restore promethues self-scraping if auth is used

author: Christian Pointner <equinox@spreadspace.org> 2021-10-27 23:54:16 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2021-10-27 23:54:16 +0200
commit: 152652bf3df22bd4687012e3b372cd00760bf1cd (patch)
tree: 6a1b984f8d0c835b87403b02115d98a6c54a20ac /roles
parent: prometheus add basic auth to alert-manager (diff)
4 files changed, 26 insertions, 2 deletions
diff --git a/roles/monitoring/prometheus/alertmanager/defaults/main.yml b/roles/monitoring/prometheus/alertmanager/defaults/main.yml
index a7f94b38..47e0ae54 100644
--- a/roles/monitoring/prometheus/alertmanager/defaults/main.yml
+++ b/roles/monitoring/prometheus/alertmanager/defaults/main.yml
@@ -21,4 +21,4 @@ prometheus_alertmanager_receivers:
   - name: empty
 
 # prometheus_server_auth_users:
-#   foo: secret
+#   admin: geheim
diff --git a/roles/monitoring/prometheus/server/defaults/main/main.yml b/roles/monitoring/prometheus/server/defaults/main/main.yml
index d149483e..f74a6f30 100644
--- a/roles/monitoring/prometheus/server/defaults/main/main.yml
+++ b/roles/monitoring/prometheus/server/defaults/main/main.yml
@@ -26,9 +26,17 @@ prometheus_server_rules:
 # prometheus_server_alertmanager:
 #   url: "127.0.0.1:9093"
 #   path_prefix: /
+#   basic_auth:
+#     username: server
+#     password: geheim
 
 prometheus_server_web_listen_address: 127.0.0.1:9090
 # prometheus_server_web_external_url: /prometheus/
 
 # prometheus_server_auth_users:
-#   foo: secret
+#   server: changeme
+#   admin: secret
+
+# prometheus_server_selfscraping_auth:
+#   username: server
+#   password: changme
diff --git a/roles/monitoring/prometheus/server/tasks/main.yml b/roles/monitoring/prometheus/server/tasks/main.yml
index b2e5f0eb..4b1bf2c4 100644
--- a/roles/monitoring/prometheus/server/tasks/main.yml
+++ b/roles/monitoring/prometheus/server/tasks/main.yml
@@ -111,6 +111,17 @@
     validate: "promtool check web-config %s"
   notify: reload prometheus
 
+- name: generate password file prometheus server to scrape itself
+  when: prometheus_server_selfscraping_auth is defined
+  copy:
+    content: "{{ prometheus_server_selfscraping_auth.password }}\n"
+    dest: /etc/prometheus/prometheus-selfscraping.password
+    mode: 0640
+    owner: root
+    group: prometheus
+  no_log: yes
+  notify: reload prometheus
+
 - name: generate password file prometheus server to access alertmanager
   when: "'basic_auth' in prometheus_server_alertmanager"
   copy:
diff --git a/roles/monitoring/prometheus/server/templates/prometheus.yml.j2 b/roles/monitoring/prometheus/server/templates/prometheus.yml.j2
index 98ac1aaa..883aa223 100644
--- a/roles/monitoring/prometheus/server/templates/prometheus.yml.j2
+++ b/roles/monitoring/prometheus/server/templates/prometheus.yml.j2
@@ -30,6 +30,11 @@ scrape_configs:
 {% if prometheus_server_web_external_url is defined %}
     metrics_path: '{{ (prometheus_server_web_external_url | urlsplit('path'), 'metrics') | path_join }}'
 {% endif %}
+{% if prometheus_server_selfscraping_auth is defined %}
+    basic_auth:
+      username: '{{ prometheus_server_selfscraping_auth.username }}'
+      password_file: '/etc/prometheus/prometheus-selfscraping.password'
+{% endif %}
     static_configs:
     - targets: ['localhost:9090']
       labels:
author	Christian Pointner <equinox@spreadspace.org>	2021-10-27 23:54:16 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2021-10-27 23:54:16 +0200
commit	152652bf3df22bd4687012e3b372cd00760bf1cd (patch)
tree	6a1b984f8d0c835b87403b02115d98a6c54a20ac /roles
parent	prometheus add basic auth to alert-manager (diff)