From 7e2f7e57492651dbf618d8395e91116043f8c61f Mon Sep 17 00:00:00 2001
From: dave <dave@pootis.network>
Date: Mon, 14 Nov 2022 16:01:54 +0300
Subject: [PATCH] feat: add mysql/mysql_exporter/fluentd

---
 README.md                                    |   7 +-
 all.yml                                      |   1 +
 ansible.yml                                  |   6 +
 group_vars/all.yml                           |   9 ++
 group_vars/containers.yml                    |   5 +-
 hosts                                        |  78 +++++++-----
 roles/ansible/tasks/main.yml                 |  25 ++++
 roles/container/tasks/main.yml               |  17 ++-
 roles/fluentd/tasks/prepare_build.yml        | 118 +++++++++++++++++++
 roles/fluentd/templates/fluentd.j2           |  41 +++++++
 roles/hv/defaults/main.yml                   |   3 -
 roles/hv/tasks/install_docker.yml            |  37 +-----
 roles/mysql/tasks/prepare_build.yml          |  12 ++
 roles/mysql_exporter/tasks/main.yml          |  37 ++++++
 roles/mysql_exporter/tasks/prepare_build.yml |   7 ++
 roles/nginx/templates/nginx.j2               |   9 +-
 roles/nginx_exporter/tasks/prepare_build.yml |   2 +-
 tasks/add_docker_repo.yml                    |  44 +++++++
 tasks/init_mysql.yml                         |  13 ++
 templates/fluentd.Dockerfile.j2              |  14 +++
 20 files changed, 407 insertions(+), 78 deletions(-)
 create mode 100644 ansible.yml
 create mode 100644 roles/ansible/tasks/main.yml
 create mode 100644 roles/fluentd/tasks/prepare_build.yml
 create mode 100644 roles/fluentd/templates/fluentd.j2
 create mode 100644 roles/mysql/tasks/prepare_build.yml
 create mode 100644 roles/mysql_exporter/tasks/main.yml
 create mode 100644 roles/mysql_exporter/tasks/prepare_build.yml
 create mode 100644 tasks/add_docker_repo.yml
 create mode 100644 tasks/init_mysql.yml
 create mode 100644 templates/fluentd.Dockerfile.j2

diff --git a/README.md b/README.md
index bc1dbc7..66dc6a9 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,7 @@
 
 ## Пререквизиты
 - ВМ или контейнер с Debian 11, который будет работать в качестве Docker-хоста (Docker ставить не нужно)
+- Ansible-контроллер под Alpine или Debian
 - настроено SSH-подключение под учеткой root (для Ansible)
 - Python 3 (для Ansible)
 - две записи в файле hosts:
@@ -34,12 +35,12 @@ docker_network_iprange: 10.90.0.0/16
 - [x] apache2
 - [x] node_exporter
 - [x] nginx_exporter
-- [ ] mysql_exporter
+- [x] mysql_exporter
 - [x] cadvisor
 - [ ] prometheus
 - [ ] grafana
-- [ ] fluentd
-- [ ] mysql
+- [x] fluentd
+- [x] mysql
 
 ## Исходные данные
 
diff --git a/all.yml b/all.yml
index 6c4411d..e6d5e5d 100644
--- a/all.yml
+++ b/all.yml
@@ -1,2 +1,3 @@
+- import_playbook: ansible.yml
 - import_playbook: hv.yml
 - import_playbook: containers.yml
\ No newline at end of file
diff --git a/ansible.yml b/ansible.yml
new file mode 100644
index 0000000..2200ca5
--- /dev/null
+++ b/ansible.yml
@@ -0,0 +1,6 @@
+- hosts: localhost
+  gather_facts: no
+  serial: 1
+  strategy: linear
+  roles:
+    - ansible
diff --git a/group_vars/all.yml b/group_vars/all.yml
index 3591f13..662264d 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -3,3 +3,12 @@ container_logs_dir: /opt/logs
 container_root_build_dir: /opt/build
 
 docker_remote_port: 5011
+
+fluentd_database_name: nginx
+fluentd_database_user: fluentd
+fluentd_database_pass: 4CDVyJQPGsrzmy3U3XgdYEKGGxoRBquy
+fluentd_database_table: nginx_logs
+
+
+gpg_keyrings_dir: /etc/apt/trusted.gpg.d
+docker_repo_url: https://download.docker.com/linux/debian
\ No newline at end of file
diff --git a/group_vars/containers.yml b/group_vars/containers.yml
index 78f6a67..50bc30a 100644
--- a/group_vars/containers.yml
+++ b/group_vars/containers.yml
@@ -1,4 +1,5 @@
-ansible_connection: docker
 hypervisor_hostname: hv
 
-container_default_config:
+ansible_connection: docker
+ansible_user: root
+ansible_docker_extra_args: "-H tcp://{{ hostvars[hypervisor_hostname]['ansible_host'] ~ ':' ~ docker_remote_port }}"
diff --git a/hosts b/hosts
index f2fc3da..5b9509e 100644
--- a/hosts
+++ b/hosts
@@ -10,8 +10,7 @@ all:
     containers:
       hosts:
         nginx:
-          ansible_host: 10.90.0.2
-          ansible_password: k3PpKHF52zgUaowB73V6ggrnMUDUcMeS
+          container_address: 10.90.0.2
           container_config:
             image: nginx
             custom_image: yes
@@ -20,29 +19,42 @@ all:
               error_log: /var/log/nginx/error.log info
               load_module: /usr/local/nginx/modules/ngx_http_geoip2_module.so
             http:
-              log_format: "custom escape=json '\"$time_iso8601\" \"$request_time\" \"$upstream_response_time\" \
-                           \"$remote_addr\" \"$remote_user\" \"$time_local\" \"$request\" \"$status\" \
-                           \"$body_bytes_sent\" \"$http_referer\" \"$http_user_agent\" \"$geoip_country_code\"'"
+              log_format: "custom escape=json '{\
+                           \"time_iso8601\": \"$time_iso8601\", \
+                           \"request_time\": \"$request_time\", \
+                           \"upstream_response_time\": \"$upstream_response_time\", \
+                           \"remote_addr\": \"$remote_addr\", \
+                           \"remote_user\": \"$remote_user\", \
+                           \"time_local\": \"$time_local\", \
+                           \"request\": \"$request\", \
+                           \"status\": \"$status\", \
+                           \"body_bytes_sent\": \"$body_bytes_sent\", \
+                           \"http_referer\": \"$http_referer\", \
+                           \"http_user_agent\": \"$http_user_agent\", \
+                           \"geoip_country_code\": \"$geoip_country_code\"}'"
+            http_post:
+              access_log: "syslog:server=10.90.0.10:11514,tag=nginx_access custom"
+          fluentd_source:
+            _type: syslog
+            port: 11514
+            tag: nginx.access
 
         apache1:
-          ansible_host: 10.90.0.3
-          ansible_password: qUTuyFHzCFGVswGYEHv5MU2JzQGt9Tx7
+          container_address: 10.90.0.3
           host_role: apache
           container_config:
             image: php:8-apache
             mounts: /opt/www/html:/var/www/html
 
         apache2:
-          ansible_host: 10.90.0.4
-          ansible_password: F2a4v4LoQ5U6rwAgsrSt68SJwmHGARuP
+          container_address: 10.90.0.4
           host_role: apache
           container_config:
             image: php:8-apache
             mounts: /opt/www/html:/var/www/html
 
         cadvisor:
-          ansible_host: 10.90.0.5
-          ansible_password: dJpxV9gri438UbC82bYXCp4BeAGHyoZn
+          container_address: 10.90.0.5
           container_config:
             image: gcr.io/cadvisor/cadvisor:latest
             mounts:
@@ -56,8 +68,7 @@ all:
               - /dev/kmsg
 
         node_exporter:
-          ansible_host: 10.90.0.6
-          ansible_password: QnSKHZ5e82YnCzbS75PMHXZqhwpFbzcu
+          container_address: 10.90.0.6
           container_config:
             image: prom/node-exporter:latest
             extra_mounts:
@@ -65,23 +76,36 @@ all:
             command: '--path.rootfs=/host'
 
         nginx_exporter:
-          ansible_host: 10.90.0.7
-          ansible_password: rkeE2vHp2jmLjsyz4r9ASe63GM5t6FbA
+          container_address: 10.90.0.7
           container_config:
             image: nginx/nginx-prometheus-exporter
 
+        mysql:
+          container_address: 10.90.0.8
+          container_config:
+            image: yobasystems/alpine-mariadb:latest
+            mounts: /opt/mariadb:/var/lib/mysql
+            command: '--character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci'
+          mysql_root_password: eJdr5qyXoH2LCna3FaL9w3pAzpxGdWSE
+
         mysql_exporter:
-          ansible_host: 10.61.1.7
-          ansible_password: VxMNsdHg6Fu5Ah9GxRTcQFVTGFRagAHD
+          container_address: 10.90.0.9
+          container_config:
+            image: prom/mysqld-exporter:latest
+          mysql_target_host: mysql
+          mysql_exporter_username: exporter
+          mysql_exporter_password: JmH45F3HQogkQoofLaca7YNPvYRV4KXD
+
+        fluentd:
+          container_address: 10.90.0.10
+          container_config:
+            image: fluentd
+            custom_image: yes
+          fluentd_syslog_port: 11514
+
+
+
         prometheus:
-          ansible_host: 10.61.1.9
-          ansible_password: XPJEzq3ohbu3KxcqWnT65M9uX5Utxyx2
+          container_address: 10.90.0.11
         grafana:
-          ansible_host: 10.61.1.10
-          ansible_password: ZsA8if5Cm4sEr299SjoMEMgqV5kBYn4a
-        fluentd:
-          ansible_host: 10.61.1.11
-          ansible_password: mcLjXRpVGvxk7x4NPhuHVf9n6o8nk3cS
-        mysql:
-          ansible_host: 10.61.1.12
-          ansible_password: cr9GvFGoqnzAdUNRvTr2DRqwQqqKLMWV
\ No newline at end of file
+          container_address: 10.90.0.12
diff --git a/roles/ansible/tasks/main.yml b/roles/ansible/tasks/main.yml
new file mode 100644
index 0000000..abfdabc
--- /dev/null
+++ b/roles/ansible/tasks/main.yml
@@ -0,0 +1,25 @@
+- name: determine distribution
+  setup:
+    gather_subset:
+      - distribution
+
+
+- name: install docker cli
+  package:
+    name: docker-cli
+  when: ansible_distribution == 'Alpine'
+
+
+- block:
+    - name: add docker repository
+      include_tasks: add_docker_repo.yml
+
+
+    - name: install docker cli
+      apt:
+        name:
+          - docker-ce-cli
+        force_apt_get: yes
+        state: latest
+
+  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
diff --git a/roles/container/tasks/main.yml b/roles/container/tasks/main.yml
index d562dc5..caf0e36 100644
--- a/roles/container/tasks/main.yml
+++ b/roles/container/tasks/main.yml
@@ -79,9 +79,7 @@
         hostname: "{{ inventory_hostname }}"
         command_handling: correct
         network_mode: bridge
-        networks:
-          - name: network
-            ipv4_address: "{{ ansible_host }}"
+        networks: "{{ [] if container_address is not defined else [{'name': 'network', 'ipv4_address': container_address}] }}"
         log_driver: local
         detach: yes
         restart_policy: unless-stopped
@@ -91,5 +89,18 @@
         privileged: "{{ container_cfg.privileged | d(false) }}"
         devices: "{{ omit if container_cfg.devices is not defined else ([container_cfg.devices] | flatten(levels=1)) }}"
         command: "{{ container_cfg.command | d(omit) }}"
+        env: "{{ container_cfg.env | d(omit) }}"
+        exposed_ports: "{{ container_cfg.exposed_ports | d(omit) }}"
 
   delegate_to: "{{ hypervisor_hostname }}"
+
+
+- block:
+    - name: ping container
+      ping:
+
+  rescue:
+    - name: install python in container
+      raw: apk add python3
+
+  when: container_post_build | d(false) == true
\ No newline at end of file
diff --git a/roles/fluentd/tasks/prepare_build.yml b/roles/fluentd/tasks/prepare_build.yml
new file mode 100644
index 0000000..94e17a0
--- /dev/null
+++ b/roles/fluentd/tasks/prepare_build.yml
@@ -0,0 +1,118 @@
+- name: set container mount dirs
+  set_fact:
+    container_config_mount: /fluentd/etc/
+
+
+- name: set additional exposed ports
+  set_fact:
+    container_role_config:
+      exposed_ports: "{{ fluentd_syslog_port }}"
+  when: fluentd_syslog_port is defined
+
+
+- name: set fluentd sections
+  set_fact:
+    fluentd_filters:
+      - __postfix: 'nginx.**'
+        _type: parser
+        key_name: message
+        parse:
+          _type: json
+          json_parser: yajl
+
+    fluentd_matches:
+      - __postfix: 'nginx.**'
+        _type: sql
+        adapter: mysql2
+        _log_level: trace
+        port: 3306
+        host: "{{ hostvars['mysql']['container_address'] | d(hostvars['mysql']['ansible_host']) }}"
+        database: "{{ fluentd_database_name }}"
+        username: "{{ fluentd_database_user }}"
+        password: "{{ fluentd_database_pass }}"
+        flush_interval: 1s
+        table:
+          table: "{{ fluentd_database_table }}"
+          column_mapping: "time_iso8601:time_iso8601,\
+                           request_time:request_time,\
+                           upstream_response_time:upstream_response_time,\
+                           remote_addr:remote_addr,\
+                           remote_user:remote_user,\
+                           time_local:time_local,\
+                           request:request,\
+                           status:status,\
+                           body_bytes_sent:body_bytes_sent,\
+                           http_referer:http_referer,\
+                           http_user_agent:http_user_agent,\
+                           geoip_country_code:geoip_country_code"
+
+
+- block:
+    - name: initialize ansible mysql connection
+      include_tasks: init_mysql.yml
+
+
+    - name: create fluentd database
+      mysql_db:
+        name: "{{ fluentd_database_name }}"
+        encoding: utf8
+        login_host: "{{ hostvars['mysql']['container_address'] | d(hostvars['mysql']['ansible_host']) }}"
+        login_user: "{{ hostvars['mysql']['mysql_root_username'] | d('root') }}"
+        login_password: "{{ hostvars['mysql']['mysql_root_password'] | d(omit) }}"
+
+
+    - name: create fluentd database user
+      mysql_user:
+        name: "{{ fluentd_database_user }}"
+        password: "{{ fluentd_database_pass }}"
+        plugin: mysql_native_password
+        host: "{{ container_address | d(ansible_host) }}"
+        priv: "{{ fluentd_database_name }}.*:ALL"
+
+        login_host: "{{ hostvars['mysql']['container_address'] | d(hostvars['mysql']['ansible_host']) }}"
+        login_user: "{{ hostvars['mysql']['mysql_root_username'] | d('root') }}"
+        login_password: "{{ hostvars['mysql']['mysql_root_password'] | d(omit) }}"
+      register: result
+
+
+    - name: flush privileges
+      mysql_query:
+        query: FLUSH PRIVILEGES
+        login_host: "{{ hostvars['mysql']['container_address'] | d(hostvars['mysql']['ansible_host']) }}"
+        login_user: "{{ hostvars['mysql']['mysql_root_username'] | d('root') }}"
+        login_password: "{{ hostvars['mysql']['mysql_root_password'] | d(omit) }}"
+      when: result.changed
+
+
+    - name: initialize mysql database
+      mysql_query:
+        query: |
+          CREATE TABLE IF NOT EXISTS {{ fluentd_database_table | quote }} (
+            time_iso8601 DATETIME,
+            request_time FLOAT,
+            upstream_response_time FLOAT,
+            remote_addr TEXT,
+            remote_user TEXT,
+            time_local TEXT,
+            request TEXT,
+            status INTEGER,
+            body_bytes_sent INTEGER,
+            http_referer TEXT,
+            http_user_agent TEXT,
+            geoip_country_code TEXT
+          );
+        login_db: "{{ fluentd_database_name }}"
+        login_host: "{{ hostvars['mysql']['container_address'] | d(hostvars['mysql']['ansible_host']) }}"
+        login_user: "{{ hostvars['mysql']['mysql_root_username'] | d('root') }}"
+        login_password: "{{ hostvars['mysql']['mysql_root_password'] | d(omit) }}"
+      changed_when: no
+
+  delegate_to: localhost
+
+
+- name: template fluentd config
+  template:
+    src: fluentd.j2
+    dest: "{{ (conf_dir, 'fluent.conf') | path_join }}"
+    lstrip_blocks: yes
+    force: yes
diff --git a/roles/fluentd/templates/fluentd.j2 b/roles/fluentd/templates/fluentd.j2
new file mode 100644
index 0000000..371d3a6
--- /dev/null
+++ b/roles/fluentd/templates/fluentd.j2
@@ -0,0 +1,41 @@
+{% macro fluentd_option_block(name, values, padding = 2) -%}
+  {% if values is mapping -%}
+    {% set postfix = '' if values.__postfix is not defined else (' ' + values.__postfix) -%}
+
+    <{{ name ~ postfix}}>
+      {% for option in values | dict2items -%}
+        {% if option.key != '__postfix' -%}
+          {{ '' if padding == 0 else (' ' * padding) -}}
+          {% if option.value is mapping -%}
+            {{ fluentd_option_block(option.key, option.value, padding + 2) -}}
+          {% else -%}
+            {% if option.key[0] == '_' -%}
+              {{ '@' ~ option.key[1:] }} {{ option.value }}
+            {% else -%}
+              {{ option.key }} {{ option.value }}
+            {% endif -%}
+          {% endif -%}
+        {% endif -%}
+      {% endfor -%}
+    {{ '' if padding == 0 else (' ' * (padding - 2)) -}}</{{ name }}>
+  {% endif -%}
+{% endmacro -%}
+
+
+
+{{ fluentd_option_block('system', fluentd_system | d(None)) }}
+
+
+{% for source in (fluentd_sources | d([])) + (groups['all'] | map('extract', hostvars) | selectattr('fluentd_source', 'mapping') | map(attribute='fluentd_source') | list) -%}
+  {{ fluentd_option_block('source', source) }}
+{% endfor -%}
+
+
+{% for filter in (fluentd_filters | d([])) -%}
+  {{ fluentd_option_block('filter', filter) }}
+{% endfor -%}
+
+
+{% for match in (fluentd_matches | d([])) -%}
+  {{ fluentd_option_block('match', match) }}
+{% endfor -%}
diff --git a/roles/hv/defaults/main.yml b/roles/hv/defaults/main.yml
index 4168751..f68a664 100644
--- a/roles/hv/defaults/main.yml
+++ b/roles/hv/defaults/main.yml
@@ -1,7 +1,4 @@
 timezone: Europe/Kirov
-gpg_keyrings_dir: /etc/apt/trusted.gpg.d
-docker_repo_url: https://download.docker.com/linux/debian
-
 
 docker_network_subnet: 10.90.0.0/16
 docker_network_gateway: 10.90.0.1
diff --git a/roles/hv/tasks/install_docker.yml b/roles/hv/tasks/install_docker.yml
index 16229c8..25a19cf 100644
--- a/roles/hv/tasks/install_docker.yml
+++ b/roles/hv/tasks/install_docker.yml
@@ -13,41 +13,8 @@
     state: absent
 
 
-- name: ensure apt can access https repos
-  apt:
-    name:
-      - ca-certificates
-      - curl
-      - gnupg
-      - lsb-release
-    force_apt_get: yes
-    state: latest
-
-
-- name: add keyrings dir
-  file:
-    state: directory
-    path: "{{ gpg_keyrings_dir }}"
-
-
-- name: download docker gpg key
-  get_url:
-    url: "{{ docker_repo_url ~ '/gpg' }}"
-    dest: "{{ gpg_keyrings_dir }}/docker.asc"
-    mode: a+r
-
-
-- name: add apt repo
-  apt_repository:
-    repo: "deb [arch=amd64 signed-by={{ (gpg_keyrings_dir ~ '/docker.asc') | quote }}] \
-           {{ docker_repo_url }} {{ ansible_distribution_release }} stable"
-
-
-- name: update repository index
-  apt:
-    force_apt_get: yes
-    update_cache: yes
-  changed_when: no
+- name: add docker repository
+  include_tasks: add_docker_repo.yml
 
 
 - name: install docker and dependencies
diff --git a/roles/mysql/tasks/prepare_build.yml b/roles/mysql/tasks/prepare_build.yml
new file mode 100644
index 0000000..33ec122
--- /dev/null
+++ b/roles/mysql/tasks/prepare_build.yml
@@ -0,0 +1,12 @@
+- name: set container cfg
+  set_fact:
+    container_logs_mount: /var/lib/mysql/mysql-bin
+    container_role_config:
+      env:
+        MYSQL_ROOT_PASSWORD: "{{ mysql_root_password }}"
+
+
+- name: create mysql dir
+  file:
+    path: /opt/mariadb
+    state: directory
diff --git a/roles/mysql_exporter/tasks/main.yml b/roles/mysql_exporter/tasks/main.yml
new file mode 100644
index 0000000..e1a6b7e
--- /dev/null
+++ b/roles/mysql_exporter/tasks/main.yml
@@ -0,0 +1,37 @@
+- name: fail if exporter host is missing
+  fail:
+    msg: mysql_target_host is not string
+  when: mysql_target_host is not string
+
+
+- block:
+    - include_tasks: init_mysql.yml
+
+
+    - name: create exporter user
+      mysql_user:
+        name: "{{ mysql_exporter_username }}"
+        password: "{{ mysql_exporter_password }}"
+        plugin: mysql_native_password
+        host: "{{ container_address | d(ansible_host) }}"
+        resource_limits:
+          MAX_USER_CONNECTIONS: 3
+        priv:
+          '*.*': 'SELECT,BINLOG MONITOR,PROCESS'
+          'performance_schema.*': SELECT
+
+        login_host: "{{ hostvars[mysql_target_host]['container_address'] | d(hostvars[mysql_target_host]['ansible_host']) }}"
+        login_user: "{{ hostvars[mysql_target_host]['mysql_root_username'] | d('root') }}"
+        login_password: "{{ hostvars[mysql_target_host]['mysql_root_password'] | d(omit) }}"
+      register: result
+
+
+    - name: flush privileges
+      mysql_query:
+        query: FLUSH PRIVILEGES
+        login_host: "{{ hostvars[mysql_target_host]['container_address'] | d(hostvars[mysql_target_host]['ansible_host']) }}"
+        login_user: "{{ hostvars[mysql_target_host]['mysql_root_username'] | d('root') }}"
+        login_password: "{{ hostvars[mysql_target_host]['mysql_root_password'] | d(omit) }}"
+      when: result.changed
+
+  delegate_to: localhost
diff --git a/roles/mysql_exporter/tasks/prepare_build.yml b/roles/mysql_exporter/tasks/prepare_build.yml
new file mode 100644
index 0000000..f189dea
--- /dev/null
+++ b/roles/mysql_exporter/tasks/prepare_build.yml
@@ -0,0 +1,7 @@
+- name: set container cfg
+  set_fact:
+    container_role_config:
+      env:
+        DATA_SOURCE_NAME: "{{ mysql_exporter_username ~ ':' ~ mysql_exporter_password ~ '@tcp(' ~
+                              (hostvars[mysql_target_host]['container_address'] | d(hostvars[mysql_target_host]['ansible_host'])) ~
+                              ':3306)/' }}"
diff --git a/roles/nginx/templates/nginx.j2 b/roles/nginx/templates/nginx.j2
index 09fbc69..0d76445 100644
--- a/roles/nginx/templates/nginx.j2
+++ b/roles/nginx/templates/nginx.j2
@@ -28,7 +28,6 @@ events {
 http {
   {{ nginx_option_block(nginx_cfg.http) }}
 
-  access_log /var/log/nginx/access.log custom;
   include {{ (container_config_mount, 'mime.types') | path_join | quote}};
 
   geoip2 {{ (container_config_mount, 'geoip.mmdb') | path_join | quote }} {
@@ -36,6 +35,8 @@ http {
     $geoip_country_code default=RU source=$remote_addr country iso_code;
   }
 
+  {{ nginx_option_block(nginx_cfg.http_post) }}
+
   server {
     listen 80;
     listen [::]:80;
@@ -43,7 +44,7 @@ http {
     server_name apache1.local;
 
     location / {
-      proxy_pass http://{{ hostvars['apache1']['ansible_host'] }};
+      proxy_pass http://{{ hostvars['apache1']['container_address'] | d(hostvars['apache1']['ansible_host']) }};
       proxy_set_header Host $proxy_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -58,7 +59,7 @@ http {
     server_name apache2.local;
 
     location / {
-      proxy_pass http://{{ hostvars['apache2']['ansible_host'] }};
+      proxy_pass http://{{ hostvars['apache2']['container_address'] | d(hostvars['apache2']['ansible_host']) }};
       proxy_set_header Host $proxy_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -78,7 +79,7 @@ http {
     location /stub_status {
       stub_status;
       # deny all;
-      allow {{ hostvars['nginx_exporter']['ansible_host'] }};
+      allow {{ hostvars['nginx_exporter']['container_address'] | d(hostvars['nginx_exporter']['ansible_host']) }};
     }
     {% endif -%}
   }
diff --git a/roles/nginx_exporter/tasks/prepare_build.yml b/roles/nginx_exporter/tasks/prepare_build.yml
index 1bc1516..e60e011 100644
--- a/roles/nginx_exporter/tasks/prepare_build.yml
+++ b/roles/nginx_exporter/tasks/prepare_build.yml
@@ -1,4 +1,4 @@
 - name: set container cfg
   set_fact:
     container_role_config:
-      command: "-nginx.scrape-uri=http://{{ hostvars['nginx']['ansible_host'] }}/stub_status"
+      command: "-nginx.scrape-uri=http://{{ hostvars['nginx']['container_address'] | d(hostvars['nginx']['ansible_host']) }}/stub_status"
diff --git a/tasks/add_docker_repo.yml b/tasks/add_docker_repo.yml
new file mode 100644
index 0000000..15daf2b
--- /dev/null
+++ b/tasks/add_docker_repo.yml
@@ -0,0 +1,44 @@
+- name: determine distribution
+  setup:
+    gather_subset:
+      - distribution
+
+
+- block:
+    - name: ensure apt can access https repos
+      apt:
+        name:
+          - ca-certificates
+          - curl
+          - gnupg
+          - lsb-release
+        force_apt_get: yes
+        state: latest
+
+
+    - name: add keyrings dir
+      file:
+        state: directory
+        path: "{{ gpg_keyrings_dir }}"
+
+
+    - name: download docker gpg key
+      get_url:
+        url: "{{ docker_repo_url ~ '/gpg' }}"
+        dest: "{{ gpg_keyrings_dir }}/docker.asc"
+        mode: a+r
+
+
+    - name: add apt repo
+      apt_repository:
+        repo: "deb [arch=amd64 signed-by={{ (gpg_keyrings_dir ~ '/docker.asc') | quote }}] \
+               {{ docker_repo_url }} {{ ansible_distribution_release }} stable"
+
+
+    - name: update repository index
+      apt:
+        force_apt_get: yes
+        update_cache: yes
+      changed_when: no
+
+  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
\ No newline at end of file
diff --git a/tasks/init_mysql.yml b/tasks/init_mysql.yml
new file mode 100644
index 0000000..e0f0b5b
--- /dev/null
+++ b/tasks/init_mysql.yml
@@ -0,0 +1,13 @@
+- name: initialize mysql connection on ansible controller
+  block:
+    - name: get ansible controller os distribution
+      setup:
+        gather_subset:
+          - distribution
+
+
+    - name: install pymysql
+      package:
+        name: "{{ { 'alpine': 'py3-pymysql', 'debian': 'python3-pymysql' }[ansible_distribution | lower] | d('pymysql') }}"
+
+  delegate_to: localhost
diff --git a/templates/fluentd.Dockerfile.j2 b/templates/fluentd.Dockerfile.j2
new file mode 100644
index 0000000..5a52308
--- /dev/null
+++ b/templates/fluentd.Dockerfile.j2
@@ -0,0 +1,14 @@
+FROM fluent/fluentd:edge
+
+USER root
+
+RUN apk add --no-cache --update --virtual .build-deps build-base ruby-dev && \
+        apk add mariadb-dev mariadb-connector-c mariadb-connector-c-dev && \
+        gem install mysql2 && \
+        gem install fluent-plugin-record-modifier && \
+        gem install fluent-plugin-sql && \
+        gem sources --clear-all && \
+        apk del .build-deps && \
+        rm -rf /tmp/* /var/tmp/* /usr/lib/ruby/gems/*/cache/*.gem
+
+USER fluent