(BC Break) Redo how metrics are exposed to external Prometheus servers

roles/matrix-prometheus-node-exporter/defaults/main.yml

@@ -17,10 +17,17 @@ matrix_prometheus_node_exporter_systemd_required_services_list: ['docker.service
 # List of systemd services that matrix-prometheus.service wants
 matrix_prometheus_node_exporter_systemd_wanted_services_list: []
 
+# Controls whether node-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/node-exporter`.
+# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
+# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
+matrix_prometheus_node_exporter_metrics_proxying_enabled: false
+
 # Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9100 in the container).
 #
 # Takes an "<ip>:<port>" value (e.g. "127.0.0.1:9100"), or empty string to not expose.
 #
+# You likely don't need to do this. See `matrix_prometheus_node_exporter_metrics_proxying_enabled`.
+#
 # Official recommendations are to run this container with `--net=host`,
 # but we don't do that, since it:
 # - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008)

roles/matrix-prometheus-node-exporter/tasks/init.yml

@@ -3,3 +3,39 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-node-exporter.service'] }}"
   when: matrix_prometheus_node_exporter_enabled|bool
+
+- block:
+    - name: Fail if matrix-nginx-proxy role already executed
+      fail:
+        msg: >-
+          Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy,
+          but it's pointless since the matrix-nginx-proxy role had already executed.
+          To fix this, please change the order of roles in your playbook,
+          so that the matrix-nginx-proxy role would run after the matrix-prometheus-node-exporter role.
+      when: matrix_nginx_proxy_role_executed|default(False)|bool
+
+    - name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter)
+      set_fact:
+        matrix_prometheus_node_exporter_nginx_metrics_configuration_block: |
+          location /metrics/node-exporter {
+            {% if matrix_nginx_proxy_enabled|default(False) %}
+              {# Use the embedded DNS resolver in Docker containers to discover the service #}
+              resolver 127.0.0.11 valid=5s;
+              set $backend "matrix-prometheus-node-exporter:9100";
+              proxy_pass http://$backend/metrics;
+            {% else %}
+              {# Generic configuration for use outside of our container setup #}
+              {# This may be implemented in the future. #}
+              return 404 "matrix-nginx-proxy is disabled, so metrics are unavailable";
+            {% endif %}
+          }
+
+    - name: Register node-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter)
+      set_fact:
+        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
+          {{
+            matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([])
+            +
+            [matrix_prometheus_node_exporter_nginx_metrics_configuration_block]
+          }}
+  when: matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_metrics_proxying_enabled|bool