prometheus: add mikrotik exporter

author: Christian Pointner <equinox@spreadspace.org> 2021-07-30 01:55:52 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2021-07-30 01:55:52 +0200
commit: aa7490a9a440b4518f79318be773b7da34e93c93 (patch)
tree: 486ba36d2653705fed4540f088b1b61f4bd3b821 /roles
parent: some more preps for e21 (diff)
6 files changed, 115 insertions, 0 deletions
diff --git a/roles/monitoring/prometheus/exporter/meta/main.yml b/roles/monitoring/prometheus/exporter/meta/main.yml
index 01e3f7f2..22131422 100644
--- a/roles/monitoring/prometheus/exporter/meta/main.yml
+++ b/roles/monitoring/prometheus/exporter/meta/main.yml
@@ -7,3 +7,5 @@ dependencies:
     when: "'blackbox' in (prometheus_exporters_default | union(prometheus_exporters_extra))"
   - role: monitoring/prometheus/exporter/nut
     when: "'nut' in (prometheus_exporters_default | union(prometheus_exporters_extra))"
+  - role: monitoring/prometheus/exporter/mikrotik
+    when: "'mikrotik' in (prometheus_exporters_default | union(prometheus_exporters_extra))"
diff --git a/roles/monitoring/prometheus/exporter/mikrotik/defaults/main.yml b/roles/monitoring/prometheus/exporter/mikrotik/defaults/main.yml
new file mode 100644
index 00000000..373cba47
--- /dev/null
+++ b/roles/monitoring/prometheus/exporter/mikrotik/defaults/main.yml
@@ -0,0 +1,24 @@
+---
+# prometheus_exporter_mikrotik_devices:
+#   - name: bridge01
+#     address: 1.2.3.4
+#     port: 1234
+#     user: prometheus
+#     password: secret
+
+prometheus_exporter_mikrotik_features:
+  bgp: false
+  dhcp: false
+  dhcpv6: false
+  dhcpl: false
+  routes: false
+  pools: false
+  wlansta: true
+  wlanif: true
+  monitor: true
+  health: false
+  firmware: true
+  ipsec: false
+  optics: false
+  poe: false
+  w60g: true
diff --git a/roles/monitoring/prometheus/exporter/mikrotik/handlers/main.yml b/roles/monitoring/prometheus/exporter/mikrotik/handlers/main.yml
new file mode 100644
index 00000000..cb85d0d9
--- /dev/null
+++ b/roles/monitoring/prometheus/exporter/mikrotik/handlers/main.yml
@@ -0,0 +1,11 @@
+---
+- name: restart prometheus-mikrotik-exporter
+  service:
+    name: prometheus-mikrotik-exporter
+    state: restarted
+
+- name: reload prometheus-exporter-exporter
+  service:
+    name: prometheus-exporter-exporter
+    ## TODO: implement reload once exporter_exporter supports this...
+    state: restarted
diff --git a/roles/monitoring/prometheus/exporter/mikrotik/tasks/main.yml b/roles/monitoring/prometheus/exporter/mikrotik/tasks/main.yml
new file mode 100644
index 00000000..c3ffe31b
--- /dev/null
+++ b/roles/monitoring/prometheus/exporter/mikrotik/tasks/main.yml
@@ -0,0 +1,41 @@
+---
+- name: install apt packages
+  apt:
+    name: prom-exporter-mikrotik
+    state: present
+
+- name: create config directory
+  file:
+    path: /etc/prometheus/exporter/mikrotik
+    state: directory
+
+- name: generate configuration
+  template:
+    src: config.yml.j2
+    dest: /etc/prometheus/exporter/mikrotik/config.yml
+    owner: root
+    group: prometheus-exporter
+    mode: 0640
+  notify: restart prometheus-mikrotik-exporter
+
+- name: generate systemd service unit
+  template:
+    src: service.j2
+    dest: /etc/systemd/system/prometheus-mikrotik-exporter.service
+  notify: restart prometheus-mikrotik-exporter
+
+- name: make sure prometheus-mikrotik-exporter is enabled and started
+  systemd:
+    name: prometheus-mikrotik-exporter.service
+    daemon_reload: yes
+    state: started
+    enabled: yes
+
+- name: register exporter
+  copy:
+    content: |
+      method: http
+      http:
+        port: 9436
+    dest: /etc/prometheus/exporter/enabled/mikrotik.yml
+  notify: reload prometheus-exporter-exporter
diff --git a/roles/monitoring/prometheus/exporter/mikrotik/templates/config.yml.j2 b/roles/monitoring/prometheus/exporter/mikrotik/templates/config.yml.j2
new file mode 100644
index 00000000..a2dc1c71
--- /dev/null
+++ b/roles/monitoring/prometheus/exporter/mikrotik/templates/config.yml.j2
@@ -0,0 +1,7 @@
+# {{ ansible_managed }}
+
+devices:
+  {{ prometheus_exporter_mikrotik_devices | to_nice_yaml(indent=2) | indent(2)}}
+
+features:
+  {{ prometheus_exporter_mikrotik_features | to_nice_yaml(indent=2) | indent(2)}}
diff --git a/roles/monitoring/prometheus/exporter/mikrotik/templates/service.j2 b/roles/monitoring/prometheus/exporter/mikrotik/templates/service.j2
new file mode 100644
index 00000000..a1c90455
--- /dev/null
+++ b/roles/monitoring/prometheus/exporter/mikrotik/templates/service.j2
@@ -0,0 +1,30 @@
+[Unit]
+Description=Prometheus mikrotik exporter
+
+[Service]
+Restart=always
+User=prometheus-exporter
+ExecStart=/usr/bin/prometheus-mikrotik-exporter -port "127.0.0.1:9436" -config-file /etc/prometheus/exporter/mikrotik/config.yml
+
+# systemd hardening-options
+AmbientCapabilities=
+CapabilityBoundingSet=
+DeviceAllow=/dev/null rw
+DevicePolicy=strict
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateTmp=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=strict
+RemoveIPC=true
+RestrictNamespaces=true
+RestrictRealtime=true
+SystemCallArchitectures=native
+
+[Install]
+WantedBy=multi-user.target
author	Christian Pointner <equinox@spreadspace.org>	2021-07-30 01:55:52 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2021-07-30 01:55:52 +0200
commit	aa7490a9a440b4518f79318be773b7da34e93c93 (patch)
tree	486ba36d2653705fed4540f088b1b61f4bd3b821 /roles
parent	some more preps for e21 (diff)