From f772558e310a793de067b7ff1da41770eb6ddab2 Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Sat, 6 Jun 2020 23:41:06 +0200
Subject: [PATCH] added support for the blackbox exporter

---
 defaults/main.yml                | 24 ++++++++++++++++++++++
 handlers/main.yml                |  5 +++++
 tasks/main.yml                   | 32 ++++++++++++++++++++++++------
 templates/node-scraper.j2        | 34 ++++++++++++++++++++++++++++++++
 templates/prometheus-blackbox.j2 | 10 ++++++++++
 templates/stunnel-client.conf.j2 | 15 +++++++++++++-
 6 files changed, 113 insertions(+), 7 deletions(-)
 create mode 100644 templates/prometheus-blackbox.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index d469ff7..98b32d2 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -199,6 +199,30 @@ prometheus_agent:
         'web.listen-address': "[::1]:9100"
     proxy:
       mappings: {}
+    blackbox:
+      enable: False
+      args:
+        "web.listen-address": "[::1]:9115"
+        "config.file": "/etc/prometheus/blackbox.yml"
+      config:
+        modules:
+          http_2xx:
+            prober: http
+            http:
+          http_post_2xx:
+            prober: http
+            http:
+              method: POST
+          tcp_connect:
+            prober: tcp
+          ssh_banner:
+            prober: tcp
+            tcp:
+              query_response:
+              - expect: "^SSH-2.0-"
+          icmp:
+            prober: icmp
+      jobs: {}
   scrape_timeout: ~
   scrape_interval: ~
   scrapers: {}
diff --git a/handlers/main.yml b/handlers/main.yml
index b9c213a..e56fb82 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -7,3 +7,8 @@
   service:
     name: stunnel4
     state: restarted
+
+- name: restart blackbox exporter
+  service:
+    name: prometheus-blackbox-exporter
+    state: restarted
diff --git a/tasks/main.yml b/tasks/main.yml
index 2bd81e8..f00d807 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -2,6 +2,32 @@
   apt:
     pkg: prometheus-node-exporter
 
+- name: copy node-exporter config
+  notify: restart node-exporter
+  template:
+    src: node-exporter.j2
+    dest: /etc/default/prometheus-node-exporter
+
+- name: handle blackbox exporter
+  when: prometheus_agent.agents.blackbox.enable
+  block:
+  - name: install blackbox exporter
+    apt:
+      pkg: prometheus-blackbox-exporter
+  - name: wrtie blackbox exporter service config
+    notify: restart blackbox exporter
+    template:
+      src: prometheus-blackbox.j2
+      dest: /etc/default/prometheus-blackbox-exporter
+  - name: wrtie blackbox exporter config
+    notify: restart blackbox exporter
+    copy:
+      owner: root
+      group: root
+      mode: 0644
+      dest: /etc/prometheus/blackbox.yml
+      content: "{{ prometheus_agent.agents.blackbox.config|to_nice_yaml(indent=2) }}"
+
 - name: manage tls
   when: prometheus_agent.tls.manage
   block:
@@ -20,12 +46,6 @@
       certificates:
         certs: "{{ {}|combine(prometheus_certs, inventory_certs, recursive=True) }}"
 
-- name: copy node-exporter config
-  template:
-    src: node-exporter.j2
-    dest: /etc/default/prometheus-node-exporter
-  notify: restart node-exporter
-
 - name: slurp up all scraper certs
   loop: "{{ prometheus_agent.scrapers.keys()|list }}"
   delegate_to: "{{ item }}"
diff --git a/templates/node-scraper.j2 b/templates/node-scraper.j2
index c208586..e74c355 100644
--- a/templates/node-scraper.j2
+++ b/templates/node-scraper.j2
@@ -18,6 +18,40 @@
   - replacement: 'node'
     target_label: job
 
+{% if prometheus_agent.scrapers[item].blackbox and prometheus_agent.agents.blackbox.enable %}
+{% for j in prometheus_agent.agents.blackbox.jobs %}
+{% set job=prometheus_agent.agents.blackbox.jobs[j] %}
+- job_name: "prometheus-agent - blackbox - {{ j }} : {{ inventory_hostname }}"
+  scheme: https
+{% for i in ['scrape_timeout', 'scrape_interval'] if (prometheus_agent|combine(job))[i] %}
+  {{ i }}: {{ (prometheus_agent|combine(job))[i] }}
+{% endfor %}
+  params:
+    module: [{{ job.module }}]
+  static_configs:
+  - targets:
+{% for t in job.targets %}
+    - {{ t }}
+{% endfor %}
+    labels: {{ merged_prometheus_labels|combine(job.labels)|to_json }}
+  tls_config:
+    ca_file: /etc/prometheus/targetcerts/{{ inventory_hostname }}.crt
+    cert_file: /etc/ssl/prometheus_scraper.crt
+    key_file: /etc/ssl/private/prometheus_scraper.key
+  relabel_configs:
+  - source_labels: [__address__]
+    target_label: __param_target
+  - source_labels: [__param_target]
+    target_label: instance
+  - replacement: 'blackbox'
+    target_label: job
+  - replacement: '{{ job.module }}'
+    target_label: module
+  - target_label: __address__
+    replacement: {{ inventory_hostname }}:{{ prometheus_agent.scrapers[item].blackbox }}
+{% endfor %}
+{% endif %}
+
 {% for j in prometheus_agent.scrapers[item].proxy|d({}) %}
 - job_name: "prometheus-agent - proxy - {{ j }} : {{ inventory_hostname }}"
   scheme: https
diff --git a/templates/prometheus-blackbox.j2 b/templates/prometheus-blackbox.j2
new file mode 100644
index 0000000..3bd5dfb
--- /dev/null
+++ b/templates/prometheus-blackbox.j2
@@ -0,0 +1,10 @@
+ARGS="{% for i in prometheus_agent.agents.blackbox.args %} --{{ i }}{% if prometheus_agent.agents.blackbox.args[i] and prometheus_agent.agents.blackbox.args[i] != {} %}='{{ prometheus_agent.agents.blackbox.args[i] }}'{% endif %} {% endfor %}"
+
+# Usage of prometheus-blackbox-exporter:
+#   --config.file="blackbox.yml"
+#                         Blackbox exporter configuration file.
+#   --web.listen-address=":9115"
+#                         The address to listen on for HTTP requests.
+#   --timeout-offset=0.5  Offset to subtract from timeout in seconds.
+#   --log.level=info      Only log messages with the given severity or above.
+#                         One of: [debug, info, warn, error]
diff --git a/templates/stunnel-client.conf.j2 b/templates/stunnel-client.conf.j2
index fdc6ebf..faebdd5 100644
--- a/templates/stunnel-client.conf.j2
+++ b/templates/stunnel-client.conf.j2
@@ -1,6 +1,6 @@
 sslVersionMin = TLSv1.2
 
-{% for i in prometheus_agent.scrapers if "nodeexporter" in prometheus_agent.scrapers[i]%}
+{% for i in prometheus_agent.scrapers if "nodeexporter" in prometheus_agent.scrapers[i] %}
 ; nodeexporter
 [scraper {{ i }} nodeexporter]
 client      = no
@@ -13,6 +13,19 @@ verifyPeer  = yes
 CAfile      = /etc/ssl/scraper_{{ i }}.crt
 {% endfor %}
 
+{% for i in prometheus_agent.scrapers if "blackbox" in prometheus_agent.scrapers[i] and prometheus_agent.agents.blackbox.enable%}
+; blackbox
+[scraper {{ i }} blackbox]
+client      = no
+requireCert = yes
+accept      = {{ prometheus_agent.scrapers[i].blackbox }}
+connect     = {{ prometheus_agent.agents.blackbox.args['web.listen-address']|replace('[', '')|replace(']', '') }}
+cert        = /etc/ssl/prometheus_agent.crt
+key         = /etc/ssl/private/prometheus_agent.key
+verifyPeer  = yes
+CAfile      = /etc/ssl/scraper_{{ i }}.crt
+{% endfor %}
+
 ; proxy
 {% for i in prometheus_agent.scrapers if "proxy" in prometheus_agent.scrapers[i] %}
 {% for j in prometheus_agent.scrapers[i].proxy|d({}) %}