From 08d1ba98bd28c8b4332b86c48ea1a955c0512aca Mon Sep 17 00:00:00 2001 From: Brad Cowie Date: Sun, 3 Nov 2024 18:24:54 +1300 Subject: [PATCH 1/3] Update ansible-doc output format --- README.md | 459 ++++++++++++++++++++++++------------------------------ 1 file changed, 203 insertions(+), 256 deletions(-) diff --git a/README.md b/README.md index 2af9cf5..bfc35bd 100644 --- a/README.md +++ b/README.md @@ -12,301 +12,248 @@ Role Variables -------------- ``` -ENTRY POINT: main - Install and configure Node Exporter for Prometheus - -OPTIONS (= is mandatory): - -- node_exporter_arch_map - Mapping of the possible values of ansible_architecture to the - exporter package architectures - default: null - type: dict - -- node_exporter_archive_urls - Override the list of exporter archive urls for different - platforms and architectures - default: null - elements: str - type: list - -- node_exporter_bin_dir - Directory for the exporter executable - default: null - type: str - -- node_exporter_binary - Filename for the exporter executable - default: null - type: str - -- node_exporter_checksum_type - The exporter package checksum type - default: null - type: str - -- node_exporter_checksum_url - Override the URL for the exporter checksum file - default: null - type: str - -- node_exporter_checksums - Override exporter archive checksums file contents - default: null - type: str - -- node_exporter_clean_src_dir - Remove old downloaded archive files from exporter src - directory - default: true - type: bool - -- node_exporter_configure_caddy - If true, configure caddy to add a TLS endpoint for the - exporter - default: false - type: bool - -- node_exporter_description - Description for the exporter systemd service - default: null - type: str - -- node_exporter_disabled_collectors - List of collectors to disable - default: null - elements: str - type: list - -- node_exporter_enabled_collectors - List of collectors to enable - Each item may be given as a string for the name of the - collector or a dictonary with the following structure: - Key = Name of the collector - Value = Dictionary with the following structure: - Key = Name of the collector option - Value = Setting for the collector option - default: null - elements: raw - type: list - -- node_exporter_extra_flags - Extra flags to run exporter with - default: null - type: dict - -- node_exporter_file_sd_dir - Directory, on scrape servers, for the file service discovery - target - default: /etc/prometheus/file_sd/node_exporter - type: str - -- node_exporter_flags - Contents or list of flags to run exporter with - default: null - type: raw - -- node_exporter_github_checksum_filename - Filename for the exporter package checksums file on github - default: null - type: str - -- node_exporter_github_org - Name of organisation for exporter github repository - default: prometheus - type: str - -- node_exporter_github_repo - Name of exporter github repository - default: null - type: str - -- node_exporter_group - Name of the exporter unix group - default: null - type: str - -- node_exporter_groups - Unix groups added to exporter unix user - default: null - elements: str - type: list - -- node_exporter_handler - Name of the exporter handler to notify - default: null - type: str - -- node_exporter_install - If true, install exporter - default: true - type: bool - -- node_exporter_labels - Labels added to exporter metrics, overrides prometheus_labels - default: null - type: dict - -- node_exporter_listen_addresses - List of addresses and ports to listen on - default: ['localhost:9100'] - elements: str - type: list - -- node_exporter_log_level - Only log messages with the given severity or above - choices: [debug, info, warn, error] - default: warn - type: str - -- node_exporter_manage_user - If true, add exporter unix user and group - default: true - type: bool - -- node_exporter_port - Listen port - default: 9100 - type: int - -- node_exporter_register - If true, register the exporter with the scrape servers - default: false - type: bool - -- node_exporter_scrape_servers - List of servers that scrape exporter metrics from the host, - overrides prometheus_scrape_servers - default: null - elements: str - type: list - -- node_exporter_scripts - List of custom scripts for generating metrics exported by the - textfile collector - default: null - elements: dict - type: list - - OPTIONS: - - - args - Text for command arguments +ENTRY POINT: *main* - Install and configure Node Exporter for Prometheus + +Options (= indicates it is required): + +- node_exporter_arch_map Mapping of the possible values of ansible_architecture to the + exporter package architectures + default: null + type: dict + +- node_exporter_archive_urls Override the list of exporter archive urls for different platforms + and architectures + default: null + elements: str + type: list + +- node_exporter_bin_dir Directory for the exporter executable + default: null + type: str + +- node_exporter_binary Filename for the exporter executable + default: null + type: str + +- node_exporter_checksum_type The exporter package checksum type + default: null + type: str + +- node_exporter_checksum_url Override the URL for the exporter checksum file + default: null + type: str + +- node_exporter_checksums Override exporter archive checksums file contents + default: null + type: str + +- node_exporter_clean_src_dir Remove old downloaded archive files from exporter src directory + default: true + type: bool + +- node_exporter_configure_caddy If true, configure caddy to add a TLS endpoint for the exporter + default: false + type: bool + +- node_exporter_description Description for the exporter systemd service + default: null + type: str + +- node_exporter_disabled_collectors List of collectors to disable + default: null + elements: str + type: list + +- node_exporter_enabled_collectors List of collectors to enable + Each item may be given as a + string for the name of the + collector or a dictonary with the + following structure: + Key = Name of the collector + Value = Dictionary with the + following structure: + Key = Name of the collector + option + Value = Setting for the + collector option + default: null + elements: raw + type: list + +- node_exporter_extra_flags Extra flags to run exporter with + default: null + type: dict + +- node_exporter_file_sd_dir Directory, on scrape servers, for the file service discovery target + default: /etc/prometheus/file_sd/node_exporter + type: str + +- node_exporter_flags Contents or list of flags to run exporter with + default: null + type: raw + +- node_exporter_github_checksum_filename Filename for the exporter package checksums file on github + default: null + type: str + +- node_exporter_github_org Name of organisation for exporter github repository + default: prometheus + type: str + +- node_exporter_github_repo Name of exporter github repository + default: null + type: str + +- node_exporter_group Name of the exporter unix group + default: null + type: str + +- node_exporter_groups Unix groups added to exporter unix user + default: null + elements: str + type: list + +- node_exporter_handler Name of the exporter handler to notify + default: null + type: str + +- node_exporter_install If true, install exporter + default: true + type: bool + +- node_exporter_labels Labels added to exporter metrics, overrides prometheus_labels + default: null + type: dict + +- node_exporter_listen_addresses List of addresses and ports to listen on + default: ['localhost:9100'] + elements: str + type: list + +- node_exporter_log_level Only log messages with the given severity or above + choices: [debug, info, warn, error] + default: warn + type: str + +- node_exporter_manage_user If true, add exporter unix user and group + default: true + type: bool + +- node_exporter_port Listen port + default: 9100 + type: int + +- node_exporter_register If true, register the exporter with the scrape servers + default: false + type: bool + +- node_exporter_scrape_servers List of servers that scrape exporter metrics from the host, + overrides prometheus_scrape_servers + default: null + elements: str + type: list + +- node_exporter_scripts List of custom scripts for generating metrics exported by the + textfile collector + default: null + elements: dict + type: list + options: + + - args Text for command arguments default: null type: str - - dependencies - List of packages to install + - dependencies List of packages to install default: null elements: str type: list - - env - Text for environment variables + - env Text for environment variables default: null type: str - - execute_on_boot - If true, the script is run just after boot without waiting - for the delay set by update_every + - execute_on_boot If true, the script is run just after boot without waiting + for the delay set by update_every default: true type: bool - - group - Group to run the script + - group Group to run the script default: node-exporter type: str - = name - Name for the script + = name Name for the script type: str - - src - Path to the script to copy over to the host + - src Path to the script to copy over to the host default: null type: str - - symlink - Add the script as a symlink to the given path + - symlink Add the script as a symlink to the given path default: null type: str - - update_every - How often to run the script given as a systemd timespan, - see https://www.freedesktop.org/software/systemd/man/syste - md.time.html#Parsing%20Time%20Spans + - update_every How often to run the script given as a systemd timespan, + see + https://www.freedesktop.org/software/systemd/man/systemd.time.html#Parsing%20Time%20Spans default: 1m type: str - - user - User to run the script + - user User to run the script default: node-exporter type: str -- node_exporter_scripts_dir - Directory for the custom exporter scripts - default: /opt/prometheus/exporters/node_exporter/scripts - type: str +- node_exporter_scripts_dir Directory for the custom exporter scripts + default: /opt/prometheus/exporters/node_exporter/scripts + type: str -- node_exporter_scripts_repos - List of git repos with custom exporter scripts - default: null - elements: dict - type: list +- node_exporter_scripts_repos List of git repos with custom exporter scripts + default: null + elements: dict + type: list + options: - OPTIONS: - - = name - Name of the repo + = name Name of the repo type: str - = repo - URL to the repo + = repo URL to the repo type: str - - version - Version of the repo to checkout + - version Version of the repo to checkout default: master type: str -- node_exporter_service - Name of the exporter systemd service - default: null - type: str - -- node_exporter_src_dir - Directory for the downloaded exporter src archive - default: null - type: str - -- node_exporter_strip_components - Strip NUMBER leading components from file names on extraction - default: 1 - type: int - -- node_exporter_systemd_scripts_dir - Directory for the systemd unit scripts - default: /opt/prometheus/exporters/node_exporter/scripts/systemd - type: str - -- node_exporter_target - Scrape target hostname and port - default: null - type: str - -- node_exporter_textfile_directory - Directory for the textfile collector to read from - default: null - type: str - -- node_exporter_user - Name of the exporter unix user - default: null - type: str - -- node_exporter_version - Version to install (use "latest" for the latest version) - default: latest - type: str +- node_exporter_service Name of the exporter systemd service + default: null + type: str + +- node_exporter_src_dir Directory for the downloaded exporter src archive + default: null + type: str + +- node_exporter_strip_components Strip NUMBER leading components from file names on extraction + default: 1 + type: int + +- node_exporter_systemd_scripts_dir Directory for the systemd unit scripts + default: /opt/prometheus/exporters/node_exporter/scripts/systemd + type: str + +- node_exporter_target Scrape target hostname and port + default: null + type: str + +- node_exporter_textfile_directory Directory for the textfile collector to read from + default: null + type: str + +- node_exporter_user Name of the exporter unix user + default: null + type: str + +- node_exporter_version Version to install (use "latest" for the latest version) + default: latest + type: str ``` Installation From 65c590d77a6964bc338e824be6a1017ebeae2458 Mon Sep 17 00:00:00 2001 From: Brad Cowie Date: Sat, 9 Nov 2024 18:12:01 +1300 Subject: [PATCH 2/3] Updates for base role changes --- README.md | 6 +++++- meta/argument_specs.yml | 12 ++++++++---- templates/flags | 22 +++++++++++----------- 3 files changed, 24 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index bfc35bd..2288488 100644 --- a/README.md +++ b/README.md @@ -88,7 +88,7 @@ Options (= indicates it is required): default: /etc/prometheus/file_sd/node_exporter type: str -- node_exporter_flags Contents or list of flags to run exporter with +- node_exporter_flags List of flags to run exporter with, as string or list default: null type: raw @@ -227,6 +227,10 @@ Options (= indicates it is required): default: null type: str +- node_exporter_service_unit_file Contents of the systemd unit file for the exporter + default: null + type: str + - node_exporter_src_dir Directory for the downloaded exporter src archive default: null type: str diff --git a/meta/argument_specs.yml b/meta/argument_specs.yml index b9bcbed..e446ab2 100644 --- a/meta/argument_specs.yml +++ b/meta/argument_specs.yml @@ -11,7 +11,7 @@ argument_specs: description: List of addresses and ports to listen on type: list elements: str - default: ['localhost:9100'] + default: ["localhost:9100"] node_exporter_log_level: description: Only log messages with the given severity or above @@ -27,8 +27,8 @@ argument_specs: description: - List of collectors to enable - | - Each item may be given as a string for the name of the collector - or a dictonary with the following structure: + Each item may be given as a string for the name of the collector + or a dictonary with the following structure: - Key = Name of the collector - "Value = Dictionary with the following structure:" - " Key = Name of the collector option" @@ -245,6 +245,10 @@ argument_specs: description: Name of the exporter systemd service type: str + node_exporter_service_unit_file: + description: Contents of the systemd unit file for the exporter + type: str + node_exporter_handler: description: Name of the exporter handler to notify type: str @@ -254,7 +258,7 @@ argument_specs: type: str node_exporter_flags: - description: Contents or list of flags to run exporter with + description: List of flags to run exporter with, as string or list type: raw node_exporter_target: diff --git a/templates/flags b/templates/flags index 47358f2..01377d9 100644 --- a/templates/flags +++ b/templates/flags @@ -1,29 +1,29 @@ #jinja2: trim_blocks: "false", lstrip_blocks: "true" {% for collector in node_exporter_enabled_collectors %} {% if not collector is mapping %} ---collector.{{ collector }} \ +--collector.{{ collector }} {% else %} {% set name, options = collector.items() | list | first %} ---collector.{{ name }} \ - {% for k,v in options|dictsort %} ---collector.{{ name }}.{{ k }}={{ v | quote }} \ +--collector.{{ name }} + {% for k, v in options | dictsort %} +--collector.{{ name }}.{{ k }}="{{ v }}" {% endfor %} {% endif %} {% endfor %} {% for collector in node_exporter_disabled_collectors %} ---no-collector.{{ collector }} \ +--no-collector.{{ collector }} {% endfor %} {% if node_exporter_textfile_directory | length > 0 %} ---collector.textfile.directory="{{ node_exporter_textfile_directory }}" \ +--collector.textfile.directory="{{ node_exporter_textfile_directory }}" {% endif %} -{% for k,v in node_exporter_extra_flags | dictsort %} +{% for k, v in node_exporter_extra_flags | dictsort %} {% if v == "" %} ---{{ k }} \ +--{{ k }} {% else %} ---{{ k }}={{ v | quote }} \ +--{{ k }}="{{ v }}" {% endif %} {% endfor %} ---log.level="{{ node_exporter_log_level }}" \ +--log.level="{{ node_exporter_log_level }}" {% for node_exporter_listen_address in node_exporter_listen_addresses %} ---web.listen-address="{{ node_exporter_listen_address }}" {{ "\\" if not loop.last }} +--web.listen-address="{{ node_exporter_listen_address }}" {% endfor %} From 1cd59ce745964b7bcb907a61086a11e7a238f836 Mon Sep 17 00:00:00 2001 From: Brad Cowie Date: Sat, 9 Nov 2024 18:12:19 +1300 Subject: [PATCH 3/3] Override base role system unit to remove some restrictions --- defaults/main.yml | 1 + templates/service | 44 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 templates/service diff --git a/defaults/main.yml b/defaults/main.yml index 4ec011d..9140d37 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -6,6 +6,7 @@ node_exporter_listen_addresses: node_exporter_enabled_collectors: [] node_exporter_disabled_collectors: [] node_exporter_textfile_directory: "" +node_exporter_service_unit_file: "{{ lookup('template', 'service') }}" node_exporter_flags: "{{ lookup('template', 'flags') }}" node_exporter_extra_flags: {} node_exporter_log_level: warn diff --git a/templates/service b/templates/service new file mode 100644 index 0000000..cfd4bac --- /dev/null +++ b/templates/service @@ -0,0 +1,44 @@ +# {{ ansible_managed }} + +[Unit] +Description={{ exporter_description }} + +ConditionFileIsExecutable={{ exporter_bin_dir }}/{{ exporter_binary }} + +StartLimitIntervalSec=0 + +Wants=network-online.target +After=network-online.target + +[Service] +Type=simple +User={{ exporter_user }} +Group={{ exporter_group }} +EnvironmentFile=-/etc/default/{{ exporter_service }} +ExecStart={{ exporter_bin_dir }}/{{ exporter_binary }} \ + $EXPORTER_ARGS +ExecReload=/bin/kill -HUP ${MAINPID} + +Restart=on-failure +RestartSec=10s +TimeoutStopSec=20s +SendSIGKILL=no + +SyslogIdentifier={{ exporter_service }} + +AmbientCapabilities= +CapabilityBoundingSet= +LimitMEMLOCK=0 +LockPersonality=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=full +RemoveIPC=true +RestrictNamespaces=true +RestrictRealtime=true +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target