Refactor prometheus_node role, integrate prometheus_node_openbsd with prometheus_node

playbooks/monitoring.yml

@@ -8,20 +8,11 @@
   strategy: free
   roles:
     - s3lph.pki.pki_entity
-    - s3lph.prometheus.prometheus_node
 
-- hosts: openbsd_node
-  strategy: free
-  roles:
-    - s3lph.pki.pki_entity
-    - s3lph.prometheus.prometheus_node_openbsd
-
-- hosts: node_https_auth
-  strategy: free
-  roles:
-    - s3lph.prometheus.prometheus_node
-
-- hosts: node_http
+- hosts:
+    - node
+    - node_https_auth
+    - node_http
   strategy: free
   roles:
     - s3lph.prometheus.prometheus_node

roles/prometheus_node/handlers/main.yml

@@ -8,11 +8,11 @@
     daemon_reload: yes
 
 - name: restart prometheus-zpool-collector
-  ansible.builtin.systemd:
+  ansible.builtin.service:
     name: prometheus-node-exporter-zpool.timer
     state: restarted
 
 - name: restart prometheus-node-exporter
-  ansible.builtin.systemd:
-    name: prometheus-node-exporter.service
+  ansible.builtin.service:
+    name: "{{ prometheus_node_service }}"
     state: restarted

roles/prometheus_node/tasks/collectors.yml

@@ -23,7 +23,7 @@
 
 - name: install collector service
   ansible.builtin.template:
-    src: "prometheus-collector.service.j2"
+    src: "etc/systemd/system/prometheus-collector.service.j2"
     dest: "/etc/systemd/system/prometheus-node-exporter-{{ item.key }}.service"
     owner: root
     group: root
@@ -33,10 +33,11 @@
   loop: "{{ prometheus_textfile_collectors | dict2items }}"
   notify:
     - systemctl daemon-reload
+  when: "ansible_service_mgr == 'systemd'"
 
 - name: install collector timer
   ansible.builtin.template:
-    src: "prometheus-collector.timer.j2"
+    src: "etc/systemd/system/prometheus-collector.timer.j2"
     dest: "/etc/systemd/system/prometheus-node-exporter-{{ item.key }}.timer"
     owner: root
     group: root
@@ -44,6 +45,7 @@
   loop: "{{ prometheus_textfile_collectors | dict2items }}"
   notify:
     - systemctl daemon-reload
+  when: "ansible_service_mgr == 'systemd'"
 
 - name: start and enable collector timer
   ansible.builtin.systemd:
@@ -51,3 +53,15 @@
     state: started
     enabled: yes
   loop: "{{ prometheus_textfile_collectors | dict2items }}"
+  when: "ansible_service_mgr == 'systemd'"
+
+- name: install collector cronjob
+  ansible.builtin.template:
+    src: "etc/cron.d/prometheus-node-exporter.j2"
+    dest: "{{ prometheus_node_crontab }}"
+    owner: root
+    group: root
+    mode: 0644
+  vars:
+    collectors: "{{ prometheus_textfile_collector }}"
+  when: "ansible_service_mgr != 'systemd'"

roles/prometheus_node/tasks/config.yml

@@ -4,26 +4,45 @@
   ansible.builtin.file:
     path: /etc/prometheus/node-exporter/tls
     state: directory
-    owner: prometheus
-    group: prometheus
+    owner: "{{ prometheus_node_user }}"
+    group: "{{ prometheus_node_group }}"
     mode: 0750
 
 - name: render /etc/prometheus/node-exporter/tls/config.yml
   ansible.builtin.template:
-    src: prometheus-node-exporter-webconfig.yml.j2
+    src: etc/prometheus/node-exporter/tls/config.yml.j2
     dest: /etc/prometheus/node-exporter/tls/config.yml
-    owner: prometheus
-    group: prometheus
+    owner: "{{ prometheus_node_user }}"
+    group: "{{ prometheus_node_group }}"
     mode: 0640
   notify: restart prometheus-node-exporter
 
 - name: render /etc/default/prometheus-node-exporter
   ansible.builtin.template:
-    src: prometheus-node-exporter.default.j2
+    src: etc/default/prometheus-node-exporter.j2
     dest: /etc/default/prometheus-node-exporter
     owner: root
-    group: prometheus
+    group: "{{ prometheus_node_group }}"
     mode: 0640
   vars:
     args: "{{ prometheus_node_exporter_args }}"
+  when: "ansible_distribution == 'Debian'"
   notify: restart prometheus-node-exporter
+
+- name: start and enable node exporter
+  ansible.builtin.service:
+    name: "{{ prometheus_node_service }}"
+    state: started
+    enabled: yes
+
+- name: configure node exporter (openbsd)
+  ansible.builtin.lineinfile:
+    path: /etc/rc.conf.local
+    line: >-
+      node_exporter_flags=--collector.textfile.directory={{ prometheus_node_textfile_dir }}
+      {% for k, v in args.items() %}--{{ k }}="{{ v }}" {% endfor %}
+      --web.config=/etc/prometheus/node-exporter/tls/config.yml
+    regexp: ^node_exporter_flags=.*$
+  when: "ansible_distribution == 'OpenBSD'"
+  notify:
+    - restart prometheus-node-exporter

roles/prometheus_node/tasks/install/OpenBSD.yml

@@ -2,12 +2,14 @@
 
 - name: install prometheus node exporter
   community.general.openbsd_pkg:
-    name: node_exporter
+    name:
+      - node_exporter
+      - moreutils
 
 - name: create textfile collector directory
   ansible.builtin.file:
     path: "{{ node_exporter_textfile_dir }}"
     state: directory
     owner: root
-    group: _nodeexporter
+    group: "{{ prometheus_node_group }}"
     mode: 0750

roles/prometheus_node/tasks/main.yml

@@ -1,30 +1,30 @@
 ---
 
-- name: install node exporter on debian buster
-  import_tasks: debian10.yml
-  when:
-    - "ansible_lsb.id == 'Debian' or ansible_lsb.id == 'Raspbian'"
-    - "ansible_lsb.major_release | int == 10"
+- name: include os specific vars
+  include_vars: "{{ item }}.yml"
+  with_first_found:
+    - "{% if 'id' in ansible_lsb %}{{ ansible_lsb.id }}{% else %}{% ansible_distribution %}_{% if 'major_release' in ansible_lsb %}{{ ansible_lsb.major_release }}{% else %}{{ ansible_distribution_version}} {% endif %}"
+    - "{% if 'id' in ansible_lsb %}{{ ansible_lsb.id }}{% else %}{{ ansible_distribution }}{% endif %}"
+    - "{{ ansible_distribution }}_{{ ansible_distribution_version }}"
+    - "{{ ansible_distribution }}"
+    - "default"
   tags:
     - "role::prometheus_node"
-    - "role::prometheus_node:debian"
+    - "role::prometheus_node:install"
+    - "role::prometheus_node:collectors"
+    - "role::prometheus_node:config"
 
-- name: install node exporter on debian bullseye and later
-  import_tasks: debian11.yml
-  when:
-    - "ansible_lsb.id == 'Debian' or ansible_lsb.id == 'Raspbian'"
-    - "ansible_lsb.major_release | int >= 11"
+- name: install node exporter
+  import_tasks: "install/{{ item }}.yml"
+  with_first_found:
+    - "{% if 'id' in ansible_lsb %}{{ ansible_lsb.id }}{% else %}{% ansible_distribution %}_{% if 'major_release' in ansible_lsb %}{{ ansible_lsb.major_release }}{% else %}{{ ansible_distribution_version}} {% endif %}"
+    - "{% if 'id' in ansible_lsb %}{{ ansible_lsb.id }}{% else %}{{ ansible_distribution }}{% endif %}"
+    - "{{ ansible_distribution }}_{{ ansible_distribution_version }}"
+    - "{{ ansible_distribution }}"
   tags:
     - "role::prometheus_node"
-    - "role::prometheus_node:debian"
-
-- name: install node exporter on univention corporate server
-  import_tasks: ucs.yml
-  when:
-    - "ansible_lsb.id == 'Univention'"
-  tags:
-    - "role::prometheus_node"
-    - "role::prometheus_node:univention"
+    - "role::prometheus_node:install"
+      
 
 - name: install custom textfile collectors
   import_tasks: collectors.yml

roles/prometheus_node/templates/etc/cron.d/prometheus-node-exporter.j2

@@ -0,0 +1,7 @@
+{{ ansible_managed | comment }}
+
+{% for name, job in collectors.items() %}
+# {{ name }}
+{{ job.cronexpr }} {{ prometheus_node_crontab_system_user | default('') }} /bin/sh -c "/usr/local/bin/{{ job.template_base_name | default('prometheus-node-exporter-' + name + '.sh') }}" | sponge /var/lib/prometheus/node-exporter/{{ name }}.prom
+
+{% endfor %}

roles/prometheus_node/vars/Debian.yml

@@ -0,0 +1,10 @@
+---
+
+prometheus_node_user: prometheus
+prometheus_node_group: prometheus
+prometheus_node_service: prometheus-node-exporter
+
+prometheus_node_crontab: /etc/cron.d/prometheus-node-exporter
+prometheus_node_crontab_system_user: root
+
+prometheus_node_textfile_dir: /var/lib/prometheus/node-exporter

roles/prometheus_node/vars/OpenBSD.yml

@@ -0,0 +1,10 @@
+---
+
+prometheus_node_user: _nodeexporter
+prometheus_node_group: _nodeexporter
+prometheus_node_service: nodeexporter
+
+prometheus_node_crontab: /etc/crontab
+prometheus_node_crontab_system_user: root
+
+prometheus_node_textfile_dir: /var/node_exporter

roles/prometheus_node/vars/default.yml

@@ -0,0 +1,10 @@
+---
+
+prometheus_node_user: prometheus
+prometheus_node_group: prometheus
+prometheus_node_service: prometheus-node-exporter
+
+prometheus_node_crontab: /etc/cron.d/prometheus-node-exporter
+prometheus_node_crontab_system_user: root
+
+prometheus_node_textfile_dir: /var/lib/prometheus/node-exporter

roles/prometheus_node_openbsd/defaults/main.yml

@@ -1,4 +0,0 @@
----
-
-node_exporter_textfile_dir: /var/node_exporter
-node_exporter_flags: ""

roles/prometheus_node_openbsd/handlers/main.yml

@@ -1,7 +0,0 @@
----
-
-- name: start node exporter
-  ansible.builtin.command: /usr/sbin/rcctl start node_exporter
-
-- name: restart node exporter
-  ansible.builtin.command: /usr/sbin/rcctl restart node_exporter

roles/prometheus_node_openbsd/tasks/config.yml

@@ -1,30 +0,0 @@
----
-
-- name: create /etc/prometheus/node-exporter/tls
-  ansible.builtin.file:
-    path: /etc/prometheus/node-exporter/tls
-    state: directory
-    owner: _nodeexporter
-    group: _nodeexporter
-    mode: 0750
-
-- name: render /etc/prometheus/node-exporter/tls/config.yml
-  ansible.builtin.template:
-    src: prometheus-node-exporter-webconfig.yml.j2
-    dest: /etc/prometheus/node-exporter/tls/config.yml
-    owner: _nodeexporter
-    group: _nodeexporter
-    mode: 0640
-  notify: restart node exporter
-
-- name: configure node exporter
-  ansible.builtin.lineinfile:
-    path: /etc/rc.conf.local
-    line: >-
-      node_exporter_flags=--collector.textfile.directory={{ node_exporter_textfile_dir }}
-      {{ node_exporter_flags }}
-      --web.config=/etc/prometheus/node-exporter/tls/config.yml
-    regexp: ^node_exporter_flags=.*$
-  notify:
-    - start node exporter
-    - restart node exporter

roles/prometheus_node_openbsd/tasks/main.yml

@@ -1,19 +0,0 @@
----
-
-- name: install prometheus node exporter
-  import_tasks: install.yml
-  tags:
-    - 'role::prometheus_node_openbsd'
-    - 'role::prometheus_node_openbsd:install'
-
-- name: install syspatch check
-  import_tasks: syspatch.yml
-  tags:
-    - 'role::prometheus_node_openbsd'
-    - 'role::prometheus_node_openbsd:syspatch'
-
-- name: configure prometheus node exporter
-  import_tasks: config.yml
-  tags:
-    - "role::prometheus_node_openbsd"
-    - "role::prometheus_node_openbsd:config"

roles/prometheus_node_openbsd/tasks/syspatch.yml

@@ -1,15 +0,0 @@
----
-
-- name: create syspatch check script
-  ansible.builtin.template:
-    src: syspatch.sh.j2
-    dest: /usr/local/bin/prometheus-node-exporter-syspatch.sh
-    owner: root
-    group: bin
-    mode: 0755
-
-- name: register syspatch check script in cron
-  ansible.builtin.lineinfile:
-    path: /etc/daily.local
-    regexp: '^/usr/local/bin/prometheus-node-exporter-syspatch.sh$'
-    line: '/usr/local/bin/prometheus-node-exporter-syspatch.sh'

roles/prometheus_node_openbsd/templates/prometheus-node-exporter-webconfig.yml.j2

@@ -1,8 +0,0 @@
----
-{{ ansible_managed | comment }}
-
-tls_server_config:
-  cert_file: "{{ prometheus_node_tls_cert }}"
-  key_file: "{{ prometheus_node_tls_key }}"
-  client_auth_type: "{{ prometheus_node_tls_require_cert | ternary('RequireAndVerifyClientCert', 'NoClientCert') }}"
-  client_ca_file: "{{ prometheus_node_tls_ca }}"

roles/prometheus_node_openbsd/templates/syspatch.sh.j2

@@ -1,16 +0,0 @@
-#!/bin/sh
-{{ ansible_managed | comment}}
-
-N_PATCHES="$(/usr/sbin/syspatch -c | wc -l)"
-TMPFILE="$(/usr/bin/mktemp /tmp/prometheus-node-exporter-syspatch.XXXXXX)"
-
-/bin/cat > "${TMPFILE}" <<EOF
-# TYPE syspatch_upgrades_pending gauge
-# HELP syspatch_upgrades_pending Number of available system patches
-syspatch_upgrades_pending ${N_PATCHES}
-EOF
-
-/sbin/chown _nodeexporter:_nodeexporter "${TMPFILE}"
-/bin/chmod 0640 "${TMPFILE}"
-# Atomic move
-/bin/mv "$TMPFILE" "{{ node_exporter_textfile_dir }}/syspatch.prom"