feat: add ntp and node-exporter (#3)

README.md

@@ -6,6 +6,8 @@ Terraform Ignition modules to reinforce Container Linux OS. This repo contains t
 * Docker opts dropin.
 * locksmithd.
 * update-ca-certificates.
+* NTP servers override.
+* Node exporter.
 
 ## Requirements
 

modules/node-exporter/main.tf

@@ -0,0 +1,15 @@
+data "ignition_systemd_unit" "node_exporter_fetcher" {
+  name    = "node-exporter-fetcher.service"
+  enabled = true
+  content = templatefile("${path.module}/templates/node-exporter-fetcher.service.tpl", {
+    version = var.node_exporter_version
+  })
+}
+
+data "ignition_systemd_unit" "node_exporter" {
+  name    = "node-exporter.service"
+  enabled = true
+  content = templatefile("${path.module}/templates/node-exporter.service.tpl", {
+    listen_address = "${var.listen_address}:${var.listen_port}"
+  })
+}

modules/node-exporter/outputs.tf

@@ -0,0 +1,10 @@
+output "systemd_units" {
+  value = [
+    data.ignition_systemd_unit.node_exporter.rendered,
+    data.ignition_systemd_unit.node_exporter_fetcher.rendered,
+  ]
+}
+
+output "files" {
+  value = []
+}

modules/node-exporter/templates/node-exporter-fetcher.service.tpl

@@ -0,0 +1,24 @@
+[Unit]
+Description = Systemd unit for fetching Prometheus Node Exporter
+ConditionPathExists = !/opt/node-exporter.done
+Before = node-exporter.service
+After = network.target
+
+[Service]
+Type = oneshot
+RemainAfterExit = true
+
+User = root
+Group = root
+
+ExecStartPre = /usr/bin/mkdir -p /opt
+ExecStartPre = /usr/bin/wget -q -O node_exporter.tar.gz https://github.com/prometheus/node_exporter/releases/download/v${version}/node_exporter-${version}.linux-amd64.tar.gz
+ExecStartPre = /usr/bin/tar zxf node_exporter.tar.gz
+ExecStart = /usr/bin/cp node_exporter-${version}.linux-amd64/node_exporter /opt/node_exporter
+ExecStartPost = /bin/touch /opt/node-exporter.done
+ExecStartPost = /usr/bin/rm node_exporter.tar.gz
+ExecStartPost = /usr/bin/rm -r node_exporter-${version}.linux-amd64
+
+[Install]
+WantedBy = multi-user.target
+RequiredBy = node-exporter.service

modules/node-exporter/templates/node-exporter.service.tpl

@@ -0,0 +1,41 @@
+[Unit]
+Description = Systemd unit for Prometheus Node Exporter
+After = network.target node-exporter-fetcher.service
+
+
+[Service]
+Type = simple
+User = root
+RemainAfterExit=true
+
+ExecStart = /opt/node_exporter \
+  --web.listen-address=${listen_address} \
+  --web.telemetry-path=/metrics \
+  --log.level=info \
+  --log.format=logger:stdout \
+  --collector.textfile.directory=/var/lib/node_exporter/textfile_collector \
+  --collector.netdev.ignored-devices='^(weave|veth.*|docker0|datapath|dummy0)$' \
+  --collector.filesystem.ignored-mount-points='^/(sys|proc|dev|host|etc|var/lib/docker|run|var/lib/lxcfs|var/lib/kubelet)($|/)' \
+  --collector.diskstats \
+  --collector.filefd \
+  --collector.filesystem \
+  --collector.interrupts \
+  --collector.loadavg \
+  --collector.mdadm \
+  --collector.meminfo \
+  --collector.netdev \
+  --collector.netstat \
+  --collector.sockstat \
+  --collector.stat \
+  --collector.tcpstat \
+  --collector.textfile \
+  --collector.time \
+  --collector.uname \
+  --collector.vmstat
+
+WorkingDirectory = /
+Restart = on-failure
+RestartSec = 30s
+
+[Install]
+WantedBy = multi-user.target

modules/node-exporter/variables.tf

@@ -0,0 +1,14 @@
+variable "listen_address" {
+  type    = string
+  default = "0.0.0.0"
+}
+
+variable "listen_port" {
+  type    = number
+  default = 9100
+}
+
+variable "node_exporter_version" {
+  type    = string
+  default = "0.18.1"
+}

modules/node-exporter/version.tf

@@ -0,0 +1,7 @@
+terraform {
+  required_version = "~> 0.12.29"
+
+  required_providers {
+    ignition = "~> 1.2.1"
+  }
+}

modules/ntp/main.tf

@@ -0,0 +1,11 @@
+data "ignition_file" "ntp_dropin" {
+  path       = "/etc/systemd/timesyncd.conf.d/10-timesyncd.conf"
+  filesystem = "root"
+  mode       = 420
+
+  content {
+    content = templatefile("${path.module}/templates/10-timesyncd.conf.tpl", {
+      ntp_servers = join(" ", var.ntp_servers)
+    })
+  }
+}

modules/ntp/outputs.tf

@@ -0,0 +1,9 @@
+output "systemd_units" {
+  value = []
+}
+
+output "files" {
+  value = [
+    data.ignition_file.ntp_dropin.rendered
+  ]
+}

modules/ntp/templates/10-timesyncd.conf.tpl

@@ -0,0 +1,16 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See timesyncd.conf(5) for details.
+
+[Time]
+NTP=${ntp_servers}
+FallbackNTP=0.coreos.pool.ntp.org 1.coreos.pool.ntp.org 2.coreos.pool.ntp.org 3.coreos.pool.ntp.org

modules/ntp/variables.tf

@@ -0,0 +1,4 @@
+variable "ntp_servers" {
+  description = "A list of NTP servers to be used for time synchronization on the cluster nodes."
+  type        = list(string)
+}

tests/main.tf

@@ -10,17 +10,33 @@ module "ignition_update_ca_certificates" {
   source = "../modules/update-ca-certificates"
 }
 
+module "ignition_node_exporter" {
+  source = "../modules/node-exporter"
+}
+
+module "ignition_ntp" {
+  source = "../modules/ntp"
+  ntp_servers = [
+    "server 0.tw.pool.ntp.org",
+    "server 1.tw.pool.ntp.org",
+  ]
+}
+
 data "ignition_config" "main" {
   files = concat(
     module.ignition_docker.files,
     module.ignition_locksmithd.files,
     module.ignition_update_ca_certificates.files,
+    module.ignition_node_exporter.files,
+    module.ignition_ntp.files,
   )
 
   systemd = concat(
     module.ignition_docker.systemd_units,
     module.ignition_locksmithd.systemd_units,
     module.ignition_update_ca_certificates.systemd_units,
+    module.ignition_node_exporter.systemd_units,
+    module.ignition_ntp.systemd_units,
   )
 }