alloy(role): remove unpoller support
This commit is contained in:
parent
099852f588
commit
3f1108cf2c
7 changed files with 1 additions and 382 deletions
|
|
@ -1,7 +1,7 @@
|
||||||
# `Grafana Alloy` role
|
# `Grafana Alloy` role
|
||||||
|
|
||||||
Installs and configures [Grafana Alloy](https://grafana.com/docs/alloy/latest/) on Debian-based systems.
|
Installs and configures [Grafana Alloy](https://grafana.com/docs/alloy/latest/) on Debian-based systems.
|
||||||
Optionally deploys a [Blackbox exporter](https://github.com/prometheus/blackbox_exporter) config and a [UniFi Poller](https://unpoller.com/).
|
Optionally deploys a [Blackbox exporter](https://github.com/prometheus/blackbox_exporter) config.
|
||||||
|
|
||||||
## Supported Distributions
|
## Supported Distributions
|
||||||
|
|
||||||
|
|
@ -19,10 +19,3 @@ Should work on Debian-based distributions.
|
||||||
### Blackbox Exporter
|
### Blackbox Exporter
|
||||||
- `alloy_blackbox_exporter_config_default`: Default blackbox exporter configuration.
|
- `alloy_blackbox_exporter_config_default`: Default blackbox exporter configuration.
|
||||||
- `alloy_blackbox_exporter_config_additional`: Additional blackbox exporter configuration appended to the default blackbox exporter config.
|
- `alloy_blackbox_exporter_config_additional`: Additional blackbox exporter configuration appended to the default blackbox exporter config.
|
||||||
|
|
||||||
### UniFi Poller
|
|
||||||
|
|
||||||
- `alloy_unpoller_enabled`: Enable the UniFi Poller container to scrape UniFi metrics.
|
|
||||||
- `alloy_unpoller_unifi_user`: Username for the UniFi controller used by unpoller, defaults to `unpoller`.
|
|
||||||
- `alloy_unpoller_unifi_password`: Password for the UniFi controller. Required when `alloy_unpoller_enabled` is `true`.
|
|
||||||
- `alloy_unpoller_unifi_url`: URL of the UniFi controller. Required when `alloy_unpoller_enabled` is `true`.
|
|
||||||
|
|
|
||||||
|
|
@ -89,8 +89,3 @@ alloy_blackbox_exporter_config_default: |
|
||||||
ip_protocol_fallback: false
|
ip_protocol_fallback: false
|
||||||
|
|
||||||
alloy_blackbox_exporter_config_additional: ""
|
alloy_blackbox_exporter_config_additional: ""
|
||||||
|
|
||||||
alloy_unpoller_enabled: false
|
|
||||||
alloy_unpoller_unifi_user: unpoller
|
|
||||||
alloy_unpoller_unifi_password:
|
|
||||||
alloy_unpoller_unifi_url:
|
|
||||||
|
|
|
||||||
|
|
@ -17,17 +17,3 @@ argument_specs:
|
||||||
type: bool
|
type: bool
|
||||||
required: false
|
required: false
|
||||||
default: false
|
default: false
|
||||||
alloy_unpoller_enabled:
|
|
||||||
type: bool
|
|
||||||
required: false
|
|
||||||
default: false
|
|
||||||
alloy_unpoller_unifi_user:
|
|
||||||
type: str
|
|
||||||
required: false
|
|
||||||
default: unpoller
|
|
||||||
alloy_unpoller_unifi_password:
|
|
||||||
type: str
|
|
||||||
required: false
|
|
||||||
alloy_unpoller_unifi_url:
|
|
||||||
type: str
|
|
||||||
required: false
|
|
||||||
|
|
|
||||||
|
|
@ -61,9 +61,6 @@
|
||||||
- name: Deploy blackbox-exporter config
|
- name: Deploy blackbox-exporter config
|
||||||
when: alloy_enable_blackbox_exporter
|
when: alloy_enable_blackbox_exporter
|
||||||
ansible.builtin.include_tasks: blackbox-exporter.yaml
|
ansible.builtin.include_tasks: blackbox-exporter.yaml
|
||||||
- name: Deploy unpoller exporter
|
|
||||||
when: alloy_unpoller_enabled
|
|
||||||
ansible.builtin.include_tasks: unpoller.yaml
|
|
||||||
|
|
||||||
- name: Flush handlers
|
- name: Flush handlers
|
||||||
ansible.builtin.meta: flush_handlers
|
ansible.builtin.meta: flush_handlers
|
||||||
|
|
|
||||||
|
|
@ -1,75 +0,0 @@
|
||||||
---
|
|
||||||
- name: Install and Setup unpoller
|
|
||||||
block:
|
|
||||||
- name: Install Podman
|
|
||||||
become: true
|
|
||||||
ansible.builtin.package:
|
|
||||||
name:
|
|
||||||
- podman
|
|
||||||
- fuse-overlayfs
|
|
||||||
|
|
||||||
- name: Create unpoller group
|
|
||||||
become: true
|
|
||||||
register: alloy_unpoller_group
|
|
||||||
ansible.builtin.group:
|
|
||||||
name: unpoller
|
|
||||||
|
|
||||||
- name: Create unpoller user
|
|
||||||
become: true
|
|
||||||
register: alloy_unpoller_user
|
|
||||||
ansible.builtin.user:
|
|
||||||
name: unpoller
|
|
||||||
group: unpoller
|
|
||||||
system: true
|
|
||||||
|
|
||||||
- name: Create unpoller configuration directory
|
|
||||||
become: true
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /etc/unpoller
|
|
||||||
state: directory
|
|
||||||
owner: "{{ alloy_unpoller_user.name }}"
|
|
||||||
mode: "0755"
|
|
||||||
|
|
||||||
- name: Render unpoller configuration
|
|
||||||
become: true
|
|
||||||
notify: Unpoller.restarted
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: unpoller.conf.j2
|
|
||||||
dest: /etc/unpoller/up.conf
|
|
||||||
owner: "{{ alloy_unpoller_user.name }}"
|
|
||||||
mode: "0644"
|
|
||||||
|
|
||||||
- name: Create /etc/containers/systemd directory
|
|
||||||
become: true
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /etc/containers/systemd
|
|
||||||
state: directory
|
|
||||||
owner: root
|
|
||||||
mode: "0755"
|
|
||||||
|
|
||||||
- name: Configure unpoller quadlet
|
|
||||||
become: true
|
|
||||||
notify: Unpoller.restarted
|
|
||||||
register: alloy_unpoller_quadlet
|
|
||||||
vars:
|
|
||||||
container_image_with_tag: ghcr.io/unpoller/unpoller:v2
|
|
||||||
container_unit_args:
|
|
||||||
container_exec:
|
|
||||||
container_envs: [ ]
|
|
||||||
container_volumes:
|
|
||||||
- { host: "/etc/unpoller", inside: "/etc/unpoller:ro" }
|
|
||||||
user_id: "{{ alloy_unpoller_user.uid }}"
|
|
||||||
group_id: "{{ alloy_unpoller_group.gid }}"
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: podman.container.jinja
|
|
||||||
dest: /etc/containers/systemd/unpoller.container
|
|
||||||
owner: root
|
|
||||||
mode: "0644"
|
|
||||||
|
|
||||||
- name: Ensure unpoller is running and enabled
|
|
||||||
become: true
|
|
||||||
ansible.builtin.systemd:
|
|
||||||
name: unpoller.service
|
|
||||||
state: started
|
|
||||||
enabled: true
|
|
||||||
daemon_reload: "{{ alloy_unpoller_quadlet.changed }}"
|
|
||||||
|
|
@ -1,29 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
# man podman-systemd.unit
|
|
||||||
|
|
||||||
{% if container_unit_args is not none %}
|
|
||||||
[Unit]
|
|
||||||
{% for container_unit_arg in container_unit_args %}
|
|
||||||
{{ container_unit_arg }}
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
[Container]
|
|
||||||
Image={{ container_image_with_tag }}
|
|
||||||
{% if container_exec is not none %}
|
|
||||||
Exec={{ container_exec }}
|
|
||||||
{% endif %}
|
|
||||||
{% for container_env in container_envs %}
|
|
||||||
Environment={{ container_env.key }}={{ container_env.value }}
|
|
||||||
{% endfor %}
|
|
||||||
Network=host
|
|
||||||
UserNS=host
|
|
||||||
User={{ user_id }}
|
|
||||||
Group={{ group_id }}
|
|
||||||
{% for container_vol in container_volumes %}
|
|
||||||
Volume={{ container_vol.host }}:{{ container_vol.inside }}
|
|
||||||
{% endfor %}
|
|
||||||
LogDriver=journald
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=default.target
|
|
||||||
|
|
@ -1,248 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
# Unpoller v2 primary configuration file. TOML FORMAT #
|
|
||||||
###########################################################
|
|
||||||
|
|
||||||
[poller]
|
|
||||||
# Turns on line numbers, microsecond logging, and a per-device log.
|
|
||||||
# The default is false, but I personally leave this on at home (four devices).
|
|
||||||
# This may be noisy if you have a lot of devices. It adds one line per device.
|
|
||||||
debug = false
|
|
||||||
|
|
||||||
# Turns off per-interval logs. Only startup and error logs will be emitted.
|
|
||||||
# Recommend enabling debug with this setting for better error logging.
|
|
||||||
quiet = false
|
|
||||||
|
|
||||||
# Load dynamic plugins. Advanced use; only sample mysql plugin provided by default.
|
|
||||||
plugins = []
|
|
||||||
|
|
||||||
#### OUTPUTS
|
|
||||||
|
|
||||||
# If you don't use an output, you can disable it.
|
|
||||||
|
|
||||||
[prometheus]
|
|
||||||
disable = false
|
|
||||||
# This controls on which ip and port /metrics is exported when mode is "prometheus".
|
|
||||||
# This has no effect in other modes. Must contain a colon and port.
|
|
||||||
http_listen = "0.0.0.0:9130"
|
|
||||||
# Adding an SSL Cert and Cert Key will make Poller listen with SSL/https.
|
|
||||||
ssl_cert_path = ""
|
|
||||||
ssl_key_path = ""
|
|
||||||
# Errors are rare. Setting this to true will report them to Prometheus.
|
|
||||||
report_errors = false
|
|
||||||
## Record data for disabled or down (unlinked) switch ports.
|
|
||||||
dead_ports = false
|
|
||||||
|
|
||||||
[influxdb]
|
|
||||||
disable = true
|
|
||||||
# InfluxDB does not require auth by default, so the user/password are probably unimportant.
|
|
||||||
url = "http://127.0.0.1:8086"
|
|
||||||
user = "unifipoller"
|
|
||||||
# Password for InfluxDB user (above).
|
|
||||||
# If the password provided here begins with file:// then the password is read in from
|
|
||||||
# the file path that follows the file:// prefix. ex: file:///etc/influxdb/passwd.file
|
|
||||||
pass = "unifipoller"
|
|
||||||
# Be sure to create this database. See the InfluxDB Wiki page for more info.
|
|
||||||
db = "unifi"
|
|
||||||
# If your InfluxDB uses a valid SSL cert, set this to true.
|
|
||||||
verify_ssl = false
|
|
||||||
# The UniFi Controller only updates traffic stats about every 30 seconds.
|
|
||||||
# Setting this to something lower may lead to "zeros" in your data.
|
|
||||||
# If you're getting zeros now, set this to "1m"
|
|
||||||
interval = "30s"
|
|
||||||
## Record data for disabled or down (unlinked) switch ports.
|
|
||||||
dead_ports = false
|
|
||||||
|
|
||||||
# To enable output of UniFi Events to Loki, add a URL; it's disabled otherwise.
|
|
||||||
# User, pass and tenant_id are optional and most folks wont set them.
|
|
||||||
# Pick which logs you want per-controller in the [unifi.controller] section.
|
|
||||||
# This is a new feature. Feedback welcome!
|
|
||||||
[loki]
|
|
||||||
disable = true
|
|
||||||
url = ""
|
|
||||||
# The rest of this is advanced & optional. See wiki.
|
|
||||||
user = ""
|
|
||||||
pass = ""
|
|
||||||
verify_ssl = false
|
|
||||||
tenant_id = ""
|
|
||||||
interval = "2m"
|
|
||||||
timeout = "10s"
|
|
||||||
|
|
||||||
[datadog]
|
|
||||||
# How often to poll UniFi and report to Datadog.
|
|
||||||
interval = "2m"
|
|
||||||
|
|
||||||
# To enable this output plugin
|
|
||||||
enable = false
|
|
||||||
|
|
||||||
# Datadog Custom Options
|
|
||||||
|
|
||||||
# address to talk to the datadog agent, by default this uses the local statsd UDP interface
|
|
||||||
# address = "localhost:8125"
|
|
||||||
|
|
||||||
# namespace to prepend to all data, default is no additional prefix.
|
|
||||||
# namespace = ""
|
|
||||||
|
|
||||||
# tags to append to all data
|
|
||||||
# tags = [ "customer:abc_corp" ]
|
|
||||||
|
|
||||||
# For more advanced options for very large amount of data collected see the upstream
|
|
||||||
# github.com/unpoller/unpoller/pkg/datadogunifi repository README.
|
|
||||||
|
|
||||||
|
|
||||||
# Unpoller has an optional web server. To turn it on, set enable to true. If you
|
|
||||||
# wish to use SSL, provide SSL cert and key paths. This interface is currently
|
|
||||||
# read-only; it just displays information, like logs, devices and clients.
|
|
||||||
# Notice: Enabling the web server with many sites will increase memory usage.
|
|
||||||
# This is a new feature and lacks a UI, enabling only recommended for testing.
|
|
||||||
[webserver]
|
|
||||||
enable = false
|
|
||||||
port = 37288
|
|
||||||
# The HTML path is different on Windows and BSD/macOS.
|
|
||||||
html_path = "/usr/local/lib/unpoller/web"
|
|
||||||
ssl_cert_path = ""
|
|
||||||
ssl_key_path = ""
|
|
||||||
# How many events per event group to hold. 200-2000. Use fewer with many sites.
|
|
||||||
# With 1 site, you'll have a max total of 9 event groups; 1 per plugin, 4 per site.
|
|
||||||
# Each site adds 1 event group for each of these inputs that is enabled:
|
|
||||||
# save_ids, save_events, save_anomalies, save_alarms.
|
|
||||||
max_events = 200
|
|
||||||
|
|
||||||
# By default the web interface does not require authentication. You can change
|
|
||||||
# that by adding a username and password hash (or multiple) below.
|
|
||||||
# To create a hash, run unifi-poller with the -e CLI argument. See Wiki for more!
|
|
||||||
[webserver.accounts]
|
|
||||||
# username = "password-hash"
|
|
||||||
# captain = "$2a$04$mxw6i0LKH6u46oaLK2cq5eCTAAFkfNiRpzNbz.EyvJZZWNa2FzIlS"
|
|
||||||
|
|
||||||
#### INPUTS
|
|
||||||
|
|
||||||
[unifi]
|
|
||||||
# Setting this to true and providing default credentials allows you to skip
|
|
||||||
# configuring controllers in this config file. Instead you configure them in
|
|
||||||
# your prometheus.yml config. Prometheus then sends the controller URL to
|
|
||||||
# Unpoller when it performs the scrape. This is useful if you have many,
|
|
||||||
# or changing controllers. See wiki for more.
|
|
||||||
dynamic = false
|
|
||||||
|
|
||||||
# The following section contains the default credentials/configuration for any
|
|
||||||
# dynamic controller (see above section), or the primary controller if you do not
|
|
||||||
# provide one and dynamic is disabled. In other words, you can just add your
|
|
||||||
# controller here and delete the following section. The internal defaults are
|
|
||||||
# shown below. Any missing values will assume these displayed defaults.
|
|
||||||
|
|
||||||
[unifi.defaults]
|
|
||||||
# URL for the UniFi Controller. Do not add any paths after the host:port.
|
|
||||||
# Do not use port 8443 if you have a UDM; just use "https://ip".
|
|
||||||
url = "https://invalid.invalid:8443"
|
|
||||||
|
|
||||||
# Make a read-only user in the UniFi Admin Settings, allow it access to all sites.
|
|
||||||
user = "{{ alloy_unpoller_unifi_user }}"
|
|
||||||
|
|
||||||
# Password for UniFi controller user (above).
|
|
||||||
# If the password provided here begins with file:// then the password is read in from
|
|
||||||
# the file path that follows the file:// prefix. ex: file:///etc/unifi/password.file
|
|
||||||
# ex: file:///etc/unifi/passwd.file, windows: file://C:\\UserData\\Unifi\\Passwd.txt
|
|
||||||
pass = ""
|
|
||||||
|
|
||||||
# API Key
|
|
||||||
# Unifi now supports API Key authentication. This is exclusive of user/pass auth.
|
|
||||||
# api_key = "unifiapikey"
|
|
||||||
|
|
||||||
# If the controller has more than one site, specify which sites to poll here.
|
|
||||||
# Set this to ["default"] to poll only the first site on the controller.
|
|
||||||
# A setting of ["all"] will poll all sites; this works if you only have 1 site too.
|
|
||||||
sites = ["all"]
|
|
||||||
|
|
||||||
# Added an example for overriding the default site name.
|
|
||||||
# default_site_name_override = "My Custom Default Site"
|
|
||||||
|
|
||||||
# Specify a timeout, leave missing to declare infinite wait. This determines the maximum
|
|
||||||
# time to wait for a response from the unifi controller on any API request.
|
|
||||||
# timeout = 60s
|
|
||||||
|
|
||||||
# Enable collection of site data. This data powers the Network Sites dashboard.
|
|
||||||
# It's not valuable to everyone and setting this to false will save resources.
|
|
||||||
save_sites = false
|
|
||||||
|
|
||||||
# Hash, with md5, client names and MAC addresses. This attempts to protect
|
|
||||||
# personally identifiable information. Most users won't want to enable this.
|
|
||||||
hash_pii = false
|
|
||||||
|
|
||||||
# Enable collection of Intrusion Detection System Data (InfluxDB/Loki only).
|
|
||||||
# Only useful if IDS or IPS are enabled on one of the sites. This may store
|
|
||||||
# a lot of information. Only recommended for testing and debugging. There
|
|
||||||
# may not be any dashboards to display this data. It can be used for annotations.
|
|
||||||
# Enable this only if using InfluxDB or Loki. This will leak PII data!
|
|
||||||
save_ids = false
|
|
||||||
|
|
||||||
# Enable collection of UniFi Events (InfluxDB/Loki only).
|
|
||||||
# This may store a lot of information. Only recommended for testing and debugging.
|
|
||||||
# There are no dashboards to display this data. It can be used for annotations.
|
|
||||||
# This is a new (June, 2020) feature. Please provide feedback if you try it out!
|
|
||||||
# Enable this only if using InfluxDB or Loki. This will leak PII data!
|
|
||||||
save_events = false
|
|
||||||
|
|
||||||
# Enable collection of UniFi Alarms (InfluxDB/Loki only).
|
|
||||||
# There are no dashboards to display this data. It can be used for annotations.
|
|
||||||
# This is a new (June, 2020) feature. Please provide feedback if you try it out!
|
|
||||||
# Enable this only if using InfluxDB or Loki. This will leak PII data!
|
|
||||||
save_alarms = false
|
|
||||||
|
|
||||||
# Enable collection of UniFi Anomalies (InfluxDB/Loki only).
|
|
||||||
# There are no dashboards to display this data. It can be used for annotations.
|
|
||||||
# This is a new (June, 2020) feature. Please provide feedback if you try it out!
|
|
||||||
# Enable this only if using InfluxDB or Loki.
|
|
||||||
save_anomalies = false
|
|
||||||
|
|
||||||
# Enable collection of Deep Packet Inspection data. This data breaks down traffic
|
|
||||||
# types for each client and site, it powers a dedicated DPI dashboard.
|
|
||||||
# Enabling this adds roughly 150 data points per client. That's 6000 metrics for
|
|
||||||
# 40 clients. This adds a little bit of poller run time per interval and causes
|
|
||||||
# more API requests to your controller(s). Don't let these "cons" sway you:
|
|
||||||
# it's cool data. Please provide feedback on your experience with this feature.
|
|
||||||
save_dpi = false
|
|
||||||
|
|
||||||
## Enabling save_rogue stores even more data in your time series databases.
|
|
||||||
## This saves neighboring access point metrics in a dedicated table or namespace.
|
|
||||||
save_rogue = false
|
|
||||||
|
|
||||||
# If your UniFi controller has a valid SSL certificate (like lets encrypt),
|
|
||||||
# you can enable this option to validate it. Otherwise, any SSL certificate is
|
|
||||||
# valid. If you don't know if you have a valid SSL cert, then you don't have one.
|
|
||||||
verify_ssl = false
|
|
||||||
|
|
||||||
## You may provide a list of SSL cert files (PEM format) that you expect your
|
|
||||||
## controller to use. As long as one of the certs you provide here shows up in
|
|
||||||
## the cert trust chain the controller presents it will be accepted and allowed.
|
|
||||||
## These files may be re-read while poller is running.
|
|
||||||
## Example: ssl_cert_paths = ["/path/to/cert.pem", "/another/cert.pem"]
|
|
||||||
ssl_cert_paths = []
|
|
||||||
|
|
||||||
# The following is optional and used for configurations with multiple UniFi controllers.
|
|
||||||
|
|
||||||
# You may repeat the following [[unifi.controller]] section as many times as needed to
|
|
||||||
# poll multiple controllers. Uncomment the entire section including [[unifi.controller]].
|
|
||||||
# Omitted variables will have their values taken from the defaults, above.
|
|
||||||
#
|
|
||||||
#[[unifi.controller]]
|
|
||||||
# url = "https://127.0.0.1:8443"
|
|
||||||
# user = "unifipoller"
|
|
||||||
# pass = "unifipoller"
|
|
||||||
# sites = ["all"]
|
|
||||||
# save_sites = true
|
|
||||||
# hash_pii = false
|
|
||||||
# save_ids = false
|
|
||||||
# save_events = false
|
|
||||||
# save_alarms = false
|
|
||||||
# save_anomalies = false
|
|
||||||
# save_dpi = false
|
|
||||||
# save_rogue = false
|
|
||||||
# verify_ssl = false
|
|
||||||
# ssl_cert_paths = []
|
|
||||||
|
|
||||||
[[unifi.controller]]
|
|
||||||
url = "{{ alloy_unpoller_unifi_url | mandatory }}"
|
|
||||||
user = "{{ alloy_unpoller_unifi_user }}"
|
|
||||||
pass = "{{ alloy_unpoller_unifi_password | mandatory }}"
|
|
||||||
hash_pii = true
|
|
||||||
save_anomalies = false
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue