From 9521fac98871c878418ea6cb9dcdd4dddeff5817 Mon Sep 17 00:00:00 2001 From: Julian Labus Date: Mon, 24 Sep 2018 15:10:10 +0200 Subject: [PATCH] role service-prometheus: move node_exporter to own vhost --- playbooks/prometheus/prometheus.yml.j2 | 2 +- roles/service-nginx/templates/default.conf.j2 | 15 ------------- roles/service-prometheus/handlers/main.yml | 5 +++++ roles/service-prometheus/meta/main.yml | 3 +++ .../tasks/node-exporter.yml | 7 ++++++ .../templates/node_exporter_vhost.conf.j2 | 22 +++++++++++++++++++ 6 files changed, 38 insertions(+), 16 deletions(-) create mode 100644 roles/service-prometheus/meta/main.yml create mode 100644 roles/service-prometheus/templates/node_exporter_vhost.conf.j2 diff --git a/playbooks/prometheus/prometheus.yml.j2 b/playbooks/prometheus/prometheus.yml.j2 index fa42689..488041f 100644 --- a/playbooks/prometheus/prometheus.yml.j2 +++ b/playbooks/prometheus/prometheus.yml.j2 @@ -31,7 +31,7 @@ scrape_configs: {%for group in prometheus_groups %} - targets: {% for host in groups[group] %} - - '{{ host }}' + - '{{ host }}:9100' {% endfor %} labels: group: '{{ group }}' diff --git a/roles/service-nginx/templates/default.conf.j2 b/roles/service-nginx/templates/default.conf.j2 index d04e373..b7f1a6a 100644 --- a/roles/service-nginx/templates/default.conf.j2 +++ b/roles/service-nginx/templates/default.conf.j2 @@ -35,19 +35,4 @@ server { autoindex on; autoindex_exact_size off; } - -{% if node_exporter_present is defined %} - location ^~ /metrics { - set $metric_addr 127.0.0.1; - proxy_pass http://$metric_addr:9100/metrics; - - allow 127.0.0.0/8; - allow ::1/128; -{% for host in groups['ffmwu-monitoring'] %} - allow {{ lookup('dig', host, 'qtype=A') }}; - allow {{ lookup('dig', host, 'qtype=AAAA') }}; - deny all; -{% endfor %} - } -{% endif %} } diff --git a/roles/service-prometheus/handlers/main.yml b/roles/service-prometheus/handlers/main.yml index 91cb569..6262314 100644 --- a/roles/service-prometheus/handlers/main.yml +++ b/roles/service-prometheus/handlers/main.yml @@ -16,3 +16,8 @@ service: name: node_exporter state: restarted + +- name: restart nginx + systemd: + name: nginx + state: restarted diff --git a/roles/service-prometheus/meta/main.yml b/roles/service-prometheus/meta/main.yml new file mode 100644 index 0000000..814b458 --- /dev/null +++ b/roles/service-prometheus/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: service-nginx } diff --git a/roles/service-prometheus/tasks/node-exporter.yml b/roles/service-prometheus/tasks/node-exporter.yml index 92d458d..6496f21 100644 --- a/roles/service-prometheus/tasks/node-exporter.yml +++ b/roles/service-prometheus/tasks/node-exporter.yml @@ -29,6 +29,13 @@ group: "{{ prometheus_group }}" mode: "u=rwx,g=rx,o=" +- name: copy vhost node_exporter.conf + template: + src: "../templates/node_exporter_vhost.conf.j2" + dest: "/etc/nginx/conf.d/node_exporter.conf" + notify: + - restart nginx + - name: copy systemd config to server template: src: "../templates/node_exporter.service.j2" diff --git a/roles/service-prometheus/templates/node_exporter_vhost.conf.j2 b/roles/service-prometheus/templates/node_exporter_vhost.conf.j2 new file mode 100644 index 0000000..4cb277f --- /dev/null +++ b/roles/service-prometheus/templates/node_exporter_vhost.conf.j2 @@ -0,0 +1,22 @@ +server { + listen {{ lookup('dig', inventory_hostname, 'qtype=A') }}:9100 ssl; + listen [{{ lookup('dig', inventory_hostname, 'qtype=AAAA') }}]:9100 ssl; + server_name {{ inventory_hostname_short }}.{{ http_domain_external }} {{ inventory_hostname_short }}.{{ http_domain_internal }}; + + ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem; + + include /etc/nginx/snippets/letsencrypt-acme-challenge.conf; + + location / { + proxy_pass http://127.0.0.1:9100; + + allow 127.0.0.0/8; + allow ::1/128; +{% for host in groups['ffmwu-monitoring'] %} + allow {{ lookup('dig', host, 'qtype=A') }}; + allow {{ lookup('dig', host, 'qtype=AAAA') }}; + deny all; +{% endfor %} + } +}