diff options
| -rw-r--r-- | ansible/group_vars/all/nftables.yml | 9 | ||||
| -rw-r--r-- | ansible/host_vars/lovelace/prometheus.yml | 9 | ||||
| -rw-r--r-- | ansible/inventory/hosts.yaml | 3 | ||||
| -rw-r--r-- | ansible/playbook.yml | 2 | ||||
| -rw-r--r-- | ansible/roles/prometheus/tasks/main.yml | 16 |
5 files changed, 37 insertions, 2 deletions
diff --git a/ansible/group_vars/all/nftables.yml b/ansible/group_vars/all/nftables.yml index eba3319..68d0bbd 100644 --- a/ansible/group_vars/all/nftables.yml +++ b/ansible/group_vars/all/nftables.yml @@ -60,6 +60,15 @@ nftables_configuration: | iifname {{ ansible_default_ipv6.interface }} udp dport {{ wireguard_port }} ct state new accept {% endif %} + + {% if "monitoring" in group_names %} + # Prometheus connections + iifname {{ ansible_default_ipv4.interface }} tcp dport 9090 ct state new accept + {% if ansible_default_ipv6 is defined %} + iifname {{ ansible_default_ipv6.interface }} tcp dport 9090 ct state new accept + {% endif %} + {% endif %} + {% if "databases" in group_names %} # PostgreSQL connections iifname {{ ansible_default_ipv4.interface }} ip saddr @possible_lke_ipv4_addrs tcp dport postgresql ct state new accept diff --git a/ansible/host_vars/lovelace/prometheus.yml b/ansible/host_vars/lovelace/prometheus.yml index 5d114a1..cf748d0 100644 --- a/ansible/host_vars/lovelace/prometheus.yml +++ b/ansible/host_vars/lovelace/prometheus.yml @@ -1,4 +1,13 @@ --- + +prometheus_cmdline_options: " --web.config.file=/etc/prometheus/web_config.yml" + +prometheus_web_configuration: + tls_server_config: + cert_file: "/etc/letsencrypt/live/prometheus.{{ inventory_hostname }}.box.pydis.wtf/fullchain.pem" + key_file: "/etc/letsencrypt/live/prometheus.{{ inventory_hostname }}.box.pydis.wtf/privkey.pem" + + prometheus_configuration: global: scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. diff --git a/ansible/inventory/hosts.yaml b/ansible/inventory/hosts.yaml index 5d8e3cb..6a6a47d 100644 --- a/ansible/inventory/hosts.yaml +++ b/ansible/inventory/hosts.yaml @@ -13,5 +13,8 @@ all: databases: hosts: lovelace: + monitoring: + hosts: + lovelace: vars: wireguard_port: 46850 diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 62fc2d0..0cb4cf6 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -12,7 +12,7 @@ - unattended-upgrades - name: Deploy our monitoring stack - hosts: lovelace + hosts: monitoring roles: - prometheus - prometheus-blackbox-exporter diff --git a/ansible/roles/prometheus/tasks/main.yml b/ansible/roles/prometheus/tasks/main.yml index a4565a1..c8ba53f 100644 --- a/ansible/roles/prometheus/tasks/main.yml +++ b/ansible/roles/prometheus/tasks/main.yml @@ -18,7 +18,7 @@ notify: - Restart the prometheus service -- name: Configure prometheus +- name: Deploy prometheus general config copy: content: | # Ansible managed @@ -32,6 +32,20 @@ notify: - Reload the prometheus service +- name: Deploy prometheus web server config + copy: + content: | + # Ansible managed + {{ prometheus_web_configuration | to_nice_yaml }} + dest: /etc/prometheus/web_config.yml + owner: prometheus + group: prometheus + mode: "0400" + tags: + - role::prometheus + notify: + - Reload the prometheus service + - name: Configure prometheus rules copy: content: | |