# limitations under the License.
#
+include_recipe "git"
+include_recipe "networking"
+
+package "ruby"
+
+if node.internal_ipaddress
+ node.default[:prometheus][:mode] = "internal"
+ node.default[:prometheus][:address] = node.internal_ipaddress
+elsif node[:networking][:wireguard][:enabled]
+ node.default[:prometheus][:mode] = "wireguard"
+ node.default[:prometheus][:address] = node[:networking][:wireguard][:address]
+
+ search(:node, "roles:prometheus") do |server|
+ node.default[:networking][:wireguard][:peers] << {
+ :public_key => server[:networking][:wireguard][:public_key],
+ :allowed_ips => server[:networking][:wireguard][:address],
+ :endpoint => "#{server.name}:51820"
+ }
+ end
+else
+ node.default[:prometheus][:mode] = "external"
+ node.default[:prometheus][:address] = node.external_ipaddress(:family => :inet)
+end
+
+directory "/opt/prometheus" do
+ action :delete
+ recursive true
+end
+
+git "/opt/prometheus-exporters" do
+ action :sync
+ repository "https://github.com/openstreetmap/prometheus-exporters.git"
+ revision "main"
+ depth 1
+ user "root"
+ group "root"
+end
+
+directory "/etc/prometheus/collectors" do
+ owner "root"
+ group "root"
+ mode "755"
+ recursive true
+end
+
+directory "/etc/prometheus/exporters" do
+ owner "root"
+ group "root"
+ mode "755"
+ recursive true
+end
+
+directory "/var/lib/prometheus/node-exporter" do
+ owner "root"
+ group "adm"
+ mode "775"
+ recursive true
+end
+
+template "/var/lib/prometheus/node-exporter/chef.prom" do
+ source "chef.prom.erb"
+ owner "root"
+ group "root"
+ mode "644"
+end
+
+metric_relabel = []
+
+node[:hardware][:hwmon].each do |chip, details|
+ next unless details[:ignore]
+
+ sensors = details[:ignore].join("|")
+
+ metric_relabel << {
+ :source_labels => "chip,sensor",
+ :regex => "#{chip};(#{sensors})",
+ :action => "drop"
+ }
+end
+
prometheus_exporter "node" do
port 9100
+ user "root"
+ proc_subset "all"
+ protect_clock false
+ restrict_address_families %w[AF_UNIX AF_NETLINK]
+ system_call_filter ["@system-service", "@clock"]
+ options %w[
+ --collector.textfile.directory=/var/lib/prometheus/node-exporter
+ --collector.interrupts
+ --collector.processes
+ --collector.rapl.enable-zone-label
+ --collector.systemd
+ --collector.tcpstat
+ ]
+ metric_relabel metric_relabel
+end
+
+unless node[:prometheus][:junos].empty?
+ targets = node[:prometheus][:junos].collect { |_, details| details[:address] }.sort.join(",")
+
+ prometheus_exporter "junos" do
+ port 9326
+ options %W[
+ --ssh.user=prometheus
+ --ssh.keyfile=/var/lib/prometheus/junos-exporter/id_rsa
+ --ssh.targets=#{targets}
+ --bgp.enabled=false
+ --lacp.enabled=true
+ --ldp.enabled=false
+ --ospf.enabled=false
+ --power.enabled=false
+ ]
+ ssh true
+ register_target false
+ end
+end
+
+unless node[:prometheus][:snmp].empty?
+ prometheus_exporter "snmp" do
+ port 9116
+ options "--config.file=/opt/prometheus-exporters/exporters/snmp/snmp.yml"
+ register_target false
+ end
+end
+
+if node[:prometheus][:files].empty?
+ prometheus_exporter "filestat" do
+ action :delete
+ end
+
+ file "/etc/prometheus/filestat.yml" do
+ action :delete
+ end
+else
+ template "/etc/prometheus/filestat.yml" do
+ source "filestat.yml.erb"
+ owner "root"
+ group "root"
+ mode "644"
+ end
+
+ prometheus_exporter "filestat" do
+ port 9943
+ options "--config.file=/etc/prometheus/filestat.yml"
+ subscribes :restart, "template[/etc/prometheus/filestat.yml]"
+ end
end