From 6a4498c436360e80520f1e1ac4136a724074d00b Mon Sep 17 00:00:00 2001 From: Julian Labus Date: Fri, 31 May 2019 13:45:16 +0200 Subject: [PATCH] Role service-dhcpd: add kea-exporter --- roles/service-dhcpd/handlers/main.yml | 10 +++++++ roles/service-dhcpd/meta/main.yml | 3 ++ roles/service-dhcpd/tasks/main.yml | 28 +++++++++++++++++-- .../templates/kea-exporter.service.j2 | 15 ++++++++++ .../templates/kea_exporter_vhost.conf.j2 | 22 +++++++++++++++ 5 files changed, 76 insertions(+), 2 deletions(-) create mode 100644 roles/service-dhcpd/meta/main.yml create mode 100644 roles/service-dhcpd/templates/kea-exporter.service.j2 create mode 100644 roles/service-dhcpd/templates/kea_exporter_vhost.conf.j2 diff --git a/roles/service-dhcpd/handlers/main.yml b/roles/service-dhcpd/handlers/main.yml index 8b258f8..0517268 100644 --- a/roles/service-dhcpd/handlers/main.yml +++ b/roles/service-dhcpd/handlers/main.yml @@ -7,3 +7,13 @@ systemd: name: kea-dhcp4-server state: restarted + +- name: restart kea-exporter + systemd: + name: kea-exporter + state: restarted + +- name: restart nginx + systemd: + name: nginx + state: restarted diff --git a/roles/service-dhcpd/meta/main.yml b/roles/service-dhcpd/meta/main.yml new file mode 100644 index 0000000..814b458 --- /dev/null +++ b/roles/service-dhcpd/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: service-nginx } diff --git a/roles/service-dhcpd/tasks/main.yml b/roles/service-dhcpd/tasks/main.yml index b1d1a0f..08840d7 100644 --- a/roles/service-dhcpd/tasks/main.yml +++ b/roles/service-dhcpd/tasks/main.yml @@ -35,8 +35,32 @@ state: absent notify: reload systemd -- name: enable systemd unit kea +- name: install kea-exporter + pip: + name: kea-exporter + executable: pip3 + notify: restart kea-exporter + +- name: create systemd unit for exporter + template: + src: "kea-exporter.service.j2" + dest: "/etc/systemd/system/kea-exporter.service" + notify: reload systemd + +- name: write vhost for exporter + template: + src: kea_exporter_vhost.conf.j2 + dest: /etc/nginx/conf.d/kea_exporter.conf + owner: root + group: root + mode: 0644 + notify: restart nginx + +- name: enable systemd units systemd: - name: kea-dhcp4-server + name: "{{ item }}" enabled: yes state: started + loop: + - kea-dhcp4-server + - kea-exporter diff --git a/roles/service-dhcpd/templates/kea-exporter.service.j2 b/roles/service-dhcpd/templates/kea-exporter.service.j2 new file mode 100644 index 0000000..6f3aa03 --- /dev/null +++ b/roles/service-dhcpd/templates/kea-exporter.service.j2 @@ -0,0 +1,15 @@ +[Unit] +Description=Kea Prometheus Exporter +Wants=network.target +After=network.target + +[Service] +Type=simple +User=root +Group=root +ExecStart=/usr/local/bin/kea-exporter --address 127.0.0.1 /etc/kea/kea-dhcp4.conf +Restart=always +RestartSec=5s + +[Install] +WantedBy=multi-user.target diff --git a/roles/service-dhcpd/templates/kea_exporter_vhost.conf.j2 b/roles/service-dhcpd/templates/kea_exporter_vhost.conf.j2 new file mode 100644 index 0000000..00d927b --- /dev/null +++ b/roles/service-dhcpd/templates/kea_exporter_vhost.conf.j2 @@ -0,0 +1,22 @@ +server { + listen {{ lookup('dig', inventory_hostname, 'qtype=A') }}:9547 ssl; + listen [{{ lookup('dig', inventory_hostname, 'qtype=AAAA') }}]:9547 ssl; + server_name {{ inventory_hostname_short }}.{{ http_domain_external }} {{ inventory_hostname_short }}.{{ http_domain_internal }}; + + ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem; + + include /etc/nginx/snippets/letsencrypt-acme-challenge.conf; + + location / { + proxy_pass http://127.0.0.1:9547; + + allow 127.0.0.0/8; + allow ::1/128; +{% for host in groups['monitoring'] %} + allow {{ lookup('dig', host, 'qtype=A') }}; + allow {{ lookup('dig', host, 'qtype=AAAA') }}; + deny all; +{% endfor %} + } +}