From 1e14dd79051f03eebaf9981001d55658e53a9837 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Mon, 8 Aug 2022 21:51:51 -0500 Subject: [PATCH] r/blackbox-exporter: Deploy blackbox_exporter The Prometheus *blackbox_exporter* is a tool that can perform arbitrary, generic ICMP, TCP, or HTTP "probes" against external services. This is useful for applications that do not export their own metrics, and for evaluating the health of protocol-level operations (e.g. TLS certificate expiration). The *blackbox-exporter* Ansible role installs and configures the Blackbox Exporter on the target system. It fetches the specified binary release from Github and copies it to the remote machine. It also creates a systemd unit and configures the Blackbox exporter's "modules" from the `blackbox_modules` Ansible variable. --- .gitignore | 1 + blackbox-exporter.yml | 3 + roles/blackbox-exporter/defaults/main.yml | 3 + .../files/blackbox_exporter.service | 45 +++++++++++++++ roles/blackbox-exporter/handlers/main.yml | 13 +++++ roles/blackbox-exporter/tasks/deploy.yml | 33 +++++++++++ roles/blackbox-exporter/tasks/install.yml | 55 +++++++++++++++++++ roles/blackbox-exporter/tasks/main.yml | 7 +++ .../templates/execstart.conf.j2 | 4 ++ roles/blackbox-exporter/vars/aarch64.yml | 2 + .../blackbox-exporter/vars/arch-defaults.yml | 1 + roles/blackbox-exporter/vars/install.yml | 14 +++++ roles/blackbox-exporter/vars/x86_64.yml | 1 + 13 files changed, 182 insertions(+) create mode 100644 blackbox-exporter.yml create mode 100644 roles/blackbox-exporter/defaults/main.yml create mode 100644 roles/blackbox-exporter/files/blackbox_exporter.service create mode 100644 roles/blackbox-exporter/handlers/main.yml create mode 100644 roles/blackbox-exporter/tasks/deploy.yml create mode 100644 roles/blackbox-exporter/tasks/install.yml create mode 100644 roles/blackbox-exporter/tasks/main.yml create mode 100644 roles/blackbox-exporter/templates/execstart.conf.j2 create mode 100644 roles/blackbox-exporter/vars/aarch64.yml create mode 100644 roles/blackbox-exporter/vars/arch-defaults.yml create mode 100644 roles/blackbox-exporter/vars/install.yml create mode 100644 roles/blackbox-exporter/vars/x86_64.yml diff --git a/.gitignore b/.gitignore index baf2027..2f1273a 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ .fact-cache /victoria-metrics-*.tar.gz /victoria-metrics-*/ +/tmp/ diff --git a/blackbox-exporter.yml b/blackbox-exporter.yml new file mode 100644 index 0000000..e86d730 --- /dev/null +++ b/blackbox-exporter.yml @@ -0,0 +1,3 @@ +- hosts: blackbox-exporter + roles: + - blackbox-exporter diff --git a/roles/blackbox-exporter/defaults/main.yml b/roles/blackbox-exporter/defaults/main.yml new file mode 100644 index 0000000..85824cb --- /dev/null +++ b/roles/blackbox-exporter/defaults/main.yml @@ -0,0 +1,3 @@ +blackbox_modules: {} +blackbox_config: + modules: '{{ blackbox_modules }}' diff --git a/roles/blackbox-exporter/files/blackbox_exporter.service b/roles/blackbox-exporter/files/blackbox_exporter.service new file mode 100644 index 0000000..d6876bf --- /dev/null +++ b/roles/blackbox-exporter/files/blackbox_exporter.service @@ -0,0 +1,45 @@ +[Unit] +Description=Blackbox exporter +Documentation=https://github.com/prometheus/blackbox_exporter/blob/master/README.md +After=network-online.target +Wants=network-online.target + +[Service] +Type=exec +ExecStart=/usr/local/sbin/blackbox_exporter \ + --config.file=/etc/prometheus/blackbox.yml \ + --web.listen-address=[::1]:9115 +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure + +CapabilityBoundingSet= +DeviceAllow= +DevicePolicy=closed +DynamicUser=yes +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateUsers=yes +PrivateTmp=yes +ProcSubset=pid +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectProc=invisible +ProtectSystem=strict +RestrictAddressFamilies=AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +UMask=0027 + +[Install] +WantedBy=multi-user.target diff --git a/roles/blackbox-exporter/handlers/main.yml b/roles/blackbox-exporter/handlers/main.yml new file mode 100644 index 0000000..f4b3b76 --- /dev/null +++ b/roles/blackbox-exporter/handlers/main.yml @@ -0,0 +1,13 @@ +- name: reload systemd + systemd: + daemon_reload: true + +- name: restart blackbox_exporter + service: + name: blackbox_exporter + state: restarted + +- name: reload blackbox_exporter + service: + name: blackbox_exporter + state: reloaded diff --git a/roles/blackbox-exporter/tasks/deploy.yml b/roles/blackbox-exporter/tasks/deploy.yml new file mode 100644 index 0000000..c758ebb --- /dev/null +++ b/roles/blackbox-exporter/tasks/deploy.yml @@ -0,0 +1,33 @@ +- name: ensure /etc/prometheus directory exists + file: + path: /etc/prometheus + mode: u=rwx,go=rx + owner: root + group: root + state: directory + +- name: ensure blackbox_exporter is configured + copy: + dest: /etc/prometheus/blackbox.yml + content: | + {{ blackbox_config|to_nice_yaml(indent=2) }} + mode: u=rw,go=r + owner: root + group: root + notify: + - reload blackbox_exporter + +- name: ensure blackbox_exporter starts at boot + service: + name: blackbox_exporter + enabled: true + tags: + - service +- name: flush_handlers + meta: flush_handlers +- name: ensure blackbox_exporter is running + service: + name: blackbox_exporter + state: started + tags: + - service diff --git a/roles/blackbox-exporter/tasks/install.yml b/roles/blackbox-exporter/tasks/install.yml new file mode 100644 index 0000000..a731f91 --- /dev/null +++ b/roles/blackbox-exporter/tasks/install.yml @@ -0,0 +1,55 @@ +- name: load installation variables + include_vars: install.yml + tags: + - always + +- name: load architecture variables + include_vars: '{{ item }}' + with_first_found: + - '{{ ansible_architecture }}.yml' + - arch-defaults.yml + tags: + - always + +- name: ensure blackbox_exporter release archive is available + delegate_to: localhost + become: false + get_url: + url: '{{ blackbox_xptr_tar_url }}' + checksum: 'sha256:{{ blackbox_xptr_cksm_url }}' + dest: '{{ playbook_dir }}/tmp/{{ blackbox_xptr_tar_name }}' + tags: + - download + +- name: ensure blackbox_exporter archive is unpacked locally + delegate_to: localhost + become: false + unarchive: + src: '{{ playbook_dir }}/tmp/{{ blackbox_xptr_tar_name }}' + dest: '{{ playbook_dir }}/tmp/' + remote_src: true + creates: '{{ blackbox_xptr_extract_dir }}/blackbox_exporter' + tags: + - unarchive + +- name: ensure blackbox_exporter is installed + copy: + src: '{{ blackbox_xptr_extract_dir }}/blackbox_exporter' + dest: /usr/local/sbin/blackbox_exporter + mode: u=rwx,go=rx + diff: false + notify: + - restart blackbox_exporter + +- name: ensure blackbox_exporter systemd unit is installed + file: + src: blackbox_exporter.service + dest: /etc/systemd/system/blackbox_exporter.services + mode: u=rw,go=r + notify: + - reload systemd + - restart blackbox_exporter + tags: + - service + - systemd + diff --git a/roles/blackbox-exporter/tasks/main.yml b/roles/blackbox-exporter/tasks/main.yml new file mode 100644 index 0000000..9dc760f --- /dev/null +++ b/roles/blackbox-exporter/tasks/main.yml @@ -0,0 +1,7 @@ +- block: + - import_tasks: install.yml + tags: + - install + - import_tasks: deploy.yml + tags: + - blackbox-exporter diff --git a/roles/blackbox-exporter/templates/execstart.conf.j2 b/roles/blackbox-exporter/templates/execstart.conf.j2 new file mode 100644 index 0000000..ca01eb7 --- /dev/null +++ b/roles/blackbox-exporter/templates/execstart.conf.j2 @@ -0,0 +1,4 @@ +[Service] +{% if blackbox_exporter_args|d %} +ExecStart={{ blackbox_exporter_bin }} {{ blackbox_exporter_args }} +{% endif %} diff --git a/roles/blackbox-exporter/vars/aarch64.yml b/roles/blackbox-exporter/vars/aarch64.yml new file mode 100644 index 0000000..4f99a49 --- /dev/null +++ b/roles/blackbox-exporter/vars/aarch64.yml @@ -0,0 +1,2 @@ +blackbox_xptr_arch: arm64 + diff --git a/roles/blackbox-exporter/vars/arch-defaults.yml b/roles/blackbox-exporter/vars/arch-defaults.yml new file mode 100644 index 0000000..a426978 --- /dev/null +++ b/roles/blackbox-exporter/vars/arch-defaults.yml @@ -0,0 +1 @@ +vm_arch: '{{ ansible_architecture }}' diff --git a/roles/blackbox-exporter/vars/install.yml b/roles/blackbox-exporter/vars/install.yml new file mode 100644 index 0000000..757a853 --- /dev/null +++ b/roles/blackbox-exporter/vars/install.yml @@ -0,0 +1,14 @@ +blackbox_xptr_version: 0.22.0 + +blackbox_xptr_base_url: + https://github.com/prometheus/blackbox_exporter/releases/download +blackbox_xptr_archive: + blackbox_exporter-{{ blackbox_xptr_version }}.linux-{{ blackbox_xptr_arch }} +blackbox_xptr_tar_name: >- + {{ blackbox_xptr_archive }}.tar.gz +blackbox_xptr_tar_url: >- + {{ blackbox_xptr_base_url }}/v{{ blackbox_xptr_version }}/{{ blackbox_xptr_tar_name }} +blackbox_xptr_cksm_url: >- + {{ blackbox_xptr_base_url }}/v{{ blackbox_xptr_version }}/sha256sums.txt +blackbox_xptr_extract_dir: >- + {{ playbook_dir }}/tmp/{{ blackbox_xptr_archive }} diff --git a/roles/blackbox-exporter/vars/x86_64.yml b/roles/blackbox-exporter/vars/x86_64.yml new file mode 100644 index 0000000..6c0946c --- /dev/null +++ b/roles/blackbox-exporter/vars/x86_64.yml @@ -0,0 +1 @@ +blackbox_xptr_arch: amd64