diff options
-rw-r--r-- | chaos-at-home/host_vars/ch-mon.yml | 37 | ||||
-rw-r--r-- | inventory/host_vars/ch-mon.yml | 5 | ||||
-rw-r--r-- | roles/monitoring/prometheus/alertmanager/defaults/main.yml | 2 | ||||
-rw-r--r-- | roles/monitoring/prometheus/server/defaults/main/main.yml | 10 | ||||
-rw-r--r-- | roles/monitoring/prometheus/server/tasks/main.yml | 11 | ||||
-rw-r--r-- | roles/monitoring/prometheus/server/templates/prometheus.yml.j2 | 5 |
6 files changed, 51 insertions, 19 deletions
diff --git a/chaos-at-home/host_vars/ch-mon.yml b/chaos-at-home/host_vars/ch-mon.yml index 132e3e9f..f39c68bb 100644 --- a/chaos-at-home/host_vars/ch-mon.yml +++ b/chaos-at-home/host_vars/ch-mon.yml @@ -1,18 +1,21 @@ $ANSIBLE_VAULT;1.2;AES256;chaos-at-home -31613732366630363830623161656537376532616661303238666631393766636164386534646162 -3633366463313561393664393861313939643631616235640a313266636663626463643261313734 -34353361313564323136316262326238323766643639643962373039333637393238623935626366 -6636663635633834370a663632396332383631643865393835313637363539326362663366616332 -36313463303639306330313833616437663336316632376461396130623065616132613666616361 -32303333386164633766333164363461393364306536663439346534613832383631613433303432 -37356363623539656365353130333237633466343463363138313933623962313763643033396338 -66663738333261633065653966373835653932313439366165313031626436343630323434376233 -30313330333065653063636139366530376130313139323633613736373231373236643265656666 -66373261373435323334396465323366646366663861346434396331303135313763326332663965 -61623531363631313239383462323166383435326633623461663935356536326365383535376236 -61643231343865643064333038613434336661376465656435383930623335623837376263333433 -66633836623062333135643362623230373538386163633761336237383361323361366632656335 -34633263303763376437613033623530666638666461643033356331393131316564393663656665 -33616331366465633733313135646464353836373933336634303938633533666439306564623533 -31396131653334653663323061626162346631396337623831396138626464613530616337633262 -30336136643734333832323663356437376561373961336231366334376262613034 +61333038643439323235383539633861363663336261643338653763393062663063353531653234 +6266633364613634633636386432326162323038656138310a376532633332343937353633666238 +38633862376662393930373730633236353362333438646539326239643235396161623765303461 +3235653232636465390a643838656137346337626137356664353136313038386633366365396666 +38303566643562316134663634646135386536396362656366613466323166373962613333656534 +38353830303864363336343361393031306136633034366438376433326438343832363264653139 +38346662616533626539313365396130383966353635663436633731386365333363386431363734 +32393234303962643139646134653336323836316132616133383835613030323332323739393738 +34353461653261356362653133333638613064383465636330323665653262666136343163623566 +32366561633564393261343964313439626139353330316339653662613739343366666435336338 +61306635326236326565633532343466623532643234396134373435623563313566373037613362 +38353634313431643666623761393864656235653261653437376165353466396230633835333963 +62366333356565326363333235366538356663363139386334326330666262366633386136643561 +33373438396632393864396137626631623166343439333964323661313166613834363566666161 +65313965316361373937643832656435633330353065353461386565616464396566633565303265 +62333163386336363632316363653534383233383331343736396537313832613235373838643962 +32363436623533306361633162653831336261313230333662336462313332356135326232666138 +34623638343235666263326631303933643939636331366635363731613830626439333636376265 +37313534363633343538343938663434333562356631353636646138383435666132663336356534 +61663734663562663765 diff --git a/inventory/host_vars/ch-mon.yml b/inventory/host_vars/ch-mon.yml index 743a7136..eb0cea76 100644 --- a/inventory/host_vars/ch-mon.yml +++ b/inventory/host_vars/ch-mon.yml @@ -71,8 +71,13 @@ prometheus_server_alertmanager: prometheus_server_web_external_url: /prometheus/ prometheus_server_auth_users: + server: "{{ vault_prometheus_server_auth_user_passwords['server'] }}" admin: "{{ vault_prometheus_server_auth_user_passwords['admin'] }}" +prometheus_server_selfscraping_auth: + username: server + password: "{{ vault_prometheus_server_auth_user_passwords['server'] }}" + prometheus_exporters_extra: - blackbox diff --git a/roles/monitoring/prometheus/alertmanager/defaults/main.yml b/roles/monitoring/prometheus/alertmanager/defaults/main.yml index a7f94b38..47e0ae54 100644 --- a/roles/monitoring/prometheus/alertmanager/defaults/main.yml +++ b/roles/monitoring/prometheus/alertmanager/defaults/main.yml @@ -21,4 +21,4 @@ prometheus_alertmanager_receivers: - name: empty # prometheus_server_auth_users: -# foo: secret +# admin: geheim diff --git a/roles/monitoring/prometheus/server/defaults/main/main.yml b/roles/monitoring/prometheus/server/defaults/main/main.yml index d149483e..f74a6f30 100644 --- a/roles/monitoring/prometheus/server/defaults/main/main.yml +++ b/roles/monitoring/prometheus/server/defaults/main/main.yml @@ -26,9 +26,17 @@ prometheus_server_rules: # prometheus_server_alertmanager: # url: "127.0.0.1:9093" # path_prefix: / +# basic_auth: +# username: server +# password: geheim prometheus_server_web_listen_address: 127.0.0.1:9090 # prometheus_server_web_external_url: /prometheus/ # prometheus_server_auth_users: -# foo: secret +# server: changeme +# admin: secret + +# prometheus_server_selfscraping_auth: +# username: server +# password: changme diff --git a/roles/monitoring/prometheus/server/tasks/main.yml b/roles/monitoring/prometheus/server/tasks/main.yml index b2e5f0eb..4b1bf2c4 100644 --- a/roles/monitoring/prometheus/server/tasks/main.yml +++ b/roles/monitoring/prometheus/server/tasks/main.yml @@ -111,6 +111,17 @@ validate: "promtool check web-config %s" notify: reload prometheus +- name: generate password file prometheus server to scrape itself + when: prometheus_server_selfscraping_auth is defined + copy: + content: "{{ prometheus_server_selfscraping_auth.password }}\n" + dest: /etc/prometheus/prometheus-selfscraping.password + mode: 0640 + owner: root + group: prometheus + no_log: yes + notify: reload prometheus + - name: generate password file prometheus server to access alertmanager when: "'basic_auth' in prometheus_server_alertmanager" copy: diff --git a/roles/monitoring/prometheus/server/templates/prometheus.yml.j2 b/roles/monitoring/prometheus/server/templates/prometheus.yml.j2 index 98ac1aaa..883aa223 100644 --- a/roles/monitoring/prometheus/server/templates/prometheus.yml.j2 +++ b/roles/monitoring/prometheus/server/templates/prometheus.yml.j2 @@ -30,6 +30,11 @@ scrape_configs: {% if prometheus_server_web_external_url is defined %} metrics_path: '{{ (prometheus_server_web_external_url | urlsplit('path'), 'metrics') | path_join }}' {% endif %} +{% if prometheus_server_selfscraping_auth is defined %} + basic_auth: + username: '{{ prometheus_server_selfscraping_auth.username }}' + password_file: '/etc/prometheus/prometheus-selfscraping.password' +{% endif %} static_configs: - targets: ['localhost:9090'] labels: |