add fail2ban_exporter
This commit is contained in:
parent
acc427c902
commit
09f00ce43d
13
README.rst
13
README.rst
|
|
@ -1,14 +1,21 @@
|
||||||
Terraform module to install fail2ban up & running
|
Terraform module to install fail2ban up & running
|
||||||
|
|
||||||
|
Module prometheus
|
||||||
|
-----------------
|
||||||
|
|
||||||
|
:url: /metrics
|
||||||
|
:port: 9191
|
||||||
|
|
||||||
Usage
|
Usage
|
||||||
-----
|
-----
|
||||||
|
|
||||||
In the root terraform add::
|
In the root terraform add::
|
||||||
|
|
||||||
module "fail2ban" {
|
module "fail2ban" {
|
||||||
source = "git::https://git.dalembert.upmc.fr/terraform/module_alpine_fail2ban"
|
source = "git::https://git.dalembert.upmc.fr/terraform/module_alpine_fail2ban"
|
||||||
connection_ip = var.eth0_ip
|
connection_ip = var.eth0_ip
|
||||||
connection_private_key = file(var.pm_private_key)
|
connection_private_key = file(var.pm_private_key)
|
||||||
|
fail2ban_exporter_version = var.fail2ban_exporter_version
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,15 @@
|
||||||
|
#!/sbin/openrc-run
|
||||||
|
|
||||||
|
description="fail2ban exporter"
|
||||||
|
command="/usr/sbin/fail2ban_exporter"
|
||||||
|
|
||||||
|
# what to export
|
||||||
|
# See node_exporter --help
|
||||||
|
command_args="--collector.f2b.socket=/run/fail2ban/fail2ban.sock"
|
||||||
|
|
||||||
|
pidfile="/run/${RC_SVCNAME}.pid"
|
||||||
|
|
||||||
|
# node_exporter stay in backgroud
|
||||||
|
# make a pid for me
|
||||||
|
command_background=true
|
||||||
|
|
||||||
49
main.tf
49
main.tf
|
|
@ -1,8 +1,8 @@
|
||||||
# you must prefixe path with "${path.module}/"
|
# you must prefixe path with "${path.module}/"
|
||||||
resource "null_resource" "fail2ban" {
|
resource "null_resource" "fail2ban_exporter" {
|
||||||
# triggers = {
|
triggers = {
|
||||||
# source = filesha256("${path.module}/script")
|
source = filesha256("${path.module}/fail2ban_exporter.initd")
|
||||||
# }
|
}
|
||||||
connection {
|
connection {
|
||||||
type = "ssh"
|
type = "ssh"
|
||||||
user = "root"
|
user = "root"
|
||||||
|
|
@ -10,10 +10,10 @@ resource "null_resource" "fail2ban" {
|
||||||
private_key = var.connection_private_key
|
private_key = var.connection_private_key
|
||||||
}
|
}
|
||||||
|
|
||||||
# provisioner "file" {
|
provisioner "file" {
|
||||||
# source = "${path.module}/script"
|
source = "${path.module}/fail2ban_exporter.initd"
|
||||||
# destination = "/tmp"
|
destination = "/tmp/fail2ban_exporter.initd"
|
||||||
# }
|
}
|
||||||
|
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
inline = [
|
inline = [
|
||||||
|
|
@ -32,8 +32,39 @@ resource "null_resource" "fail2ban" {
|
||||||
"ln -s 'fail2ban-client status' /etc/fail2ban/0_status",
|
"ln -s 'fail2ban-client status' /etc/fail2ban/0_status",
|
||||||
"ln -s 'fail2ban-client set sshd unbanip x.x.x.x' /etc/fail2ban/1_unban",
|
"ln -s 'fail2ban-client set sshd unbanip x.x.x.x' /etc/fail2ban/1_unban",
|
||||||
"ln -s 'fail2ban-client reload sshd' /etc/fail2ban/2_reload",
|
"ln -s 'fail2ban-client reload sshd' /etc/fail2ban/2_reload",
|
||||||
"echo '# module DONE'",
|
#
|
||||||
|
"echo '## fail2ban-prometheus-exporter'",
|
||||||
|
# dw binary -- DONT WORK on alpine
|
||||||
|
# "wget -nc https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/uploads/${var.fail2ban_exporter_link}/fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64.tar.gz",
|
||||||
|
# "echo '${var.fail2ban_exporter_checksum} fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64.tar.gz)' | filesha256 -c",
|
||||||
|
# "tar xzf fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64.tar.gz",
|
||||||
|
# "install -Dm775 fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64/fail2ban_exporter /usr/sbin/fail2ban_exporter",
|
||||||
|
# dw src
|
||||||
|
"echo '# install depends '",
|
||||||
|
"apk add --virtual .devenv build-base go",
|
||||||
|
"echo '# get sources '",
|
||||||
|
"wget -nc -q https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/archive/${var.fail2ban_exporter_version}/fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}.tar.gz",
|
||||||
|
"echo '${var.fail2ban_exporter_checksum} fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}.tar.gz)' | filesha256 -c",
|
||||||
|
"tar xzf fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}.tar.gz",
|
||||||
|
"cd fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}/src",
|
||||||
|
"echo '# build '",
|
||||||
|
"go mod download -x",
|
||||||
|
"go build -v",
|
||||||
|
"echo '# install fail2ban_exporter'",
|
||||||
|
"install -Dm775 fail2ban-prometheus-exporter /usr/sbin/fail2ban_exporter",
|
||||||
|
#
|
||||||
|
"echo '# enable service fail2ban_exporter'",
|
||||||
|
"install -Dm775 /tmp/fail2ban_exporter.initd /etc/init.d/fail2ban_exporter",
|
||||||
|
"rc-update add fail2ban_exporter",
|
||||||
|
"rc-service fail2ban_exporter start",
|
||||||
|
#
|
||||||
|
"echo '# clean sources'",
|
||||||
|
# "rm -rf fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64.tar.gz",
|
||||||
|
"rm -rf /root/fail2ban-prometheus-exporter-${var.fail2ban_exporter_version} /root/fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}.tar.gz",
|
||||||
|
"echo '# clean depends'",
|
||||||
|
"apk del --purge .devenv",
|
||||||
]
|
]
|
||||||
|
on_failure = fail
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
10
variables.tf
10
variables.tf
|
|
@ -9,3 +9,13 @@ variable "connection_private_key" {
|
||||||
sensitive = true
|
sensitive = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "fail2ban_exporter_version" {
|
||||||
|
type = string
|
||||||
|
description = "like 1.3.5"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "fail2ban_exporter_checksum" {
|
||||||
|
type = string
|
||||||
|
description = "like fc022ddebf8d5cac78de73609ad7611fd2d1b7b47fbd26a3edd362c193e27a98"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue