add prometheus-nginxlog-exporter role (#2315)

* add prometheus-nginxlog-exporter role

* Rename matrix_prometheus_nginxlog_exporter_container_url to matrix_prometheus_nginxlog_exporter_container_hostname

* avoid referencing variables from other roles, handover info using group_vars/matrix_servers

* fix: stop service when uninstalling

fix: typo

move available arch's into a var

fix: text

* fix: prometheus enabled condition

Co-authored-by: ikkemaniac <ikkemaniac@localhost>

roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml

@@ -0,0 +1,49 @@
+---
+# prometheus-nginxlog-exporter exports nginx logs in a prometheus usable format on a `/metrics/ endpoint
+# See: https://github.com/martin-helmich/prometheus-nginxlog-exporter/
+
+matrix_prometheus_nginxlog_exporter_enabled: true
+matrix_prometheus_nginxlog_exporter_version: v1.10.0
+
+matrix_prometheus_nginxlog_exporter_container_hostname: 'matrix-prometheus-nginxlog-exporter'
+matrix_prometheus_nginxlog_exporter_container_metrics_port: '4040'
+matrix_prometheus_nginxlog_exporter_container_syslog_port: '6514'
+
+matrix_prometheus_nginxlog_exporter_docker_image_arch: ['amd64', 'arm64']
+matrix_prometheus_nginxlog_exporter_docker_image_name_prefix: "{{ 'ghcr.io/martin-helmich/' }}"
+matrix_prometheus_nginxlog_exporter_docker_image_tag: "{{ 'latest' if matrix_prometheus_nginxlog_exporter_version == 'master' else matrix_prometheus_nginxlog_exporter_version }}-{{ matrix_architecture }}"
+matrix_prometheus_nginxlog_exporter_docker_image: "{{ matrix_prometheus_nginxlog_exporter_docker_image_name_prefix }}prometheus-nginxlog-exporter/exporter:{{ matrix_prometheus_nginxlog_exporter_docker_image_tag }}"
+matrix_prometheus_nginxlog_exporter_docker_image_force_pull: "{{ matrix_prometheus_nginxlog_exporter_docker_image.endswith(':latest') }}"
+matrix_prometheus_nginxlog_exporter_docker_image_arch_check_enabled: true
+
+# Controls whether prometheus-nginxlog-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/nginxlog`.
+# This will only take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
+# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
+matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled: false
+
+# matrix_prometheus_nginxlog_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions.
+# If the Grafana role is enabled, these dashboards will be downloaded.
+matrix_prometheus_nginxlog_exporter_dashboard_urls: []
+
+matrix_prometheus_nginxlog_exporter_base_path: "{{ matrix_base_data_path }}/prometheus-nginxlog-exporter"
+matrix_prometheus_nginxlog_exporter_config_path: "{{ matrix_prometheus_nginxlog_exporter_base_path }}/config"
+
+# A list of extra docker arguments to pass to the container
+matrix_prometheus_nginxlog_exporter_container_extra_arguments: []
+
+# List of systemd services that matrix-prometheus_nginxlog_exporter.service depends on
+matrix_prometheus_nginxlog_exporter_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-prometheus_nginxlog_exporter.service wants
+matrix_prometheus_nginxlog_exporter_systemd_wanted_services_list: []
+
+# Controls whether the matrix-prometheus_nginxlog_exporter container exposes its HTTP port (tcp/4040 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:4040"), or empty string to not expose.
+matrix_prometheus_nginxlog_exporter_container_http_host_bind_port: ''
+
+# Controls whether the matrix-prometheus_nginxlog_exporter container exposes its SYSLOG port (udp/6514 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:6514"), or empty string to not expose.
+# NOTE: is an UDP connection!
+matrix_prometheus_nginxlog_exporter_container_syslog_host_bind_port: ''

roles/custom/matrix-prometheus-nginxlog-exporter/tasks/inject_into_nginx_proxy.yml

@@ -0,0 +1,31 @@
+---
+
+- name: Fail if matrix-nginx-proxy role already executed
+  ansible.builtin.fail:
+    msg: >-
+      Trying to append prometheus-nginxlog-exporter's configuration to matrix-nginx-proxy,
+      but it's pointless since the matrix-nginx-proxy role is already executed.
+      To fix this, please change the order of roles in your playbook to make sure that
+      the matrix-nginx-proxy role is run after the prometheus-nginxlog-exporter role.
+  when: matrix_nginx_proxy_role_executed | default(False) | bool
+
+- name: Generate prometheus-nginxlog-exporter's metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/nginxlog)
+  ansible.builtin.set_fact:
+    matrix_prometheus_nginxlog_exporter_matrix_nginx_proxy_metrics_configuration_matrix_domain: |
+      location /metrics/nginxlog {
+          {# Use the embedded DNS resolver in Docker containers to discover the service #}
+          resolver 127.0.0.11 valid=5s;
+          set $backend "{{ matrix_prometheus_nginxlog_exporter_container_hostname }}:{{ matrix_prometheus_nginxlog_exporter_container_metrics_port }}";
+          proxy_pass http://$backend/metrics;
+      }
+  when: matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled | bool and matrix_nginx_proxy_enabled | bool
+
+- name: Register prometheus-nginxlog-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/nginxlog)
+  ansible.builtin.set_fact:
+    matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
+      {{
+        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+        +
+        [matrix_prometheus_nginxlog_exporter_matrix_nginx_proxy_metrics_configuration_matrix_domain]
+      }}
+  when: matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled | bool

roles/custom/matrix-prometheus-nginxlog-exporter/tasks/main.yml

@@ -0,0 +1,29 @@
+---
+
+- block:
+    - when: matrix_prometheus_nginxlog_exporter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
+  tags:
+    - setup-all
+    - setup-prometheus-nginxlog-exporter
+    - install-all
+    - install-prometheus-nginxlog-exporter
+
+- block:
+    - when: matrix_prometheus_nginxlog_exporter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_prometheus_nginxlog_exporter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  tags:
+    - setup-all
+    - setup-prometheus-nginxlog-exporter
+    - install-all
+    - install-prometheus-nginxlog-exporter
+
+- block:
+    - when: not matrix_prometheus_nginxlog_exporter_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  tags:
+    - setup-all
+    - setup-prometheus-nginxlog-exporter

roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_install.yml

@@ -0,0 +1,47 @@
+---
+
+- name: Ensure matrix-prometheus-nginxlog-exporter image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_prometheus_nginxlog_exporter_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_prometheus_nginxlog_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_nginxlog_exporter_docker_image_force_pull }}"
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure prometheus-nginxlog-exporter paths exists
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - "{{ matrix_prometheus_nginxlog_exporter_base_path }}"
+    - "{{ matrix_prometheus_nginxlog_exporter_config_path }}"
+
+- name: Ensure prometheus-nginxlog-exporter.yaml present
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/prometheus-nginxlog-exporter.yaml.j2"
+    dest: "{{ matrix_prometheus_nginxlog_exporter_config_path }}/prometheus-nginxlog-exporter.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure grafana dashboard is installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/nginx-proxy.json"
+    dest: "{{ matrix_grafana_config_path }}/dashboards/"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  when: matrix_grafana_enabled
+
+- name: Ensure matrix-prometheus-nginxlog-exporter.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-nginxlog-exporter.service"
+    mode: 0644
+  register: matrix_prometheus_nginxlog_exporter_systemd_service_result

roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_uninstall.yml

@@ -0,0 +1,39 @@
+---
+
+- name: Check existence of matrix-prometheus-nginxlog-exporter service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-nginxlog-exporter.service"
+  register: matrix_prometheus_nginxlog_exporter_service_stat
+
+- when: matrix_prometheus_nginxlog_exporter_service_stat.stat.exists | bool
+  block:
+    - name: Fail when not cleaning up nginx and prometheus configs
+      ansible.builtin.fail:
+        msg: >
+          This role has added to configs in 'matrix-nginx-proxy', 'matrix-synapse-reverse-proxy-companion' and 'matrix-prometheus'.
+          Running 'setup-synapse-reverse-proxy-companion' WILL NOT remove those settings from those roles.
+          Run the playbook again with the `setup-all` tag or all three 'setup-nginx-proxy,setup-synapse-reverse-proxy-companion,setup-prometheus' tags while
+          'matrix_prometheus_enabled: false' to rebuild their configs.
+      when: not ('setup-all' in ansible_run_tags or ('setup-nginx-proxy' in ansible_run_tags and 'setup-synapse-reverse-proxy-companion' in ansible_run_tags and 'setup-prometheus' in ansible_run_tags))
+
+    - name: Ensure matrix-prometheus-nginxlog-exporter is stopped
+      ansible.builtin.service:
+        name: matrix-prometheus-nginxlog-exporter
+        state: stopped
+        enabled: false
+        daemon_reload: true
+
+    - name: Ensure matrix-prometheus-nginxlog-exporter.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-nginxlog-exporter.service"
+        state: absent
+
+    - name: Ensure matrix-prometheus-nginxlog-exporter paths don't exist
+      ansible.builtin.file:
+        path: "{{ matrix_prometheus_nginxlog_exporter_base_path }}"
+        state: absent
+
+    - name: Ensure matrix-prometheus-nginxlog-exporter grafana dashboard doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_grafana_config_path }}/dashboards/nginx-proxy.json"
+        state: absent

roles/custom/matrix-prometheus-nginxlog-exporter/tasks/validate_config.yml

@@ -0,0 +1,32 @@
+---
+
+- name: Fail if Prometheus not enabled
+  ansible.builtin.fail:
+    msg: >
+      You need to set `matrix_prometheus_enabled: true` or configure an external Prometheus database
+      as this roles requires Prometheus for data storage.
+  when: not matrix_prometheus_enabled and not matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled
+
+- name: Fail if docker image not availble for arch
+  ansible.builtin.fail:
+    msg: >
+      'prometheus-nginxlog-exporter' docker image is not available for your arch '{{ matrix_architecture }}'.
+
+      We currently do not support building an image using this playbook.
+
+      You can use a custom-build image by setting
+          'matrix_prometheus_nginxlog_exporter_docker_image_arch_check_enabled: false'
+          'matrix_prometheus_nginxlog_exporter_docker_image: path/to/docker/image:tag'
+
+      or disable 'prometheus-nginxlog-exporter' by setting
+          'matrix_prometheus_nginxlog_exporter: false'
+
+      in vars.yml
+  when: matrix_prometheus_nginxlog_exporter_docker_image_arch_check_enabled and matrix_architecture not in matrix_prometheus_nginxlog_exporter_docker_image_arch
+
+
+- name: Fail if nginx-proxy is not set to proxy metrics while prometheus-nginxlog-exporter is
+  ansible.builtin.fail:
+    msg: >
+      'matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled' is set but 'matrix_nginx_proxy_proxy_matrix_metrics_enabled' is not
+  when: matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled | bool and not matrix_nginx_proxy_proxy_matrix_metrics_enabled | bool

roles/custom/matrix-prometheus-nginxlog-exporter/templates/prometheus-nginxlog-exporter.yaml.j2

@@ -0,0 +1,37 @@
+listen:
+  port: {{ matrix_prometheus_nginxlog_exporter_container_metrics_port }}
+  address: "0.0.0.0"
+  metrics_endpoint: "/metrics"
+
+namespaces:
+  - name: matrix
+    metrics_override:
+      preffix: "myprefix"
+    namespace_label: "namespace"
+    format: "$log_source $server_name - $upstream_addr - $remote_addr - $remote_user [$time_local] $host \"$request\" $status \"$http_referer\" \"$http_user_agent\" \"$http_x_forwarded_for\""
+    # enable to print to console
+    # print_log: true
+    source:
+      syslog:
+        listen_address: "udp://0.0.0.0:{{ matrix_prometheus_nginxlog_exporter_container_syslog_port }}"
+        # format options: "rfc3164" ,"rfc5424", "rfc6587", "auto"
+        format: auto
+        tags: ["matrix_nginx_proxy", "matrix_nginx_proxy_companion"]
+    relabel_configs:
+      - target_label: request_uri
+        from: request
+        split: 2
+        separator: ' '
+        matches:
+        - regexp: "^([^\\?]+)(.*)"
+          replacement: "$1"
+      - target_label: remote_addr
+        from: remote_addr
+      - target_label: server_name
+        from: server_name
+      - target_label: http_x_forwarded_for
+        from: http_x_forwarded_for
+      - target_label: request_host
+        from: host
+      - target_label: log_source
+        from: log_source

roles/custom/matrix-prometheus-nginxlog-exporter/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2

@@ -0,0 +1,46 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description={{ matrix_prometheus_nginxlog_exporter_container_hostname }}
+{% for service in matrix_prometheus_nginxlog_exporter_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_prometheus_nginxlog_exporter_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true'
+
+
+ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_prometheus_nginxlog_exporter_container_hostname }} \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--read-only \
+			--network={{ matrix_docker_network }} \
+			{% if matrix_prometheus_nginxlog_exporter_container_http_host_bind_port %}
+			-p {{ matrix_prometheus_nginxlog_exporter_container_http_host_bind_port }}:{{ matrix_prometheus_nginxlog_exporter_container_metrics_port }} \
+			{% endif %}
+			{% if matrix_prometheus_nginxlog_exporter_container_syslog_host_bind_port %}
+			-p {{ matrix_prometheus_nginxlog_exporter_container_syslog_host_bind_port }}:{{ matrix_prometheus_nginxlog_exporter_container_syslog_port }}/udp \
+			{% endif %}
+			-v {{ matrix_prometheus_nginxlog_exporter_config_path }}:/etc/prometheus-nginxlog-exporter:z \
+			{% for arg in matrix_prometheus_nginxlog_exporter_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_prometheus_nginxlog_exporter_docker_image }} \
+			-config-file /etc/prometheus-nginxlog-exporter/prometheus-nginxlog-exporter.yaml
+
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true'
+Restart=always
+RestartSec=30
+SyslogIdentifier={{ matrix_prometheus_nginxlog_exporter_container_hostname }}
+
+[Install]
+WantedBy=multi-user.target