diff --git a/inventories/chaosknoten/host_vars/auth-dns.yaml b/inventories/chaosknoten/host_vars/auth-dns.yaml index bff4b10..970e2f8 100644 --- a/inventories/chaosknoten/host_vars/auth-dns.yaml +++ b/inventories/chaosknoten/host_vars/auth-dns.yaml @@ -1,6 +1,8 @@ --- deploy_systemd_resolved_config__enable: false +alloy_config_additional: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/auth-dns/alloy/knot-exporter.alloy') }}" + knot__dnssec_key_id: "auth-dns.hamburg.ccc.de-1" knot__remotes: - id: ns-intern.hamburg.ccc.de diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml index a6cea9b..9dab323 100644 --- a/inventories/chaosknoten/hosts.yaml +++ b/inventories/chaosknoten/hosts.yaml @@ -224,6 +224,7 @@ alloy_hosts: spaceapiccc: www2: www3: + auth-dns: infrastructure_authorized_keys_hosts: hosts: ccchoir: diff --git a/resources/chaosknoten/auth-dns/alloy/knot-exporter.alloy b/resources/chaosknoten/auth-dns/alloy/knot-exporter.alloy new file mode 100644 index 0000000..1e532a1 --- /dev/null +++ b/resources/chaosknoten/auth-dns/alloy/knot-exporter.alloy @@ -0,0 +1,6 @@ +prometheus.scrape "knot_exporter" { + targets = [ + {"__address__" = "localhost:9433", "instance" = "{{ ansible_facts['hostname'] }}"}, + ] + forward_to = [ prometheus.relabel.chaosknoten_common.receiver ] +} diff --git a/roles/knot/handlers/main.yaml b/roles/knot/handlers/main.yaml index f89fedd..38fce75 100644 --- a/roles/knot/handlers/main.yaml +++ b/roles/knot/handlers/main.yaml @@ -11,3 +11,11 @@ become: true changed_when: true ansible.builtin.command: "netplan apply" + +- name: restart knot-exporter + tags: [ auth-dns ] + become: true + ansible.builtin.systemd: + name: knot-exporter.service + state: restarted + daemon_reload: true diff --git a/roles/knot/tasks/03-configure-exporter.yaml b/roles/knot/tasks/03-configure-exporter.yaml new file mode 100644 index 0000000..db5d830 --- /dev/null +++ b/roles/knot/tasks/03-configure-exporter.yaml @@ -0,0 +1,21 @@ +- name: Deploy knot-exporter systemd unit + tags: [ auth-dns ] + become: true + register: deploy_service_file + notify: restart knot-exporter + ansible.builtin.template: + src: knot-exporter.service.j2 + dest: /etc/systemd/system/knot-exporter.service + owner: root + group: root + mode: u=rw,g=r,o=r + +- name: Ensure knot-exporter is running and enabled + tags: [ auth-dns ] + become: true + ansible.builtin.systemd: + name: knot-exporter.service + state: started + enabled: true + daemon_reload: "{{ deploy_service_file.changed }}" + diff --git a/roles/knot/tasks/main.yaml b/roles/knot/tasks/main.yaml index cdf9511..bdf5cf7 100644 --- a/roles/knot/tasks/main.yaml +++ b/roles/knot/tasks/main.yaml @@ -1,3 +1,4 @@ --- - ansible.builtin.import_tasks: 01-install.yaml # noqa: name[missing] - ansible.builtin.import_tasks: 02-configure.yaml # noqa: name[missing] +- ansible.builtin.import_tasks: 03-configure-exporter.yaml # noqa: name[missing] diff --git a/roles/knot/templates/knot-exporter.service.j2 b/roles/knot/templates/knot-exporter.service.j2 new file mode 100644 index 0000000..1246694 --- /dev/null +++ b/roles/knot/templates/knot-exporter.service.j2 @@ -0,0 +1,17 @@ +# {{ ansible_managed }} +[Unit] +Description=knot prometheus exporter +Wants=network.target +Before=alloy.service +After=network.target + +[Service] +User=knot +ExecStart=/usr/sbin/knot-exporter +ReadWritePaths=/run/knot/ +ProtectSystem=strict +ProtectHome=true +PrivateTmp=true +PrivateDevices=true +PrivateIPC=true +