From a57b1bafa46360f85fa6e5a91532e7b40ecfdd25 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorben=20G=C3=BCnther?= <admin@xenrox.net>
Date: Mon, 20 Sep 2021 23:20:34 +0200
Subject: [PATCH] prometheus_clients: Split into desktop and server playbooks

Install curl wrapper script for authenticating against pushgateway.
---
 roles/prometheus_clients/tasks/desktop.yml    |  1 +
 roles/prometheus_clients/tasks/main.yml       | 57 +++++--------------
 roles/prometheus_clients/tasks/server.yml     | 51 +++++++++++++++++
 .../templates/curl-pushgateway.j2             |  4 ++
 4 files changed, 69 insertions(+), 44 deletions(-)
 create mode 100644 roles/prometheus_clients/tasks/desktop.yml
 create mode 100644 roles/prometheus_clients/tasks/server.yml
 create mode 100755 roles/prometheus_clients/templates/curl-pushgateway.j2

diff --git a/roles/prometheus_clients/tasks/desktop.yml b/roles/prometheus_clients/tasks/desktop.yml
new file mode 100644
index 0000000..ed97d53
--- /dev/null
+++ b/roles/prometheus_clients/tasks/desktop.yml
@@ -0,0 +1 @@
+---
diff --git a/roles/prometheus_clients/tasks/main.yml b/roles/prometheus_clients/tasks/main.yml
index 0114e71..e2c5bab 100644
--- a/roles/prometheus_clients/tasks/main.yml
+++ b/roles/prometheus_clients/tasks/main.yml
@@ -1,51 +1,20 @@
 ---
-- name: install
-  community.general.pacman:
-    name: prometheus-node-exporter
-    state: present
+- name: Get secrets
+  ansible.builtin.set_fact:
+    prometheus_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/prometheus') }}"
 
-- name: create textfile dir
-  ansible.builtin.file:
-    path: /var/lib/prometheus_textfiles
-    state: directory
-    owner: node_exporter
-    group: node_exporter
-    mode: 0755
-
-- name: configure node exporter
-  ansible.builtin.copy:
-    src: prometheus-node-exporter
-    dest: /etc/conf.d/prometheus-node-exporter
-    owner: root
-    group: root
-    mode: 0644
-  notify: restart node exporter
-
-- name: install textfile script
-  ansible.builtin.copy:
-    src: prometheus_arch.sh
-    dest: /usr/local/bin/prometheus_arch.sh
+- name: Install curl wrapper for pushgateway auth
+  ansible.builtin.template:
+    src: curl-pushgateway.j2
+    dest: /usr/local/bin/curl-pushgateway
     owner: root
     group: root
     mode: 0755
 
-- name: start and enable node exporter
-  ansible.builtin.systemd:
-    name: prometheus-node-exporter
-    enabled: true
-    state: started
-
-- name: add arch textfile cronjob
-  ansible.builtin.cron:
-    name: prometheus-arch
-    state: present
-    job: "chronic /usr/local/bin/prometheus_arch.sh"
-    special_time: hourly
+- name: Include server playbook
+  include_tasks: server.yml
+  when: "'desktop' not in group_names"
 
-- name: allow in firewalld
-  ansible.posix.firewalld:
-    rich_rule: "rule family=ipv4 source address={{ lookup('community.general.dig', 'xenrox.net.') }} port port=9100 protocol=tcp accept"
-    state: enabled
-    permanent: true
-    immediate: true
-  when: "inventory_hostname != 'xenrox.net'"
+- name: Include desktop playbook
+  include_tasks: desktop.yml
+  when: "'desktop' in group_names"
diff --git a/roles/prometheus_clients/tasks/server.yml b/roles/prometheus_clients/tasks/server.yml
new file mode 100644
index 0000000..0114e71
--- /dev/null
+++ b/roles/prometheus_clients/tasks/server.yml
@@ -0,0 +1,51 @@
+---
+- name: install
+  community.general.pacman:
+    name: prometheus-node-exporter
+    state: present
+
+- name: create textfile dir
+  ansible.builtin.file:
+    path: /var/lib/prometheus_textfiles
+    state: directory
+    owner: node_exporter
+    group: node_exporter
+    mode: 0755
+
+- name: configure node exporter
+  ansible.builtin.copy:
+    src: prometheus-node-exporter
+    dest: /etc/conf.d/prometheus-node-exporter
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart node exporter
+
+- name: install textfile script
+  ansible.builtin.copy:
+    src: prometheus_arch.sh
+    dest: /usr/local/bin/prometheus_arch.sh
+    owner: root
+    group: root
+    mode: 0755
+
+- name: start and enable node exporter
+  ansible.builtin.systemd:
+    name: prometheus-node-exporter
+    enabled: true
+    state: started
+
+- name: add arch textfile cronjob
+  ansible.builtin.cron:
+    name: prometheus-arch
+    state: present
+    job: "chronic /usr/local/bin/prometheus_arch.sh"
+    special_time: hourly
+
+- name: allow in firewalld
+  ansible.posix.firewalld:
+    rich_rule: "rule family=ipv4 source address={{ lookup('community.general.dig', 'xenrox.net.') }} port port=9100 protocol=tcp accept"
+    state: enabled
+    permanent: true
+    immediate: true
+  when: "inventory_hostname != 'xenrox.net'"
diff --git a/roles/prometheus_clients/templates/curl-pushgateway.j2 b/roles/prometheus_clients/templates/curl-pushgateway.j2
new file mode 100755
index 0000000..9f02a80
--- /dev/null
+++ b/roles/prometheus_clients/templates/curl-pushgateway.j2
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+hostname="$(uname -n)"
+curl --user "{{ prometheus_secrets['pushgateway_user'] }}:{{ prometheus_secrets['pushgateway_pass'] }}" --data-binary @- https://push.xenrox.net/metrics/job/$1/instance/$hostname
-- 
2.44.0