diff options
author | Christian Pointner <equinox@spreadspace.org> | 2021-07-30 01:55:52 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2021-07-30 01:55:52 +0200 |
commit | aa7490a9a440b4518f79318be773b7da34e93c93 (patch) | |
tree | 486ba36d2653705fed4540f088b1b61f4bd3b821 /roles/monitoring/prometheus | |
parent | some more preps for e21 (diff) |
prometheus: add mikrotik exporter
Diffstat (limited to 'roles/monitoring/prometheus')
6 files changed, 115 insertions, 0 deletions
diff --git a/roles/monitoring/prometheus/exporter/meta/main.yml b/roles/monitoring/prometheus/exporter/meta/main.yml index 01e3f7f2..22131422 100644 --- a/roles/monitoring/prometheus/exporter/meta/main.yml +++ b/roles/monitoring/prometheus/exporter/meta/main.yml @@ -7,3 +7,5 @@ dependencies: when: "'blackbox' in (prometheus_exporters_default | union(prometheus_exporters_extra))" - role: monitoring/prometheus/exporter/nut when: "'nut' in (prometheus_exporters_default | union(prometheus_exporters_extra))" + - role: monitoring/prometheus/exporter/mikrotik + when: "'mikrotik' in (prometheus_exporters_default | union(prometheus_exporters_extra))" diff --git a/roles/monitoring/prometheus/exporter/mikrotik/defaults/main.yml b/roles/monitoring/prometheus/exporter/mikrotik/defaults/main.yml new file mode 100644 index 00000000..373cba47 --- /dev/null +++ b/roles/monitoring/prometheus/exporter/mikrotik/defaults/main.yml @@ -0,0 +1,24 @@ +--- +# prometheus_exporter_mikrotik_devices: +# - name: bridge01 +# address: 1.2.3.4 +# port: 1234 +# user: prometheus +# password: secret + +prometheus_exporter_mikrotik_features: + bgp: false + dhcp: false + dhcpv6: false + dhcpl: false + routes: false + pools: false + wlansta: true + wlanif: true + monitor: true + health: false + firmware: true + ipsec: false + optics: false + poe: false + w60g: true diff --git a/roles/monitoring/prometheus/exporter/mikrotik/handlers/main.yml b/roles/monitoring/prometheus/exporter/mikrotik/handlers/main.yml new file mode 100644 index 00000000..cb85d0d9 --- /dev/null +++ b/roles/monitoring/prometheus/exporter/mikrotik/handlers/main.yml @@ -0,0 +1,11 @@ +--- +- name: restart prometheus-mikrotik-exporter + service: + name: prometheus-mikrotik-exporter + state: restarted + +- name: reload prometheus-exporter-exporter + service: + name: prometheus-exporter-exporter + ## TODO: implement reload once exporter_exporter supports this... + state: restarted diff --git a/roles/monitoring/prometheus/exporter/mikrotik/tasks/main.yml b/roles/monitoring/prometheus/exporter/mikrotik/tasks/main.yml new file mode 100644 index 00000000..c3ffe31b --- /dev/null +++ b/roles/monitoring/prometheus/exporter/mikrotik/tasks/main.yml @@ -0,0 +1,41 @@ +--- +- name: install apt packages + apt: + name: prom-exporter-mikrotik + state: present + +- name: create config directory + file: + path: /etc/prometheus/exporter/mikrotik + state: directory + +- name: generate configuration + template: + src: config.yml.j2 + dest: /etc/prometheus/exporter/mikrotik/config.yml + owner: root + group: prometheus-exporter + mode: 0640 + notify: restart prometheus-mikrotik-exporter + +- name: generate systemd service unit + template: + src: service.j2 + dest: /etc/systemd/system/prometheus-mikrotik-exporter.service + notify: restart prometheus-mikrotik-exporter + +- name: make sure prometheus-mikrotik-exporter is enabled and started + systemd: + name: prometheus-mikrotik-exporter.service + daemon_reload: yes + state: started + enabled: yes + +- name: register exporter + copy: + content: | + method: http + http: + port: 9436 + dest: /etc/prometheus/exporter/enabled/mikrotik.yml + notify: reload prometheus-exporter-exporter diff --git a/roles/monitoring/prometheus/exporter/mikrotik/templates/config.yml.j2 b/roles/monitoring/prometheus/exporter/mikrotik/templates/config.yml.j2 new file mode 100644 index 00000000..a2dc1c71 --- /dev/null +++ b/roles/monitoring/prometheus/exporter/mikrotik/templates/config.yml.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} + +devices: + {{ prometheus_exporter_mikrotik_devices | to_nice_yaml(indent=2) | indent(2)}} + +features: + {{ prometheus_exporter_mikrotik_features | to_nice_yaml(indent=2) | indent(2)}} diff --git a/roles/monitoring/prometheus/exporter/mikrotik/templates/service.j2 b/roles/monitoring/prometheus/exporter/mikrotik/templates/service.j2 new file mode 100644 index 00000000..a1c90455 --- /dev/null +++ b/roles/monitoring/prometheus/exporter/mikrotik/templates/service.j2 @@ -0,0 +1,30 @@ +[Unit] +Description=Prometheus mikrotik exporter + +[Service] +Restart=always +User=prometheus-exporter +ExecStart=/usr/bin/prometheus-mikrotik-exporter -port "127.0.0.1:9436" -config-file /etc/prometheus/exporter/mikrotik/config.yml + +# systemd hardening-options +AmbientCapabilities= +CapabilityBoundingSet= +DeviceAllow=/dev/null rw +DevicePolicy=strict +LockPersonality=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateTmp=true +ProtectControlGroups=true +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=strict +RemoveIPC=true +RestrictNamespaces=true +RestrictRealtime=true +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target |