]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/prometheus/resources/exporter.rb
systemd-networkd-wait-online waiting for timeout in dokken
[chef.git] / cookbooks / prometheus / resources / exporter.rb
index 0c94fa0eb4310d8567a7874628d9ab423980c067..5075c5d6ae3a6ed17e928008a030659e3f15990a 100644 (file)
 # limitations under the License.
 #
 
+unified_mode true
+
 default_action :create
 
 property :exporter, :kind_of => String, :name_property => true
-property :github_owner, :kind_of => String, :default => "prometheus"
-property :github_project, :kind_of => String
-property :version, :kind_of => String, :required => [:create]
+property :address, :kind_of => String
 property :port, :kind_of => Integer, :required => [:create]
 property :listen_switch, :kind_of => String, :default => "web.listen-address"
+property :listen_type, :kind_of => String, :default => "address"
+property :user, :kind_of => String
+property :group, :kind_of => String
+property :command, :kind_of => String
 property :options, :kind_of => [String, Array]
+property :environment, :kind_of => Hash, :default => {}
+property :protect_proc, String
+property :proc_subset, String
+property :capability_bounding_set, [String, Array]
+property :ambient_capabilities, [String, Array]
+property :private_devices, [true, false]
+property :private_users, [true, false]
+property :protect_clock, [true, false]
+property :restrict_address_families, [String, Array]
+property :remove_ipc, [true, false]
+property :system_call_filter, [String, Array]
+property :service, :kind_of => String
+property :labels, :kind_of => Hash, :default => {}
+property :scrape_interval, :kind_of => String
+property :scrape_timeout, :kind_of => String
+property :metric_relabel, :kind_of => Array
+property :register_target, :kind_of => [TrueClass, FalseClass], :default => true
+property :ssh, [true, false]
 
 action :create do
-  package "prometheus-#{new_resource.exporter}-exporter" do
-    action :purge
-  end
+  if new_resource.ssh && new_resource.user.nil?
+    keys = data_bag_item("prometheus", "keys")
 
-  remote_file archive_file do
-    action :create_if_missing
-    source archive_url
-    owner "root"
-    group "root"
-    mode "644"
-    backup false
-  end
+    directory "/var/lib/private/prometheus/#{new_resource.exporter}-exporter" do
+      mode "700"
+      recursive true
+    end
 
-  execute archive_file do
-    action :nothing
-    command "tar -xf #{archive_file}"
-    cwd "/opt/prometheus"
-    user "root"
-    group "root"
-    subscribes :run, "remote_file[#{archive_file}]"
+    file "/var/lib/private/prometheus/#{new_resource.exporter}-exporter/id_rsa" do
+      content keys["ssh"].join("\n")
+      mode "400"
+    end
+
+    cookbook_file "/var/lib/private/prometheus/#{new_resource.exporter}-exporter/id_rsa.pub" do
+      mode "644"
+    end
   end
 
   systemd_service service_name do
+    after "network-online.target"
+    wants "network-online.target"
     description "Prometheus #{new_resource.exporter} exporter"
     type "simple"
-    user "root"
-    exec_start "#{executable_path} #{executable_options}"
-    private_tmp true
-    protect_system "strict"
-    protect_home true
-    no_new_privileges true
+    user new_resource.user
+    dynamic_user new_resource.user.nil?
+    group new_resource.group
+    environment new_resource.environment
+    exec_start "#{executable_path} #{new_resource.command} #{executable_options}"
+    sandbox :enable_network => true
+    state_directory "prometheus/#{new_resource.exporter}-exporter" if new_resource.ssh && new_resource.user.nil?
+    protect_proc new_resource.protect_proc if new_resource.property_is_set?(:protect_proc)
+    proc_subset new_resource.proc_subset if new_resource.property_is_set?(:proc_subset)
+    capability_bounding_set new_resource.capability_bounding_set if new_resource.property_is_set?(:capability_bounding_set)
+    ambient_capabilities new_resource.ambient_capabilities if new_resource.property_is_set?(:ambient_capabilities)
+    private_devices new_resource.private_devices if new_resource.property_is_set?(:private_devices)
+    private_users new_resource.private_users if new_resource.property_is_set?(:private_users)
+    protect_clock new_resource.protect_clock if new_resource.property_is_set?(:protect_clock)
+    restrict_address_families new_resource.restrict_address_families if new_resource.property_is_set?(:restrict_address_families)
+    remove_ipc new_resource.remove_ipc if new_resource.property_is_set?(:remove_ipc)
+    system_call_filter new_resource.system_call_filter if new_resource.property_is_set?(:system_call_filter)
   end
 
   service service_name do
@@ -68,14 +99,25 @@ action :create do
 
   firewall_rule "accept-prometheus-#{new_resource.exporter}" do
     action :accept
-    source "osm"
-    dest "fw"
-    proto "tcp:syn"
+    context :incoming
+    protocol :tcp
+    source :osm
     dest_ports new_resource.port
     only_if { node[:prometheus][:mode] == "external" }
   end
 
-  node.default[:prometheus][:exporters][new_resource.exporter] = listen_address
+  node.default[:prometheus][:addresses][new_resource.exporter] = listen_address
+
+  if new_resource.register_target
+    node.default[:prometheus][:exporters][new_resource.port] = {
+      :name => new_resource.exporter,
+      :address => listen_address,
+      :labels => new_resource.labels,
+      :scrape_interval => new_resource.scrape_interval,
+      :scrape_timeout => new_resource.scrape_timeout,
+      :metric_relabel => new_resource.metric_relabel
+    }
+  end
 end
 
 action :delete do
@@ -83,41 +125,73 @@ action :delete do
     action [:disable, :stop]
   end
 
-  package package_name do
-    action :purge
+  systemd_service service_name do
+    action :delete
+  end
+end
+
+action :restart do
+  service service_name do
+    action :restart
+    only_if { service_exists? }
   end
 end
 
 action_class do
-  def github_project
-    new_resource.github_project || "#{new_resource.exporter}_exporter"
+  def service_name
+    if new_resource.service
+      "prometheus-#{new_resource.service}-exporter"
+    else
+      "prometheus-#{new_resource.exporter}-exporter"
+    end
   end
 
-  def archive_url
-    "https://github.com/#{new_resource.github_owner}/#{github_project}/releases/download/v#{new_resource.version}/#{github_project}-#{new_resource.version}.linux-amd64.tar.gz"
+  def service_exists?
+    ::File.exist?("/etc/systemd/system/#{service_name}.service")
   end
 
-  def archive_file
-    "#{Chef::Config[:file_cache_path]}/prometheus-#{new_resource.exporter}-exporter-#{new_resource.version}.tar.gz"
+  def executable_path
+    if ::File.exist?("#{executable_directory}/#{executable_name}_#{executable_architecture}")
+      "#{executable_directory}/#{executable_name}_#{executable_architecture}"
+    else
+      "#{executable_directory}/#{executable_name}"
+    end
   end
 
-  def service_name
-    "prometheus-#{new_resource.exporter}-exporter"
+  def executable_directory
+    "/opt/prometheus-exporters/exporters/#{new_resource.exporter}"
   end
 
-  def executable_path
-    "/opt/prometheus/#{github_project}-#{new_resource.version}.linux-amd64/#{github_project}"
+  def executable_name
+    "#{new_resource.exporter}_exporter"
+  end
+
+  def executable_architecture
+    node[:kernel][:machine]
   end
 
   def executable_options
-    "--#{new_resource.listen_switch}=#{listen_address} #{Array(new_resource.options).join(" ")}"
+    "--#{new_resource.listen_switch}=#{listen_argument} #{Array(new_resource.options).join(' ')}"
+  end
+
+  def listen_argument
+    case new_resource.listen_type
+    when "address" then listen_address
+    when "url" then "http://#{listen_address}/metrics"
+    end
   end
 
   def listen_address
-    if node[:prometheus][:mode] == "wireguard"
+    if new_resource.address
+      "#{new_resource.address}:#{new_resource.port}"
+    elsif node[:prometheus][:mode] == "wireguard"
       "[#{node[:prometheus][:address]}]:#{new_resource.port}"
     else
       "#{node[:prometheus][:address]}:#{new_resource.port}"
     end
   end
 end
+
+def after_created
+  subscribes :restart, "git[/opt/prometheus-exporters]"
+end