Feat/nginx exporter

README.md

@@ -58,6 +58,7 @@ Ansitheus allows users to configure & deploy the following components:
 - [Prometheus Mysqld-exporter](https://github.com/prometheus/mysqld_exporter)
 - [Prometheus Openstack-exporter](https://github.com/openstack-exporter/openstack-exporter)
 - [Google Cadvisor](https://github.com/google/cadvisor)
+- [Prometheus Nginx-exporter](https://github.com/nginx/nginx-prometheus-exporter)
 - [Haproxy](http://www.haproxy.org/)
 - [Keepalived](https://www.keepalived.org/)
 - [Grafana](https://github.com/grafana/grafana)

ansible/group_vars/all.yml

@@ -72,6 +72,7 @@ enable_haproxy: "yes"
 enable_mysqld_exporter: "no"
 enable_fluentd: "no"
 enable_openstack_exporter: "no"
+enable_nginx_exporter: "no"
 
 # Special variable to handle case, you want to only ONE Prometheus running instance at time.
 prometheus_active_passive_mode: "no"

ansible/inventory/all-in-one

@@ -34,3 +34,6 @@ localhost       ansible_connection=local
 
 [openstack_exporter]
 localhost       ansible_connection=local
+
+[nginx_exporter]
+localhost       ansible_connection=local

ansible/inventory/multinode

@@ -38,3 +38,6 @@ fluentd-host-01
 
 [openstack_exporter]
 openstack-host-01
+
+[nginx_exporter]
+nginx-host-01

ansible/roles/nginx_exporter/README.md

@@ -0,0 +1,19 @@
+# Ansible Role: nginx_exporter
+
+Deploy [nginx_exporter](https://github.com/nginxinc/nginx-prometheus-exporter) using Ansible and Docker.
+
+## Requirements
+
+- Ansible >= 2.9 (It might work on previous versions, but we cannot guarantee it).
+
+## Role variables
+
+All variables which can be overridden are stored in [defaults/main.yml](./defaults/main.yml) file as well as in [meta/argument_specs.yml](./meta/argument_specs.yml).
+
+## Example playbook
+
+```yaml
+- hosts: all
+  roles:
+      - { role: nginx_exporter }
+```

ansible/roles/nginx_exporter/defaults/main.yml

@@ -0,0 +1,66 @@
+---
+nginx_exporter_version: "1.4.1"
+nginx_exporter_port: 9113
+nginx_exporter_container_name: "nginx_exporter"
+nginx_exporter_docker_namespace: "{{ docker_namespace if docker_namespace else 'nginx' }}"
+nginx_exporter_docker_log_driver: "{{ docker_log_driver }}"
+nginx_exporter_docker_log_opts: "{{ docker_log_opts }}"
+nginx_exporter_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ nginx_exporter_docker_namespace }}/nginx-prometheus-exporter:{{ nginx_exporter_version }}"
+# Docker resource limit
+nginx_exporter_docker_memory_limit: "{{ docker_memory_limit }}"
+nginx_exporter_docker_memory_swap_limit: "{{ docker_memory_swap_limit }}"
+nginx_exporter_docker_cpus_limit: "{{ docker_cpus_limit }}"
+
+# Nginx-exporter arguments
+# -----------------------
+nginx_exporter_plus: false
+nginx_exporter_scrape_uri: "http://{{ api_interface_address }}/stub_status"
+nginx_exporter_web_listen_address: "{{ api_interface_address }}:{{ nginx_exporter_port }}"
+nginx_exporter_config_dir: "{{ ansitheus_config_dir }}/nginx_exporter"
+nginx_exporter_web_telemetry_path: "/metrics"
+
+nginx_exporter_tls_server_config: {}
+nginx_exporter_http_server_config: {}
+nginx_exporter_basic_auth_users: {}
+
+# Nginx-exporter environment variables
+# -----------------------------------
+nginx_exporter_env: "{{ docker_container_env }}"
+
+nginx_exporter_services:
+  nginx_exporter:
+    container_name: "{{ nginx_exporter_container_name }}"
+    group: "nginx_exporter"
+    enabled: "{{ enable_nginx_exporter }}"
+    image: "{{ nginx_exporter_image }}"
+    privileged: "no"
+    state: "started"
+    port: "{{ nginx_exporter_port }}"
+    volumes:
+      - "{{ nginx_exporter_config_dir }}:/etc/nginx_exporter"
+    command: >
+      '--nginx.scrape-uri={{ nginx_exporter_scrape_uri }}'
+      {% if nginx_exporter_tls_server_config | length > 0 or nginx_exporter_http_server_config | length > 0 or nginx_exporter_basic_auth_users | length > 0 %}
+          '--web.config.file=/etc/nginx_exporter/config.yml'
+      {% endif %}
+      {% if nginx_exporter_web_listen_address is iterable and
+            nginx_exporter_web_listen_address is not mapping and
+            nginx_exporter_web_listen_address is not string %}
+      {% for address in nginx_exporter_web_listen_address %}
+          '--web.listen-address={{ address }}'
+      {% endfor %}
+      {% else %}
+          '--web.listen-address={{ nginx_exporter_web_listen_address }}'
+      {% endif %}
+          '--web.telemetry-path={{ nginx_exporter_web_telemetry_path }}'
+      {% if nginx_exporter_plus %}
+          '--nginx.plus'
+      {% endif %}
+    restart_policy: "unless-stopped"
+    network_mode: "host"
+    log_driver: "{{ nginx_exporter_docker_log_driver }}"
+    log_options: "{{ nginx_exporter_docker_log_opts }}"
+    memory: "{{ nginx_exporter_docker_memory_limit }}"
+    memory_swap: "{{ nginx_exporter_docker_memory_swap_limit }}"
+    cpus: "{{ nginx_exporter_docker_cpus_limit }}"
+    env: "{{ nginx_exporter_env }}"

ansible/roles/nginx_exporter/handlers/main.yml

@@ -0,0 +1,21 @@
+---
+- name: Restart nginx_exporter container
+  vars:
+    service_name: "nginx_exporter"
+    service: "{{ nginx_exporter_services[service_name] }}"
+  become: true
+  community.general.docker_container:
+    name: "{{ service.container_name }}"
+    image: "{{ service.image }}"
+    volumes: "{{ service.volumes }}"
+    command: "{{ service.command }}"
+    state: "{{ service.state }}"
+    restart: "yes"
+    restart_policy: "{{ service.restart_policy }}"
+    privileged: "{{ service.privileged }}"
+    network_mode: "{{ service.network_mode }}"
+    log_driver: "{{ service.log_driver }}"
+    log_options: "{{ service.log_options }}"
+  when:
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool

ansible/roles/nginx_exporter/meta/argument_specs.yml

@@ -0,0 +1,42 @@
+---
+# yamllint disable rule:line-length
+argument_specs:
+  main:
+    short_description: "Prometheus nginx_exporter"
+    description:
+      - "Deploy prometheus L(nginx exporter,https://github.com/nginxinc/nginx-prometheus-exporter) using ansible"
+    author:
+      - "Prometheus Community"
+    options:
+      nginx_exporter_version:
+        description: "nginx_exporter package version. Also accepts latest as parameter."
+        default: "1.4.1"
+      nginx_exporter_plus:
+        description: "Start the exporter for NGINX Plus."
+        type: bool
+        default: false
+      nginx_exporter_web_listen_address:
+        description: "Address on which nginx exporter will listen"
+        default: "0.0.0.0:9113"
+      nginx_exporter_web_telemetry_path:
+        description: "Path under which to expose metrics"
+        default: "/metrics"
+      nginx_exporter_tls_server_config:
+        description:
+          - "Configuration for TLS authentication."
+          - "Keys and values are the same as in L(nginx_exporter docs,https://github.com/prometheus/exporter-toolkit/blob/master/docs/web-configuration.md)."
+        type: "dict"
+      nginx_exporter_http_server_config:
+        description:
+          - "Config for HTTP/2 support."
+          - "Keys and values are the same as in L(nginx_exporter docs,https://github.com/prometheus/exporter-toolkit/blob/master/docs/web-configuration.md)."
+        type: "dict"
+      nginx_exporter_basic_auth_users:
+        description: "Dictionary of users and password for basic authentication. Passwords are automatically hashed with bcrypt."
+        type: "dict"
+      nginx_exporter_scrape_uri:
+        description: "A URI or unix domain socket path for scraping NGINX or NGINX Plus metrics. For NGINX, the stub_status page must be available through the URI."
+        default: "http://127.0.0.1/stub_status"
+      nginx_exporter_config_dir:
+        description: "Path to directory with nginx_exporter configuration"
+        default: "/etc/nginx_exporter"

ansible/roles/nginx_exporter/meta/main.yml

@@ -0,0 +1,25 @@
+---
+galaxy_info:
+  author: "Kien Nguyen Tuan"
+  description: "Prometheus nginx_exporter"
+  license: "Apache"
+  min_ansible_version: "2.9"
+  platforms:
+    - name: "Ubuntu"
+      versions:
+        - "focal"
+        - "jammy"
+        - "noble"
+    - name: "Debian"
+      versions:
+        - "bullseye"
+    - name: "EL"
+      versions:
+        - "8"
+        - "9"
+  galaxy_tags:
+    - "monitoring"
+    - "prometheus"
+    - "exporter"
+    - "metrics"
+    - "system"

ansible/roles/nginx_exporter/tasks/config.yml

@@ -0,0 +1,29 @@
+---
+- name: Ensuring nginx_exporter config directory exist
+  ansible.builtin.file:
+    path: "{{ nginx_exporter_config_dir }}"
+    state: "directory"
+    owner: "{{ config_owner_user }}"
+    group: "{{ config_owner_group }}"
+    mode: 0755
+
+- name: Recreating if not exist running containers
+  community.general.docker_container:
+    name: "{{ item.value.container_name }}"
+    image: "{{ item.value.image }}"
+    volumes: "{{ item.value.volumes }}"
+    command: "{{ item.value.command }}"
+    state: "{{ item.value.state }}"
+    restart_policy: "{{ item.value.restart_policy }}"
+    privileged: "{{ item.value.privileged }}"
+    network_mode: "{{ item.value.network_mode }}"
+    log_driver: "{{ item.value.log_driver }}"
+    log_options: "{{ item.value.log_options }}"
+    memory: "{{ item.value.memory }}"
+    memory_swap: "{{ item.value.memory_swap }}"
+    cpus: "{{ item.value.cpus }}"
+    env: "{{ item.value.env }}"
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ nginx_exporter_services }}"

ansible/roles/nginx_exporter/tasks/deploy.yml

@@ -0,0 +1,2 @@
+---
+- include_tasks: config.yml

ansible/roles/nginx_exporter/tasks/destroy.yml

@@ -0,0 +1,20 @@
+---
+- name: Stop and remove containers
+  community.general.docker_container:
+    name: "{{ item.value.container_name }}"
+    state: "absent"
+    keep_volumes: "{{ not destroy_include_volumes | bool }}"
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ nginx_exporter_services }}"
+
+- name: Remove images
+  docker_image:
+    name: "{{ item.value.image }}"
+    state: "absent"
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+    - destroy_include_images | bool
+  with_dict: "{{ nginx_exporter_services }}"

ansible/roles/nginx_exporter/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+- include_tasks: "{{ ansitheus_action }}.yml"

ansible/roles/nginx_exporter/tasks/precheck.yml

@@ -0,0 +1,11 @@
+---
+- name: Check free ports for nginx_exporter
+  wait_for:
+    host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
+    port: "{{ item.value.port }}"
+    connect_timeout: 1
+    timeout: 1
+    state: stopped
+  when:
+    - inventory_hostname in groups[item.value.group]
+  with_dict: "{{ nginx_exporter_services }}"

ansible/roles/nginx_exporter/tasks/pull.yml

@@ -0,0 +1,9 @@
+---
+- name: Pull image without running containers
+  docker_image:
+    name: "{{ item.value.image }}"
+    source: pull
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ nginx_exporter_services }}"

ansible/roles/nginx_exporter/templates/config.yml.j2

@@ -0,0 +1,18 @@
+---
+{{ ansible_managed | comment }}
+{% if nginx_exporter_tls_server_config | length > 0 %}
+tls_server_config:
+{{ nginx_exporter_tls_server_config | to_nice_yaml | indent(2, true) }}
+{% endif %}
+
+{% if nginx_exporter_http_server_config | length > 0 %}
+http_server_config:
+{{ nginx_exporter_http_server_config | to_nice_yaml | indent(2, true) }}
+{% endif %}
+
+{% if nginx_exporter_basic_auth_users | length > 0 %}
+basic_auth_users:
+{% for k, v in nginx_exporter_basic_auth_users.items() %}
+  {{ k }}: {{ v | string | password_hash('bcrypt', ('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' | shuffle(seed=inventory_hostname) | join)[:22], rounds=9) }}
+{% endfor %}
+{% endif %}

ansible/roles/prometheus/templates/prometheus.yml.j2

@@ -66,6 +66,24 @@ scrape_configs:
 {% endfor %}
 {% endif %}
 
+{% if enable_nginx_exporter | bool %}
+  - job_name: nginx-exporter
+    static_configs:
+      - targets:
+{% for host in groups['nginx_exporter'] | sort %}
+        - '{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ hostvars[host]['nginx_exporter_port'] }}'
+{% endfor %}
+{% endif %}
+
+{% if enable_openstack_exporter | bool %}
+  - job_name: openstack-exporter
+    static_configs:
+      - targets:
+{% for host in groups['openstack_exporter'] | sort %}
+        - '{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ hostvars[host]['openstack_exporter_port'] }}'
+{% endfor %}
+{% endif %}
+
 {% if enable_mysqld_exporter | bool %}
   - job_name: mysqld-exporter
     static_configs:
@@ -93,4 +111,4 @@ scrape_configs:
       - files:
         - "/etc/prometheus/file_sd/{{ f.path | basename }}"
 {% endfor %}
-{% endif %}
+{% endif %}

ansible/site.yml

@@ -85,6 +85,18 @@
         when: enable_openstack_exporter | bool,
       }
 
+- name: Apply role nginx_exporter
+  gather_facts: false
+  become: true
+  hosts:
+    - nginx_exporter
+  roles:
+    - {
+        role: nginx_exporter,
+        tags: [exporters, nginx_exporter],
+        when: enable_nginx_exporter | bool,
+      }
+
 - name: Apply role grafana
   gather_facts: false
   become: true

etc/ansitheus/config.yml

@@ -39,6 +39,8 @@ enable_alertmanager: "yes"
 enable_haproxy: "yes"
 enable_mysqld_exporter: "no"
 enable_fluentd: "no"
+enable_openstack_exporter: "no"
+enable_nginx_exporter: "no"
 
 ##################
 # Port mappings