From 004dfc5febff08d99ce8f271e3709c838b3b702f Mon Sep 17 00:00:00 2001 From: s3lph Date: Mon, 5 Dec 2022 01:25:34 +0100 Subject: [PATCH] Add dnssec_exporter role --- roles/dnssec_exporter/handlers/main.yml | 6 +++++ roles/dnssec_exporter/tasks/config.yml | 25 ++++++++++++++++++ roles/dnssec_exporter/tasks/install.yml | 6 +++++ roles/dnssec_exporter/tasks/main.yml | 13 ++++++++++ .../etc/default/prometheus-dnssec-exporter.j2 | 14 ++++++++++ .../templates/etc/defaults/main.yml | 10 +++++++ .../prometheus/dnssec-exporter/config.yaml.j2 | 26 +++++++++++++++++++ 7 files changed, 100 insertions(+) create mode 100644 roles/dnssec_exporter/handlers/main.yml create mode 100644 roles/dnssec_exporter/tasks/config.yml create mode 100644 roles/dnssec_exporter/tasks/install.yml create mode 100644 roles/dnssec_exporter/tasks/main.yml create mode 100644 roles/dnssec_exporter/templates/etc/default/prometheus-dnssec-exporter.j2 create mode 100644 roles/dnssec_exporter/templates/etc/defaults/main.yml create mode 100644 roles/dnssec_exporter/templates/etc/prometheus/dnssec-exporter/config.yaml.j2 diff --git a/roles/dnssec_exporter/handlers/main.yml b/roles/dnssec_exporter/handlers/main.yml new file mode 100644 index 0000000..79590f5 --- /dev/null +++ b/roles/dnssec_exporter/handlers/main.yml @@ -0,0 +1,6 @@ +--- + +- name: restart prometheus-dnssec-exporter + ansible.builtin.service: + name: prometheus-dnssec-exporter + state: restarted diff --git a/roles/dnssec_exporter/tasks/config.yml b/roles/dnssec_exporter/tasks/config.yml new file mode 100644 index 0000000..d73e9ed --- /dev/null +++ b/roles/dnssec_exporter/tasks/config.yml @@ -0,0 +1,25 @@ +--- + +- name: Render /etc/prometheus/dnssec-exporter/config.yaml + ansible.builtin.template: + src: etc/prometheus/dnssec-exporter/config.yaml.j2 + dest: /etc/prometheus/dnssec-exporter/config.yaml + owner: root + group: root + mode: 0644 + notify: restart prometheus-dnssec-exporter + +- name: Render /etc/default/prometheus-dnssec-exporter + ansible.builtin.template: + src: etc/default/prometheus-dnssec-exporter.j2 + dest: etc/default/prometheus-dnssec-exporter + owner: root + group: root + mode: 0644 + notify: restart prometheus-dnssec-exporter + +- name: Start and enable prometheus-dnssec-exporter + ansible.builtin.service: + name: prometheus-dnssec-exporter + state: started + enabled: yes diff --git a/roles/dnssec_exporter/tasks/install.yml b/roles/dnssec_exporter/tasks/install.yml new file mode 100644 index 0000000..2d74971 --- /dev/null +++ b/roles/dnssec_exporter/tasks/install.yml @@ -0,0 +1,6 @@ +--- + +# Requires repo.s3lph.me to be set up +- name: install prometheus-dnssec-exporter from system package sources + ansible.builtin.apt: + name: prometheus-dnssec-exporter diff --git a/roles/dnssec_exporter/tasks/main.yml b/roles/dnssec_exporter/tasks/main.yml new file mode 100644 index 0000000..e21b841 --- /dev/null +++ b/roles/dnssec_exporter/tasks/main.yml @@ -0,0 +1,13 @@ +--- + +- name: install prometheus-dnssec-exporter + ansible.builtin.import_tasks: install.yml + tags: + - "role::dnssec_exporter" + - "role::dnssec_exporter:install" + +- name: configure prometheus-dnssec-exporter + ansible.builtin.import_tasks: config.yml + tags: + - "role::dnssec_exporter" + - "role::dnssec_exporter:config" diff --git a/roles/dnssec_exporter/templates/etc/default/prometheus-dnssec-exporter.j2 b/roles/dnssec_exporter/templates/etc/default/prometheus-dnssec-exporter.j2 new file mode 100644 index 0000000..304063d --- /dev/null +++ b/roles/dnssec_exporter/templates/etc/default/prometheus-dnssec-exporter.j2 @@ -0,0 +1,14 @@ +{{ ansible_managed | comment }} + +ARGS="--config=/etc/prometheus/dnssec-exporter/config.yaml --web.listen-address={{ dnssec_exporter_listen_address }} {{ dnssec_exporter_additional_options }}" + +# GLOBAL OPTIONS: +# --web.listen-address=":9142" +# Address on which to expose metrics. +# --web.metrics-path="/metrics" +# Path under which to expose metrics. +# --web.config="" Path to web config yaml file. +# --config="" Path to config yaml file. +# --log.level=info Only log messages with the given severity or above. One of: [debug, info, warn, error] +# --log.format=logfmt Output format of log messages. One of: [logfmt, json] +# --version Show application version. \ No newline at end of file diff --git a/roles/dnssec_exporter/templates/etc/defaults/main.yml b/roles/dnssec_exporter/templates/etc/defaults/main.yml new file mode 100644 index 0000000..8d2eee3 --- /dev/null +++ b/roles/dnssec_exporter/templates/etc/defaults/main.yml @@ -0,0 +1,10 @@ +--- + +dnssec_exporter_listen_address: "[::1]:9142" +dnssec_exporter_additional_options: "" + +dnssec_exporter_dns_resolver: "1.1.1.1:53" +dnssec_exporter_dns_zones: + - example.org + - example.net +dnssec_exporter_additional_config: "" diff --git a/roles/dnssec_exporter/templates/etc/prometheus/dnssec-exporter/config.yaml.j2 b/roles/dnssec_exporter/templates/etc/prometheus/dnssec-exporter/config.yaml.j2 new file mode 100644 index 0000000..96c2d5a --- /dev/null +++ b/roles/dnssec_exporter/templates/etc/prometheus/dnssec-exporter/config.yaml.j2 @@ -0,0 +1,26 @@ +--- +{{ ansible_managed | comment }} + +## dnssec exporter configuration +# +dns: + # The resolver to use. Must be DNSSEC validating, and + # must not strip DNSSEC responses. + resolver: {{ dnssec_exporter_dns_resolver }} + # List of zones to resolve. + zones: +{% for zone in dnssec_exporter_dns_zones %} + - {{ zone }}{% if zone[-1] != '.' %}.{% endif %} +{% endfor %} + +## TLS and Basic Auth can be configured here as well, see for details: +## https://github.com/prometheus/exporter-toolkit/blob/master/web/tls_config.go#L36 +# +#basic_auth_users: +# user1: pass1 +# user2: pass2 +#tls_server_config: +# cert_file: server.crt +# key_file: server.key + +{{ dnssec_exporter_additional_config }}