s3lph/ansible-collection-prometheus
1
0
Fork 0
mirror of https://gitlab.com/s3lph/ansible-collection-prometheus synced 2024-10-22 19:36:59 +02:00
Code Issues Releases Wiki Activity

Compare commits

base: s3lph:439f5a1c48c9edff16615b10c5c399eeee619b85
Branches Tags
s3lph:master
s3lph:main
s3lph:tls_node
...
compare: s3lph:a43ad48b3a6bc5349ed20524550b80dd82188069
Branches Tags
s3lph:main
s3lph:master
s3lph:tls_node

15 commits
439f5a1c48 ... a43ad48b3a

Author SHA1 Message Date
s3lph
a43ad48b3a Add mTLS support for OpenBSD hosts 2020-11-18 02:32:28 +01:00
s3lph
b7029130d4 Add mTLS support for OpenBSD hosts 2020-11-18 02:30:57 +01:00
s3lph
7af08256b5 Remove PNE version pin on OpenBSD 2020-11-18 02:29:07 +01:00
s3lph
600fbc8d1f Add mTLS support for OpenBSD hosts 2020-11-18 02:12:27 +01:00
s3lph
8e4614c623 Merge branch 'tls_node' 2020-11-18 01:11:32 +01:00
s3lph
28ba191c8d Fix typos and formatting issues 2020-11-18 00:36:11 +01:00
s3lph
b171046f4c Fix tls_config fields 2020-11-18 00:04:08 +01:00
s3lph
cc4692b37d Add support for tls_config in prometheus scrape configs 2020-11-17 23:56:43 +01:00
s3lph
5086fe389f Move PNE TLS config to a different directory 2020-11-17 23:17:49 +01:00
s3lph
c7d0bece62 Restart PNE when changing TLS config 2020-11-17 23:06:32 +01:00
s3lph
ee169d0b73 Fix TLS config ownership 2020-11-17 21:28:04 +01:00
s3lph
ad6a46af11 Dont require ca to reside on localhost 2020-11-17 21:27:30 +01:00
s3lph
55405d5261 Fix collectors version 2020-11-13 12:09:39 +01:00
s3lph
1340787ce3 Fix package architecture 2020-11-13 12:03:34 +01:00
s3lph
8310af201b install node exporter 1.0.1 and write webconfig 2020-11-13 11:34:25 +01:00
14 changed files with 154 additions and 23 deletions
Show stats Expand all files Collapse all files

3
galaxy.yml
View file

@ -39,7 +39,8 @@ tags:
# collection label 'namespace.name'. The value is a version range
# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
# range specifiers can be set and are separated by ','
dependencies: {}
dependencies:
git@gitlab.com:s3lph/ansible-collection-pki: master
# The URL of the originating SCM repository
repository: https://gitlab.com/s3lph/ansible-collection-prometheus

31
playbooks/monitoring.yml Normal file
View file

@ -0,0 +1,31 @@
---
- hosts: cas
roles:
- s3lph.pki.pki_ca
- hosts: new_nodes
strategy: free
roles:
- s3lph.pki.pki_entity
- s3lph.prometheus.prometheus_node
- hosts: all_nodes
strategy: free
roles:
- s3lph.prometheus.prometheus_node
- hosts: openbsd_node
strategy: free
roles:
- s3lph.prometheus.prometheus_node_openbsd
- hosts: alertmanagers
strategy: free
roles:
- s3lph.prometheus.alertmanager
- hosts: prometheus
roles:
- s3lph.pki.pki_entity
- s3lph.prometheus.prometheus

8
roles/prometheus/templates/prometheus-job.yml
View file

@ -31,6 +31,14 @@
password: {{ job.basic_auth_password }}
{% endif -%}
{% if 'tls_config' in job -%}
tls_config:
ca_file: {{ job.tls_config.ca_file }}
cert_file: {{ job.tls_config.cert_file }}
key_file: {{ job.tls_config.key_file }}
insecure_skip_verify: {{ job.tls_config.insecure_skip_verify | default(false) }}
{% endif -%}
static_configs:
- targets:
{% for host in groups['all'] -%}

5
roles/prometheus_node/defaults/main.yml
View file

@ -8,3 +8,8 @@ smartmon_exporter_force_off: no
prometheus_hpsa_collector: no
prometheus_textfile_collectors: {}
prometheus_node_tls_cert: null
prometheus_node_tls_key: null
prometheus_node_tls_require_cert: no
prometheus_node_tls_ca: null

15
roles/prometheus_node/tasks/config.yml
View file

@ -1,5 +1,20 @@
---
- name: create /etc/prometheus/node-exporter/tls
file:
path: /etc/prometheus/node-exporter/tls
state: directory
owner: prometheus
group: prometheus
- name: render /etc/prometheus/node-exporter/tls/config.yml
template:
src: prometheus-node-exporter-webconfig.yml.j2
dest: /etc/prometheus/node-exporter/tls/config.yml
owner: prometheus
group: prometheus
notify: restart prometheus-node-exporter
- name: render /etc/default/prometheus-node-exporter
template:
src: prometheus-node-exporter.default.j2

32
roles/prometheus_node/tasks/debian10.yml
View file

@ -1,10 +1,34 @@
---
- name: install prometheus-node-exporter
- name: check if package files already exist
stat:
path: "/root/{{ item.name }}_{{ item.version }}_{{ item.arch }}.deb"
loop:
- name: prometheus-node-exporter
version: 1.0.1+ds-1
arch: amd64
- name: prometheus-node-exporter-collectors
version: 0+git20201003.8db38d1-1
arch: all
register: prometheus_node_register_ucs_deb_stat
- name: download packages
get_url:
url: "https://{{ debian_mirror }}/debian/pool/main/{{ pfirst | urlencode() }}/{{ package | urlencode() }}/{{ package | urlencode() }}_{{ version | urlencode() }}_{{ arch | urlencode() }}.deb" # noqa 204
dest: "/root/{{ package }}_{{ version }}_{{ arch }}.deb"
vars:
pfirst: "{{ item.item.name[:1] }}"
package: "{{ item.item.name }}"
version: "{{ item.item.version }}"
arch: "{{ item.item.arch }}"
when: not item.stat.exists
loop: "{{ prometheus_node_register_ucs_deb_stat.results }}"
- name: install packages
apt:
name: prometheus-node-exporter
state: present
update_cache: yes
deb: "/root/{{ item.item.name }}_{{ item.item.version }}_{{ item.item.arch }}.deb"
loop: "{{ prometheus_node_register_ucs_deb_stat.results }}"
- name: start prometheus-node-exporter.service
systemd:

2
roles/prometheus_node/tasks/main.yml
View file

@ -13,7 +13,7 @@
import_tasks: debian11.yml
when:
- "ansible_lsb.id == 'Debian' or ansible_lsb.id == 'Raspbian'"
- "ansible_lsb.major_release | int == 11"
- "ansible_lsb.major_release | int >= 11"
tags:
- "role::prometheus_node"
- "role::prometheus_node:debian"

18
roles/prometheus_node/tasks/ucs.yml
View file

@ -2,28 +2,34 @@
- name: check if package files already exist
stat:
path: "/root/{{ item.name }}_{{ item.version }}_amd64.deb"
path: "/root/{{ item.name }}_{{ item.version }}_{{ item.arch }}.deb"
loop:
- name: prometheus-node-exporter
version: 0.17.0+ds-3+b11
version: 1.0.1+ds-1
arch: amd64
- name: prometheus-node-exporter-collectors
version: 0+git20201003.8db38d1-1
arch: all
- name: moreutils
version: 0.62-1
version: 0.64-1
arch: amd64
register: prometheus_node_register_ucs_deb_stat
- name: download packages
get_url:
url: "https://{{ debian_mirror }}/debian/pool/main/{{ pfirst | urlencode() }}/{{ package | urlencode() }}/{{ package | urlencode() }}_{{ version | urlencode() }}_amd64.deb" # noqa 204
dest: "/root/{{ package }}_{{ version }}_amd64.deb"
url: "https://{{ debian_mirror }}/debian/pool/main/{{ pfirst | urlencode() }}/{{ package | urlencode() }}/{{ package | urlencode() }}_{{ version | urlencode() }}_{{ arch | urlencode() }}.deb" # noqa 204
dest: "/root/{{ package }}_{{ version }}_{{ arch }}.deb"
vars:
pfirst: "{{ item.item.name[:1] }}"
package: "{{ item.item.name }}"
version: "{{ item.item.version }}"
arch: "{{ item.item.arch }}"
when: not item.stat.exists
loop: "{{ prometheus_node_register_ucs_deb_stat.results }}"
- name: install packages
apt:
deb: "/root/{{ item.item.name }}_{{ item.item.version }}_amd64.deb"
deb: "/root/{{ item.item.name }}_{{ item.item.version }}_{{ item.item.arch }}.deb"
loop: "{{ prometheus_node_register_ucs_deb_stat.results }}"
- name: start prometheus-node-exporter.service

8
roles/prometheus_node/templates/prometheus-node-exporter-webconfig.yml.j2 Normal file
View file

@ -0,0 +1,8 @@
---
{{ ansible_managed | comment }}
tls_server_config:
cert_file: "{{ prometheus_node_tls_cert }}"
key_file: "{{ prometheus_node_tls_key }}"
client_auth_type: "{{ prometheus_node_tls_require_cert | ternary('RequireAndVerifyClientCert', 'NoClientCert') }}"
client_ca_file: "{{ prometheus_node_tls_ca }}"

2
roles/prometheus_node/templates/prometheus-node-exporter.default.j2
View file

@ -1,3 +1,3 @@
{{ ansible_managed | comment }}
ARGS="{% for k, v in args.items() %}--{{ k }}=\"{{ v }}\" {% endfor %}"
ARGS="{% for k, v in args.items() %}--{{ k }}=\"{{ v }}\" {% endfor %} --web.config=/etc/prometheus/node-exporter/tls/config.yml"

28
roles/prometheus_node_openbsd/tasks/config.yml Normal file
View file

@ -0,0 +1,28 @@
---
- name: create /etc/prometheus/node-exporter/tls
file:
path: /etc/prometheus/node-exporter/tls
state: directory
owner: _nodeexporter
group: _nodeexporter
- name: render /etc/prometheus/node-exporter/tls/config.yml
template:
src: prometheus-node-exporter-webconfig.yml.j2
dest: /etc/prometheus/node-exporter/tls/config.yml
owner: _nodeexporter
group: _nodeexporter
notify: restart node exporter
- name: configure node exporter
lineinfile:
path: /etc/rc.conf.local
line: >-
node_exporter_flags=--collector.textfile.directory={{ node_exporter_textfile_dir }}
{{ node_exporter_flags }}
--web.config=/etc/prometheus/node-exporter/tls/config.yml
regexp: ^node_exporter_flags=.*$
notify:
- start node exporter
- restart node exporter

11
roles/prometheus_node_openbsd/tasks/install.yml
View file

@ -2,7 +2,7 @@
- name: install prometheus node exporter
openbsd_pkg:
name: node_exporter-0.18.0
name: node_exporter
- name: create textfile collector directory
file:
@ -11,12 +11,3 @@
owner: root
group: _nodeexporter
mode: 0750
- name: enable node exporter
lineinfile:
path: /etc/rc.conf.local
line: "node_exporter_flags=--collector.textfile.directory={{ node_exporter_textfile_dir }} {{ node_exporter_flags }}"
regexp: ^node_exporter_flags=.*$
notify:
- start node exporter
- restart node exporter

6
roles/prometheus_node_openbsd/tasks/main.yml
View file

@ -11,3 +11,9 @@
tags:
- 'role::prometheus_node_openbsd'
- 'role::prometheus_node_openbsd:syspatch'
- name: configure prometheus node exporter
import_tasks: config.yml
tags:
- "role::prometheus_node_openbsd"
- "role::prometheus_node_openbsd:config"

8
roles/prometheus_node_openbsd/templates/prometheus-node-exporter-webconfig.yml.j2 Normal file
View file

@ -0,0 +1,8 @@
---
{{ ansible_managed | comment }}
tls_server_config:
cert_file: "{{ prometheus_node_tls_cert }}"
key_file: "{{ prometheus_node_tls_key }}"
client_auth_type: "{{ prometheus_node_tls_require_cert | ternary('RequireAndVerifyClientCert', 'NoClientCert') }}"
client_ca_file: "{{ prometheus_node_tls_ca }}"