Merge branch 'Prometheus_Faster_DNS'

4bdb9952 · Karl Grube · d48b0cca · b50b2238 · 4bdb9952 · 4bdb9952
Commit 4bdb9952 authored 1 year ago by Karl Grube
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -10,3 +10,5 @@ prometheus_federators: []
 prometheus_federator: False
 backup_prometheus: "{{prometheus_federator}}"
 use_service_vrf: False
+
+prometheus_config_method: "dns"
\ No newline at end of file
--- a/tasks/hellsing_hosts_ipv6.yml
+++ b/tasks/hellsing_hosts_ipv6.yml
+---
+
+###BEGIN on the hellsing group, specific lines in /etc/hosts file
+- name: Determine service interface
+  set_fact:
+    service_interface: "{{ item.keys() | difference(['service']) | first }}"
+  loop: "{{ my_interfaces }}"
+  when:
+    - "'service' in item"
+    - item.service == True
+  run_once: true
+#debugging
+- name: Debug service interface
+  debug:
+    msg: "Service interface: {{ service_interface }}"
+
+- name: Capture IPv6 address of the current host
+  set_fact:
+    current_host_ipv6: "{{ hostvars[inventory_hostname]['ansible_' + service_interface]['ipv6'] | selectattr('scope', 'equalto', 'global') | map(attribute='address') | first }}"
+  when: 
+    - "'ansible_' + service_interface in hostvars[inventory_hostname]"
+    - "'ipv6' in hostvars[inventory_hostname]['ansible_' + service_interface]"
+#debugging
+- name: Debug ipv6 current host
+  debug:
+    msg: "ipv6 {{ inventory_hostname }}: {{ current_host_ipv6 }}"
+
+
+
+- name: Determine the other host in the hellsing group
+  set_fact:
+    other_host: "{{ groups['hellsing'] | reject('equalto', inventory_hostname) | first }}"
+  when: groups['hellsing'] | length < 3
+  run_once: true
+#debugging
+- name: Debug ipv6 current host
+  debug:
+    msg: "The other host is: {{ other_host }}"
+
+- name: Gather facts from other hellsing hosts
+  setup:
+  delegate_to: "{{ other_host }}"
+  run_once: true
+  register: remote_facts
+
+- name: Set fact for remote host
+  set_fact:
+    other_host_facts: "{{ remote_facts.ansible_facts }}"
+
+- name: Capture IPv6 address of the other host now
+  set_fact:
+    other_host_ipv6: "{{ other_host_facts['ansible_' + service_interface]['ipv6'] | selectattr('scope', 'equalto', 'global') | map(attribute='address') | first }}"
+  when: 
+    - "'ansible_' + service_interface in other_host_facts"
+    - "'ipv6' in other_host_facts['ansible_' + service_interface]"
+#debugging
+- name: Debug ipv6 current host
+  debug:
+    msg: "The other host has the IP: {{ other_host_ipv6 }}"
+
+#### Update the hosts file now
+- name: Update /etc/hosts with IPv6 address of current host
+  lineinfile:
+    path: /etc/hosts
+    line: "{{ current_host_ipv6 }} {{ inventory_hostname }}"
+    state: present
+  when: 
+    - current_host_ipv6 is defined
+    - current_host_ipv6 != ''
+
+- name: Update /etc/hosts with IPv6 address of the other host
+  lineinfile:
+    path: /etc/hosts
+    line: "{{ other_host_ipv6 }} {{ other_host }}"
+    state: present
+  when: 
+    - other_host_ipv6 is defined
+    - other_host_ipv6 != ''
+    - other_host is defined
+
+###END of the script for adding specific lines on an Hellsing server
\ No newline at end of file
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -46,3 +46,15 @@
    backup_path: '/var/lib/prometheus'
  tags: backup
  when: backup_prometheus == True
+
+- import_role:
+    name: label
+  vars:
+    label:
+      name: prometheus
+      description: 'Prometheus server'
+  tags: label
+
+- import_tasks: hellsing_hosts_ipv6.yml
+  tags: hosts_ipv6
+  when: use_service_vrf and inventory_hostname in groups['hellsing']
\ No newline at end of file
--- a/tasks/non_federator.yml
+++ b/tasks/non_federator.yml
 ---
+
+#debugging
+- name: Checking the right variable is invoked
+  debug:
+    msg: "prometheus_config_method: {{ prometheus_config_method }}"
+  tags: prometheus_conf
+
 - name: prometheus template
  template:
    src: prometheus.yml.j2
@@ -17,6 +24,7 @@
    - 'postfix'
    - 'legacy'
    - 'fail2ban'
+  when: prometheus_config_method == "file"
  tags: target_yml

 - name: core alerts

--- a/templates/prometheus.yml.j2
+++ b/templates/prometheus.yml.j2
@@ -10,6 +10,8 @@ global:
  external_labels:
      monitor: '{{datacenter}}'

+
+
 # Alertmanager configuration
 alerting:
  alertmanagers:
@@ -32,6 +34,10 @@ rule_files:
  - 'alerts/*.yml'


+
+
+{% if prometheus_config_method == "file" %}
+### Old Hetzner configuration for Prometheus, file-based
 scrape_configs:
  - job_name: lxc
    scheme: https
@@ -89,7 +95,7 @@ scrape_configs:
        key_file: '/etc/ssl/prometheus_client/{{fqdn}}.key'
    file_sd_configs:
      - files:
-        - 'fail2ban.yml'      
+        - 'fail2ban.yml'

 {% if groups['lxc_host'] is defined %}

@@ -119,6 +125,115 @@ scrape_configs:
          - '{{host}}:9100'
 {%   endfor %}
 {% endif %}
+{% endif %}
+
+
+
+
+
+{% if prometheus_config_method == "dns" %}
+### New Faster.cz configuration for Prometheus, DNS-based
+### The LXC containers
+scrape_configs:
+  - job_name: pct
+    scheme: https
+    tls_config:
+        ca_file: '/etc/ssl/prometheus_client/root.ca.crt'
+        cert_file: '/etc/ssl/prometheus_client/{{fqdn}}.crt'
+        key_file: '/etc/ssl/prometheus_client/{{fqdn}}.key'
+    dns_sd_configs:
+      - names:
+          - 'pct.dc1.eox.at'
+        type: 'SRV'   
+
+### The VM
+  - job_name: qm
+    scheme: https
+    tls_config:
+        ca_file: '/etc/ssl/prometheus_client/root.ca.crt'
+        cert_file: '/etc/ssl/prometheus_client/{{fqdn}}.crt'
+        key_file: '/etc/ssl/prometheus_client/{{fqdn}}.key'
+    dns_sd_configs:
+      - names:
+          - 'qm.dc1.eox.at'
+        type: 'SRV'
+
+### The Bare Metal
+  - job_name: bm
+    scheme: https
+    tls_config:
+        ca_file: '/etc/ssl/prometheus_client/root.ca.crt'
+        cert_file: '/etc/ssl/prometheus_client/{{fqdn}}.crt'
+        key_file: '/etc/ssl/prometheus_client/{{fqdn}}.key'
+    dns_sd_configs:
+      - names:
+          - 'bm.dc1.eox.at'
+        type: 'SRV'
+
+### fail2ban
+  - job_name: f2b.dc1.eox.at
+    scheme: https
+    tls_config:
+        ca_file: '/etc/ssl/prometheus_client/root.ca.crt'
+        cert_file: '/etc/ssl/prometheus_client/{{fqdn}}.crt'
+        key_file: '/etc/ssl/prometheus_client/{{fqdn}}.key'
+    dns_sd_configs:
+      - names:
+          - 'f2b.dc1.eox.at'
+        type: 'SRV'
+
+### smartctl
+  - job_name: smart.dc1.eox.at
+    scheme: https
+    tls_config:
+        ca_file: '/etc/ssl/prometheus_client/root.ca.crt'
+        cert_file: '/etc/ssl/prometheus_client/{{fqdn}}.crt'
+        key_file: '/etc/ssl/prometheus_client/{{fqdn}}.key'
+    dns_sd_configs:
+      - names:
+          - 'smart.dc1.eox.at'
+        type: 'SRV'
+
+### cadvisor
+  - job_name: cadvisor.dc1.eox.at
+    scheme: https
+    tls_config:
+        ca_file: '/etc/ssl/prometheus_client/root.ca.crt'
+        cert_file: '/etc/ssl/prometheus_client/{{fqdn}}.crt'
+        key_file: '/etc/ssl/prometheus_client/{{fqdn}}.key'
+    dns_sd_configs:
+      - names:
+          - 'cadvisor.dc1.eox.at'
+        type: 'SRV'
+
+### lvm
+  - job_name: lvm.dc1.eox.at
+    scheme: https
+    tls_config:
+        ca_file: '/etc/ssl/prometheus_client/root.ca.crt'
+        cert_file: '/etc/ssl/prometheus_client/{{fqdn}}.crt'
+        key_file: '/etc/ssl/prometheus_client/{{fqdn}}.key'
+    dns_sd_configs:
+      - names:
+          - 'lvm.dc1.eox.at'
+        type: 'SRV'
+
+{% if fqdn in groups['hellsing'] %}
+### For routing reasons, these servers need special entries in both their hosts files for the 2nd interface IP 
+  - job_name: 'hellsing_servers'
+    scheme: https
+    tls_config:
+        ca_file: '/etc/ssl/prometheus_client/root.ca.crt'
+        cert_file: '/etc/ssl/prometheus_client/{{fqdn}}.crt'
+        key_file: '/etc/ssl/prometheus_client/{{fqdn}}.key'
+    static_configs:
+      - targets: 
+          - 'hellsing1.eox.at:9100'
+          - 'hellsing2.eox.at:9100'
+{% endif %}
+{% endif %}
+
+


 {% if blackbox_monitoring is defined %}