add the ansible playbooks for the monitoring stack

2026-02-27 01:28:08 +00:00
commit d45bbef509
21 changed files with 1017 additions and 0 deletions
--- a/ansible/roles/promtail/templates/promtail.service.j2
+++ b/ansible/roles/promtail/templates/promtail.service.j2
@@ -0,0 +1,24 @@
+[Unit]
+Description=Promtail Log Collector
+Documentation=https://grafana.com/docs/loki/latest/clients/promtail/
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=simple
+User=root
+Group=root
+ExecStart=/usr/local/bin/promtail \
+  -config.file=/etc/promtail/promtail.yml \
+  -config.expand-env=true
+
+SyslogIdentifier=promtail
+Restart=always
+RestartSec=5
+
+# Need root for syslog port 514 and journal access
+# Can use CAP_NET_BIND_SERVICE instead if preferred
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
--- a/ansible/roles/promtail/templates/promtail.yml.j2
+++ b/ansible/roles/promtail/templates/promtail.yml.j2
@@ -0,0 +1,56 @@
+server:
+  http_listen_port: 9080
+  grpc_listen_port: 0
+
+positions:
+  filename: /var/lib/promtail/positions.yaml
+
+clients:
+  - url: {{ loki_url }}/loki/api/v1/push
+    tenant_id: home-infra
+    batchwait: 1s
+    batchsize: 1048576
+    timeout: 10s
+
+scrape_configs:
+  # Syslog listener for network devices
+  - job_name: syslog
+    syslog:
+      listen_address: 0.0.0.0:514
+      listen_protocol: udp
+      idle_timeout: 60s
+      label_structured_data: true
+      labels:
+        job: syslog
+        source: network-devices
+    relabel_configs:
+      - source_labels: ['__syslog_message_hostname']
+        target_label: 'host'
+      - source_labels: ['__syslog_message_severity']
+        target_label: 'severity'
+      - source_labels: ['__syslog_message_facility']
+        target_label: 'facility'
+      - source_labels: ['__syslog_message_app_name']
+        target_label: 'app'
+    pipeline_stages:
+      - match:
+          selector: '{job="syslog"}'
+          stages:
+            # Extract common patterns from network device logs
+            - regex:
+                expression: '(?P<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})'
+            - labels:
+                src_ip:
+
+  # Local system journal (RPi logs)
+  - job_name: journal
+    journal:
+      max_age: 12h
+      labels:
+        job: systemd-journal
+        host: rpi
+    relabel_configs:
+      - source_labels: ['__journal__systemd_unit']
+        target_label: 'unit'
+      - source_labels: ['__journal_priority_keyword']
+        target_label: 'severity'