diff --git a/playbooks/prometheus/prometheus.yml.j2 b/playbooks/prometheus/prometheus.yml.j2 index fcb8992..fa42689 100644 --- a/playbooks/prometheus/prometheus.yml.j2 +++ b/playbooks/prometheus/prometheus.yml.j2 @@ -23,19 +23,15 @@ scrape_configs: scrape_interval: 10s scrape_timeout: 10s static_configs: - - targets: ['localhost:9090', 'localhost:9100'] + - targets: ['localhost:9090'] - job_name: "node" - file_sd_configs: - - files: - - '{{ prometheus_file_sd_config_path }}/*.json' - - '{{ prometheus_file_sd_config_path }}/*.yml' - - '{{ prometheus_file_sd_config_path }}/*.yaml' + scheme: "https" static_configs: {%for group in prometheus_groups %} - targets: {% for host in groups[group] %} - - '{{ host }}:9100' + - '{{ host }}' {% endfor %} labels: group: '{{ group }}' diff --git a/roles/service-nginx/templates/default.conf.j2 b/roles/service-nginx/templates/default.conf.j2 index b7f1a6a..fdaff8a 100644 --- a/roles/service-nginx/templates/default.conf.j2 +++ b/roles/service-nginx/templates/default.conf.j2 @@ -35,4 +35,17 @@ server { autoindex on; autoindex_exact_size off; } + + location ^~ /metrics { + set $metric_addr 127.0.0.1; + proxy_pass http://$metric_addr:9100/metrics; + + allow 127.0.0.0/8; + allow ::1/128; +{% for host in groups['ffmwu-monitoring'] %} + allow {{ lookup('dig', host, 'qtype=A') }}; + allow {{ lookup('dig', host, 'qtype=AAAA') }}; + deny all; +{% endfor %} + } }