From beb0f2387d0c6cedd38cbce5df2f4e4805a9e6f8 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Fri, 12 Jan 2024 17:41:48 +0200
Subject: [PATCH] Switch to exposing prometheus-node-exporter via native
 Traefik labels, not via matrix-prometheus-services-proxy-connect

This requires at least `v1.7.0-2` of the `prometheus-node-exporter`
Ansible role.
---
 group_vars/matrix_servers                     |  9 +++++----
 .../defaults/main.yml                         | 11 -----------
 .../tasks/main.yml                            |  9 ---------
 .../inject_into_nginx_proxy.yml               | 19 -------------------
 .../tasks/validate_config.yml                 |  2 ++
 5 files changed, 7 insertions(+), 43 deletions(-)
 delete mode 100644 roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-node-exporter/inject_into_nginx_proxy.yml

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 4152e8ad9..ef2a7d9bb 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -4415,19 +4415,20 @@ prometheus_node_exporter_base_path: "{{ matrix_base_data_path }}/prometheus-node
 prometheus_node_exporter_uid: "{{ matrix_user_uid }}"
 prometheus_node_exporter_gid: "{{ matrix_user_gid }}"
 
-# _server_fqn is the old var, _hostname - the new one. Seamless migration
-prometheus_node_exporter_server_fqn: "{{ matrix_server_fqn_matrix }}"
-prometheus_node_exporter_hostname: "{{ prometheus_node_exporter_server_fqn }}"
+prometheus_node_exporter_hostname: "{{ matrix_server_fqn_matrix }}"
 
 prometheus_node_exporter_container_network: "{{ matrix_docker_network }}"
 
 prometheus_node_exporter_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
 
-prometheus_node_exporter_container_labels_traefik_enabled: false
+prometheus_node_exporter_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
 prometheus_node_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
 prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
 prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
 
+prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
+prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
+
 ######################################################################
 #
 # /etke/prometheus_node_exporter
diff --git a/roles/custom/matrix-prometheus-services-proxy-connect/defaults/main.yml b/roles/custom/matrix-prometheus-services-proxy-connect/defaults/main.yml
index 2b5505938..b0aab86c9 100644
--- a/roles/custom/matrix-prometheus-services-proxy-connect/defaults/main.yml
+++ b/roles/custom/matrix-prometheus-services-proxy-connect/defaults/main.yml
@@ -2,17 +2,6 @@
 # matrix-prometheus-services-proxy-connect is a role which helps integrate
 # the various Prometheus roles, which may live outside this Matrix playbook, into it.
 
-
-# Controls whether node-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/node-exporter`.
-matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled: false
-
-# If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an "<ip>:<port>" value for the containers to bind to on your host.
-# If prometheus_node_exporter_container_http_host_bind_port is set to just a port number, this will default to "127.0.0.1:<port>"
-# If prometheus_node_exporter_container_http_host_bind_port is set to an IP that is not  0.0.0.0 and a port, that "<ip>:<port>" value will be used
-# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf)
-matrix_prometheus_services_proxy_connect_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + prometheus_node_exporter_container_http_host_bind_port_number_raw if not ':' in prometheus_node_exporter_container_http_host_bind_port else (prometheus_node_exporter_container_http_host_bind_port if prometheus_node_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}"
-
-
 # Controls whether postgres-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/postgres-exporter`.
 matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled: false
 
diff --git a/roles/custom/matrix-prometheus-services-proxy-connect/tasks/main.yml b/roles/custom/matrix-prometheus-services-proxy-connect/tasks/main.yml
index ea067bdba..26f83028b 100644
--- a/roles/custom/matrix-prometheus-services-proxy-connect/tasks/main.yml
+++ b/roles/custom/matrix-prometheus-services-proxy-connect/tasks/main.yml
@@ -9,15 +9,6 @@
       To fix this, please change the order of roles in your playbook,
       so that the matrix-nginx-proxy role would run after the matrix-prometheus-services-proxy-connect role.
 
-- tags:
-    - setup-all
-    - setup-nginx-proxy
-    - install-all
-    - install-nginx-proxy
-  block:
-    - when: prometheus_node_exporter_enabled | bool and matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/prometheus-node-exporter/inject_into_nginx_proxy.yml"
-
 - tags:
     - setup-all
     - setup-nginx-proxy
diff --git a/roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-node-exporter/inject_into_nginx_proxy.yml b/roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-node-exporter/inject_into_nginx_proxy.yml
deleted file mode 100644
index fbd418fc9..000000000
--- a/roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-node-exporter/inject_into_nginx_proxy.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-
-- name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter)
-  ansible.builtin.set_fact:
-    matrix_prometheus_services_proxy_connect_node_exporter_nginx_metrics_configuration_block: |
-      location /metrics/node-exporter {
-        {% if matrix_nginx_proxy_enabled | default(False) %}
-          {# Use the embedded DNS resolver in Docker containers to discover the service #}
-          resolver 127.0.0.11 valid=5s;
-          set $backend "{{ prometheus_node_exporter_identifier }}:9100";
-          proxy_pass http://$backend/metrics;
-        {% elif matrix_prometheus_services_proxy_connect_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
-          proxy_pass http://{{ matrix_prometheus_services_proxy_connect_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
-        {% else %}
-          return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
-        {% endif %}
-      }
-
-# Injection code was here
diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
index 4b4c3633f..42c26545d 100644
--- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
@@ -130,6 +130,8 @@
     - {'old': 'matrix_nginx_proxy_proxy_synapse_additional_server_configuration_blocks', 'new': '<removed>'}
     - {'old': 'etherpad_nginx_proxy_dimension_integration_enabled', 'new': '<removed>'}
     - {'old': 'etherpad_nginx_proxy_dimension_integration_path_prefix', 'new': '<removed>'}
+    - {'old': 'matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled', 'new': '<removed>'}
+    - {'old': 'matrix_prometheus_services_proxy_connect_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host', 'new': '<removed>'}
 
 - name: (Deprecation) Catch and report matrix_postgres variables
   ansible.builtin.fail: