- name: install node-exporter
  apt:
    pkg: prometheus-node-exporter

- name: copy node-exporter config
  notify: restart node-exporter
  template:
    src: node-exporter.j2
    dest: /etc/default/prometheus-node-exporter
    owner: root
    group: root
    mode: 0644

- name: handle blackbox exporter
  when: prometheus_agent.agents.blackbox.enable
  block:
  - name: install blackbox exporter
    apt:
      pkg: prometheus-blackbox-exporter
  - name: wrtie blackbox exporter service config
    notify: restart blackbox exporter
    template:
      src: prometheus-blackbox.j2
      dest: /etc/default/prometheus-blackbox-exporter
      owner: root
      group: root
      mode: 0644
  - name: wrtie blackbox exporter config
    notify: restart blackbox exporter
    copy:
      owner: root
      group: root
      mode: 0644
      dest: /etc/prometheus/blackbox.yml
      content: "{{ prometheus_agent.agents.blackbox.config|to_nice_yaml(indent=2) }}"

- name: manage tls
  when: prometheus_agent.tls.manage
  block:
  - name: store certificates
    set_fact:
      inventory_certs: "{{ certificates.certs|d({}) }}"
      prometheus_certs: |
        {
          'prometheus_agent': {
            'san': ['{{ inventory_hostname }}', '{{ ansible_fqdn }}'],
            'backend': 'selfsigned'
          }
        }
  - name: create certificates
    include_role:
      name: certificates
    vars:
      certificates:
        certs: "{{ {}|combine(prometheus_certs, inventory_certs, recursive=True) }}"

- name: slurp up all scraper certs
  loop: "{{ prometheus_agent.scrapers.keys()|list }}"
  delegate_to: "{{ item }}"
  slurp:
    src: /etc/ssl/prometheus_scraper.crt
  register: scrapercertfiles

- name: slurp up agent cert
  slurp:
    src: /etc/ssl/prometheus_agent.crt
  register: agentcertfiles

- name: setup stunnel client
  when: prometheus_agent.tls.mode == "stunnel"
  block:
  - name: install stunnel
    apt:
      pkg: stunnel
  - name: copy scraper ssl certs
    loop: "{{ scrapercertfiles.results }}"
    copy:
      content: "{{ item.content | b64decode }}"
      dest: "/etc/ssl/scraper_{{ item.item }}.crt"
      mode: 0644
  - name: copy stunnel config
    template:
      src: stunnel-client.conf.j2
      dest: /etc/stunnel/prometheus-agent.conf
      mode: 0644
    notify: restart stunnel
  - name: ensure stunnel is running
    failed_when: False
    service:
      name: stunnel4
      state: started
      enabled: yes
  - name: copy agent certs to scrapers
    loop: "{{ prometheus_agent.scrapers.keys()|list }}"
    delegate_to: "{{ item }}"
    copy:
      content: "{{ agentcertfiles.content | b64decode }}"
      dest: "/etc/prometheus/targetcerts/{{ inventory_hostname }}.crt"
      mode: 0644

- name: store ansible groups as labels
  set_fact:
    labels_ansible_groups: '{ {% for g in group_names %}"ansible_group_{{ g }}": 1{% if not loop.last %}, {% endif %}{% endfor %} }'
- name: store combined labels
  set_fact:
    merged_prometheus_labels: "{{ {}|combine((labels_ansible_groups if prometheus_agent.ansible_groups_as_labels else {}), prometheus_agent.labels) }}"
- name: setup scraper
  loop: "{{ prometheus_agent.scrapers.keys()|list }}"
  delegate_to: "{{ item }}"
  template:
    src: node-scraper.j2
    dest: /etc/prometheus/conf.d/scrape_configs/agent_{{ inventory_hostname }}.conf
    mode: 0644
- name: setup alerts
  loop: "{{ prometheus_agent.scrapers.keys()|list }}"
  delegate_to: "{{ item }}"
  template:
    src: node-alerts.j2
    dest: /etc/prometheus/conf.d/rule_files/agent_{{ inventory_hostname }}.conf
    mode: 0644

- name: create node-exporter-textfile group
  ansible.builtin.group:
    name: node-exporter-textfile
    state: present
- name: make node-exporter textfile dir accessible to node-exporter-textfile group
  ansible.builtin.file:
    path: /var/lib/prometheus/node-exporter
    state: directory
    owner: root
    group: node-exporter-textfile
    mode: '0775'