infra/ansible-role-prometheus-agent
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-role-prometheus-agent/tasks/main.yml
nd 5b50d7e913
added cap net admin handling
2021-08-17 15:34:16 +01:00

136 lines
4 KiB
YAML
Raw Blame History

- name: install node-exporter
apt:
pkg: prometheus-node-exporter
- name: copy node-exporter config
notify: restart node-exporter
template:
src: node-exporter.j2
dest: /etc/default/prometheus-node-exporter
owner: root
group: root
mode: 0644
- name: handle blackbox exporter
when: prometheus_agent.agents.blackbox.enable
block:
- name: install blackbox exporter
apt:
pkg: prometheus-blackbox-exporter
- name: handle cap cap_net_raw, needed for icmp
community.general.capabilities:
path: /usr/bin/prometheus-blackbox-exporter
capability: cap_net_raw+ep
- name: wrtie blackbox exporter service config
notify: restart blackbox exporter
template:
src: prometheus-blackbox.j2
dest: /etc/default/prometheus-blackbox-exporter
owner: root
group: root
mode: 0644
- name: wrtie blackbox exporter config
notify: restart blackbox exporter
copy:
owner: root
group: root
mode: 0644
dest: /etc/prometheus/blackbox.yml
content: "{{ prometheus_agent.agents.blackbox.config|to_nice_yaml(indent=2) }}"
- name: manage tls
when: prometheus_agent.tls.manage
block:
- name: store certificates
set_fact:
inventory_certs: "{{ certificates.certs|d({}) }}"
prometheus_certs: |
{
'prometheus_agent': {
'san': ['{{ inventory_hostname }}', '{{ ansible_fqdn }}'],
'backend': 'selfsigned'
}
}
- name: create certificates
include_role:
name: certificates
vars:
certificates:
certs: "{{ {}|combine(prometheus_certs, inventory_certs, recursive=True) }}"
- name: slurp up all scraper certs
loop: "{{ prometheus_agent.scrapers.keys()|list }}"
delegate_to: "{{ item }}"
slurp:
src: /etc/ssl/prometheus_scraper.crt
register: scrapercertfiles
- name: slurp up agent cert
slurp:
src: /etc/ssl/prometheus_agent.crt
register: agentcertfiles
- name: setup stunnel client
when: prometheus_agent.tls.mode == "stunnel"
block:
- name: install stunnel
apt:
pkg: stunnel
- name: copy scraper ssl certs
loop: "{{ scrapercertfiles.results }}"
copy:
content: "{{ item.content | b64decode }}"
dest: "/etc/ssl/scraper_{{ item.item }}.crt"
mode: 0644
- name: copy stunnel config
template:
src: stunnel-client.conf.j2
dest: /etc/stunnel/prometheus-agent.conf
mode: 0644
notify: restart stunnel
- name: ensure stunnel is running
failed_when: False
service:
name: stunnel4
state: started
enabled: yes
- name: copy agent certs to scrapers
loop: "{{ prometheus_agent.scrapers.keys()|list }}"
delegate_to: "{{ item }}"
copy:
content: "{{ agentcertfiles.content | b64decode }}"
dest: "/etc/prometheus/targetcerts/{{ inventory_hostname }}.crt"
mode: 0644
- name: store ansible groups as labels
set_fact:
labels_ansible_groups: '{ {% for g in group_names %}"ansible_group_{{ g }}": 1{% if not loop.last %}, {% endif %}{% endfor %} }'
- name: store combined labels
set_fact:
merged_prometheus_labels: "{{ {}|combine((labels_ansible_groups if prometheus_agent.ansible_groups_as_labels else {}), prometheus_agent.labels) }}"
- name: setup scraper
loop: "{{ prometheus_agent.scrapers.keys()|list }}"
delegate_to: "{{ item }}"
template:
src: node-scraper.j2
dest: /etc/prometheus/conf.d/scrape_configs/agent_{{ inventory_hostname }}.conf
mode: 0644
- name: setup alerts
loop: "{{ prometheus_agent.scrapers.keys()|list }}"
delegate_to: "{{ item }}"
template:
src: node-alerts.j2
dest: /etc/prometheus/conf.d/rule_files/agent_{{ inventory_hostname }}.conf
mode: 0644
- name: create node-exporter-textfile group
ansible.builtin.group:
name: node-exporter-textfile
state: present
- name: make node-exporter textfile dir accessible to node-exporter-textfile group
ansible.builtin.file:
path: /var/lib/prometheus/node-exporter
state: directory
owner: root
group: node-exporter-textfile
mode: '0775'
Reference in a new issue View git blame Copy permalink