor-common

ssh/roles/ssh_setup/README.md

@@ -0,0 +1,37 @@
+# Роль Ansible: Настройка SSH
+
+## Описание
+
+Данная роль предназначена для настройки сервера SSH на удалённых хостах с помощью Ansible. Она выполняет следующие задачи:
+
+1. Гарантирует, что каталог `/etc/ssh` существует и имеет правильные права доступа.
+2. Настраивает параметры SSH-сервера в файле `sshd_config`.
+3. Включает и запускает службу `sshd`.
+4. При изменении конфигурации SSH перезапускает службу `sshd`.
+
+## Требования
+
+Роль не требует дополнительных зависимостей, кроме установленного Ansible и наличия прав суперпользователя на целевых хостах.
+
+## Переменные роли
+
+Роль не использует внешние переменные и работает с фиксированными параметрами SSH.
+
+## Зависимости
+
+Зависимости от других ролей отсутствуют.
+
+## Пример Playbook
+
+Пример использования роли в Playbook:
+
+```yaml
+- hosts: servers
+  become: yes
+  roles:
+    - ssh_config_role
+```
+
+## Автор
+
+Автор: [Юрий Обрезков]

ssh/roles/ssh_setup/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Restart SSH
+  service:
+    name: sshd
+    state: restarted

ssh/roles/ssh_setup/meta/main.yml

@@ -0,0 +1,34 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

ssh/roles/ssh_setup/tasks/main.yml

@@ -0,0 +1,26 @@
+- name: Ensure SSH directory exists
+  file:
+    path: /etc/ssh
+    state: directory
+    mode: '0755'
+
+- name: Configure SSH server
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: "^{{ item.key }}"
+    line: "{{ item.key }} {{ item.value }}"
+    create: yes
+    state: present
+  loop:
+    - { key: "Port", value: "22" }
+    - { key: "PubkeyAuthentication", value: "yes" }
+    - { key: "X11Forwarding", value: "yes" }
+    - { key: "PrintMotd", value: "no" }
+    - { key: "UsePAM", value: "yes" }
+  notify: Restart SSH
+
+- name: Ensure SSH service is enabled and running
+  service:
+    name: sshd
+    state: started
+    enabled: yes

ssh/roles/ssh_setup/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

ssh/roles/ssh_setup/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - ssh_setup

ssh/roles/ssh_setup/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for ssh

ssh/ssh_setup_config.yml

@@ -0,0 +1,6 @@
+- name: Update ssh config
+  become: yes
+  hosts: all
+  roles: 
+    - role: ssh_setup
+      tags: ssh_setup