X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/e3618ba243a881e01ada64aaab68e131fe90d6c8..65d913a7f1b116d8e53cfcc70973ec8bb467ab76:/cookbooks/prometheus/resources/exporter.rb?ds=inline diff --git a/cookbooks/prometheus/resources/exporter.rb b/cookbooks/prometheus/resources/exporter.rb index 0e1d9d6e4..5075c5d6a 100644 --- a/cookbooks/prometheus/resources/exporter.rb +++ b/cookbooks/prometheus/resources/exporter.rb @@ -42,12 +42,32 @@ property :restrict_address_families, [String, Array] property :remove_ipc, [true, false] property :system_call_filter, [String, Array] property :service, :kind_of => String +property :labels, :kind_of => Hash, :default => {} property :scrape_interval, :kind_of => String property :scrape_timeout, :kind_of => String property :metric_relabel, :kind_of => Array property :register_target, :kind_of => [TrueClass, FalseClass], :default => true +property :ssh, [true, false] action :create do + if new_resource.ssh && new_resource.user.nil? + keys = data_bag_item("prometheus", "keys") + + directory "/var/lib/private/prometheus/#{new_resource.exporter}-exporter" do + mode "700" + recursive true + end + + file "/var/lib/private/prometheus/#{new_resource.exporter}-exporter/id_rsa" do + content keys["ssh"].join("\n") + mode "400" + end + + cookbook_file "/var/lib/private/prometheus/#{new_resource.exporter}-exporter/id_rsa.pub" do + mode "644" + end + end + systemd_service service_name do after "network-online.target" wants "network-online.target" @@ -59,6 +79,7 @@ action :create do environment new_resource.environment exec_start "#{executable_path} #{new_resource.command} #{executable_options}" sandbox :enable_network => true + state_directory "prometheus/#{new_resource.exporter}-exporter" if new_resource.ssh && new_resource.user.nil? protect_proc new_resource.protect_proc if new_resource.property_is_set?(:protect_proc) proc_subset new_resource.proc_subset if new_resource.property_is_set?(:proc_subset) capability_bounding_set new_resource.capability_bounding_set if new_resource.property_is_set?(:capability_bounding_set) @@ -78,9 +99,9 @@ action :create do firewall_rule "accept-prometheus-#{new_resource.exporter}" do action :accept - source "osm" - dest "fw" - proto "tcp" + context :incoming + protocol :tcp + source :osm dest_ports new_resource.port only_if { node[:prometheus][:mode] == "external" } end @@ -91,6 +112,7 @@ action :create do node.default[:prometheus][:exporters][new_resource.port] = { :name => new_resource.exporter, :address => listen_address, + :labels => new_resource.labels, :scrape_interval => new_resource.scrape_interval, :scrape_timeout => new_resource.scrape_timeout, :metric_relabel => new_resource.metric_relabel