From 92ca4fcba40b90adfddb3822003c0226ebdb4069 Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Wed, 20 Mar 2024 20:32:14 +0000 Subject: [PATCH] nginx_exporter First version of role --- roles/nginx_exporter/defaults/main.yml | 2 + roles/nginx_exporter/handlers/main.yml | 6 ++ roles/nginx_exporter/tasks/main.yml | 83 +++++++++++++++++++ .../templates/nginx_exporter.service.j2 | 23 +++++ .../templates/web-config.yml.j2 | 11 +++ 5 files changed, 125 insertions(+) create mode 100644 roles/nginx_exporter/defaults/main.yml create mode 100644 roles/nginx_exporter/handlers/main.yml create mode 100644 roles/nginx_exporter/tasks/main.yml create mode 100644 roles/nginx_exporter/templates/nginx_exporter.service.j2 create mode 100644 roles/nginx_exporter/templates/web-config.yml.j2 diff --git a/roles/nginx_exporter/defaults/main.yml b/roles/nginx_exporter/defaults/main.yml new file mode 100644 index 0000000..863f6d4 --- /dev/null +++ b/roles/nginx_exporter/defaults/main.yml @@ -0,0 +1,2 @@ +--- +nginx_exporter_pkg: "nginx-prometheus-exporter_{{ nginx_exporter_version }}_linux_amd64" diff --git a/roles/nginx_exporter/handlers/main.yml b/roles/nginx_exporter/handlers/main.yml new file mode 100644 index 0000000..690f1c7 --- /dev/null +++ b/roles/nginx_exporter/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Restart nginx_exporter + ansible.builtin.systemd: + name: nginx_exporter + daemon_reload: true + state: restarted diff --git a/roles/nginx_exporter/tasks/main.yml b/roles/nginx_exporter/tasks/main.yml new file mode 100644 index 0000000..1c94615 --- /dev/null +++ b/roles/nginx_exporter/tasks/main.yml @@ -0,0 +1,83 @@ +--- +- name: Create group + ansible.builtin.group: + name: nginx_exporter + system: true + +- name: Create user + ansible.builtin.user: + name: nginx_exporter + comment: Prometheus NGINX Exporter + group: nginx_exporter + groups: hostkey + create_home: false + home: /var/empty + shell: /sbin/nologin + system: true + +- name: Download package + ansible.builtin.get_url: + url: https://github.com/nginxinc/nginx-prometheus-exporter/releases/download/v{{ nginx_exporter_version }}/{{ nginx_exporter_pkg }}.tar.gz + dest: "/usr/local/src/{{ nginx_exporter_pkg }}.tar.gz" + mode: "0644" + owner: root + group: "{{ ansible_wheel }}" + +- name: Create directory for extracing package + ansible.builtin.file: + path: "/usr/local/src/{{ nginx_exporter_pkg }}" + state: directory + mode: "0755" + owner: root + group: "{{ ansible_wheel }}" + +- name: Extract nginx_exporter + ansible.builtin.unarchive: + src: "/usr/local/src/{{ nginx_exporter_pkg }}.tar.gz" + dest: "/usr/local/src/{{ nginx_exporter_pkg }}" + owner: root + group: "{{ ansible_wheel }}" + creates: "/usr/local/src/{{ nginx_exporter_pkg }}/nginx-prometheus-exporter" + remote_src: true + +- name: Copy binary + ansible.builtin.copy: + dest: "/usr/local/bin/nginx_exporter" + src: "/usr/local/src/{{ nginx_exporter_pkg }}/nginx-prometheus-exporter" + mode: "0755" + owner: root + group: "{{ ansible_wheel }}" + remote_src: true + notify: Restart nginx_exporter + +- name: Create config directory + ansible.builtin.file: + path: /etc/nginx_exporter + state: directory + mode: "0755" + owner: root + group: "{{ ansible_wheel }}" + +- name: Create web-config + ansible.builtin.template: + dest: /etc/nginx_exporter/web-config.yml + src: web-config.yml.j2 + mode: "0644" + owner: root + group: "{{ ansible_wheel }}" + notify: Restart nginx_exporter + +- name: Create service file + ansible.builtin.template: + dest: /etc/systemd/system/nginx_exporter.service + src: nginx_exporter.service.j2 + mode: "0644" + owner: root + group: "{{ ansible_wheel }}" + notify: Restart nginx_exporter + +- name: Enable service + ansible.builtin.service: + name: nginx_exporter + state: started + enabled: true diff --git a/roles/nginx_exporter/templates/nginx_exporter.service.j2 b/roles/nginx_exporter/templates/nginx_exporter.service.j2 new file mode 100644 index 0000000..d9356ca --- /dev/null +++ b/roles/nginx_exporter/templates/nginx_exporter.service.j2 @@ -0,0 +1,23 @@ +[Unit] +Description=Prometheus NGINX Exporter +After=syslog.target +After=network.target + +[Service] +Type=simple +User=nginx_exporter +Group=nginx_exporter +#Environment="SCRAPE_URI={% for host in groups['proxy'] -%}https://{{ host }}/stub_status {% endfor %}" +ExecStart=/usr/local/bin/nginx_exporter \ + --web.config.file=/etc/nginx_exporter/web-config.yml \ +{% for host in groups['proxy'] %} + --nginx.scrape-uri=https://{{ host }}/stub_status \ +{% endfor %} + --nginx.ssl-ca-cert={{ tls_certs }}/ca.crt \ + --nginx.ssl-client-cert={{ tls_certs }}/{{ inventory_hostname }}.crt \ + --nginx.ssl-client-key={{ tls_private }}/{{ inventory_hostname }}.key + +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/roles/nginx_exporter/templates/web-config.yml.j2 b/roles/nginx_exporter/templates/web-config.yml.j2 new file mode 100644 index 0000000..03e5466 --- /dev/null +++ b/roles/nginx_exporter/templates/web-config.yml.j2 @@ -0,0 +1,11 @@ +--- +tls_server_config: + key_file: {{ tls_private }}/{{ inventory_hostname }}.key + cert_file: {{ tls_certs }}/{{ inventory_hostname }}.crt + client_ca_file: {{ tls_certs }}/ca.crt + client_auth_type: RequireAndVerifyClientCert + client_allowed_sans: +{% for host in groups['prometheus'] %} + - {{ host }} +{% endfor %} + min_version: TLS13