diff options
| author | Mitchell Riedstra <mitch@riedstra.dev> | 2021-10-17 20:41:13 -0400 |
|---|---|---|
| committer | Mitchell Riedstra <mitch@riedstra.dev> | 2021-10-17 20:41:13 -0400 |
| commit | 4db1380d6e401fdcafdea847d5a74a86be51f8c4 (patch) | |
| tree | cea2b2b60ecb2adbb4ace7be24ac7d52660707b5 | |
| download | node_exporter-master.tar.gz node_exporter-master.tar.xz | |
| -rw-r--r-- | defaults/main.yml | 34 | ||||
| -rw-r--r-- | handlers/main.yml | 5 | ||||
| -rw-r--r-- | readme.md | 14 | ||||
| -rw-r--r-- | tasks/main.yml | 57 | ||||
| -rw-r--r-- | tasks/runit.yml | 25 | ||||
| -rw-r--r-- | tasks/tls.yml | 17 | ||||
| -rw-r--r-- | templates/node_exporter.runit | 13 |
7 files changed, 165 insertions, 0 deletions
diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..745b9bb --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,34 @@ +--- +node_exporter_ui_listen: ':9100' +node_exporter_home_dir: /var/lib/node_exporter +node_exporter_log: '{{node_exporter_home_dir}}/log' +node_exporter_version: "1.2.2" +# Should resolve to "linux" +node_exporter_os: "{{ansible_facts['system']|lower}}" +node_exporter_checksum: 344bd4c0bbd66ff78f14486ec48b89c248139cdd485e992583ea30e89e0e5390 +# OpenBSD +# node_exporter_checksum: ec4901136e48207de37369c040cdaeeca6ebf9ae34e6cfbc28aad1a159440bae +node_exporter_architecture: amd64 +node_exporter_url: "https://github.com/prometheus/node_exporter/releases/download/v{{node_exporter_version}}/node_exporter-{{node_exporter_version}}.{{node_exporter_os}}-{{node_exporter_architecture}}.tar.gz" + + +# Newlines are automatically replaced with spaces +node_exporter_opts: | + --web.listen-address=":9100" + +# Filtered through 'to_nice_yaml' +# node_exporter_web_config: +# tls_server_config: +# cert_file: '{{node_exporter_home_dir}}/conf/crt' +# key_file: '{{node_exporter_home_dir}}/conf/key' +# client_ca_file: '{{node_exporter_home_dir}}/conf/ca.crt' +# client_auth_type: RequireAndVerifyClientCert + + +# Optional, if enabled the commented out vars will be written to disk +# If enabled it will automatically add the flag to read the web_config +# defined above +node_exporter_tls: false +# node_exporter_tls_ca: +# node_exporter_tls_key: +# node_exporter_tls_crt: diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..91aefee --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Restart node_exporter + runit: + name: node_exporter + state: restarted diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..a6015c8 --- /dev/null +++ b/readme.md @@ -0,0 +1,14 @@ +# Node exporter + +Set up the node exporter on _almost_ any system that has runit configured +to use `/var/service` + +You will need to tweak the checksum for each platform but it tested to +work on OpenBSD, and Linux without issue. + +TLS configuration is fully supported with this role, check out +`defaults/main.yml` + +If you're exposing this to the public internet I highly recommend utilizing +TLS and enabling client certificate verification. ( Examples in defaults, +commented out ) diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..866f00e --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,57 @@ +--- +- set_fact: "node_exporter_extract_dir=node_exporter-{{node_exporter_version}}.{{node_exporter_os}}-{{node_exporter_architecture}}" +- name: Create configuration directory + file: + state: directory + dest: "{{node_exporter_home_dir}}/conf" + mode: '0700' +- name: Download Node Exporter + get_url: + url: "{{node_exporter_url}}" + dest: "{{node_exporter_home_dir}}/node_exporter-{{node_exporter_version}}.tgz" + mode: '0600' + checksum: 'sha256:{{node_exporter_checksum}}' +# There's a bug in become_user that doesn't set permissions on the temp directory +# which is asinine when my user has sudo persmissions. +- name: Extract Node exporter + shell: | + #!/bin/sh + set -e + if ! [ -e "{{node_exporter_home_dir}}/{{node_exporter_extract_dir}}" ] ; then + cd "{{node_exporter_home_dir}}" + tar xzf node_exporter-{{node_exporter_version}}.tgz + exit 50 + fi + register: res + changed_when: res is defined and res.rc == 50 + ignore_errors: true + notify: Restart node_exporter +- name: Link node_exporter directory + file: + state: link + src: '{{node_exporter_extract_dir}}' + dest: '{{node_exporter_home_dir}}/node_exporter' + force: yes +- name: Link configuration files + file: + state: link + src: '../conf/{{item}}' + dest: '{{node_exporter_home_dir}}/node_exporter/{{item}}' + force: yes + loop: + - web_config.yml + notify: Restart node_exporter +- name: Include tls tasks + include_tasks: tls.yml + when: node_exporter_tls +- name: Write node_exporter configuration file + copy: + content: '{{node_exporter_web_config | to_nice_yaml}}' + dest: '{{node_exporter_home_dir}}/conf/web_config.yml' + mode: '0600' + notify: Restart node_exporter + tags: + - configuration + when: node_exporter_web_config is defined +- name: Include Runit tasks + include_tasks: runit.yml diff --git a/tasks/runit.yml b/tasks/runit.yml new file mode 100644 index 0000000..ce5b8f4 --- /dev/null +++ b/tasks/runit.yml @@ -0,0 +1,25 @@ +--- +- name: Install Runit service directory + file: + state: directory + path: /etc/sv/node_exporter + mode: '0755' +- name: Install Runit service command + template: + src: node_exporter.runit + dest: /etc/sv/node_exporter/run + mode: '755' +- name: Install supervise symlink + file: + state: link + force: yes + src: /tmp/supervise.node_exporter + dest: /etc/sv/node_exporter/supervise + follow: false +- name: Enable Node Exporter service + file: + state: link + force: yes + src: /etc/sv/node_exporter + dest: /var/service/node_exporter + follow: false diff --git a/tasks/tls.yml b/tasks/tls.yml new file mode 100644 index 0000000..42bb0fe --- /dev/null +++ b/tasks/tls.yml @@ -0,0 +1,17 @@ +--- +- name: Copy CA certificate + copy: + content: '{{node_exporter_tls_ca}}' + dest: '{{node_exporter_home_dir}}/conf/ca.crt' + notify: Restart node_exporter +- name: Copy TLS Key + copy: + content: '{{node_exporter_tls_key}}' + dest: '{{node_exporter_home_dir}}/conf/key' + mode: '0600' + notify: Restart node_exporter +- name: Copy TLS cert + copy: + content: '{{node_exporter_tls_crt}}' + dest: '{{node_exporter_home_dir}}/conf/crt' + notify: Restart node_exporter diff --git a/templates/node_exporter.runit b/templates/node_exporter.runit new file mode 100644 index 0000000..b7a75f0 --- /dev/null +++ b/templates/node_exporter.runit @@ -0,0 +1,13 @@ +#!/bin/sh +set -e +cd "{{node_exporter_home_dir}}/conf" +exec 3>>{{node_exporter_log}} 2>&3 1>&3 + +{% if not node_exporter_tls %} +exec {{node_exporter_home_dir}}/node_exporter/node_exporter \ + {{node_exporter_opts | replace('\n', ' ')}} \ +{% else %} +exec {{node_exporter_home_dir}}/node_exporter/node_exporter \ + {{node_exporter_opts | replace('\n', ' ')}} \ + --web.config="web_config.yml" \ +{% endif %} |