Add mash_playbook_metrics_exposure_* variables and integrate with prometheus-node-exporter and apisix-gateway

This commit is contained in:
Slavi Pantaleev 2024-01-23 17:51:59 +02:00
parent f5e6271174
commit 45951d86d1
4 changed files with 34 additions and 15 deletions

View file

@ -18,12 +18,12 @@ prometheus_node_exporter_enabled: true
# To expose the metrics publicly, enable and configure the lines below: # To expose the metrics publicly, enable and configure the lines below:
# prometheus_node_exporter_hostname: mash.example.com # prometheus_node_exporter_hostname: mash.example.com
# prometheus_node_exporter_path_prefix: /metrics/node-exporter # prometheus_node_exporter_path_prefix: /metrics/mash-prometheus-node-exporter
# To protect the metrics with HTTP Basic Auth, enable and configure the lines below: # To protect the metrics with HTTP Basic Auth, enable and configure the lines below.
# prometheus_node_exporter_basicauth_enabled: true # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
# prometheus_node_exporter_basicauth_user: your_username # prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_enabled: true
# prometheus_node_exporter_basicauth_password: your password # prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_users: ''
######################################################################## ########################################################################
# # # #
@ -36,6 +36,6 @@ Unless you're scraping the Prometheus Node Exporter metrics from a local [Promet
## Usage ## Usage
After you installed the node exporter, your node stats will be available on `mash.example.com/metrics/node-exporter` with basic auth credentials you configured After you installed the node exporter, your node stats will be available on `mash.example.com/metrics/mash-prometheus-node-exporter` with the basic auth credentials you configured.
To integrate Prometheus Node Exporter with a [Prometheus](prometheus.md) instance, see the [Integrating with Prometheus Node Exporter](prometheus.md#integrating-with-prometheus-node-exporter) section of the documentation. To integrate Prometheus Node Exporter with a [Prometheus](prometheus.md) instance, see the [Integrating with Prometheus Node Exporter](prometheus.md#integrating-with-prometheus-node-exporter) section of the documentation.

View file

@ -72,3 +72,12 @@ mash_playbook_traefik_labels_enabled: "{{ mash_playbook_reverse_proxy_type in ['
# Controls the additional network that reverse-proxyable services will be connected to. # Controls the additional network that reverse-proxyable services will be connected to.
mash_playbook_reverse_proxyable_services_additional_network: "{{ devture_traefik_container_network if devture_traefik_enabled else '' }}" mash_playbook_reverse_proxyable_services_additional_network: "{{ devture_traefik_container_network if devture_traefik_enabled else '' }}"
# Controls whether various services should expose metrics publicly.
# If Prometheus is operating on the same machine, exposing metrics publicly is not necessary.
mash_playbook_metrics_exposure_enabled: false
mash_playbook_metrics_exposure_hostname: ''
mash_playbook_metrics_exposure_path_prefix: /metrics
mash_playbook_metrics_exposure_http_basic_auth_enabled: false
# See https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
mash_playbook_metrics_exposure_http_basic_auth_users: ''

View file

@ -1,12 +1,14 @@
--- ---
- name: Fail if required mash playbook settings not defined - name: Fail if required mash-playbook settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`) for using this role. You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- mash_playbook_generic_secret_key - {'name': 'mash_playbook_generic_secret_key', 'when': true}
- {'name': 'mash_playbook_generic_secret_key', 'when': true}
- {'name': 'mash_playbook_metrics_exposure_hostname', 'when': "{{ mash_playbook_metrics_exposure_enabled }}"}
- name: Fail if mash_playbook_reverse_proxy_type is set incorrectly - name: Fail if mash_playbook_reverse_proxy_type is set incorrectly
ansible.builtin.fail: ansible.builtin.fail:

View file

@ -1187,6 +1187,12 @@ apisix_gateway_container_labels_traefik_docker_network: "{{ mash_playbook_revers
apisix_gateway_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" apisix_gateway_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
apisix_gateway_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" apisix_gateway_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
apisix_gateway_container_labels_metrics_enabled: "{{ prometheus_enabled | default(false) or mash_playbook_metrics_exposure_enabled }}"
apisix_gateway_container_labels_metrics_hostname: "{{ mash_playbook_metrics_exposure_hostname }}"
apisix_gateway_container_labels_metrics_path_prefix: "{{ mash_playbook_metrics_exposure_path_prefix }}/{{ apisix_gateway_identifier }}"
apisix_gateway_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}"
apisix_gateway_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}"
# role-specific:etcd # role-specific:etcd
apisix_gateway_config_deployment_etcd_host: | apisix_gateway_config_deployment_etcd_host: |
{{ {{
@ -3763,7 +3769,7 @@ prometheus_postgres_exporter_systemd_required_services_list: |
######################################################################## ########################################################################
# # # #
# /prometheus_node_exporter # # /prometheus_postgres_exporter #
# # # #
######################################################################## ########################################################################
# /role-specific:prometheus_postgres_exporter # /role-specific:prometheus_postgres_exporter
@ -3898,15 +3904,13 @@ prometheus_node_exporter_enabled: false
prometheus_node_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-node-exporter" prometheus_node_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-node-exporter"
prometheus_node_exporter_path_prefix: "{{ mash_playbook_metrics_exposure_path_prefix }}/{{ prometheus_node_exporter_identifier }}"
prometheus_node_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-node-exporter" prometheus_node_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-node-exporter"
prometheus_node_exporter_uid: "{{ mash_playbook_uid }}" prometheus_node_exporter_uid: "{{ mash_playbook_uid }}"
prometheus_node_exporter_gid: "{{ mash_playbook_gid }}" prometheus_node_exporter_gid: "{{ mash_playbook_gid }}"
prometheus_node_exporter_basicauth_enabled: "{{ prometheus_node_exporter_container_labels_traefik_enabled }}"
prometheus_node_exporter_basicauth_user: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'node.user', rounds=655555) | to_uuid }}"
prometheus_node_exporter_basicauth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'node.password', rounds=655555) | to_uuid }}"
prometheus_node_exporter_container_additional_networks: | prometheus_node_exporter_container_additional_networks: |
{{ {{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
@ -3918,6 +3922,9 @@ prometheus_node_exporter_container_labels_traefik_docker_network: "{{ mash_playb
prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}"
prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}"
prometheus_node_exporter_process_extra_arguments: prometheus_node_exporter_process_extra_arguments:
- "--collector.disable-defaults" - "--collector.disable-defaults"
- "--collector.cpu" - "--collector.cpu"
@ -3925,6 +3932,7 @@ prometheus_node_exporter_process_extra_arguments:
- "--collector.meminfo" - "--collector.meminfo"
- "--collector.systemd" - "--collector.systemd"
- "--collector.uname" - "--collector.uname"
prometheus_node_exporter_container_extra_arguments: prometheus_node_exporter_container_extra_arguments:
- "--security-opt apparmor=unconfined" - "--security-opt apparmor=unconfined"
- "--mount type=bind,src=/var/run/dbus/system_bus_socket,dst=/var/run/dbus/system_bus_socket,ro,bind-propagation=rslave" - "--mount type=bind,src=/var/run/dbus/system_bus_socket,dst=/var/run/dbus/system_bus_socket,ro,bind-propagation=rslave"