AWS Service Quotas Exporter Deployment

grafana/generic/setup-grafana/tasks/docker.yml

@@ -32,12 +32,12 @@
     name: grafana
     image: "{{ grafana_image }}:{{ grafana_image_version }}"
     network_mode: host
-    published_ports:
-    - "{{ grafana_port }}:3000"
+    #published_ports:
+    #- "{{ grafana_port }}:3000"
     volumes:
     - "{{ monitoring_config_dir }}/datasources.yml:/etc/grafana/provisioning/datasources/datasources.yml:Z"
     - "{{ monitoring_config_dir }}/dashboards/:/etc/grafana/provisioning/dashboards/:Z"
     env:
-      GF_SECURITY_ADMIN_PASSWORD: "{{ grafana_password }}"
+      GF_SECURITY_ADMIN_PASSWORD: "alamakota"
     state: "{{ provision_state }}"
     restart: yes

playbooks/infra-prometheus/setup-all.yml

@@ -22,6 +22,8 @@
     - "{{ playbook_dir }}/../../prometheus/generic/setup-prometheus"
     - "{{ playbook_dir }}/../../prometheus/generic/setup-alertmanager"
     - "{{ playbook_dir }}/../../prometheus/generic/update-thresholds"
+    - "{{ playbook_dir }}/../../grafana/generic/setup-grafana"
+#    - "{{ playbook_dir }}/../../grafana/generic/configure-grafana-datasource"
   tags:
     - prometheus
     - alertmanager
@@ -31,8 +33,6 @@
 - name: Setup onboard exporters
   hosts: monitoring-hosts
   become: True
-  vars:
-    provision_state: "started"
   roles:
     - "{{ playbook_dir }}/../../prometheus/generic/setup-ssl-exporter"
     - "{{ playbook_dir }}/../../prometheus/generic/setup-ilo-exporter"
@@ -41,6 +41,7 @@
     - "{{ playbook_dir }}/../../prometheus/generic/setup-openstack-exporter"
     - "{{ playbook_dir }}/../../prometheus/generic/setup-junos-exporter"
     - "{{ playbook_dir }}/../../prometheus/generic/setup-openstack-exporter"
+    - "{{ playbook_dir }}/../../prometheus/generic/setup-aws-sq-exporter" 
   tags:
     - exporters
     - onboard-exporters

prometheus/generic/add-target/tasks/main.yml

@@ -89,6 +89,15 @@
     seuser: system_u
     setype: container_file_t
 
+- name: create aws-sq-exporter_targets directory
+  file:
+    path: "/var/prometheus_targets/aws_sq_exporter_targets"
+    state: directory
+    mode: '0775'
+    group: monitoring-editors
+    seuser: system_u
+    setype: container_file_t
+
 - name: create federated_prometheus_targets directory
   file:
     path: "/var/prometheus_targets/federated_targets"
@@ -120,6 +129,17 @@
   loop: "{{ groups['prometheus_target_haproxy'] }}"
   when: "'prometheus_target_haproxy' in groups"
 
+- name: template the aws-sq-exporter_targets
+  template:
+    src: aws_sq_exporter.yml.j2
+    dest: "/var/prometheus_targets/aws_sq_exporter_targets/aws-sq-exporter_target_{{ item.awsAccount }}.yml"
+    mode: '0775'
+    group: monitoring-editors
+    seuser: system_u
+    setype: container_file_t
+  loop: "{{ ansible_sq_exporter }}"
+  when: "'monitoring-aws-sq-exporter' in groups"
+
 - name: template the bind_targets
   template:
     src: bind_target.yml.j2

prometheus/generic/add-target/templates/aws_sq_exporter.yml.j2

@@ -0,0 +1,4 @@
+- targets:
+  - {{ ansible_ssh_host }}:{{ item.port }}
+  labels:
+    name: 'AWS SQ Exporter {{ item.awsAccount }}'

prometheus/generic/setup-aws-sq-exporter/README.md

@@ -0,0 +1,69 @@
+setup-aws-sq-exporter
+=========
+
+This role will instantiate a AWS SQ Exporter container on targeted hosts. Role accepts a list of AWS accounts to monitor, and will spin up one Docker container per account.
+
+Requirements
+------------
+
+Docker must be available and running on the targeted hosts.
+
+Role Variables
+--------------
+## Default values of variables:
+```
+---
+aws_sq_exporter_image: 'prom/aws-sq-exporter'
+aws_sq_exporter_image_version: 'latest'
+aws_sq_exporter_port: '8080'
+
+provision_state: "started"
+
+ansible_sq_exporter:
+   - awsAccount: "Dummy-Account"
+     port: 9420
+     apikey: 22222
+     secretkey: 3333
+     regions: "us-east-1,us-east-2"
+     debug: false
+```
+```
+aws_sq_exporter_image - The AWS SQ Exporter image to deploy.
+aws_sq_exporter_image_version - The image tag to deploy.
+aws_sq_exporter_port - The port to be exposed on container.
+provision_state - Options: [absent, killed, present, reloaded, restarted, **started** (default), stopped]
+
+ansible_sq_exporter: - variable holding individual account configuration
+   - awsAccount: "Dummy-Account"  - AWS Account alias
+     port: 9420                  - Port on which this specific container will be exposed for metrics scraping
+     apikey: 22222               - AWS Account API Key
+     secretkey: 3333             - AWS Account SecretKey
+     regions: "ex1,ex2"         - Commaseparated list of regions to query for SQs and usage
+     debug: false                - Increase logging verbosity
+```
+
+
+Dependencies
+------------
+```
+python >= 2.6
+docker-py >= 0.3.0
+The docker server >= 0.10.0
+```
+
+Example Playbook
+----------------
+```
+- name: Setup AWS SQ Exporter
+  hosts: prometheus_master
+  become: True
+  vars:
+    provision_state: "started"
+  roles:
+    - prometheus/generic/setup-aws-sq-exporter
+```
+
+License
+-------
+
+BSD

prometheus/generic/setup-aws-sq-exporter/defaults/main.yml

@@ -0,0 +1,13 @@
+---
+aws_sq_exporter_image: 'prom/aws-sq-exporter'
+aws_sq_exporter_image_version: 'latest'
+aws_sq_exporter_port: '8080'
+
+provision_state: "started"
+
+ansible_sq_exporter:
+   - awsAccount: "Dummy-Account"
+     port: 9420
+     apikey: 22222
+     secretkey: 3333
+     regions: "us-east-1"

prometheus/generic/setup-aws-sq-exporter/tasks/docker.yml

@@ -0,0 +1,31 @@
+---
+
+- name: Enable firewalld
+  service:
+    name: firewalld
+    enabled: yes
+    state: started
+
+- name: Open Firewall for Prometheus
+  firewalld:
+    port: "{{ item.port }}/tcp"
+    permanent: yes
+    state: enabled
+    immediate: yes
+  loop: "{{ ansible_sq_exporter }}"
+
+- name: Run AWS SQ Exporter Docker container
+  docker_container:
+    name: "aws-sq-exporter_{{ item.awsAccount }}"
+    image: "{{ aws_sq_exporter_image }}:{{ aws_sq_exporter_image_version }}"
+    restart_policy: unless-stopped
+    network_mode: host
+    state: "{{ provision_state }}"
+    command: |
+      /opt/app-root/src/sq_exporter.py 
+      --apikey "{{ item.apikey}}"
+      --secretkey "{{ item.secretkey }}"
+      --regions "{{ item.regions}}"
+      --port "{{ item.port }}"
+    restart: yes
+  loop: "{{ ansible_sq_exporter }}"

prometheus/generic/setup-aws-sq-exporter/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Run prereqs
+  import_tasks: prereqs.yml
+
+- name: Run the docker images
+  import_tasks: docker.yml

prometheus/generic/setup-aws-sq-exporter/tasks/prereqs.yml

@@ -0,0 +1,35 @@
+---
+- name: "install EPEL GPG key - if specified"
+  rpm_key:
+    key: "{{ monitoring_host_epel_gpg_download_url }}"
+    state: present
+  when:
+    - monitoring_host_epel_gpg_download_url is defined
+    - monitoring_host_epel_gpg_download_url|trim != ''
+    - monitoring_host_epel_disable_gpg_check|lower == 'no'
+
+- name: "install epel-release"
+  yum:
+    name: "{{ monitoring_host_epel_download_url }}"
+    state: present
+    disable_gpg_check: "{{ monitoring_host_epel_disable_gpg_check | default('no') }}"
+
+- name: Ensure epel-release is installed
+  yum:
+    name: "{{ item }}"
+    state: present
+  with_items:
+  - epel-release
+
+- name: Ensure pip is installed
+  yum:
+    name: "{{ item }}"
+    state: present
+  with_items:
+  - python-pip
+
+- name: Install required python libraries
+  pip:
+    name: "docker-py"
+    state: present
+

prometheus/generic/setup-prometheus/templates/prometheus.yml.j2

@@ -31,6 +31,12 @@ scrape_configs:
       - files:
         - /etc/prometheus/targets/node_targets/*.yml
 
+  - job_name: 'aws_sq_exporter'
+    scrape_interval: 60s
+    file_sd_configs:
+      - files:
+        - /etc/prometheus/targets/aws_sq_exporter_targets/*.yml
+
 {% if (groups['monitoring-hosts'] |length ) > 1 %}
   - job_name: 'federate-sanity-check'
     scrape_interval: 15s
@@ -59,7 +65,6 @@ scrape_configs:
       - files:
         - /etc/prometheus/targets/federated_targets/*.yml
 
-
   - job_name: 'haproxy_exporter'
     scrape_interval: 5s
     file_sd_configs: