~xenrox/ansible

a57b1bafa46360f85fa6e5a91532e7b40ecfdd25 — Thorben Günther a month ago f089862
prometheus_clients: Split into desktop and server playbooks

Install curl wrapper script for authenticating against pushgateway.
A roles/prometheus_clients/tasks/desktop.yml => roles/prometheus_clients/tasks/desktop.yml +1 -0
@@ 0,0 1,1 @@
---

M roles/prometheus_clients/tasks/main.yml => roles/prometheus_clients/tasks/main.yml +13 -44
@@ 1,51 1,20 @@
---
- name: install
  community.general.pacman:
    name: prometheus-node-exporter
    state: present
- name: Get secrets
  ansible.builtin.set_fact:
    prometheus_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/prometheus') }}"

- name: create textfile dir
  ansible.builtin.file:
    path: /var/lib/prometheus_textfiles
    state: directory
    owner: node_exporter
    group: node_exporter
    mode: 0755

- name: configure node exporter
  ansible.builtin.copy:
    src: prometheus-node-exporter
    dest: /etc/conf.d/prometheus-node-exporter
    owner: root
    group: root
    mode: 0644
  notify: restart node exporter

- name: install textfile script
  ansible.builtin.copy:
    src: prometheus_arch.sh
    dest: /usr/local/bin/prometheus_arch.sh
- name: Install curl wrapper for pushgateway auth
  ansible.builtin.template:
    src: curl-pushgateway.j2
    dest: /usr/local/bin/curl-pushgateway
    owner: root
    group: root
    mode: 0755

- name: start and enable node exporter
  ansible.builtin.systemd:
    name: prometheus-node-exporter
    enabled: true
    state: started

- name: add arch textfile cronjob
  ansible.builtin.cron:
    name: prometheus-arch
    state: present
    job: "chronic /usr/local/bin/prometheus_arch.sh"
    special_time: hourly
- name: Include server playbook
  include_tasks: server.yml
  when: "'desktop' not in group_names"

- name: allow in firewalld
  ansible.posix.firewalld:
    rich_rule: "rule family=ipv4 source address={{ lookup('community.general.dig', 'xenrox.net.') }} port port=9100 protocol=tcp accept"
    state: enabled
    permanent: true
    immediate: true
  when: "inventory_hostname != 'xenrox.net'"
- name: Include desktop playbook
  include_tasks: desktop.yml
  when: "'desktop' in group_names"

A roles/prometheus_clients/tasks/server.yml => roles/prometheus_clients/tasks/server.yml +51 -0
@@ 0,0 1,51 @@
---
- name: install
  community.general.pacman:
    name: prometheus-node-exporter
    state: present

- name: create textfile dir
  ansible.builtin.file:
    path: /var/lib/prometheus_textfiles
    state: directory
    owner: node_exporter
    group: node_exporter
    mode: 0755

- name: configure node exporter
  ansible.builtin.copy:
    src: prometheus-node-exporter
    dest: /etc/conf.d/prometheus-node-exporter
    owner: root
    group: root
    mode: 0644
  notify: restart node exporter

- name: install textfile script
  ansible.builtin.copy:
    src: prometheus_arch.sh
    dest: /usr/local/bin/prometheus_arch.sh
    owner: root
    group: root
    mode: 0755

- name: start and enable node exporter
  ansible.builtin.systemd:
    name: prometheus-node-exporter
    enabled: true
    state: started

- name: add arch textfile cronjob
  ansible.builtin.cron:
    name: prometheus-arch
    state: present
    job: "chronic /usr/local/bin/prometheus_arch.sh"
    special_time: hourly

- name: allow in firewalld
  ansible.posix.firewalld:
    rich_rule: "rule family=ipv4 source address={{ lookup('community.general.dig', 'xenrox.net.') }} port port=9100 protocol=tcp accept"
    state: enabled
    permanent: true
    immediate: true
  when: "inventory_hostname != 'xenrox.net'"

A roles/prometheus_clients/templates/curl-pushgateway.j2 => roles/prometheus_clients/templates/curl-pushgateway.j2 +4 -0
@@ 0,0 1,4 @@
#!/bin/bash

hostname="$(uname -n)"
curl --user "{{ prometheus_secrets['pushgateway_user'] }}:{{ prometheus_secrets['pushgateway_pass'] }}" --data-binary @- https://push.xenrox.net/metrics/job/$1/instance/$hostname