Merge pull request #10 from ntk148v/change-reload

change reload logic

Author: ntk148v

ansible/roles/alertmanager/defaults/main.yml

@@ -13,10 +13,6 @@ alertmanager_docker_memory_limit: "{{ docker_memory_limit }}"
 alertmanager_docker_memory_swap_limit: "{{ docker_memory_swap_limit }}"
 alertmanager_docker_cpus_limit: "{{ docker_cpus_limit }}"
 
-amtool_docker_namespace: "{{ docker_namespace if docker_namespace else 'kiennt26' }}"
-amtool_version: "v3.1.0-v0.28.0"
-amtool_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ amtool_docker_namespace }}/pramtool:{{ amtool_version }}"
-
 # Alertmanager agruments
 # ----------------------
 alertmanager_web_listen_address: "{{ api_interface_address }}:{{ alertmanager_port }}"

ansible/roles/alertmanager/handlers/main.yml

@@ -1,32 +1 @@
 ---
-- name: Validate alertmanager config
-  vars:
-    service_name: "alertmanager"
-    service: "{{ alertmanager_services[service_name] }}"
-  ansible.builtin.command: >
-    /usr/bin/docker run --rm -v {{ alertmanager_config_dir }}:/etc/alertmanager {{ amtool_image }} sh -c 'amtool \
-            check-config /etc/alertmanager/config.yml'
-  when:
-    - inventory_hostname in groups[service.group]
-    - service.enabled | bool
-    - alertmanager_config.changed | bool
-
-# NOTE(kiennt26): Reloading the config by sending SIGHUP to the main process, instead of sending a POST request
-#                 to the /-/reload endpoint, because the latter doesn't work when the basic auth is enabled.
-#                 The password for the basic auth is encrypted using bcrypt, and I don't want to store the raw password
-#                 The SIGHUP signal is sent to the process with PID 1 in the container, which is the main process.
-- name: Reload alertmanager config
-  vars:
-    service_name: "alertmanager"
-    service: "{{ alertmanager_services[service_name] }}"
-  ansible.builtin.command: >
-    /usr/bin/docker exec -i {{ alertmanager_container_name }} kill -SIGHUP 1
-  register: result
-  retries: 5
-  delay: 20
-  until: result.rc == 0
-  when:
-    - inventory_hostname in groups[service.group]
-    - service.enabled | bool
-    - alertmanager_config.changed | bool
-      or alertmanager_custom_templates.changed | bool

ansible/roles/alertmanager/tasks/config.yml

@@ -36,8 +36,6 @@
   when:
     - alertmanager_custom_template_files is defined and alertmanager_custom_template_files.files | length > 0
   with_items: "{{ alertmanager_custom_template_files.files }}"
-  notify:
-    - Reload alertmanager config
 
 - name: Configure Alertmanager web
   ansible.builtin.copy:
@@ -61,9 +59,33 @@
   when:
     - inventory_hostname in groups[service.group]
     - service.enabled | bool
-  notify:
-    - Validate alertmanager config
-    - Reload alertmanager config
+
+- name: Validate alertmanager config
+  vars:
+    service: "{{ alertmanager_services['alertmanager'] }}"
+  ansible.builtin.shell: |
+    /usr/bin/docker run --rm -v {{ alertmanager_config_dir }}:/etc/alertmanager --entrypoint "/bin/amtool" \
+      {{ alertmanager_image }} check-config /etc/alertmanager/config.yml
+  when:
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
+
+# NOTE(kiennt26): Reloading the config by sending SIGHUP to the main process, instead of sending a POST request
+#                 to the /-/reload endpoint, because the latter doesn't work when the basic auth is enabled.
+#                 The password for the basic auth is encrypted using bcrypt, and I don't want to store the raw password
+#                 The SIGHUP signal is sent to the process with PID 1 in the container, which is the main process.
+- name: Reload alertmanager config
+  vars:
+    service: "{{ alertmanager_services['alertmanager'] }}"
+  ansible.builtin.command: >
+    /usr/bin/docker exec -i {{ alertmanager_container_name }} kill -SIGHUP 1
+  register: result
+  retries: 5
+  delay: 20
+  until: result.rc == 0
+  when:
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
 
 - name: Check alertmanager containers
   community.general.docker_container:

ansible/roles/prometheus/defaults/main.yml

@@ -15,9 +15,6 @@ prometheus_docker_cpus_limit: "{{ docker_cpus_limit }}"
 
 prometheus_web_listen_address: "{{ api_interface_address }}:{{ prometheus_port }}"
 prometheus_web_external_url: "http://{{ prometheus_vip_address }}:{{ prometheus_port }}"
-promtool_docker_namespace: "{{ docker_namespace if docker_namespace else 'kiennt26' }}"
-promtool_version: "v3.1.0-v0.28.0"
-promtool_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ promtool_docker_namespace }}/pramtool:{{ promtool_version }}"
 
 # Prometheus arguments
 # --------------------

ansible/roles/prometheus/handlers/main.yml

@@ -1,40 +1,4 @@
 ---
-- name: Validate prometheus config
-  vars:
-    service_name: "prometheus"
-    service: "{{ prometheus_services[service_name] }}"
-  ansible.builtin.command: >
-    /usr/bin/docker run --rm -v {{ prometheus_config_dir }}:/etc/prometheus {{ promtool_image }} sh -c 'promtool \
-            check config /etc/prometheus/prometheus.yml'
-  when:
-    - inventory_hostname in groups[service.group]
-    - service.enabled | bool
-    - prometheus_confs.changed | bool
-      or prometheus_alert_confs.changed | bool
-      or prometheus_file_sd_confs.changed | bool
-
-# NOTE(kiennt26): Reloading the config by sending SIGHUP to the main process, instead of sending a POST request
-#                 to the /-/reload endpoint, because the latter doesn't work when the basic auth is enabled.
-#                 The password for the basic auth is encrypted using bcrypt, and I don't want to store the raw password
-#                 The SIGHUP signal is sent to the process with PID 1 in the container, which is the main process.
-- name: Reload prometheus config
-  vars:
-    service_name: "prometheus"
-    service: "{{ prometheus_services[service_name] }}"
-  ansible.builtin.command: >
-    /usr/bin/docker exec -i {{ prometheus_container_name }} kill -SIGHUP 1
-  register: result
-  retries: 5
-  delay: 20
-  until: result.rc == 0
-  when:
-    - inventory_hostname in groups[service.group]
-    - service.enabled | bool
-    - prometheus_confs.changed | bool
-      or prometheus_alert_confs.changed | bool
-      or prometheus_file_sd_confs.changed | bool
-      or prometheus_tls_confs.changed | bool
-
 # NOTE(kiennt26): Force restart keepalived to trigger notify script.
 #                 Prometheus instances must be deployed in the same nodes as Haproxy and Keepalived.
 - name: Restart keepalived service

ansible/roles/prometheus/tasks/config.yml

@@ -29,12 +29,11 @@
     src: "{{ item.path }}"
     dest: "{{ prometheus_config_dir }}/rules/{{ item.path | basename }}"
     mode: 0755
+    validate: "/usr/bin/docker run --rm -v {{ prometheus_config_dir }}:/etc/prometheus --entrypoint '/bin/promtool' {{ prometheus_image }} check rules %s"
   register: prometheus_alert_confs
   with_items: "{{ prometheus_alert_rules.files }}"
   when:
     - prometheus_alert_rules is defined and prometheus_alert_rules.files | length > 0
-  notify:
-    - Reload prometheus config
 
 - name: Check custom file_sd files exists
   local_action:
@@ -63,8 +62,6 @@
   with_items: "{{ prometheus_file_sd.files }}"
   when:
     - prometheus_file_sd is defined and prometheus_file_sd.files | length > 0
-  notify:
-    - Reload prometheus config
 
 - name: Configure Prometheus web
   ansible.builtin.copy:
@@ -118,14 +115,33 @@
     - host_file_sd.files | length > 0
 
 - name: Validate prometheus config
-  meta: noop
-  notify:
-    - Validate prometheus config
+  vars:
+    service: "{{ prometheus_services['prometheus'] }}"
+  ansible.builtin.shell: |
+    /usr/bin/docker run --rm -v {{ prometheus_config_dir }}:/etc/prometheus --entrypoint "/bin/promtool" \
+      {{ prometheus_image }} check config /etc/prometheus/prometheus.yml && \
+    /usr/bin/docker run --rm -v {{ prometheus_config_dir }}:/etc/prometheus --entrypoint "/bin/promtool" \
+      {{ prometheus_image }} check web-config /etc/prometheus/web.yml
+  when:
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
 
+# NOTE(kiennt26): Reloading the config by sending SIGHUP to the main process, instead of sending a POST request
+#                 to the /-/reload endpoint, because the latter doesn't work when the basic auth is enabled.
+#                 The password for the basic auth is encrypted using bcrypt, and I don't want to store the raw password
+#                 The SIGHUP signal is sent to the process with PID 1 in the container, which is the main process.
 - name: Reload prometheus config
-  meta: noop
-  notify:
-    - Reload prometheus config
+  vars:
+    service: "{{ prometheus_services['prometheus'] }}"
+  ansible.builtin.command: >
+    /usr/bin/docker exec -i {{ prometheus_container_name }} kill -SIGHUP 1
+  register: result
+  retries: 5
+  delay: 20
+  until: result.rc == 0
+  when:
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
 
 - name: Check prometheus containers
   community.general.docker_container: