feat: Add consul_exporter role

roles/consul_exporter/README.md

@@ -0,0 +1,83 @@
+<p><img src="https://www.circonus.com/wp-content/uploads/2015/03/sol-icon-itOps.png" alt="graph logo" title="graph" align="right" height="60" /></p>
+
+# Ansible Role: consul_exporter
+
+## Description
+
+Deploy prometheus [consul_exporter](https://github.com/prometheus/consul_exporter) using ansible.
+
+## Requirements
+
+- Ansible >= 2.9 (It might work on previous versions, but we cannot guarantee it)
+- gnu-tar on Mac deployer host (`brew install gnu-tar`)
+- Passlib is required when using the basic authentication feature (`pip install passlib[bcrypt]`)
+
+## Role Variables
+
+All variables which can be overridden are stored in [defaults/main.yml](defaults/main.yml) file as well as in [meta/argument_specs.yml](meta/argument_specs.yml).
+Please refer to the [collection docs](https://prometheus-community.github.io/ansible/branch/main/consul_exporter_role.html) for description and default values of the variables.
+
+## Example
+
+### Playbook
+
+Use it in a playbook as follows:
+```yaml
+- hosts: all
+  roles:
+    - prometheus.prometheus.consul_exporter
+```
+
+### TLS config
+
+Before running consul_exporter role, the user needs to provision their own certificate and key.
+```yaml
+- hosts: all
+  pre_tasks:
+    - name: Create consul_exporter cert dir
+      file:
+        path: "/etc/consul_exporter"
+        state: directory
+        owner: root
+        group: root
+
+    - name: Create cert and key
+      openssl_certificate:
+        path: /etc/consul_exporter/tls.cert
+        csr_path: /etc/consul_exporter/tls.csr
+        privatekey_path: /etc/consul_exporter/tls.key
+        provider: selfsigned
+  roles:
+    - prometheus.prometheus.consul_exporter
+  vars:
+    consul_exporter_tls_server_config:
+      cert_file: /etc/consul_exporter/tls.cert
+      key_file: /etc/consul_exporter/tls.key
+    consul_exporter_basic_auth_users:
+      randomuser: examplepassword
+```
+
+
+### Demo site
+
+We provide an example site that demonstrates a full monitoring solution based on prometheus and grafana. The repository with code and links to running instances is [available on github](https://github.com/superq/demo-site) and the site is hosted on [DigitalOcean](https://digitalocean.com).
+
+## Local Testing
+
+The preferred way of locally testing the role is to use Docker and [molecule](https://github.com/ansible-community/molecule) (v3.x). You will have to install Docker on your system. See "Get started" for a Docker package suitable for your system. Running your tests is as simple as executing `molecule test`.
+
+## Continuous Integration
+
+Combining molecule and circle CI allows us to test how new PRs will behave when used with multiple ansible versions and multiple operating systems. This also allows use to create test scenarios for different role configurations. As a result we have quite a large test matrix which can take more time than local testing, so please be patient.
+
+## Contributing
+
+See [contributor guideline](CONTRIBUTING.md).
+
+## Troubleshooting
+
+See [troubleshooting](TROUBLESHOOTING.md).
+
+## License
+
+This project is licensed under MIT License. See [LICENSE](/LICENSE) for more details.

roles/consul_exporter/TROUBLESHOOTING.md

@@ -0,0 +1,20 @@
+# Troubleshooting
+
+## Bad requests (HTTP 400)
+
+This role downloads checksums from the Github project to verify the integrity of artifacts installed on your servers. When downloading the checksums, a "bad request" error might occur.
+
+This happens in environments which (knowningly or unknowling) use the [netrc mechanism](https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html) to auto-login into servers.
+
+Unless netrc is needed by your playbook and ansible roles, please unset the var like so:
+
+```
+$ NETRC= ansible-playbook ...
+```
+
+Or:
+
+```
+$ export NETRC=
+$ ansible-playbook ...
+```

roles/consul_exporter/defaults/main.yml

@@ -0,0 +1,38 @@
+---
+consul_exporter_version: 0.13.0
+consul_exporter_binary_url: "https://github.com/{{ _consul_exporter_repo }}/releases/download/v{{ consul_exporter_version }}/\
+                             consul_exporter-{{ consul_exporter_version }}.{{ ansible_facts['system'] | lower }}-{{ _consul_exporter_go_ansible_arch }}.tar.gz"
+consul_exporter_checksums_url: "https://github.com/{{ _consul_exporter_repo }}/releases/download/v{{ consul_exporter_version }}/sha256sums.txt"
+
+consul_exporter_web_listen_address: "0.0.0.0:9107"
+consul_exporter_web_telemetry_path: "/metrics"
+
+consul_exporter_tls_server_config: {}
+
+consul_exporter_http_server_config: {}
+
+consul_exporter_basic_auth_users: {}
+
+consul_exporter_server: "http://localhost:8500"
+consul_exporter_timeout: "500ms"
+consul_exporter_request_limit: 0
+consul_exporter_kv_prefix: ""
+consul_exporter_kv_filter: ""
+consul_exporter_meta_filter: ""
+consul_exporter_health_summary: false
+consul_exporter_agent_only: false
+consul_exporter_allow_stale: false
+consul_exporter_require_consistent: false
+
+consul_exporter_log_level: "info"
+consul_exporter_log_format: "logfmt"
+
+consul_exporter_system_user: "consul-exp"
+consul_exporter_system_group: "{{ consul_exporter_system_user }}"
+
+
+# Local path to stash the archive and its extraction
+consul_exporter_local_cache_path: "/tmp/consul_exporter-{{ ansible_facts['system'] | lower }}-{{ _consul_exporter_go_ansible_arch }}/{{ consul_exporter_version }}"
+
+consul_exporter_binary_install_dir: "/usr/local/bin"
+consul_exporter_config_dir: "/etc/consul_exporter"

roles/consul_exporter/handlers/main.yml

@@ -0,0 +1,10 @@
+---
+- name: Restart consul_exporter
+  listen: "restart consul_exporter"
+  become: true
+  ansible.builtin.systemd:
+    daemon_reload: true
+    name: consul_exporter
+    state: restarted
+  when:
+    - not ansible_check_mode

roles/consul_exporter/meta/argument_specs.yml

@@ -0,0 +1,106 @@
+---
+# yamllint disable rule:line-length
+argument_specs:
+  main:
+    short_description: "Prometheus consul Exporter"
+    description:
+      - "Deploy prometheus L(consul_exporter,https://github.com/prometheus/consul_exporter) using ansible"
+    author:
+      - "Prometheus Community"
+    options:
+      consul_exporter_version:
+        description: "consul exporter package version. Also accepts latest as parameter."
+        default: "0.13.0"
+      consul_exporter_binary_url:
+        description: "URL of the consul_exporter binaries .tar.gz file"
+        default: "https://github.com/{{ _consul_exporter_repo }}/releases/download/v{{ consul_exporter_version }}/consul_exporter-{{ consul_exporter_version }}.{{ ansible_facts['system'] | lower }}-{{ _consul_exporter_go_ansible_arch }}.tar.gz"
+      consul_exporter_checksums_url:
+        description: "URL of the consul_exporter checksums file"
+        default: "https://github.com/{{ _consul_exporter_repo }}/releases/download/v{{ consul_exporter_version }}/sha256sums.txt"
+      consul_exporter_web_listen_address:
+        description: "Address on which consul_exporter will listen"
+        default: "0.0.0.0:9107"
+      consul_exporter_web_telemetry_path:
+        description: "Path under which to expose metrics"
+        default: "/metrics"
+      consul_exporter_tls_server_config:
+        description:
+          - "Configuration for TLS authentication."
+          - "Keys and values are the same as in L(consul_exporter docs,https://github.com/superq/consul_exporter/blob/master/https/README.md#sample-config)."
+        type: "dict"
+      consul_exporter_http_server_config:
+        description:
+          - "Config for HTTP/2 support."
+          - "Keys and values are the same as in L(consul_exporter docs,https://github.com/superq/consul_exporter/blob/master/https/README.md#sample-config)."
+        type: "dict"
+      consul_exporter_basic_auth_users:
+        description: "Dictionary of users and password for basic authentication. Passwords are automatically hashed with bcrypt."
+        type: "dict"
+      consul_exporter_log_level:
+        description: "Only log messages with the given severity or above"
+        default: "info"
+        choices:
+          - "debug"
+          - "info"
+          - "warn"
+          - "error"
+      consul_exporter_log_format:
+        description: "Output format of log messages"
+        default: "logfmt"
+        choices:
+          - "logfmt"
+          - "json"
+
+      consul_exporter_server:
+        description: "HTTP API address of a Consul server or agent."
+        default: "http://localhost:8500"
+      consul_exporter_timeout:
+        description: "Timeout on HTTP requests to the Consul API"
+        default: "500ms"
+      consul_exporter_request_limit:
+        description: "Limit the maximum number of concurrent requests to consul, 0 means no limit"
+        default: 0
+      consul_exporter_kv_prefix:
+        description: "Prefix from which to expose key/value pairs"
+      consul_exporter_kv_filter:
+        description: "Regex that determines which keys to expose"
+      consul_exporter_meta_filter:
+        description: "Regex that determines which meta keys to expose"
+      consul_exporter_health_summary:
+        description: "Generate a health summary for each service instance. Needs n+1 queries to collect all information."
+        type: bool
+        default: false
+      consul_exporter_agent_only:
+        description: "Only export metrics about services registered on local agent"
+        type: bool
+        default: false
+      consul_exporter_allow_stale:
+        description: "Allows any Consul server (non-leader) to service a read"
+        type: bool
+        default: false
+      consul_exporter_require_consistent:
+        description: "Forces the read to be fully consistent"
+        type: bool
+        default: false
+
+      consul_exporter_system_group:
+        description:
+          - "I(Advanced)"
+          - "System group for consul_exporter"
+        default: "consul-exp"
+      consul_exporter_system_user:
+        description:
+          - "I(Advanced)"
+          - "consul exporter user"
+        default: "consul-exp"
+      consul_exporter_binary_install_dir:
+        description:
+          - "I(Advanced)"
+          - "Directory to install binaries"
+        default: "/usr/local/bin"
+      consul_exporter_local_cache_path:
+        description: 'Local path to stash the archive and its extraction'
+        default: "/tmp/consul_exporter-{{ ansible_facts['system'] | lower }}-{{ _consul_exporter_go_ansible_arch }}/{{ consul_exporter_version }}"
+      consul_exporter_config_dir:
+        description: "Path to directory with consul_exporter configuration"
+        default: "/etc/consul_exporter"

roles/consul_exporter/meta/main.yml

@@ -0,0 +1,25 @@
+---
+galaxy_info:
+  author: "Prometheus Community"
+  description: "Prometheus Consul Exporter"
+  license: "Apache"
+  min_ansible_version: "2.9"
+  platforms:
+    - name: "Ubuntu"
+      versions:
+        - "focal"
+        - "jammy"
+        - "noble"
+    - name: "Debian"
+      versions:
+        - "bullseye"
+    - name: "EL"
+      versions:
+        - "8"
+        - "9"
+  galaxy_tags:
+    - "monitoring"
+    - "prometheus"
+    - "exporter"
+    - "metrics"
+    - "system"

roles/consul_exporter/molecule/alternative/molecule.yml

@@ -0,0 +1,19 @@
+---
+provisioner:
+  playbooks:
+    prepare: "${MOLECULE_PROJECT_DIRECTORY}/../../.config/molecule/alternative/prepare.yml"
+  inventory:
+    group_vars:
+      all:
+        consul_exporter_version: 0.13.0
+        consul_exporter_local_cache_path: "/tmp/consul_exporter-linux-amd64/{{ consul_exporter_version }}"
+        consul_exporter_web_listen_address: '127.0.1.1:8080'
+        consul_exporter_tls_server_config:
+          cert_file: /etc/consul_exporter/tls.cert
+          key_file: /etc/consul_exporter/tls.key
+        consul_exporter_http_server_config:
+          http2: true
+        consul_exporter_basic_auth_users:
+          randomuser: examplepassword
+        consul_exporter_binary_url: "https://github.com/prometheus/consul_exporter/releases/download/v{{ consul_exporter_version\
+                                     \ }}/consul_exporter-{{ consul_exporter_version }}.linux-amd64.tar.gz"

roles/consul_exporter/molecule/alternative/tests/test_alternative.py

@@ -0,0 +1,43 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+from testinfra_helpers import get_target_hosts
+import pytest
+
+testinfra_hosts = get_target_hosts()
+
+
+def test_directories(host):
+    dirs = [
+        "/etc/consul_exporter"
+    ]
+    for dir in dirs:
+        d = host.file(dir)
+        assert d.is_directory
+        assert d.exists
+
+
+def test_service(host):
+    s = host.service("consul_exporter")
+    try:
+        assert s.is_running
+    except AssertionError:
+        # Capture service logs
+        journal_output = host.run('journalctl -u consul_exporter --since "1 hour ago"')
+        print("\n==== journalctl -u consul_exporter Output ====\n")
+        print(journal_output)
+        print("\n============================================\n")
+        raise  # Re-raise the original assertion error
+
+
+def test_protecthome_property(host):
+    s = host.service("consul_exporter")
+    p = s.systemd_properties
+    assert p.get("ProtectHome") == "yes"
+
+
+@pytest.mark.parametrize("sockets", [
+    "tcp://127.0.1.1:8080",
+])
+def test_socket(host, sockets):
+    assert host.socket(sockets).is_listening

roles/consul_exporter/molecule/default/molecule.yml

@@ -0,0 +1,6 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        consul_exporter_web_listen_address: "127.0.0.1:9107"