Merge pull request #8 from 3llimi/lab07

Ahmed Baha Eddine Alimi - B23-SD-01 [Lab07 + Bonus Task]

Author: 3llimi

ansible/docs/LAB05.md

@@ -2,7 +2,7 @@
 
 ## 1. Architecture Overview
 
-**Ansible Version:** 2.10.8
+**Ansible Version:** 2.17.14
 **Target VM OS:** Ubuntu 22.04 LTS (jammy64)
 **Control Node:** Same VM (Ansible runs on the VM and targets itself via `ansible_connection=local`)
 
@@ -260,7 +260,7 @@ Any secret stored in plain text in a Git repository is effectively public, even
 ## 7. Challenges
 
 - **WSL2 disk space:** The WSL2 Alpine distro had only 136MB disk space, not enough to install Ansible. Solved by installing Ansible directly on the Vagrant VM and running it against localhost.
-- **Docker login module:** `community.general.docker_login` failed in Ansible 2.10. Solved by using a `shell` task with `docker login --password-stdin` instead.
+- **Docker login module:** `community.general.docker_login` failed. Solved by using a `shell` task with `docker login --password-stdin` instead.
 - **group_vars not loading with become:** Vault-encrypted `group_vars/all.yml` variables were not accessible when `become: yes` was set at the play level. Solved by passing variables explicitly with `-e @group_vars/all.yml` and setting `become: no` in the deploy playbook.
 - **App port:** The application runs on port 8000 (FastAPI/Uvicorn), not 5000 as initially assumed. Discovered via `docker logs` and corrected in the vault variables and port mapping.
 

ansible/docs/LAB06.md

@@ -622,7 +622,7 @@ Both `ansible-deploy.yml` and `ansible-deploy-bonus.yml` show green in GitHub Ac
 ## Summary
 
 ### Technologies Used
-- Ansible 2.10.8 on Ubuntu 22.04 (Vagrant VM, `ansible_connection=local`)
+- Ansible 2.17.14 on Ubuntu 22.04 (Vagrant VM, `ansible_connection=local`)
 - Docker Compose v2 plugin (`docker compose` not `docker-compose`)
 - GitHub Actions with self-hosted runner on the Vagrant VM
 - Jinja2 templating for docker-compose.yml generation

ansible/playbooks/deploy-monitoring.yml

@@ -0,0 +1,7 @@
+---
+- name: Deploy Monitoring Stack
+  hosts: all
+  gather_facts: true
+
+  roles:
+    - role: monitoring

ansible/roles/monitoring/defaults/main.yml

@@ -0,0 +1,31 @@
+# Service versions
+loki_version: "3.0.0"
+promtail_version: "3.0.0"
+grafana_version: "12.3.1"
+
+# Ports
+loki_port: 3100
+promtail_port: 9080
+grafana_port: 3000
+
+# Retention
+loki_retention_period: "168h"
+
+# Grafana credentials
+grafana_admin_user: "admin"
+grafana_admin_password: "admin123"
+
+# Deployment directory
+monitoring_dir: "/opt/monitoring"
+
+# Schema
+loki_schema_version: "v13"
+loki_schema_from: "2024-01-01"
+
+# Resource limits
+loki_memory_limit: "1g"
+loki_cpu_limit: "1.0"
+promtail_memory_limit: "256m"
+promtail_cpu_limit: "0.5"
+grafana_memory_limit: "512m"
+grafana_cpu_limit: "1.0"

ansible/roles/monitoring/handlers/main.yml

@@ -0,0 +1,8 @@
+---
+- name: Restart monitoring stack
+  become: true
+  community.docker.docker_compose_v2:
+    project_src: "{{ monitoring_dir }}"
+    state: present
+    remove_orphans: true
+    recreate: always

ansible/roles/monitoring/meta/main.yml

@@ -0,0 +1,8 @@
+galaxy_info:
+  author: 3llimi
+  description: Deploys Loki, Promtail, and Grafana monitoring stack
+  license: MIT
+  min_ansible_version: "2.16"
+
+dependencies:
+  - role: docker

ansible/roles/monitoring/tasks/deploy.yml

@@ -0,0 +1,56 @@
+---
+- name: Deploy monitoring stack with Docker Compose
+  become: true
+  tags: [monitoring, monitoring_deploy]
+  block:
+    - name: Deploy monitoring stack
+      community.docker.docker_compose_v2:
+        project_src: "{{ monitoring_dir }}"
+        state: present
+        remove_orphans: true
+      register: compose_result
+
+    - name: Wait for Loki to be ready
+      ansible.builtin.uri:
+        url: "http://localhost:{{ loki_port }}/ready"
+        status_code: 200
+      register: loki_ready
+      retries: 12
+      delay: 10
+      until: loki_ready.status == 200
+
+    - name: Wait for Grafana to be ready
+      ansible.builtin.uri:
+        url: "http://localhost:{{ grafana_port }}/api/health"
+        status_code: 200
+      register: grafana_ready
+      retries: 12
+      delay: 10
+      until: grafana_ready.status == 200
+
+    - name: Report deployment success
+      ansible.builtin.debug:
+        msg: "Monitoring stack deployed — Grafana at http://localhost:{{ grafana_port }}"
+
+  rescue:
+    - name: Show container logs on failure
+      ansible.builtin.command: >
+        docker compose -f {{ monitoring_dir }}/docker-compose.yml logs --tail=20
+      changed_when: false
+      failed_when: false
+      register: compose_logs
+
+    - name: Print container logs
+      ansible.builtin.debug:
+        msg: "{{ compose_logs.stdout_lines }}"
+
+  always:
+    - name: Show running containers
+      ansible.builtin.command: docker compose -f {{ monitoring_dir }}/docker-compose.yml ps
+      changed_when: false
+      failed_when: false
+      register: compose_ps
+
+    - name: Print container status
+      ansible.builtin.debug:
+        msg: "{{ compose_ps.stdout_lines }}"

ansible/roles/monitoring/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+- name: Setup monitoring directories and configs
+  ansible.builtin.include_tasks: setup.yml
+  tags: [monitoring, monitoring_setup]
+
+- name: Deploy monitoring stack
+  ansible.builtin.include_tasks: deploy.yml
+  tags: [monitoring, monitoring_deploy]

ansible/roles/monitoring/tasks/setup.yml

@@ -0,0 +1,51 @@
+---
+- name: Setup monitoring directories and configuration files
+  become: true
+  tags: [monitoring, monitoring_setup]
+  block:
+    - name: Create monitoring directory structure
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        mode: "0755"
+      loop:
+        - "{{ monitoring_dir }}"
+        - "{{ monitoring_dir }}/loki"
+        - "{{ monitoring_dir }}/promtail"
+
+    - name: Template Loki configuration
+      ansible.builtin.template:
+        src: loki-config.yml.j2
+        dest: "{{ monitoring_dir }}/loki/config.yml"
+        mode: "0644"
+      notify: Restart monitoring stack
+
+    - name: Template Promtail configuration
+      ansible.builtin.template:
+        src: promtail-config.yml.j2
+        dest: "{{ monitoring_dir }}/promtail/config.yml"
+        mode: "0644"
+      notify: Restart monitoring stack
+
+    - name: Template Docker Compose file
+      ansible.builtin.template:
+        src: docker-compose.yml.j2
+        dest: "{{ monitoring_dir }}/docker-compose.yml"
+        mode: "0644"
+      notify: Restart monitoring stack
+
+  rescue:
+    - name: Report setup failure
+      ansible.builtin.debug:
+        msg: "Failed to set up monitoring configuration. Check directory permissions."
+
+  always:
+    - name: List monitoring directory
+      ansible.builtin.command: ls -la {{ monitoring_dir }}
+      changed_when: false
+      failed_when: false
+      register: monitoring_dir_contents
+
+    - name: Show monitoring directory contents
+      ansible.builtin.debug:
+        msg: "{{ monitoring_dir_contents.stdout_lines }}"

ansible/roles/monitoring/templates/docker-compose.yml.j2

@@ -0,0 +1,82 @@
+networks:
+  logging:
+    driver: bridge
+
+volumes:
+  loki-data:
+  grafana-data:
+
+services:
+
+  loki:
+    image: grafana/loki:{{ loki_version }}
+    container_name: loki
+    ports:
+      - "{{ loki_port }}:{{ loki_port }}"
+    volumes:
+      - {{ monitoring_dir }}/loki/config.yml:/etc/loki/config.yml:ro
+      - loki-data:/loki
+    command: -config.file=/etc/loki/config.yml
+    networks:
+      - logging
+    healthcheck:
+      test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:{{ loki_port }}/ready || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 20s
+    deploy:
+      resources:
+        limits:
+          cpus: '{{ loki_cpu_limit }}'
+          memory: {{ loki_memory_limit }}
+    restart: unless-stopped
+
+  promtail:
+    image: grafana/promtail:{{ promtail_version }}
+    container_name: promtail
+    volumes:
+      - {{ monitoring_dir }}/promtail/config.yml:/etc/promtail/config.yml:ro
+      - /var/lib/docker/containers:/var/lib/docker/containers:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    command: -config.file=/etc/promtail/config.yml
+    networks:
+      - logging
+    depends_on:
+      loki:
+        condition: service_healthy
+    deploy:
+      resources:
+        limits:
+          cpus: '{{ promtail_cpu_limit }}'
+          memory: {{ promtail_memory_limit }}
+    restart: unless-stopped
+
+  grafana:
+    image: grafana/grafana:{{ grafana_version }}
+    container_name: grafana
+    ports:
+      - "{{ grafana_port }}:3000"
+    volumes:
+      - grafana-data:/var/lib/grafana
+    environment:
+      - GF_AUTH_ANONYMOUS_ENABLED=false
+      - GF_SECURITY_ADMIN_USER={{ grafana_admin_user }}
+      - GF_SECURITY_ADMIN_PASSWORD={{ grafana_admin_password }}
+    networks:
+      - logging
+    depends_on:
+      loki:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:3000/api/health || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
+    deploy:
+      resources:
+        limits:
+          cpus: '{{ grafana_cpu_limit }}'
+          memory: {{ grafana_memory_limit }}
+    restart: unless-stopped