From 8a7159c0c4d33227b63f66fae421bd972d91ce26 Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Sat, 10 Feb 2024 21:55:24 +0000 Subject: [PATCH] snmp_exporter: Initial version of role --- roles/snmp_exporter/defaults/main.yml | 2 + .../snmp_exporter/files/snmp_exporter.service | 14 +++ roles/snmp_exporter/handlers/main.yml | 6 ++ roles/snmp_exporter/tasks/main.yml | 100 ++++++++++++++++++ .../snmp_exporter/templates/web-config.yml.j2 | 12 +++ 5 files changed, 134 insertions(+) create mode 100644 roles/snmp_exporter/defaults/main.yml create mode 100644 roles/snmp_exporter/files/snmp_exporter.service create mode 100644 roles/snmp_exporter/handlers/main.yml create mode 100644 roles/snmp_exporter/tasks/main.yml create mode 100644 roles/snmp_exporter/templates/web-config.yml.j2 diff --git a/roles/snmp_exporter/defaults/main.yml b/roles/snmp_exporter/defaults/main.yml new file mode 100644 index 0000000..de468b0 --- /dev/null +++ b/roles/snmp_exporter/defaults/main.yml @@ -0,0 +1,2 @@ +--- +snmp_exporter_pkg: "snmp_exporter-{{ snmp_exporter_version }}.linux-amd64" diff --git a/roles/snmp_exporter/files/snmp_exporter.service b/roles/snmp_exporter/files/snmp_exporter.service new file mode 100644 index 0000000..f96318e --- /dev/null +++ b/roles/snmp_exporter/files/snmp_exporter.service @@ -0,0 +1,14 @@ +[Unit] +Description=Prometheus SNMP Exporter +After=syslog.target +After=network.target + +[Service] +Type=simple +User=snmp +Group=snmp +ExecStart=/usr/local/bin/snmp_exporter --config.file=/etc/snmp_exporter/snmp.yml --web.config.file=/etc/snmp_exporter/web-config.yml +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/roles/snmp_exporter/handlers/main.yml b/roles/snmp_exporter/handlers/main.yml new file mode 100644 index 0000000..13fdec5 --- /dev/null +++ b/roles/snmp_exporter/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Restart snmp_exporter + ansible.builtin.systemd: + name: snmp_exporter + daemon_reload: true + state: restarted diff --git a/roles/snmp_exporter/tasks/main.yml b/roles/snmp_exporter/tasks/main.yml new file mode 100644 index 0000000..e3a6e9f --- /dev/null +++ b/roles/snmp_exporter/tasks/main.yml @@ -0,0 +1,100 @@ +--- +- name: Create group + ansible.builtin.group: + name: snmp + +- name: Create user + ansible.builtin.user: + name: snmp + comment: Prometheus SNMP Exporter + group: snmp + create_home: false + home: /var/empty + shell: /sbin/nologin + +- name: Download package + ansible.builtin.get_url: + url: "https://github.com/prometheus/snmp_exporter/releases/download/v{{ snmp_exporter_version }}/{{ snmp_exporter_pkg }}.tar.gz" + dest: "/usr/local/src/{{ snmp_exporter_pkg }}.tar.gz" + mode: "0644" + owner: root + group: "{{ ansible_wheel }}" + +- name: Extract package + ansible.builtin.unarchive: + src: "/usr/local/src/{{ snmp_exporter_pkg }}.tar.gz" + dest: /usr/local/src + owner: root + group: "{{ ansible_wheel }}" + creates: "/usr/local/src/{{ snmp_exporter_pkg }}" + remote_src: true + +- name: Copy binary + ansible.builtin.copy: + dest: /usr/local/bin/snmp_exporter + src: "/usr/local/src/{{ snmp_exporter_pkg }}/snmp_exporter" + mode: "0755" + owner: root + group: "{{ ansible_wheel }}" + remote_src: true + notify: Restart snmp_exporter + +- name: Create config directory + ansible.builtin.file: + path: /etc/snmp_exporter + state: directory + mode: "0755" + owner: root + group: "{{ ansible_wheel }}" + +- name: Copy TLS private key + ansible.builtin.copy: + src: "/srv/ca/private/nms.home.foo.sh.key" + dest: "{{ tls_private }}/nms.home.foo.sh.key" + mode: "0640" + owner: root + group: snmp + notify: Restart snmp_exporter + +- name: Copy TLS certificate + ansible.builtin.copy: + src: "/srv/ca/certs/hosts/nms.home.foo.sh.crt" + dest: "{{ tls_certs }}/nms.home.foo.sh.crt" + mode: "0644" + owner: root + group: "{{ ansible_wheel }}" + notify: Restart snmp_exporter + +- name: Create web-config + ansible.builtin.template: + dest: /etc/snmp_exporter/web-config.yml + src: web-config.yml.j2 + mode: "0644" + owner: root + group: "{{ ansible_wheel }}" + notify: Restart snmp_exporter + +- name: Copy config + ansible.builtin.copy: + src: "/usr/local/src/{{ snmp_exporter_pkg }}/snmp.yml" + dest: /etc/snmp_exporter/snmp.yml + mode: "0644" + owner: root + group: "{{ ansible_wheel }}" + remote_src: true + notify: Restart snmp_exporter + +- name: Create service file + ansible.builtin.copy: + dest: /etc/systemd/system/snmp_exporter.service + src: snmp_exporter.service + mode: "0644" + owner: root + group: "{{ ansible_wheel }}" + notify: Restart snmp_exporter + +- name: Enable service + ansible.builtin.service: + name: snmp_exporter + state: started + enabled: true diff --git a/roles/snmp_exporter/templates/web-config.yml.j2 b/roles/snmp_exporter/templates/web-config.yml.j2 new file mode 100644 index 0000000..b88b84e --- /dev/null +++ b/roles/snmp_exporter/templates/web-config.yml.j2 @@ -0,0 +1,12 @@ +--- +tls_server_config: + key_file: {{ tls_private }}/nms.home.foo.sh.key + cert_file: {{ tls_certs }}/nms.home.foo.sh.crt + client_ca_file: {{ tls_certs }}/ca.crt + client_auth_type: RequireAndVerifyClientCert + client_allowed_sans: + - prometheus01.home.foo.sh + - prometheus02.home.foo.sh + - prometheus03.home.foo.sh + - prometheus04.home.foo.sh + min_version: TLS13