summaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2021-10-27 23:30:04 +0200
committerChristian Pointner <equinox@spreadspace.org>2021-10-27 23:30:04 +0200
commit187894ff0d651f0f9924df9a40bc1085f4172612 (patch)
treeb8493c7f811f01e760b0d7b40c17bcef41017a62 /roles
parentadd basic auth to prometheus/server (diff)
prometheus add basic auth to alert-manager
Diffstat (limited to 'roles')
-rw-r--r--roles/monitoring/prometheus/alertmanager/defaults/main.yml3
-rw-r--r--roles/monitoring/prometheus/alertmanager/tasks/main.yml15
-rw-r--r--roles/monitoring/prometheus/alertmanager/templates/prometheus-alertmanager.service.j22
-rw-r--r--roles/monitoring/prometheus/server/tasks/main.yml11
-rw-r--r--roles/monitoring/prometheus/server/templates/prometheus.service.j22
-rw-r--r--roles/monitoring/prometheus/server/templates/prometheus.yml.j210
6 files changed, 41 insertions, 2 deletions
diff --git a/roles/monitoring/prometheus/alertmanager/defaults/main.yml b/roles/monitoring/prometheus/alertmanager/defaults/main.yml
index ecec1d7c..a7f94b38 100644
--- a/roles/monitoring/prometheus/alertmanager/defaults/main.yml
+++ b/roles/monitoring/prometheus/alertmanager/defaults/main.yml
@@ -19,3 +19,6 @@ prometheus_alertmanager_route:
prometheus_alertmanager_receivers:
- name: empty
+
+# prometheus_server_auth_users:
+# foo: secret
diff --git a/roles/monitoring/prometheus/alertmanager/tasks/main.yml b/roles/monitoring/prometheus/alertmanager/tasks/main.yml
index 10c0860a..338b0cbe 100644
--- a/roles/monitoring/prometheus/alertmanager/tasks/main.yml
+++ b/roles/monitoring/prometheus/alertmanager/tasks/main.yml
@@ -32,6 +32,21 @@
dest: /etc/prometheus/alertmanager.yml
notify: reload prometheus-alertmanager
+- name: generate web configuration file
+ when: prometheus_alertmanager_auth_users is defined
+ copy:
+ content: |
+ # Ansible managed
+ basic_auth_users:
+ {% for user,password in prometheus_alertmanager_auth_users.items() %}
+ {{ user }}: {{ password | password_hash('bcrypt', (user~'@'~inventory_hostname~'/prometheus/alertmanager') | bcrypt_salt) }}
+ {% endfor %}
+ dest: /etc/prometheus/alertmanager-web.yml
+ mode: 0640
+ owner: root
+ group: prometheus-alertmanager
+ notify: reload prometheus-alertmanager
+
- name: generate systemd service unit
template:
src: prometheus-alertmanager.service.j2
diff --git a/roles/monitoring/prometheus/alertmanager/templates/prometheus-alertmanager.service.j2 b/roles/monitoring/prometheus/alertmanager/templates/prometheus-alertmanager.service.j2
index e548607d..5e0e3008 100644
--- a/roles/monitoring/prometheus/alertmanager/templates/prometheus-alertmanager.service.j2
+++ b/roles/monitoring/prometheus/alertmanager/templates/prometheus-alertmanager.service.j2
@@ -5,7 +5,7 @@ Documentation=https://prometheus.io/docs/alerting/alertmanager/
[Service]
Restart=on-failure
User=prometheus-alertmanager
-ExecStart=/usr/bin/prometheus-alertmanager --config.file=/etc/prometheus/alertmanager.yml --cluster.listen-address= --storage.path="/var/lib/prometheus/alertmanager"{% if prometheus_alertmanager_web_route_prefix is defined %} --web.route-prefix={{ prometheus_alertmanager_web_route_prefix }}{% endif %} --web.listen-address={{ prometheus_alertmanager_web_listen_address }}
+ExecStart=/usr/bin/prometheus-alertmanager --config.file=/etc/prometheus/alertmanager.yml --cluster.listen-address= --storage.path="/var/lib/prometheus/alertmanager"{% if prometheus_alertmanager_web_route_prefix is defined %} --web.route-prefix={{ prometheus_alertmanager_web_route_prefix }}{% endif %}{% if prometheus_alertmanager_auth_users is defined %} --web.config.file=/etc/prometheus/alertmanager-web.yml{% endif %} --web.listen-address={{ prometheus_alertmanager_web_listen_address }}
ExecReload=/bin/kill -HUP $MAINPID
TimeoutStopSec=20s
SendSIGKILL=no
diff --git a/roles/monitoring/prometheus/server/tasks/main.yml b/roles/monitoring/prometheus/server/tasks/main.yml
index f5965883..b2e5f0eb 100644
--- a/roles/monitoring/prometheus/server/tasks/main.yml
+++ b/roles/monitoring/prometheus/server/tasks/main.yml
@@ -111,6 +111,17 @@
validate: "promtool check web-config %s"
notify: reload prometheus
+- name: generate password file prometheus server to access alertmanager
+ when: "'basic_auth' in prometheus_server_alertmanager"
+ copy:
+ content: "{{ prometheus_server_alertmanager.basic_auth.password }}\n"
+ dest: /etc/prometheus/prometheus-alertmanager.password
+ mode: 0640
+ owner: root
+ group: prometheus
+ no_log: yes
+ notify: reload prometheus
+
- name: generate systemd service unit
template:
src: prometheus.service.j2
diff --git a/roles/monitoring/prometheus/server/templates/prometheus.service.j2 b/roles/monitoring/prometheus/server/templates/prometheus.service.j2
index b21cceae..77a3b02a 100644
--- a/roles/monitoring/prometheus/server/templates/prometheus.service.j2
+++ b/roles/monitoring/prometheus/server/templates/prometheus.service.j2
@@ -6,7 +6,7 @@ After=time-sync.target
[Service]
Restart=on-failure
User=prometheus
-ExecStart=/usr/bin/prometheus --config.file=/etc/prometheus/prometheus.yml --storage.tsdb.path=/var/lib/prometheus/metrics2/ --storage.tsdb.retention.time={{ prometheus_server_retention }}{% if prometheus_server_web_external_url is defined %} --web.external-url={{ prometheus_server_web_external_url }}{% endif %}{% if prometheus_server_auth_users is defined %} --web.config.file /etc/prometheus/prometheus-web.yml{% endif %} --web.listen-address={{ prometheus_server_web_listen_address }}
+ExecStart=/usr/bin/prometheus --config.file=/etc/prometheus/prometheus.yml --storage.tsdb.path=/var/lib/prometheus/metrics2/ --storage.tsdb.retention.time={{ prometheus_server_retention }}{% if prometheus_server_web_external_url is defined %} --web.external-url={{ prometheus_server_web_external_url }}{% endif %}{% if prometheus_server_auth_users is defined %} --web.config.file=/etc/prometheus/prometheus-web.yml{% endif %} --web.listen-address={{ prometheus_server_web_listen_address }}
ExecReload=/bin/kill -HUP $MAINPID
TimeoutStopSec=20s
SendSIGKILL=no
diff --git a/roles/monitoring/prometheus/server/templates/prometheus.yml.j2 b/roles/monitoring/prometheus/server/templates/prometheus.yml.j2
index e73ca354..98ac1aaa 100644
--- a/roles/monitoring/prometheus/server/templates/prometheus.yml.j2
+++ b/roles/monitoring/prometheus/server/templates/prometheus.yml.j2
@@ -18,6 +18,11 @@ alerting:
{% if 'path_prefix' in prometheus_server_alertmanager %}
path_prefix: '{{ prometheus_server_alertmanager.path_prefix }}'
{% endif %}
+{% if 'basic_auth' in prometheus_server_alertmanager %}
+ basic_auth:
+ username: '{{ prometheus_server_alertmanager.basic_auth.username }}'
+ password_file: '/etc/prometheus/prometheus-alertmanager.password'
+{% endif %}
{% endif %}
scrape_configs:
@@ -35,6 +40,11 @@ scrape_configs:
{% if 'path_prefix' in prometheus_server_alertmanager %}
metrics_path: '{{ (prometheus_server_alertmanager.path_prefix, 'metrics') | path_join }}'
{% endif %}
+{% if 'basic_auth' in prometheus_server_alertmanager %}
+ basic_auth:
+ username: '{{ prometheus_server_alertmanager.basic_auth.username }}'
+ password_file: '/etc/prometheus/prometheus-alertmanager.password'
+{% endif %}
static_configs:
- targets: ['{{ prometheus_server_alertmanager.url }}']
{% endif %}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 09:14:22 +0000