Skip to content
Snippets Groups Projects
Normal view History Permalink
main.yaml 2.24 KiB
Newer Older
Bo-Chun Chen's avatar
feat: add install_node_exporter role
Bo-Chun Chen committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 
---
- name: Download node_exporter binary
  ansible.builtin.get_url:
    url: "https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_ver }}/{{ node_exporter_filename }}.tar.gz"
    dest: "/tmp/{{ node_exporter_filename }}.tar.gz"

- name: Extract node_exporter
  ansible.builtin.unarchive:
    src: "/tmp/{{ node_exporter_filename }}.tar.gz"
    dest: "/tmp"
    remote_src: yes

- name: Create system group for user account {{ node_exporter_group }}
  ansible.builtin.group:
    name: "{{ node_exporter_group }}"
    system: true
    state: present

- name: Create system user account {{ node_exporter_user }}
  ansible.builtin.user:
    name: "{{ node_exporter_user }}"
    comment: Prometheus node_exporter system account
    group: "{{ node_exporter_group }}"
    system: true
    home: /var/lib/node_exporter
    create_home: false
    shell: /sbin/nologin
    state: present

- name: Copy node_exporter binary
  ansible.builtin.copy:
    src: "/tmp/{{ node_exporter_filename }}/node_exporter"
    dest: /usr/local/bin/node_exporter
    remote_src: yes
    owner: root
    group: root
    mode: 0755

- name: Copy systemd unit file
  ansible.builtin.template:
    src: node_exporter.service.j2
    dest: /etc/systemd/system/node_exporter.service
    owner: root
    group: root
    mode: '0644'

- name: Clean up /tmp
  ansible.builtin.file:
    path: "/tmp/{{ item }}"
    state: absent
  loop:
    - "{{ node_exporter_filename }}.tar.gz"
    - "{{ node_exporter_filename }}"

- name: Restart node_exporter service
  ansible.builtin.systemd:
    daemon_reload: yes
    name: node_exporter
    state: restarted
    enabled: true
Bo-Chun Chen's avatar
feat: open node exporter port in firewalld  
Bo-Chun Chen committed
61 62 63 64 65 66 67 68 69 70 71 72 73 

- name: Collect facts about system services
  ansible.builtin.service_facts:

- name: Configure firewalld to allow prometheus
  ansible.posix.firewalld:
    port: "{{ node_exporter_port }}/tcp"
    zone: public
    state: enabled
    permanent: true
  when:
    - "'firewalld.service' in ansible_facts.services"
    - ansible_facts.services["firewalld.service"].state == "running"
Bo-Chun Chen's avatar
fix: restart firewalld after change  
Bo-Chun Chen committed
74 75 76 77 78 79 

- name: Enable and start firewalld
  ansible.builtin.service:
    name: firewalld
    enabled: true
    state: restarted
Bo-Chun Chen's avatar
fix: restart firewalld only when it was running  
Bo-Chun Chen committed
80 81 82 
  when:
    - "'firewalld.service' in ansible_facts.services"
    - ansible_facts.services["firewalld.service"].state == "running"