diff options
author | Christian Pointner <equinox@spreadspace.org> | 2021-10-27 23:05:31 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2021-10-27 23:05:31 +0200 |
commit | ebaa6201168266393dea9182505275539c297618 (patch) | |
tree | 15ccb94b69c080f4da18af0c35c5ab095e19bfda /roles/monitoring/prometheus | |
parent | add filter to generate salts for various password hashes (diff) |
add basic auth to prometheus/server
Diffstat (limited to 'roles/monitoring/prometheus')
3 files changed, 20 insertions, 1 deletions
diff --git a/roles/monitoring/prometheus/server/defaults/main/main.yml b/roles/monitoring/prometheus/server/defaults/main/main.yml index 3aea0509..d149483e 100644 --- a/roles/monitoring/prometheus/server/defaults/main/main.yml +++ b/roles/monitoring/prometheus/server/defaults/main/main.yml @@ -29,3 +29,6 @@ prometheus_server_rules: prometheus_server_web_listen_address: 127.0.0.1:9090 # prometheus_server_web_external_url: /prometheus/ + +# prometheus_server_auth_users: +# foo: secret diff --git a/roles/monitoring/prometheus/server/tasks/main.yml b/roles/monitoring/prometheus/server/tasks/main.yml index 1d89fc5a..f5965883 100644 --- a/roles/monitoring/prometheus/server/tasks/main.yml +++ b/roles/monitoring/prometheus/server/tasks/main.yml @@ -95,6 +95,22 @@ validate: "promtool check config %s" notify: reload prometheus +- name: generate web configuration file + when: prometheus_server_auth_users is defined + copy: + content: | + # Ansible managed + basic_auth_users: + {% for user,password in prometheus_server_auth_users.items() %} + {{ user }}: {{ password | password_hash('bcrypt', (user~'@'~inventory_hostname~'/prometheus/server') | bcrypt_salt) }} + {% endfor %} + dest: /etc/prometheus/prometheus-web.yml + mode: 0640 + owner: root + group: prometheus + validate: "promtool check web-config %s" + notify: reload prometheus + - name: generate systemd service unit template: src: prometheus.service.j2 diff --git a/roles/monitoring/prometheus/server/templates/prometheus.service.j2 b/roles/monitoring/prometheus/server/templates/prometheus.service.j2 index 3a366a61..b21cceae 100644 --- a/roles/monitoring/prometheus/server/templates/prometheus.service.j2 +++ b/roles/monitoring/prometheus/server/templates/prometheus.service.j2 @@ -6,7 +6,7 @@ After=time-sync.target [Service] Restart=on-failure User=prometheus -ExecStart=/usr/bin/prometheus --config.file=/etc/prometheus/prometheus.yml --storage.tsdb.path=/var/lib/prometheus/metrics2/ --storage.tsdb.retention.time={{ prometheus_server_retention }}{% if prometheus_server_web_external_url is defined %} --web.external-url={{ prometheus_server_web_external_url }}{% endif %} --web.listen-address={{ prometheus_server_web_listen_address }} +ExecStart=/usr/bin/prometheus --config.file=/etc/prometheus/prometheus.yml --storage.tsdb.path=/var/lib/prometheus/metrics2/ --storage.tsdb.retention.time={{ prometheus_server_retention }}{% if prometheus_server_web_external_url is defined %} --web.external-url={{ prometheus_server_web_external_url }}{% endif %}{% if prometheus_server_auth_users is defined %} --web.config.file /etc/prometheus/prometheus-web.yml{% endif %} --web.listen-address={{ prometheus_server_web_listen_address }} ExecReload=/bin/kill -HUP $MAINPID TimeoutStopSec=20s SendSIGKILL=no |