42 lines
1.3 KiB
YAML
42 lines
1.3 KiB
YAML
---
|
|
# roles/swarm_node_exporter/tasks/main.yml
|
|
# Deploy node-exporter on each swarm node for host metrics collection
|
|
|
|
- name: Ensure node-exporter container is running
|
|
community.docker.docker_container:
|
|
name: "{{ node_exporter_container_name }}"
|
|
image: "prom/node-exporter:{{ node_exporter_version }}"
|
|
state: started
|
|
restart_policy: "{{ node_exporter_restart_policy }}"
|
|
volumes: "{{ node_exporter_volumes }}"
|
|
command:
|
|
- '--path.procfs=/host/proc'
|
|
- '--path.sysfs=/host/sys'
|
|
- '--path.rootfs=/rootfs'
|
|
- '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
|
|
network_mode: "host"
|
|
# === SECURITY HARDENING ===
|
|
read_only: true
|
|
security_opts:
|
|
- no-new-privileges:true
|
|
cap_drop:
|
|
- ALL
|
|
# === RESOURCE LIMITS ===
|
|
memory: "{{ node_exporter_memory_limit }}"
|
|
cpus: "{{ node_exporter_cpu_limit }}"
|
|
register: node_exporter_container
|
|
|
|
- name: Verify node-exporter is responding
|
|
ansible.builtin.uri:
|
|
url: "http://localhost:{{ node_exporter_port }}/metrics"
|
|
method: GET
|
|
status_code: 200
|
|
retries: 3
|
|
delay: 5
|
|
register: exporter_health
|
|
failed_when: exporter_health.status != 200
|
|
|
|
- name: Display node-exporter endpoint
|
|
ansible.builtin.debug:
|
|
msg: "✅ node-exporter is running on {{ ansible_hostname }}:{{ node_exporter_port }}"
|