diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2022-12-07 19:16:39 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2022-12-07 19:33:32 +0100 |
| commit | f294c367c70d04d3de1c10fa87c2be4ea6cc3012 (patch) | |
| tree | e9accdbd8bb877f02543a3425fc394517cac4007 /roles/monitoring/prometheus | |
| parent | alerta: allow to force alerm severity for heartbeats (diff) | |
prometheus/node-exporter: make certificate SANs configurable
promethues/server: add support for federation
Diffstat (limited to 'roles/monitoring/prometheus')
5 files changed, 59 insertions, 5 deletions
diff --git a/roles/monitoring/prometheus/exporter/base/defaults/main.yml b/roles/monitoring/prometheus/exporter/base/defaults/main.yml index 2eef79fe..f6c8567f 100644 --- a/roles/monitoring/prometheus/exporter/base/defaults/main.yml +++ b/roles/monitoring/prometheus/exporter/base/defaults/main.yml @@ -1,3 +1,7 @@ --- #prometheus_exporter_listen_addr: prometheus_exporter_listen_port: 9999 + +prometheus_exporter_certificate_san: + - "DNS:{{ host_name }}.{{ host_domain }}" + - "IP:{{ (inventory_hostname == prometheus_server) | ternary('127.0.0.1', (prometheus_exporter_listen_addr | default(ansible_default_ipv4.address))) }}" diff --git a/roles/monitoring/prometheus/exporter/base/tasks/tls.yml b/roles/monitoring/prometheus/exporter/base/tasks/tls.yml index 35f410e8..a2d2f4a9 100644 --- a/roles/monitoring/prometheus/exporter/base/tasks/tls.yml +++ b/roles/monitoring/prometheus/exporter/base/tasks/tls.yml @@ -32,9 +32,7 @@ path: /etc/ssl/prometheus/exporter/csr.pem privatekey_path: /etc/ssl/prometheus/exporter/key.pem CN: "{{ inventory_hostname }}" - subject_alt_name: - - "DNS:{{ host_name }}.{{ host_domain }}" - - "IP:{{ (inventory_hostname == prometheus_server) | ternary('127.0.0.1', (prometheus_exporter_listen_addr | default(ansible_default_ipv4.address))) }}" + subject_alt_name: "{{ prometheus_exporter_certificate_san }}" key_usage: - digitalSignature key_usage_critical: yes diff --git a/roles/monitoring/prometheus/server/defaults/main/main.yml b/roles/monitoring/prometheus/server/defaults/main/main.yml index 8aa06d42..375b3458 100644 --- a/roles/monitoring/prometheus/server/defaults/main/main.yml +++ b/roles/monitoring/prometheus/server/defaults/main/main.yml @@ -48,3 +48,15 @@ prometheus_server_web_listen_address: 127.0.0.1:9090 # prometheus_server_selfscraping_auth: # username: server # password: changme + +# prometheus_server_federation: +# somehost: +# scheme: http +# url: 192.2.0.1:9000 +# path_prefix: /prometheus +# basic_auth: +# username: federate +# password: secret +# jobs: +# - node +# - blackbox diff --git a/roles/monitoring/prometheus/server/tasks/main.yml b/roles/monitoring/prometheus/server/tasks/main.yml index e93221d5..fce41214 100644 --- a/roles/monitoring/prometheus/server/tasks/main.yml +++ b/roles/monitoring/prometheus/server/tasks/main.yml @@ -91,13 +91,13 @@ notify: reload prometheus - name: create sub-directories for all jobs in rules directory - loop: "{{ prometheus_server_jobs | select('match', '.*/.*') | map('dirname') | unique }}" + loop: "{{ prometheus_server_jobs | union(prometheus_server_federation | default({}) | dict2items | map(attribute='value.jobs') | flatten | unique) | select('match', '.*/.*') | map('dirname') | unique }}" file: path: "/etc/prometheus/rules/{{ item }}" state: directory - name: generate rules files for all jobs - loop: "{{ prometheus_server_jobs | union(['prometheus']) }}" + loop: "{{ prometheus_server_jobs | union(prometheus_server_federation | default({}) | dict2items | map(attribute='value.jobs') | flatten | unique) | union(['prometheus']) }}" template: src: rules.yml.j2 dest: "/etc/prometheus/rules/{{ item }}.yml" @@ -151,6 +151,19 @@ no_log: yes notify: reload prometheus +- name: generate password file prometheus server to access federation + loop: "{{ prometheus_server_federation | default({}) | dict2items | selectattr('value.basic_auth', 'defined') }}" + loop_control: + label: "{{ item.key }}" + copy: + content: "{{ item.value.basic_auth.password }}\n" + dest: "/etc/prometheus/prometheus-federation-{{ item.key }}.password" + mode: 0640 + owner: root + group: prometheus + no_log: yes + notify: reload prometheus + - name: generate systemd service unit template: src: prometheus.service.j2 diff --git a/roles/monitoring/prometheus/server/templates/prometheus.yml.j2 b/roles/monitoring/prometheus/server/templates/prometheus.yml.j2 index aed69de5..e9d83c1d 100644 --- a/roles/monitoring/prometheus/server/templates/prometheus.yml.j2 +++ b/roles/monitoring/prometheus/server/templates/prometheus.yml.j2 @@ -67,3 +67,30 @@ scrape_configs: {{ prometheus_server_jobs_extra | indent(2) }} {% endif %} +{% for source, config in (prometheus_server_federation | default({})).items() %} + + ## federation: {{ source }} +{% for job in config.jobs %} + + - job_name: 'federate/{{ source }}/{{ job }}' + scrape_interval: 15s + scrape_timeout: 15s + scheme: {{ config.scheme | default('https') }} + metrics_path: {{ config.path_prefix | default('') }}/federate +{% if 'basic_auth' in config %} + basic_auth: + username: '{{ config.basic_auth.username }}' + password_file: '/etc/prometheus/prometheus-federation-{{ source }}.password' +{% endif %} + honor_labels: true + metric_relabel_configs: + - source_labels: [id] + regex: '^static-agent$' + action: drop + params: + match[]: + - '{job="{{ job }}"}' + static_configs: + - targets: ['{{ config.url }}'] +{% endfor %} +{% endfor %} |