role service-fastd-mesh: add fastd-exporter

playbooks/prometheus/prometheus.yml.j2

@@ -37,6 +37,14 @@ scrape_configs:
           group: '{{ group }}'
 {% endfor %}
 
+  - job_name: "fastd"
+    scheme: "https"
+    static_configs:
+      - targets:
+{% for host in groups['ffmwu-gateways'] %}
+        - '{{ host }}:9281'
+{% endfor %}
+
   - job_name: "icmp6"
     metrics_path: /probe
     params:

roles/service-fastd-mesh/handlers/main.yml

@@ -3,6 +3,16 @@
   systemd:
     daemon_reload: yes
 
+- name: restart fastd-nginx
+  systemd:
+    name: nginx.service
+    state: restarted
+
+- name: restart fastd-exporter
+  systemd:
+    name: fastd-exporter.service
+    state: restarted
+
 - name: restart fastd mesh instances
   systemd:
     name: "fastd@{{ item.0.id }}vpn-{{ item.1.mtu }}"

roles/service-fastd-mesh/meta/main.yml

@@ -1,5 +1,7 @@
 ---
 dependencies:
+  - { role: golang }
   - { role: git-repos }
   - { role: network-fastd }
   - { role: service-fastd }
+  - { role: service-nginx }

roles/service-fastd-mesh/tasks/main.yml

@@ -147,3 +147,25 @@
     enabled: yes
     state: started
   loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
+
+- name: build fastd-exporter binary
+  shell: "GOPATH={{ gopath }} go get -v -u github.com/freifunk-darmstadt/fastd-exporter"
+  notify: restart fastd-exporter
+
+- name: copy vhost fastd_exporter.conf
+  template:
+    src: "fastd_exporter_vhost.conf.j2"
+    dest: "/etc/nginx/conf.d/fastd_exporter.conf"
+  notify: restart nginx
+
+- name: create systemd unit for fastd-exporter
+  template:
+    src: "fastd-exporter.service.j2"
+    dest: "/etc/systemd/system/fastd-exporter.service"
+  notify: reload systemd
+
+- name: configure fastd-exporter systemd unit
+  systemd:
+    name: "fastd-exporter.service"
+    enabled: yes
+    state: started

roles/service-fastd-mesh/templates/fastd-exporter.service.j2

@@ -0,0 +1,19 @@
+[Unit]
+Description=Fastd Prometheus Exporter
+Documentation=https://github.com/freifunk-darmstadt/fastd-exporter
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=simple
+
+{% if fastd_exporter_opts is defined %}
+ExecStart={{ fastd_exporter_path }} {{ fastd_exporter_default_opts }} {{ fastd_exporter_opts }} --instances="{% for mesh in meshes %}{% for instance in mesh.fastd.nodes.instances %}{{ mesh.id }}vpn-{{ instance.mtu }}{% if not loop.last %},{% endif %}{% endfor %}{% if not loop.last %},{% endif %}{% endfor %}"
+{% else %}
+ExecStart={{ fastd_exporter_path }} {{ fastd_exporter_default_opts }} --instances="{% for mesh in meshes %}{% for instance in mesh.fastd.nodes.instances %}{{ mesh.id }}vpn-{{ instance.mtu }}{% if not loop.last %},{% endif %}{% endfor %}{% if not loop.last %},{% endif %}{% endfor %}"
+{% endif %}
+Restart=always
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target

roles/service-fastd-mesh/templates/fastd_exporter_vhost.conf.j2

@@ -0,0 +1,22 @@
+server {
+    listen {{ lookup('dig', inventory_hostname, 'qtype=A') }}:9281 ssl;
+    listen [{{ lookup('dig', inventory_hostname, 'qtype=AAAA') }}]:9281 ssl;
+    server_name {{ inventory_hostname_short }}.{{ http_domain_external }} {{ inventory_hostname_short }}.{{ http_domain_internal }};
+
+    ssl_certificate     /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
+
+    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
+
+    location / {
+      proxy_pass http://127.0.0.1:9281;
+
+      allow 127.0.0.0/8;
+      allow ::1/128;
+{% for host in groups['ffmwu-monitoring'] %}
+      allow {{ lookup('dig', host, 'qtype=A') }};
+      allow {{ lookup('dig', host, 'qtype=AAAA') }};
+      deny all;
+{% endfor %}
+    }
+}

roles/service-fastd-mesh/vars/main.yml

@@ -0,0 +1,2 @@
+fastd_exporter_path: "{{ gopath }}/bin/fastd-exporter"
+fastd_exporter_default_opts: "--web.listen-address=localhost:9281"