diff --git a/manifests/prometheus/apt_config.pp b/manifests/prometheus/apt_config.pp new file mode 100644 index 0000000..c8fe254 --- /dev/null +++ b/manifests/prometheus/apt_config.pp @@ -0,0 +1,22 @@ +# APT configuration for prometheus +class profile::prometheus::apt_config { + if $facts['os']['distro']['codename'] == 'stretch' { + $pinned_packages = [ + 'prometheus', + 'prometheus-alertmanager', + 'prometheus-node-exporter', + ] + + ::apt::pin {'prometheus': + explanation => 'Pin prometheus to backports', + codename => 'stretch-backports', + packages => $pinned_packages, + priority => 990, + } + + } else { + ::apt::pin {'prometheus': + ensure => absent + } + } +} diff --git a/manifests/prometheus/node.pp b/manifests/prometheus/node.pp new file mode 100644 index 0000000..7e34537 --- /dev/null +++ b/manifests/prometheus/node.pp @@ -0,0 +1,46 @@ +# Prometheus configuration for nodes +class profile::prometheus::node { + include profile::prometheus::apt_config + + $defaults_file = '/etc/default/prometheus-node-exporter' + + package {'prometheus-node-exporter': + ensure => latest, + notify => Service['prometheus-node-exporter'], + } + + service {'prometheus-node-exporter': + ensure => 'running', + enable => true, + require => [ + Package['prometheus-node-exporter'], + File[$defaults_file], + ] + } + + $lookup_defaults_config = lookup('prometheus::node::defaults_config', Hash) + $listen_network = lookup('prometheus::node::listen_network', Optional[String], 'first', undef) + $listen_address = lookup('prometheus::node::listen_address', Optional[String], 'first', undef) + $actual_listen_address = pick($listen_address, ip_for_network($listen_network)) + $listen_port = lookup('prometheus::node::listen_port') + + $defaults_config = deep_merge( + $lookup_defaults_config, + { + web => { + listen_address => "${actual_listen_address}:${listen_port}", + }, + } + ) + + # Uses $defaults_config + file {$defaults_file: + ensure => 'present', + owner => 'root', + group => 'root', + mode => '0644', + content => template('profile/prometheus/node/prometheus-node-exporter.defaults.erb'), + require => Package['prometheus-node-exporter'], + notify => Service['prometheus-node-exporter'], + } +} diff --git a/manifests/prometheus/server.pp b/manifests/prometheus/server.pp new file mode 100644 index 0000000..6e6ab13 --- /dev/null +++ b/manifests/prometheus/server.pp @@ -0,0 +1,79 @@ +# Configure the Prometheus server +class profile::prometheus::server { + include profile::prometheus::apt_config + + $config_file = '/etc/prometheus/prometheus.yml' + $defaults_file = '/etc/default/prometheus' + + $global_config = {} + $rule_files = [] + $scrape_configs = [] + $remote_read = [] + $remote_write = [] + $alert_relabel_configs = [] + $alertmanagers = [] + + $full_config = { + global => $global_config, + rule_files => $rule_files, + scrape_configs => $scrape_configs, + alerting => { + alert_relabel_configs => $alert_relabel_configs, + alertmanagers => $alertmanagers, + }, + remote_read => $remote_read, + remote_write => $remote_write, + } + + $lookup_defaults_config = lookup('prometheus::server::defaults_config', Hash) + $listen_network = lookup('prometheus::server::listen_network', Optional[String], 'first', undef) + $listen_address = lookup('prometheus::server::listen_address', Optional[String], 'first', undef) + $actual_listen_address = pick($listen_address, ip_for_network($listen_network)) + $listen_port = lookup('prometheus::server::listen_port') + + $defaults_config = deep_merge( + $lookup_defaults_config, + { + web => { + listen_address => "${actual_listen_address}:${listen_port}", + }, + } + ) + + package {'prometheus': + ensure => latest, + notify => Service['prometheus'], + } + + service {'prometheus': + ensure => 'running', + enable => true, + require => [ + Package['prometheus'], + File[$config_file], + File[$defaults_file] + ], + } + + file {$config_file: + ensure => 'present', + owner => 'root', + group => 'root', + mode => '0644', + require => Package['prometheus'], + notify => Service['prometheus'], + content => inline_yaml($full_config), + } + + # Uses $defaults_config + file {$defaults_file: + ensure => 'present', + owner => 'root', + group => 'root', + mode => '0644', + content => template('profile/prometheus/server/prometheus.defaults.erb'), + require => Package['prometheus'], + notify => Service['prometheus'], + } + +} diff --git a/templates/prometheus/node/prometheus-node-exporter.defaults.erb b/templates/prometheus/node/prometheus-node-exporter.defaults.erb new file mode 100644 index 0000000..f7ca966 --- /dev/null +++ b/templates/prometheus/node/prometheus-node-exporter.defaults.erb @@ -0,0 +1,134 @@ +# Set the command-line arguments to pass to the server. +# Due to shell scaping, to pass backslashes for regexes, you need to double +# them (\\d for \d). If running under systemd, you need to double them again +# (\\\\d to mean \d), and escape newlines too. +ARGS="\ +<%- scope.call_function('flatten_to_argument_list', [@defaults_config]).each do |argument| -%> + <%= argument %> \ +<%- end -%> +" + +# Prometheus-node-exporter supports the following options: +# +# --collector.diskstats.ignored-devices="^(ram|loop|fd|(h|s|v|xv)d[a-z]|nvme\\d+n\\d+p)\\d+$" +# Regexp of devices to ignore for diskstats. +# --collector.filesystem.ignored-mount-points="^/(sys|proc|dev)($|/)" +# Regexp of mount points to ignore for filesystem +# collector. +# --collector.filesystem.ignored-fs-types="^(sys|proc|auto)fs$" +# Regexp of filesystem types to ignore for +# filesystem collector. +# --collector.megacli.command="megacli" +# Command to run megacli. +# --collector.netdev.ignored-devices="^$" +# Regexp of net devices to ignore for netdev +# collector. +# --collector.ntp.server="127.0.0.1" +# NTP server to use for ntp collector +# --collector.ntp.protocol-version=4 +# NTP protocol version +# --collector.ntp.server-is-local +# Certify that collector.ntp.server address is the +# same local host as this collector. +# --collector.ntp.ip-ttl=1 IP TTL to use while sending NTP query +# --collector.ntp.max-distance=3.46608s +# Max accumulated distance to the root +# --collector.ntp.local-offset-tolerance=1ms +# Offset between local clock and local ntpd time +# to tolerate +# --path.procfs="/proc" procfs mountpoint. +# --path.sysfs="/sys" sysfs mountpoint. +# --collector.qdisc.fixtures="" +# test fixtures to use for qdisc collector +# end-to-end testing +# --collector.runit.servicedir="/etc/service" +# Path to runit service directory. +# --collector.supervisord.url="http://localhost:9001/RPC2" +# XML RPC endpoint. +# --collector.systemd.unit-whitelist=".+" +# Regexp of systemd units to whitelist. Units must +# both match whitelist and not match blacklist to +# be included. +# --collector.systemd.unit-blacklist=".+\\.scope" +# Regexp of systemd units to blacklist. Units must +# both match whitelist and not match blacklist to +# be included. +# --collector.systemd.private +# Establish a private, direct connection to +# systemd without dbus. +# --collector.textfile.directory="" +# Directory to read text files with metrics from. +# --collector.wifi.fixtures="" +# test fixtures to use for wifi collector metrics +# --collector.arp Enable the arp collector (default: enabled). +# --collector.bcache Enable the bcache collector (default: enabled). +# --collector.bonding Enable the bonding collector (default: +# disabled). +# --collector.buddyinfo Enable the buddyinfo collector (default: +# disabled). +# --collector.conntrack Enable the conntrack collector (default: +# enabled). +# --collector.cpu Enable the cpu collector (default: enabled). +# --collector.diskstats Enable the diskstats collector (default: +# enabled). +# --collector.drbd Enable the drbd collector (default: disabled). +# --collector.edac Enable the edac collector (default: enabled). +# --collector.entropy Enable the entropy collector (default: enabled). +# --collector.filefd Enable the filefd collector (default: enabled). +# --collector.filesystem Enable the filesystem collector (default: +# enabled). +# --collector.gmond Enable the gmond collector (default: disabled). +# --collector.hwmon Enable the hwmon collector (default: enabled). +# --collector.infiniband Enable the infiniband collector (default: +# enabled). +# --collector.interrupts Enable the interrupts collector (default: +# disabled). +# --collector.ipvs Enable the ipvs collector (default: enabled). +# --collector.ksmd Enable the ksmd collector (default: disabled). +# --collector.loadavg Enable the loadavg collector (default: enabled). +# --collector.logind Enable the logind collector (default: disabled). +# --collector.mdadm Enable the mdadm collector (default: enabled). +# --collector.megacli Enable the megacli collector (default: +# disabled). +# --collector.meminfo Enable the meminfo collector (default: enabled). +# --collector.meminfo_numa Enable the meminfo_numa collector (default: +# disabled). +# --collector.mountstats Enable the mountstats collector (default: +# disabled). +# --collector.netdev Enable the netdev collector (default: enabled). +# --collector.netstat Enable the netstat collector (default: enabled). +# --collector.nfs Enable the nfs collector (default: disabled). +# --collector.ntp Enable the ntp collector (default: disabled). +# --collector.qdisc Enable the qdisc collector (default: disabled). +# --collector.runit Enable the runit collector (default: disabled). +# --collector.sockstat Enable the sockstat collector (default: +# enabled). +# --collector.stat Enable the stat collector (default: enabled). +# --collector.supervisord Enable the supervisord collector (default: +# disabled). +# --collector.systemd Enable the systemd collector (default: +# disabled). +# --collector.tcpstat Enable the tcpstat collector (default: +# disabled). +# --collector.textfile Enable the textfile collector (default: +# enabled). +# --collector.time Enable the time collector (default: enabled). +# --collector.uname Enable the uname collector (default: enabled). +# --collector.vmstat Enable the vmstat collector (default: enabled). +# --collector.wifi Enable the wifi collector (default: enabled). +# --collector.xfs Enable the xfs collector (default: enabled). +# --collector.zfs Enable the zfs collector (default: enabled). +# --collector.timex Enable the timex collector (default: enabled). +# --web.listen-address=":9100" +# Address on which to expose metrics and web +# interface. +# --web.telemetry-path="/metrics" +# Path under which to expose metrics. +# --log.level="info" Only log messages with the given severity or +# above. Valid levels: [debug, info, warn, error, +# fatal] +# --log.format="logger:stderr" +# Set the log target and format. Example: +# "logger:syslog?appname=bob&local=7" or +# "logger:stdout?json=true" +# --version Show application version. diff --git a/templates/prometheus/server/prometheus.defaults.erb b/templates/prometheus/server/prometheus.defaults.erb new file mode 100644 index 0000000..b94327d --- /dev/null +++ b/templates/prometheus/server/prometheus.defaults.erb @@ -0,0 +1,61 @@ +# Set the command-line arguments to pass to the server. +ARGS="\ +<%- scope.call_function('flatten_to_argument_list', [@defaults_config]).each do |argument| -%> + <%= argument %> \ +<%- end -%> +" + +# Prometheus supports the following options: +# --config.file="/etc/prometheus/prometheus.yml" +# Prometheus configuration file path. +# --web.listen-address="0.0.0.0:9090" +# Address to listen on for UI, API, and telemetry. +# --web.read-timeout=5m Maximum duration before timing out read of the +# request, and closing idle connections. +# --web.max-connections=512 Maximum number of simultaneous connections. +# --web.external-url= The URL under which Prometheus is externally +# reachable (for example, if Prometheus is served +# via a reverse proxy). Used for generating +# relative and absolute links back to Prometheus +# itself. If the URL has a path portion, it will +# be used to prefix all HTTP endpoints served by +# Prometheus. If omitted, relevant URL components +# will be derived automatically. +# --web.route-prefix= Prefix for the internal routes of web endpoints. +# Defaults to path of --web.external-url. +# --web.local-assets="/usr/share/prometheus/web/" +# Path to static asset/templates directory. +# --web.user-assets= Path to static asset directory, available at +# /user. +# --web.enable-lifecycle Enable shutdown and reload via HTTP request. +# --web.enable-admin-api Enables API endpoints for admin control actions. +# --web.console.templates="/etc/prometheus/consoles" +# Path to the console template directory, +# available at /consoles. +# --web.console.libraries="/etc/prometheus/console_libraries" +# Path to the console library directory. +# --storage.tsdb.path="/var/lib/prometheus/metrics2/" +# Base path for metrics storage. +# --storage.tsdb.min-block-duration=2h +# Minimum duration of a data block before being +# persisted. +# --storage.tsdb.max-block-duration= +# Maximum duration compacted blocks may span. +# (Defaults to 10% of the retention period) +# --storage.tsdb.retention=15d +# How long to retain samples in the storage. +# --storage.tsdb.no-lockfile +# Do not create lockfile in data directory. +# --alertmanager.notification-queue-capacity=10000 +# The capacity of the queue for pending alert +# manager notifications. +# --alertmanager.timeout=10s +# Timeout for sending alerts to Alertmanager. +# --query.lookback-delta=5m The delta difference allowed for retrieving +# metrics during expression evaluations. +# --query.timeout=2m Maximum time a query may take before being +# aborted. +# --query.max-concurrency=20 +# Maximum number of queries executed concurrently. +# --log.level=info Only log messages with the given severity or +# above. One of: [debug, info, warn, error]