From 09f00ce43de9de301965cbf0dc59d085994a471d Mon Sep 17 00:00:00 2001 From: Patrick Cao Huu Thien Date: Tue, 6 Dec 2022 17:23:44 +0100 Subject: [PATCH] add fail2ban_exporter --- README.rst | 13 ++++++++--- fail2ban_exporter.initd | 15 +++++++++++++ main.tf | 49 +++++++++++++++++++++++++++++++++-------- variables.tf | 10 +++++++++ 4 files changed, 75 insertions(+), 12 deletions(-) create mode 100644 fail2ban_exporter.initd diff --git a/README.rst b/README.rst index ac25054..dc6b6a4 100644 --- a/README.rst +++ b/README.rst @@ -1,14 +1,21 @@ Terraform module to install fail2ban up & running +Module prometheus +----------------- + +:url: /metrics +:port: 9191 + Usage ----- In the root terraform add:: module "fail2ban" { - source = "git::https://git.dalembert.upmc.fr/terraform/module_alpine_fail2ban" - connection_ip = var.eth0_ip - connection_private_key = file(var.pm_private_key) + source = "git::https://git.dalembert.upmc.fr/terraform/module_alpine_fail2ban" + connection_ip = var.eth0_ip + connection_private_key = file(var.pm_private_key) + fail2ban_exporter_version = var.fail2ban_exporter_version } diff --git a/fail2ban_exporter.initd b/fail2ban_exporter.initd new file mode 100644 index 0000000..7011505 --- /dev/null +++ b/fail2ban_exporter.initd @@ -0,0 +1,15 @@ +#!/sbin/openrc-run + +description="fail2ban exporter" +command="/usr/sbin/fail2ban_exporter" + +# what to export +# See node_exporter --help +command_args="--collector.f2b.socket=/run/fail2ban/fail2ban.sock" + +pidfile="/run/${RC_SVCNAME}.pid" + +# node_exporter stay in backgroud +# make a pid for me +command_background=true + diff --git a/main.tf b/main.tf index 326ec61..61654eb 100644 --- a/main.tf +++ b/main.tf @@ -1,8 +1,8 @@ # you must prefixe path with "${path.module}/" -resource "null_resource" "fail2ban" { - # triggers = { - # source = filesha256("${path.module}/script") - # } +resource "null_resource" "fail2ban_exporter" { + triggers = { + source = filesha256("${path.module}/fail2ban_exporter.initd") + } connection { type = "ssh" user = "root" @@ -10,10 +10,10 @@ resource "null_resource" "fail2ban" { private_key = var.connection_private_key } - # provisioner "file" { - # source = "${path.module}/script" - # destination = "/tmp" - # } + provisioner "file" { + source = "${path.module}/fail2ban_exporter.initd" + destination = "/tmp/fail2ban_exporter.initd" + } provisioner "remote-exec" { inline = [ @@ -32,8 +32,39 @@ resource "null_resource" "fail2ban" { "ln -s 'fail2ban-client status' /etc/fail2ban/0_status", "ln -s 'fail2ban-client set sshd unbanip x.x.x.x' /etc/fail2ban/1_unban", "ln -s 'fail2ban-client reload sshd' /etc/fail2ban/2_reload", - "echo '# module DONE'", + # + "echo '## fail2ban-prometheus-exporter'", + # dw binary -- DONT WORK on alpine + # "wget -nc https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/uploads/${var.fail2ban_exporter_link}/fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64.tar.gz", + # "echo '${var.fail2ban_exporter_checksum} fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64.tar.gz)' | filesha256 -c", + # "tar xzf fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64.tar.gz", + # "install -Dm775 fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64/fail2ban_exporter /usr/sbin/fail2ban_exporter", + # dw src + "echo '# install depends '", + "apk add --virtual .devenv build-base go", + "echo '# get sources '", + "wget -nc -q https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/archive/${var.fail2ban_exporter_version}/fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}.tar.gz", + "echo '${var.fail2ban_exporter_checksum} fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}.tar.gz)' | filesha256 -c", + "tar xzf fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}.tar.gz", + "cd fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}/src", + "echo '# build '", + "go mod download -x", + "go build -v", + "echo '# install fail2ban_exporter'", + "install -Dm775 fail2ban-prometheus-exporter /usr/sbin/fail2ban_exporter", + # + "echo '# enable service fail2ban_exporter'", + "install -Dm775 /tmp/fail2ban_exporter.initd /etc/init.d/fail2ban_exporter", + "rc-update add fail2ban_exporter", + "rc-service fail2ban_exporter start", + # + "echo '# clean sources'", + # "rm -rf fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64.tar.gz", + "rm -rf /root/fail2ban-prometheus-exporter-${var.fail2ban_exporter_version} /root/fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}.tar.gz", + "echo '# clean depends'", + "apk del --purge .devenv", ] + on_failure = fail } } diff --git a/variables.tf b/variables.tf index b2ff069..fcb9c42 100644 --- a/variables.tf +++ b/variables.tf @@ -9,3 +9,13 @@ variable "connection_private_key" { sensitive = true } +variable "fail2ban_exporter_version" { + type = string + description = "like 1.3.5" +} + +variable "fail2ban_exporter_checksum" { + type = string + description = "like fc022ddebf8d5cac78de73609ad7611fd2d1b7b47fbd26a3edd362c193e27a98" +} +