local_exporter: Exporter for Zincati metrics

Zincati provides Prometheus metrics via a Unix socket.  In order for
these to be scraped by `vmagent`, they need to be exposed over HTTP.
The `local_exporter` is designed to do specifically this.

Unfortunately, the Zincati metrics socket is only accessible by the
*zincati* user, so the `local_exporter` also needs to run as that user.
Hopefully, the user ID will remain consistent in future versions of
CoreOS.

local_exporter.config

@@ -0,0 +1,9 @@
+# vim: set ft=toml :
+[service]
+address = "0.0.0.0"
+port = 9598
+tls = false
+
+[bridge.selectors.zincati]
+kind = "uds"
+path = "/run/zincati/public/metrics.promsock"

local_exporter.container

@@ -0,0 +1,24 @@
+[Unit]
+Description=Bridge for local Prometheus metrics
+After=zincati.service
+After=network.target
+
+[Container]
+Image=git.pyrocufflink.net/containerimages/local_exporter:latest
+Exec=serve
+Volume=/run:/run:rw
+Volume=/etc/local_exporter:/etc/local_exporter:ro
+PublishPort=9598:9598
+# Must run as user "zincati"
+User=981
+ReadOnly=yes
+VolatileTmp=yes
+# container_t does not have permission to write to var_run_t
+SecurityLabelDisable=yes
+NoNewPrivileges=yes
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

local_exporter.yaml

@@ -0,0 +1,21 @@
+variant: fcos
+version: 1.4.0
+
+storage:
+  directories:
+  - path: /etc/local_exporter
+
+  files:
+  - path: /etc/containers/systemd/local_exporter.container
+    mode: 0644
+    contents:
+      local: local_exporter.container
+  - path: /etc/local_exporter/config.toml
+    mode: 0644
+    contents:
+      local: local_exporter.config
+
+systemd:
+  units:
+  - name: local_exporter.service
+    enabled: true