Merge branch 'main' into debian-12

Signed-off-by: Ben Kochie <superq@gmail.com>

.config/molecule/config.yml

@@ -1,6 +1,7 @@
 ---
 dependency:
   name: galaxy
+prerun: false
 driver:
   name: docker
 platforms:
@@ -58,6 +59,12 @@ platforms:
     privileged: true
     cgroup_parent: docker.slice
     command: /lib/systemd/systemd
+  - name: fedora-38
+    image: dokken/fedora-38
+    pre_build_image: true
+    privileged: true
+    cgroup_parent: docker.slice
+    command: /lib/systemd/systemd
   - name: ubuntu-20.04
     image: dokken/ubuntu-20.04
     pre_build_image: true

.github/scripts/version_updater.sh

@@ -104,7 +104,7 @@ if ! git push "https://${GITHUB_TOKEN}:@github.com/${GIT_REPO}" --set-upstream "
 fi
 
 if ! post_pull_request \
-  "patch: New ${source_repo} upstream release!" \
+  "patch: New ${source_repo} upstream release ${version}!" \
   "main" \
   "${update_branch}" \
   "The upstream [${source_repo}](https://github.com/${source_repo}/releases) released new software version - **${version}**!\n\nThis automated PR updates code to bring new version into repository." ; then

.github/workflows/conventional-label.yml

@@ -16,7 +16,7 @@ jobs:
       - name: "Confirm correct pull request title"
         uses: mmubeen/action-pr-title@master  # until PR gets merged https://github.com/deepakputhraya/action-pr-title/pull/29
         with:
-          allowed_prefixes: 'feat,feature,fix,major,breaking,minor,enhancement,deprecated,removed,security,bug,bugfix,docs,packaging,test,refactor,refactoring,skip-release,skip_changelog'
+          allowed_prefixes: 'feat,feature,fix,major,breaking,minor,enhancement,deprecated,removed,security,bug,bugfix,docs,packaging,test,refactor,refactoring,skip-release,skip_changelog,patch'
 
       - name: "Apply label"
         if: github.event.pull_request.labels.length == 0
@@ -42,7 +42,8 @@ jobs:
               "refactor": "trivial",
               "refactoring": "trivial",
               "skip-release": "skip_changelog",
-              "skip_changelog": "skip_changelog"
+              "skip_changelog": "skip_changelog",
+              "patch": "trivial"
               }
 
   role-label:

.github/workflows/publish.yml

@@ -4,6 +4,7 @@ on:
   push:
     tags:
       - '*'
+  workflow_dispatch:
 
 jobs:
   release:

CHANGELOG.rst

@@ -5,6 +5,39 @@ Prometheus.Prometheus Release Notes
 .. contents:: Topics
 
 
+v0.7.1
+======
+
+Bugfixes
+--------
+
+- fix(molecule): don't contact galaxy api since requirements come from git (https://github.com/prometheus-community/ansible/pull/241)
+
+v0.7.0
+======
+
+Minor Changes
+-------------
+
+- feat(prometheus): Add shutdown timeout variable (https://github.com/prometheus-community/ansible/pull/220)
+- feat(systemd_exporter): Add TLS configuration (https://github.com/prometheus-community/ansible/pull/205)
+- feat(systemd_exporter): Add logging configuration to systemd_exporter (https://github.com/prometheus-community/ansible/pull/210)
+
+Bugfixes
+--------
+
+- fix(systemd_exporter): Fix collector flags for older versions (https://github.com/prometheus-community/ansible/pull/208)
+- fix: blackbox_exporter ansible-lint risky-octal (https://github.com/prometheus-community/ansible/pull/174)
+
+v0.6.1
+======
+
+Bugfixes
+--------
+
+- fix(systemd_exporter): Fix collector flags for older versions (https://github.com/prometheus-community/ansible/pull/208)
+- fix: blackbox_exporter ansible-lint risky-octal (https://github.com/prometheus-community/ansible/pull/174)
+
 v0.6.0
 ======
 
@@ -14,8 +47,10 @@ Minor Changes
 - feat: Add chrony_exporter role (https://github.com/prometheus-community/ansible/pull/159)
 - feat: Add pushgateway role (https://github.com/prometheus-community/ansible/pull/127)
 - feat: Add role smokeping_prober (https://github.com/prometheus-community/ansible/pull/128)
+- feature: Agent mode support (https://github.com/prometheus-community/ansible/pull/198)
 - feature: Make config installation dir configurable (https://github.com/prometheus-community/ansible/pull/173)
 - feature: blackbox exporter user/group configurable (https://github.com/prometheus-community/ansible/pull/172)
+- minor: support fedora 38 (https://github.com/prometheus-community/ansible/pull/202)
 
 Removed Features (previously deprecated)
 ----------------------------------------
@@ -29,6 +64,7 @@ Bugfixes
 - fix(alertmanager): add routes before match_re (https://github.com/prometheus-community/ansible/pull/194)
 - fix(node_exporter): Fix ProtectHome for textfiles (https://github.com/prometheus-community/ansible/pull/184)
 - fix: Add test for argument_specs matching (https://github.com/prometheus-community/ansible/pull/177)
+- fix: Make binary installs consistent (https://github.com/prometheus-community/ansible/pull/204)
 - fix: mysqld_exporter should actually respect the mysqld_exporter_host variable (https://github.com/prometheus-community/ansible/pull/88)
 
 v0.5.2

changelogs/.plugin-cache.yaml

@@ -13,4 +13,4 @@ plugins:
   shell: {}
   strategy: {}
   vars: {}
-version: 0.6.0
+version: 0.7.1

changelogs/changelog.yaml

@@ -158,32 +158,68 @@ releases:
     release_date: '2023-06-24'
   0.6.0:
     changes:
+      bugfixes:
+        - 'fix(alertmanager): add routes before match_re (https://github.com/prometheus-community/ansible/pull/194)'
+        - 'fix(node_exporter): Fix ProtectHome for textfiles (https://github.com/prometheus-community/ansible/pull/184)'
+        - 'fix: Add test for argument_specs matching (https://github.com/prometheus-community/ansible/pull/177)'
+        - 'fix: Make binary installs consistent (https://github.com/prometheus-community/ansible/pull/204)'
+        - 'fix: mysqld_exporter should actually respect the mysqld_exporter_host variable
+          (https://github.com/prometheus-community/ansible/pull/88)'
       minor_changes:
-        - 'feature: blackbox exporter user/group configurable (https://github.com/prometheus-community/ansible/pull/172)'
-        - 'feature: Make config installation dir configurable (https://github.com/prometheus-community/ansible/pull/173)'
         - 'feat: Add chrony_exporter role (https://github.com/prometheus-community/ansible/pull/159)'
         - 'feat: Add pushgateway role (https://github.com/prometheus-community/ansible/pull/127)'
         - 'feat: Add role smokeping_prober (https://github.com/prometheus-community/ansible/pull/128)'
-      bugfixes:
+        - 'feature: Agent mode support (https://github.com/prometheus-community/ansible/pull/198)'
-        - 'fix: mysqld_exporter should actually respect the mysqld_exporter_host variable
+        - 'feature: Make config installation dir configurable (https://github.com/prometheus-community/ansible/pull/173)'
-          (https://github.com/prometheus-community/ansible/pull/88)'
+        - 'feature: blackbox exporter user/group configurable (https://github.com/prometheus-community/ansible/pull/172)'
-        - 'fix: Add test for argument_specs matching (https://github.com/prometheus-community/ansible/pull/177)'
+        - 'minor: support fedora 38 (https://github.com/prometheus-community/ansible/pull/202)'
-        - 'fix(alertmanager): add routes before match_re (https://github.com/prometheus-community/ansible/pull/194)'
-        - 'fix(node_exporter): Fix ProtectHome for textfiles (https://github.com/prometheus-community/ansible/pull/184)'
       removed_features:
-        - 'removed: Drop ubuntu 18.04 support as it is EOL (https://github.com/prometheus-community/ansible/pull/199)'
         - 'removed: Drop fedora 36 support as it is EOL (https://github.com/prometheus-community/ansible/pull/200)'
+        - 'removed: Drop ubuntu 18.04 support as it is EOL (https://github.com/prometheus-community/ansible/pull/199)'
       trivial:
-        - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/146)'
-        - 'patch: New prometheus/mysqld_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/153)'
-        - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/152)'
-        - 'patch: New prometheus/node_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/162)'
-        - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/168)'
-        - 'Fix: rename collector flags (https://github.com/prometheus-community/ansible/pull/167)'
         - Fix mysqld_exporter world-readable secrets (https://github.com/prometheus-community/ansible/pull/169)
-        - 'fix ansible-lint: risky-octal & no-same-owner (https://github.com/prometheus-community/ansible/pull/171)'
+        - 'Fix: rename collector flags (https://github.com/prometheus-community/ansible/pull/167)'
-        - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/188)'
         - 'docs(smokeping_prober): Update arguments specs (https://github.com/prometheus-community/ansible/pull/190)'
-        - 'patch: New superq/smokeping_prober upstream release! (https://github.com/prometheus-community/ansible/pull/196)'
         - 'docs: Fix node_exporter 404 TLS auth links (https://github.com/prometheus-community/ansible/pull/154)'
+        - 'fix ansible-lint: risky-octal & no-same-owner (https://github.com/prometheus-community/ansible/pull/171)'
+        - 'patch: New prometheus/alertmanager upstream release! (https://github.com/prometheus-community/ansible/pull/206)'
+        - 'patch: New prometheus/mysqld_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/153)'
+        - 'patch: New prometheus/node_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/162)'
+        - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/152)'
+        - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/168)'
+        - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/146)'
+        - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/188)'
+        - 'patch: New superq/smokeping_prober upstream release! (https://github.com/prometheus-community/ansible/pull/196)'
     release_date: '2023-07-29'
+  0.6.1:
+    changes:
+      bugfixes:
+        - 'fix(systemd_exporter): Fix collector flags for older versions (https://github.com/prometheus-community/ansible/pull/208)'
+        - 'fix: blackbox_exporter ansible-lint risky-octal (https://github.com/prometheus-community/ansible/pull/174)'
+    release_date: '2023-08-26'
+  0.7.0:
+    changes:
+      bugfixes:
+        - 'fix(systemd_exporter): Fix collector flags for older versions (https://github.com/prometheus-community/ansible/pull/208)'
+        - 'fix: blackbox_exporter ansible-lint risky-octal (https://github.com/prometheus-community/ansible/pull/174)'
+      minor_changes:
+        - 'feat(prometheus): Add shutdown timeout variable (https://github.com/prometheus-community/ansible/pull/220)'
+        - 'feat(systemd_exporter): Add TLS configuration (https://github.com/prometheus-community/ansible/pull/205)'
+        - 'feat(systemd_exporter): Add logging configuration to systemd_exporter (https://github.com/prometheus-community/ansible/pull/210)'
+      trivial:
+        - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/215)'
+        - 'patch: New prometheus/pushgateway upstream release! (https://github.com/prometheus-community/ansible/pull/219)'
+        - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/211)'
+        - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/214)'
+    release_date: '2023-08-29'
+  0.7.1:
+    changes:
+      bugfixes:
+        - "fix(molecule): don't contact galaxy api since requirements come from git
+          (https://github.com/prometheus-community/ansible/pull/241)"
+      trivial:
+        - 'docs: fix alertmanager role name (https://github.com/prometheus-community/ansible/pull/240)'
+        - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/232)'
+        - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/228)'
+        - 'docs: fix blackbox_exporter role name (https://github.com/prometheus-community/ansible/pull/239)'
+    release_date: '2023-10-27'

galaxy.yml

@@ -1,7 +1,7 @@
 ---
 namespace: prometheus
 name: prometheus
-version: 0.6.0
+version: 0.7.1
 readme: README.md
 authors:
   - "Ben Kochie (https://github.com/SuperQ)"

roles/alertmanager/README.md

@@ -25,7 +25,7 @@ Please refer to the [collection docs](https://prometheus-community.github.io/ans
 ---
   hosts: all
   roles:
-    - ansible-alertmanager
+    - prometheus.prometheus.alertmanager
   vars:
     alertmanager_version: latest
     alertmanager_slack_api_url: "http://example.com"

roles/alertmanager/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-alertmanager_version: 0.25.0
+alertmanager_version: 0.26.0
 alertmanager_binary_local_dir: ''
 alertmanager_binary_url: "https://github.com/{{ _alertmanager_repo }}/releases/download/v{{ alertmanager_version }}/\
                           alertmanager-{{ alertmanager_version }}.linux-{{ go_arch }}.tar.gz"

roles/alertmanager/meta/argument_specs.yml

@@ -10,7 +10,7 @@ argument_specs:
     options:
       alertmanager_version:
         description: "Alertmanager package version. Also accepts `latest` as parameter."
-        default: 0.25.0
+        default: 0.26.0
       alertmanager_skip_install:
         description: "Alertmanager installation tasks gets skipped when set to true."
         type: bool

roles/alertmanager/meta/main.yml

@@ -22,6 +22,7 @@ galaxy_info:
     - name: "Fedora"
       versions:
         - "37"
+        - '38'
   galaxy_tags:
     - "monitoring"
     - "prometheus"

roles/alertmanager/tasks/install.yml

@@ -26,7 +26,7 @@
     - "{{ alertmanager_db_dir }}"
     - "{{ _alertmanager_amtool_config_dir }}"
 
-- name: Get alertmanager binary
+- name: Get binary
   when:
     - alertmanager_binary_local_dir | length == 0
     - not alertmanager_skip_install

roles/blackbox_exporter/README.md

@@ -24,7 +24,7 @@ Please refer to the [collection docs](https://prometheus-community.github.io/ans
 - hosts: all
   become: true
   roles:
-    - prometheus.prometheus.blackbox-exporter
+    - prometheus.prometheus.blackbox_exporter
 ```
 
 ### Demo site

roles/blackbox_exporter/defaults/main.yml

@@ -1,8 +1,10 @@
 ---
 blackbox_exporter_version: 0.24.0
+blackbox_exporter_binary_local_dir: ""
 blackbox_exporter_binary_url: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/\
                                blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] |
                                default(ansible_architecture) }}.tar.gz"
+blackbox_exporter_checksums_url: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/sha256sums.txt"
 blackbox_exporter_skip_install: false
 
 blackbox_exporter_web_listen_address: "0.0.0.0:9115"
@@ -71,3 +73,5 @@ blackbox_exporter_configuration_modules:
 
 # Where to put the blackbox_exporter.yml main configuration file
 blackbox_exporter_config_dir: /etc
+
+blackbox_exporter_binary_install_dir: "/usr/local/bin"

roles/blackbox_exporter/handlers/main.yml

@@ -1,14 +1,14 @@
 ---
-- name: Restart blackbox exporter
+- name: Restart blackbox_exporter
-  listen: "restart blackbox exporter"
+  listen: "restart blackbox_exporter"
   become: true
   ansible.builtin.systemd:
     daemon_reload: true
     name: blackbox_exporter
     state: restarted
 
-- name: Reload blackbox exporter
+- name: Reload blackbox_exporter
-  listen: "reload blackbox exporter"
+  listen: "reload blackbox_exporter"
   become: true
   ansible.builtin.systemd:
     name: blackbox_exporter

roles/blackbox_exporter/meta/argument_specs.yml

@@ -9,15 +9,23 @@ argument_specs:
       - "Prometheus Community"
     options:
       blackbox_exporter_version:
-        description: "Blackbox exporter package version"
+        description: "Blackbox exporter package version. Also accepts latest as parameter."
         default: "0.24.0"
       blackbox_exporter_skip_install:
         description: "Blackbox exporter installation tasks gets skipped when set to true."
         type: bool
         default: false
+      blackbox_exporter_binary_local_dir:
+        description:
+          - "Enables the use of local packages instead of those distributed on github."
+          - "The parameter may be set to a directory where the C(blackbox_exporter) binary is stored on the host where ansible is run."
+          - "This overrides the I(blackbox_exporter_version) parameter"
       blackbox_exporter_binary_url:
         description: "URL of the blackbox_exporter binaries .tar.gz file"
         default: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz"
+      blackbox_exporter_checksums_url:
+        description: "URL of the blackbox exporter checksums file"
+        default: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/sha256sums.txt"
       blackbox_exporter_web_listen_address:
         description: "Address on which blackbox exporter will be listening"
         default: "0.0.0.0:9115"
@@ -37,6 +45,11 @@ argument_specs:
       blackbox_exporter_config_dir:
         description: "Directory where the blackbox exporter configuration file is placed"
         default: "/etc"
+      blackbox_exporter_binary_install_dir:
+        description:
+          - "I(Advanced)"
+          - "Directory to install blackbox_exporter binary"
+        default: "/usr/local/bin"
       blackbox_exporter_user:
         description: "The user the exporter runs as"
         default: "blackbox-exp"

roles/blackbox_exporter/meta/main.yml

@@ -22,6 +22,7 @@ galaxy_info:
     - name: "Fedora"
       versions:
         - "37"
+        - '38'
   galaxy_tags:
     - "exporter"
     - "monitoring"

roles/blackbox_exporter/molecule/latest/molecule.yml

@@ -0,0 +1,6 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        blackbox_exporter_version: latest

roles/blackbox_exporter/molecule/latest/tests/test_latest.py

@@ -0,0 +1,37 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import testinfra.utils.ansible_runner
+import pytest
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+@pytest.mark.parametrize("files", [
+    "/etc/systemd/system/blackbox_exporter.service",
+    "/usr/local/bin/blackbox_exporter"
+])
+def test_files(host, files):
+    f = host.file(files)
+    assert f.exists
+    assert f.is_file
+
+
+def test_service(host):
+    s = host.service("blackbox_exporter")
+    try:
+        assert s.is_running
+    except AssertionError:
+        # Capture service logs
+        journal_output = host.run('journalctl -u blackbox_exporter --since "1 hour ago"')
+        print("\n==== journalctl -u blackbox_exporter Output ====\n")
+        print(journal_output)
+        print("\n============================================\n")
+        raise  # Re-raise the original assertion error
+
+
+def test_socket(host):
+    s = host.socket("tcp://0.0.0.0:9100")
+    assert s.is_listening

roles/blackbox_exporter/tasks/configure.yml

@@ -5,9 +5,9 @@
     dest: /etc/systemd/system/blackbox_exporter.service
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
   notify:
-    - restart blackbox exporter
+    - restart blackbox_exporter
 
 - name: Configure blackbox exporter
   ansible.builtin.template:
@@ -15,6 +15,6 @@
     dest: "{{ blackbox_exporter_config_dir }}/blackbox_exporter.yml"
     owner: root
     group: "{{ blackbox_exporter_group }}"
-    mode: 0644
+    mode: '0644'
   notify:
-    - reload blackbox exporter
+    - reload blackbox_exporter

roles/blackbox_exporter/tasks/install.yml

@@ -15,33 +15,56 @@
     createhome: false
   when: blackbox_exporter_user != 'root'
 
-- name: Download blackbox exporter binary to local folder
+- name: Get binary
-  become: false
+  when:
-  ansible.builtin.unarchive:
+    - blackbox_exporter_binary_local_dir | length == 0
-    src: "{{ blackbox_exporter_binary_url }}"
+    - not blackbox_exporter_skip_install
-    dest: "/tmp"
+  block:
-    remote_src: true
-    creates: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/\
-              blackbox_exporter"
-  register: _download_binary
-  until: _download_binary is succeeded
-  retries: 5
-  delay: 2
-  delegate_to: localhost
-  check_mode: false
-  when: not blackbox_exporter_skip_install
 
-- name: Propagate blackbox exporter binary
+    - name: Download blackbox_exporter binary to local folder
+      become: false
+      ansible.builtin.get_url:
+        url: "{{ blackbox_exporter_binary_url }}"
+        dest: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}.tar.gz"
+        checksum: "sha256:{{ __blackbox_exporter_checksum }}"
+        mode: '0644'
+      register: _download_binary
+      until: _download_binary is succeeded
+      retries: 5
+      delay: 2
+      delegate_to: localhost
+      check_mode: false
+
+    - name: Unpack blackbox_exporter binary
+      become: false
+      ansible.builtin.unarchive:
+        src: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}.tar.gz"
+        dest: "/tmp"
+        creates: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}/blackbox_exporter"
+      delegate_to: localhost
+      check_mode: false
+
+    - name: Propagate blackbox_exporter binaries
+      ansible.builtin.copy:
+        src: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}/blackbox_exporter"
+        dest: "{{ blackbox_exporter_binary_install_dir }}/blackbox_exporter"
+        mode: 0755
+        owner: root
+        group: root
+      notify: restart blackbox_exporter
+      when: not ansible_check_mode
+
+- name: Propagate locally distributed blackbox_exporter binary
   ansible.builtin.copy:
-    src: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/\
+    src: "{{ blackbox_exporter_binary_local_dir }}/blackbox_exporter"
-          blackbox_exporter"
+    dest: "{{ blackbox_exporter_binary_install_dir }}/blackbox_exporter"
-    dest: "/usr/local/bin/blackbox_exporter"
+    mode: '0755'
-    mode: 0750
     owner: root
-    group: "{{ blackbox_exporter_group }}"
+    group: root
-  when: not blackbox_exporter_skip_install
+  when:
-  notify:
+    - blackbox_exporter_binary_local_dir | length > 0
-    - restart blackbox exporter
+    - not blackbox_exporter_skip_install
+  notify: restart blackbox_exporter
 
 - name: Install libcap on Debian systems
   ansible.builtin.package:

roles/blackbox_exporter/tasks/preflight.yml

@@ -24,3 +24,34 @@
   ansible.builtin.assert:
     that:
       - "':' in blackbox_exporter_web_listen_address"
+
+- name: Discover latest version
+  ansible.builtin.set_fact:
+    blackbox_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/prometheus/blackbox_exporter/releases/latest', headers=_github_api_headers,
+                            split_lines=False) | from_json).get('tag_name') | replace('v', '') }}"
+  run_once: true
+  until: blackbox_exporter_version is version('0.0.0', '>=')
+  retries: 10
+  when:
+    - blackbox_exporter_version == "latest"
+    - blackbox_exporter_binary_local_dir | length == 0
+    - not blackbox_exporter_skip_install
+
+- name: Get blackbox_exporter binary checksum
+  when:
+    - blackbox_exporter_binary_local_dir | length == 0
+    - not blackbox_exporter_skip_install
+  block:
+    - name: Get checksum list from github
+      ansible.builtin.set_fact:
+        __blackbox_exporter_checksums: "{{ lookup('url', blackbox_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}"
+      run_once: true
+      until: __blackbox_exporter_checksums is search('linux-' + go_arch + '.tar.gz')
+      retries: 10
+
+    - name: "Get checksum for {{ go_arch }}"
+      ansible.builtin.set_fact:
+        __blackbox_exporter_checksum: "{{ item.split(' ')[0] }}"
+      with_items: "{{ __blackbox_exporter_checksums }}"
+      when:
+        - "('linux-' + go_arch + '.tar.gz') in item"

roles/blackbox_exporter/vars/main.yml

@@ -5,4 +5,7 @@ go_arch_map:
   aarch64: 'arm64'
   armv7l: 'armv7'
   armv6l: 'armv6'
+
+go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
 _blackbox_exporter_repo: "prometheus/blackbox_exporter"
+_github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}"

roles/chrony_exporter/meta/main.yml

@@ -22,6 +22,7 @@ galaxy_info:
     - name: "Fedora"
       versions:
         - "37"
+        - '38'
   galaxy_tags:
     - "monitoring"
     - "prometheus"

roles/chrony_exporter/tasks/install.yml

@@ -17,7 +17,7 @@
     home: /
   when: chrony_exporter_system_user != "root"
 
-- name: Discover latest version
+- name: Get binary
   when:
     - chrony_exporter_binary_local_dir | length == 0
     - not chrony_exporter_skip_install

roles/mysqld_exporter/meta/main.yml

@@ -22,6 +22,7 @@ galaxy_info:
     - name: "Fedora"
       versions:
         - "37"
+        - '38'
   galaxy_tags:
     - "monitoring"
     - "prometheus"

roles/mysqld_exporter/tasks/install.yml

@@ -17,7 +17,7 @@
     home: /
   when: mysqld_exporter_system_user != "root"
 
-- name: Discover latest version
+- name: Get binary
   when:
     - mysqld_exporter_binary_local_dir | length == 0
     - not mysqld_exporter_skip_install

roles/node_exporter/meta/main.yml

@@ -22,6 +22,7 @@ galaxy_info:
     - name: "Fedora"
       versions:
         - "37"
+        - '38'
   galaxy_tags:
     - "monitoring"
     - "prometheus"

roles/node_exporter/tasks/install.yml

@@ -17,7 +17,7 @@
     home: /
   when: node_exporter_system_user != "root"
 
-- name: Discover latest version
+- name: Get binary
   when:
     - node_exporter_binary_local_dir | length == 0
     - not node_exporter_skip_install

roles/prometheus/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-prometheus_version: 2.46.0
+prometheus_version: 2.47.2
 prometheus_binary_local_dir: ''
 prometheus_binary_url: "https://github.com/{{ _prometheus_repo }}/releases/download/v{{ prometheus_version }}/\
                         prometheus-{{ prometheus_version }}.linux-{{ go_arch }}.tar.gz"
@@ -25,6 +25,9 @@ prometheus_storage_retention: "30d"
 # supported: KB, MB, GB, TB, PB.
 prometheus_storage_retention_size: "0"
 
+# The Agent mode optimizes Prometheus for the remote write use case: https://prometheus.io/blog/2021/11/16/agent/
+prometheus_agent_mode: false
+
 prometheus_config_flags_extra: {}
 # prometheus_config_flags_extra:
 #   storage.tsdb.retention: 15d
@@ -223,3 +226,5 @@ prometheus_alert_rules:  # noqa yaml[line-length]  # noqa line-length
     labels:
       severity: warning
 # yamllint enable rule:line-length
+
+prometheus_stop_timeout: '600s'

roles/prometheus/meta/argument_specs.yml

@@ -12,7 +12,7 @@ argument_specs:
         description:
           - "Prometheus package version. Also accepts C(latest) as parameter."
           - "Only prometheus 2.x is supported"
-        default: "2.46.0"
+        default: "2.47.2"
       prometheus_skip_install:
         description: "Prometheus installation tasks gets skipped when set to true."
         type: bool
@@ -59,6 +59,12 @@ argument_specs:
           - "Maximum number of bytes that can be stored for blocks."
           - "Units supported: KB, MB, GB, TB, PB."
         default: "0"
+      prometheus_agent_mode:
+        description:
+          - "The Agent mode optimizes Prometheus for the remote write use case. It disables querying, alerting, and local storage, and replaces it with a customized TSDB WAL. L(Everything,https://prometheus.io/docs/prometheus/latest/feature_flags/#prometheus-agent) else stays the same."
+          - "This feature is available starting from Prometheus v2.32.0."
+        type: bool
+        default: false
       prometheus_config_flags_extra:
         description:
           - "Additional configuration flags passed to prometheus binary at startup"
@@ -144,3 +150,8 @@ argument_specs:
         default:
           - "prometheus/targets/*.yml"
           - "prometheus/targets/*.json"
+      prometheus_stop_timeout:
+        description:
+          - "How long to wait for Prometheus to shutdown. This is passed as a systemd TimeoutStopSec time spec."
+        type: "str"
+        default: "600s"

roles/prometheus/meta/main.yml

@@ -22,6 +22,7 @@ galaxy_info:
     - name: "Fedora"
       versions:
         - "37"
+        - '38'
   galaxy_tags:
     - "monitoring"
     - "prometheus"

roles/prometheus/molecule/agentmode/molecule.yml

@@ -0,0 +1,6 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        prometheus_agent_mode: true

roles/prometheus/molecule/agentmode/tests/test_agentmode.py

@@ -0,0 +1,45 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import yaml
+import testinfra.utils.ansible_runner
+import pytest
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+@pytest.fixture()
+def AnsibleDefaults():
+    with open("defaults/main.yml", 'r') as stream:
+        return yaml.full_load(stream)
+
+
+@pytest.mark.parametrize('file, content', [
+    ("/etc/systemd/system/prometheus.service",
+     "storage.agent.path=/var/lib/prometheus"),
+    ("/etc/systemd/system/prometheus.service",
+     "enable-feature=agent"),
+])
+def test_file_contents(host, file, content):
+    f = host.file(file)
+    assert f.exists
+    assert f.is_file
+    assert f.contains(content)
+
+
+def test_service(host):
+    s = host.service("prometheus")
+    assert s.is_running
+
+
+# # "/agent" page is available (http 200) when agent mode is enabled
+def test_agent_enabled(host):
+    output = host.check_output('curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:9090/agent')
+    assert '200' in output
+
+
+def test_socket(host):
+    s = host.socket("tcp://0.0.0.0:9090")
+    assert s.is_listening

roles/prometheus/molecule/alternative/molecule.yml

@@ -87,3 +87,4 @@ provisioner:
               - target_label: __address__
                 replacement: 127.0.0.1:9115  # Blackbox exporter.
         version: 2.25.2
+        prometheus_stop_timeout: 1min

roles/prometheus/molecule/alternative/tests/test_alternative.py

@@ -42,6 +42,8 @@ def test_files(host, files):
      "enable-feature=promql-at-modifier"),
     ("/etc/systemd/system/prometheus.service",
      "enable-feature=remote-write-receiver"),
+    ("/etc/systemd/system/prometheus.service",
+     "TimeoutStopSec=1min"),
 ])
 def test_file_contents(host, file, content):
     f = host.file(file)

roles/prometheus/tasks/configure.yml

@@ -9,6 +9,7 @@
     validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s"
   when:
     - prometheus_alert_rules != []
+    - not prometheus_agent_mode
   notify:
     - reload prometheus
 
@@ -21,6 +22,8 @@
     mode: 0640
     validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s"
   with_fileglob: "{{ prometheus_alert_rules_files }}"
+  when:
+    - not prometheus_agent_mode
   notify:
     - reload prometheus
 

roles/prometheus/templates/prometheus.service.j2

@@ -13,6 +13,7 @@ User=prometheus
 Group=prometheus
 ExecReload=/bin/kill -HUP $MAINPID
 ExecStart={{ _prometheus_binary_install_dir }}/prometheus \
+{% if not prometheus_agent_mode %}
   --storage.tsdb.path={{ prometheus_db_dir }} \
 {% if prometheus_version is version('2.7.0', '>=') %}
   --storage.tsdb.retention.time={{ prometheus_storage_retention }} \
@@ -20,6 +21,10 @@ ExecStart={{ _prometheus_binary_install_dir }}/prometheus \
 {% else %}
   --storage.tsdb.retention={{ prometheus_storage_retention }} \
 {% endif %}
+{% else %}
+  --enable-feature=agent \
+  --storage.agent.path={{ prometheus_db_dir }} \
+{% endif %}
 {% if prometheus_version is version('2.24.0', '>=') %}
   --web.config.file={{ prometheus_config_dir }}/web.yml \
 {% endif %}
@@ -80,6 +85,7 @@ Environment="HTTP_PROXY={{ http_proxy }}"{% if https_proxy is defined %} "HTTPS_
 
 SyslogIdentifier=prometheus
 Restart=always
+TimeoutStopSec={{ prometheus_stop_timeout }}
 
 [Install]
 WantedBy=multi-user.target

roles/prometheus/templates/prometheus.yml.j2

@@ -17,8 +17,10 @@ remote_read:
   {{ prometheus_remote_read | to_nice_yaml(indent=2,sort_keys=False) | indent(2, False) }}
 {% endif %}
 
+{% if not prometheus_agent_mode and prometheus_alert_rules_files != [] %}
 rule_files:
   - {{ prometheus_config_dir }}/rules/*.rules
+{% endif %}
 
 {% if prometheus_alertmanager_config | length > 0 %}
 alerting:

roles/pushgateway/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-pushgateway_version: 1.6.0
+pushgateway_version: 1.6.2
 pushgateway_binary_local_dir: ""
 pushgateway_binary_url: "https://github.com/{{ _pushgateway_repo }}/releases/download/v{{ pushgateway_version }}/\
                            pushgateway-{{ pushgateway_version }}.linux-{{ go_arch }}.tar.gz"

roles/pushgateway/meta/argument_specs.yml

@@ -10,7 +10,7 @@ argument_specs:
     options:
       pushgateway_version:
         description: "Pushgateway package version. Also accepts latest as parameter."
-        default: "1.1.2"
+        default: "1.6.2"
       pushgateway_skip_install:
         description: "Pushgateway installation tasks gets skipped when set to true."
         type: bool

roles/pushgateway/meta/main.yml

@@ -22,6 +22,7 @@ galaxy_info:
     - name: "Fedora"
       versions:
         - "37"
+        - '38'
   galaxy_tags:
     - "monitoring"
     - "prometheus"

roles/pushgateway/tasks/install.yml

@@ -17,7 +17,7 @@
     home: /
   when: pushgateway_system_user != "root"
 
-- name: Discover latest version
+- name: Get binary
   when:
     - pushgateway_binary_local_dir | length == 0
     - not pushgateway_skip_install

roles/smokeping_prober/meta/main.yml

@@ -22,6 +22,7 @@ galaxy_info:
     - name: "Fedora"
       versions:
         - "37"
+        - '38'
   galaxy_tags:
     - "monitoring"
     - "prometheus"

roles/smokeping_prober/tasks/install.yml

@@ -17,7 +17,7 @@
     home: /
   when: smokeping_prober_system_user != "root"
 
-- name: Discover latest version
+- name: Get binary
   when:
     - smokeping_prober_binary_local_dir | length == 0
     - not smokeping_prober_skip_install

roles/snmp_exporter/defaults/main.yml

@@ -1,5 +1,6 @@
 ---
-snmp_exporter_version: 0.23.0
+snmp_exporter_version: 0.24.1
+snmp_exporter_binary_local_dir: ""
 snmp_exporter_binary_url: "https://github.com/{{ _snmp_exporter_repo }}/releases/download/v{{ snmp_exporter_version }}/\
                            snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz"
 snmp_exporter_checksums_url: "https://github.com/{{ _snmp_exporter_repo }}/releases/download/v{{ snmp_exporter_version }}/sha256sums.txt"
@@ -9,3 +10,5 @@ snmp_exporter_log_level: info
 
 # If this is empty, role will download snmp.yml file from https://github.com/prometheus/snmp_exporter.
 snmp_exporter_config_file: ""
+
+snmp_exporter_binary_install_dir: "/usr/local/bin"

roles/snmp_exporter/handlers/main.yml

@@ -1,14 +1,14 @@
 ---
-- name: Reload snmp exporter
+- name: Reload snmp_exporter
-  listen: "reload snmp exporter"
+  listen: "reload snmp_exporter"
   become: true
   ansible.builtin.systemd:
     daemon_reload: true
     name: snmp_exporter
     state: reloaded
 
-- name: Restart snmp exporter
+- name: Restart snmp_exporter
-  listen: "restart snmp exporter"
+  listen: "restart snmp_exporter"
   become: true
   ansible.builtin.systemd:
     daemon_reload: true

roles/snmp_exporter/meta/argument_specs.yml

@@ -9,12 +9,17 @@ argument_specs:
       - "Prometheus Community"
     options:
       snmp_exporter_version:
-        description: "SNMP exporter package version"
+        description: "SNMP exporter package version. Also accepts latest as parameter."
-        default: "0.23.0"
+        default: "0.24.1"
       snmp_exporter_skip_install:
         description: "SNMP exporter installation tasks gets skipped when set to true."
         type: bool
         default: false
+      snmp_exporter_binary_local_dir:
+        description:
+          - "Enables the use of local packages instead of those distributed on github."
+          - "The parameter masnmp set to a directory where the C(snmp_exporter) binary is stored on the host where ansible is run."
+          - "This overrides the I(snmp_exporter_version) parameter"
       snmp_exporter_binary_url:
         description: "URL of the snmp exporter binaries .tar.gz file"
         default: "https://github.com/{{ _snmp_exporter_repo }}/releases/download/v{{ snmp_exporter_version }}/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz"
@@ -31,3 +36,8 @@ argument_specs:
         description:
           - "If this is empty, role will download snmp.yml file from U(https://github.com/prometheus/snmp_exporter)."
           - "Otherwise this should contain path to file with custom snmp exporter configuration"
+      snmp_exporter_binary_install_dir:
+        description:
+          - "I(Advanced)"
+          - "Directory to install snmp_exporter binary"
+        default: "/usr/local/bin"

roles/snmp_exporter/meta/main.yml

@@ -22,6 +22,7 @@ galaxy_info:
     - name: "Fedora"
       versions:
         - "37"
+        - '38'
   galaxy_tags:
     - "monitoring"
     - "prometheus"

roles/snmp_exporter/molecule/latest/molecule.yml

@@ -0,0 +1,6 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        snmp_exporter_version: latest

roles/snmp_exporter/molecule/latest/tests/test_latest.py

@@ -0,0 +1,37 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import testinfra.utils.ansible_runner
+import pytest
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+@pytest.mark.parametrize("files", [
+    "/etc/systemd/system/snmp_exporter.service",
+    "/usr/local/bin/snmp_exporter"
+])
+def test_files(host, files):
+    f = host.file(files)
+    assert f.exists
+    assert f.is_file
+
+
+def test_service(host):
+    s = host.service("snmp_exporter")
+    try:
+        assert s.is_running
+    except AssertionError:
+        # Capture service logs
+        journal_output = host.run('journalctl -u snmp_exporter --since "1 hour ago"')
+        print("\n==== journalctl -u snmp_exporter Output ====\n")
+        print(journal_output)
+        print("\n============================================\n")
+        raise  # Re-raise the original assertion error
+
+
+def test_socket(host):
+    s = host.socket("tcp://0.0.0.0:9100")
+    assert s.is_listening

roles/snmp_exporter/tasks/configure.yml

@@ -7,7 +7,7 @@
     group: root
     mode: 0644
   notify:
-    - restart snmp exporter
+    - restart snmp_exporter
 
 - name: Download snmp configuration file from github repository
   ansible.builtin.get_url:
@@ -22,7 +22,7 @@
   retries: 5
   delay: 2
   notify:
-    - reload snmp exporter
+    - reload snmp_exporter
   when: not (snmp_exporter_config_file)
 
 - name: Copy configuration file
@@ -34,5 +34,5 @@
     mode: 0644
   no_log: "{{ false if (lookup('env', 'CI')) or (lookup('env', 'MOLECULE_PROVISIONER_NAME')) else true }}"
   notify:
-    - reload snmp exporter
+    - reload snmp_exporter
   when: (snmp_exporter_config_file)

roles/snmp_exporter/tasks/install.yml

@@ -1,37 +1,54 @@
 ---
-- name: Download snmp_exporter binary to local folder
+- name: Get binary
-  become: false
+  when:
-  ansible.builtin.get_url:
+    - snmp_exporter_binary_local_dir | length == 0
-    url: "{{ snmp_exporter_binary_url }}"
+    - not snmp_exporter_skip_install
-    dest: "/tmp"
+  block:
-    checksum: "sha256:{{ snmp_exporter_checksum }}"
-    mode: 0644
-  register: _download_binary
-  until: _download_binary is success
-  retries: 5
-  delay: 2
-  delegate_to: localhost
-  check_mode: false
-  when: not snmp_exporter_skip_install
 
-- name: Unpack snmp_exporter binary
+    - name: Download snmp_exporter binary to local folder
-  become: false
+      become: false
-  ansible.builtin.unarchive:
+      ansible.builtin.get_url:
-    src: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz"
+        url: "{{ snmp_exporter_binary_url }}"
-    dest: "/tmp"
+        dest: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}.tar.gz"
-    creates: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/snmp_exporter"
+        checksum: "sha256:{{ __snmp_exporter_checksum }}"
-  delegate_to: localhost
+        mode: '0644'
-  check_mode: false
+      register: _download_binary
-  when: not snmp_exporter_skip_install
+      until: _download_binary is succeeded
+      retries: 5
+      delay: 2
+      delegate_to: localhost
+      check_mode: false
 
-- name: Propagate SNMP Exporter binaries
+    - name: Unpack snmp_exporter binary
+      become: false
+      ansible.builtin.unarchive:
+        src: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}.tar.gz"
+        dest: "/tmp"
+        creates: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}/snmp_exporter"
+      delegate_to: localhost
+      check_mode: false
+
+    - name: Propagate snmp_exporter binaries
+      ansible.builtin.copy:
+        src: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}/snmp_exporter"
+        dest: "{{ snmp_exporter_binary_install_dir }}/snmp_exporter"
+        mode: 0755
+        owner: root
+        group: root
+      notify: restart snmp_exporter
+      when: not ansible_check_mode
+
+- name: Propagate locally distributed snmp_exporter binary
   ansible.builtin.copy:
-    src: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/snmp_exporter"
+    src: "{{ snmp_exporter_binary_local_dir }}/snmp_exporter"
-    dest: "/usr/local/bin/snmp_exporter"
+    dest: "{{ snmp_exporter_binary_install_dir }}/snmp_exporter"
     mode: 0755
-  when: not snmp_exporter_skip_install
+    owner: root
-  notify:
+    group: root
-    - restart snmp exporter
+  when:
+    - snmp_exporter_binary_local_dir | length > 0
+    - not snmp_exporter_skip_install
+  notify: restart snmp_exporter
 
 - name: Create configuration directory
   ansible.builtin.file:

roles/snmp_exporter/tasks/preflight.yml

@@ -1,9 +1,31 @@
 ---
-- name: "Get checksum for snmp exporter"
+- name: Discover latest version
   ansible.builtin.set_fact:
-    snmp_exporter_checksum: "{{ item.split(' ')[0] }}"
+    snmp_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/prometheus/snmp_exporter/releases/latest', headers=_github_api_headers,
-  with_items:
+                            split_lines=False) | from_json).get('tag_name') | replace('v', '') }}"
-    - "{{ lookup('url', snmp_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}"
+  run_once: true
+  until: snmp_exporter_version is version('0.0.0', '>=')
+  retries: 10
   when:
-    - "('linux-' + (go_arch_map[ansible_architecture] | default(ansible_architecture)) + '.tar.gz') in item"
+    - snmp_exporter_version == "latest"
+    - snmp_exporter_binary_local_dir | length == 0
     - not snmp_exporter_skip_install
+
+- name: Get snmp_exporter binary checksum
+  when:
+    - snmp_exporter_binary_local_dir | length == 0
+    - not snmp_exporter_skip_install
+  block:
+    - name: Get checksum list from github
+      ansible.builtin.set_fact:
+        __snmp_exporter_checksums: "{{ lookup('url', snmp_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}"
+      run_once: true
+      until: __snmp_exporter_checksums is search('linux-' + go_arch + '.tar.gz')
+      retries: 10
+
+    - name: "Get checksum for {{ go_arch }}"
+      ansible.builtin.set_fact:
+        __snmp_exporter_checksum: "{{ item.split(' ')[0] }}"
+      with_items: "{{ __snmp_exporter_checksums }}"
+      when:
+        - "('linux-' + go_arch + '.tar.gz') in item"

roles/snmp_exporter/vars/main.yml

@@ -5,5 +5,7 @@ go_arch_map:
   aarch64: 'arm64'
   armv7l: 'armv7'
   armv6l: 'armv6'
+
+go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
 _snmp_exporter_repo: "prometheus/snmp_exporter"
 _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}"

roles/systemd_exporter/README.md

@@ -27,6 +27,14 @@ Use it in a playbook as follows:
     - prometheus.prometheus.systemd_exporter
 ```
 
+### TLS config
+
+See node_exporter README for more extensive example. Requires systemd_exporter >= 0.5.0.
+
+    systemd_exporter_tls_server_config:
+      cert_file: /etc/systemd_exporter/tls.cert
+      key_file: /etc/systemd_exporter/tls.key
+
 ## Local Testing
 
 The preferred way of locally testing the role is to use Docker and [molecule](https://github.com/ansible-community/molecule) (v3.x). You will have to install Docker on your system. See "Get started" for a Docker package suitable to for your system. Running your tests is as simple as executing `molecule test`.

roles/systemd_exporter/defaults/main.yml

@@ -7,6 +7,8 @@ systemd_exporter_checksums_url: "https://github.com/{{ _systemd_exporter_repo }}
 systemd_exporter_skip_install: false
 systemd_exporter_web_listen_address: "0.0.0.0:9558"
 
+systemd_exporter_tls_server_config: {}
+
 systemd_exporter_enable_restart_count: false
 systemd_exporter_enable_ip_accounting: false
 systemd_exporter_enable_file_descriptor_size: false
@@ -17,3 +19,5 @@ systemd_exporter_unit_exclude: ""
 systemd_exporter_binary_install_dir: "/usr/local/bin"
 systemd_exporter_system_group: "systemd-exporter"
 systemd_exporter_system_user: "{{ systemd_exporter_system_group }}"
+
+systemd_exporter_log_level: info

roles/systemd_exporter/meta/argument_specs.yml

@@ -29,6 +29,11 @@ argument_specs:
       systemd_exporter_web_listen_address:
         description: Address on which systemd exporter will listen"
         default: "0.0.0.0:9558"
+      systemd_exporter_tls_server_config:
+        description:
+          - "Configuration for TLS authentication."
+          - "Keys and values are the same as in L(Prometheus docs,https://prometheus.io/docs/prometheus/latest/configuration/https/)."
+        type: "dict"
       systemd_exporter_enable_restart_count:
         description: Enables service restart count metrics. This feature only works with systemd 235 and above"
         type: "bool"
@@ -60,3 +65,5 @@ argument_specs:
           - "I(Advanced)"
           - "Systemd exporter user"
         default: "systemd-exporter"
+      systemd_exporter_log_level:
+        description: Only log messages with the given severity or above.

roles/systemd_exporter/meta/main.yml

@@ -23,6 +23,7 @@ galaxy_info:
     - name: "Fedora"
       versions:
         - "37"
+        - '38'
   galaxy_tags:
     - "monitoring"
     - "prometheus"

roles/systemd_exporter/molecule/alternative/molecule.yml

@@ -6,4 +6,8 @@ provisioner:
         systemd_exporter_binary_local_dir: "/tmp/systemd_exporter-linux-amd64"
         systemd_exporter_web_listen_address: "127.0.0.1:9000"
         go_arch: amd64
-        systemd_exporter_version: 0.4.0
+        systemd_exporter_version: 0.5.0
+        systemd_exporter_tls_server_config:
+          cert_file: /etc/systemd_exporter/tls.cert
+          key_file: /etc/systemd_exporter/tls.key
+        systemd_exporter_enable_file_descriptor_size: true

roles/systemd_exporter/molecule/alternative/prepare.yml

@@ -55,3 +55,26 @@
         csr_path: "/tmp/tls.csr"
         privatekey_path: "/tmp/tls.key"
         provider: selfsigned
+
+- name: Run target preparation
+  hosts: all
+  any_errors_fatal: true
+  tasks:
+    - name: Create systemd_exporter cert dir
+      ansible.builtin.file:
+        path: "{{ systemd_exporter_tls_server_config.cert_file | dirname }}"
+        state: directory
+        owner: root
+        group: root
+        mode: u+rwX,g+rwX,o=rX
+
+    - name: Copy cert and key
+      ansible.builtin.copy:
+        src: "{{ item.src }}"
+        dest: "{{ item.dest }}"
+        mode: "{{ item.mode | default('0644') }}"
+      loop:
+        - src: "/tmp/tls.cert"
+          dest: "{{ systemd_exporter_tls_server_config.cert_file }}"
+        - src: "/tmp/tls.key"
+          dest: "{{ systemd_exporter_tls_server_config.key_file }}"

roles/systemd_exporter/tasks/configure.yml

@@ -8,6 +8,23 @@
     mode: 0644
   notify: restart systemd_exporter
 
+- name: Create systemd_exporter config directory
+  ansible.builtin.file:
+    path: "/etc/systemd_exporter"
+    state: directory
+    owner: root
+    group: root
+    mode: u+rwX,g+rwX,o=rX
+
+- name: Copy the systemd_exporter config file
+  ansible.builtin.template:
+    src: config.yaml.j2
+    dest: /etc/systemd_exporter/config.yaml
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart systemd_exporter
+
 - name: Allow systemd_exporter port in SELinux on RedHat OS family
   community.general.seport:
     ports: "{{ systemd_exporter_web_listen_address.split(':')[-1] }}"

roles/systemd_exporter/tasks/preflight.yml

@@ -25,6 +25,36 @@
     that:
       - "':' in systemd_exporter_web_listen_address"
 
+- name: Assert that TLS config is correct
+  when: systemd_exporter_tls_server_config | length > 0
+  block:
+    - name: Assert that systemd_exporter version supports TLS config
+      ansible.builtin.assert:
+        that:
+          - "systemd_exporter_version is version('0.5.0', '>=')"
+
+    - name: Assert that TLS key and cert path are set
+      ansible.builtin.assert:
+        that:
+          - "systemd_exporter_tls_server_config.cert_file is defined"
+          - "systemd_exporter_tls_server_config.key_file is defined"
+
+    - name: Check existence of TLS cert file
+      ansible.builtin.stat:
+        path: "{{ systemd_exporter_tls_server_config.cert_file }}"
+      register: __systemd_exporter_cert_file
+
+    - name: Check existence of TLS key file
+      ansible.builtin.stat:
+        path: "{{ systemd_exporter_tls_server_config.key_file }}"
+      register: __systemd_exporter_key_file
+
+    - name: Assert that TLS key and cert are present
+      ansible.builtin.assert:
+        that:
+          - "{{ __systemd_exporter_cert_file.stat.exists }}"
+          - "{{ __systemd_exporter_key_file.stat.exists }}"
+
 - name: Assert that systemd version is >= 235 when enabling ip accounting or measuring restart count
   ansible.builtin.assert:
     that:

roles/systemd_exporter/templates/config.yaml.j2

@@ -0,0 +1,6 @@
+---
+{{ ansible_managed | comment }}
+{% if systemd_exporter_tls_server_config | length > 0 %}
+tls_server_config:
+{{ systemd_exporter_tls_server_config | to_nice_yaml | indent(2, true) }}
+{% endif %}

roles/systemd_exporter/templates/systemd_exporter.service.j2

@@ -10,13 +10,25 @@ User={{ systemd_exporter_system_user }}
 Group={{ systemd_exporter_system_group }}
 ExecStart={{ systemd_exporter_binary_install_dir }}/systemd_exporter \
 {% if systemd_exporter_enable_restart_count %}
+    {% if systemd_exporter_version is version('0.5.0', '>=') %}
     --systemd.collector.enable-restart-count \
+    {% else %}
+    --collector.enable-restart-count \
+    {% endif %}
 {% endif %}
 {% if systemd_exporter_enable_file_descriptor_size %}
+    {% if systemd_exporter_version is version('0.5.0', '>=') %}
     --systemd.collector.enable-file-descriptor-size \
+    {% else %}
+    --collector.enable-file-descriptor-size \
+    {% endif %}
 {% endif %}
 {% if systemd_exporter_enable_ip_accounting %}
+    {% if systemd_exporter_version is version('0.5.0', '>=') %}
     --systemd.collector.enable-ip-accounting \
+    {% else %}
+    --collector.enable-ip-accounting \
+    {% endif %}
 {% endif %}
 {% if systemd_exporter_unit_include != ""%}
     --systemd.collector.unit-include={{ systemd_exporter_unit_include }} \
@@ -24,6 +36,10 @@ ExecStart={{ systemd_exporter_binary_install_dir }}/systemd_exporter \
 {% if systemd_exporter_unit_exclude != "" %}
     --systemd.collector.unit-exclude={{ systemd_exporter_unit_exclude }} \
 {% endif %}
+{% if systemd_exporter_tls_server_config | length > 0 %}
+    --web.config.file=/etc/systemd_exporter/config.yaml \
+{% endif %}
+    --log.level={{ systemd_exporter_log_level }} \
     --web.listen-address={{ systemd_exporter_web_listen_address }}
 
 SyslogIdentifier=systemd_exporter

tests/integration/targets/molecule-prometheus-agentmode/runme.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+collection_root=$(pwd | grep -oP ".+\/ansible_collections\/\w+?\/\w+")
+source "$collection_root/tests/integration/molecule.sh"