Add mash_playbook_metrics_exposure_* variables and integrate with prometheus-node-exporter and apisix-gateway
This commit is contained in:
parent
f5e6271174
commit
45951d86d1
4 changed files with 34 additions and 15 deletions
|
@ -18,12 +18,12 @@ prometheus_node_exporter_enabled: true
|
|||
|
||||
# To expose the metrics publicly, enable and configure the lines below:
|
||||
# prometheus_node_exporter_hostname: mash.example.com
|
||||
# prometheus_node_exporter_path_prefix: /metrics/node-exporter
|
||||
# prometheus_node_exporter_path_prefix: /metrics/mash-prometheus-node-exporter
|
||||
|
||||
# To protect the metrics with HTTP Basic Auth, enable and configure the lines below:
|
||||
# prometheus_node_exporter_basicauth_enabled: true
|
||||
# prometheus_node_exporter_basicauth_user: your_username
|
||||
# prometheus_node_exporter_basicauth_password: your password
|
||||
# To protect the metrics with HTTP Basic Auth, enable and configure the lines below.
|
||||
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
|
||||
# prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_enabled: true
|
||||
# prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_users: ''
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -36,6 +36,6 @@ Unless you're scraping the Prometheus Node Exporter metrics from a local [Promet
|
|||
|
||||
## Usage
|
||||
|
||||
After you installed the node exporter, your node stats will be available on `mash.example.com/metrics/node-exporter` with basic auth credentials you configured
|
||||
After you installed the node exporter, your node stats will be available on `mash.example.com/metrics/mash-prometheus-node-exporter` with the basic auth credentials you configured.
|
||||
|
||||
To integrate Prometheus Node Exporter with a [Prometheus](prometheus.md) instance, see the [Integrating with Prometheus Node Exporter](prometheus.md#integrating-with-prometheus-node-exporter) section of the documentation.
|
||||
|
|
|
@ -72,3 +72,12 @@ mash_playbook_traefik_labels_enabled: "{{ mash_playbook_reverse_proxy_type in ['
|
|||
|
||||
# Controls the additional network that reverse-proxyable services will be connected to.
|
||||
mash_playbook_reverse_proxyable_services_additional_network: "{{ devture_traefik_container_network if devture_traefik_enabled else '' }}"
|
||||
|
||||
# Controls whether various services should expose metrics publicly.
|
||||
# If Prometheus is operating on the same machine, exposing metrics publicly is not necessary.
|
||||
mash_playbook_metrics_exposure_enabled: false
|
||||
mash_playbook_metrics_exposure_hostname: ''
|
||||
mash_playbook_metrics_exposure_path_prefix: /metrics
|
||||
mash_playbook_metrics_exposure_http_basic_auth_enabled: false
|
||||
# See https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
|
||||
mash_playbook_metrics_exposure_http_basic_auth_users: ''
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
---
|
||||
|
||||
- name: Fail if required mash playbook settings not defined
|
||||
- name: Fail if required mash-playbook settings not defined
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
You need to define a required configuration setting (`{{ item }}`) for using this role.
|
||||
when: "vars[item] == ''"
|
||||
You need to define a required configuration setting (`{{ item.name }}`).
|
||||
when: "item.when | bool and vars[item.name] == ''"
|
||||
with_items:
|
||||
- mash_playbook_generic_secret_key
|
||||
- {'name': 'mash_playbook_generic_secret_key', 'when': true}
|
||||
- {'name': 'mash_playbook_generic_secret_key', 'when': true}
|
||||
- {'name': 'mash_playbook_metrics_exposure_hostname', 'when': "{{ mash_playbook_metrics_exposure_enabled }}"}
|
||||
|
||||
- name: Fail if mash_playbook_reverse_proxy_type is set incorrectly
|
||||
ansible.builtin.fail:
|
||||
|
|
|
@ -1187,6 +1187,12 @@ apisix_gateway_container_labels_traefik_docker_network: "{{ mash_playbook_revers
|
|||
apisix_gateway_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
||||
apisix_gateway_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
||||
|
||||
apisix_gateway_container_labels_metrics_enabled: "{{ prometheus_enabled | default(false) or mash_playbook_metrics_exposure_enabled }}"
|
||||
apisix_gateway_container_labels_metrics_hostname: "{{ mash_playbook_metrics_exposure_hostname }}"
|
||||
apisix_gateway_container_labels_metrics_path_prefix: "{{ mash_playbook_metrics_exposure_path_prefix }}/{{ apisix_gateway_identifier }}"
|
||||
apisix_gateway_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}"
|
||||
apisix_gateway_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}"
|
||||
|
||||
# role-specific:etcd
|
||||
apisix_gateway_config_deployment_etcd_host: |
|
||||
{{
|
||||
|
@ -3763,7 +3769,7 @@ prometheus_postgres_exporter_systemd_required_services_list: |
|
|||
|
||||
########################################################################
|
||||
# #
|
||||
# /prometheus_node_exporter #
|
||||
# /prometheus_postgres_exporter #
|
||||
# #
|
||||
########################################################################
|
||||
# /role-specific:prometheus_postgres_exporter
|
||||
|
@ -3898,15 +3904,13 @@ prometheus_node_exporter_enabled: false
|
|||
|
||||
prometheus_node_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-node-exporter"
|
||||
|
||||
prometheus_node_exporter_path_prefix: "{{ mash_playbook_metrics_exposure_path_prefix }}/{{ prometheus_node_exporter_identifier }}"
|
||||
|
||||
prometheus_node_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-node-exporter"
|
||||
|
||||
prometheus_node_exporter_uid: "{{ mash_playbook_uid }}"
|
||||
prometheus_node_exporter_gid: "{{ mash_playbook_gid }}"
|
||||
|
||||
prometheus_node_exporter_basicauth_enabled: "{{ prometheus_node_exporter_container_labels_traefik_enabled }}"
|
||||
prometheus_node_exporter_basicauth_user: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'node.user', rounds=655555) | to_uuid }}"
|
||||
prometheus_node_exporter_basicauth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'node.password', rounds=655555) | to_uuid }}"
|
||||
|
||||
prometheus_node_exporter_container_additional_networks: |
|
||||
{{
|
||||
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
||||
|
@ -3918,6 +3922,9 @@ prometheus_node_exporter_container_labels_traefik_docker_network: "{{ mash_playb
|
|||
prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
||||
prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
||||
|
||||
prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}"
|
||||
prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}"
|
||||
|
||||
prometheus_node_exporter_process_extra_arguments:
|
||||
- "--collector.disable-defaults"
|
||||
- "--collector.cpu"
|
||||
|
@ -3925,6 +3932,7 @@ prometheus_node_exporter_process_extra_arguments:
|
|||
- "--collector.meminfo"
|
||||
- "--collector.systemd"
|
||||
- "--collector.uname"
|
||||
|
||||
prometheus_node_exporter_container_extra_arguments:
|
||||
- "--security-opt apparmor=unconfined"
|
||||
- "--mount type=bind,src=/var/run/dbus/system_bus_socket,dst=/var/run/dbus/system_bus_socket,ro,bind-propagation=rslave"
|
||||
|
|
Loading…
Reference in a new issue