From ebdf587de1f5a2c90ce764f605816b7ea2e1a648 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Tue, 3 Oct 2023 15:29:58 -0500
Subject: [PATCH] local_exporter: Exporter for Zincati metrics

Zincati provides Prometheus metrics via a Unix socket.  In order for
these to be scraped by `vmagent`, they need to be exposed over HTTP.
The `local_exporter` is designed to do specifically this.

Unfortunately, the Zincati metrics socket is only accessible by the
*zincati* user, so the `local_exporter` also needs to run as that user.
Hopefully, the user ID will remain consistent in future versions of
CoreOS.
---
 local_exporter.config    |  9 +++++++++
 local_exporter.container | 24 ++++++++++++++++++++++++
 local_exporter.yaml      | 21 +++++++++++++++++++++
 3 files changed, 54 insertions(+)
 create mode 100644 local_exporter.config
 create mode 100644 local_exporter.container
 create mode 100644 local_exporter.yaml

diff --git a/local_exporter.config b/local_exporter.config
new file mode 100644
index 0000000..60c1c6f
--- /dev/null
+++ b/local_exporter.config
@@ -0,0 +1,9 @@
+# vim: set ft=toml :
+[service]
+address = "0.0.0.0"
+port = 9598
+tls = false
+
+[bridge.selectors.zincati]
+kind = "uds"
+path = "/run/zincati/public/metrics.promsock"
diff --git a/local_exporter.container b/local_exporter.container
new file mode 100644
index 0000000..aa15fae
--- /dev/null
+++ b/local_exporter.container
@@ -0,0 +1,24 @@
+[Unit]
+Description=Bridge for local Prometheus metrics
+After=zincati.service
+After=network.target
+
+[Container]
+Image=git.pyrocufflink.net/containerimages/local_exporter:latest
+Exec=serve
+Volume=/run:/run:rw
+Volume=/etc/local_exporter:/etc/local_exporter:ro
+PublishPort=9598:9598
+# Must run as user "zincati"
+User=981
+ReadOnly=yes
+VolatileTmp=yes
+# container_t does not have permission to write to var_run_t
+SecurityLabelDisable=yes
+NoNewPrivileges=yes
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/local_exporter.yaml b/local_exporter.yaml
new file mode 100644
index 0000000..74a833e
--- /dev/null
+++ b/local_exporter.yaml
@@ -0,0 +1,21 @@
+variant: fcos
+version: 1.4.0
+
+storage:
+  directories:
+  - path: /etc/local_exporter
+
+  files:
+  - path: /etc/containers/systemd/local_exporter.container
+    mode: 0644
+    contents:
+      local: local_exporter.container
+  - path: /etc/local_exporter/config.toml
+    mode: 0644
+    contents:
+      local: local_exporter.config
+
+systemd:
+  units:
+  - name: local_exporter.service
+    enabled: true