---
- name: Install Prometheus Node Exporter
  hosts: bab1.mgmt.toal.ca
  become: true

  tasks:
    - name: Pull node-exporter image
      community.docker.docker_image:
        name: quay.io/prometheus/node-exporter
        tag: "v{{ node_exporter_version }}"
        source: pull
      tags: image

    - name: Run node-exporter container
      community.docker.docker_container:
        name: node-exporter
        image: "quay.io/prometheus/node-exporter:v{{ node_exporter_version }}"
        state: started
        restart_policy: unless-stopped
        # Host network gives accurate interface metrics without NAT
        network_mode: host
        # Required for per-process CPU/memory metrics
        pid_mode: host
        # Disable SELinux relabelling so we can bind-mount / read-only
        # without risking a recursive chcon on the entire filesystem
        security_opts:
          - label=disable
        capabilities:
          - SYS_TIME
        volumes:
          - /:/host:ro,rslave
        command:
          - --path.rootfs=/host
          - --web.listen-address=:{{ node_exporter_port }}
      tags: configure

    - name: Allow node-exporter port through firewalld
      ansible.posix.firewalld:
        port: "{{ node_exporter_port }}/tcp"
        permanent: true
        state: enabled
        immediate: true
      tags: configure