Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open prometheus exporter ports in firewalld #92

Merged
merged 1 commit into from
Nov 3, 2024
Merged

Open prometheus exporter ports in firewalld #92

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
167 changes: 156 additions & 11 deletions playbooks/prometheus_exporters.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@
- name: Install RabbitMQ exporter
hosts: rabbitmq, rabbitmq_secondary
become: true
roles:
# Pull in the common vars
- role: itential.deployer.common_vars
tags: always
tasks:
# RabbitMQ has builtin Prometheus support, just enable the plugin.
# https://www.rabbitmq.com/docs/prometheus#rabbitmq-configuration
Expand All @@ -12,53 +16,194 @@
cmd: rabbitmq-plugins enable rabbitmq_prometheus
register: cmdoutput
changed_when: cmdoutput.rc != 0
tags: rabbitmq_prometheus_plugin_enable
tags: rabbitmq_exporter_install

- name: Make custom configuration changes
tags: rabbitmq_exporter_custom_config
block:
- name: Gather service facts
ansible.builtin.service_facts:

- name: Open Port on FirewallD Public Zone
ansible.posix.firewalld:
port: "{{ prometheus_rabbitmq_exporter_web_listen_port }}/tcp"
permanent: true
state: enabled
zone: public
immediate: true
when:
- ansible_facts.services["firewalld.service"] is defined
- ansible_facts.services["firewalld.service"].state == "running"
- ansible_facts.services["firewalld.service"].status == "enabled"

- name: Install Redis exporter
hosts: redis, redis_secondary
become: true
roles:
# Pull in the common vars
- role: itential.deployer.common_vars
tags: redis_exporter_install
tags: always

- role: prometheus.prometheus.redis_exporter
vars:
redis_exporter_user: admin
tags: redis_exporter_install
tasks:
- name: Make custom configuration changes
tags: redis_exporter_custom_config
block:
- name: Gather service facts
ansible.builtin.service_facts:

- name: Default the Redis exporter listen port
ansible.builtin.set_fact:
redis_exporter_listen_port: "{{ prometheus_redis_exporter_web_listen_port }}"

- name: Set the Redis exporter listen port from inventory
ansible.builtin.set_fact:
redis_exporter_listen_port: "{{ hostvars[inventory_hostname].redis_exporter_web_listen_address.split(':') | last }}"
when: "'redis_exporter_web_listen_address' in hostvars[inventory_hostname]"

- name: Open Port on FirewallD Public Zone
ansible.posix.firewalld:
port: "{{ redis_exporter_listen_port }}/tcp"
permanent: true
state: enabled
zone: public
immediate: true
when:
- ansible_facts.services["firewalld.service"] is defined
- ansible_facts.services["firewalld.service"].state == "running"
- ansible_facts.services["firewalld.service"].status == "enabled"

- name: Install MongoDB exporter
hosts: mongodb, mongodb_arbiter, mongodb_secondary
become: true
roles:
# Pull in the common vars
- role: itential.deployer.common_vars
tags: mongodb_exporter_install
tags: always

- role: prometheus.prometheus.mongodb_exporter
vars:
mongodb_exporter_collectors: all
tags: mongodb_exporter_install
tasks:
- name: Add the MongoDB password export to the systemd service file
ansible.builtin.lineinfile:
path: /etc/systemd/system/mongodb_exporter.service
insertafter: '^\[Service\]'
line: "export MONGODB_PASSWORD={{ mongo_user_admin_password }}"
when: mongo_auth | bool
notify: Restart mongodb_exporter
tags: mongodb_exporter_install
- name: Make custom configuration changes
tags: mongodb_exporter_custom_config
block:
- name: Add the MongoDB user to the systemd service file
ansible.builtin.lineinfile:
path: /etc/systemd/system/mongodb_exporter.service
insertafter: '^\[Service\]'
line: 'Environment="MONGODB_USER=admin"'
when: mongodb_auth | bool
notify: Restart mongodb_exporter

- name: Add the MongoDB password to the systemd service file
ansible.builtin.lineinfile:
path: /etc/systemd/system/mongodb_exporter.service
insertafter: 'Environment="MONGODB_USER=admin"'
line: 'Environment="MONGODB_PASSWORD={{ mongo_user_admin_password }}"'
when: mongodb_auth | bool
notify: Restart mongodb_exporter

- name: Gather service facts
ansible.builtin.service_facts:

- name: Default the MongoDB exporter listen port
ansible.builtin.set_fact:
mongodb_exporter_listen_port: "{{ prometheus_mongodb_exporter_web_listen_port }}"

- name: Set the MongoDB exporter listen port from inventory
ansible.builtin.set_fact:
mongodb_exporter_listen_port: "{{ hostvars[inventory_hostname].mongodb_exporter_web_listen_address.split(':') | last }}"
when: "'mongodb_exporter_web_listen_address' in hostvars[inventory_hostname]"

- name: Open Port on FirewallD Public Zone
ansible.posix.firewalld:
port: "{{ mongodb_exporter_listen_port }}/tcp"
permanent: true
state: enabled
zone: public
immediate: true
when:
- ansible_facts.services["firewalld.service"] is defined
- ansible_facts.services["firewalld.service"].state == "running"
- ansible_facts.services["firewalld.service"].status == "enabled"

- name: Install node exporter
hosts: all,!prometheus,!grafana
become: true
roles:
# Pull in the common vars
- role: itential.deployer.common_vars
tags: always

- role: prometheus.prometheus.node_exporter
tags: node_exporter_install
tasks:
- name: Make custom configuration changes
tags: node_exporter_custom_config
block:
- name: Gather service facts
ansible.builtin.service_facts:

- name: Default the node exporter listen port
ansible.builtin.set_fact:
node_exporter_listen_port: "{{ prometheus_node_exporter_web_listen_port }}"

- name: Set the node exporter listen port from inventory
ansible.builtin.set_fact:
node_exporter_listen_port: "{{ hostvars[inventory_hostname].node_exporter_web_listen_address.split(':') | last }}"
when: "'node_exporter_web_listen_address' in hostvars[inventory_hostname]"

- name: Open Port on FirewallD Public Zone
ansible.posix.firewalld:
port: "{{ node_exporter_listen_port }}/tcp"
permanent: true
state: enabled
zone: public
immediate: true
when:
- ansible_facts.services["firewalld.service"] is defined
- ansible_facts.services["firewalld.service"].state == "running"
- ansible_facts.services["firewalld.service"].status == "enabled"

- name: Install process exporter
hosts: platform, gateway
become: true
roles:
# Pull in the common vars
- role: itential.deployer.common_vars
tags: always

- role: prometheus.prometheus.process_exporter
tags: process_exporter_install
tasks:
- name: Make custom configuration changes
tags: process_exporter_custom_config
block:
- name: Gather service facts
ansible.builtin.service_facts:

- name: Default the process exporter listen port
ansible.builtin.set_fact:
process_exporter_listen_port: "{{ prometheus_process_exporter_web_listen_port }}"

- name: Set the process exporter listen port from inventory
ansible.builtin.set_fact:
process_exporter_listen_port: "{{ hostvars[inventory_hostname].process_exporter_web_listen_address.split(':') | last }}"
when: "'process_exporter_web_listen_address' in hostvars[inventory_hostname]"

- name: Open Port on FirewallD Public Zone
ansible.posix.firewalld:
port: "{{ process_exporter_listen_port }}/tcp"
permanent: true
state: enabled
zone: public
immediate: true
when:
- ansible_facts.services["firewalld.service"] is defined
- ansible_facts.services["firewalld.service"].state == "running"
- ansible_facts.services["firewalld.service"].status == "enabled"
1 change: 1 addition & 0 deletions roles/prometheus/vars/main.yml → roles/common_vars/vars/main/prometheus.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,4 @@ prometheus_process_exporter_web_listen_port: 9256
prometheus_node_exporter_web_listen_port: 9100
prometheus_redis_exporter_web_listen_port: 9121
prometheus_mongodb_exporter_web_listen_port: 9216
prometheus_rabbitmq_exporter_web_listen_port: 15692
3 changes: 3 additions & 0 deletions roles/grafana/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,9 @@
mode: "0644"
when: "'rabbitmq' in groups"

- name: Gather service facts
ansible.builtin.service_facts:

- name: Open Port on FirewallD Public Zone
ansible.posix.firewalld:
port: "{{ grafana_port }}/tcp"
Expand Down
2 changes: 1 addition & 1 deletion roles/prometheus/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
- name: Create Itential scrape config file
ansible.builtin.template:
src: scrape_configs.j2
dest: "{{ prometheus_config_dir }}/scrapes/itential.yml"
dest: "{{ prometheus_config_dir }}/scrape_configs/itential.yml"
owner: "{{ prometheus_system_user }}"
group: "{{ prometheus_system_group }}"
mode: "0644"
Expand Down
2 changes: 1 addition & 1 deletion roles/prometheus/templates/scrape_configs.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@

{%- if 'rabbitmq' in groups -%}
{% for host in groups['rabbitmq'] %}
{% set rabbitmq_exporter_web_listen_address = host + ":" + rabbitmq_default_mgt_console_port | string %}
{% set rabbitmq_exporter_web_listen_address = host + ":" + prometheus_rabbitmq_exporter_web_listen_port | string %}
{{- rabbitmq_exporter_targets.append( rabbitmq_exporter_web_listen_address ) -}}
{% if 'node_exporter_web_listen_address' in hostvars[host] %}
{% set node_exporter_web_listen_address = hostvars[host].node_exporter_web_listen_address %}
Expand Down
Loading