diff options
8 files changed, 140 insertions, 9 deletions
diff --git a/dan/host_vars/ele-mon.yml b/dan/host_vars/ele-mon.yml index f7141ab4..4e6bbe35 100644 --- a/dan/host_vars/ele-mon.yml +++ b/dan/host_vars/ele-mon.yml @@ -1,10 +1,14 @@ $ANSIBLE_VAULT;1.2;AES256;dan -33313632623964313131336133643531326633636230623363356532386530363262336164343966 -3831363534333135653438623236373336653833643737380a336165646234366331376462373736 -33313063616636356432633137663566313334393437623434663365353438363431323564386665 -3363363632363533360a633761383230663665333564333061303731663034363230316461636164 -34363532663835646361653531343531613161323539653434616362353932336231396565343537 -32366530326237316366323262383136663961613737666564616161326563376565366531326466 -65343931326362333238343636616164353433386534306165363633653964343135366463373061 -61363465343335323562643762323136376437363038343361303864343261343361366139323237 -38336139326333653730316666396466336138626331623736633964613865376561 +34393235363732323730303761656662366533643566393736343133396562653065383264653636 +3864663335663232363265653862663263343765656631340a656432636231623734393337346263 +30393835343965353038633833653864393432313062643964356130336366303637303634326564 +3665316462343936390a386565306637343137616362653539363332643661313466663336616337 +61666532306463633134343931616634316335323434393238376430653831323866303764356339 +33643564366462366231613263613233633466366631326434353863633237626634393332313031 +34616333636634386131613939323665343536353535396137353336616233366634316536656632 +37663335386563313161326362343834316537336138666134666332643138366532323362393237 +64343537376131393433656664373865623737373531626239316539373965623064326233663235 +61303234366662356137643539623938326562663532656338393734393930393662636139393165 +36613931336663363162386162613636303238326234333336633066393765393032356531623035 +39356233333033343063313337623935346238376132653435636666646562626237336232323535 +6230 diff --git a/inventory/host_vars/ele-mon.yml b/inventory/host_vars/ele-mon.yml index d5aea850..b0f3962b 100644 --- a/inventory/host_vars/ele-mon.yml +++ b/inventory/host_vars/ele-mon.yml @@ -63,12 +63,24 @@ prometheus_server_web_external_url: /prometheus/ prometheus_exporters_extra: - blackbox - nut + - mikrotik prometheus_exporter_blackbox_modules_extra: icmp: prober: icmp +prometheus_exporter_mikrotik_devices: + - name: ele-br-nextlib0 + address: "{{ network_zones.mgmt.prefix | ipaddr(network_zones.mgmt.offsets['ele-br-nextlib0']) | ipaddr('address') }}" + user: prometheus + password: "{{ vault_prometheus_exporter_mikrotik_api_password }}" + # - name: ele-br-tub0 + # address: "{{ network_zones.mgmt.prefix | ipaddr(network_zones.mgmt.offsets['ele-br-tub0']) | ipaddr('address') }}" + # user: prometheus + # password: "{{ vault_prometheus_exporter_mikrotik_api_password }}" + + prometheus_alertmanager_web_route_prefix: /alertmanager/ diff --git a/roles/monitoring/prometheus/exporter/meta/main.yml b/roles/monitoring/prometheus/exporter/meta/main.yml index 01e3f7f2..22131422 100644 --- a/roles/monitoring/prometheus/exporter/meta/main.yml +++ b/roles/monitoring/prometheus/exporter/meta/main.yml @@ -7,3 +7,5 @@ dependencies: when: "'blackbox' in (prometheus_exporters_default | union(prometheus_exporters_extra))" - role: monitoring/prometheus/exporter/nut when: "'nut' in (prometheus_exporters_default | union(prometheus_exporters_extra))" + - role: monitoring/prometheus/exporter/mikrotik + when: "'mikrotik' in (prometheus_exporters_default | union(prometheus_exporters_extra))" diff --git a/roles/monitoring/prometheus/exporter/mikrotik/defaults/main.yml b/roles/monitoring/prometheus/exporter/mikrotik/defaults/main.yml new file mode 100644 index 00000000..373cba47 --- /dev/null +++ b/roles/monitoring/prometheus/exporter/mikrotik/defaults/main.yml @@ -0,0 +1,24 @@ +--- +# prometheus_exporter_mikrotik_devices: +# - name: bridge01 +# address: 1.2.3.4 +# port: 1234 +# user: prometheus +# password: secret + +prometheus_exporter_mikrotik_features: + bgp: false + dhcp: false + dhcpv6: false + dhcpl: false + routes: false + pools: false + wlansta: true + wlanif: true + monitor: true + health: false + firmware: true + ipsec: false + optics: false + poe: false + w60g: true diff --git a/roles/monitoring/prometheus/exporter/mikrotik/handlers/main.yml b/roles/monitoring/prometheus/exporter/mikrotik/handlers/main.yml new file mode 100644 index 00000000..cb85d0d9 --- /dev/null +++ b/roles/monitoring/prometheus/exporter/mikrotik/handlers/main.yml @@ -0,0 +1,11 @@ +--- +- name: restart prometheus-mikrotik-exporter + service: + name: prometheus-mikrotik-exporter + state: restarted + +- name: reload prometheus-exporter-exporter + service: + name: prometheus-exporter-exporter + ## TODO: implement reload once exporter_exporter supports this... + state: restarted diff --git a/roles/monitoring/prometheus/exporter/mikrotik/tasks/main.yml b/roles/monitoring/prometheus/exporter/mikrotik/tasks/main.yml new file mode 100644 index 00000000..c3ffe31b --- /dev/null +++ b/roles/monitoring/prometheus/exporter/mikrotik/tasks/main.yml @@ -0,0 +1,41 @@ +--- +- name: install apt packages + apt: + name: prom-exporter-mikrotik + state: present + +- name: create config directory + file: + path: /etc/prometheus/exporter/mikrotik + state: directory + +- name: generate configuration + template: + src: config.yml.j2 + dest: /etc/prometheus/exporter/mikrotik/config.yml + owner: root + group: prometheus-exporter + mode: 0640 + notify: restart prometheus-mikrotik-exporter + +- name: generate systemd service unit + template: + src: service.j2 + dest: /etc/systemd/system/prometheus-mikrotik-exporter.service + notify: restart prometheus-mikrotik-exporter + +- name: make sure prometheus-mikrotik-exporter is enabled and started + systemd: + name: prometheus-mikrotik-exporter.service + daemon_reload: yes + state: started + enabled: yes + +- name: register exporter + copy: + content: | + method: http + http: + port: 9436 + dest: /etc/prometheus/exporter/enabled/mikrotik.yml + notify: reload prometheus-exporter-exporter diff --git a/roles/monitoring/prometheus/exporter/mikrotik/templates/config.yml.j2 b/roles/monitoring/prometheus/exporter/mikrotik/templates/config.yml.j2 new file mode 100644 index 00000000..a2dc1c71 --- /dev/null +++ b/roles/monitoring/prometheus/exporter/mikrotik/templates/config.yml.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} + +devices: + {{ prometheus_exporter_mikrotik_devices | to_nice_yaml(indent=2) | indent(2)}} + +features: + {{ prometheus_exporter_mikrotik_features | to_nice_yaml(indent=2) | indent(2)}} diff --git a/roles/monitoring/prometheus/exporter/mikrotik/templates/service.j2 b/roles/monitoring/prometheus/exporter/mikrotik/templates/service.j2 new file mode 100644 index 00000000..a1c90455 --- /dev/null +++ b/roles/monitoring/prometheus/exporter/mikrotik/templates/service.j2 @@ -0,0 +1,30 @@ +[Unit] +Description=Prometheus mikrotik exporter + +[Service] +Restart=always +User=prometheus-exporter +ExecStart=/usr/bin/prometheus-mikrotik-exporter -port "127.0.0.1:9436" -config-file /etc/prometheus/exporter/mikrotik/config.yml + +# systemd hardening-options +AmbientCapabilities= +CapabilityBoundingSet= +DeviceAllow=/dev/null rw +DevicePolicy=strict +LockPersonality=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateTmp=true +ProtectControlGroups=true +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=strict +RemoveIPC=true +RestrictNamespaces=true +RestrictRealtime=true +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target |