prometheus/node-exporter: make certificate SANs configurable

promethues/server: add support for federation

2 files changed, 5 insertions, 3 deletions

diff --git a/roles/monitoring/prometheus/exporter/base/defaults/main.yml b/roles/monitoring/prometheus/exporter/base/defaults/main.yml
index 2eef79fe..f6c8567f 100644
--- a/roles/monitoring/prometheus/exporter/base/defaults/main.yml
+++ b/roles/monitoring/prometheus/exporter/base/defaults/main.yml
@@ -1,3 +1,7 @@
 ---
 #prometheus_exporter_listen_addr:
 prometheus_exporter_listen_port: 9999
+
+prometheus_exporter_certificate_san:
+  - "DNS:{{ host_name }}.{{ host_domain }}"
+  - "IP:{{ (inventory_hostname == prometheus_server) | ternary('127.0.0.1', (prometheus_exporter_listen_addr | default(ansible_default_ipv4.address))) }}"
diff --git a/roles/monitoring/prometheus/exporter/base/tasks/tls.yml b/roles/monitoring/prometheus/exporter/base/tasks/tls.yml
index 35f410e8..a2d2f4a9 100644
--- a/roles/monitoring/prometheus/exporter/base/tasks/tls.yml
+++ b/roles/monitoring/prometheus/exporter/base/tasks/tls.yml
@@ -32,9 +32,7 @@
     path: /etc/ssl/prometheus/exporter/csr.pem
     privatekey_path: /etc/ssl/prometheus/exporter/key.pem
     CN: "{{ inventory_hostname }}"
-    subject_alt_name:
-    - "DNS:{{ host_name }}.{{ host_domain }}"
-    - "IP:{{ (inventory_hostname == prometheus_server) | ternary('127.0.0.1', (prometheus_exporter_listen_addr | default(ansible_default_ipv4.address))) }}"
+    subject_alt_name: "{{ prometheus_exporter_certificate_san }}"
     key_usage:
     - digitalSignature
     key_usage_critical: yes