role service-prometheus: add vhost

This commit is contained in:
Julian Labus 2018-09-25 10:33:52 +02:00
parent e8d9e6af90
commit 13ff110411
No known key found for this signature in database
GPG key ID: 8AF209F2C6B3572A
4 changed files with 53 additions and 0 deletions

View file

@ -11,6 +11,7 @@ common_repos:
http_meshviewer_prefix: map http_meshviewer_prefix: map
http_grafana_prefix: stats http_grafana_prefix: stats
http_lookingglass_prefix: lg http_lookingglass_prefix: lg
http_prometheus_prefix: prom
prometheus_conf_main: prometheus/prometheus.yml.j2 prometheus_conf_main: prometheus/prometheus.yml.j2

View file

@ -15,6 +15,9 @@ alertmanager_version: 0.15.2
gosu_version: "1.10" gosu_version: "1.10"
prometheus_url_external: "{{ http_prometheus_prefix }}.{{ http_domain_external }}"
prometheus_url_internal: "{{ http_prometheus_prefix }}.{{ http_domain_internal }}"
prometheus_install_path: /opt/prometheus prometheus_install_path: /opt/prometheus
prometheus_config_path: /etc/prometheus prometheus_config_path: /etc/prometheus
prometheus_rule_path: "{{ prometheus_config_path }}/rules" prometheus_rule_path: "{{ prometheus_config_path }}/rules"

View file

@ -12,6 +12,11 @@
set_fact: set_fact:
prometheus_default_opts: "{{ prometheus_default_opts }} --web.console.templates={{ prometheus_daemon_dir }}/consoles --web.console.libraries={{ prometheus_daemon_dir }}/console_libraries" prometheus_default_opts: "{{ prometheus_default_opts }} --web.console.templates={{ prometheus_daemon_dir }}/consoles --web.console.libraries={{ prometheus_daemon_dir }}/console_libraries"
- name: install python-passlib
package:
name: python-passlib
state: present
- name: download and untar prometheus tarball - name: download and untar prometheus tarball
unarchive: unarchive:
src: "{{ prometheus_tarball_url }}" src: "{{ prometheus_tarball_url }}"
@ -80,3 +85,22 @@
name: prometheus name: prometheus
enabled: yes enabled: yes
state: started state: started
- name: create htpasswd
htpasswd:
path: /etc/nginx/htpasswd_prometheus
name: admin
password: "{{ lookup('passwordstore', 'prometheus/admin') }}"
owner: root
group: nginx
mode: 0640
notify: restart nginx
- name: write vhost
template:
src: prometheus_vhost.conf.j2
dest: /etc/nginx/conf.d/prometheus.conf
owner: root
group: root
mode: 0644
notify: restart nginx

View file

@ -0,0 +1,25 @@
server {
listen 80;
listen [::]:80;
server_name {{ prometheus_url_external }} {{ prometheus_url_internal }};
include /etc/nginx/snippets/redirect-to-ssl.conf;
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{ prometheus_url_external }} {{ prometheus_url_internal }};
ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
location / {
auth_basic "Prometheus";
auth_basic_user_file /etc/nginx/htpasswd_prometheus;
proxy_pass http://127.0.0.1:9090;
}
}