83 lines
2.4 KiB
YAML
83 lines
2.4 KiB
YAML
---
|
|
- name: Node Exporter | PATCH | Install node-exporter
|
|
become: true
|
|
ansible.builtin.dnf:
|
|
name: node-exporter
|
|
state: present
|
|
|
|
- name: Node Exporter | PATCH | Generate private TLS key
|
|
community.crypto.openssl_privatekey:
|
|
path: /etc/ssl/node-exporter.key
|
|
size: 4096
|
|
owner: prometheus
|
|
group: root
|
|
mode: '0440'
|
|
become: true
|
|
|
|
- name: Node Exporter | PATCH | Create certificate signing request
|
|
community.crypto.openssl_csr:
|
|
path: /etc/ssl/node-exporter.csr
|
|
privatekey_path: /etc/ssl/node-exporter.key
|
|
common_name: "{{ inventory_hostname }}"
|
|
subject_alt_name: "DNS:{{ inventory_hostname }}"
|
|
owner: root
|
|
group: root
|
|
mode: '0400'
|
|
become: true
|
|
|
|
- name: Generate self-signed certificate
|
|
community.crypto.x509_certificate:
|
|
provider: selfsigned
|
|
path: /etc/ssl/node-exporter.crt
|
|
privatekey_path: /etc/ssl/node-exporter.key
|
|
csr_path: /etc/ssl/node-exporter.csr
|
|
owner: prometheus
|
|
group: root
|
|
mode: '0440'
|
|
become: true
|
|
|
|
- name: Node Exporter | PATCH | Install node-exporter web configuration
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: etc/node-exporter-web.yml
|
|
dest: /etc/node-exporter-web.yml
|
|
owner: root
|
|
group: root
|
|
mode: "0444"
|
|
|
|
- name: Node Exporter | PATCH | Set command line arguments
|
|
become: true
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/default/prometheus-node-exporter
|
|
regexp: "^ARGS"
|
|
line: "ARGS='--web.config.file=\"/etc/node-exporter-web.yml\"{% if node_exporter_textfile_directory is defined %} --collector.textfile.directory {{ node_exporter_textfile_directory }}{% endif %}'"
|
|
notify: Restart Node Exporter
|
|
|
|
- name: Node Exporter | PATCH | Ensure node-exporter is enabled and running
|
|
become: true
|
|
ansible.builtin.systemd_service:
|
|
name: prometheus-node-exporter
|
|
masked: false
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Node Exporter | PATCH | Create firewalld service file for node-exporter
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: etc/firewalld/services/node-exporter.xml
|
|
dest: /etc/firewalld/services/node-exporter.xml
|
|
owner: root
|
|
group: root
|
|
mode: '0400'
|
|
notify: Reload firewalld
|
|
|
|
- name: Node Exporter | Flush handlers
|
|
ansible.builtin.meta: flush_handlers
|
|
|
|
- name: Node Exporter | PATCH | Enable node-exporter service in firewalld permanently
|
|
become: true
|
|
ansible.posix.firewalld:
|
|
service: node-exporter
|
|
permanent: true
|
|
state: enabled
|
|
immediate: true
|