Skip to content

HailD/ansible-role-prometheus-exporter

 
 

Repository files navigation

Ansible Role: exporter exporter

License GitHub tag

Description

Deploy prometheus Exporter Exporter using ansible.

Exporter exporter is a Prometheus exporter providing a reverse proxy for others Prometheus exporters, allowing to open only one port, it also provide TLS communication and Bearer Authentication.

It's a lightweight and simple alternative to NGINX/Apache reverse proxy, especially when the monitored server is not a web server...

More informations on Exporter Exporter Readme page

Notes

Role forked and largely inspired by Cloudalchemy Node Exporter Ansible role

Role is supposed to work with Debian, Suse, RedHat, Fedora, (See Ansible Galaxy meta), but it was only tested on Ubuntu Bionic (18.04).

TODO:

(Probably never done, PR accepted)

  • More control in preflight file
  • Support of config.dirs
  • Managment of Bearer token file
  • Unit test
  • Publish on Ansible Galaxy

Requirements

  • Ansible >= 2.7 (It might work on previous versions, but we cannot guarantee it)
  • gnu-tar on Mac deployer host (brew install gnu-tar)

Role Variables

All variables which can be overridden are stored in defaults/main.yml file as well as in table below.

Name Default Value Description
prometheus_proxy_version 0.3.0 Used to install Exporter exporter package. Also accepts latest as parameter.
prometheus_proxy_group "exp-exp" System group used to run exporter_exporter
(used to launch exporter_exporter binary in systemd service unit file)
prometheus_proxy_user "exp-exp" System user used to run exporter_exporter
(used to launch exporter_exporter binary in systemd service unit file)
prometheus_proxy_system_additional_groups "" Additional system group of user used to run exporter_exporter (example: ssl-cert to allow reading certificate, used to launch exporter_exporter binary in systemd service unit file)
prometheus_proxy_web_listen_address "0.0.0.0:9999" Address on which node exporter will listen (HTTP), leave empty and provide prometheus_proxy_web_tls_listen_address for HTTPS connection only
(used to launch exporter_exporter binary in systemd service unit file)
prometheus_proxy_config_file "/etc/expexp.yaml" File containing exporter_exporter configuration, managed with this role throught prometheus_proxy_configuration variable
(used to launch exporter_exporter binary in systemd service unit file)
prometheus_proxy_web_bearer_token "" Token to provide to Bearer authentication
(mutually exclusive with prometheus_proxy_web_bearer_token_file variable, used to launch exporter_exporter binary in systemd service unit file)
prometheus_proxy_web_bearer_token_file "" File containing Bearer token for authentication
(mutually exclusive with prometheus_proxy_web_bearer_token variable, managment of the file not provided by this role, used to launch exporter_exporter binary in systemd service unit file)
prometheus_proxy_web_proxy_path "" URL to listen on for proxy HTTP requests.
(default "/proxy" in exporter_exporter if not provided, used to launch exporter_exporter binary in systemd service unit file)
prometheus_proxy_web_telemetry_path "" URL to listen on for metrics of exporter_exporter itself.
(default "/metrics" in exporter_exporter if not provided, used to launch exporter_exporter binary in systemd service unit file)
prometheus_proxy_web_tls_ca "" Full path of file containing CA certificate
(ie: Prometheur server cert if self-signed certificate are used, used to launch exporter_exporter binary in systemd service unit file)
prometheus_proxy_web_tls_cert "" Full path of file containing certificate used by exporter_exporter
(ie: Node certificate, used to launch exporter_exporter binary in systemd service unit file)
prometheus_proxy_web_tls_key "" Full path of file containing key used by exporter_exporter
(ie: Node key, used to launch exporter_exporter binary in systemd service unit file)
prometheus_proxy_web_tls_listen_address "" Address on which node exporter will listen for TLS connections (HTTPS), optionnal, 0.0.0.0:9998 is usualy used
(used to launch exporter_exporter binary in systemd service unit file)
prometheus_proxy_web_tls_verify "" Disable client verification
(?, used to launch exporter_exporter binary in systemd service unit file)
prometheus_proxy_configuration "" YAML configuration set in prometheus_proxy_config_file example provided in Exporter Exporter Readme

Exporter_exporter configuration can be breaked in multiple files in a directory provided to exporter_exporter throught config.dirs and config.skip-dirs, but this role does not support (yet) this.

This role can deploy node, server certificate and node key, following variables are use for this deployment :

Name Default Value Description
prometheus_proxy_ca_file "" Local path to the file containing CA certificate / server certificate (ie: files/prometheus_server.crt)
prometheus_proxy_cert_file "" Local path to the file containing node certificate (ie: files/prometheus_node.crt)
prometheus_proxy_key_file "" Local path to the file containing node key (ie: files/prometheus_server.key)
Best practice is to encrypt this file with ansible-vault
prometheus_proxy_certs_path "" Distant path (on monitored nodes) where this role will copy the 2 certificates, must be the same in prometheus_proxy_web_tls_ca and prometheus_proxy_web_tls_cert variables (ie: /etc/ssl/certs/)
prometheus_proxy_cert_owner "" Certificates file owner (ie: root)
prometheus_proxy_cert_group "" Certificates file group (ie: exp-exp)
prometheus_proxy_cert_mode "" Certificate file mode (ie: 0640)
prometheus_proxy_key_path "" Distant path (on monitored nodes) where this role will copy the node key, must be the same in prometheus_proxy_web_tls_key variable (ie: /etc/ssl/private/)
prometheus_proxy_key_owner "" Key file owner (ie: root)
prometheus_proxy_key_group "" Key file group (ie: exp-exp)
prometheus_proxy_key_mode "" Key file mode (ie: 0640)

Creation of those certificates and key is not part of this role.

Example

Playbook

Use it in a playbook as follows:

- hosts: all
  roles:
    - umanit.prometheus_exporter_exporter
  vars:
    prometheus_proxy_configuration:
      modules:
        node:
          method: http
          http:
             port: 9100

License

This project is licensed under MIT License. See LICENSE for more details.

About

Deploy Prometheus Exporter Exporter using ansible.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Jinja 100.0%