diff --git a/playbooks/prometheus/prometheus.yml.j2 b/playbooks/prometheus/prometheus.yml.j2 index 9608013..ac7c106 100644 --- a/playbooks/prometheus/prometheus.yml.j2 +++ b/playbooks/prometheus/prometheus.yml.j2 @@ -37,6 +37,14 @@ scrape_configs: group: '{{ group }}' {% endfor %} + - job_name: "fastd" + scheme: "https" + static_configs: + - targets: +{% for host in groups['ffmwu-gateways'] %} + - '{{ host }}:9281' +{% endfor %} + - job_name: "icmp6" metrics_path: /probe params: diff --git a/roles/service-fastd-mesh/handlers/main.yml b/roles/service-fastd-mesh/handlers/main.yml index 3910b0e..be87c15 100644 --- a/roles/service-fastd-mesh/handlers/main.yml +++ b/roles/service-fastd-mesh/handlers/main.yml @@ -3,6 +3,16 @@ systemd: daemon_reload: yes +- name: restart fastd-nginx + systemd: + name: nginx.service + state: restarted + +- name: restart fastd-exporter + systemd: + name: fastd-exporter.service + state: restarted + - name: restart fastd mesh instances systemd: name: "fastd@{{ item.0.id }}vpn-{{ item.1.mtu }}" diff --git a/roles/service-fastd-mesh/meta/main.yml b/roles/service-fastd-mesh/meta/main.yml index 2f66f75..924e8d3 100644 --- a/roles/service-fastd-mesh/meta/main.yml +++ b/roles/service-fastd-mesh/meta/main.yml @@ -1,5 +1,7 @@ --- dependencies: + - { role: golang } - { role: git-repos } - { role: network-fastd } - { role: service-fastd } + - { role: service-nginx } diff --git a/roles/service-fastd-mesh/tasks/main.yml b/roles/service-fastd-mesh/tasks/main.yml index 8ac2938..56a9939 100644 --- a/roles/service-fastd-mesh/tasks/main.yml +++ b/roles/service-fastd-mesh/tasks/main.yml @@ -147,3 +147,25 @@ enabled: yes state: started loop: "{{ meshes | subelements('fastd.nodes.instances') }}" + +- name: build fastd-exporter binary + shell: "GOPATH={{ gopath }} go get -v -u github.com/freifunk-darmstadt/fastd-exporter" + notify: restart fastd-exporter + +- name: copy vhost fastd_exporter.conf + template: + src: "fastd_exporter_vhost.conf.j2" + dest: "/etc/nginx/conf.d/fastd_exporter.conf" + notify: restart nginx + +- name: create systemd unit for fastd-exporter + template: + src: "fastd-exporter.service.j2" + dest: "/etc/systemd/system/fastd-exporter.service" + notify: reload systemd + +- name: configure fastd-exporter systemd unit + systemd: + name: "fastd-exporter.service" + enabled: yes + state: started diff --git a/roles/service-fastd-mesh/templates/fastd-exporter.service.j2 b/roles/service-fastd-mesh/templates/fastd-exporter.service.j2 new file mode 100644 index 0000000..844ac26 --- /dev/null +++ b/roles/service-fastd-mesh/templates/fastd-exporter.service.j2 @@ -0,0 +1,19 @@ +[Unit] +Description=Fastd Prometheus Exporter +Documentation=https://github.com/freifunk-darmstadt/fastd-exporter +Wants=network-online.target +After=network-online.target + +[Service] +Type=simple + +{% if fastd_exporter_opts is defined %} +ExecStart={{ fastd_exporter_path }} {{ fastd_exporter_default_opts }} {{ fastd_exporter_opts }} --instances="{% for mesh in meshes %}{% for instance in mesh.fastd.nodes.instances %}{{ mesh.id }}vpn-{{ instance.mtu }}{% if not loop.last %},{% endif %}{% endfor %}{% if not loop.last %},{% endif %}{% endfor %}" +{% else %} +ExecStart={{ fastd_exporter_path }} {{ fastd_exporter_default_opts }} --instances="{% for mesh in meshes %}{% for instance in mesh.fastd.nodes.instances %}{{ mesh.id }}vpn-{{ instance.mtu }}{% if not loop.last %},{% endif %}{% endfor %}{% if not loop.last %},{% endif %}{% endfor %}" +{% endif %} +Restart=always +RestartSec=5s + +[Install] +WantedBy=multi-user.target diff --git a/roles/service-fastd-mesh/templates/fastd_exporter_vhost.conf.j2 b/roles/service-fastd-mesh/templates/fastd_exporter_vhost.conf.j2 new file mode 100644 index 0000000..89f1148 --- /dev/null +++ b/roles/service-fastd-mesh/templates/fastd_exporter_vhost.conf.j2 @@ -0,0 +1,22 @@ +server { + listen {{ lookup('dig', inventory_hostname, 'qtype=A') }}:9281 ssl; + listen [{{ lookup('dig', inventory_hostname, 'qtype=AAAA') }}]:9281 ssl; + server_name {{ inventory_hostname_short }}.{{ http_domain_external }} {{ inventory_hostname_short }}.{{ http_domain_internal }}; + + ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem; + + include /etc/nginx/snippets/letsencrypt-acme-challenge.conf; + + location / { + proxy_pass http://127.0.0.1:9281; + + allow 127.0.0.0/8; + allow ::1/128; +{% for host in groups['ffmwu-monitoring'] %} + allow {{ lookup('dig', host, 'qtype=A') }}; + allow {{ lookup('dig', host, 'qtype=AAAA') }}; + deny all; +{% endfor %} + } +} diff --git a/roles/service-fastd-mesh/vars/main.yml b/roles/service-fastd-mesh/vars/main.yml new file mode 100644 index 0000000..e05bf0a --- /dev/null +++ b/roles/service-fastd-mesh/vars/main.yml @@ -0,0 +1,2 @@ +fastd_exporter_path: "{{ gopath }}/bin/fastd-exporter" +fastd_exporter_default_opts: "--web.listen-address=localhost:9281"