Mirrors/ansible-collection-prometheus
2
0
Fork 0
mirror of https://github.com/prometheus-community/ansible synced 2024-11-22 03:43:09 +00:00
Code Issues Projects Releases Packages Wiki Activity

refactor(fail2ban_exporter): delegate common tasks to _common role

Browse source 
Signed-off-by: gardar <gardar@users.noreply.github.com>
This commit is contained in:
gardar 2024-10-15 17:04:55 +00:00
parent 95889b9962
commit a3f317588d
No known key found for this signature in database
GPG key ID: 75FAE37CBA8C13C2
9 changed files with 57 additions and 208 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
roles/fail2ban_exporter/defaults/main.yml
View file

@ -1,11 +1,9 @@
--- ---
fail2ban_exporter_version: 0.10.1 fail2ban_exporter_version: 0.10.1
fail2ban_exporter_binary_local_dir: ""
fail2ban_exporter_binary_url: "https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases/v{{ fail2ban_exporter_version }}/downloads/\ fail2ban_exporter_binary_url: "https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases/v{{ fail2ban_exporter_version }}/downloads/\
fail2ban_exporter_{{ fail2ban_exporter_version }}_linux_{{ go_arch }}.tar.gz" fail2ban_exporter_{{ fail2ban_exporter_version }}_{{ ansible_system | lower }}_{{ _fail2ban_exporter_go_ansible_arch }}.tar.gz"
fail2ban_exporter_checksums_url: "https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases/v{{ fail2ban_exporter_version }}/downloads/\ fail2ban_exporter_checksums_url: "https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases/v{{ fail2ban_exporter_version }}/downloads/\
fail2ban_exporter_{{ fail2ban_exporter_version }}_checksums.txt" fail2ban_exporter_{{ fail2ban_exporter_version }}_checksums.txt"
fail2ban_exporter_skip_install: false
fail2ban_exporter_web_listen_address: "0.0.0.0:9191" fail2ban_exporter_web_listen_address: "0.0.0.0:9191"
fail2ban_exporter_socket: "/var/run/fail2ban/fail2ban.sock" fail2ban_exporter_socket: "/var/run/fail2ban/fail2ban.sock"
@ -13,6 +11,9 @@ fail2ban_exporter_binary_install_dir: "/usr/local/bin"
fail2ban_exporter_username: "" fail2ban_exporter_username: ""
fail2ban_exporter_password: "" fail2ban_exporter_password: ""
fail2ban_exporter_system_user: "root"
fail2ban_exporter_system_group: "{{ fail2ban_exporter_system_user }}"
# Local path to stash the archive and its extraction # Local path to stash the archive and its extraction
fail2ban_exporter_archive_path: /tmp fail2ban_exporter_local_cache_path: "/tmp/fail2ban_exporter-{{ ansible_system | lower }}-{{ _fail2ban_exporter_go_ansible_arch }}/\
{{ fail2ban_exporter_version }}"

25
roles/fail2ban_exporter/meta/argument_specs.yml
View file

@ -11,18 +11,9 @@ argument_specs:
fail2ban_exporter_version: fail2ban_exporter_version:
description: "fail2ban_exporter package version. Also accepts latest as parameter." description: "fail2ban_exporter package version. Also accepts latest as parameter."
default: "0.10.1" default: "0.10.1"
fail2ban_exporter_skip_install:
description: "fail2ban_exporter installation tasks gets skipped when set to true."
type: bool
default: false
fail2ban_exporter_binary_local_dir:
description:
- "Enables the use of local packages instead of those distributed on gitlab."
- "The parameter may be set to a directory where the C(fail2ban_exporter) binary is stored on the host where ansible is run."
- "This overrides the I(fail2ban_exporter_version) parameter"
fail2ban_exporter_binary_url: fail2ban_exporter_binary_url:
description: "URL of the fail2ban_exporter binaries .tar.gz file" description: "URL of the fail2ban_exporter binaries .tar.gz file"
default: "https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases/v{{ fail2ban_exporter_version }}/downloads/fail2ban_exporter_{{ fail2ban_exporter_version }}_linux_{{ go_arch }}.tar.gz" default: "https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases/v{{ fail2ban_exporter_version }}/downloads/fail2ban_exporter_{{ fail2ban_exporter_version }}_{{ ansible_system | lower }}_{{ _fail2ban_exporter_go_ansible_arch }}.tar.gz"
fail2ban_exporter_checksums_url: fail2ban_exporter_checksums_url:
description: "URL of the fail2ban_exporter checksums file" description: "URL of the fail2ban_exporter checksums file"
default: "https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases/v{{ fail2ban_exporter_version }}/downloads/fail2ban_exporter_{{ fail2ban_exporter_version }}_checksums.txt" default: "https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases/v{{ fail2ban_exporter_version }}/downloads/fail2ban_exporter_{{ fail2ban_exporter_version }}_checksums.txt"
@ -46,6 +37,16 @@ argument_specs:
description: description:
- "I(Advanced)" - "I(Advanced)"
- "Password to use to protect endpoints with basic auth" - "Password to use to protect endpoints with basic auth"
fail2ban_exporter_archive_path: fail2ban_exporter_local_cache_path:
description: 'Local path to stash the archive and its extraction' description: 'Local path to stash the archive and its extraction'
default: "/tmp" default: "/tmp/fail2ban_exporter-{{ ansible_system | lower }}-{{ _fail2ban_exporter_go_ansible_arch }}/{{ fail2ban_exporter_version }}"
fail2ban_exporter_system_user:
description:
- "I(Advanced)"
- "fail2ban exporter system user"
default: root
fail2ban_exporter_system_group:
description:
- "I(Advanced)"
- "System group for fail2ban exporter"
default: root

19
roles/fail2ban_exporter/tasks/configure.yml
View file

@ -1,19 +0,0 @@
---
- name: Copy the fail2ban_exporter systemd service file
ansible.builtin.template:
src: fail2ban_exporter.service.j2
dest: /etc/systemd/system/fail2ban_exporter.service
owner: root
group: root
mode: 0644
notify: restart fail2ban_exporter
- name: Allow fail2ban_exporter port in SELinux on RedHat OS family
community.general.seport:
ports: "{{ fail2ban_exporter_web_listen_address.split(':')[-1] }}"
proto: tcp
setype: http_port_t
state: present
when:
- ansible_version.full is version_compare('2.4', '>=')
- ansible_selinux.status == "enabled"

51
roles/fail2ban_exporter/tasks/install.yml
View file

@ -1,51 +0,0 @@
---
- name: Get binary
when:
- fail2ban_exporter_binary_local_dir | length == 0
- not fail2ban_exporter_skip_install
block:
- name: Download fail2ban_exporter binary to local folder
become: false
ansible.builtin.get_url:
url: "{{ fail2ban_exporter_binary_url }}"
dest: "{{ fail2ban_exporter_archive_path }}/fail2ban_exporter_{{ fail2ban_exporter_version }}_linux_{{ go_arch }}.tar.gz"
checksum: "sha256:{{ __fail2ban_exporter_checksum }}"
mode: '0644'
register: _download_binary
until: _download_binary is succeeded
retries: 5
delay: 2
delegate_to: localhost
check_mode: false
- name: Unpack fail2ban_exporter binary
become: false
ansible.builtin.unarchive:
src: "{{ fail2ban_exporter_archive_path }}/fail2ban_exporter_{{ fail2ban_exporter_version }}_linux_{{ go_arch }}.tar.gz"
dest: "{{ fail2ban_exporter_archive_path }}"
creates: "{{ fail2ban_exporter_archive_path }}/fail2ban_exporter"
delegate_to: localhost
check_mode: false
- name: Propagate fail2ban_exporter binaries
ansible.builtin.copy:
src: "{{ fail2ban_exporter_archive_path }}/fail2ban_exporter"
dest: "{{ fail2ban_exporter_binary_install_dir }}/fail2ban_exporter"
mode: 0755
owner: root
group: root
notify: restart fail2ban_exporter
when: not ansible_check_mode
- name: Propagate locally distributed fail2ban_exporter binary
ansible.builtin.copy:
src: "{{ fail2ban_exporter_binary_local_dir }}/fail2ban_exporter"
dest: "{{ fail2ban_exporter_binary_install_dir }}/fail2ban_exporter"
mode: 0755
owner: root
group: root
when:
- fail2ban_exporter_binary_local_dir | length > 0
- not fail2ban_exporter_skip_install
notify: restart fail2ban_exporter

50
roles/fail2ban_exporter/tasks/main.yml
View file

@ -2,51 +2,41 @@
- name: Preflight - name: Preflight
ansible.builtin.include_tasks: ansible.builtin.include_tasks:
file: preflight.yml file: preflight.yml
apply:
tags:
- fail2ban_exporter_install
- fail2ban_exporter_configure
- fail2ban_exporter_run
tags: tags:
- fail2ban_exporter_install - fail2ban_exporter_install
- fail2ban_exporter_configure - fail2ban_exporter_configure
- fail2ban_exporter_run - fail2ban_exporter_run
- name: Install - name: Install
ansible.builtin.include_tasks: ansible.builtin.include_role:
file: install.yml name: prometheus.prometheus._common
apply: tasks_from: install.yml
become: true vars:
tags: _common_local_cache_path: "{{ fail2ban_exporter_local_cache_path }}"
- fail2ban_exporter_install _common_binaries: "{{ _fail2ban_exporter_binaries }}"
when: _common_binary_install_dir: "{{ fail2ban_exporter_binary_install_dir }}"
( not __fail2ban_exporter_is_installed.stat.exists ) or _common_binary_url: "{{ fail2ban_exporter_binary_url }}"
( (__fail2ban_exporter_current_version_output.stderr_lines | length > 0) _common_checksums_url: "{{ fail2ban_exporter_checksums_url }}"
and (__fail2ban_exporter_current_version_output.stderr_lines[0] != fail2ban_exporter_version) ) or _common_system_group: "{{ fail2ban_exporter_system_group }}"
( (__fail2ban_exporter_current_version_output.stdout_lines | length > 0) _common_system_user: "{{ fail2ban_exporter_system_user }}"
and (__fail2ban_exporter_current_version_output.stdout_lines[0] != fail2ban_exporter_version) ) or _common_config_dir: "{{ fail2ban_exporter_config_dir }}"
( fail2ban_exporter_binary_local_dir | length > 0 )
tags: tags:
- fail2ban_exporter_install - fail2ban_exporter_install
- name: SELinux - name: SELinux
ansible.builtin.include_tasks: ansible.builtin.include_role:
file: selinux.yml name: prometheus.prometheus._common
apply: tasks_from: selinux.yml
become: true vars:
tags: _common_selinux_port: "{{ fail2ban_exporter_web_listen_address | urlsplit('port') }}"
- fail2ban_exporter_configure
when: ansible_selinux.status == "enabled" when: ansible_selinux.status == "enabled"
tags: tags:
- fail2ban_exporter_configure - fail2ban_exporter_configure
- name: Configure - name: Configure
ansible.builtin.include_tasks: ansible.builtin.include_role:
file: configure.yml name: prometheus.prometheus._common
apply: tasks_from: configure.yml
become: true
tags:
- fail2ban_exporter_configure
tags: tags:
- fail2ban_exporter_configure - fail2ban_exporter_configure

70
roles/fail2ban_exporter/tasks/preflight.yml
View file

@ -1,24 +1,8 @@
--- ---
- name: Assert usage of systemd as an init system - name: Common preflight
ansible.builtin.assert: ansible.builtin.include_role:
that: ansible_service_mgr == 'systemd' name: prometheus.prometheus._common
msg: "This role only works with systemd" tasks_from: preflight.yml
- name: Install package fact dependencies
become: true
ansible.builtin.package:
name: "{{ _pkg_fact_req }}"
state: present
when: (_pkg_fact_req)
vars:
_pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\
{{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }}
{% else %}\
{% endif %}"
- name: Gather package facts
ansible.builtin.package_facts:
when: "not 'packages' in ansible_facts"
- name: Assert that used version supports listen address type - name: Assert that used version supports listen address type
ansible.builtin.assert: ansible.builtin.assert:
@ -36,50 +20,18 @@
list | list |
length == 0 length == 0
- name: Check if fail2ban_exporter is installed
ansible.builtin.stat:
path: "{{ fail2ban_exporter_binary_install_dir }}/fail2ban_exporter"
register: __fail2ban_exporter_is_installed
check_mode: false
tags:
- fail2ban_exporter_install
- name: Gather currently installed fail2ban_exporter version (if any)
ansible.builtin.command: "{{ fail2ban_exporter_binary_install_dir }}/fail2ban_exporter --version"
changed_when: false
register: __fail2ban_exporter_current_version_output
check_mode: false
when: __fail2ban_exporter_is_installed.stat.exists
tags:
- fail2ban_exporter_install
- name: Discover latest version - name: Discover latest version
ansible.builtin.set_fact: ansible.builtin.set_fact:
fail2ban_exporter_version: "{{ (lookup('url', 'https://gitlab.com/api/v4/projects/{{ _fail2ban_exporter_repo }}/releases', fail2ban_exporter_version: "{{ (lookup('url', 'https://gitlab.com/api/v4/projects/{{ _fail2ban_exporter_repo }}/releases',
split_lines=False) | from_json)[0].get('tag_name') | replace('v', '') }}" split_lines=False) | from_json)[0].get('tag_name') | replace('v', '') }}"
run_once: true run_once: true
until: fail2ban_exporter_version is version('0.0.0', '>=') until: fail2ban_exporter_version is version('0.0.0', '>=')
retries: 10 retries: 10
when: when:
- fail2ban_exporter_version == "latest" - fail2ban_exporter_version == "latest"
- fail2ban_exporter_binary_local_dir | length == 0 tags:
- not fail2ban_exporter_skip_install - fail2ban_exporter
- install
- name: Get fail2ban_exporter binary checksum - fail2ban_exporter_install
when: - download
- fail2ban_exporter_binary_local_dir | length == 0 - fail2ban_exporter_download
- not fail2ban_exporter_skip_install
block:
- name: Get checksum list from gitlab
ansible.builtin.set_fact:
__fail2ban_exporter_checksums: "{{ lookup('url', fail2ban_exporter_checksums_url, wantlist=True) | list }}"
run_once: true
until: __fail2ban_exporter_checksums is search('linux_' + go_arch + '.tar.gz')
retries: 10
- name: "Get checksum for {{ go_arch }}"
ansible.builtin.set_fact:
__fail2ban_exporter_checksum: "{{ item.split(' ')[0] }}"
with_items: "{{ __fail2ban_exporter_checksums }}"
when:
- "item.endswith('fail2ban_exporter_' + fail2ban_exporter_version + '_linux_' + go_arch + '.tar.gz')"

23
roles/fail2ban_exporter/tasks/selinux.yml
View file

@ -1,23 +0,0 @@
---
- name: Install selinux python packages [RedHat]
ansible.builtin.package:
name: "{{ ['libselinux-python', 'policycoreutils-python']
if ansible_python_version is version('3', '<') else
['python3-libselinux', 'python3-policycoreutils'] }}"
state: present
register: _install_selinux_packages
until: _install_selinux_packages is success
retries: 5
delay: 2
when: ansible_os_family | lower == "redhat"
- name: Install selinux python packages [clearlinux]
ansible.builtin.package:
name: sysadmin-basic
state: present
register: _install_selinux_packages
until: _install_selinux_packages is success
retries: 5
delay: 2
when:
- ansible_distribution | lower == "clearlinux"

4
roles/fail2ban_exporter/templates/fail2ban_exporter.service.j2
View file

@ -6,8 +6,8 @@ After=network-online.target
[Service] [Service]
Type=simple Type=simple
User=root User={{ fail2ban_exporter_system_user }}
Group=root Group={{ fail2ban_exporter_system_group }}
ExecStart={{ fail2ban_exporter_binary_install_dir }}/fail2ban_exporter \ ExecStart={{ fail2ban_exporter_binary_install_dir }}/fail2ban_exporter \
--web.listen-address={{ fail2ban_exporter_web_listen_address }} \ --web.listen-address={{ fail2ban_exporter_web_listen_address }} \
{% if fail2ban_exporter_username | length > 0 -%} {% if fail2ban_exporter_username | length > 0 -%}

14
roles/fail2ban_exporter/vars/main.yml
View file

@ -1,10 +1,8 @@
--- ---
go_arch_map: _fail2ban_exporter_go_ansible_arch: "{{ {'i386': '386',
i386: '386' 'x86_64': 'amd64',
x86_64: 'amd64' 'aarch64': 'arm64',
aarch64: 'arm64' 'armv7l': 'armv7',
armv7l: 'armv7' 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}"
armv6l: 'armv6'
go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
_fail2ban_exporter_repo: 24199687 _fail2ban_exporter_repo: 24199687
_fail2ban_exporter_binaries: ['fail2ban_exporter']