feat: add web tls config
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
cc064da1f1
commit
fd59ad7165
@ -16,13 +16,21 @@ prometheus_read_only_dirs: []
|
|||||||
|
|
||||||
prometheus_web_bind_ip: 127.0.0.1
|
prometheus_web_bind_ip: 127.0.0.1
|
||||||
prometheus_web_bind_port: 9090
|
prometheus_web_bind_port: 9090
|
||||||
prometheus_web_external_url: ""
|
prometheus_web_external_url: "http://localhost:9090/"
|
||||||
|
|
||||||
# @var prometheus_web_config:description: See official [documentation](https://github.com/prometheus/exporter-toolkit/blob/master/docs/web-configuration.md).
|
prometheus_web_tls_enabled: False
|
||||||
prometheus_web_config:
|
prometheus_web_tls_cert_path: "{{ prometheus_base_dir }}/tls/certs/mycert.pem"
|
||||||
tls_server_config: {}
|
prometheus_web_tls_key_path: "{{ prometheus_base_dir }}/tls/private/mykey.pem"
|
||||||
http_server_config: {}
|
prometheus_web_tls_cert_source: mycert.pem
|
||||||
basic_auth_users: {}
|
prometheus_web_tls_key_source: mykey.pem
|
||||||
|
|
||||||
|
# @var prometheus_web_http_server:description: See official [documentation](https://github.com/prometheus/exporter-toolkit/blob/master/docs/web-configuration.md).
|
||||||
|
# @var prometheus_web_http_server: $ "_unset_"
|
||||||
|
|
||||||
|
# @var prometheus_web_basic_auth_users:description: See official [documentation](https://github.com/prometheus/exporter-toolkit/blob/master/docs/web-configuration.md).
|
||||||
|
# @var prometheus_web_basic_auth_users: $ "_unset_"
|
||||||
|
|
||||||
|
prometheus_log_level: error
|
||||||
|
|
||||||
prometheus_storage_retention: "30d"
|
prometheus_storage_retention: "30d"
|
||||||
prometheus_storage_retention_size: "0"
|
prometheus_storage_retention_size: "0"
|
||||||
@ -33,10 +41,8 @@ prometheus_storage_retention_size: "0"
|
|||||||
prometheus_config_flags_extra: []
|
prometheus_config_flags_extra: []
|
||||||
# @var prometheus_config_flags_extra:example: >
|
# @var prometheus_config_flags_extra:example: >
|
||||||
# prometheus_config_flags_extra:
|
# prometheus_config_flags_extra:
|
||||||
# - name: storage.tsdb.retention
|
|
||||||
# value: 15d
|
|
||||||
# - name: alertmanager.timeout
|
# - name: alertmanager.timeout
|
||||||
# - value: 10s
|
# value: 10s
|
||||||
# @end
|
# @end
|
||||||
|
|
||||||
prometheus_alertmanager_config: []
|
prometheus_alertmanager_config: []
|
||||||
@ -94,7 +100,7 @@ prometheus_targets: []
|
|||||||
|
|
||||||
prometheus_scrape_configs:
|
prometheus_scrape_configs:
|
||||||
- job_name: "prometheus"
|
- job_name: "prometheus"
|
||||||
metrics_path: "{{ prometheus_web_external_url | urlsplit('path') }}/metrics"
|
metrics_path: "{{ prometheus_web_external_url | urlsplit('path') if (prometheus_web_external_url | urlsplit('path')) | length > 1 else '' }}/metrics"
|
||||||
static_configs:
|
static_configs:
|
||||||
- targets:
|
- targets:
|
||||||
- "{{ ansible_fqdn | default(ansible_host) | default('localhost') }}:9090"
|
- "{{ ansible_fqdn | default(ansible_host) | default('localhost') }}:9090"
|
||||||
|
@ -1,5 +1,28 @@
|
|||||||
---
|
---
|
||||||
- name: Converge
|
- name: Converge
|
||||||
hosts: all
|
hosts: all
|
||||||
|
vars:
|
||||||
|
prometheus_config_flags_extra:
|
||||||
|
- name: alertmanager.timeout
|
||||||
|
value: 10s
|
||||||
|
prometheus_alertmanager_config:
|
||||||
|
- scheme: https
|
||||||
|
path_prefix: alertmanager/
|
||||||
|
basic_auth:
|
||||||
|
username: user
|
||||||
|
password: pass
|
||||||
|
static_configs:
|
||||||
|
- targets:
|
||||||
|
- "127.0.0.1:9093"
|
||||||
|
prometheus_alert_relabel_configs:
|
||||||
|
- action: labeldrop
|
||||||
|
regex: replica
|
||||||
|
prometheus_targets:
|
||||||
|
- name: node
|
||||||
|
config:
|
||||||
|
- targets:
|
||||||
|
- localhost:9100
|
||||||
|
labels:
|
||||||
|
env: test
|
||||||
roles:
|
roles:
|
||||||
- role: xoxys.prometheus
|
- role: xoxys.prometheus
|
||||||
|
@ -3,3 +3,6 @@
|
|||||||
- include_tasks: setup.yml
|
- include_tasks: setup.yml
|
||||||
- include_tasks: selinux.yml
|
- include_tasks: selinux.yml
|
||||||
when: ansible_selinux.status == "enabled"
|
when: ansible_selinux.status == "enabled"
|
||||||
|
- import_tasks: tls.yml
|
||||||
|
when: prometheus_web_tls_enabled | bool
|
||||||
|
tags: tls_renewal
|
||||||
|
@ -19,6 +19,7 @@
|
|||||||
- "{{ prometheus_config_dir }}"
|
- "{{ prometheus_config_dir }}"
|
||||||
- "{{ prometheus_rules_dir }}"
|
- "{{ prometheus_rules_dir }}"
|
||||||
- "{{ prometheus_data_dir }}"
|
- "{{ prometheus_data_dir }}"
|
||||||
|
- "{{ prometheus_file_sd_dir }}"
|
||||||
|
|
||||||
- name: Download and extract Prometheus tarball
|
- name: Download and extract Prometheus tarball
|
||||||
unarchive:
|
unarchive:
|
||||||
@ -53,6 +54,7 @@
|
|||||||
owner: "{{ prometheus_user }}"
|
owner: "{{ prometheus_user }}"
|
||||||
group: "{{ prometheus_user }}"
|
group: "{{ prometheus_user }}"
|
||||||
mode: 0640
|
mode: 0640
|
||||||
|
validate: "{{ prometheus_base_dir }}/promtool check web-config %s"
|
||||||
|
|
||||||
- name: Configure prometheus static targets
|
- name: Configure prometheus static targets
|
||||||
template:
|
template:
|
||||||
@ -62,6 +64,8 @@
|
|||||||
group: "{{ prometheus_user }}"
|
group: "{{ prometheus_user }}"
|
||||||
mode: 0640
|
mode: 0640
|
||||||
loop: "{{ prometheus_targets }}"
|
loop: "{{ prometheus_targets }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.name }}"
|
||||||
|
|
||||||
- name: Copy prometheus custom static targets
|
- name: Copy prometheus custom static targets
|
||||||
copy:
|
copy:
|
||||||
|
32
tasks/tls.yml
Normal file
32
tasks/tls.yml
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
---
|
||||||
|
- block:
|
||||||
|
- name: Create tls folder structure
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ prometheus_user }}"
|
||||||
|
group: "{{ prometheus_group }}"
|
||||||
|
recurse: True
|
||||||
|
loop:
|
||||||
|
- "{{ prometheus_web_tls_cert_path | dirname }}"
|
||||||
|
- "{{ prometheus_web_tls_key_path | dirname }}"
|
||||||
|
become: True
|
||||||
|
become_user: root
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Copy certs and private key
|
||||||
|
copy:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
mode: "{{ item.mode }}"
|
||||||
|
loop:
|
||||||
|
- src: "{{ prometheus_web_tls_key_source }}"
|
||||||
|
dest: "{{ prometheus_web_tls_key_path }}"
|
||||||
|
mode: "0600"
|
||||||
|
- src: "{{ prometheus_web_tls_cert_source }}"
|
||||||
|
dest: "{{ prometheus_web_tls_cert_path }}"
|
||||||
|
mode: "0750"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.dest }}"
|
||||||
|
become: True
|
||||||
|
become_user: "{{ prometheus_user }}"
|
@ -5,12 +5,12 @@ global:
|
|||||||
{{ prometheus_global | to_nice_yaml(indent=2) | indent(2, False) }}
|
{{ prometheus_global | to_nice_yaml(indent=2) | indent(2, False) }}
|
||||||
external_labels:
|
external_labels:
|
||||||
{{ prometheus_external_labels | to_nice_yaml(indent=2) | indent(4, False) }}
|
{{ prometheus_external_labels | to_nice_yaml(indent=2) | indent(4, False) }}
|
||||||
{% if prometheus_remote_write != [] %}
|
{% if prometheus_remote_write | length > 0 %}
|
||||||
|
|
||||||
remote_write:
|
remote_write:
|
||||||
{{ prometheus_remote_write | to_nice_yaml(indent=2) | indent(2, False) }}
|
{{ prometheus_remote_write | to_nice_yaml(indent=2) | indent(2, False) }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if prometheus_remote_read != [] %}
|
{% if prometheus_remote_read | length > 0 %}
|
||||||
|
|
||||||
remote_read:
|
remote_read:
|
||||||
{{ prometheus_remote_read | to_nice_yaml(indent=2) | indent(2, False) }}
|
{{ prometheus_remote_read | to_nice_yaml(indent=2) | indent(2, False) }}
|
||||||
|
@ -1,4 +1,26 @@
|
|||||||
#jinja2: lstrip_blocks: True
|
#jinja2: lstrip_blocks: True
|
||||||
{{ ansible_managed | comment }}
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
{{ prometheus_web_config | to_nice_yaml(indent=2) }}
|
{% if prometheus_web_tls_enabled | bool %}
|
||||||
|
tls_server_config:
|
||||||
|
cert_file: {{ prometheus_web_tls_cert_path }}
|
||||||
|
key_file: {{ prometheus_web_tls_key_path }}
|
||||||
|
{% else %}
|
||||||
|
tls_server_config: {}
|
||||||
|
{% endif %}
|
||||||
|
{% if prometheus_web_http_server is defined %}
|
||||||
|
|
||||||
|
http_server_config:
|
||||||
|
{{ prometheus_web_http_server | to_nice_yaml(indent=2) | indent(2,False) }}
|
||||||
|
{% else %}
|
||||||
|
|
||||||
|
http_server_config: {}
|
||||||
|
{% endif %}
|
||||||
|
{% if prometheus_web_basic_auth_users is defined %}
|
||||||
|
|
||||||
|
basic_auth_users:
|
||||||
|
{{ prometheus_web_basic_auth_users | to_nice_yaml(indent=2) | indent(2,False) }}
|
||||||
|
{% else %}
|
||||||
|
|
||||||
|
basic_auth_users: {}
|
||||||
|
{% endif %}
|
||||||
|
@ -25,13 +25,14 @@ ExecStart={{ prometheus_base_dir }}/prometheus \
|
|||||||
{% if flag.value is not defined %}
|
{% if flag.value is not defined %}
|
||||||
--{{ flag.name }} \
|
--{{ flag.name }} \
|
||||||
{% elif flag.value is string %}
|
{% elif flag.value is string %}
|
||||||
--{{ flag.name }}={{ flag_value }} \
|
--{{ flag.name }}={{ flag.value }} \
|
||||||
{% elif flag.value is sequence %}
|
{% elif flag.value is sequence %}
|
||||||
{% for flag_value_item in flag.value %}
|
{% for flag_value_item in flag.value %}
|
||||||
--{{ flag.name }}={{ flag_value_item }} \
|
--{{ flag.name }}={{ flag_value_item }} \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
--log.level={{ prometheus_log_level }} \
|
||||||
--config.file={{ prometheus_config_dir }}/prometheus.yml
|
--config.file={{ prometheus_config_dir }}/prometheus.yml
|
||||||
|
|
||||||
LimitNOFILE=65000
|
LimitNOFILE=65000
|
||||||
|
Loading…
Reference in New Issue
Block a user