diff options
| -rw-r--r-- | inventory/host_vars/ch-prometheus.yml | 13 | ||||
| -rw-r--r-- | inventory/host_vars/ch-testvm-prometheus.yml | 16 | ||||
| -rw-r--r-- | roles/monitoring/prometheus/exporter/ssl/templates/service.j2 | 4 |
3 files changed, 31 insertions, 2 deletions
diff --git a/inventory/host_vars/ch-prometheus.yml b/inventory/host_vars/ch-prometheus.yml index d217de07..361a8c02 100644 --- a/inventory/host_vars/ch-prometheus.yml +++ b/inventory/host_vars/ch-prometheus.yml @@ -54,6 +54,7 @@ prometheus_exporter_node_textfile_collector_scripts: - smartmon prometheus_exporters_extra: + - ssl - ipmi prometheus_exporter_ipmi_modules: @@ -64,6 +65,18 @@ prometheus_exporter_ipmi_modules: - chassis - sel +prometheus_job_multitarget_blackbox__probe: + ch-mon: + - instance: "ssh-{{ inventory_hostname }}" + target: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address') }}:{{ ansible_port | default(22) }}" + module: ssh_banner + +prometheus_job_multitarget_ssl__probe: + ch-prometheus: + - instance: "sslcert-prometheus-{{ inventory_hostname }}" + target: "/etc/ssl/prometheus/**/*.pem" + module: file + installer_storage: type: lvm diff --git a/inventory/host_vars/ch-testvm-prometheus.yml b/inventory/host_vars/ch-testvm-prometheus.yml index 755ebc62..089b1571 100644 --- a/inventory/host_vars/ch-testvm-prometheus.yml +++ b/inventory/host_vars/ch-testvm-prometheus.yml @@ -47,10 +47,26 @@ ntp_client: - name: at.pool.ntp.org options: iburst + +prometheus_exporters_extra: + - ssl + prometheus_exporter_node_textfile_collector_scripts: - deleted-libraries - chrony +prometheus_job_multitarget_blackbox__probe: + ch-mon: + - instance: "ssh-{{ inventory_hostname }}" + target: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address') }}:{{ ansible_port | default(22) }}" + module: ssh_banner + +prometheus_job_multitarget_ssl__probe: + ch-testvm-prometheus: + - instance: "sslcert-prometheus-{{ inventory_hostname }}" + target: "/etc/ssl/prometheus/**/*.pem" + module: file + containerd_storage: type: lvm diff --git a/roles/monitoring/prometheus/exporter/ssl/templates/service.j2 b/roles/monitoring/prometheus/exporter/ssl/templates/service.j2 index fdd754a4..f0e1be30 100644 --- a/roles/monitoring/prometheus/exporter/ssl/templates/service.j2 +++ b/roles/monitoring/prometheus/exporter/ssl/templates/service.j2 @@ -7,8 +7,8 @@ ExecStart=/usr/bin/prometheus-ssl-exporter --web.listen-address="127.0.0.1:9219" ExecReload=/bin/kill -HUP $MAINPID # systemd hardening-options -AmbientCapabilities= -CapabilityBoundingSet= +AmbientCapabilities=CAP_DAC_READ_SEARCH +CapabilityBoundingSet=CAP_DAC_READ_SEARCH DeviceAllow=/dev/null rw DevicePolicy=strict LockPersonality=true |