37 lines
1.2 KiB
YAML
37 lines
1.2 KiB
YAML
---
|
|
# roles/swarm_cadvisor/tasks/main.yml
|
|
# Deploy cAdvisor for container-level resource monitoring
|
|
|
|
- name: Ensure cAdvisor container is running
|
|
community.docker.docker_container:
|
|
name: "{{ cadvisor_container_name }}"
|
|
image: "gcr.io/cadvisor/cadvisor:{{ cadvisor_version }}"
|
|
state: started
|
|
restart_policy: "{{ cadvisor_restart_policy }}"
|
|
ports:
|
|
- "{{ cadvisor_port }}:8080"
|
|
volumes: "{{ cadvisor_volumes }}"
|
|
privileged: true
|
|
# === WHY PRIVILEGED? ===
|
|
# cAdvisor needs to read cgroup metrics from /sys/fs/cgroup
|
|
# This requires elevated permissions. In production, consider
|
|
# using specific capabilities instead of full privileged mode:
|
|
# cap_add: ["SYS_ADMIN"]
|
|
devices:
|
|
- "/dev/kmsg:/dev/kmsg"
|
|
register: cadvisor_container
|
|
|
|
- name: Verify cAdvisor is responding
|
|
ansible.builtin.uri:
|
|
url: "http://localhost:{{ cadvisor_port }}/metrics"
|
|
method: GET
|
|
status_code: 200
|
|
retries: 3
|
|
delay: 5
|
|
register: cadvisor_health
|
|
failed_when: cadvisor_health.status != 200
|
|
|
|
- name: Display cAdvisor endpoint
|
|
ansible.builtin.debug:
|
|
msg: "✅ cAdvisor is running on {{ ansible_hostname }}:{{ cadvisor_port }}"
|