diff --git a/.config/molecule/config.yml b/.config/molecule/config.yml index cd7f9e34..58d2d624 100644 --- a/.config/molecule/config.yml +++ b/.config/molecule/config.yml @@ -1,6 +1,7 @@ --- dependency: name: galaxy +prerun: false driver: name: docker platforms: @@ -58,6 +59,12 @@ platforms: privileged: true cgroup_parent: docker.slice command: /lib/systemd/systemd + - name: fedora-38 + image: dokken/fedora-38 + pre_build_image: true + privileged: true + cgroup_parent: docker.slice + command: /lib/systemd/systemd - name: ubuntu-20.04 image: dokken/ubuntu-20.04 pre_build_image: true diff --git a/.github/scripts/version_updater.sh b/.github/scripts/version_updater.sh index 95dc4933..a857d209 100755 --- a/.github/scripts/version_updater.sh +++ b/.github/scripts/version_updater.sh @@ -104,7 +104,7 @@ if ! git push "https://${GITHUB_TOKEN}:@github.com/${GIT_REPO}" --set-upstream " fi if ! post_pull_request \ - "patch: New ${source_repo} upstream release!" \ + "patch: New ${source_repo} upstream release ${version}!" \ "main" \ "${update_branch}" \ "The upstream [${source_repo}](https://github.com/${source_repo}/releases) released new software version - **${version}**!\n\nThis automated PR updates code to bring new version into repository." ; then diff --git a/.github/workflows/conventional-label.yml b/.github/workflows/conventional-label.yml index ba71a448..81377afd 100644 --- a/.github/workflows/conventional-label.yml +++ b/.github/workflows/conventional-label.yml @@ -16,7 +16,7 @@ jobs: - name: "Confirm correct pull request title" uses: mmubeen/action-pr-title@master # until PR gets merged https://github.com/deepakputhraya/action-pr-title/pull/29 with: - allowed_prefixes: 'feat,feature,fix,major,breaking,minor,enhancement,deprecated,removed,security,bug,bugfix,docs,packaging,test,refactor,refactoring,skip-release,skip_changelog' + allowed_prefixes: 'feat,feature,fix,major,breaking,minor,enhancement,deprecated,removed,security,bug,bugfix,docs,packaging,test,refactor,refactoring,skip-release,skip_changelog,patch' - name: "Apply label" if: github.event.pull_request.labels.length == 0 @@ -42,7 +42,8 @@ jobs: "refactor": "trivial", "refactoring": "trivial", "skip-release": "skip_changelog", - "skip_changelog": "skip_changelog" + "skip_changelog": "skip_changelog", + "patch": "trivial" } role-label: diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index ed8df8b1..4c4d8756 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -4,6 +4,7 @@ on: push: tags: - '*' + workflow_dispatch: jobs: release: diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 0dfb3197..c94f32ee 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,39 @@ Prometheus.Prometheus Release Notes .. contents:: Topics +v0.7.1 +====== + +Bugfixes +-------- + +- fix(molecule): don't contact galaxy api since requirements come from git (https://github.com/prometheus-community/ansible/pull/241) + +v0.7.0 +====== + +Minor Changes +------------- + +- feat(prometheus): Add shutdown timeout variable (https://github.com/prometheus-community/ansible/pull/220) +- feat(systemd_exporter): Add TLS configuration (https://github.com/prometheus-community/ansible/pull/205) +- feat(systemd_exporter): Add logging configuration to systemd_exporter (https://github.com/prometheus-community/ansible/pull/210) + +Bugfixes +-------- + +- fix(systemd_exporter): Fix collector flags for older versions (https://github.com/prometheus-community/ansible/pull/208) +- fix: blackbox_exporter ansible-lint risky-octal (https://github.com/prometheus-community/ansible/pull/174) + +v0.6.1 +====== + +Bugfixes +-------- + +- fix(systemd_exporter): Fix collector flags for older versions (https://github.com/prometheus-community/ansible/pull/208) +- fix: blackbox_exporter ansible-lint risky-octal (https://github.com/prometheus-community/ansible/pull/174) + v0.6.0 ====== @@ -14,8 +47,10 @@ Minor Changes - feat: Add chrony_exporter role (https://github.com/prometheus-community/ansible/pull/159) - feat: Add pushgateway role (https://github.com/prometheus-community/ansible/pull/127) - feat: Add role smokeping_prober (https://github.com/prometheus-community/ansible/pull/128) +- feature: Agent mode support (https://github.com/prometheus-community/ansible/pull/198) - feature: Make config installation dir configurable (https://github.com/prometheus-community/ansible/pull/173) - feature: blackbox exporter user/group configurable (https://github.com/prometheus-community/ansible/pull/172) +- minor: support fedora 38 (https://github.com/prometheus-community/ansible/pull/202) Removed Features (previously deprecated) ---------------------------------------- @@ -29,6 +64,7 @@ Bugfixes - fix(alertmanager): add routes before match_re (https://github.com/prometheus-community/ansible/pull/194) - fix(node_exporter): Fix ProtectHome for textfiles (https://github.com/prometheus-community/ansible/pull/184) - fix: Add test for argument_specs matching (https://github.com/prometheus-community/ansible/pull/177) +- fix: Make binary installs consistent (https://github.com/prometheus-community/ansible/pull/204) - fix: mysqld_exporter should actually respect the mysqld_exporter_host variable (https://github.com/prometheus-community/ansible/pull/88) v0.5.2 diff --git a/changelogs/.plugin-cache.yaml b/changelogs/.plugin-cache.yaml index 8312e16b..58fda9e1 100644 --- a/changelogs/.plugin-cache.yaml +++ b/changelogs/.plugin-cache.yaml @@ -13,4 +13,4 @@ plugins: shell: {} strategy: {} vars: {} -version: 0.6.0 +version: 0.7.1 diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 7c44f536..75f8111a 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -158,32 +158,68 @@ releases: release_date: '2023-06-24' 0.6.0: changes: + bugfixes: + - 'fix(alertmanager): add routes before match_re (https://github.com/prometheus-community/ansible/pull/194)' + - 'fix(node_exporter): Fix ProtectHome for textfiles (https://github.com/prometheus-community/ansible/pull/184)' + - 'fix: Add test for argument_specs matching (https://github.com/prometheus-community/ansible/pull/177)' + - 'fix: Make binary installs consistent (https://github.com/prometheus-community/ansible/pull/204)' + - 'fix: mysqld_exporter should actually respect the mysqld_exporter_host variable + (https://github.com/prometheus-community/ansible/pull/88)' minor_changes: - - 'feature: blackbox exporter user/group configurable (https://github.com/prometheus-community/ansible/pull/172)' - - 'feature: Make config installation dir configurable (https://github.com/prometheus-community/ansible/pull/173)' - 'feat: Add chrony_exporter role (https://github.com/prometheus-community/ansible/pull/159)' - 'feat: Add pushgateway role (https://github.com/prometheus-community/ansible/pull/127)' - 'feat: Add role smokeping_prober (https://github.com/prometheus-community/ansible/pull/128)' - bugfixes: - - 'fix: mysqld_exporter should actually respect the mysqld_exporter_host variable - (https://github.com/prometheus-community/ansible/pull/88)' - - 'fix: Add test for argument_specs matching (https://github.com/prometheus-community/ansible/pull/177)' - - 'fix(alertmanager): add routes before match_re (https://github.com/prometheus-community/ansible/pull/194)' - - 'fix(node_exporter): Fix ProtectHome for textfiles (https://github.com/prometheus-community/ansible/pull/184)' + - 'feature: Agent mode support (https://github.com/prometheus-community/ansible/pull/198)' + - 'feature: Make config installation dir configurable (https://github.com/prometheus-community/ansible/pull/173)' + - 'feature: blackbox exporter user/group configurable (https://github.com/prometheus-community/ansible/pull/172)' + - 'minor: support fedora 38 (https://github.com/prometheus-community/ansible/pull/202)' removed_features: - - 'removed: Drop ubuntu 18.04 support as it is EOL (https://github.com/prometheus-community/ansible/pull/199)' - 'removed: Drop fedora 36 support as it is EOL (https://github.com/prometheus-community/ansible/pull/200)' + - 'removed: Drop ubuntu 18.04 support as it is EOL (https://github.com/prometheus-community/ansible/pull/199)' trivial: - - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/146)' - - 'patch: New prometheus/mysqld_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/153)' - - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/152)' - - 'patch: New prometheus/node_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/162)' - - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/168)' - - 'Fix: rename collector flags (https://github.com/prometheus-community/ansible/pull/167)' - Fix mysqld_exporter world-readable secrets (https://github.com/prometheus-community/ansible/pull/169) - - 'fix ansible-lint: risky-octal & no-same-owner (https://github.com/prometheus-community/ansible/pull/171)' - - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/188)' + - 'Fix: rename collector flags (https://github.com/prometheus-community/ansible/pull/167)' - 'docs(smokeping_prober): Update arguments specs (https://github.com/prometheus-community/ansible/pull/190)' - - 'patch: New superq/smokeping_prober upstream release! (https://github.com/prometheus-community/ansible/pull/196)' - 'docs: Fix node_exporter 404 TLS auth links (https://github.com/prometheus-community/ansible/pull/154)' + - 'fix ansible-lint: risky-octal & no-same-owner (https://github.com/prometheus-community/ansible/pull/171)' + - 'patch: New prometheus/alertmanager upstream release! (https://github.com/prometheus-community/ansible/pull/206)' + - 'patch: New prometheus/mysqld_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/153)' + - 'patch: New prometheus/node_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/162)' + - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/152)' + - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/168)' + - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/146)' + - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/188)' + - 'patch: New superq/smokeping_prober upstream release! (https://github.com/prometheus-community/ansible/pull/196)' release_date: '2023-07-29' + 0.6.1: + changes: + bugfixes: + - 'fix(systemd_exporter): Fix collector flags for older versions (https://github.com/prometheus-community/ansible/pull/208)' + - 'fix: blackbox_exporter ansible-lint risky-octal (https://github.com/prometheus-community/ansible/pull/174)' + release_date: '2023-08-26' + 0.7.0: + changes: + bugfixes: + - 'fix(systemd_exporter): Fix collector flags for older versions (https://github.com/prometheus-community/ansible/pull/208)' + - 'fix: blackbox_exporter ansible-lint risky-octal (https://github.com/prometheus-community/ansible/pull/174)' + minor_changes: + - 'feat(prometheus): Add shutdown timeout variable (https://github.com/prometheus-community/ansible/pull/220)' + - 'feat(systemd_exporter): Add TLS configuration (https://github.com/prometheus-community/ansible/pull/205)' + - 'feat(systemd_exporter): Add logging configuration to systemd_exporter (https://github.com/prometheus-community/ansible/pull/210)' + trivial: + - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/215)' + - 'patch: New prometheus/pushgateway upstream release! (https://github.com/prometheus-community/ansible/pull/219)' + - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/211)' + - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/214)' + release_date: '2023-08-29' + 0.7.1: + changes: + bugfixes: + - "fix(molecule): don't contact galaxy api since requirements come from git + (https://github.com/prometheus-community/ansible/pull/241)" + trivial: + - 'docs: fix alertmanager role name (https://github.com/prometheus-community/ansible/pull/240)' + - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/232)' + - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/228)' + - 'docs: fix blackbox_exporter role name (https://github.com/prometheus-community/ansible/pull/239)' + release_date: '2023-10-27' diff --git a/galaxy.yml b/galaxy.yml index 0e0e5026..afe57711 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,7 +1,7 @@ --- namespace: prometheus name: prometheus -version: 0.6.0 +version: 0.7.1 readme: README.md authors: - "Ben Kochie (https://github.com/SuperQ)" diff --git a/roles/alertmanager/README.md b/roles/alertmanager/README.md index aa350c50..4a6f331a 100644 --- a/roles/alertmanager/README.md +++ b/roles/alertmanager/README.md @@ -25,7 +25,7 @@ Please refer to the [collection docs](https://prometheus-community.github.io/ans --- hosts: all roles: - - ansible-alertmanager + - prometheus.prometheus.alertmanager vars: alertmanager_version: latest alertmanager_slack_api_url: "http://example.com" diff --git a/roles/alertmanager/defaults/main.yml b/roles/alertmanager/defaults/main.yml index 0533d7a5..22683c28 100644 --- a/roles/alertmanager/defaults/main.yml +++ b/roles/alertmanager/defaults/main.yml @@ -1,5 +1,5 @@ --- -alertmanager_version: 0.25.0 +alertmanager_version: 0.26.0 alertmanager_binary_local_dir: '' alertmanager_binary_url: "https://github.com/{{ _alertmanager_repo }}/releases/download/v{{ alertmanager_version }}/\ alertmanager-{{ alertmanager_version }}.linux-{{ go_arch }}.tar.gz" diff --git a/roles/alertmanager/meta/argument_specs.yml b/roles/alertmanager/meta/argument_specs.yml index e43f38ef..c9e7d10e 100644 --- a/roles/alertmanager/meta/argument_specs.yml +++ b/roles/alertmanager/meta/argument_specs.yml @@ -10,7 +10,7 @@ argument_specs: options: alertmanager_version: description: "Alertmanager package version. Also accepts `latest` as parameter." - default: 0.25.0 + default: 0.26.0 alertmanager_skip_install: description: "Alertmanager installation tasks gets skipped when set to true." type: bool diff --git a/roles/alertmanager/meta/main.yml b/roles/alertmanager/meta/main.yml index 092f30ce..0ba10322 100644 --- a/roles/alertmanager/meta/main.yml +++ b/roles/alertmanager/meta/main.yml @@ -22,6 +22,7 @@ galaxy_info: - name: "Fedora" versions: - "37" + - '38' galaxy_tags: - "monitoring" - "prometheus" diff --git a/roles/alertmanager/tasks/install.yml b/roles/alertmanager/tasks/install.yml index bfb8995c..fda80abf 100644 --- a/roles/alertmanager/tasks/install.yml +++ b/roles/alertmanager/tasks/install.yml @@ -26,7 +26,7 @@ - "{{ alertmanager_db_dir }}" - "{{ _alertmanager_amtool_config_dir }}" -- name: Get alertmanager binary +- name: Get binary when: - alertmanager_binary_local_dir | length == 0 - not alertmanager_skip_install diff --git a/roles/blackbox_exporter/README.md b/roles/blackbox_exporter/README.md index 42c9302f..7c4d34b4 100644 --- a/roles/blackbox_exporter/README.md +++ b/roles/blackbox_exporter/README.md @@ -24,7 +24,7 @@ Please refer to the [collection docs](https://prometheus-community.github.io/ans - hosts: all become: true roles: - - prometheus.prometheus.blackbox-exporter + - prometheus.prometheus.blackbox_exporter ``` ### Demo site diff --git a/roles/blackbox_exporter/defaults/main.yml b/roles/blackbox_exporter/defaults/main.yml index f3bf56f7..b97af9ba 100644 --- a/roles/blackbox_exporter/defaults/main.yml +++ b/roles/blackbox_exporter/defaults/main.yml @@ -1,8 +1,10 @@ --- blackbox_exporter_version: 0.24.0 +blackbox_exporter_binary_local_dir: "" blackbox_exporter_binary_url: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/\ blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz" +blackbox_exporter_checksums_url: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/sha256sums.txt" blackbox_exporter_skip_install: false blackbox_exporter_web_listen_address: "0.0.0.0:9115" @@ -71,3 +73,5 @@ blackbox_exporter_configuration_modules: # Where to put the blackbox_exporter.yml main configuration file blackbox_exporter_config_dir: /etc + +blackbox_exporter_binary_install_dir: "/usr/local/bin" diff --git a/roles/blackbox_exporter/handlers/main.yml b/roles/blackbox_exporter/handlers/main.yml index 4086fb8d..0945b876 100644 --- a/roles/blackbox_exporter/handlers/main.yml +++ b/roles/blackbox_exporter/handlers/main.yml @@ -1,14 +1,14 @@ --- -- name: Restart blackbox exporter - listen: "restart blackbox exporter" +- name: Restart blackbox_exporter + listen: "restart blackbox_exporter" become: true ansible.builtin.systemd: daemon_reload: true name: blackbox_exporter state: restarted -- name: Reload blackbox exporter - listen: "reload blackbox exporter" +- name: Reload blackbox_exporter + listen: "reload blackbox_exporter" become: true ansible.builtin.systemd: name: blackbox_exporter diff --git a/roles/blackbox_exporter/meta/argument_specs.yml b/roles/blackbox_exporter/meta/argument_specs.yml index ab97d1bf..2938f698 100644 --- a/roles/blackbox_exporter/meta/argument_specs.yml +++ b/roles/blackbox_exporter/meta/argument_specs.yml @@ -9,15 +9,23 @@ argument_specs: - "Prometheus Community" options: blackbox_exporter_version: - description: "Blackbox exporter package version" + description: "Blackbox exporter package version. Also accepts latest as parameter." default: "0.24.0" blackbox_exporter_skip_install: description: "Blackbox exporter installation tasks gets skipped when set to true." type: bool default: false + blackbox_exporter_binary_local_dir: + description: + - "Enables the use of local packages instead of those distributed on github." + - "The parameter may be set to a directory where the C(blackbox_exporter) binary is stored on the host where ansible is run." + - "This overrides the I(blackbox_exporter_version) parameter" blackbox_exporter_binary_url: description: "URL of the blackbox_exporter binaries .tar.gz file" default: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz" + blackbox_exporter_checksums_url: + description: "URL of the blackbox exporter checksums file" + default: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/sha256sums.txt" blackbox_exporter_web_listen_address: description: "Address on which blackbox exporter will be listening" default: "0.0.0.0:9115" @@ -37,6 +45,11 @@ argument_specs: blackbox_exporter_config_dir: description: "Directory where the blackbox exporter configuration file is placed" default: "/etc" + blackbox_exporter_binary_install_dir: + description: + - "I(Advanced)" + - "Directory to install blackbox_exporter binary" + default: "/usr/local/bin" blackbox_exporter_user: description: "The user the exporter runs as" default: "blackbox-exp" diff --git a/roles/blackbox_exporter/meta/main.yml b/roles/blackbox_exporter/meta/main.yml index 0e93483f..aaf57660 100644 --- a/roles/blackbox_exporter/meta/main.yml +++ b/roles/blackbox_exporter/meta/main.yml @@ -22,6 +22,7 @@ galaxy_info: - name: "Fedora" versions: - "37" + - '38' galaxy_tags: - "exporter" - "monitoring" diff --git a/roles/blackbox_exporter/molecule/latest/molecule.yml b/roles/blackbox_exporter/molecule/latest/molecule.yml new file mode 100644 index 00000000..3e2b9470 --- /dev/null +++ b/roles/blackbox_exporter/molecule/latest/molecule.yml @@ -0,0 +1,6 @@ +--- +provisioner: + inventory: + group_vars: + all: + blackbox_exporter_version: latest diff --git a/roles/blackbox_exporter/molecule/latest/tests/test_latest.py b/roles/blackbox_exporter/molecule/latest/tests/test_latest.py new file mode 100644 index 00000000..8b5955ea --- /dev/null +++ b/roles/blackbox_exporter/molecule/latest/tests/test_latest.py @@ -0,0 +1,37 @@ +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +import os +import testinfra.utils.ansible_runner +import pytest + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +@pytest.mark.parametrize("files", [ + "/etc/systemd/system/blackbox_exporter.service", + "/usr/local/bin/blackbox_exporter" +]) +def test_files(host, files): + f = host.file(files) + assert f.exists + assert f.is_file + + +def test_service(host): + s = host.service("blackbox_exporter") + try: + assert s.is_running + except AssertionError: + # Capture service logs + journal_output = host.run('journalctl -u blackbox_exporter --since "1 hour ago"') + print("\n==== journalctl -u blackbox_exporter Output ====\n") + print(journal_output) + print("\n============================================\n") + raise # Re-raise the original assertion error + + +def test_socket(host): + s = host.socket("tcp://0.0.0.0:9100") + assert s.is_listening diff --git a/roles/blackbox_exporter/tasks/configure.yml b/roles/blackbox_exporter/tasks/configure.yml index 9323e6b8..447e1c6b 100644 --- a/roles/blackbox_exporter/tasks/configure.yml +++ b/roles/blackbox_exporter/tasks/configure.yml @@ -5,9 +5,9 @@ dest: /etc/systemd/system/blackbox_exporter.service owner: root group: root - mode: 0644 + mode: '0644' notify: - - restart blackbox exporter + - restart blackbox_exporter - name: Configure blackbox exporter ansible.builtin.template: @@ -15,6 +15,6 @@ dest: "{{ blackbox_exporter_config_dir }}/blackbox_exporter.yml" owner: root group: "{{ blackbox_exporter_group }}" - mode: 0644 + mode: '0644' notify: - - reload blackbox exporter + - reload blackbox_exporter diff --git a/roles/blackbox_exporter/tasks/install.yml b/roles/blackbox_exporter/tasks/install.yml index 777ae8a2..6470b465 100644 --- a/roles/blackbox_exporter/tasks/install.yml +++ b/roles/blackbox_exporter/tasks/install.yml @@ -15,33 +15,56 @@ createhome: false when: blackbox_exporter_user != 'root' -- name: Download blackbox exporter binary to local folder - become: false - ansible.builtin.unarchive: - src: "{{ blackbox_exporter_binary_url }}" - dest: "/tmp" - remote_src: true - creates: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/\ - blackbox_exporter" - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - when: not blackbox_exporter_skip_install +- name: Get binary + when: + - blackbox_exporter_binary_local_dir | length == 0 + - not blackbox_exporter_skip_install + block: -- name: Propagate blackbox exporter binary + - name: Download blackbox_exporter binary to local folder + become: false + ansible.builtin.get_url: + url: "{{ blackbox_exporter_binary_url }}" + dest: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}.tar.gz" + checksum: "sha256:{{ __blackbox_exporter_checksum }}" + mode: '0644' + register: _download_binary + until: _download_binary is succeeded + retries: 5 + delay: 2 + delegate_to: localhost + check_mode: false + + - name: Unpack blackbox_exporter binary + become: false + ansible.builtin.unarchive: + src: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}.tar.gz" + dest: "/tmp" + creates: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}/blackbox_exporter" + delegate_to: localhost + check_mode: false + + - name: Propagate blackbox_exporter binaries + ansible.builtin.copy: + src: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}/blackbox_exporter" + dest: "{{ blackbox_exporter_binary_install_dir }}/blackbox_exporter" + mode: 0755 + owner: root + group: root + notify: restart blackbox_exporter + when: not ansible_check_mode + +- name: Propagate locally distributed blackbox_exporter binary ansible.builtin.copy: - src: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/\ - blackbox_exporter" - dest: "/usr/local/bin/blackbox_exporter" - mode: 0750 + src: "{{ blackbox_exporter_binary_local_dir }}/blackbox_exporter" + dest: "{{ blackbox_exporter_binary_install_dir }}/blackbox_exporter" + mode: '0755' owner: root - group: "{{ blackbox_exporter_group }}" - when: not blackbox_exporter_skip_install - notify: - - restart blackbox exporter + group: root + when: + - blackbox_exporter_binary_local_dir | length > 0 + - not blackbox_exporter_skip_install + notify: restart blackbox_exporter - name: Install libcap on Debian systems ansible.builtin.package: diff --git a/roles/blackbox_exporter/tasks/preflight.yml b/roles/blackbox_exporter/tasks/preflight.yml index c3c7824f..3deecc27 100644 --- a/roles/blackbox_exporter/tasks/preflight.yml +++ b/roles/blackbox_exporter/tasks/preflight.yml @@ -24,3 +24,34 @@ ansible.builtin.assert: that: - "':' in blackbox_exporter_web_listen_address" + +- name: Discover latest version + ansible.builtin.set_fact: + blackbox_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/prometheus/blackbox_exporter/releases/latest', headers=_github_api_headers, + split_lines=False) | from_json).get('tag_name') | replace('v', '') }}" + run_once: true + until: blackbox_exporter_version is version('0.0.0', '>=') + retries: 10 + when: + - blackbox_exporter_version == "latest" + - blackbox_exporter_binary_local_dir | length == 0 + - not blackbox_exporter_skip_install + +- name: Get blackbox_exporter binary checksum + when: + - blackbox_exporter_binary_local_dir | length == 0 + - not blackbox_exporter_skip_install + block: + - name: Get checksum list from github + ansible.builtin.set_fact: + __blackbox_exporter_checksums: "{{ lookup('url', blackbox_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" + run_once: true + until: __blackbox_exporter_checksums is search('linux-' + go_arch + '.tar.gz') + retries: 10 + + - name: "Get checksum for {{ go_arch }}" + ansible.builtin.set_fact: + __blackbox_exporter_checksum: "{{ item.split(' ')[0] }}" + with_items: "{{ __blackbox_exporter_checksums }}" + when: + - "('linux-' + go_arch + '.tar.gz') in item" diff --git a/roles/blackbox_exporter/vars/main.yml b/roles/blackbox_exporter/vars/main.yml index a16d1e54..5a78bf2a 100644 --- a/roles/blackbox_exporter/vars/main.yml +++ b/roles/blackbox_exporter/vars/main.yml @@ -5,4 +5,7 @@ go_arch_map: aarch64: 'arm64' armv7l: 'armv7' armv6l: 'armv6' + +go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" _blackbox_exporter_repo: "prometheus/blackbox_exporter" +_github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" diff --git a/roles/chrony_exporter/meta/main.yml b/roles/chrony_exporter/meta/main.yml index 5416954f..76bfd21b 100644 --- a/roles/chrony_exporter/meta/main.yml +++ b/roles/chrony_exporter/meta/main.yml @@ -22,6 +22,7 @@ galaxy_info: - name: "Fedora" versions: - "37" + - '38' galaxy_tags: - "monitoring" - "prometheus" diff --git a/roles/chrony_exporter/tasks/install.yml b/roles/chrony_exporter/tasks/install.yml index 5a13cd00..0a9fd5a6 100644 --- a/roles/chrony_exporter/tasks/install.yml +++ b/roles/chrony_exporter/tasks/install.yml @@ -17,7 +17,7 @@ home: / when: chrony_exporter_system_user != "root" -- name: Discover latest version +- name: Get binary when: - chrony_exporter_binary_local_dir | length == 0 - not chrony_exporter_skip_install diff --git a/roles/mysqld_exporter/meta/main.yml b/roles/mysqld_exporter/meta/main.yml index b826cc89..3c193d78 100644 --- a/roles/mysqld_exporter/meta/main.yml +++ b/roles/mysqld_exporter/meta/main.yml @@ -22,6 +22,7 @@ galaxy_info: - name: "Fedora" versions: - "37" + - '38' galaxy_tags: - "monitoring" - "prometheus" diff --git a/roles/mysqld_exporter/tasks/install.yml b/roles/mysqld_exporter/tasks/install.yml index 0ffd92c0..d9a08b57 100644 --- a/roles/mysqld_exporter/tasks/install.yml +++ b/roles/mysqld_exporter/tasks/install.yml @@ -17,7 +17,7 @@ home: / when: mysqld_exporter_system_user != "root" -- name: Discover latest version +- name: Get binary when: - mysqld_exporter_binary_local_dir | length == 0 - not mysqld_exporter_skip_install diff --git a/roles/node_exporter/meta/main.yml b/roles/node_exporter/meta/main.yml index e0ebda79..984494a1 100644 --- a/roles/node_exporter/meta/main.yml +++ b/roles/node_exporter/meta/main.yml @@ -22,6 +22,7 @@ galaxy_info: - name: "Fedora" versions: - "37" + - '38' galaxy_tags: - "monitoring" - "prometheus" diff --git a/roles/node_exporter/tasks/install.yml b/roles/node_exporter/tasks/install.yml index fb03c1cb..4aa58937 100644 --- a/roles/node_exporter/tasks/install.yml +++ b/roles/node_exporter/tasks/install.yml @@ -17,7 +17,7 @@ home: / when: node_exporter_system_user != "root" -- name: Discover latest version +- name: Get binary when: - node_exporter_binary_local_dir | length == 0 - not node_exporter_skip_install diff --git a/roles/prometheus/defaults/main.yml b/roles/prometheus/defaults/main.yml index 72a85c7e..f4b238cc 100644 --- a/roles/prometheus/defaults/main.yml +++ b/roles/prometheus/defaults/main.yml @@ -1,5 +1,5 @@ --- -prometheus_version: 2.46.0 +prometheus_version: 2.47.2 prometheus_binary_local_dir: '' prometheus_binary_url: "https://github.com/{{ _prometheus_repo }}/releases/download/v{{ prometheus_version }}/\ prometheus-{{ prometheus_version }}.linux-{{ go_arch }}.tar.gz" @@ -25,6 +25,9 @@ prometheus_storage_retention: "30d" # supported: KB, MB, GB, TB, PB. prometheus_storage_retention_size: "0" +# The Agent mode optimizes Prometheus for the remote write use case: https://prometheus.io/blog/2021/11/16/agent/ +prometheus_agent_mode: false + prometheus_config_flags_extra: {} # prometheus_config_flags_extra: # storage.tsdb.retention: 15d @@ -223,3 +226,5 @@ prometheus_alert_rules: # noqa yaml[line-length] # noqa line-length labels: severity: warning # yamllint enable rule:line-length + +prometheus_stop_timeout: '600s' diff --git a/roles/prometheus/meta/argument_specs.yml b/roles/prometheus/meta/argument_specs.yml index 663afa30..842b4efc 100644 --- a/roles/prometheus/meta/argument_specs.yml +++ b/roles/prometheus/meta/argument_specs.yml @@ -12,7 +12,7 @@ argument_specs: description: - "Prometheus package version. Also accepts C(latest) as parameter." - "Only prometheus 2.x is supported" - default: "2.46.0" + default: "2.47.2" prometheus_skip_install: description: "Prometheus installation tasks gets skipped when set to true." type: bool @@ -59,6 +59,12 @@ argument_specs: - "Maximum number of bytes that can be stored for blocks." - "Units supported: KB, MB, GB, TB, PB." default: "0" + prometheus_agent_mode: + description: + - "The Agent mode optimizes Prometheus for the remote write use case. It disables querying, alerting, and local storage, and replaces it with a customized TSDB WAL. L(Everything,https://prometheus.io/docs/prometheus/latest/feature_flags/#prometheus-agent) else stays the same." + - "This feature is available starting from Prometheus v2.32.0." + type: bool + default: false prometheus_config_flags_extra: description: - "Additional configuration flags passed to prometheus binary at startup" @@ -144,3 +150,8 @@ argument_specs: default: - "prometheus/targets/*.yml" - "prometheus/targets/*.json" + prometheus_stop_timeout: + description: + - "How long to wait for Prometheus to shutdown. This is passed as a systemd TimeoutStopSec time spec." + type: "str" + default: "600s" diff --git a/roles/prometheus/meta/main.yml b/roles/prometheus/meta/main.yml index 9d2c59d8..d8049bdb 100644 --- a/roles/prometheus/meta/main.yml +++ b/roles/prometheus/meta/main.yml @@ -22,6 +22,7 @@ galaxy_info: - name: "Fedora" versions: - "37" + - '38' galaxy_tags: - "monitoring" - "prometheus" diff --git a/roles/prometheus/molecule/agentmode/molecule.yml b/roles/prometheus/molecule/agentmode/molecule.yml new file mode 100644 index 00000000..0d41166a --- /dev/null +++ b/roles/prometheus/molecule/agentmode/molecule.yml @@ -0,0 +1,6 @@ +--- +provisioner: + inventory: + group_vars: + all: + prometheus_agent_mode: true diff --git a/roles/prometheus/molecule/agentmode/tests/test_agentmode.py b/roles/prometheus/molecule/agentmode/tests/test_agentmode.py new file mode 100644 index 00000000..4789e6dc --- /dev/null +++ b/roles/prometheus/molecule/agentmode/tests/test_agentmode.py @@ -0,0 +1,45 @@ +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +import os +import yaml +import testinfra.utils.ansible_runner +import pytest + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +@pytest.fixture() +def AnsibleDefaults(): + with open("defaults/main.yml", 'r') as stream: + return yaml.full_load(stream) + + +@pytest.mark.parametrize('file, content', [ + ("/etc/systemd/system/prometheus.service", + "storage.agent.path=/var/lib/prometheus"), + ("/etc/systemd/system/prometheus.service", + "enable-feature=agent"), +]) +def test_file_contents(host, file, content): + f = host.file(file) + assert f.exists + assert f.is_file + assert f.contains(content) + + +def test_service(host): + s = host.service("prometheus") + assert s.is_running + + +# # "/agent" page is available (http 200) when agent mode is enabled +def test_agent_enabled(host): + output = host.check_output('curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:9090/agent') + assert '200' in output + + +def test_socket(host): + s = host.socket("tcp://0.0.0.0:9090") + assert s.is_listening diff --git a/roles/prometheus/molecule/alternative/molecule.yml b/roles/prometheus/molecule/alternative/molecule.yml index 20cb0ebe..a36add9d 100644 --- a/roles/prometheus/molecule/alternative/molecule.yml +++ b/roles/prometheus/molecule/alternative/molecule.yml @@ -87,3 +87,4 @@ provisioner: - target_label: __address__ replacement: 127.0.0.1:9115 # Blackbox exporter. version: 2.25.2 + prometheus_stop_timeout: 1min diff --git a/roles/prometheus/molecule/alternative/tests/test_alternative.py b/roles/prometheus/molecule/alternative/tests/test_alternative.py index 0969abc5..77bb392c 100644 --- a/roles/prometheus/molecule/alternative/tests/test_alternative.py +++ b/roles/prometheus/molecule/alternative/tests/test_alternative.py @@ -42,6 +42,8 @@ def test_files(host, files): "enable-feature=promql-at-modifier"), ("/etc/systemd/system/prometheus.service", "enable-feature=remote-write-receiver"), + ("/etc/systemd/system/prometheus.service", + "TimeoutStopSec=1min"), ]) def test_file_contents(host, file, content): f = host.file(file) diff --git a/roles/prometheus/tasks/configure.yml b/roles/prometheus/tasks/configure.yml index cb46ffd1..cd220f1c 100644 --- a/roles/prometheus/tasks/configure.yml +++ b/roles/prometheus/tasks/configure.yml @@ -9,6 +9,7 @@ validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s" when: - prometheus_alert_rules != [] + - not prometheus_agent_mode notify: - reload prometheus @@ -21,6 +22,8 @@ mode: 0640 validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s" with_fileglob: "{{ prometheus_alert_rules_files }}" + when: + - not prometheus_agent_mode notify: - reload prometheus diff --git a/roles/prometheus/templates/prometheus.service.j2 b/roles/prometheus/templates/prometheus.service.j2 index 7d2973af..b48a7b7b 100644 --- a/roles/prometheus/templates/prometheus.service.j2 +++ b/roles/prometheus/templates/prometheus.service.j2 @@ -13,6 +13,7 @@ User=prometheus Group=prometheus ExecReload=/bin/kill -HUP $MAINPID ExecStart={{ _prometheus_binary_install_dir }}/prometheus \ +{% if not prometheus_agent_mode %} --storage.tsdb.path={{ prometheus_db_dir }} \ {% if prometheus_version is version('2.7.0', '>=') %} --storage.tsdb.retention.time={{ prometheus_storage_retention }} \ @@ -20,6 +21,10 @@ ExecStart={{ _prometheus_binary_install_dir }}/prometheus \ {% else %} --storage.tsdb.retention={{ prometheus_storage_retention }} \ {% endif %} +{% else %} + --enable-feature=agent \ + --storage.agent.path={{ prometheus_db_dir }} \ +{% endif %} {% if prometheus_version is version('2.24.0', '>=') %} --web.config.file={{ prometheus_config_dir }}/web.yml \ {% endif %} @@ -80,6 +85,7 @@ Environment="HTTP_PROXY={{ http_proxy }}"{% if https_proxy is defined %} "HTTPS_ SyslogIdentifier=prometheus Restart=always +TimeoutStopSec={{ prometheus_stop_timeout }} [Install] WantedBy=multi-user.target diff --git a/roles/prometheus/templates/prometheus.yml.j2 b/roles/prometheus/templates/prometheus.yml.j2 index a6ed8128..fb0be5d2 100644 --- a/roles/prometheus/templates/prometheus.yml.j2 +++ b/roles/prometheus/templates/prometheus.yml.j2 @@ -17,8 +17,10 @@ remote_read: {{ prometheus_remote_read | to_nice_yaml(indent=2,sort_keys=False) | indent(2, False) }} {% endif %} +{% if not prometheus_agent_mode and prometheus_alert_rules_files != [] %} rule_files: - {{ prometheus_config_dir }}/rules/*.rules +{% endif %} {% if prometheus_alertmanager_config | length > 0 %} alerting: diff --git a/roles/pushgateway/defaults/main.yml b/roles/pushgateway/defaults/main.yml index 20833fa2..98a733b4 100644 --- a/roles/pushgateway/defaults/main.yml +++ b/roles/pushgateway/defaults/main.yml @@ -1,5 +1,5 @@ --- -pushgateway_version: 1.6.0 +pushgateway_version: 1.6.2 pushgateway_binary_local_dir: "" pushgateway_binary_url: "https://github.com/{{ _pushgateway_repo }}/releases/download/v{{ pushgateway_version }}/\ pushgateway-{{ pushgateway_version }}.linux-{{ go_arch }}.tar.gz" diff --git a/roles/pushgateway/meta/argument_specs.yml b/roles/pushgateway/meta/argument_specs.yml index 19ae2dac..ef9479aa 100644 --- a/roles/pushgateway/meta/argument_specs.yml +++ b/roles/pushgateway/meta/argument_specs.yml @@ -10,7 +10,7 @@ argument_specs: options: pushgateway_version: description: "Pushgateway package version. Also accepts latest as parameter." - default: "1.1.2" + default: "1.6.2" pushgateway_skip_install: description: "Pushgateway installation tasks gets skipped when set to true." type: bool diff --git a/roles/pushgateway/meta/main.yml b/roles/pushgateway/meta/main.yml index 839c8844..666d9dd7 100644 --- a/roles/pushgateway/meta/main.yml +++ b/roles/pushgateway/meta/main.yml @@ -22,6 +22,7 @@ galaxy_info: - name: "Fedora" versions: - "37" + - '38' galaxy_tags: - "monitoring" - "prometheus" diff --git a/roles/pushgateway/tasks/install.yml b/roles/pushgateway/tasks/install.yml index 31029700..45944b07 100644 --- a/roles/pushgateway/tasks/install.yml +++ b/roles/pushgateway/tasks/install.yml @@ -17,7 +17,7 @@ home: / when: pushgateway_system_user != "root" -- name: Discover latest version +- name: Get binary when: - pushgateway_binary_local_dir | length == 0 - not pushgateway_skip_install diff --git a/roles/smokeping_prober/meta/main.yml b/roles/smokeping_prober/meta/main.yml index 0bf7a768..98f9346c 100644 --- a/roles/smokeping_prober/meta/main.yml +++ b/roles/smokeping_prober/meta/main.yml @@ -22,6 +22,7 @@ galaxy_info: - name: "Fedora" versions: - "37" + - '38' galaxy_tags: - "monitoring" - "prometheus" diff --git a/roles/smokeping_prober/tasks/install.yml b/roles/smokeping_prober/tasks/install.yml index c682349a..e6b3979e 100644 --- a/roles/smokeping_prober/tasks/install.yml +++ b/roles/smokeping_prober/tasks/install.yml @@ -17,7 +17,7 @@ home: / when: smokeping_prober_system_user != "root" -- name: Discover latest version +- name: Get binary when: - smokeping_prober_binary_local_dir | length == 0 - not smokeping_prober_skip_install diff --git a/roles/snmp_exporter/defaults/main.yml b/roles/snmp_exporter/defaults/main.yml index 221174f6..b338e9a4 100644 --- a/roles/snmp_exporter/defaults/main.yml +++ b/roles/snmp_exporter/defaults/main.yml @@ -1,5 +1,6 @@ --- -snmp_exporter_version: 0.23.0 +snmp_exporter_version: 0.24.1 +snmp_exporter_binary_local_dir: "" snmp_exporter_binary_url: "https://github.com/{{ _snmp_exporter_repo }}/releases/download/v{{ snmp_exporter_version }}/\ snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz" snmp_exporter_checksums_url: "https://github.com/{{ _snmp_exporter_repo }}/releases/download/v{{ snmp_exporter_version }}/sha256sums.txt" @@ -9,3 +10,5 @@ snmp_exporter_log_level: info # If this is empty, role will download snmp.yml file from https://github.com/prometheus/snmp_exporter. snmp_exporter_config_file: "" + +snmp_exporter_binary_install_dir: "/usr/local/bin" diff --git a/roles/snmp_exporter/handlers/main.yml b/roles/snmp_exporter/handlers/main.yml index 8207f612..a8a10acb 100644 --- a/roles/snmp_exporter/handlers/main.yml +++ b/roles/snmp_exporter/handlers/main.yml @@ -1,14 +1,14 @@ --- -- name: Reload snmp exporter - listen: "reload snmp exporter" +- name: Reload snmp_exporter + listen: "reload snmp_exporter" become: true ansible.builtin.systemd: daemon_reload: true name: snmp_exporter state: reloaded -- name: Restart snmp exporter - listen: "restart snmp exporter" +- name: Restart snmp_exporter + listen: "restart snmp_exporter" become: true ansible.builtin.systemd: daemon_reload: true diff --git a/roles/snmp_exporter/meta/argument_specs.yml b/roles/snmp_exporter/meta/argument_specs.yml index 23e5287a..66ae9ab4 100644 --- a/roles/snmp_exporter/meta/argument_specs.yml +++ b/roles/snmp_exporter/meta/argument_specs.yml @@ -9,12 +9,17 @@ argument_specs: - "Prometheus Community" options: snmp_exporter_version: - description: "SNMP exporter package version" - default: "0.23.0" + description: "SNMP exporter package version. Also accepts latest as parameter." + default: "0.24.1" snmp_exporter_skip_install: description: "SNMP exporter installation tasks gets skipped when set to true." type: bool default: false + snmp_exporter_binary_local_dir: + description: + - "Enables the use of local packages instead of those distributed on github." + - "The parameter masnmp set to a directory where the C(snmp_exporter) binary is stored on the host where ansible is run." + - "This overrides the I(snmp_exporter_version) parameter" snmp_exporter_binary_url: description: "URL of the snmp exporter binaries .tar.gz file" default: "https://github.com/{{ _snmp_exporter_repo }}/releases/download/v{{ snmp_exporter_version }}/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz" @@ -31,3 +36,8 @@ argument_specs: description: - "If this is empty, role will download snmp.yml file from U(https://github.com/prometheus/snmp_exporter)." - "Otherwise this should contain path to file with custom snmp exporter configuration" + snmp_exporter_binary_install_dir: + description: + - "I(Advanced)" + - "Directory to install snmp_exporter binary" + default: "/usr/local/bin" diff --git a/roles/snmp_exporter/meta/main.yml b/roles/snmp_exporter/meta/main.yml index 9051c283..2b6f92b9 100644 --- a/roles/snmp_exporter/meta/main.yml +++ b/roles/snmp_exporter/meta/main.yml @@ -22,6 +22,7 @@ galaxy_info: - name: "Fedora" versions: - "37" + - '38' galaxy_tags: - "monitoring" - "prometheus" diff --git a/roles/snmp_exporter/molecule/latest/molecule.yml b/roles/snmp_exporter/molecule/latest/molecule.yml new file mode 100644 index 00000000..43666dc4 --- /dev/null +++ b/roles/snmp_exporter/molecule/latest/molecule.yml @@ -0,0 +1,6 @@ +--- +provisioner: + inventory: + group_vars: + all: + snmp_exporter_version: latest diff --git a/roles/snmp_exporter/molecule/latest/tests/test_latest.py b/roles/snmp_exporter/molecule/latest/tests/test_latest.py new file mode 100644 index 00000000..07d2d4ae --- /dev/null +++ b/roles/snmp_exporter/molecule/latest/tests/test_latest.py @@ -0,0 +1,37 @@ +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +import os +import testinfra.utils.ansible_runner +import pytest + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +@pytest.mark.parametrize("files", [ + "/etc/systemd/system/snmp_exporter.service", + "/usr/local/bin/snmp_exporter" +]) +def test_files(host, files): + f = host.file(files) + assert f.exists + assert f.is_file + + +def test_service(host): + s = host.service("snmp_exporter") + try: + assert s.is_running + except AssertionError: + # Capture service logs + journal_output = host.run('journalctl -u snmp_exporter --since "1 hour ago"') + print("\n==== journalctl -u snmp_exporter Output ====\n") + print(journal_output) + print("\n============================================\n") + raise # Re-raise the original assertion error + + +def test_socket(host): + s = host.socket("tcp://0.0.0.0:9100") + assert s.is_listening diff --git a/roles/snmp_exporter/tasks/configure.yml b/roles/snmp_exporter/tasks/configure.yml index 58f65608..7db0c4d4 100644 --- a/roles/snmp_exporter/tasks/configure.yml +++ b/roles/snmp_exporter/tasks/configure.yml @@ -7,7 +7,7 @@ group: root mode: 0644 notify: - - restart snmp exporter + - restart snmp_exporter - name: Download snmp configuration file from github repository ansible.builtin.get_url: @@ -22,7 +22,7 @@ retries: 5 delay: 2 notify: - - reload snmp exporter + - reload snmp_exporter when: not (snmp_exporter_config_file) - name: Copy configuration file @@ -34,5 +34,5 @@ mode: 0644 no_log: "{{ false if (lookup('env', 'CI')) or (lookup('env', 'MOLECULE_PROVISIONER_NAME')) else true }}" notify: - - reload snmp exporter + - reload snmp_exporter when: (snmp_exporter_config_file) diff --git a/roles/snmp_exporter/tasks/install.yml b/roles/snmp_exporter/tasks/install.yml index a6769048..ecf03d79 100644 --- a/roles/snmp_exporter/tasks/install.yml +++ b/roles/snmp_exporter/tasks/install.yml @@ -1,37 +1,54 @@ --- -- name: Download snmp_exporter binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ snmp_exporter_binary_url }}" - dest: "/tmp" - checksum: "sha256:{{ snmp_exporter_checksum }}" - mode: 0644 - register: _download_binary - until: _download_binary is success - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - when: not snmp_exporter_skip_install +- name: Get binary + when: + - snmp_exporter_binary_local_dir | length == 0 + - not snmp_exporter_skip_install + block: -- name: Unpack snmp_exporter binary - become: false - ansible.builtin.unarchive: - src: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz" - dest: "/tmp" - creates: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/snmp_exporter" - delegate_to: localhost - check_mode: false - when: not snmp_exporter_skip_install + - name: Download snmp_exporter binary to local folder + become: false + ansible.builtin.get_url: + url: "{{ snmp_exporter_binary_url }}" + dest: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}.tar.gz" + checksum: "sha256:{{ __snmp_exporter_checksum }}" + mode: '0644' + register: _download_binary + until: _download_binary is succeeded + retries: 5 + delay: 2 + delegate_to: localhost + check_mode: false -- name: Propagate SNMP Exporter binaries + - name: Unpack snmp_exporter binary + become: false + ansible.builtin.unarchive: + src: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}.tar.gz" + dest: "/tmp" + creates: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}/snmp_exporter" + delegate_to: localhost + check_mode: false + + - name: Propagate snmp_exporter binaries + ansible.builtin.copy: + src: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}/snmp_exporter" + dest: "{{ snmp_exporter_binary_install_dir }}/snmp_exporter" + mode: 0755 + owner: root + group: root + notify: restart snmp_exporter + when: not ansible_check_mode + +- name: Propagate locally distributed snmp_exporter binary ansible.builtin.copy: - src: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/snmp_exporter" - dest: "/usr/local/bin/snmp_exporter" + src: "{{ snmp_exporter_binary_local_dir }}/snmp_exporter" + dest: "{{ snmp_exporter_binary_install_dir }}/snmp_exporter" mode: 0755 - when: not snmp_exporter_skip_install - notify: - - restart snmp exporter + owner: root + group: root + when: + - snmp_exporter_binary_local_dir | length > 0 + - not snmp_exporter_skip_install + notify: restart snmp_exporter - name: Create configuration directory ansible.builtin.file: diff --git a/roles/snmp_exporter/tasks/preflight.yml b/roles/snmp_exporter/tasks/preflight.yml index f6ffdeac..d72310c3 100644 --- a/roles/snmp_exporter/tasks/preflight.yml +++ b/roles/snmp_exporter/tasks/preflight.yml @@ -1,9 +1,31 @@ --- -- name: "Get checksum for snmp exporter" +- name: Discover latest version ansible.builtin.set_fact: - snmp_exporter_checksum: "{{ item.split(' ')[0] }}" - with_items: - - "{{ lookup('url', snmp_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" + snmp_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/prometheus/snmp_exporter/releases/latest', headers=_github_api_headers, + split_lines=False) | from_json).get('tag_name') | replace('v', '') }}" + run_once: true + until: snmp_exporter_version is version('0.0.0', '>=') + retries: 10 when: - - "('linux-' + (go_arch_map[ansible_architecture] | default(ansible_architecture)) + '.tar.gz') in item" + - snmp_exporter_version == "latest" + - snmp_exporter_binary_local_dir | length == 0 - not snmp_exporter_skip_install + +- name: Get snmp_exporter binary checksum + when: + - snmp_exporter_binary_local_dir | length == 0 + - not snmp_exporter_skip_install + block: + - name: Get checksum list from github + ansible.builtin.set_fact: + __snmp_exporter_checksums: "{{ lookup('url', snmp_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" + run_once: true + until: __snmp_exporter_checksums is search('linux-' + go_arch + '.tar.gz') + retries: 10 + + - name: "Get checksum for {{ go_arch }}" + ansible.builtin.set_fact: + __snmp_exporter_checksum: "{{ item.split(' ')[0] }}" + with_items: "{{ __snmp_exporter_checksums }}" + when: + - "('linux-' + go_arch + '.tar.gz') in item" diff --git a/roles/snmp_exporter/vars/main.yml b/roles/snmp_exporter/vars/main.yml index bd456ebc..9de95378 100644 --- a/roles/snmp_exporter/vars/main.yml +++ b/roles/snmp_exporter/vars/main.yml @@ -5,5 +5,7 @@ go_arch_map: aarch64: 'arm64' armv7l: 'armv7' armv6l: 'armv6' + +go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" _snmp_exporter_repo: "prometheus/snmp_exporter" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" diff --git a/roles/systemd_exporter/README.md b/roles/systemd_exporter/README.md index 7ec88e55..15ce615d 100644 --- a/roles/systemd_exporter/README.md +++ b/roles/systemd_exporter/README.md @@ -27,6 +27,14 @@ Use it in a playbook as follows: - prometheus.prometheus.systemd_exporter ``` +### TLS config + +See node_exporter README for more extensive example. Requires systemd_exporter >= 0.5.0. + + systemd_exporter_tls_server_config: + cert_file: /etc/systemd_exporter/tls.cert + key_file: /etc/systemd_exporter/tls.key + ## Local Testing The preferred way of locally testing the role is to use Docker and [molecule](https://github.com/ansible-community/molecule) (v3.x). You will have to install Docker on your system. See "Get started" for a Docker package suitable to for your system. Running your tests is as simple as executing `molecule test`. diff --git a/roles/systemd_exporter/defaults/main.yml b/roles/systemd_exporter/defaults/main.yml index 955737f7..a4b4a46f 100644 --- a/roles/systemd_exporter/defaults/main.yml +++ b/roles/systemd_exporter/defaults/main.yml @@ -7,6 +7,8 @@ systemd_exporter_checksums_url: "https://github.com/{{ _systemd_exporter_repo }} systemd_exporter_skip_install: false systemd_exporter_web_listen_address: "0.0.0.0:9558" +systemd_exporter_tls_server_config: {} + systemd_exporter_enable_restart_count: false systemd_exporter_enable_ip_accounting: false systemd_exporter_enable_file_descriptor_size: false @@ -17,3 +19,5 @@ systemd_exporter_unit_exclude: "" systemd_exporter_binary_install_dir: "/usr/local/bin" systemd_exporter_system_group: "systemd-exporter" systemd_exporter_system_user: "{{ systemd_exporter_system_group }}" + +systemd_exporter_log_level: info diff --git a/roles/systemd_exporter/meta/argument_specs.yml b/roles/systemd_exporter/meta/argument_specs.yml index 2f89f3aa..642ccd85 100644 --- a/roles/systemd_exporter/meta/argument_specs.yml +++ b/roles/systemd_exporter/meta/argument_specs.yml @@ -29,6 +29,11 @@ argument_specs: systemd_exporter_web_listen_address: description: Address on which systemd exporter will listen" default: "0.0.0.0:9558" + systemd_exporter_tls_server_config: + description: + - "Configuration for TLS authentication." + - "Keys and values are the same as in L(Prometheus docs,https://prometheus.io/docs/prometheus/latest/configuration/https/)." + type: "dict" systemd_exporter_enable_restart_count: description: Enables service restart count metrics. This feature only works with systemd 235 and above" type: "bool" @@ -60,3 +65,5 @@ argument_specs: - "I(Advanced)" - "Systemd exporter user" default: "systemd-exporter" + systemd_exporter_log_level: + description: Only log messages with the given severity or above. diff --git a/roles/systemd_exporter/meta/main.yml b/roles/systemd_exporter/meta/main.yml index 026ec993..07be10ae 100644 --- a/roles/systemd_exporter/meta/main.yml +++ b/roles/systemd_exporter/meta/main.yml @@ -23,6 +23,7 @@ galaxy_info: - name: "Fedora" versions: - "37" + - '38' galaxy_tags: - "monitoring" - "prometheus" diff --git a/roles/systemd_exporter/molecule/alternative/molecule.yml b/roles/systemd_exporter/molecule/alternative/molecule.yml index 1b5c515c..17c10dff 100644 --- a/roles/systemd_exporter/molecule/alternative/molecule.yml +++ b/roles/systemd_exporter/molecule/alternative/molecule.yml @@ -6,4 +6,8 @@ provisioner: systemd_exporter_binary_local_dir: "/tmp/systemd_exporter-linux-amd64" systemd_exporter_web_listen_address: "127.0.0.1:9000" go_arch: amd64 - systemd_exporter_version: 0.4.0 + systemd_exporter_version: 0.5.0 + systemd_exporter_tls_server_config: + cert_file: /etc/systemd_exporter/tls.cert + key_file: /etc/systemd_exporter/tls.key + systemd_exporter_enable_file_descriptor_size: true diff --git a/roles/systemd_exporter/molecule/alternative/prepare.yml b/roles/systemd_exporter/molecule/alternative/prepare.yml index fd4acb8e..ddbed0ad 100644 --- a/roles/systemd_exporter/molecule/alternative/prepare.yml +++ b/roles/systemd_exporter/molecule/alternative/prepare.yml @@ -55,3 +55,26 @@ csr_path: "/tmp/tls.csr" privatekey_path: "/tmp/tls.key" provider: selfsigned + +- name: Run target preparation + hosts: all + any_errors_fatal: true + tasks: + - name: Create systemd_exporter cert dir + ansible.builtin.file: + path: "{{ systemd_exporter_tls_server_config.cert_file | dirname }}" + state: directory + owner: root + group: root + mode: u+rwX,g+rwX,o=rX + + - name: Copy cert and key + ansible.builtin.copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode | default('0644') }}" + loop: + - src: "/tmp/tls.cert" + dest: "{{ systemd_exporter_tls_server_config.cert_file }}" + - src: "/tmp/tls.key" + dest: "{{ systemd_exporter_tls_server_config.key_file }}" diff --git a/roles/systemd_exporter/tasks/configure.yml b/roles/systemd_exporter/tasks/configure.yml index d1596ae9..58f5428e 100644 --- a/roles/systemd_exporter/tasks/configure.yml +++ b/roles/systemd_exporter/tasks/configure.yml @@ -8,6 +8,23 @@ mode: 0644 notify: restart systemd_exporter +- name: Create systemd_exporter config directory + ansible.builtin.file: + path: "/etc/systemd_exporter" + state: directory + owner: root + group: root + mode: u+rwX,g+rwX,o=rX + +- name: Copy the systemd_exporter config file + ansible.builtin.template: + src: config.yaml.j2 + dest: /etc/systemd_exporter/config.yaml + owner: root + group: root + mode: 0644 + notify: restart systemd_exporter + - name: Allow systemd_exporter port in SELinux on RedHat OS family community.general.seport: ports: "{{ systemd_exporter_web_listen_address.split(':')[-1] }}" diff --git a/roles/systemd_exporter/tasks/preflight.yml b/roles/systemd_exporter/tasks/preflight.yml index d44218a2..e407c976 100644 --- a/roles/systemd_exporter/tasks/preflight.yml +++ b/roles/systemd_exporter/tasks/preflight.yml @@ -25,6 +25,36 @@ that: - "':' in systemd_exporter_web_listen_address" +- name: Assert that TLS config is correct + when: systemd_exporter_tls_server_config | length > 0 + block: + - name: Assert that systemd_exporter version supports TLS config + ansible.builtin.assert: + that: + - "systemd_exporter_version is version('0.5.0', '>=')" + + - name: Assert that TLS key and cert path are set + ansible.builtin.assert: + that: + - "systemd_exporter_tls_server_config.cert_file is defined" + - "systemd_exporter_tls_server_config.key_file is defined" + + - name: Check existence of TLS cert file + ansible.builtin.stat: + path: "{{ systemd_exporter_tls_server_config.cert_file }}" + register: __systemd_exporter_cert_file + + - name: Check existence of TLS key file + ansible.builtin.stat: + path: "{{ systemd_exporter_tls_server_config.key_file }}" + register: __systemd_exporter_key_file + + - name: Assert that TLS key and cert are present + ansible.builtin.assert: + that: + - "{{ __systemd_exporter_cert_file.stat.exists }}" + - "{{ __systemd_exporter_key_file.stat.exists }}" + - name: Assert that systemd version is >= 235 when enabling ip accounting or measuring restart count ansible.builtin.assert: that: diff --git a/roles/systemd_exporter/templates/config.yaml.j2 b/roles/systemd_exporter/templates/config.yaml.j2 new file mode 100644 index 00000000..682b16ce --- /dev/null +++ b/roles/systemd_exporter/templates/config.yaml.j2 @@ -0,0 +1,6 @@ +--- +{{ ansible_managed | comment }} +{% if systemd_exporter_tls_server_config | length > 0 %} +tls_server_config: +{{ systemd_exporter_tls_server_config | to_nice_yaml | indent(2, true) }} +{% endif %} diff --git a/roles/systemd_exporter/templates/systemd_exporter.service.j2 b/roles/systemd_exporter/templates/systemd_exporter.service.j2 index 2cb7e588..5d179362 100644 --- a/roles/systemd_exporter/templates/systemd_exporter.service.j2 +++ b/roles/systemd_exporter/templates/systemd_exporter.service.j2 @@ -10,13 +10,25 @@ User={{ systemd_exporter_system_user }} Group={{ systemd_exporter_system_group }} ExecStart={{ systemd_exporter_binary_install_dir }}/systemd_exporter \ {% if systemd_exporter_enable_restart_count %} + {% if systemd_exporter_version is version('0.5.0', '>=') %} --systemd.collector.enable-restart-count \ + {% else %} + --collector.enable-restart-count \ + {% endif %} {% endif %} {% if systemd_exporter_enable_file_descriptor_size %} + {% if systemd_exporter_version is version('0.5.0', '>=') %} --systemd.collector.enable-file-descriptor-size \ + {% else %} + --collector.enable-file-descriptor-size \ + {% endif %} {% endif %} {% if systemd_exporter_enable_ip_accounting %} + {% if systemd_exporter_version is version('0.5.0', '>=') %} --systemd.collector.enable-ip-accounting \ + {% else %} + --collector.enable-ip-accounting \ + {% endif %} {% endif %} {% if systemd_exporter_unit_include != ""%} --systemd.collector.unit-include={{ systemd_exporter_unit_include }} \ @@ -24,6 +36,10 @@ ExecStart={{ systemd_exporter_binary_install_dir }}/systemd_exporter \ {% if systemd_exporter_unit_exclude != "" %} --systemd.collector.unit-exclude={{ systemd_exporter_unit_exclude }} \ {% endif %} +{% if systemd_exporter_tls_server_config | length > 0 %} + --web.config.file=/etc/systemd_exporter/config.yaml \ +{% endif %} + --log.level={{ systemd_exporter_log_level }} \ --web.listen-address={{ systemd_exporter_web_listen_address }} SyslogIdentifier=systemd_exporter diff --git a/tests/integration/targets/molecule-prometheus-agentmode/runme.sh b/tests/integration/targets/molecule-prometheus-agentmode/runme.sh new file mode 100755 index 00000000..d094c3e1 --- /dev/null +++ b/tests/integration/targets/molecule-prometheus-agentmode/runme.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash + +collection_root=$(pwd | grep -oP ".+\/ansible_collections\/\w+?\/\w+") +source "$collection_root/tests/integration/molecule.sh"