Role service-dhcpd: add kea-exporter

2019-05-31 13:45:16 +02:00 · 2019-05-31 13:45:16 +02:00 · 6a4498c436
commit 6a4498c436
parent 37d0739a76
5 changed files with 76 additions and 2 deletions
--- a/roles/service-dhcpd/handlers/main.yml
+++ b/roles/service-dhcpd/handlers/main.yml
@ -7,3 +7,13 @@
  systemd:
    name: kea-dhcp4-server
    state: restarted
 - name: restart kea-exporter
  systemd:
    name: kea-exporter
    state: restarted
 - name: restart nginx
  systemd:
    name: nginx
    state: restarted
--- a/roles/service-dhcpd/meta/main.yml
+++ b/roles/service-dhcpd/meta/main.yml
@ -0,0 +1,3 @@
 ---
 dependencies:
  - { role: service-nginx }
--- a/roles/service-dhcpd/tasks/main.yml
+++ b/roles/service-dhcpd/tasks/main.yml
@ -35,8 +35,32 @@
    state: absent
  notify: reload systemd
- name: enable systemd unit kea
+- name: install kea-exporter
  pip:
    name: kea-exporter
    executable: pip3
  notify: restart kea-exporter
 - name: create systemd unit for exporter
  template:
    src: "kea-exporter.service.j2"
    dest: "/etc/systemd/system/kea-exporter.service"
  notify: reload systemd
 - name: write vhost for exporter
  template:
    src: kea_exporter_vhost.conf.j2
    dest: /etc/nginx/conf.d/kea_exporter.conf
    owner: root
    group: root
    mode: 0644
  notify: restart nginx
 - name: enable systemd units
  systemd:
-    name: kea-dhcp4-server
+    name: "{{ item }}"
    enabled: yes
    state: started
  loop:
    - kea-dhcp4-server
    - kea-exporter
--- a/roles/service-dhcpd/templates/kea-exporter.service.j2
+++ b/roles/service-dhcpd/templates/kea-exporter.service.j2
@ -0,0 +1,15 @@
 [Unit]
 Description=Kea Prometheus Exporter
 Wants=network.target
 After=network.target
 [Service]
 Type=simple
 User=root
 Group=root
 ExecStart=/usr/local/bin/kea-exporter --address 127.0.0.1 /etc/kea/kea-dhcp4.conf
 Restart=always
 RestartSec=5s
 [Install]
 WantedBy=multi-user.target
--- a/roles/service-dhcpd/templates/kea_exporter_vhost.conf.j2
+++ b/roles/service-dhcpd/templates/kea_exporter_vhost.conf.j2
@ -0,0 +1,22 @@
 server {
    listen {{ lookup('dig', inventory_hostname, 'qtype=A') }}:9547 ssl;
    listen [{{ lookup('dig', inventory_hostname, 'qtype=AAAA') }}]:9547 ssl;
    server_name {{ inventory_hostname_short }}.{{ http_domain_external }} {{ inventory_hostname_short }}.{{ http_domain_internal }};
    ssl_certificate     /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
    location / {
      proxy_pass http://127.0.0.1:9547;
      allow 127.0.0.0/8;
      allow ::1/128;
 {% for host in groups['monitoring'] %}
      allow {{ lookup('dig', host, 'qtype=A') }};
      allow {{ lookup('dig', host, 'qtype=AAAA') }};
      deny all;
 {% endfor %}
    }
 }