]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/prometheus/recipes/default.rb
Install awscli on prometheus server
[chef.git] / cookbooks / prometheus / recipes / default.rb
index 824af896cae5d1e943be68b7e2406fae9c03e5e3..df3ec2ea5fe3499f4918f0324a232b950aa2b409 100644 (file)
 # limitations under the License.
 #
 
 # limitations under the License.
 #
 
+include_recipe "git"
+include_recipe "networking"
+
+package "ruby"
+
+if node.internal_ipaddress
+  node.default[:prometheus][:mode] = "internal"
+  node.default[:prometheus][:address] = node.internal_ipaddress
+elsif node[:networking][:wireguard][:enabled]
+  node.default[:prometheus][:mode] = "wireguard"
+  node.default[:prometheus][:address] = node[:networking][:wireguard][:address]
+
+  search(:node, "roles:prometheus") do |server|
+    node.default[:networking][:wireguard][:peers] << {
+      :public_key => server[:networking][:wireguard][:public_key],
+      :allowed_ips => server[:networking][:wireguard][:address],
+      :endpoint => "#{server.name}:51820"
+    }
+  end
+else
+  node.default[:prometheus][:mode] = "external"
+  node.default[:prometheus][:address] = node.external_ipaddress(:family => :inet)
+end
+
+directory "/opt/prometheus" do
+  action :delete
+  recursive true
+end
+
+git "/opt/prometheus-exporters" do
+  action :sync
+  repository "https://github.com/openstreetmap/prometheus-exporters.git"
+  revision "main"
+  depth 1
+  user "root"
+  group "root"
+end
+
+directory "/etc/prometheus/collectors" do
+  owner "root"
+  group "root"
+  mode "755"
+  recursive true
+end
+
+directory "/etc/prometheus/exporters" do
+  owner "root"
+  group "root"
+  mode "755"
+  recursive true
+end
+
+directory "/var/lib/prometheus/node-exporter" do
+  owner "root"
+  group "adm"
+  mode "775"
+  recursive true
+end
+
+template "/var/lib/prometheus/node-exporter/chef.prom" do
+  source "chef.prom.erb"
+  owner "root"
+  group "root"
+  mode "644"
+end
+
+metric_relabel = []
+
+node[:hardware][:hwmon].each do |chip, details|
+  next unless details[:ignore]
+
+  sensors = details[:ignore].join("|")
+
+  metric_relabel << {
+    :source_labels => "chip,sensor",
+    :regex => "#{chip};(#{sensors})",
+    :action => "drop"
+  }
+end
+
 prometheus_exporter "node" do
   port 9100
 prometheus_exporter "node" do
   port 9100
-  package_options "--no-install-recommends"
+  user "root"
+  proc_subset "all"
+  protect_clock false
+  restrict_address_families %w[AF_UNIX AF_NETLINK]
+  system_call_filter ["@system-service", "@clock"]
+  options %w[
+    --collector.textfile.directory=/var/lib/prometheus/node-exporter
+    --collector.interrupts
+    --collector.processes
+    --collector.rapl.enable-zone-label
+    --collector.systemd
+    --collector.tcpstat
+  ]
+  metric_relabel metric_relabel
+end
+
+unless node[:prometheus][:junos].empty?
+  targets = node[:prometheus][:junos].collect { |_, details| details[:address] }.sort.join(",")
+
+  prometheus_exporter "junos" do
+    port 9326
+    options %W[
+      --ssh.user=prometheus
+      --ssh.keyfile=/var/lib/prometheus/junos-exporter/id_rsa
+      --ssh.targets=#{targets}
+      --bgp.enabled=false
+      --lacp.enabled=true
+      --ldp.enabled=false
+      --ospf.enabled=false
+      --power.enabled=false
+    ]
+    ssh true
+    register_target false
+  end
+end
+
+unless node[:prometheus][:snmp].empty?
+  prometheus_exporter "snmp" do
+    port 9116
+    options "--config.file=/opt/prometheus-exporters/exporters/snmp/snmp.yml"
+    register_target false
+  end
+end
+
+if node[:prometheus][:files].empty?
+  prometheus_exporter "filestat" do
+    action :delete
+  end
+
+  file "/etc/prometheus/filestat.yml" do
+    action :delete
+  end
+else
+  template "/etc/prometheus/filestat.yml" do
+    source "filestat.yml.erb"
+    owner "root"
+    group "root"
+    mode "644"
+  end
+
+  prometheus_exporter "filestat" do
+    port 9943
+    options "--config.file=/etc/prometheus/filestat.yml"
+    subscribes :restart, "template[/etc/prometheus/filestat.yml]"
+  end
 end
 end