From 152652bf3df22bd4687012e3b372cd00760bf1cd Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 27 Oct 2021 23:54:16 +0200
Subject: restore promethues self-scraping if auth is used

---
 roles/monitoring/prometheus/alertmanager/defaults/main.yml    |  2 +-
 roles/monitoring/prometheus/server/defaults/main/main.yml     | 10 +++++++++-
 roles/monitoring/prometheus/server/tasks/main.yml             | 11 +++++++++++
 .../monitoring/prometheus/server/templates/prometheus.yml.j2  |  5 +++++
 4 files changed, 26 insertions(+), 2 deletions(-)

(limited to 'roles/monitoring')

diff --git a/roles/monitoring/prometheus/alertmanager/defaults/main.yml b/roles/monitoring/prometheus/alertmanager/defaults/main.yml
index a7f94b38..47e0ae54 100644
--- a/roles/monitoring/prometheus/alertmanager/defaults/main.yml
+++ b/roles/monitoring/prometheus/alertmanager/defaults/main.yml
@@ -21,4 +21,4 @@ prometheus_alertmanager_receivers:
   - name: empty
 
 # prometheus_server_auth_users:
-#   foo: secret
+#   admin: geheim
diff --git a/roles/monitoring/prometheus/server/defaults/main/main.yml b/roles/monitoring/prometheus/server/defaults/main/main.yml
index d149483e..f74a6f30 100644
--- a/roles/monitoring/prometheus/server/defaults/main/main.yml
+++ b/roles/monitoring/prometheus/server/defaults/main/main.yml
@@ -26,9 +26,17 @@ prometheus_server_rules:
 # prometheus_server_alertmanager:
 #   url: "127.0.0.1:9093"
 #   path_prefix: /
+#   basic_auth:
+#     username: server
+#     password: geheim
 
 prometheus_server_web_listen_address: 127.0.0.1:9090
 # prometheus_server_web_external_url: /prometheus/
 
 # prometheus_server_auth_users:
-#   foo: secret
+#   server: changeme
+#   admin: secret
+
+# prometheus_server_selfscraping_auth:
+#   username: server
+#   password: changme
diff --git a/roles/monitoring/prometheus/server/tasks/main.yml b/roles/monitoring/prometheus/server/tasks/main.yml
index b2e5f0eb..4b1bf2c4 100644
--- a/roles/monitoring/prometheus/server/tasks/main.yml
+++ b/roles/monitoring/prometheus/server/tasks/main.yml
@@ -111,6 +111,17 @@
     validate: "promtool check web-config %s"
   notify: reload prometheus
 
+- name: generate password file prometheus server to scrape itself
+  when: prometheus_server_selfscraping_auth is defined
+  copy:
+    content: "{{ prometheus_server_selfscraping_auth.password }}\n"
+    dest: /etc/prometheus/prometheus-selfscraping.password
+    mode: 0640
+    owner: root
+    group: prometheus
+  no_log: yes
+  notify: reload prometheus
+
 - name: generate password file prometheus server to access alertmanager
   when: "'basic_auth' in prometheus_server_alertmanager"
   copy:
diff --git a/roles/monitoring/prometheus/server/templates/prometheus.yml.j2 b/roles/monitoring/prometheus/server/templates/prometheus.yml.j2
index 98ac1aaa..883aa223 100644
--- a/roles/monitoring/prometheus/server/templates/prometheus.yml.j2
+++ b/roles/monitoring/prometheus/server/templates/prometheus.yml.j2
@@ -29,6 +29,11 @@ scrape_configs:
   - job_name: 'prometheus'
 {% if prometheus_server_web_external_url is defined %}
     metrics_path: '{{ (prometheus_server_web_external_url | urlsplit('path'), 'metrics') | path_join }}'
+{% endif %}
+{% if prometheus_server_selfscraping_auth is defined %}
+    basic_auth:
+      username: '{{ prometheus_server_selfscraping_auth.username }}'
+      password_file: '/etc/prometheus/prometheus-selfscraping.password'
 {% endif %}
     static_configs:
     - targets: ['localhost:9090']
-- 
cgit v1.2.3