From 8310af201b3b9242875bc45501f92a88f63cda51 Mon Sep 17 00:00:00 2001
From: s3lph <account-gitlab-ideynizv@kernelpanic.lol>
Date: Fri, 13 Nov 2020 11:34:25 +0100
Subject: [PATCH] install node exporter 1.0.1 and write webconfig

---
 galaxy.yml                                    |  3 +-
 playbooks/monitoring.yml                      | 29 +++++++++++++++++++
 roles/prometheus_node/defaults/main.yml       |  5 ++++
 roles/prometheus_node/tasks/config.yml        |  5 ++++
 roles/prometheus_node/tasks/debian10.yml      | 29 ++++++++++++++++---
 roles/prometheus_node/tasks/main.yml          |  2 +-
 roles/prometheus_node/tasks/ucs.yml           |  6 ++--
 .../prometheus-node-exporter-webconfig.yml.j2 |  8 +++++
 .../prometheus-node-exporter.default.j2       |  2 +-
 9 files changed, 80 insertions(+), 9 deletions(-)
 create mode 100644 playbooks/monitoring.yml
 create mode 100644 roles/prometheus_node/templates/prometheus-node-exporter-webconfig.yml.j2

diff --git a/galaxy.yml b/galaxy.yml
index 3c8c488..ace8c2f 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -39,7 +39,8 @@ tags:
 # collection label 'namespace.name'. The value is a version range
 # L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
 # range specifiers can be set and are separated by ','
-dependencies: {}
+dependencies:
+  git@gitlab.com:s3lph/ansible-collection-pki: master
 
 # The URL of the originating SCM repository
 repository: https://gitlab.com/s3lph/ansible-collection-prometheus
diff --git a/playbooks/monitoring.yml b/playbooks/monitoring.yml
new file mode 100644
index 0000000..cd0d2c9
--- /dev/null
+++ b/playbooks/monitoring.yml
@@ -0,0 +1,29 @@
+---
+
+- hosts: localhost
+  roles:
+    - s3lph.pki.pki_ca
+
+- hosts: new_nodes
+  strategy: free
+  roles:
+    - s3lph.pki.pki_entity
+
+- hosts: all_nodes
+  strategy: free
+  roles:
+    - s3lph.prometheus.prometheus_node
+
+- hosts: openbsd_node
+  strategy: free
+  roles:
+    - s3lph.prometheus.prometheus_node_openbsd
+
+- hosts: alertmanagers
+  strategy: free
+  roles:
+    - s3lph.prometheus.alertmanager
+
+- hosts: prometheus
+  roles:
+    - s3lph.prometheus.prometheus
diff --git a/roles/prometheus_node/defaults/main.yml b/roles/prometheus_node/defaults/main.yml
index bf007bc..f0ce500 100644
--- a/roles/prometheus_node/defaults/main.yml
+++ b/roles/prometheus_node/defaults/main.yml
@@ -8,3 +8,8 @@ smartmon_exporter_force_off: no
 prometheus_hpsa_collector: no
 
 prometheus_textfile_collectors: {}
+
+prometheus_node_tls_cert: null
+prometheus_node_tls_key: null
+prometheus_node_tls_require_cert: no
+prometheus_node_tls_ca: null
diff --git a/roles/prometheus_node/tasks/config.yml b/roles/prometheus_node/tasks/config.yml
index 5c162ac..f718443 100644
--- a/roles/prometheus_node/tasks/config.yml
+++ b/roles/prometheus_node/tasks/config.yml
@@ -1,5 +1,10 @@
 ---
 
+- name: render /etc/prometheus/tls/config.yml
+  template:
+    src: prometheus-node-exporter-webconfig.yml.j2
+    dest: /etc/prometheus/tls/config.yml
+
 - name: render /etc/default/prometheus-node-exporter
   template:
     src: prometheus-node-exporter.default.j2
diff --git a/roles/prometheus_node/tasks/debian10.yml b/roles/prometheus_node/tasks/debian10.yml
index 6d79d8d..a5a82a0 100644
--- a/roles/prometheus_node/tasks/debian10.yml
+++ b/roles/prometheus_node/tasks/debian10.yml
@@ -1,10 +1,31 @@
 ---
 
-- name: install prometheus-node-exporter
+
+- name: check if package files already exist
+  stat:
+    path: "/root/{{ item.name }}_{{ item.version }}_amd64.deb"
+  loop:
+    - name: prometheus-node-exporter
+      version: 1.0.1+ds-1
+    - name: prometheus-node-exporter-collectors
+      version: 0+git20201003.8db38d1
+  register: prometheus_node_register_ucs_deb_stat
+
+- name: download packages
+  get_url:
+    url: "https://{{ debian_mirror }}/debian/pool/main/{{ pfirst | urlencode() }}/{{ package | urlencode() }}/{{ package | urlencode() }}_{{ version | urlencode() }}_amd64.deb"  # noqa 204
+    dest: "/root/{{ package }}_{{ version }}_amd64.deb"
+  vars:
+    pfirst: "{{ item.item.name[:1] }}"
+    package: "{{ item.item.name }}"
+    version: "{{ item.item.version }}"
+  when: not item.stat.exists
+  loop: "{{ prometheus_node_register_ucs_deb_stat.results }}"
+
+- name: install packages
   apt:
-    name: prometheus-node-exporter
-    state: present
-    update_cache: yes
+    deb: "/root/{{ item.item.name }}_{{ item.item.version }}_amd64.deb"
+  loop: "{{ prometheus_node_register_ucs_deb_stat.results }}"
 
 - name: start prometheus-node-exporter.service
   systemd:
diff --git a/roles/prometheus_node/tasks/main.yml b/roles/prometheus_node/tasks/main.yml
index a4ce728..41e8e13 100644
--- a/roles/prometheus_node/tasks/main.yml
+++ b/roles/prometheus_node/tasks/main.yml
@@ -13,7 +13,7 @@
   import_tasks: debian11.yml
   when:
     - "ansible_lsb.id == 'Debian' or ansible_lsb.id == 'Raspbian'"
-    - "ansible_lsb.major_release | int == 11"
+    - "ansible_lsb.major_release | int >= 11"
   tags:
     - "role::prometheus_node"
     - "role::prometheus_node:debian"
diff --git a/roles/prometheus_node/tasks/ucs.yml b/roles/prometheus_node/tasks/ucs.yml
index 83ce18c..ea93c28 100644
--- a/roles/prometheus_node/tasks/ucs.yml
+++ b/roles/prometheus_node/tasks/ucs.yml
@@ -5,9 +5,11 @@
     path: "/root/{{ item.name }}_{{ item.version }}_amd64.deb"
   loop:
     - name: prometheus-node-exporter
-      version: 0.17.0+ds-3+b11
+      version: 1.0.1+ds-1
+    - name: prometheus-node-exporter-collectors
+      version: 0+git20201003.8db38d1
     - name: moreutils
-      version: 0.62-1
+      version: 0.64-1
   register: prometheus_node_register_ucs_deb_stat
 
 - name: download packages
diff --git a/roles/prometheus_node/templates/prometheus-node-exporter-webconfig.yml.j2 b/roles/prometheus_node/templates/prometheus-node-exporter-webconfig.yml.j2
new file mode 100644
index 0000000..112eedd
--- /dev/null
+++ b/roles/prometheus_node/templates/prometheus-node-exporter-webconfig.yml.j2
@@ -0,0 +1,8 @@
+---
+{{ ansible_managed | comment }}
+
+tls_server_config:
+  cert_file: "{{ prometheus_node_tls_cert }}"
+  key_file: "{{ prometheus_node_tls_key }}"
+  client_auth_type: "{{ prometheus_node_tls_require_cert | ternary('RequireAndVerifyClientCert', 'NoClientCert') }}"
+  client_ca_file: "{{ prometheus_node_tls_ca }}"
diff --git a/roles/prometheus_node/templates/prometheus-node-exporter.default.j2 b/roles/prometheus_node/templates/prometheus-node-exporter.default.j2
index 025803c..9fe6b7d 100644
--- a/roles/prometheus_node/templates/prometheus-node-exporter.default.j2
+++ b/roles/prometheus_node/templates/prometheus-node-exporter.default.j2
@@ -1,3 +1,3 @@
 {{ ansible_managed | comment }}
 
-ARGS="{% for k, v in args.items() %}--{{ k }}=\"{{ v }}\" {% endfor %}"
+ARGS="{% for k, v in args.items() %}--{{ k }}=\"{{ v }}\" {% endfor %} --web.config=/etc/prometheus/tls/config.yml"