From 44417b476fdff45fc001471f73fef0015b5a6502 Mon Sep 17 00:00:00 2001
From: Ludovic Cartier <ludovic.cartier@alterwayfr>
Date: Wed, 26 May 2021 16:45:18 +0200
Subject: [PATCH] add mongodb exporter configuration templates

---
 tasks/mongodb_exporter.yml                    |  8 +++
 templates/prometheus-mongodb-exporter.conf.j2 | 60 +++++++++++++++++++
 2 files changed, 68 insertions(+)
 create mode 100644 templates/prometheus-mongodb-exporter.conf.j2

diff --git a/tasks/mongodb_exporter.yml b/tasks/mongodb_exporter.yml
index 2050227..2d00cf4 100644
--- a/tasks/mongodb_exporter.yml
+++ b/tasks/mongodb_exporter.yml
@@ -33,6 +33,14 @@
     owner: root
     group: root
     mode: 0755
+
+- name: 'prometheus | mongodb exporter | configuration'
+  template:
+    src: prometheus-mongodb-exporter.conf.j2
+    dest: /etc/default/prometheus-mongodb-exporter
+    owner: root
+    group: root
+    mode: 0600
   notify:
     - 'prometheus | mongodb exporter | restart service'
 
diff --git a/templates/prometheus-mongodb-exporter.conf.j2 b/templates/prometheus-mongodb-exporter.conf.j2
new file mode 100644
index 0000000..a6dcb66
--- /dev/null
+++ b/templates/prometheus-mongodb-exporter.conf.j2
@@ -0,0 +1,60 @@
+# {{ ansible_managed }}
+
+# Set the command-line arguments to pass to the server.
+{% if (prometheus_mongodb_exporter_user is defined) and (prometheus_mongodb_exporter_pass is defined) %}
+ARGS='-mongodb.uri="mongodb://{{ prometheus_mongodb_exporter_host|default("localhost") }}:{{ prometheus_mongodb_exporter_port|default(27017) }}" -auth.user {{ prometheus_mongodb_exporter_user }} -auth.pass {{ prometheus_mongodb_exporter_pass }}'
+{% else %}
+ARGS='-mongodb.uri="mongodb://{{ prometheus_mongodb_exporter_host|default("localhost") }}:{{ prometheus_mongodb_exporter_port|default(27017) }}"'
+{% endif %}
+
+# Prometheus-mongodb-exporter supports the following options:
+#  -alsologtostderr
+#    	log to standard error as well as files
+#  -auth.pass string
+#    	Password for basic auth.
+#  -auth.user string
+#    	Username for basic auth.
+#  -groups.enabled string
+#    	Comma-separated list of groups to use, for more info see: docs.mongodb.org/manual/reference/command/serverStatus/ (default "asserts,durability,background_flushing,connections,extra_info,global_lock,index_counters,network,op_counters,op_counters_repl,memory,locks,metrics")
+#  -log_backtrace_at value
+#    	when logging hits line file:N, emit a stack trace (default :0)
+#  -log_dir string
+#    	If non-empty, write log files in this directory
+#  -logtostderr
+#    	log to standard error instead of files
+#  -mongodb.tls-ca string
+#    	Path to PEM file that conains the CAs that are trused for server connections.
+#    	If provided: MongoDB servers connecting to should present a certificate signed by one of this CAs.
+#    	If not provided: System default CAs are used.
+#  -mongodb.tls-cert string
+#    	Path to PEM file that conains the certificate (and opionally also the private key in PEM format).
+#    	This should include the whole certificate chain.
+#    	If provided: The connection will be opened via TLS to the MongoDB server.
+#  -mongodb.tls-disable-hostname-validation
+#    	Do hostname validation for server connection.
+#  -mongodb.tls-private-key string
+#    	Path to PEM file that conains the private key (if not contained in mongodb.tls-cert file).
+#  -mongodb.uri string
+#    	Mongodb URI, format: [mongodb://][user:pass@]host1[:port1][,host2[:port2],...][/database][?options] (default "mongodb://localhost:27017")
+#  -stderrthreshold value
+#    	logs at or above this threshold go to stderr
+#  -v value
+#    	log level for V logs
+#  -vmodule value
+#    	comma-separated list of pattern=N settings for file-filtered logging
+#  -web.listen-address string
+#    	Address on which to expose metrics and web interface. (default ":9001")
+#  -web.metrics-path string
+#    	Path under which to expose metrics. (default "/metrics")
+#  -web.tls-cert string
+#    	Path to PEM file that conains the certificate (and opionally also the private key in PEM format).
+#    	This should include the whole certificate chain.
+#    	If provided: The web socket will be a HTTPS socket.
+#    	If not provided: Only HTTP.
+#  -web.tls-client-ca string
+#    	Path to PEM file that conains the CAs that are trused for client connections.
+#    	If provided: Connecting clients should present a certificate signed by one of this CAs.
+#    	If not provided: Every client will be accepted.
+#  -web.tls-private-key string
+#    	Path to PEM file that conains the private key (if not contained in web.tls-cert file).
+#