gnunet-svn
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ansible-taler-exchange] branch master updated: work on exporters


From: gnunet
Subject: [ansible-taler-exchange] branch master updated: work on exporters
Date: Sun, 19 Jan 2025 12:41:43 +0100

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository ansible-taler-exchange.

The following commit(s) were added to refs/heads/master by this push:
     new 53bb687  work on exporters
53bb687 is described below

commit 53bb6870714b04e5e26935c34b83f38c83f0cfe0
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sun Jan 19 12:41:40 2025 +0100

    work on exporters
---
 .../files/etc/default/prometheus-nginx-exporter    | 69 ++++++++++++++++++++++
 .../files/etc/default/prometheus-node-exporter     |  5 ++
 .../files/etc/default/prometheus-postgres-exporter |  2 +-
 roles/monitoring/tasks/main.yml                    | 32 ++++++++++
 .../nginx/sites-available/monitoring-nginx.conf.j2 | 38 ++++++++----
 5 files changed, 135 insertions(+), 11 deletions(-)

diff --git a/roles/monitoring/files/etc/default/prometheus-nginx-exporter 
b/roles/monitoring/files/etc/default/prometheus-nginx-exporter
new file mode 100644
index 0000000..503fa98
--- /dev/null
+++ b/roles/monitoring/files/etc/default/prometheus-nginx-exporter
@@ -0,0 +1,69 @@
+# Set the command-line arguments to pass to the server.
+# Due to shell escaping, to pass backslashes for regexes, you need to double
+# them (\\d for \d). If running under systemd, you need to double them again
+# (\\\\d to mean \d), and escape newlines too.
+ARGS="-web.listen-address 127.0.0.1:9913 -nginx.scrape-uri 
http://127.0.0.1:80/metrics";
+
+# See monitoring-nginx.conf for the scrape-uri export!
+
+
+
+# prometheus-nginx-exporter supports the following options:
+#
+#  -nginx.plus
+#    Start the exporter for NGINX Plus. By default, the exporter is started for
+#    NGINX. The default value can be overwritten by NGINX_PLUS environment
+#    variable.
+#  -nginx.retries uint
+#    A number of retries the exporter will make on start to connect to the
+#    NGINX stub_status page/NGINX Plus API before exiting with an error. The
+#    default value can be overwritten by NGINX_RETRIES environment variable.
+#  -nginx.retry-interval value
+#    An interval between retries to connect to the NGINX stub_status page/NGINX
+#    Plus API on start. The default value can be overwritten by
+#    NGINX_RETRY_INTERVAL environment variable. (default 5s).
+#  -nginx.scrape-uri string
+#    A URI or unix domain socket path for scraping NGINX or NGINX Plus metrics.
+#    For NGINX, the stub_status page must be available through the URI. For
+#    NGINX Plus -- the API. The default value can be overwritten by SCRAPE_URI
+#    environment variable. (default "http://127.0.0.1:8080/stub_status";).
+#  -nginx.ssl-ca-cert string
+#    Path to the PEM encoded CA certificate file used to validate the servers
+#    SSL certificate. The default value can be overwritten by SSL_CA_CERT
+#    environment variable.
+#  -nginx.ssl-client-cert string
+#    Path to the PEM encoded client certificate file to use when connecting to
+#    the server. The default value can be overwritten by SSL_CLIENT_CERT
+#    environment variable.
+#  -nginx.ssl-client-key string
+#    Path to the PEM encoded client certificate key file to use when connecting
+#    to the server. The default value can be overwritten by SSL_CLIENT_KEY
+#    environment variable.
+#  -nginx.ssl-verify
+#    Perform SSL certificate verification. The default value can be overwritten
+#    by SSL_VERIFY environment variable. (default true).
+#  -nginx.timeout value
+#    A timeout for scraping metrics from NGINX or NGINX Plus. The default value
+#    can be overwritten by TIMEOUT environment variable. (default 5s).
+#  -prometheus.const-labels value
+#    A comma separated list of constant labels that will be used in every
+#    metric. Format is label1=value1,label2=value2... The default value can be
+#    overwritten by CONST_LABELS environment variable.
+#  -web.listen-address string
+#    An address or unix domain socket path to listen on for web interface and
+#    telemetry. The default value can be overwritten by LISTEN_ADDRESS
+#    environment variable. (default ":9113").
+#  -web.secured-metrics
+#    Expose metrics using https. The default value can be overwritten by
+#    SECURED_METRICS variable.
+#  -web.ssl-server-cert string
+#    Path to the PEM encoded certificate for the nginx-exporter metrics
+#    server(when web.secured-metrics=true). The default value can be
+#    overwritten by SSL_SERVER_CERT variable.
+#  -web.ssl-server-key string
+#    Path to the PEM encoded key for the nginx-exporter metrics server (when
+#    web.secured-metrics=true). The default value can be overwritten by
+#    SSL_SERVER_KEY variable.
+#  -web.telemetry-path string
+#    A path under which to expose metrics. The default value can be overwritten
+#    by TELEMETRY_PATH environment variable. (default "/metrics").
diff --git a/roles/monitoring/files/etc/default/prometheus-node-exporter 
b/roles/monitoring/files/etc/default/prometheus-node-exporter
new file mode 100644
index 0000000..8a133ef
--- /dev/null
+++ b/roles/monitoring/files/etc/default/prometheus-node-exporter
@@ -0,0 +1,5 @@
+# Set the command-line arguments to pass to the server.
+# Due to shell escaping, to pass backslashes for regexes, you need to double
+# them (\\d for \d). If running under systemd, you need to double them again
+# (\\\\d to mean \d), and escape newlines too.
+ARGS="--web.listen-address 127.0.0.1:9100"
diff --git a/roles/monitoring/files/etc/default/prometheus-postgres-exporter 
b/roles/monitoring/files/etc/default/prometheus-postgres-exporter
index 0609f7e..9c685aa 100644
--- a/roles/monitoring/files/etc/default/prometheus-postgres-exporter
+++ b/roles/monitoring/files/etc/default/prometheus-postgres-exporter
@@ -10,4 +10,4 @@ DATA_SOURCE_NAME='user=postgres host=/run/postgresql 
dbname=taler-exchange'
 # Due to shell escaping, to pass backslashes for regexes, you need to double
 # them (\\d for \d). If running under systemd, you need to double them again
 # (\\\\d to mean \d), and escape newlines too.
-ARGS=""
+ARGS="--web.listen-address=127.0.0.1:9187"
diff --git a/roles/monitoring/tasks/main.yml b/roles/monitoring/tasks/main.yml
index 0608786..d8ed703 100644
--- a/roles/monitoring/tasks/main.yml
+++ b/roles/monitoring/tasks/main.yml
@@ -66,6 +66,29 @@
     state: link
   notify: restart nginx
 
+- name: Create prometheus database user
+  community.postgresql.postgresql_user:
+    name: prometheus
+
+- name: Grant access to postgres database to the postgres-exporter
+  become: yes
+  become_user: postgres
+  community.postgresql.postgresql_query:
+    login_user: postgres
+    query:
+    - "SELECT format('GRANT CONNECT ON DATABASE %I TO prometheus;', datname) 
FROM pg_database \gexec"
+    - "GRANT USAGE ON SCHEMA pg_catalog TO prometheus;"
+    - "GRANT SELECT ON ALL TABLES IN SCHEMA pg_catalog TO prometheus;"
+
+- name: Configure node-exporter
+  copy:
+    src: etc/default/prometheus-node-exporter
+    dest: /etc/default/prometheus-node-exporter
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart node-exporter
+
 - name: Configure postgres-exporter
   copy:
     src: etc/default/prometheus-postgres-exporter
@@ -75,6 +98,15 @@
     mode: 0644
   notify: restart postgres-exporter
 
+- name: Configure nginx-exporter
+  copy:
+    src: etc/default/prometheus-nginx-exporter
+    dest: /etc/default/prometheus-nginx-exporter
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart nginx-exporter
+
 - name: Ensure exporter services are enabled and started
   service:
     name: "{{item}}"
diff --git 
a/roles/monitoring/templates/etc/nginx/sites-available/monitoring-nginx.conf.j2 
b/roles/monitoring/templates/etc/nginx/sites-available/monitoring-nginx.conf.j2
index ff4715c..4c62ce7 100644
--- 
a/roles/monitoring/templates/etc/nginx/sites-available/monitoring-nginx.conf.j2
+++ 
b/roles/monitoring/templates/etc/nginx/sites-available/monitoring-nginx.conf.j2
@@ -21,20 +21,20 @@ server {
   error_log /var/log/nginx/monitoring.{{ DOMAIN_NAME }}.err;
   access_log /var/log/nginx/monitoring.{{ DOMAIN_NAME }}.log;
 
-  location /nginx/ {
+  location /node/ {
      # Put API behind simple access control. TODO: check Prometheus can do 
this!
      if ($http_authorization != "Bearer {{ PROMETHEUS_ACCESS_TOKEN }}") {
         return 401;
      }
-     proxy_pass http://127.0.0.1:9113/;
+     proxy_pass http://127.0.0.1:9100/;
   }
 
-  location /node/ {
+  location /nginx/ {
      # Put API behind simple access control. TODO: check Prometheus can do 
this!
      if ($http_authorization != "Bearer {{ PROMETHEUS_ACCESS_TOKEN }}") {
         return 401;
      }
-     proxy_pass http://127.0.0.1:9100/;
+     proxy_pass http://127.0.0.1:9113/;
   }
 
   location /postgres/ {
@@ -45,11 +45,29 @@ server {
      proxy_pass http://127.0.0.1:9187/;
   }
 
-  location /systemd/ {
+#  location /systemd/ {
      # Put API behind simple access control. TODO: check Prometheus can do 
this!
-     if ($http_authorization != "Bearer {{ PROMETHEUS_ACCESS_TOKEN }}") {
-        return 401;
-     }
-     proxy_pass http://127.0.0.1:9116/;
-  }
+#     if ($http_authorization != "Bearer {{ PROMETHEUS_ACCESS_TOKEN }}") {
+#        return 401;
+#     }
+#     proxy_pass http://127.0.0.1:9116/;
+#  }
+
+}
+
+
+
+# Expose Nginx /metrics on loopback for the node exporter
+# See /etc/default/prometheus-nginx-exporter for the use
+server {
+  listen localhost;
+  root /dev/null;
+  server_name localhost;
+
+  location /metrics {
+     stub_status on;
+     access_log off;
+     allow 127.0.0.1;
+     deny all;
+   }
 }

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]