add monitor role

ansible/monitoring.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Setup the monitoring stack
+  hosts: deploy-dynamic:static-challenges:dynamic-challenges
+  gather_facts: true
+  roles:
+    - monitoring

ansible/roles/monitoring/files/.env.sample

@@ -0,0 +1 @@
+GRAFANA_ADMIN_PASSWORD=changeme

ansible/roles/monitoring/files/datasource.yaml

@@ -0,0 +1,8 @@
+apiVersion: 1
+
+datasources:
+  - name: Prometheus
+    type: prometheus
+    access: proxy
+    url: http://prometheus:9090
+    isDefault: true

ansible/roles/monitoring/files/docker-compose.cadvisor.yml

@@ -0,0 +1,14 @@
+services:
+
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor:v0.50.0
+    restart: unless-stopped
+    container_name: cadvisor
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:ro
+      - /var/run/docker.sock:/var/run/docker.sock:rw
+      - /sys:/sys:ro
+      - /var/lib/docker/:/var/lib/docker:ro
+    ports:
+      - "1080:8080"

ansible/roles/monitoring/files/docker-compose.panel.yml

@@ -0,0 +1,49 @@
+services:
+
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor:v0.50.0
+    restart: unless-stopped
+    container_name: cadvisor
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:ro
+      - /var/run/docker.sock:/var/run/docker.sock:rw
+      - /sys:/sys:ro
+      - /var/lib/docker/:/var/lib/docker:ro
+    networks:
+      - monitoring_net
+
+  prometheus:
+    image: prom/prometheus:main
+    restart: unless-stopped
+    container_name: prometheus
+    volumes:
+      - ./prometheus.yml:/etc/prometheus/prometheus.yml
+    command:
+      - "--config.file=/etc/prometheus/prometheus.yml"
+    ports:
+      - "9090:9090"
+    depends_on:
+      - cadvisor
+    networks:
+      - monitoring_net
+
+  grafana:
+    image: grafana/grafana:main
+    restart: unless-stopped
+    container_name: grafana
+    environment: 
+      - GF_SECURITY_ADMIN_USER=admin
+      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD}
+    volumes:
+      - ./datasource.yaml:/etc/grafana/provisioning/datasources/datasource.yaml
+    ports:
+      - "9100:3000"
+    depends_on:
+      - prometheus
+    networks:
+      - monitoring_net
+
+networks:
+  monitoring_net:
+    driver: bridge

ansible/roles/monitoring/tasks/cadvisor.yml

@@ -0,0 +1,22 @@
+---
+
+- name: Copy docker compose and settings files
+  ansible.builtin.copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ monitoring_install_path }}/{{ item.dest }}"
+    owner: "{{ ctf_user }}"
+    group: "{{ ctf_user }}"
+    mode: "0644"
+  become: true
+  become_user: "{{ ctf_user }}"
+  loop:
+    - { src: "docker-compose.cadvisor.yml", dest: "docker-compose.yml" }
+
+- name: Start monitor cAdvisor docker-compose
+  ansible.builtin.shell: "docker compose up -d --build --force-recreate"
+  args:
+    chdir: "{{ monitoring_install_path }}"
+  register: cadvisor_compose_output
+  changed_when: "'recreated' in cadvisor_compose_output.stdout or 'Pulling' in cadvisor_compose_output.stdout"
+  become: true
+  become_user: "{{ ctf_user }}"

ansible/roles/monitoring/tasks/grafana_prometheus.yml

@@ -0,0 +1,42 @@
+---
+
+- name: Copy docker compose and settings files
+  ansible.builtin.copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ monitoring_install_path }}/{{ item.dest }}"
+    owner: "{{ ctf_user }}"
+    group: "{{ ctf_user }}"
+    mode: "0644"
+  become: true
+  become_user: "{{ ctf_user }}"
+  loop:
+    - { src: "docker-compose.panel.yml", dest: "docker-compose.yml" }
+    - { src: "datasource.yaml", dest: "datasource.yaml" }
+    - { src: ".env", dest: ".env" }
+
+# ansible -i inventories/prod -m setup heroctf-static-1
+- name: Collect IP addresses from challenges
+  ansible.builtin.set_fact:
+    ip_addresses: >-
+      {% for host in groups['static-challenges'] + groups['dynamic-challenges'] -%}
+        , "{{ hostvars[host]['ansible_eth1']['ipv4']['address']}}:1080"
+      {%- endfor -%}
+
+- name: "Setup Prometheus configuration"
+  ansible.builtin.template:
+    src: prometheus.yml.j2
+    dest: "{{ monitoring_install_path }}/prometheus.yml"
+    owner: "{{ ctf_user }}"
+    group: "{{ ctf_user }}"
+    mode: "0644"
+  become: true
+  become_user: "{{ ctf_user }}"
+
+- name: Start monitor panel docker-compose
+  ansible.builtin.shell: "docker compose up -d --build --force-recreate"
+  args:
+    chdir: "{{ monitoring_install_path }}"
+  register: panel_compose_output
+  changed_when: "'recreated' in panel_compose_output.stdout or 'Pulling' in panel_compose_output.stdout"
+  become: true
+  become_user: "{{ ctf_user }}"

ansible/roles/monitoring/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+
+- name: "Create '{{ monitoring_install_path }}' directory"
+  ansible.builtin.file:
+    path: "{{ monitoring_install_path }}"
+    state: directory
+    owner: "{{ ctf_user }}"
+    group: "{{ ctf_user }}"
+  become: true
+  become_user: "{{ ctf_user }}"
+
+- name: Setup Grafana and Prometheus
+  ansible.builtin.import_tasks:
+    file: grafana_prometheus.yml
+  when: inventory_hostname in groups['deploy-dynamic']
+
+- name: Setup cAdvisor
+  ansible.builtin.import_tasks:
+    file: cadvisor.yml
+  when: inventory_hostname not in groups['deploy-dynamic']

ansible/roles/monitoring/templates/prometheus.yml.j2

@@ -0,0 +1,12 @@
+global:
+  scrape_interval: 15s
+  evaluation_interval: 15s
+
+scrape_configs:
+  - job_name: "prometheus"
+    static_configs:
+      - targets: ["prometheus:9090"]
+
+  - job_name: "cadvisor"
+    static_configs:
+      - targets: ["cadvisor:8080", "35.180.196.232:8080" {{ ip_addresses }}]

ansible/roles/monitoring/vars/main.yml

@@ -0,0 +1 @@
+monitoring_install_path: "/home/{{ ctf_user }}/monitoring"