基于 ansible-role 实现node-exporter的安装

# 1. 初始化机器环境

# 1.1 去掉目标机器的网关规则

[root@localhost ~]# firewall-cmd --list-port
9100/tcp
[root@localhost ~]# firewall-cmd --remove-port=9100/tcp
success

1
2
3
4

# 1.2 在控制面安装ansible

❯ tree ansible
ansible
├── amd64
│   ├── ansible-core_2.14.3-1_all.deb
│   ├── ca-certificates_20230311_all.deb
│   ├── ieee-data_20220827.1_all.deb
│   ├── libbsd0_0.11.7-2_amd64.deb
│   ├── libcbor0.8_0.8.0-2+b1_amd64.deb
│   ├── libcom-err2_1.47.0-2_amd64.deb
│   ├── libedit2_3.1-20221030-2_amd64.deb
│   ├── libexpat1_2.5.0-1_amd64.deb
│   ├── libfido2-1_1.12.0-2+b1_amd64.deb
│   ├── libgssapi-krb5-2_1.20.1-2+deb12u2_amd64.deb
│   ├── libk5crypto3_1.20.1-2+deb12u2_amd64.deb
│   ├── libkeyutils1_1.6.3-2_amd64.deb
│   ├── libkrb5-3_1.20.1-2+deb12u2_amd64.deb
│   ├── libkrb5support0_1.20.1-2+deb12u2_amd64.deb
│   ├── libncursesw6_6.4-4_amd64.deb
│   ├── libnsl2_1.3.0-2_amd64.deb
│   ├── libpsl5_0.21.2-1_amd64.deb
│   ├── libpython3-stdlib_3.11.2-1+b1_amd64.deb
│   ├── libpython3.11-minimal_3.11.2-6+deb12u2_amd64.deb
│   ├── libpython3.11-stdlib_3.11.2-6+deb12u2_amd64.deb
│   ├── libreadline8_8.2-1.3_amd64.deb
│   ├── libsqlite3-0_3.40.1-2_amd64.deb
│   ├── libssl3_3.0.13-1~deb12u1_amd64.deb
│   ├── libtirpc-common_1.3.3+ds-1_all.deb
│   ├── libtirpc3_1.3.3+ds-1_amd64.deb
│   ├── libyaml-0-2_0.2.5-1_amd64.deb
│   ├── media-types_10.0.0_all.deb
│   ├── netbase_6.4_all.deb
│   ├── openssh-client_1%3a9.2p1-2+deb12u3_amd64.deb
│   ├── openssl_3.0.13-1~deb12u1_amd64.deb
│   ├── python3-cffi-backend_1.15.1-5+b1_amd64.deb
│   ├── python3-cryptography_38.0.4-3_amd64.deb
│   ├── python3-distutils_3.11.2-3_all.deb
│   ├── python3-dnspython_2.3.0-1_all.deb
│   ├── python3-httplib2_0.20.4-3_all.deb
│   ├── python3-jinja2_3.1.2-1_all.deb
│   ├── python3-lib2to3_3.11.2-3_all.deb
│   ├── python3-markupsafe_2.1.2-1+b1_amd64.deb
│   ├── python3-minimal_3.11.2-1+b1_amd64.deb
│   ├── python3-netaddr_0.8.0-2_all.deb
│   ├── python3-packaging_23.0-1_all.deb
│   ├── python3-pycryptodome_3.11.0+dfsg1-4_amd64.deb
│   ├── python3-pyparsing_3.0.9-1_all.deb
│   ├── python3-resolvelib_0.9.0-2_all.deb
│   ├── python3-yaml_6.0-3+b2_amd64.deb
│   ├── python3.11-minimal_3.11.2-6+deb12u2_amd64.deb
│   ├── python3.11_3.11.2-6+deb12u2_amd64.deb
│   ├── python3_3.11.2-1+b1_amd64.deb
│   ├── readline-common_8.2-1.3_all.deb
│   ├── sshpass_1.09-1+b1_amd64.deb
│   └── wget_1.21.3-1+b2_amd64.deb
├── ansible.cfg
├── arm64
│   ├── ansible-core_2.14.3-1_all.deb
│   ├── ca-certificates_20230311_all.deb
│   ├── ieee-data_20220827.1_all.deb
│   ├── libbsd0_0.11.7-2_arm64.deb
│   ├── libcbor0.8_0.8.0-2+b1_arm64.deb
│   ├── libcom-err2_1.47.0-2_arm64.deb
│   ├── libedit2_3.1-20221030-2_arm64.deb
│   ├── libexpat1_2.5.0-1_arm64.deb
│   ├── libfido2-1_1.12.0-2+b1_arm64.deb
│   ├── libgssapi-krb5-2_1.20.1-2+deb12u2_arm64.deb
│   ├── libk5crypto3_1.20.1-2+deb12u2_arm64.deb
│   ├── libkeyutils1_1.6.3-2_arm64.deb
│   ├── libkrb5-3_1.20.1-2+deb12u2_arm64.deb
│   ├── libkrb5support0_1.20.1-2+deb12u2_arm64.deb
│   ├── libncursesw6_6.4-4_arm64.deb
│   ├── libnsl2_1.3.0-2_arm64.deb
│   ├── libpsl5_0.21.2-1_arm64.deb
│   ├── libpython3-stdlib_3.11.2-1+b1_arm64.deb
│   ├── libpython3.11-minimal_3.11.2-6+deb12u2_arm64.deb
│   ├── libpython3.11-stdlib_3.11.2-6+deb12u2_arm64.deb
│   ├── libreadline8_8.2-1.3_arm64.deb
│   ├── libsqlite3-0_3.40.1-2_arm64.deb
│   ├── libssl3_3.0.13-1~deb12u1_arm64.deb
│   ├── libtirpc-common_1.3.3+ds-1_all.deb
│   ├── libtirpc3_1.3.3+ds-1_arm64.deb
│   ├── libyaml-0-2_0.2.5-1_arm64.deb
│   ├── media-types_10.0.0_all.deb
│   ├── netbase_6.4_all.deb
│   ├── openssh-client_1%3a9.2p1-2+deb12u3_arm64.deb
│   ├── openssl_3.0.13-1~deb12u1_arm64.deb
│   ├── python3-cffi-backend_1.15.1-5+b1_arm64.deb
│   ├── python3-cryptography_38.0.4-3_arm64.deb
│   ├── python3-distutils_3.11.2-3_all.deb
│   ├── python3-dnspython_2.3.0-1_all.deb
│   ├── python3-httplib2_0.20.4-3_all.deb
│   ├── python3-jinja2_3.1.2-1_all.deb
│   ├── python3-lib2to3_3.11.2-3_all.deb
│   ├── python3-markupsafe_2.1.2-1+b1_arm64.deb
│   ├── python3-minimal_3.11.2-1+b1_arm64.deb
│   ├── python3-netaddr_0.8.0-2_all.deb
│   ├── python3-packaging_23.0-1_all.deb
│   ├── python3-pycryptodome_3.11.0+dfsg1-4_arm64.deb
│   ├── python3-pyparsing_3.0.9-1_all.deb
│   ├── python3-resolvelib_0.9.0-2_all.deb
│   ├── python3-yaml_6.0-3+b2_arm64.deb
│   ├── python3.11-minimal_3.11.2-6+deb12u2_arm64.deb
│   ├── python3.11_3.11.2-6+deb12u2_arm64.deb
│   ├── python3_3.11.2-1+b1_arm64.deb
│   ├── readline-common_8.2-1.3_all.deb
│   ├── sshpass_1.09-1_arm64.deb
│   └── wget_1.21.3-1+b1_arm64.deb
└── collections
    ├── ansible-posix-1.5.4.tar.gz
    ├── community-general-9.1.0.tar.gz
    ├── kubernetes-core-2.4.2.tar.gz

# $TARGETARCH 当前服务器的CPU架构 amd64 or arm64
# 安装ansible的基础环境
❯ apt install ansible/$TARGETARCH/*.deb && apt clean &&  rm -rf /var/lib/apt/lists/*
# 安装ansible额外的扩展 module
❯ ansible-galaxy collection install /opt/ansible/collections/*.tar.gz
# 配置ansible
❯ cp ansible/ansible.cfg /etc/ansible/ansible.cfg

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

# 2. 内容解析

# 2.1 ansible.cfg

[defaults]
nocows = True
roles_path = /opt/ops/remote-deploy/roles

remote_tmp = $HOME/.ansible/tmp
local_tmp  = $HOME/.ansible/tmp
pipelining = True
become = True
host_key_checking = False
deprecation_warnings = False
callback_whitelist = profile_tasks

[inventory]
enable_plugins = host_list, script, auto, yaml, ini, toml

1
2
3
4
5
6
7
8
9
10
11
12
13
14

# 2.2 remote-deploy 目录结构

❯ tree remote-deploy/
remote-deploy/
├── deploys
│   ├── inventorys
│   │   └── example-inventory
│   └── playbooks
│       ├── install-node-exporter.yaml
│       └── ping.yaml
└── roles                                         <-- 可执行的roles
    └── node-exporter-role
        ├── README.md
        ├── defaults                              <-- 定义任务执行的默认值
        │   └── main.yml
        ├── files                                 <-- 存放任务执行所需的文件
        │   ├── node_exporter-1.6.0.linux-amd64
        │   │   ├── NOTICE
        │   │   └── node_exporter
        │   └── node_exporter-1.6.0.linux-arm64
        │       ├── NOTICE
        │       └── node_exporter
        ├── handlers
        │   └── main.yml
        ├── meta
        │   └── main.yml
        ├── molecule
        │   └── default
        │       ├── converge.yml
        │       └── molecule.yml
        ├── tasks                                 <-- 定义具体的执行任务
        │   ├── config-version.yaml
        │   ├── enable-port.yaml
        │   └── main.yml
        └── templates                             <-- 存放任务所需的模版文件
            └── node_exporter.service.j2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

# 2.3 解析role目录 (defaults/main.yml)

定义一些任务执行所需的变量

---  
# Use the latest node_exporter release  
node_exporter_version: '1.6.0'  
  
# Alternatively, set a specific version  
# See available releases: https://github.com/prometheus/node_exporter/releases/  
# node_exporter_version: '0.18.1'  
  
node_exporter_arch: 'arm64'  
# node_exporter_download_url: https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/node_exporter-{{ node_exporter_version }}.linux-{{ node_exporter_arch }}.tar.gz  
  
node_exporter_bin_path: /usr/local/bin/node_exporter  
  
# Set node_exporter_host to localhost if you wish to expose node_exporter on localhost only.  
node_exporter_host: ''  
node_exporter_port: 9100  
node_exporter_options: ''  
  
node_exporter_state: started  
node_exporter_enabled: true  
node_exporter_restart: on-failure

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

# 2.4 解析role目录 (tasks/main.yml)

---  
- name: Check current node_exporter version.  
  command: "{{ node_exporter_bin_path }} --version"  
  failed_when: false  
  changed_when: false  
  register: node_exporter_version_check  
  
# - name: Configure latest version  
#   include_tasks: config-version.yaml  
#   when: >  
#     node_exporter_version is match("latest")  
#     or node_exporter_version is not defined  
  
# - name: Get target machine architecture  
#   ansible.builtin.command: uname -m  
#   register: machine_arch  
#   changed_when: false  
  
- name: Set node_exporter_arch based on machine architecture  
  ansible.builtin.set_fact:  
    node_exporter_arch: >-  
      {%- if ansible_architecture == 'x86_64' -%}amd64  
      {%- elif ansible_architecture == 'aarch64' -%}arm64  
      {%- else -%}{{ ansible_architecture }}  
      {%- endif -%}  
  
- name: Copy node_exporter binary from files folder  
  copy:  
    src: "node_exporter-{{ node_exporter_version }}.linux-{{ node_exporter_arch | trim }}/node_exporter"  
    dest: "{{ node_exporter_bin_path }}"  
    mode: 0755  
  when: >  
    node_exporter_version_check.stdout is not defined  
    or node_exporter_version not in node_exporter_version_check.stdout  
  notify: restart node_exporter  
  
- name: Create node_exporter user.  
  user:  
    name: node_exporter  
    shell: /sbin/nologin  
    state: present  
  
- name: Copy the node_exporter systemd unit file.  
  template:  
    src: node_exporter.service.j2  
    dest: /etc/systemd/system/node_exporter.service  
    mode: 0644  
  register: node_exporter_service  
  
- name: Reload systemd daemon if unit file is changed.  
  systemd:  
    daemon_reload: true  
#  notify: restart node_exporter  
  notify: systemctl restart node_exporter.service  
  when: node_exporter_service is changed  
  
- name: Ensure node_exporter is running and enabled at boot.  
  service:  
    name: node_exporter  
    state: "{{ node_exporter_state }}"  
    enabled: "{{ node_exporter_enabled }}"  
  
- name: Verify node_exporter is responding to requests.  
  uri:  
    url: "http://{% if node_exporter_host !='' %}{{ node_exporter_host }}{% else %}localhost{% endif %}:{{ node_exporter_port }}/"  
    return_content: true  
  register: metrics_output  
  failed_when: "'Metrics' not in metrics_output.content"  
  
  
- name: Gather service facts  
  ansible.builtin.service_facts:  
  
- name: Enable node_exporter port  
  firewalld:  
    port: 9100/tcp  
    permanent: true  
    state: enabled  
    immediate: yes  
  when: ansible_facts.services['firewalld.service']['state'] == 'running'

# 2.5 解析role目录 (templates/node_exporter.service.j2)

[Unit]  
Description=NodeExporter  
  
[Service]  
TimeoutStartSec=0  
User=node_exporter  
ExecStart={{ node_exporter_bin_path }} --web.listen-address={{ node_exporter_host }}:{{ node_exporter_port }} {{ node_exporter_options }}  
Restart={{ node_exporter_restart }}  
  
[Install]  
WantedBy=multi-user.target

1
2
3
4
5
6
7
8
9
10
11

# 2.6 stall-node-exporter.yaml

---  
- name: install-node-exporter
  hosts: servers
  roles:  
    - roles/node-exporter-role

1
2
3
4
5

# 2.7 example-inventory

[servers]  
10.40.10.8 ansible_ssh_host=10.40.10.8 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_password=root

1
2

# 3. 执行ansible-playbook

❯ cd remote-deploy
❯ ll
total 0
drwxr-xr-x  4 striveonger  staff   128B  9 12 17:32 deploys
drwxr-xr-x  3 striveonger  staff    96B  9 12 17:32 roles
❯ ansible-playbook deploys/playbooks/install-node-exporter.yaml --inventory-file deploys/inventorys/example-inventory

1
2
3
4
5
6

Striveonger