diff --git a/galaxy.yml b/galaxy.yml index 3c8c488..ace8c2f 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -39,7 +39,8 @@ tags: # collection label 'namespace.name'. The value is a version range # L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version # range specifiers can be set and are separated by ',' -dependencies: {} +dependencies: + git@gitlab.com:s3lph/ansible-collection-pki: master # The URL of the originating SCM repository repository: https://gitlab.com/s3lph/ansible-collection-prometheus diff --git a/playbooks/monitoring.yml b/playbooks/monitoring.yml new file mode 100644 index 0000000..63d3a27 --- /dev/null +++ b/playbooks/monitoring.yml @@ -0,0 +1,31 @@ +--- + +- hosts: cas + roles: + - s3lph.pki.pki_ca + +- hosts: new_nodes + strategy: free + roles: + - s3lph.pki.pki_entity + - s3lph.prometheus.prometheus_node + +- hosts: all_nodes + strategy: free + roles: + - s3lph.prometheus.prometheus_node + +- hosts: openbsd_node + strategy: free + roles: + - s3lph.prometheus.prometheus_node_openbsd + +- hosts: alertmanagers + strategy: free + roles: + - s3lph.prometheus.alertmanager + +- hosts: prometheus + roles: + - s3lph.pki.pki_entity + - s3lph.prometheus.prometheus diff --git a/roles/prometheus/templates/prometheus-job.yml b/roles/prometheus/templates/prometheus-job.yml index 89f3c92..a6f045a 100644 --- a/roles/prometheus/templates/prometheus-job.yml +++ b/roles/prometheus/templates/prometheus-job.yml @@ -31,6 +31,14 @@ password: {{ job.basic_auth_password }} {% endif -%} + {% if 'tls_config' in job -%} + tls_config: + ca_file: {{ job.tls_config.ca_file }} + cert_file: {{ job.tls_config.cert_file }} + key_file: {{ job.tls_config.key_file }} + insecure_skip_verify: {{ job.tls_config.insecure_skip_verify | default(false) }} + {% endif -%} + static_configs: - targets: {% for host in groups['all'] -%} diff --git a/roles/prometheus_node/defaults/main.yml b/roles/prometheus_node/defaults/main.yml index bf007bc..f0ce500 100644 --- a/roles/prometheus_node/defaults/main.yml +++ b/roles/prometheus_node/defaults/main.yml @@ -8,3 +8,8 @@ smartmon_exporter_force_off: no prometheus_hpsa_collector: no prometheus_textfile_collectors: {} + +prometheus_node_tls_cert: null +prometheus_node_tls_key: null +prometheus_node_tls_require_cert: no +prometheus_node_tls_ca: null diff --git a/roles/prometheus_node/tasks/config.yml b/roles/prometheus_node/tasks/config.yml index 5c162ac..7feb329 100644 --- a/roles/prometheus_node/tasks/config.yml +++ b/roles/prometheus_node/tasks/config.yml @@ -1,5 +1,20 @@ --- +- name: create /etc/prometheus/node-exporter/tls + file: + path: /etc/prometheus/node-exporter/tls + state: directory + owner: prometheus + group: prometheus + +- name: render /etc/prometheus/node-exporter/tls/config.yml + template: + src: prometheus-node-exporter-webconfig.yml.j2 + dest: /etc/prometheus/node-exporter/tls/config.yml + owner: prometheus + group: prometheus + notify: restart prometheus-node-exporter + - name: render /etc/default/prometheus-node-exporter template: src: prometheus-node-exporter.default.j2 diff --git a/roles/prometheus_node/tasks/debian10.yml b/roles/prometheus_node/tasks/debian10.yml index 6d79d8d..a688c21 100644 --- a/roles/prometheus_node/tasks/debian10.yml +++ b/roles/prometheus_node/tasks/debian10.yml @@ -1,10 +1,34 @@ --- -- name: install prometheus-node-exporter + +- name: check if package files already exist + stat: + path: "/root/{{ item.name }}_{{ item.version }}_{{ item.arch }}.deb" + loop: + - name: prometheus-node-exporter + version: 1.0.1+ds-1 + arch: amd64 + - name: prometheus-node-exporter-collectors + version: 0+git20201003.8db38d1-1 + arch: all + register: prometheus_node_register_ucs_deb_stat + +- name: download packages + get_url: + url: "https://{{ debian_mirror }}/debian/pool/main/{{ pfirst | urlencode() }}/{{ package | urlencode() }}/{{ package | urlencode() }}_{{ version | urlencode() }}_{{ arch | urlencode() }}.deb" # noqa 204 + dest: "/root/{{ package }}_{{ version }}_{{ arch }}.deb" + vars: + pfirst: "{{ item.item.name[:1] }}" + package: "{{ item.item.name }}" + version: "{{ item.item.version }}" + arch: "{{ item.item.arch }}" + when: not item.stat.exists + loop: "{{ prometheus_node_register_ucs_deb_stat.results }}" + +- name: install packages apt: - name: prometheus-node-exporter - state: present - update_cache: yes + deb: "/root/{{ item.item.name }}_{{ item.item.version }}_{{ item.item.arch }}.deb" + loop: "{{ prometheus_node_register_ucs_deb_stat.results }}" - name: start prometheus-node-exporter.service systemd: diff --git a/roles/prometheus_node/tasks/main.yml b/roles/prometheus_node/tasks/main.yml index a4ce728..41e8e13 100644 --- a/roles/prometheus_node/tasks/main.yml +++ b/roles/prometheus_node/tasks/main.yml @@ -13,7 +13,7 @@ import_tasks: debian11.yml when: - "ansible_lsb.id == 'Debian' or ansible_lsb.id == 'Raspbian'" - - "ansible_lsb.major_release | int == 11" + - "ansible_lsb.major_release | int >= 11" tags: - "role::prometheus_node" - "role::prometheus_node:debian" diff --git a/roles/prometheus_node/tasks/ucs.yml b/roles/prometheus_node/tasks/ucs.yml index 83ce18c..a9360f3 100644 --- a/roles/prometheus_node/tasks/ucs.yml +++ b/roles/prometheus_node/tasks/ucs.yml @@ -2,28 +2,34 @@ - name: check if package files already exist stat: - path: "/root/{{ item.name }}_{{ item.version }}_amd64.deb" + path: "/root/{{ item.name }}_{{ item.version }}_{{ item.arch }}.deb" loop: - name: prometheus-node-exporter - version: 0.17.0+ds-3+b11 + version: 1.0.1+ds-1 + arch: amd64 + - name: prometheus-node-exporter-collectors + version: 0+git20201003.8db38d1-1 + arch: all - name: moreutils - version: 0.62-1 + version: 0.64-1 + arch: amd64 register: prometheus_node_register_ucs_deb_stat - name: download packages get_url: - url: "https://{{ debian_mirror }}/debian/pool/main/{{ pfirst | urlencode() }}/{{ package | urlencode() }}/{{ package | urlencode() }}_{{ version | urlencode() }}_amd64.deb" # noqa 204 - dest: "/root/{{ package }}_{{ version }}_amd64.deb" + url: "https://{{ debian_mirror }}/debian/pool/main/{{ pfirst | urlencode() }}/{{ package | urlencode() }}/{{ package | urlencode() }}_{{ version | urlencode() }}_{{ arch | urlencode() }}.deb" # noqa 204 + dest: "/root/{{ package }}_{{ version }}_{{ arch }}.deb" vars: pfirst: "{{ item.item.name[:1] }}" package: "{{ item.item.name }}" version: "{{ item.item.version }}" + arch: "{{ item.item.arch }}" when: not item.stat.exists loop: "{{ prometheus_node_register_ucs_deb_stat.results }}" - name: install packages apt: - deb: "/root/{{ item.item.name }}_{{ item.item.version }}_amd64.deb" + deb: "/root/{{ item.item.name }}_{{ item.item.version }}_{{ item.item.arch }}.deb" loop: "{{ prometheus_node_register_ucs_deb_stat.results }}" - name: start prometheus-node-exporter.service diff --git a/roles/prometheus_node/templates/prometheus-node-exporter-webconfig.yml.j2 b/roles/prometheus_node/templates/prometheus-node-exporter-webconfig.yml.j2 new file mode 100644 index 0000000..112eedd --- /dev/null +++ b/roles/prometheus_node/templates/prometheus-node-exporter-webconfig.yml.j2 @@ -0,0 +1,8 @@ +--- +{{ ansible_managed | comment }} + +tls_server_config: + cert_file: "{{ prometheus_node_tls_cert }}" + key_file: "{{ prometheus_node_tls_key }}" + client_auth_type: "{{ prometheus_node_tls_require_cert | ternary('RequireAndVerifyClientCert', 'NoClientCert') }}" + client_ca_file: "{{ prometheus_node_tls_ca }}" diff --git a/roles/prometheus_node/templates/prometheus-node-exporter.default.j2 b/roles/prometheus_node/templates/prometheus-node-exporter.default.j2 index 025803c..a0e8209 100644 --- a/roles/prometheus_node/templates/prometheus-node-exporter.default.j2 +++ b/roles/prometheus_node/templates/prometheus-node-exporter.default.j2 @@ -1,3 +1,3 @@ {{ ansible_managed | comment }} -ARGS="{% for k, v in args.items() %}--{{ k }}=\"{{ v }}\" {% endfor %}" +ARGS="{% for k, v in args.items() %}--{{ k }}=\"{{ v }}\" {% endfor %} --web.config=/etc/prometheus/node-exporter/tls/config.yml"