diff --git a/.gitignore b/.gitignore index baf2027..2f1273a 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ .fact-cache /victoria-metrics-*.tar.gz /victoria-metrics-*/ +/tmp/ diff --git a/blackbox-exporter.yml b/blackbox-exporter.yml new file mode 100644 index 0000000..e86d730 --- /dev/null +++ b/blackbox-exporter.yml @@ -0,0 +1,3 @@ +- hosts: blackbox-exporter + roles: + - blackbox-exporter diff --git a/roles/blackbox-exporter/defaults/main.yml b/roles/blackbox-exporter/defaults/main.yml new file mode 100644 index 0000000..85824cb --- /dev/null +++ b/roles/blackbox-exporter/defaults/main.yml @@ -0,0 +1,3 @@ +blackbox_modules: {} +blackbox_config: + modules: '{{ blackbox_modules }}' diff --git a/roles/blackbox-exporter/files/blackbox_exporter.service b/roles/blackbox-exporter/files/blackbox_exporter.service new file mode 100644 index 0000000..d6876bf --- /dev/null +++ b/roles/blackbox-exporter/files/blackbox_exporter.service @@ -0,0 +1,45 @@ +[Unit] +Description=Blackbox exporter +Documentation=https://github.com/prometheus/blackbox_exporter/blob/master/README.md +After=network-online.target +Wants=network-online.target + +[Service] +Type=exec +ExecStart=/usr/local/sbin/blackbox_exporter \ + --config.file=/etc/prometheus/blackbox.yml \ + --web.listen-address=[::1]:9115 +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure + +CapabilityBoundingSet= +DeviceAllow= +DevicePolicy=closed +DynamicUser=yes +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateUsers=yes +PrivateTmp=yes +ProcSubset=pid +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectProc=invisible +ProtectSystem=strict +RestrictAddressFamilies=AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +UMask=0027 + +[Install] +WantedBy=multi-user.target diff --git a/roles/blackbox-exporter/handlers/main.yml b/roles/blackbox-exporter/handlers/main.yml new file mode 100644 index 0000000..f4b3b76 --- /dev/null +++ b/roles/blackbox-exporter/handlers/main.yml @@ -0,0 +1,13 @@ +- name: reload systemd + systemd: + daemon_reload: true + +- name: restart blackbox_exporter + service: + name: blackbox_exporter + state: restarted + +- name: reload blackbox_exporter + service: + name: blackbox_exporter + state: reloaded diff --git a/roles/blackbox-exporter/tasks/deploy.yml b/roles/blackbox-exporter/tasks/deploy.yml new file mode 100644 index 0000000..c758ebb --- /dev/null +++ b/roles/blackbox-exporter/tasks/deploy.yml @@ -0,0 +1,33 @@ +- name: ensure /etc/prometheus directory exists + file: + path: /etc/prometheus + mode: u=rwx,go=rx + owner: root + group: root + state: directory + +- name: ensure blackbox_exporter is configured + copy: + dest: /etc/prometheus/blackbox.yml + content: | + {{ blackbox_config|to_nice_yaml(indent=2) }} + mode: u=rw,go=r + owner: root + group: root + notify: + - reload blackbox_exporter + +- name: ensure blackbox_exporter starts at boot + service: + name: blackbox_exporter + enabled: true + tags: + - service +- name: flush_handlers + meta: flush_handlers +- name: ensure blackbox_exporter is running + service: + name: blackbox_exporter + state: started + tags: + - service diff --git a/roles/blackbox-exporter/tasks/install.yml b/roles/blackbox-exporter/tasks/install.yml new file mode 100644 index 0000000..a731f91 --- /dev/null +++ b/roles/blackbox-exporter/tasks/install.yml @@ -0,0 +1,55 @@ +- name: load installation variables + include_vars: install.yml + tags: + - always + +- name: load architecture variables + include_vars: '{{ item }}' + with_first_found: + - '{{ ansible_architecture }}.yml' + - arch-defaults.yml + tags: + - always + +- name: ensure blackbox_exporter release archive is available + delegate_to: localhost + become: false + get_url: + url: '{{ blackbox_xptr_tar_url }}' + checksum: 'sha256:{{ blackbox_xptr_cksm_url }}' + dest: '{{ playbook_dir }}/tmp/{{ blackbox_xptr_tar_name }}' + tags: + - download + +- name: ensure blackbox_exporter archive is unpacked locally + delegate_to: localhost + become: false + unarchive: + src: '{{ playbook_dir }}/tmp/{{ blackbox_xptr_tar_name }}' + dest: '{{ playbook_dir }}/tmp/' + remote_src: true + creates: '{{ blackbox_xptr_extract_dir }}/blackbox_exporter' + tags: + - unarchive + +- name: ensure blackbox_exporter is installed + copy: + src: '{{ blackbox_xptr_extract_dir }}/blackbox_exporter' + dest: /usr/local/sbin/blackbox_exporter + mode: u=rwx,go=rx + diff: false + notify: + - restart blackbox_exporter + +- name: ensure blackbox_exporter systemd unit is installed + file: + src: blackbox_exporter.service + dest: /etc/systemd/system/blackbox_exporter.services + mode: u=rw,go=r + notify: + - reload systemd + - restart blackbox_exporter + tags: + - service + - systemd + diff --git a/roles/blackbox-exporter/tasks/main.yml b/roles/blackbox-exporter/tasks/main.yml new file mode 100644 index 0000000..9dc760f --- /dev/null +++ b/roles/blackbox-exporter/tasks/main.yml @@ -0,0 +1,7 @@ +- block: + - import_tasks: install.yml + tags: + - install + - import_tasks: deploy.yml + tags: + - blackbox-exporter diff --git a/roles/blackbox-exporter/templates/execstart.conf.j2 b/roles/blackbox-exporter/templates/execstart.conf.j2 new file mode 100644 index 0000000..ca01eb7 --- /dev/null +++ b/roles/blackbox-exporter/templates/execstart.conf.j2 @@ -0,0 +1,4 @@ +[Service] +{% if blackbox_exporter_args|d %} +ExecStart={{ blackbox_exporter_bin }} {{ blackbox_exporter_args }} +{% endif %} diff --git a/roles/blackbox-exporter/vars/aarch64.yml b/roles/blackbox-exporter/vars/aarch64.yml new file mode 100644 index 0000000..4f99a49 --- /dev/null +++ b/roles/blackbox-exporter/vars/aarch64.yml @@ -0,0 +1,2 @@ +blackbox_xptr_arch: arm64 + diff --git a/roles/blackbox-exporter/vars/arch-defaults.yml b/roles/blackbox-exporter/vars/arch-defaults.yml new file mode 100644 index 0000000..a426978 --- /dev/null +++ b/roles/blackbox-exporter/vars/arch-defaults.yml @@ -0,0 +1 @@ +vm_arch: '{{ ansible_architecture }}' diff --git a/roles/blackbox-exporter/vars/install.yml b/roles/blackbox-exporter/vars/install.yml new file mode 100644 index 0000000..757a853 --- /dev/null +++ b/roles/blackbox-exporter/vars/install.yml @@ -0,0 +1,14 @@ +blackbox_xptr_version: 0.22.0 + +blackbox_xptr_base_url: + https://github.com/prometheus/blackbox_exporter/releases/download +blackbox_xptr_archive: + blackbox_exporter-{{ blackbox_xptr_version }}.linux-{{ blackbox_xptr_arch }} +blackbox_xptr_tar_name: >- + {{ blackbox_xptr_archive }}.tar.gz +blackbox_xptr_tar_url: >- + {{ blackbox_xptr_base_url }}/v{{ blackbox_xptr_version }}/{{ blackbox_xptr_tar_name }} +blackbox_xptr_cksm_url: >- + {{ blackbox_xptr_base_url }}/v{{ blackbox_xptr_version }}/sha256sums.txt +blackbox_xptr_extract_dir: >- + {{ playbook_dir }}/tmp/{{ blackbox_xptr_archive }} diff --git a/roles/blackbox-exporter/vars/x86_64.yml b/roles/blackbox-exporter/vars/x86_64.yml new file mode 100644 index 0000000..6c0946c --- /dev/null +++ b/roles/blackbox-exporter/vars/x86_64.yml @@ -0,0 +1 @@ +blackbox_xptr_arch: amd64