summaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2021-09-25 23:36:40 +0200
committerChristian Pointner <equinox@spreadspace.org>2021-09-25 23:36:40 +0200
commit063bdb70a8e8353908ca9742e05be8fac65a61bf (patch)
treeb44100afd46a4c01edb730eb58765a03036c8eef /roles
parentdisabling smartmon textfile collector by default since this can lead to idemp... (diff)
move away from exporter-exporter in favor for nginx
Diffstat (limited to 'roles')
-rw-r--r--roles/monitoring/prometheus/exporter/base/defaults/main.yml2
-rw-r--r--roles/monitoring/prometheus/exporter/base/handlers/main.yml6
-rw-r--r--roles/monitoring/prometheus/exporter/base/tasks/main.yml30
-rw-r--r--roles/monitoring/prometheus/exporter/base/templates/nginx-vhost.j219
-rw-r--r--roles/monitoring/prometheus/exporter/base/templates/service.j232
-rw-r--r--roles/monitoring/prometheus/exporter/blackbox/handlers/main.yml7
-rw-r--r--roles/monitoring/prometheus/exporter/blackbox/tasks/main.yml11
-rw-r--r--roles/monitoring/prometheus/exporter/ipmi/handlers/main.yml7
-rw-r--r--roles/monitoring/prometheus/exporter/ipmi/tasks/main.yml21
-rw-r--r--roles/monitoring/prometheus/exporter/meta/main.yml10
-rw-r--r--roles/monitoring/prometheus/exporter/mikrotik/handlers/main.yml7
-rw-r--r--roles/monitoring/prometheus/exporter/mikrotik/tasks/main.yml10
-rw-r--r--roles/monitoring/prometheus/exporter/node/handlers/main.yml7
-rw-r--r--roles/monitoring/prometheus/exporter/node/tasks/main.yml10
-rw-r--r--roles/monitoring/prometheus/exporter/nut/handlers/main.yml7
-rw-r--r--roles/monitoring/prometheus/exporter/nut/tasks/main.yml14
-rw-r--r--roles/monitoring/prometheus/server/templates/jobs/blackbox/https.j23
-rw-r--r--roles/monitoring/prometheus/server/templates/jobs/blackbox/ping.j23
-rw-r--r--roles/monitoring/prometheus/server/templates/jobs/blackbox/ssh.j23
-rw-r--r--roles/monitoring/prometheus/server/templates/jobs/generic.j25
-rw-r--r--roles/monitoring/prometheus/server/templates/jobs/node.j25
-rw-r--r--roles/monitoring/prometheus/server/templates/jobs/nut/ups.j25
22 files changed, 88 insertions, 136 deletions
diff --git a/roles/monitoring/prometheus/exporter/base/defaults/main.yml b/roles/monitoring/prometheus/exporter/base/defaults/main.yml
index 963763a5..613943d8 100644
--- a/roles/monitoring/prometheus/exporter/base/defaults/main.yml
+++ b/roles/monitoring/prometheus/exporter/base/defaults/main.yml
@@ -1,2 +1,2 @@
---
-prometheus_exporter_listen: ":9999"
+prometheus_exporter_listen: "9999"
diff --git a/roles/monitoring/prometheus/exporter/base/handlers/main.yml b/roles/monitoring/prometheus/exporter/base/handlers/main.yml
index ebd760cf..d4e42ca0 100644
--- a/roles/monitoring/prometheus/exporter/base/handlers/main.yml
+++ b/roles/monitoring/prometheus/exporter/base/handlers/main.yml
@@ -1,5 +1,5 @@
---
-- name: restart prometheus-exporter-exporter
+- name: reload nginx
service:
- name: prometheus-exporter-exporter
- state: restarted
+ name: nginx
+ state: reloaded
diff --git a/roles/monitoring/prometheus/exporter/base/tasks/main.yml b/roles/monitoring/prometheus/exporter/base/tasks/main.yml
index eeb2a23d..5f42867d 100644
--- a/roles/monitoring/prometheus/exporter/base/tasks/main.yml
+++ b/roles/monitoring/prometheus/exporter/base/tasks/main.yml
@@ -6,17 +6,6 @@
- spreadspace_apt_repo_components is defined
- "'prometheus' in spreadspace_apt_repo_components"
- ## TODO: pin version
-- name: install apt packages
- apt:
- name: prom-exporter-exporter
- state: present
-
-- name: create configuration directories
- file:
- path: /etc/prometheus/exporter/exporter
- state: directory
-
- name: add user for prometheus-exporter
user:
name: prometheus-exporter
@@ -27,15 +16,10 @@
- name: create TLS certificate and key
import_tasks: tls.yml
-- name: generate systemd service unit
- template:
- src: service.j2
- dest: /etc/systemd/system/prometheus-exporter-exporter.service
- notify: restart prometheus-exporter-exporter
-
-- name: make sure prometheus-exporter-exporter is enabled and started
- systemd:
- name: prometheus-exporter-exporter.service
- daemon_reload: yes
- state: started
- enabled: yes
+- name: configure nginx vhost
+ import_role:
+ name: nginx/vhost
+ vars:
+ nginx_vhost:
+ name: prometheus-exporter
+ content: "{{ lookup('template', 'nginx-vhost.j2') }}"
diff --git a/roles/monitoring/prometheus/exporter/base/templates/nginx-vhost.j2 b/roles/monitoring/prometheus/exporter/base/templates/nginx-vhost.j2
new file mode 100644
index 00000000..70e65b29
--- /dev/null
+++ b/roles/monitoring/prometheus/exporter/base/templates/nginx-vhost.j2
@@ -0,0 +1,19 @@
+server {
+ listen {{ prometheus_exporter_listen }} ssl;
+ server_name _;
+
+ ssl_certificate /etc/ssl/prometheus/exporter/crt.pem;
+ ssl_certificate_key /etc/ssl/prometheus/exporter/key.pem;
+ ssl_client_certificate /etc/ssl/prometheus/ca-crt.pem;
+ ssl_verify_client on;
+
+ root /nonexistent;
+
+ location = / {
+ return 404 'please specify the exporter you want to reach!';
+ }
+
+ include snippets/proxy-nobuff.conf;
+
+ include /etc/prometheus/exporter/*.locations;
+}
diff --git a/roles/monitoring/prometheus/exporter/base/templates/service.j2 b/roles/monitoring/prometheus/exporter/base/templates/service.j2
deleted file mode 100644
index 3d44744a..00000000
--- a/roles/monitoring/prometheus/exporter/base/templates/service.j2
+++ /dev/null
@@ -1,32 +0,0 @@
-[Unit]
-Description=Prometheus exporter proxy
-
-[Service]
-Restart=always
-User=prometheus-exporter
-ExecStart=/usr/bin/prometheus-exporter-exporter -config.dirs=/etc/prometheus/exporter/exporter -config.file="" -web.listen-address="" -web.tls.listen-address="{{ prometheus_exporter_listen }}" -web.tls.cert="/etc/ssl/prometheus/exporter/crt.pem" -web.tls.key="/etc/ssl/prometheus/exporter/key.pem" --web.tls.ca="/etc/ssl/prometheus/ca-crt.pem" -web.tls.verify
-{# TODO: implement reloading once the exporter_exporter supports this #}
-
-# systemd hardening-options
-AmbientCapabilities=
-CapabilityBoundingSet=
-DeviceAllow=/dev/null rw
-DevicePolicy=strict
-LockPersonality=true
-MemoryDenyWriteExecute=true
-NoNewPrivileges=true
-PrivateDevices=true
-PrivateTmp=true
-PrivateUsers=true
-ProtectControlGroups=true
-ProtectHome=true
-ProtectKernelModules=true
-ProtectKernelTunables=true
-ProtectSystem=strict
-RemoveIPC=true
-RestrictNamespaces=true
-RestrictRealtime=true
-SystemCallArchitectures=native
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/monitoring/prometheus/exporter/blackbox/handlers/main.yml b/roles/monitoring/prometheus/exporter/blackbox/handlers/main.yml
index 99a416e2..12250769 100644
--- a/roles/monitoring/prometheus/exporter/blackbox/handlers/main.yml
+++ b/roles/monitoring/prometheus/exporter/blackbox/handlers/main.yml
@@ -9,8 +9,7 @@
name: prometheus-blackbox-exporter
state: reloaded
-- name: reload prometheus-exporter-exporter
+- name: reload nginx
service:
- name: prometheus-exporter-exporter
- ## TODO: implement reload once exporter_exporter supports this...
- state: restarted
+ name: nginx
+ state: reloaded
diff --git a/roles/monitoring/prometheus/exporter/blackbox/tasks/main.yml b/roles/monitoring/prometheus/exporter/blackbox/tasks/main.yml
index 782c3561..f9793df6 100644
--- a/roles/monitoring/prometheus/exporter/blackbox/tasks/main.yml
+++ b/roles/monitoring/prometheus/exporter/blackbox/tasks/main.yml
@@ -32,9 +32,8 @@
- name: register exporter
copy:
content: |
- method: http
- http:
- port: 9115
- path: /probe
- dest: /etc/prometheus/exporter/exporter/blackbox.yml
- notify: reload prometheus-exporter-exporter
+ location = /blackbox {
+ proxy_pass http://127.0.0.1:9115/probe;
+ }
+ dest: /etc/prometheus/exporter/blackbox.locations
+ notify: reload nginx
diff --git a/roles/monitoring/prometheus/exporter/ipmi/handlers/main.yml b/roles/monitoring/prometheus/exporter/ipmi/handlers/main.yml
index 40a945ae..a8eb55b3 100644
--- a/roles/monitoring/prometheus/exporter/ipmi/handlers/main.yml
+++ b/roles/monitoring/prometheus/exporter/ipmi/handlers/main.yml
@@ -9,8 +9,7 @@
name: prometheus-ipmi-exporter
state: reloaded
-- name: reload prometheus-exporter-exporter
+- name: reload nginx
service:
- name: prometheus-exporter-exporter
- ## TODO: implement reload once exporter_exporter supports this...
- state: restarted
+ name: nginx
+ state: reloaded
diff --git a/roles/monitoring/prometheus/exporter/ipmi/tasks/main.yml b/roles/monitoring/prometheus/exporter/ipmi/tasks/main.yml
index 9e63f692..91318f16 100644
--- a/roles/monitoring/prometheus/exporter/ipmi/tasks/main.yml
+++ b/roles/monitoring/prometheus/exporter/ipmi/tasks/main.yml
@@ -30,18 +30,13 @@
enabled: yes
- name: register exporter
- loop:
- - name: local
- path: /metrics
- - name: remote
- path: /ipmi
- loop_control:
- label: "{{ item.name }}"
copy:
content: |
- method: http
- http:
- port: 9290
- path: {{ item.path }}
- dest: "/etc/prometheus/exporter/exporter/ipmi-{{ item.name }}.yml"
- notify: reload prometheus-exporter-exporter
+ location = /ipmi {
+ proxy_pass http://127.0.0.1:9290/metrics;
+ }
+ location = /ipmi/remote {
+ proxy_pass http://127.0.0.1:9290/ipmi;
+ }
+ dest: /etc/prometheus/exporter/ipmi.locations
+ notify: reload nginx
diff --git a/roles/monitoring/prometheus/exporter/meta/main.yml b/roles/monitoring/prometheus/exporter/meta/main.yml
index 22131422..68fce6cb 100644
--- a/roles/monitoring/prometheus/exporter/meta/main.yml
+++ b/roles/monitoring/prometheus/exporter/meta/main.yml
@@ -1,11 +1,13 @@
---
dependencies:
- role: monitoring/prometheus/exporter/base
- - role: monitoring/prometheus/exporter/node
- when: "'node' in (prometheus_exporters_default | union(prometheus_exporters_extra))"
- role: monitoring/prometheus/exporter/blackbox
when: "'blackbox' in (prometheus_exporters_default | union(prometheus_exporters_extra))"
- - role: monitoring/prometheus/exporter/nut
- when: "'nut' in (prometheus_exporters_default | union(prometheus_exporters_extra))"
+ - role: monitoring/prometheus/exporter/ipmi
+ when: "'ipmi' in (prometheus_exporters_default | union(prometheus_exporters_extra))"
- role: monitoring/prometheus/exporter/mikrotik
when: "'mikrotik' in (prometheus_exporters_default | union(prometheus_exporters_extra))"
+ - role: monitoring/prometheus/exporter/node
+ when: "'node' in (prometheus_exporters_default | union(prometheus_exporters_extra))"
+ - role: monitoring/prometheus/exporter/nut
+ when: "'nut' in (prometheus_exporters_default | union(prometheus_exporters_extra))"
diff --git a/roles/monitoring/prometheus/exporter/mikrotik/handlers/main.yml b/roles/monitoring/prometheus/exporter/mikrotik/handlers/main.yml
index cb85d0d9..c5844220 100644
--- a/roles/monitoring/prometheus/exporter/mikrotik/handlers/main.yml
+++ b/roles/monitoring/prometheus/exporter/mikrotik/handlers/main.yml
@@ -4,8 +4,7 @@
name: prometheus-mikrotik-exporter
state: restarted
-- name: reload prometheus-exporter-exporter
+- name: reload nginx
service:
- name: prometheus-exporter-exporter
- ## TODO: implement reload once exporter_exporter supports this...
- state: restarted
+ name: nginx
+ state: reloaded
diff --git a/roles/monitoring/prometheus/exporter/mikrotik/tasks/main.yml b/roles/monitoring/prometheus/exporter/mikrotik/tasks/main.yml
index 07219c68..72c78e4a 100644
--- a/roles/monitoring/prometheus/exporter/mikrotik/tasks/main.yml
+++ b/roles/monitoring/prometheus/exporter/mikrotik/tasks/main.yml
@@ -35,8 +35,8 @@
- name: register exporter
copy:
content: |
- method: http
- http:
- port: 9436
- dest: /etc/prometheus/exporter/exporter/mikrotik.yml
- notify: reload prometheus-exporter-exporter
+ location = /mikrotik {
+ proxy_pass http://127.0.0.1:9436/metrics;
+ }
+ dest: /etc/prometheus/exporter/mikrotik.locations
+ notify: reload nginx
diff --git a/roles/monitoring/prometheus/exporter/node/handlers/main.yml b/roles/monitoring/prometheus/exporter/node/handlers/main.yml
index 3e1b2000..56056ea6 100644
--- a/roles/monitoring/prometheus/exporter/node/handlers/main.yml
+++ b/roles/monitoring/prometheus/exporter/node/handlers/main.yml
@@ -4,8 +4,7 @@
name: prometheus-node-exporter
state: restarted
-- name: reload prometheus-exporter-exporter
+- name: reload nginx
service:
- name: prometheus-exporter-exporter
- ## TODO: implement reload once exporter_exporter supports this...
- state: restarted
+ name: nginx
+ state: reloaded
diff --git a/roles/monitoring/prometheus/exporter/node/tasks/main.yml b/roles/monitoring/prometheus/exporter/node/tasks/main.yml
index 56903a33..2811c759 100644
--- a/roles/monitoring/prometheus/exporter/node/tasks/main.yml
+++ b/roles/monitoring/prometheus/exporter/node/tasks/main.yml
@@ -28,11 +28,11 @@
- name: register exporter
copy:
content: |
- method: http
- http:
- port: 9100
- dest: /etc/prometheus/exporter/exporter/node.yml
- notify: reload prometheus-exporter-exporter
+ location = /node {
+ proxy_pass http://127.0.0.1:9100/metrics;
+ }
+ dest: /etc/prometheus/exporter/node.locations
+ notify: reload nginx
- name: create directory for textfile collector scripts
file:
diff --git a/roles/monitoring/prometheus/exporter/nut/handlers/main.yml b/roles/monitoring/prometheus/exporter/nut/handlers/main.yml
index 6e10f43b..edd87ed5 100644
--- a/roles/monitoring/prometheus/exporter/nut/handlers/main.yml
+++ b/roles/monitoring/prometheus/exporter/nut/handlers/main.yml
@@ -4,8 +4,7 @@
name: prometheus-nut-exporter
state: restarted
-- name: reload prometheus-exporter-exporter
+- name: reload ngnix
service:
- name: prometheus-exporter-exporter
- ## TODO: implement reload once exporter_exporter supports this...
- state: restarted
+ name: nginx
+ state: reloaded
diff --git a/roles/monitoring/prometheus/exporter/nut/tasks/main.yml b/roles/monitoring/prometheus/exporter/nut/tasks/main.yml
index 8245feae..f602472d 100644
--- a/roles/monitoring/prometheus/exporter/nut/tasks/main.yml
+++ b/roles/monitoring/prometheus/exporter/nut/tasks/main.yml
@@ -21,9 +21,11 @@
- name: register exporter
copy:
content: |
- method: http
- http:
- port: 9199
- path: /ups_metrics
- dest: /etc/prometheus/exporter/exporter/nut.yml
- notify: reload prometheus-exporter-exporter
+ location = /nut {
+ proxy_pass http://127.0.0.1:9199/metrics;
+ }
+ location = /nut/ups {
+ proxy_pass http://127.0.0.1:9199/ups_metrics;
+ }
+ dest: /etc/prometheus/exporter/nut.locations
+ notify: reload nginx
diff --git a/roles/monitoring/prometheus/server/templates/jobs/blackbox/https.j2 b/roles/monitoring/prometheus/server/templates/jobs/blackbox/https.j2
index 98a64121..86ff88dd 100644
--- a/roles/monitoring/prometheus/server/templates/jobs/blackbox/https.j2
+++ b/roles/monitoring/prometheus/server/templates/jobs/blackbox/https.j2
@@ -1,8 +1,7 @@
- job_name: '{{ job }}'
- metrics_path: /proxy
+ metrics_path: /blackbox
params:
module:
- - blackbox
- http_tls_2xx
scheme: https
tls_config:
diff --git a/roles/monitoring/prometheus/server/templates/jobs/blackbox/ping.j2 b/roles/monitoring/prometheus/server/templates/jobs/blackbox/ping.j2
index 736ffec1..2d3889d2 100644
--- a/roles/monitoring/prometheus/server/templates/jobs/blackbox/ping.j2
+++ b/roles/monitoring/prometheus/server/templates/jobs/blackbox/ping.j2
@@ -1,8 +1,7 @@
- job_name: '{{ job }}'
- metrics_path: /proxy
+ metrics_path: /blackbox
params:
module:
- - blackbox
- icmp
scheme: https
tls_config:
diff --git a/roles/monitoring/prometheus/server/templates/jobs/blackbox/ssh.j2 b/roles/monitoring/prometheus/server/templates/jobs/blackbox/ssh.j2
index 166f37ad..97565673 100644
--- a/roles/monitoring/prometheus/server/templates/jobs/blackbox/ssh.j2
+++ b/roles/monitoring/prometheus/server/templates/jobs/blackbox/ssh.j2
@@ -1,8 +1,7 @@
- job_name: '{{ job }}'
- metrics_path: /proxy
+ metrics_path: /blackbox
params:
module:
- - blackbox
- ssh_banner
scheme: https
tls_config:
diff --git a/roles/monitoring/prometheus/server/templates/jobs/generic.j2 b/roles/monitoring/prometheus/server/templates/jobs/generic.j2
index b155c5f7..65a95007 100644
--- a/roles/monitoring/prometheus/server/templates/jobs/generic.j2
+++ b/roles/monitoring/prometheus/server/templates/jobs/generic.j2
@@ -1,8 +1,5 @@
- job_name: '{{ job }}'
- metrics_path: /proxy
- params:
- module:
- - {{ job }}
+ metrics_path: /{{ job }}
scheme: https
tls_config:
ca_file: /etc/ssl/prometheus/ca-crt.pem
diff --git a/roles/monitoring/prometheus/server/templates/jobs/node.j2 b/roles/monitoring/prometheus/server/templates/jobs/node.j2
index ba9eab31..1b14e1f6 100644
--- a/roles/monitoring/prometheus/server/templates/jobs/node.j2
+++ b/roles/monitoring/prometheus/server/templates/jobs/node.j2
@@ -1,8 +1,5 @@
- job_name: '{{ job }}'
- metrics_path: /proxy
- params:
- module:
- - {{ job }}
+ metrics_path: /{{ job }}
scheme: https
tls_config:
ca_file: /etc/ssl/prometheus/ca-crt.pem
diff --git a/roles/monitoring/prometheus/server/templates/jobs/nut/ups.j2 b/roles/monitoring/prometheus/server/templates/jobs/nut/ups.j2
index 3a2c5c62..0cf4ae4e 100644
--- a/roles/monitoring/prometheus/server/templates/jobs/nut/ups.j2
+++ b/roles/monitoring/prometheus/server/templates/jobs/nut/ups.j2
@@ -1,8 +1,5 @@
- job_name: '{{ job }}'
- metrics_path: /proxy
- params:
- module:
- - nut
+ metrics_path: /nut/ups
scheme: https
tls_config:
ca_file: /etc/ssl/prometheus/ca-crt.pem
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 00:05:58 +0000