chore: drop selinux task and bind to unprivileged port
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Robert Kaussow 2021-05-29 21:43:54 +02:00
parent fd59ad7165
commit 0abd03b77b
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
4 changed files with 4 additions and 19 deletions

View File

@ -15,8 +15,8 @@ prometheus_data_dir: "{{ prometheus_base_dir }}/data"
prometheus_read_only_dirs: [] prometheus_read_only_dirs: []
prometheus_web_bind_ip: 127.0.0.1 prometheus_web_bind_ip: 127.0.0.1
prometheus_web_bind_port: 9090 prometheus_web_bind_port: 61000
prometheus_web_external_url: "http://localhost:9090/" prometheus_web_external_url: "http://localhost:61000/"
prometheus_web_tls_enabled: False prometheus_web_tls_enabled: False
prometheus_web_tls_cert_path: "{{ prometheus_base_dir }}/tls/certs/mycert.pem" prometheus_web_tls_cert_path: "{{ prometheus_base_dir }}/tls/certs/mycert.pem"
@ -103,7 +103,7 @@ prometheus_scrape_configs:
metrics_path: "{{ prometheus_web_external_url | urlsplit('path') if (prometheus_web_external_url | urlsplit('path')) | length > 1 else '' }}/metrics" metrics_path: "{{ prometheus_web_external_url | urlsplit('path') if (prometheus_web_external_url | urlsplit('path')) | length > 1 else '' }}/metrics"
static_configs: static_configs:
- targets: - targets:
- "{{ ansible_fqdn | default(ansible_host) | default('localhost') }}:9090" - "{{ ansible_fqdn | default(ansible_host) | default('localhost') }}:61000"
prometheus_alert_rules_files: prometheus_alert_rules_files:
- "prometheus/rules/*.rules" - "prometheus/rules/*.rules"

View File

@ -17,4 +17,4 @@ def test_prometheus_running_and_enabled(host):
def test_prometheus_socket(host): def test_prometheus_socket(host):
# Verify the socket is listening for HTTP traffic # Verify the socket is listening for HTTP traffic
assert host.socket("tcp://127.0.0.1:9090").is_listening assert host.socket("tcp://127.0.0.1:61000").is_listening

View File

@ -1,8 +1,6 @@
--- ---
- include_tasks: prepare.yml - include_tasks: prepare.yml
- include_tasks: setup.yml - include_tasks: setup.yml
- include_tasks: selinux.yml
when: ansible_selinux.status == "enabled"
- import_tasks: tls.yml - import_tasks: tls.yml
when: prometheus_web_tls_enabled | bool when: prometheus_web_tls_enabled | bool
tags: tls_renewal tags: tls_renewal

View File

@ -1,13 +0,0 @@
---
- block:
- name: Allow prometheus to bind to port in SELinux
seport:
ports: "{{ prometheus_web_bind_port }}"
proto: tcp
setype: http_port_t
state: present
when:
- ansible_version.full is version('2.4', '>=')
- ansible_selinux.status == "enabled"
become: True
become_user: root