Browse Source

install blackbox exporter

monitoring
histausse 1 year ago
parent
commit
efdf4a21f9
Signed by: histausse
GPG Key ID: 67486F107F62E9E9
  1. 1
      books/monitoring.yml
  2. 5
      roles/prometheus-blackbox-exporter/handlers/main.yml
  3. 2
      roles/prometheus-blackbox-exporter/meta/main.yml
  4. 96
      roles/prometheus-blackbox-exporter/tasks/main.yml
  5. 13
      roles/prometheus-blackbox-exporter/templates/atrocious_nginx_stub
  6. 14
      roles/prometheus-blackbox-exporter/templates/blackbox.yml
  7. 21
      roles/prometheus-blackbox-exporter/templates/prometheus-blackbox-exporter
  8. 6
      roles/prometheus-blackbox-exporter/templates/targets.json
  9. 7
      roles/prometheus-blackbox-exporter/templates/web-config.yaml

1
books/monitoring.yml

@ -5,6 +5,7 @@
- prometheus
- prometheus-alert-manager
- grafana
- prometheus-blackbox-exporter
- hosts: all, !tests,
roles:

5
roles/prometheus-blackbox-exporter/handlers/main.yml

@ -0,0 +1,5 @@
---
- name: Restart blackbox-exporter
systemd:
name: prometheus-blackbox-exporter.service
state: restarted

2
roles/prometheus-blackbox-exporter/meta/main.yml

@ -0,0 +1,2 @@
dependencies:
- role: install_nginx

96
roles/prometheus-blackbox-exporter/tasks/main.yml

@ -0,0 +1,96 @@
---
- name: Install Prometheus Components
apt:
name:
- prometheus-blackbox-exporter
state: latest
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Generate certificate
include_role:
name: generate-cert
vars:
directory: /etc/prometheus/
cname: "blackbox-{{ lan_address }}"
owner: prometheus
group: prometheus
key_mode: u=rw,g=,o=
subject_alt_name: "IP:{{ lan_address }}"
# Need an equivalent to notify here
- name: Copy the CA cert
copy:
content: "{{ ca_cert }}"
dest: /etc/prometheus/ca.crt
notify:
- Restart blackbox-exporter
- Reload nginx
- name: Setup the blackbox config
template:
src: blackbox.yml
dest: /etc/prometheus/blackbox.yml
owner: prometheus
group: prometheus
mode: '0640'
notify: Restart blackbox-exporter
no_log: true
- name: Add targets files
template:
src: targets.json
dest: "/etc/prometheus/blackbox-{{ item }}-targets.json"
owner: prometheus
group: prometheus
mode: '0640'
force: no
notify: Restart blackbox-exporter
loop:
- https-internal
- https-external-up
- http-external-down
#- name: Copy the web-config folder
# template:
# src: web-config.yaml
# dest: /etc/prometheus/web-config-blackbox.yaml
# group: prometheus
# owner: prometheus
# mode: u=rw,g=r,o=r
# notify: Restart blackbox-exporter
- name: Setup the arguments for prometheus
template:
src: prometheus-blackbox-exporter
dest: /etc/default/prometheus-blackbox-exporter
owner: root
group: root
mode: '0644'
notify: Restart blackbox-exporter
vars:
args:
- name: web.listen-address
value: "127.0.0.1:9115"
# value: "{{ lan_address }}:9115"
- name: config.file
value: /etc/prometheus/blackbox.yml
# - name: web.config.file
# value: /etc/prometheus/web-config.yaml
## Here we go, using nginx to add mSSL to prometheus... because who need to authentication on the server with ALL the jucy data?
# Think prometheus, think!
- name: Copy the nginx config
template:
src: atrocious_nginx_stub
dest: "/etc/nginx/sites-available/internal-blackbox"
notify: Reload nginx
- name: Activate the config
file:
src: "/etc/nginx/sites-available/internal-blackbox"
dest: "/etc/nginx/sites-enabled/internal-blackbox"
state: link
force: yes

13
roles/prometheus-blackbox-exporter/templates/atrocious_nginx_stub

@ -0,0 +1,13 @@
{{ ansible_managed | comment }}
server {
listen {{ lan_address }}:9115 ssl;
ssl_certificate /etc/prometheus/blackbox-{{ lan_address }}.crt;
ssl_certificate_key /etc/prometheus/blackbox-{{ lan_address }}.key;
ssl_client_certificate /etc/prometheus/ca.crt;
ssl_verify_client on;
location / {
proxy_pass http://127.0.0.1:9115;
}
}

14
roles/prometheus-blackbox-exporter/templates/blackbox.yml

@ -0,0 +1,14 @@
{{ ansible_managed | comment }}
modules:
http_2xx:
prober: http
http:
http_post_2xx:
prober: http
http:
method: POST
tcp_connect:
prober: tcp
icmp:
prober: icmp

21
roles/prometheus-blackbox-exporter/templates/prometheus-blackbox-exporter

@ -0,0 +1,21 @@
{{ ansible_managed | comment }}
# Set the command-line arguments to pass to the server.
{% if not args %}
ARGS=""
{% else %}
ARGS="\
{% for arg in args %}
--{{ arg.name }}={{ arg.value }} \
{% endfor %}
"
{% endif %}
# Usage of prometheus-blackbox-exporter:
# --config.file="blackbox.yml"
# Blackbox exporter configuration file.
# --web.listen-address=":9115"
# The address to listen on for HTTP requests.
# --timeout-offset=0.5 Offset to subtract from timeout in seconds.
# --log.level=info Only log messages with the given severity or above.
# One of: [debug, info, warn, error]

6
roles/prometheus-blackbox-exporter/templates/targets.json

@ -0,0 +1,6 @@
[
{
"targets": [
]
}
]

7
roles/prometheus-blackbox-exporter/templates/web-config.yaml

@ -0,0 +1,7 @@
{{ ansible_managed | comment }}
tls_server_config:
cert_file: "/etc/prometheus/blackbox-{{ lan_address }}.crt"
key_file: "/etc/prometheus/blackbox-{{ lan_address }}.key"
client_auth_type: "RequireAndVerifyClientCert"
client_ca_file: "/etc/prometheus/ca.crt"
Loading…
Cancel
Save