CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 7 Pull requests 9 Wiki Activity Actions

configure metric scraping from knot on auth-dns
Some checks failed
/ Ansible Lint (push) Failing after 6m12s
Details

Browse source
This commit is contained in:
lilly 2026-05-06 15:51:08 +02:00
commit 50beedbc62
Signed by: lilly
SSH key fingerprint: SHA256:y9T5GFw2A20WVklhetIxG1+kcg/Ce0shnQmbu1LQ37g
7 changed files with 56 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
inventories/chaosknoten/host_vars/auth-dns.yaml
View file

@ -1,6 +1,8 @@
--- ---
deploy_systemd_resolved_config__enable: false deploy_systemd_resolved_config__enable: false
alloy_config_additional: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/auth-dns/alloy/knot-exporter.alloy') }}"
knot__dnssec_key_id: "auth-dns.hamburg.ccc.de-1" knot__dnssec_key_id: "auth-dns.hamburg.ccc.de-1"
knot__remotes: knot__remotes:
- id: ns-intern.hamburg.ccc.de - id: ns-intern.hamburg.ccc.de

1
inventories/chaosknoten/hosts.yaml
View file

@ -224,6 +224,7 @@ alloy_hosts:
spaceapiccc: spaceapiccc:
www2: www2:
www3: www3:
auth-dns:
infrastructure_authorized_keys_hosts: infrastructure_authorized_keys_hosts:
hosts: hosts:
ccchoir: ccchoir:

6
resources/chaosknoten/auth-dns/alloy/knot-exporter.alloy Normal file
View file

@ -0,0 +1,6 @@
prometheus.scrape "knot_exporter" {
targets = [
{"__address__" = "localhost:9433", "instance" = "{{ ansible_facts['hostname'] }}"},
]
forward_to = [ prometheus.relabel.chaosknoten_common.receiver ]
}

8
roles/knot/handlers/main.yaml
View file

@ -11,3 +11,11 @@
become: true become: true
changed_when: true changed_when: true
ansible.builtin.command: "netplan apply" ansible.builtin.command: "netplan apply"
- name: restart knot-exporter
tags: [ auth-dns ]
become: true
ansible.builtin.systemd:
name: knot-exporter.service
state: restarted
daemon_reload: true

21
roles/knot/tasks/03-configure-exporter.yaml Normal file
View file

@ -0,0 +1,21 @@
- name: Deploy knot-exporter systemd unit
tags: [ auth-dns ]
become: true
register: deploy_service_file
notify: restart knot-exporter
ansible.builtin.template:
src: knot-exporter.service.j2
dest: /etc/systemd/system/knot-exporter.service
owner: root
group: root
mode: u=rw,g=r,o=r
- name: Ensure knot-exporter is running and enabled
tags: [ auth-dns ]
become: true
ansible.builtin.systemd:
name: knot-exporter.service
state: started
enabled: true
daemon_reload: "{{ deploy_service_file.changed }}"

1
roles/knot/tasks/main.yaml
View file

@ -1,3 +1,4 @@
--- ---
- ansible.builtin.import_tasks: 01-install.yaml # noqa: name[missing] - ansible.builtin.import_tasks: 01-install.yaml # noqa: name[missing]
- ansible.builtin.import_tasks: 02-configure.yaml # noqa: name[missing] - ansible.builtin.import_tasks: 02-configure.yaml # noqa: name[missing]
- ansible.builtin.import_tasks: 03-configure-exporter.yaml # noqa: name[missing]

17
roles/knot/templates/knot-exporter.service.j2 Normal file
View file

@ -0,0 +1,17 @@
# {{ ansible_managed }}
[Unit]
Description=knot prometheus exporter
Wants=network.target
Before=alloy.service
After=network.target
[Service]
User=knot
ExecStart=/usr/sbin/knot-exporter
ReadWritePaths=/run/knot/
ProtectSystem=strict
ProtectHome=true
PrivateTmp=true
PrivateDevices=true
PrivateIPC=true