diff options
author | Christian Pointner <equinox@spreadspace.org> | 2021-10-27 23:54:16 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2021-10-27 23:54:16 +0200 |
commit | 152652bf3df22bd4687012e3b372cd00760bf1cd (patch) | |
tree | 6a1b984f8d0c835b87403b02115d98a6c54a20ac /roles/monitoring/prometheus/server | |
parent | prometheus add basic auth to alert-manager (diff) |
restore promethues self-scraping if auth is used
Diffstat (limited to 'roles/monitoring/prometheus/server')
3 files changed, 25 insertions, 1 deletions
diff --git a/roles/monitoring/prometheus/server/defaults/main/main.yml b/roles/monitoring/prometheus/server/defaults/main/main.yml index d149483e..f74a6f30 100644 --- a/roles/monitoring/prometheus/server/defaults/main/main.yml +++ b/roles/monitoring/prometheus/server/defaults/main/main.yml @@ -26,9 +26,17 @@ prometheus_server_rules: # prometheus_server_alertmanager: # url: "127.0.0.1:9093" # path_prefix: / +# basic_auth: +# username: server +# password: geheim prometheus_server_web_listen_address: 127.0.0.1:9090 # prometheus_server_web_external_url: /prometheus/ # prometheus_server_auth_users: -# foo: secret +# server: changeme +# admin: secret + +# prometheus_server_selfscraping_auth: +# username: server +# password: changme diff --git a/roles/monitoring/prometheus/server/tasks/main.yml b/roles/monitoring/prometheus/server/tasks/main.yml index b2e5f0eb..4b1bf2c4 100644 --- a/roles/monitoring/prometheus/server/tasks/main.yml +++ b/roles/monitoring/prometheus/server/tasks/main.yml @@ -111,6 +111,17 @@ validate: "promtool check web-config %s" notify: reload prometheus +- name: generate password file prometheus server to scrape itself + when: prometheus_server_selfscraping_auth is defined + copy: + content: "{{ prometheus_server_selfscraping_auth.password }}\n" + dest: /etc/prometheus/prometheus-selfscraping.password + mode: 0640 + owner: root + group: prometheus + no_log: yes + notify: reload prometheus + - name: generate password file prometheus server to access alertmanager when: "'basic_auth' in prometheus_server_alertmanager" copy: diff --git a/roles/monitoring/prometheus/server/templates/prometheus.yml.j2 b/roles/monitoring/prometheus/server/templates/prometheus.yml.j2 index 98ac1aaa..883aa223 100644 --- a/roles/monitoring/prometheus/server/templates/prometheus.yml.j2 +++ b/roles/monitoring/prometheus/server/templates/prometheus.yml.j2 @@ -30,6 +30,11 @@ scrape_configs: {% if prometheus_server_web_external_url is defined %} metrics_path: '{{ (prometheus_server_web_external_url | urlsplit('path'), 'metrics') | path_join }}' {% endif %} +{% if prometheus_server_selfscraping_auth is defined %} + basic_auth: + username: '{{ prometheus_server_selfscraping_auth.username }}' + password_file: '/etc/prometheus/prometheus-selfscraping.password' +{% endif %} static_configs: - targets: ['localhost:9090'] labels: |