Role service-dhcpd: add kea-exporter

2019-05-31 13:45:16 +02:00 · 2019-05-31 13:45:16 +02:00 · 6a4498c436
commit 6a4498c436
parent 37d0739a76
5 changed files with 76 additions and 2 deletions
--- a/roles/service-dhcpd/handlers/main.yml
+++ b/roles/service-dhcpd/handlers/main.yml
@ -7,3 +7,13 @@
  systemd:
    name: kea-dhcp4-server
    state: restarted
+
+- name: restart kea-exporter
+  systemd:
+    name: kea-exporter
+    state: restarted
+
+- name: restart nginx
+  systemd:
+    name: nginx
+    state: restarted
--- a/roles/service-dhcpd/meta/main.yml
+++ b/roles/service-dhcpd/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: service-nginx }
--- a/roles/service-dhcpd/tasks/main.yml
+++ b/roles/service-dhcpd/tasks/main.yml
@ -35,8 +35,32 @@
    state: absent
  notify: reload systemd

- name: enable systemd unit kea
+- name: install kea-exporter
+  pip:
+    name: kea-exporter
+    executable: pip3
+  notify: restart kea-exporter
+
+- name: create systemd unit for exporter
+  template:
+    src: "kea-exporter.service.j2"
+    dest: "/etc/systemd/system/kea-exporter.service"
+  notify: reload systemd
+
+- name: write vhost for exporter
+  template:
+    src: kea_exporter_vhost.conf.j2
+    dest: /etc/nginx/conf.d/kea_exporter.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart nginx
+
+- name: enable systemd units
  systemd:
-    name: kea-dhcp4-server
+    name: "{{ item }}"
    enabled: yes
    state: started
+  loop:
+    - kea-dhcp4-server
+    - kea-exporter
--- a/roles/service-dhcpd/templates/kea-exporter.service.j2
+++ b/roles/service-dhcpd/templates/kea-exporter.service.j2
@ -0,0 +1,15 @@
+[Unit]
+Description=Kea Prometheus Exporter
+Wants=network.target
+After=network.target
+
+[Service]
+Type=simple
+User=root
+Group=root
+ExecStart=/usr/local/bin/kea-exporter --address 127.0.0.1 /etc/kea/kea-dhcp4.conf
+Restart=always
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/service-dhcpd/templates/kea_exporter_vhost.conf.j2
+++ b/roles/service-dhcpd/templates/kea_exporter_vhost.conf.j2
@ -0,0 +1,22 @@
+server {
+    listen {{ lookup('dig', inventory_hostname, 'qtype=A') }}:9547 ssl;
+    listen [{{ lookup('dig', inventory_hostname, 'qtype=AAAA') }}]:9547 ssl;
+    server_name {{ inventory_hostname_short }}.{{ http_domain_external }} {{ inventory_hostname_short }}.{{ http_domain_internal }};
+
+    ssl_certificate     /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
+
+    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
+
+    location / {
+      proxy_pass http://127.0.0.1:9547;
+
+      allow 127.0.0.0/8;
+      allow ::1/128;
+{% for host in groups['monitoring'] %}
+      allow {{ lookup('dig', host, 'qtype=A') }};
+      allow {{ lookup('dig', host, 'qtype=AAAA') }};
+      deny all;
+{% endfor %}
+    }
+}