60 lines
1.7 KiB
YAML
60 lines
1.7 KiB
YAML
---
|
|
- name: Read web public IPv4 from inventory
|
|
set_fact:
|
|
loki_web_public_ipv4: "{{ (hostvars.get('web', {})).get('public_ipv4', '') }}"
|
|
|
|
- name: Warn if web public IPv4 is not set (skipping Loki allowlist)
|
|
debug:
|
|
msg: "web public_ipv4 is not set in inventory; skipping Loki UFW allowlist/deny rules."
|
|
when: loki_web_public_ipv4 | length == 0
|
|
|
|
- name: Ensure UFW is installed
|
|
apt:
|
|
name: ufw
|
|
state: present
|
|
|
|
- name: Enable UFW
|
|
command: ufw --force enable
|
|
changed_when: false
|
|
|
|
- name: Allowlist Loki from web host (insert rule at top)
|
|
command: "ufw insert 1 allow from {{ loki_web_public_ipv4 }} to any port 3100 proto tcp"
|
|
register: ufw_allow_loki
|
|
changed_when: "'Rule inserted' in ufw_allow_loki.stdout or 'Rules updated' in ufw_allow_loki.stdout"
|
|
when: loki_web_public_ipv4 | length > 0
|
|
|
|
- name: Deny Loki from everyone else
|
|
command: ufw deny 3100/tcp
|
|
register: ufw_deny_loki
|
|
changed_when: "'Rule inserted' in ufw_deny_loki.stdout or 'Rules updated' in ufw_deny_loki.stdout"
|
|
when: loki_web_public_ipv4 | length > 0
|
|
|
|
- name: Create Loki directory
|
|
file:
|
|
path: /opt/loki
|
|
state: directory
|
|
|
|
- name: Ensure monitoring network exists
|
|
command: docker network inspect monitoring
|
|
register: monitoring_network
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Create monitoring network if missing
|
|
command: docker network create monitoring
|
|
when: monitoring_network.rc != 0
|
|
|
|
- name: Copy Loki configuration
|
|
template:
|
|
src: loki-config.yml.j2
|
|
dest: /opt/loki/loki-config.yml
|
|
|
|
- name: Copy Docker Compose file for Loki
|
|
template:
|
|
src: docker-compose.yml.j2
|
|
dest: /opt/loki/docker-compose.yml
|
|
|
|
- name: Deploy Loki
|
|
command: docker compose up -d
|
|
args:
|
|
chdir: /opt/loki
|