-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdeploy-windows_exporter.yml
153 lines (153 loc) · 5.71 KB
/
deploy-windows_exporter.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
---
- name: Deploy windows_exporter
hosts: all
gather_facts: false
tasks:
- name: Get server name (GATHER_FACTS MUST BE TRUE OR THIS WILL FAIL)
set_fact:
renew_cert: "{{ force_cert_renewal | default(false) }}"
- name: show value
debug:
msg: "{{renew_cert}}"
- name: Uninstall windows_exporter
#win_command: "C:/Windows/Temp/{{ package_name }} {{ install_params }}"
win_package:
#path: "C:\\Windows\\Temp\\{{ package_name }}"
product_id: "{{ product_id }}"
state: absent
when: uninstall == "yes"
- name: Check if install directory exists
win_stat:
path: "{{ install_dir }}"
register: installdir
- name: Create install directory if it doesn't exist
win_file:
path: "{{ install_dir }}"
state: directory
when: installdir.stat.exists == false
- name: Check if ca file exists
win_stat:
path: "{{ install_dir }}/ca.crt"
register: file_ca
- name: Check if cert file exists
win_stat:
path: "{{ install_dir }}/cert.crt"
register: file_cert
- name: Check if key file exists
win_stat:
path: "{{ install_dir }}/cert.key"
register: file_key
- name: Generate certificates
block:
- name: Get server name (GATHER_FACTS MUST BE TRUE OR THIS WILL FAIL)
set_fact:
server_name: "{{ inventory_hostname | lower }}"
- name:
uri:
url: "{{ lookup('env','VAULT_ADDR') }}/v1/auth/approle/login"
method: POST
return_content: true
headers:
accept: application/json
body_format: json
body:
role_id: "{{ lookup('env','ROLE_ID') }}"
secret_id: "{{ lookup('env','SECRET_ID') }}"
status_code: 200
register: vault_auth
delegate_to: localhost
- name:
uri:
url: "{{ lookup('env','VAULT_ADDR') }}/v1/prompki/issue/server"
method: POST
return_content: true
headers:
accept: application/json
X-Vault-Token: "{{ vault_auth.json.auth.client_token }}"
body_format: json
body:
common_name: "{{ server_name }}"
alt_names: "{{ server_name }}"
private_key_format: "pkcs8"
ttl: "{{ cert_ttl }}"
format: "pem"
status_code: 200
register: cert
delegate_to: localhost
#- name:
# debug:
# msg: "{{ cert.json }}"
- name: Write ca file
win_copy:
content: "{{ cert.json.data.issuing_ca }}"
dest: "{{ install_dir }}/ca.crt"
- name: Write cert file
win_copy:
content: "{{ cert.json.data.certificate }}"
dest: "{{ install_dir }}/cert.crt"
- name: Write key file
win_copy:
content: "{{ cert.json.data.private_key }}"
dest: "{{ install_dir }}/cert.key"
when: file_ca.stat.exists == false or file_cert.stat.exists == false or file_key.stat.exists == false or renew_cert == true
#- name: Check if config exists
# win_stat:
# path: "{{ install_dir }}/config.yml"
# register: config
- name: Show config vars
debug:
msg: "Using template {{ prometheus_config | default('config.yml.j2') }} with the following enabled collectors: {{ prometheus_enabled_collectors }}"
- name: Create config.yml
win_template:
src: "{{ prometheus_config | default('config.yml.j2') }}"
dest: "{{ install_dir }}/config.yml"
# when: config.stat.exists == false
#- name: Check if web config exists
# win_stat:
# path: "{{ install_dir }}/web-config.yml"
# register: webconfig
- name: Create web-config.yml
win_template:
src: web-config.yml.j2
dest: "{{ install_dir }}/web-config.yml"
# when: webconfig.stat.exists == false
#- name:
# debug:
# msg: "{{ file_key }}"
- name: Download windows_exporter
get_url:
url: "{{ package_url }}{{ package_name }}"
dest: "/tmp/{{ package_name }}"
delegate_to: localhost
- name: Copy a single file
ansible.windows.win_copy:
src: "/tmp/{{ package_name }}"
dest: "C:\\Windows\\Temp\\{{ package_name }}"
- name: Install/Update windows_exporter
#win_command: "C:/Windows/Temp/{{ package_name }} {{ install_params }}"
win_package:
path: "C:\\Windows\\Temp\\{{ package_name }}"
#product_id: "{{ product_id }}"
state: present
arguments: "{{ install_params }}"
#netsh advfirewall firewall add rule name="windows_exporter" dir=in action=allow protocol=tcp localport=9182 profile=any remoteip=any
#windows_exporter creates a firewall rule automatically
#- name: Create a firewall rule to allow traffic to the windows_exporter listening port
# win_firewall_rule:
# name: windows_exporter
# localport: 9182
# action: allow
# direction: in
# protocol: tcp
# profiles: domain,private,public
# remoteip: any
# state: present
# enabled: yes
- name: Delete windows_exporter msi
win_file:
path: "C:\\Windows\\Temp\\{{ package_name }}"
state: absent
- name: Restart a service
win_service:
name: windows_exporter
state: restarted