diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 3c0737f4..3e64c14a 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -3296,6 +3296,8 @@ matrix_prometheus_nginxlog_exporter_enabled: false matrix_prometheus_enabled: false +matrix_prometheus_container_network: "{{ matrix_docker_network }}" + # Normally, matrix-nginx-proxy is enabled and nginx can reach Prometheus over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose # Prometheus' HTTP port to the local host. diff --git a/roles/custom/matrix-prometheus/defaults/main.yml b/roles/custom/matrix-prometheus/defaults/main.yml index 956faf46..fddacfb4 100644 --- a/roles/custom/matrix-prometheus/defaults/main.yml +++ b/roles/custom/matrix-prometheus/defaults/main.yml @@ -22,6 +22,14 @@ matrix_prometheus_systemd_required_services_list: ['docker.service'] # List of systemd services that matrix-prometheus.service wants matrix_prometheus_systemd_wanted_services_list: [] +# The base container network. It will be auto-created by this role if it doesn't exist already. +matrix_prometheus_container_network: '' + +# A list of additional container networks that the container would be connected to. +# The role does not create these networks, so make sure they already exist. +# Use this to expose this container to another reverse proxy, which runs in a different container network. +matrix_prometheus_container_additional_networks: [] + # Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9090 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9090"), or empty string to not expose. diff --git a/roles/custom/matrix-prometheus/tasks/setup_install.yml b/roles/custom/matrix-prometheus/tasks/setup_install.yml index 1d3d6669..f606e268 100644 --- a/roles/custom/matrix-prometheus/tasks/setup_install.yml +++ b/roles/custom/matrix-prometheus/tasks/setup_install.yml @@ -45,6 +45,11 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" +- name: Ensure Prometheus container network is created + community.general.docker_network: + name: "{{ matrix_prometheus_container_network }}" + driver: bridge + - name: Ensure matrix-prometheus.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-prometheus.service.j2" diff --git a/roles/custom/matrix-prometheus/tasks/validate_config.yml b/roles/custom/matrix-prometheus/tasks/validate_config.yml index 3e386304..49121e7e 100644 --- a/roles/custom/matrix-prometheus/tasks/validate_config.yml +++ b/roles/custom/matrix-prometheus/tasks/validate_config.yml @@ -5,3 +5,11 @@ msg: > You need to enable `matrix_prometheus_scraper_synapse_enabled` and/or `matrix_prometheus_scraper_node_enabled` for Prometheus grab metrics. when: "not matrix_prometheus_scraper_synapse_enabled and not matrix_prometheus_scraper_node_enabled" + +- name: Fail if required Prometheus settings not defined + ansible.builtin.fail: + msg: > + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - matrix_prometheus_container_network diff --git a/roles/custom/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/custom/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index 58455734..2b716db6 100644 --- a/roles/custom/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/custom/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -16,13 +16,14 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' - -ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-prometheus \ +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-prometheus \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --read-only \ - --network={{ matrix_docker_network }} \ + --network={{ matrix_prometheus_container_network }} \ {% if matrix_prometheus_container_http_host_bind_port %} -p {{ matrix_prometheus_container_http_host_bind_port }}:9090 \ {% endif %} @@ -33,8 +34,15 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_prometheus_docker_image }} {{ matrix_prometheus_process_arguments|join(' ') }} +{% for network in matrix_prometheus_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-prometheus +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-prometheus + ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' + Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus