nginx_exporter First version of role

roles/nginx_exporter/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+nginx_exporter_pkg: "nginx-prometheus-exporter_{{ nginx_exporter_version }}_linux_amd64"

roles/nginx_exporter/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Restart nginx_exporter
+  ansible.builtin.systemd:
+    name: nginx_exporter
+    daemon_reload: true
+    state: restarted

roles/nginx_exporter/tasks/main.yml

@@ -0,0 +1,83 @@
+---
+- name: Create group
+  ansible.builtin.group:
+    name: nginx_exporter
+    system: true
+
+- name: Create user
+  ansible.builtin.user:
+    name: nginx_exporter
+    comment: Prometheus NGINX Exporter
+    group: nginx_exporter
+    groups: hostkey
+    create_home: false
+    home: /var/empty
+    shell: /sbin/nologin
+    system: true
+
+- name: Download package
+  ansible.builtin.get_url:
+    url: https://github.com/nginxinc/nginx-prometheus-exporter/releases/download/v{{ nginx_exporter_version }}/{{ nginx_exporter_pkg }}.tar.gz
+    dest: "/usr/local/src/{{ nginx_exporter_pkg }}.tar.gz"
+    mode: "0644"
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: Create directory for extracing package
+  ansible.builtin.file:
+    path: "/usr/local/src/{{ nginx_exporter_pkg }}"
+    state: directory
+    mode: "0755"
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: Extract nginx_exporter
+  ansible.builtin.unarchive:
+    src: "/usr/local/src/{{ nginx_exporter_pkg }}.tar.gz"
+    dest: "/usr/local/src/{{ nginx_exporter_pkg }}"
+    owner: root
+    group: "{{ ansible_wheel }}"
+    creates: "/usr/local/src/{{ nginx_exporter_pkg }}/nginx-prometheus-exporter"
+    remote_src: true
+
+- name: Copy binary
+  ansible.builtin.copy:
+    dest: "/usr/local/bin/nginx_exporter"
+    src: "/usr/local/src/{{ nginx_exporter_pkg }}/nginx-prometheus-exporter"
+    mode: "0755"
+    owner: root
+    group: "{{ ansible_wheel }}"
+    remote_src: true
+  notify: Restart nginx_exporter
+
+- name: Create config directory
+  ansible.builtin.file:
+    path: /etc/nginx_exporter
+    state: directory
+    mode: "0755"
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: Create web-config
+  ansible.builtin.template:
+    dest: /etc/nginx_exporter/web-config.yml
+    src: web-config.yml.j2
+    mode: "0644"
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart nginx_exporter
+
+- name: Create service file
+  ansible.builtin.template:
+    dest: /etc/systemd/system/nginx_exporter.service
+    src: nginx_exporter.service.j2
+    mode: "0644"
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart nginx_exporter
+
+- name: Enable service
+  ansible.builtin.service:
+    name: nginx_exporter
+    state: started
+    enabled: true

roles/nginx_exporter/templates/nginx_exporter.service.j2

@@ -0,0 +1,23 @@
+[Unit]
+Description=Prometheus NGINX Exporter
+After=syslog.target
+After=network.target
+
+[Service]
+Type=simple
+User=nginx_exporter
+Group=nginx_exporter
+#Environment="SCRAPE_URI={% for host in groups['proxy'] -%}https://{{ host }}/stub_status {% endfor %}"
+ExecStart=/usr/local/bin/nginx_exporter \
+    --web.config.file=/etc/nginx_exporter/web-config.yml \
+{% for host in groups['proxy'] %}
+    --nginx.scrape-uri=https://{{ host }}/stub_status \
+{% endfor %}
+    --nginx.ssl-ca-cert={{ tls_certs }}/ca.crt \
+    --nginx.ssl-client-cert={{ tls_certs }}/{{ inventory_hostname }}.crt \
+    --nginx.ssl-client-key={{ tls_private }}/{{ inventory_hostname }}.key
+
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

roles/nginx_exporter/templates/web-config.yml.j2

@@ -0,0 +1,11 @@
+---
+tls_server_config:
+  key_file: {{ tls_private }}/{{ inventory_hostname }}.key
+  cert_file: {{ tls_certs }}/{{ inventory_hostname }}.crt
+  client_ca_file: {{ tls_certs }}/ca.crt
+  client_auth_type: RequireAndVerifyClientCert
+  client_allowed_sans:
+{% for host in groups['prometheus'] %}
+    - {{ host }}
+{% endfor %}
+  min_version: TLS13