add fail2ban_exporter
This commit is contained in:
parent
acc427c902
commit
09f00ce43d
13
README.rst
13
README.rst
|
|
@ -1,14 +1,21 @@
|
|||
Terraform module to install fail2ban up & running
|
||||
|
||||
Module prometheus
|
||||
-----------------
|
||||
|
||||
:url: /metrics
|
||||
:port: 9191
|
||||
|
||||
Usage
|
||||
-----
|
||||
|
||||
In the root terraform add::
|
||||
|
||||
module "fail2ban" {
|
||||
source = "git::https://git.dalembert.upmc.fr/terraform/module_alpine_fail2ban"
|
||||
connection_ip = var.eth0_ip
|
||||
connection_private_key = file(var.pm_private_key)
|
||||
source = "git::https://git.dalembert.upmc.fr/terraform/module_alpine_fail2ban"
|
||||
connection_ip = var.eth0_ip
|
||||
connection_private_key = file(var.pm_private_key)
|
||||
fail2ban_exporter_version = var.fail2ban_exporter_version
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,15 @@
|
|||
#!/sbin/openrc-run
|
||||
|
||||
description="fail2ban exporter"
|
||||
command="/usr/sbin/fail2ban_exporter"
|
||||
|
||||
# what to export
|
||||
# See node_exporter --help
|
||||
command_args="--collector.f2b.socket=/run/fail2ban/fail2ban.sock"
|
||||
|
||||
pidfile="/run/${RC_SVCNAME}.pid"
|
||||
|
||||
# node_exporter stay in backgroud
|
||||
# make a pid for me
|
||||
command_background=true
|
||||
|
||||
49
main.tf
49
main.tf
|
|
@ -1,8 +1,8 @@
|
|||
# you must prefixe path with "${path.module}/"
|
||||
resource "null_resource" "fail2ban" {
|
||||
# triggers = {
|
||||
# source = filesha256("${path.module}/script")
|
||||
# }
|
||||
resource "null_resource" "fail2ban_exporter" {
|
||||
triggers = {
|
||||
source = filesha256("${path.module}/fail2ban_exporter.initd")
|
||||
}
|
||||
connection {
|
||||
type = "ssh"
|
||||
user = "root"
|
||||
|
|
@ -10,10 +10,10 @@ resource "null_resource" "fail2ban" {
|
|||
private_key = var.connection_private_key
|
||||
}
|
||||
|
||||
# provisioner "file" {
|
||||
# source = "${path.module}/script"
|
||||
# destination = "/tmp"
|
||||
# }
|
||||
provisioner "file" {
|
||||
source = "${path.module}/fail2ban_exporter.initd"
|
||||
destination = "/tmp/fail2ban_exporter.initd"
|
||||
}
|
||||
|
||||
provisioner "remote-exec" {
|
||||
inline = [
|
||||
|
|
@ -32,8 +32,39 @@ resource "null_resource" "fail2ban" {
|
|||
"ln -s 'fail2ban-client status' /etc/fail2ban/0_status",
|
||||
"ln -s 'fail2ban-client set sshd unbanip x.x.x.x' /etc/fail2ban/1_unban",
|
||||
"ln -s 'fail2ban-client reload sshd' /etc/fail2ban/2_reload",
|
||||
"echo '# module DONE'",
|
||||
#
|
||||
"echo '## fail2ban-prometheus-exporter'",
|
||||
# dw binary -- DONT WORK on alpine
|
||||
# "wget -nc https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/uploads/${var.fail2ban_exporter_link}/fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64.tar.gz",
|
||||
# "echo '${var.fail2ban_exporter_checksum} fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64.tar.gz)' | filesha256 -c",
|
||||
# "tar xzf fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64.tar.gz",
|
||||
# "install -Dm775 fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64/fail2ban_exporter /usr/sbin/fail2ban_exporter",
|
||||
# dw src
|
||||
"echo '# install depends '",
|
||||
"apk add --virtual .devenv build-base go",
|
||||
"echo '# get sources '",
|
||||
"wget -nc -q https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/archive/${var.fail2ban_exporter_version}/fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}.tar.gz",
|
||||
"echo '${var.fail2ban_exporter_checksum} fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}.tar.gz)' | filesha256 -c",
|
||||
"tar xzf fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}.tar.gz",
|
||||
"cd fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}/src",
|
||||
"echo '# build '",
|
||||
"go mod download -x",
|
||||
"go build -v",
|
||||
"echo '# install fail2ban_exporter'",
|
||||
"install -Dm775 fail2ban-prometheus-exporter /usr/sbin/fail2ban_exporter",
|
||||
#
|
||||
"echo '# enable service fail2ban_exporter'",
|
||||
"install -Dm775 /tmp/fail2ban_exporter.initd /etc/init.d/fail2ban_exporter",
|
||||
"rc-update add fail2ban_exporter",
|
||||
"rc-service fail2ban_exporter start",
|
||||
#
|
||||
"echo '# clean sources'",
|
||||
# "rm -rf fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64.tar.gz",
|
||||
"rm -rf /root/fail2ban-prometheus-exporter-${var.fail2ban_exporter_version} /root/fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}.tar.gz",
|
||||
"echo '# clean depends'",
|
||||
"apk del --purge .devenv",
|
||||
]
|
||||
on_failure = fail
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
10
variables.tf
10
variables.tf
|
|
@ -9,3 +9,13 @@ variable "connection_private_key" {
|
|||
sensitive = true
|
||||
}
|
||||
|
||||
variable "fail2ban_exporter_version" {
|
||||
type = string
|
||||
description = "like 1.3.5"
|
||||
}
|
||||
|
||||
variable "fail2ban_exporter_checksum" {
|
||||
type = string
|
||||
description = "like fc022ddebf8d5cac78de73609ad7611fd2d1b7b47fbd26a3edd362c193e27a98"
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue