Added metric collection to server

files/grafana/ssl/grafana.mforcen.dev.fullchain.pem

@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE-----
-MIIFzjCCA7agAwIBAgIUN+yqZtTpNBzmMppjPszb3oeZhSYwDQYJKoZIhvcNAQEL
+MIIFzjCCA7agAwIBAgIUN+yqZtTpNBzmMppjPszb3oeZhSgwDQYJKoZIhvcNAQEL
 BQAwazEUMBIGA1UEAwwLbWZvcmNlbi5kZXYxCzAJBgNVBAYTAkVTMQ8wDQYDVQQI
 DAZNdXJjaWExFjAUBgNVBAoMDU1hbnVlbCBGb3JjZW4xHTAbBgkqhkiG9w0BCQEW
-Dm1lQG1mb3JjZW4uZGV2MB4XDTI0MTAxNDE4MTIyNFoXDTI5MTAxMzE4MTIyNFow
+Dm1lQG1mb3JjZW4uZGV2MB4XDTI0MTIxMDE4MDk0MVoXDTI5MTIwOTE4MDk0MVow
 VDEcMBoGA1UEAwwTZ3JhZmFuYS5tZm9yY2VuLmRldjELMAkGA1UEBhMCRVMxDzAN
 BgNVBAgMBk11cmNpYTEWMBQGA1UECgwNTWFudWVsIEZvcmNlbjCCAiIwDQYJKoZI
 hvcNAQEBBQADggIPADCCAgoCggIBANgEZBb/5rdo2JFN6fxHCJu+6cb/f/Nr14tC
@@ -18,19 +18,19 @@ tYMC3KNVYS1+PAjEEDDyi3l/CltRs+Dh/lVy2S+j4BVqQRLXU4dhwfWTFUrYFAPP
 jOSZQxaHSUQDSe4mx0FrAEgFmmDV3mcPcew9DwJnYUEdK2x/cGunrzqw/OfLyaVe
 1+BSZXZVAgMBAAGjgYAwfjAfBgNVHSMEGDAWgBRc4t76omnxreInvLtnc2S2TrNE
 ZjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAkBgNVHREEHTAbghNncmFmYW5hLm1m
-b3JjZW4uZGV2hwTAqGTIMB0GA1UdDgQWBBRpRofRPDWKKdyVtKdwb6l8S6Ls9DAN
-BgkqhkiG9w0BAQsFAAOCAgEAuUakdo8k5ymg74WS/cEng2ThSGKd6/R9ph3l6zkV
-yczJw5lVUHuzvRznBxVNSWNoWpzWrj5eXTI60PXZnWAD6QWGf608HDurOlHYIwl/
-0v36RVVS4Ds/NP4XR59qbyI/SCt7/TtxipBgEY1SScmoPVLMQzmvc74gkkDwgBI3
-01/3sunNpdtm9U5EOBkt7kvyx0duz2vYhNGGtowPrkB3nkTQ6zoLhDxnYHA2qzCW
-2isLm+r/grWsScc050XLeLHTSHtk6++EHvsef5Js5EaJQ8ZC3iGR/WlVjq2CJkEg
-FzjOnvQuw+NhycbLWzpXhPTa2vFNgQdZ13Ui1qJ9hPCx4U0kFw/op5p0VfzTviLe
-pYe3zmrVS2ZYiurQ5rUQ5zuMjF3XPhFAmpRczq1mp63zvCh0pd7+IZwz8LHuLjhX
-sBMkXtFSOJLLhcwS14UnpYL+4AcpAHY/gK6acEtw0njTenddv4RiOvszRybKWeYj
-3euoLevE2FVFFTpcnvtfyEPgjvglqLBx+UDL49naJ6cFv9inqtRdef6Qo/88+VNz
-eWnY0LIBRv48krXT4BjXd8oKrLV3FmMC3MbzTD7CBVF9/J2VpN77xIXPL79bv1HJ
-yCjK7RVh3qcU0/JHvUkJiGt5516qAtu5wfDWHVspafDiXYQ5hQaOYpu6JTYFP8/8
-vJM=
+b3JjZW4uZGV2hwSsHAAEMB0GA1UdDgQWBBRpRofRPDWKKdyVtKdwb6l8S6Ls9DAN
+BgkqhkiG9w0BAQsFAAOCAgEAdrSAeFjgsh8m1z/kxzE2MlkA3YLPfkUWuZdpdhci
+kbIHjS8puPHZjfzUYEc/M1hF+IWekIDQZmqAq2OLKbmHYTPI2mIaS8oD98R8OZW+
+GPZpgei2y7A3ro3V2okyo4LQUnDAXK6WcyAE4ZzZDYTjjwbK8xjluZqS6kgQL18k
+xS19xIVlmUMQslLhyyPBsCboddbgJaTNoGMuu+ZCLsX4gBtT6Degt12gxlJQeqW/
+2vQdE8jyb3/MxcQhUhVTZggiie/Pm17RmsyoGRw4wpGFzZkl7hiOaUFCRB8md/+C
+mj4i5oPxXZdrXbP0VYgzGmU+wrt3QpgqInKUJvOYq1lEOfpe6VPAGH/uRj/MnSH3
+Z2piBOSmj/mDrqoUYiyR9FO9xBdpV3QUv4cctH1jbkaICJezX6QwdPwRsMPFt7My
+SMcEZ9AiRiWJFUvcMN9vVtXSACwT1HG8Q1ZexTXifgUpzHV/hmpAB/fIVfn8dOCp
+a6lv96sR/kOIgR7JwB3uIN8ZudXnLw2rwO2W4QMga07ZqsF62odsQ7K6hJZpOYjy
+KWrhpriDQ70j2wiRZzwZzkf2EoOillHbqtX0fdLSh8VoPx9ww4UPjP84WtvHM9iW
+SZgJjy2wqovKRj4ozJIl6r+EYydXEQuNHiK4QoMtOEX9TvHTvOQ0sbXO+eWc9Qnm
+dKQ=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIFwTCCA6mgAwIBAgIUI2lRzQ83h1wud9kyxtu+QmrjjW8wDQYJKoZIhvcNAQEL

files/keycloak/sso.mforcen.dev.fullchain.pem

@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE-----
-MIIF1zCCA7+gAwIBAgIUN+yqZtTpNBzmMppjPszb3oeZhSUwDQYJKoZIhvcNAQEL
+MIIF1zCCA7+gAwIBAgIUN+yqZtTpNBzmMppjPszb3oeZhScwDQYJKoZIhvcNAQEL
 BQAwazEUMBIGA1UEAwwLbWZvcmNlbi5kZXYxCzAJBgNVBAYTAkVTMQ8wDQYDVQQI
 DAZNdXJjaWExFjAUBgNVBAoMDU1hbnVlbCBGb3JjZW4xHTAbBgkqhkiG9w0BCQEW
-Dm1lQG1mb3JjZW4uZGV2MB4XDTI0MTAxMzE3MTAxMFoXDTI2MTAxMzE3MTAxMFow
+Dm1lQG1mb3JjZW4uZGV2MB4XDTI0MTIxMDE3NTk1MFoXDTI5MTIwOTE3NTk1MFow
 UDEYMBYGA1UEAwwPc3NvLm1mb3JjZW4uZGV2MQswCQYDVQQGEwJFUzEPMA0GA1UE
 CAwGTXVyY2lhMRYwFAYDVQQKDA1NYW51ZWwgRm9yY2VuMIICIjANBgkqhkiG9w0B
 AQEFAAOCAg8AMIICCgKCAgEA5mbumObZY9DKdCSclItvrHzFiYwcn2YHZQWEQudY
@@ -18,19 +18,19 @@ jEsFqQYbCIS5gTBeyhjbbBH3hz7e0sPVRrhL+vDtZ6retYVtClM/zR8eXP/EC4zi
 yQ6c7SzqX2IY0NM3pSuAcLmN2SEr1XRoFNrXiJLeQG34QtFPPExA0mMrc2zq8jds
 ZCUCAwEAAaOBjTCBijAfBgNVHSMEGDAWgBRc4t76omnxreInvLtnc2S2TrNEZjAJ
 BgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAwBgNVHREEKTAngg9zc28ubWZvcmNlbi5k
-ZXaCDmluZnJhLWtleWNsb2FrhwTAqGTIMB0GA1UdDgQWBBSmfY+Ys9/OM0QqABZH
-x9Hfad/QsDANBgkqhkiG9w0BAQsFAAOCAgEAj5/YbTeF0jUjSDIo4OwqKy9ahefr
-eiCjsjDwUBn7QgL/FYC4BCQw0y7WSLsHJxEHu2KSEs5GdVayTZY80e1eKEBKtg1u
-ZALP7fpBWUsLx7jEq1gLaxuHK2Tdbbt7gTcEKJuSCEQkBYwHiE4SiLvF4kgyBhdt
-9k6lWMAMIkyUsoqW35FibL+4DRCFT88gxPlInXeap7U457DPiTR+YQcDoMOasfKw
-uLk6kxPdAj9+/C4jR44JNwizl9dOwhLeXPg9IZxO1FcRUt3Q7OMQ7al3EeDOz8pB
-iON74z5Za9FX6QHP1Psxg/74v6wbOoAiatJ5zR5VZ3oZDPwWMcmC8Omh15f9HRR6
-+RUrsC2YW+9Zkj6fCheZfbi/vAica8n8t6PXRpHZ+8+xUCLOeREekjSVkIaacBkr
-wxfGmn6wCibnGVBp6MY8bZg5SudmRC8qPhMGsTtWD2MX6i5I1kxDfRKdMum3+nuL
-YN4ZGaDldpp7Y9vB1o3KcY6aDycKvMwqbfYXPHxRi8gbHxtaRpBTHYoJikBnIoTs
-bwJEIVq28XjmmcLDKkeHN4LCnKOJ/F7t5tqQpieIVr/mOJxahznSybRAQHYUup7H
-ePYfbP6zL0ZfDZ67UZPFiPfBWxpQny8KhouBF04oNJ5PDEC4ifHVWOoekYsEpk2e
-m1LzzWJ0yOhABpY=
+ZXaCDmluZnJhLWtleWNsb2FrhwSsHAADMB0GA1UdDgQWBBSmfY+Ys9/OM0QqABZH
+x9Hfad/QsDANBgkqhkiG9w0BAQsFAAOCAgEATyR6lPEjC1O/GUDMlklYrc7UZuIh
+8wvMSN0AtJ2zlSZd3x+Q6Tt9fPBceaBsR0/LvTe/TVqiW9ycPn3CCPG4jJy71eES
+HkMrsrzWWXjJ7mDkC9MkKf1WA/KMJAW2EkfLdWIplRZK709+4f/VeAo3Ki6nlnAJ
+1EU1IPcqAQAQVRlWygJ51oTGP26by7h5snM2wZoAPDii/QVe1rF/r9jlm/iUIcWP
+FrNVZURYAVyzxwbG2ECy3skiTr7bPXW7PmtVD6Y72RPCy3JgyLz+fiXFlAKgDonN
+66SlJqW9u0DKEu5sjwOsIoR5mGokEE+HqkqG2erM72FAyXVqdok0+WcStOX8q+1p
+pzqqbFCBdMzX8nVx/9FhWll1jcl6fsFnZ5XpKDcONHfA7b/K0IpndcqgSgK3fYpn
+HbjnDTOjBi9qa2aYpTenOfCxSoMjBYmRiETcbMyxOoqCLDZtx7tysmzTEutfPN2S
+RwAbS+RSypl3PBa9Fd7Az7mr35xE8E4yIBA+2sZaV2FSZlTTNplqbuDZ4Omm6Aw3
+x44IrKyMD6WLciozzvYr0dnhbRagNM86QKIVXNExTUesTU6hbqrM9oq7IqgPW+aH
+dxaoaAeBYDSG1aboTEZAdX7Ly2rXQiJQyV/SkosqPv8Bb+cuknQg//ofwA1MAswr
+bTIMSaz7pwpA6HE=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIFwTCCA6mgAwIBAgIUI2lRzQ83h1wud9kyxtu+QmrjjW8wDQYJKoZIhvcNAQEL

files/prometheus/compose.yml

@@ -0,0 +1,25 @@
+
+services:
+  prometheus:
+    image: prom/prometheus
+    container_name: infra-prometheus
+    restart: unless-stopped
+    logging:
+      driver: local
+    networks:
+      infra-network:
+        ipv4_address: 172.28.0.5
+        aliases:
+          - prom.mforcen.dev
+    volumes:
+      - type: bind
+        source: /opt/infra/prometheus/prometheus.yml
+        target: /etc/prometheus/prometheus.yml
+      - type: volume
+        source: prom-data
+        target: /prometheus
+volumes:
+  prom-data:
+networks:
+  infra-network: 
+    external: true

files/prometheus/prometheus.yml

@@ -0,0 +1,32 @@
+# my global config
+global:
+  scrape_interval: 60s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
+  evaluation_interval: 60s # Evaluate rules every 15 seconds. The default is every 1 minute.
+  # scrape_timeout is set to the global default (10s).
+
+# Alertmanager configuration
+#alerting:
+#   alertmanagers:
+#    - static_configs:
+#        - targets:
+#           - alertmanager:9093
+
+# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
+#rule_files:
+  # - "first_rules.yml"
+  # - "second_rules.yml"
+
+# A scrape configuration containing exactly one endpoint to scrape:
+# Here it's Prometheus itself.
+scrape_configs:
+  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
+  - job_name: "prometheus"
+
+    # metrics_path defaults to '/metrics'
+    # scheme defaults to 'http'.
+
+    static_configs:
+      - targets: ["localhost:9090"]
+  - job_name: "host"
+    static_configs: 
+      - targets: ["172.28.0.1:9103"]

install-metrics.yml

@@ -0,0 +1,40 @@
+
+---
+- name: installing metrics storage
+  hosts: server
+  gather_facts: false
+  tasks:
+  - name: Create prometheus directory if it does not exist
+    ansible.builtin.file:
+      path: /opt/infra/prometheus
+      state: directory
+      mode: '0755'
+  - name: Create prometheus config file
+    ansible.builtin.copy:
+      src: prometheus/prometheus.yml
+      dest: /opt/infra/prometheus/prometheus.yml
+  - name: Install collectd
+    ansible.builtin.apt:
+      name: collectd
+      state: present
+      update_cache: yes
+    become: true
+  - name: Install collectd config file
+    ansible.builtin.copy:
+      src: collectd/collectd.conf
+      dest: /etc/collectd/collectd.conf
+    become: true
+  - name: Restart collectd service
+    ansible.builtin.systemd_service:
+      name: collectd.service
+      state: restarted
+    become: true
+  - name: Create prometheus compose file
+    ansible.builtin.copy:
+      src: prometheus/compose.yml
+      dest: /opt/infra/prometheus/compose.yml
+  - name: Deploy prometheus compose file
+    community.docker.docker_compose_v2:
+      project_src: /opt/infra/prometheus
+      files:
+      - compose.yml

templates/compose.yml

@@ -44,12 +44,12 @@ services:
       - database
     labels:
       - traefik.enable=true
-      - traefik.tcp.routers.keycloak.rule=HostSNI(`sso.mforcen.dev`)
-      - traefik.tcp.routers.keycloak.entrypoints=websecure
-      - traefik.tcp.routers.keycloak.service=keycloak
-      - traefik.tcp.routers.keycloak.tls=true
-      - traefik.tcp.routers.keycloak.tls.passthrough=true
-      - traefik.tcp.services.keycloak.loadbalancer.server.port=443
+      - traefik.http.routers.keycloak.rule=Host(`sso.mforcen.dev`)
+      - traefik.http.routers.keycloak.entrypoints=websecure
+      - traefik.http.routers.keycloak.service=keycloak
+      - traefik.http.routers.keycloak.tls=true
+      - traefik.http.services.keycloak.loadbalancer.server.port=443
+      - traefik.http.services.keycloak.loadbalancer.server.scheme=https
       
   grafana:
     container_name: infra-grafana
@@ -96,12 +96,12 @@ services:
       GF_AUTH_GENERIC_OAUTH_API_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/userinfo
     labels:
       - traefik.enable=true
-      - traefik.tcp.routers.grafana.rule=HostSNI(`grafana.mforcen.dev`)
-      - traefik.tcp.routers.grafana.entrypoints=websecure
-      - traefik.tcp.routers.grafana.service=grafana
-      - traefik.tcp.routers.grafana.tls=true
-      - traefik.tcp.routers.grafana.tls.passthrough=true
-      - traefik.tcp.services.grafana.loadbalancer.server.port=443
+      - traefik.http.routers.grafana.rule=Host(`grafana.mforcen.dev`)
+      - traefik.http.routers.grafana.entrypoints=websecure
+      - traefik.http.routers.grafana.service=grafana
+      - traefik.http.routers.grafana.tls=true
+      - traefik.http.services.grafana.loadbalancer.server.port=443
+      - traefik.http.services.grafana.loadbalancer.server.scheme=https
 
 volumes:
   psql-data: