role service-prometheus: move node_exporter to own vhost

2018-09-24 15:10:10 +02:00 · 2018-09-24 15:10:10 +02:00 · 9521fac988
commit 9521fac988
parent 525c3e4fd0
6 changed files with 38 additions and 16 deletions
--- a/playbooks/prometheus/prometheus.yml.j2
+++ b/playbooks/prometheus/prometheus.yml.j2
@ -31,7 +31,7 @@ scrape_configs:
 {%for group in prometheus_groups %}
      - targets:
 {% for host in groups[group] %}
-        - '{{ host }}'
+        - '{{ host }}:9100'
 {% endfor %}
        labels:
          group: '{{ group }}'
--- a/roles/service-nginx/templates/default.conf.j2
+++ b/roles/service-nginx/templates/default.conf.j2
@ -35,19 +35,4 @@ server {
        autoindex on;
        autoindex_exact_size off;
    }
-
-{% if node_exporter_present is defined %}
-    location ^~ /metrics {
-        set $metric_addr 127.0.0.1;
-        proxy_pass http://$metric_addr:9100/metrics;
-
-        allow 127.0.0.0/8;
-        allow ::1/128;
-{% for host in groups['ffmwu-monitoring'] %}
-        allow {{ lookup('dig', host, 'qtype=A') }};
-        allow {{ lookup('dig', host, 'qtype=AAAA') }};
-        deny all;
-{% endfor %}
-    }
-{% endif %}
 }
--- a/roles/service-prometheus/handlers/main.yml
+++ b/roles/service-prometheus/handlers/main.yml
@ -16,3 +16,8 @@
  service:
    name: node_exporter
    state: restarted
+
+- name: restart nginx
+  systemd:
+    name: nginx
+    state: restarted
--- a/roles/service-prometheus/meta/main.yml
+++ b/roles/service-prometheus/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: service-nginx }
--- a/roles/service-prometheus/tasks/node-exporter.yml
+++ b/roles/service-prometheus/tasks/node-exporter.yml
@ -29,6 +29,13 @@
    group: "{{ prometheus_group }}"
    mode: "u=rwx,g=rx,o="

+- name: copy vhost node_exporter.conf
+  template:
+    src: "../templates/node_exporter_vhost.conf.j2"
+    dest: "/etc/nginx/conf.d/node_exporter.conf"
+  notify:
+    - restart nginx
+
 - name: copy systemd config to server
  template:
    src: "../templates/node_exporter.service.j2"
--- a/roles/service-prometheus/templates/node_exporter_vhost.conf.j2
+++ b/roles/service-prometheus/templates/node_exporter_vhost.conf.j2
@ -0,0 +1,22 @@
+server {
+    listen {{ lookup('dig', inventory_hostname, 'qtype=A') }}:9100 ssl;
+    listen [{{ lookup('dig', inventory_hostname, 'qtype=AAAA') }}]:9100 ssl;
+    server_name {{ inventory_hostname_short }}.{{ http_domain_external }} {{ inventory_hostname_short }}.{{ http_domain_internal }};
+
+    ssl_certificate     /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
+
+    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
+
+    location / {
+      proxy_pass http://127.0.0.1:9100;
+
+      allow 127.0.0.0/8;
+      allow ::1/128;
+{% for host in groups['ffmwu-monitoring'] %}
+      allow {{ lookup('dig', host, 'qtype=A') }};
+      allow {{ lookup('dig', host, 'qtype=AAAA') }};
+      deny all;
+{% endfor %}
+    }
+}