From dc2a6f57889a43581195032d6df3a08487eb0539 Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Thu, 6 Jun 2024 19:29:38 +0000 Subject: [PATCH] blackbox_exporter: Initial version of role --- roles/blackbox_exporter/files/blackbox.yml | 17 ++++++++ roles/blackbox_exporter/handlers/main.yml | 5 +++ roles/blackbox_exporter/tasks/main.yml | 39 +++++++++++++++++++ .../templates/web-config.yml.j2 | 11 ++++++ 4 files changed, 72 insertions(+) create mode 100644 roles/blackbox_exporter/files/blackbox.yml create mode 100644 roles/blackbox_exporter/handlers/main.yml create mode 100644 roles/blackbox_exporter/tasks/main.yml create mode 100644 roles/blackbox_exporter/templates/web-config.yml.j2 diff --git a/roles/blackbox_exporter/files/blackbox.yml b/roles/blackbox_exporter/files/blackbox.yml new file mode 100644 index 0000000..9152489 --- /dev/null +++ b/roles/blackbox_exporter/files/blackbox.yml @@ -0,0 +1,17 @@ +--- +modules: + http: + prober: http + http: + valid_status_codes: + - 200 + - 401 + - 403 + ssh: + prober: tcp + tcp: + query_response: + - expect: "^SSH-2.0-" + - send: "SSH-2.0-blackbox-ssh-check" + tcp: + prober: tcp diff --git a/roles/blackbox_exporter/handlers/main.yml b/roles/blackbox_exporter/handlers/main.yml new file mode 100644 index 0000000..34e0f2d --- /dev/null +++ b/roles/blackbox_exporter/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Restart blackbox_exporter + ansible.builtin.service: + name: blackbox_exporter + state: restarted diff --git a/roles/blackbox_exporter/tasks/main.yml b/roles/blackbox_exporter/tasks/main.yml new file mode 100644 index 0000000..b3e2410 --- /dev/null +++ b/roles/blackbox_exporter/tasks/main.yml @@ -0,0 +1,39 @@ +--- +- name: Install packages + ansible.builtin.package: + name: blackbox_exporter + state: installed + +- name: Add user to hostkey group + ansible.builtin.user: + name: _blackboxexporter + groups: hostkey + append: true + notify: Restart blackbox_exporter + +- name: Create main config + ansible.builtin.copy: + dest: /etc/blackbox_exporter/blackbox.yml + src: blackbox.yml + mode: "0644" + owner: root + group: "{{ ansible_wheel }}" + notify: Restart blackbox_exporter + +- name: Create web-config + ansible.builtin.template: + dest: /etc/blackbox_exporter/web-config.yml + src: web-config.yml.j2 + mode: "0644" + owner: root + group: "{{ ansible_wheel }}" + notify: Restart blackbox_exporter + +- name: Enable service + ansible.builtin.service: + name: blackbox_exporter + state: started + arguments: > + --config.file=/etc/blackbox_exporter/blackbox.yml + --web.config.file=/etc/blackbox_exporter/web-config.yml + enabled: true diff --git a/roles/blackbox_exporter/templates/web-config.yml.j2 b/roles/blackbox_exporter/templates/web-config.yml.j2 new file mode 100644 index 0000000..03e5466 --- /dev/null +++ b/roles/blackbox_exporter/templates/web-config.yml.j2 @@ -0,0 +1,11 @@ +--- +tls_server_config: + key_file: {{ tls_private }}/{{ inventory_hostname }}.key + cert_file: {{ tls_certs }}/{{ inventory_hostname }}.crt + client_ca_file: {{ tls_certs }}/ca.crt + client_auth_type: RequireAndVerifyClientCert + client_allowed_sans: +{% for host in groups['prometheus'] %} + - {{ host }} +{% endfor %} + min_version: TLS13