Public-safe Ansible template for deploying a Docker Compose observability stack with Prometheus, Grafana, Loki, Promtail, Tempo, OpenTelemetry Collector, Alertmanager and Blackbox Exporter.
This repository is a sanitized portfolio/template version. It does not contain real credentials, internal hosts, private registry URLs, production webhooks or organization-specific infrastructure data.
- Role-based Ansible project structure.
- Docker Compose observability stack deployment.
- Prometheus scraping and alert rule provisioning.
- Alertmanager webhook routing with placeholder endpoints.
- Grafana datasource provisioning for Prometheus, Loki and Tempo.
- Logs with Loki and Promtail.
- Traces with Tempo and OpenTelemetry Collector.
- Blackbox probing for HTTP/TCP checks.
- Public-safe inventory and configuration defaults.
- GitHub Actions validation with YAML linting and Ansible syntax check.
- Backstage TechDocs-ready metadata.
- Prometheus
- Grafana
- Loki
- Promtail
- Tempo
- OpenTelemetry Collector
- Alertmanager
- Blackbox Exporter
.
├── group_vars # Shared public-safe defaults
├── inventories # Example Ansible inventory
├── playbooks # Main deployment playbook
├── roles # Local Ansible roles for the observability stack
├── docs # TechDocs content
├── ansible.cfg # Local Ansible configuration
├── deploy.sh # Deployment helper
└── Makefile # Validation and deploy shortcuts
Install requirements:
make installRun local validation:
make syntaxRun the deployment against your configured inventory:
make deployTo use this with a real host, replace the reserved documentation address in inventories/inventory.yml, keep secrets outside Git, and provide become credentials through Ansible Vault or --ask-become-pass.
Shared defaults live in group_vars/all.yml.
Important variables:
observability_base_dir: target directory for generated configuration and Compose files.grafana_admin_user: Grafana admin user.grafana_admin_password_env: Docker Compose expression for the Grafana admin password.grafana_root_url: public URL configured in Grafana.alertmanager_default_webhook_url: placeholder webhook for general alerts.alertmanager_certificate_webhook_url: placeholder webhook for certificate alerts.cert_endpoint_exporter_enabled: enables an optional certificate endpoint exporter.falcosidekick_enabled: enables optional Falcosidekick forwarding.
- Do not commit real hostnames, IPs, passwords, private keys or webhook URLs.
- Keep
GRAFANA_ADMIN_PASSWORDin the target environment or a secret manager. - Use Ansible Vault for sensitive variables.
- Review generated Docker Compose files before applying to production.
- This public repository was created from a clean export, without the original private Git history.
MIT License.