diff --git a/grafana/generic/setup-grafana/tasks/docker.yml b/grafana/generic/setup-grafana/tasks/docker.yml index edfe950..b580d12 100644 --- a/grafana/generic/setup-grafana/tasks/docker.yml +++ b/grafana/generic/setup-grafana/tasks/docker.yml @@ -32,12 +32,12 @@ name: grafana image: "{{ grafana_image }}:{{ grafana_image_version }}" network_mode: host - published_ports: - - "{{ grafana_port }}:3000" + #published_ports: + #- "{{ grafana_port }}:3000" volumes: - "{{ monitoring_config_dir }}/datasources.yml:/etc/grafana/provisioning/datasources/datasources.yml:Z" - "{{ monitoring_config_dir }}/dashboards/:/etc/grafana/provisioning/dashboards/:Z" env: - GF_SECURITY_ADMIN_PASSWORD: "{{ grafana_password }}" + GF_SECURITY_ADMIN_PASSWORD: "alamakota" state: "{{ provision_state }}" restart: yes diff --git a/playbooks/infra-prometheus/setup-all.yml b/playbooks/infra-prometheus/setup-all.yml index 6fefe9e..4902b4b 100644 --- a/playbooks/infra-prometheus/setup-all.yml +++ b/playbooks/infra-prometheus/setup-all.yml @@ -22,6 +22,8 @@ - "{{ playbook_dir }}/../../prometheus/generic/setup-prometheus" - "{{ playbook_dir }}/../../prometheus/generic/setup-alertmanager" - "{{ playbook_dir }}/../../prometheus/generic/update-thresholds" + - "{{ playbook_dir }}/../../grafana/generic/setup-grafana" +# - "{{ playbook_dir }}/../../grafana/generic/configure-grafana-datasource" tags: - prometheus - alertmanager @@ -31,8 +33,6 @@ - name: Setup onboard exporters hosts: monitoring-hosts become: True - vars: - provision_state: "started" roles: - "{{ playbook_dir }}/../../prometheus/generic/setup-ssl-exporter" - "{{ playbook_dir }}/../../prometheus/generic/setup-ilo-exporter" @@ -41,6 +41,7 @@ - "{{ playbook_dir }}/../../prometheus/generic/setup-openstack-exporter" - "{{ playbook_dir }}/../../prometheus/generic/setup-junos-exporter" - "{{ playbook_dir }}/../../prometheus/generic/setup-openstack-exporter" + - "{{ playbook_dir }}/../../prometheus/generic/setup-aws-sq-exporter" tags: - exporters - onboard-exporters diff --git a/prometheus/generic/add-target/tasks/main.yml b/prometheus/generic/add-target/tasks/main.yml index 4109d8c..2b054e3 100644 --- a/prometheus/generic/add-target/tasks/main.yml +++ b/prometheus/generic/add-target/tasks/main.yml @@ -89,6 +89,15 @@ seuser: system_u setype: container_file_t +- name: create aws-sq-exporter_targets directory + file: + path: "/var/prometheus_targets/aws_sq_exporter_targets" + state: directory + mode: '0775' + group: monitoring-editors + seuser: system_u + setype: container_file_t + - name: create federated_prometheus_targets directory file: path: "/var/prometheus_targets/federated_targets" @@ -120,6 +129,17 @@ loop: "{{ groups['prometheus_target_haproxy'] }}" when: "'prometheus_target_haproxy' in groups" +- name: template the aws-sq-exporter_targets + template: + src: aws_sq_exporter.yml.j2 + dest: "/var/prometheus_targets/aws_sq_exporter_targets/aws-sq-exporter_target_{{ item.awsAccount }}.yml" + mode: '0775' + group: monitoring-editors + seuser: system_u + setype: container_file_t + loop: "{{ ansible_sq_exporter }}" + when: "'monitoring-aws-sq-exporter' in groups" + - name: template the bind_targets template: src: bind_target.yml.j2 diff --git a/prometheus/generic/add-target/templates/aws_sq_exporter.yml.j2 b/prometheus/generic/add-target/templates/aws_sq_exporter.yml.j2 new file mode 100644 index 0000000..f7fb3a7 --- /dev/null +++ b/prometheus/generic/add-target/templates/aws_sq_exporter.yml.j2 @@ -0,0 +1,4 @@ +- targets: + - {{ ansible_ssh_host }}:{{ item.port }} + labels: + name: 'AWS SQ Exporter {{ item.awsAccount }}' diff --git a/prometheus/generic/setup-aws-sq-exporter/README.md b/prometheus/generic/setup-aws-sq-exporter/README.md new file mode 100644 index 0000000..ce6ba22 --- /dev/null +++ b/prometheus/generic/setup-aws-sq-exporter/README.md @@ -0,0 +1,69 @@ +setup-aws-sq-exporter +========= + +This role will instantiate a AWS SQ Exporter container on targeted hosts. Role accepts a list of AWS accounts to monitor, and will spin up one Docker container per account. + +Requirements +------------ + +Docker must be available and running on the targeted hosts. + +Role Variables +-------------- +## Default values of variables: +``` +--- +aws_sq_exporter_image: 'prom/aws-sq-exporter' +aws_sq_exporter_image_version: 'latest' +aws_sq_exporter_port: '8080' + +provision_state: "started" + +ansible_sq_exporter: + - awsAccount: "Dummy-Account" + port: 9420 + apikey: 22222 + secretkey: 3333 + regions: "us-east-1,us-east-2" + debug: false +``` +``` +aws_sq_exporter_image - The AWS SQ Exporter image to deploy. +aws_sq_exporter_image_version - The image tag to deploy. +aws_sq_exporter_port - The port to be exposed on container. +provision_state - Options: [absent, killed, present, reloaded, restarted, **started** (default), stopped] + +ansible_sq_exporter: - variable holding individual account configuration + - awsAccount: "Dummy-Account" - AWS Account alias + port: 9420 - Port on which this specific container will be exposed for metrics scraping + apikey: 22222 - AWS Account API Key + secretkey: 3333 - AWS Account SecretKey + regions: "ex1,ex2" - Commaseparated list of regions to query for SQs and usage + debug: false - Increase logging verbosity +``` + + +Dependencies +------------ +``` +python >= 2.6 +docker-py >= 0.3.0 +The docker server >= 0.10.0 +``` + +Example Playbook +---------------- +``` +- name: Setup AWS SQ Exporter + hosts: prometheus_master + become: True + vars: + provision_state: "started" + roles: + - prometheus/generic/setup-aws-sq-exporter +``` + +License +------- + +BSD diff --git a/prometheus/generic/setup-aws-sq-exporter/defaults/main.yml b/prometheus/generic/setup-aws-sq-exporter/defaults/main.yml new file mode 100644 index 0000000..1c2fb33 --- /dev/null +++ b/prometheus/generic/setup-aws-sq-exporter/defaults/main.yml @@ -0,0 +1,13 @@ +--- +aws_sq_exporter_image: 'prom/aws-sq-exporter' +aws_sq_exporter_image_version: 'latest' +aws_sq_exporter_port: '8080' + +provision_state: "started" + +ansible_sq_exporter: + - awsAccount: "Dummy-Account" + port: 9420 + apikey: 22222 + secretkey: 3333 + regions: "us-east-1" diff --git a/prometheus/generic/setup-aws-sq-exporter/tasks/docker.yml b/prometheus/generic/setup-aws-sq-exporter/tasks/docker.yml new file mode 100644 index 0000000..a684707 --- /dev/null +++ b/prometheus/generic/setup-aws-sq-exporter/tasks/docker.yml @@ -0,0 +1,31 @@ +--- + +- name: Enable firewalld + service: + name: firewalld + enabled: yes + state: started + +- name: Open Firewall for Prometheus + firewalld: + port: "{{ item.port }}/tcp" + permanent: yes + state: enabled + immediate: yes + loop: "{{ ansible_sq_exporter }}" + +- name: Run AWS SQ Exporter Docker container + docker_container: + name: "aws-sq-exporter_{{ item.awsAccount }}" + image: "{{ aws_sq_exporter_image }}:{{ aws_sq_exporter_image_version }}" + restart_policy: unless-stopped + network_mode: host + state: "{{ provision_state }}" + command: | + /opt/app-root/src/sq_exporter.py + --apikey "{{ item.apikey}}" + --secretkey "{{ item.secretkey }}" + --regions "{{ item.regions}}" + --port "{{ item.port }}" + restart: yes + loop: "{{ ansible_sq_exporter }}" diff --git a/prometheus/generic/setup-aws-sq-exporter/tasks/main.yml b/prometheus/generic/setup-aws-sq-exporter/tasks/main.yml new file mode 100644 index 0000000..5affcdf --- /dev/null +++ b/prometheus/generic/setup-aws-sq-exporter/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- name: Run prereqs + import_tasks: prereqs.yml + +- name: Run the docker images + import_tasks: docker.yml diff --git a/prometheus/generic/setup-aws-sq-exporter/tasks/prereqs.yml b/prometheus/generic/setup-aws-sq-exporter/tasks/prereqs.yml new file mode 100644 index 0000000..213f376 --- /dev/null +++ b/prometheus/generic/setup-aws-sq-exporter/tasks/prereqs.yml @@ -0,0 +1,35 @@ +--- +- name: "install EPEL GPG key - if specified" + rpm_key: + key: "{{ monitoring_host_epel_gpg_download_url }}" + state: present + when: + - monitoring_host_epel_gpg_download_url is defined + - monitoring_host_epel_gpg_download_url|trim != '' + - monitoring_host_epel_disable_gpg_check|lower == 'no' + +- name: "install epel-release" + yum: + name: "{{ monitoring_host_epel_download_url }}" + state: present + disable_gpg_check: "{{ monitoring_host_epel_disable_gpg_check | default('no') }}" + +- name: Ensure epel-release is installed + yum: + name: "{{ item }}" + state: present + with_items: + - epel-release + +- name: Ensure pip is installed + yum: + name: "{{ item }}" + state: present + with_items: + - python-pip + +- name: Install required python libraries + pip: + name: "docker-py" + state: present + diff --git a/prometheus/generic/setup-prometheus/templates/prometheus.yml.j2 b/prometheus/generic/setup-prometheus/templates/prometheus.yml.j2 index 6eb3067..4b06bd2 100644 --- a/prometheus/generic/setup-prometheus/templates/prometheus.yml.j2 +++ b/prometheus/generic/setup-prometheus/templates/prometheus.yml.j2 @@ -31,6 +31,12 @@ scrape_configs: - files: - /etc/prometheus/targets/node_targets/*.yml + - job_name: 'aws_sq_exporter' + scrape_interval: 60s + file_sd_configs: + - files: + - /etc/prometheus/targets/aws_sq_exporter_targets/*.yml + {% if (groups['monitoring-hosts'] |length ) > 1 %} - job_name: 'federate-sanity-check' scrape_interval: 15s @@ -59,7 +65,6 @@ scrape_configs: - files: - /etc/prometheus/targets/federated_targets/*.yml - - job_name: 'haproxy_exporter' scrape_interval: 5s file_sd_configs: