veza/infra/ansible/roles/otel_collector/tasks/main.yml

# otel_collector role — installs opentelemetry-collector-contrib as a
# tarball under /opt, drops the systemd unit, renders the config, and
# starts it. Idempotent. Designed to run in an Incus container so the
# collector can be restarted independently of the API process.
---
- name: Ensure /opt/otelcol-contrib exists
  ansible.builtin.file:
    path: /opt/otelcol-contrib
    state: directory
    owner: root
    group: root
    mode: "0755"
  tags: [otel_collector, install]

- name: Check installed otelcol version
  ansible.builtin.stat:
    path: "/opt/otelcol-contrib/otelcol-contrib-{{ otel_collector_version }}"
  register: otelcol_installed
  tags: [otel_collector, install]

- name: Download opentelemetry-collector-contrib tarball
  ansible.builtin.get_url:
    url: "https://github.com/open-telemetry/opentelemetry-collector-releases/releases/download/v{{ otel_collector_version }}/otelcol-contrib_{{ otel_collector_version }}_linux_{{ otel_collector_arch }}.tar.gz"
    dest: "/tmp/otelcol-contrib-{{ otel_collector_version }}.tar.gz"
    mode: "0644"
  when: not otelcol_installed.stat.exists
  tags: [otel_collector, install]

- name: Extract collector binary into versioned slot
  ansible.builtin.unarchive:
    src: "/tmp/otelcol-contrib-{{ otel_collector_version }}.tar.gz"
    dest: /opt/otelcol-contrib
    remote_src: true
    creates: "/opt/otelcol-contrib/otelcol-contrib-{{ otel_collector_version }}"
    extra_opts:
      - "--transform=s|^otelcol-contrib$|otelcol-contrib-{{ otel_collector_version }}|"
  when: not otelcol_installed.stat.exists
  tags: [otel_collector, install]

# /usr/local/bin/otelcol-contrib symlink → versioned binary. Lets us
# bump the version by changing only `otel_collector_version` and
# re-running the role; systemd unit doesn't change.
- name: Symlink /usr/local/bin/otelcol-contrib → versioned binary
  ansible.builtin.file:
    src: "/opt/otelcol-contrib/otelcol-contrib-{{ otel_collector_version }}"
    dest: /usr/local/bin/otelcol-contrib
    state: link
    force: true
  notify: Restart otel-collector
  tags: [otel_collector, install]

- name: Create otel-collector system user
  ansible.builtin.user:
    name: otelcol
    system: true
    home: /var/lib/otel-collector
    shell: /usr/sbin/nologin
    create_home: true
  tags: [otel_collector, install]

- name: Ensure /etc/otel-collector exists
  ansible.builtin.file:
    path: /etc/otel-collector
    state: directory
    owner: root
    group: otelcol
    mode: "0750"
  tags: [otel_collector, config]

- name: Render collector config
  ansible.builtin.template:
    src: otel-collector.yaml.j2
    dest: /etc/otel-collector/otel-collector.yaml
    owner: root
    group: otelcol
    mode: "0640"
  notify: Restart otel-collector
  tags: [otel_collector, config]

- name: Render systemd unit
  ansible.builtin.template:
    src: otel-collector.service.j2
    dest: /etc/systemd/system/otel-collector.service
    owner: root
    group: root
    mode: "0644"
  notify: Restart otel-collector
  tags: [otel_collector, service]

- name: Enable + start otel-collector
  ansible.builtin.systemd:
    name: otel-collector
    state: started
    enabled: true
    daemon_reload: true
  tags: [otel_collector, service]