add certificates to node exporters

2021-09-21 16:16:02 +02:00 · 2021-09-21 16:16:02 +02:00 · 569c9df319
commit 569c9df319
parent 435e834764
1 changed files with 20 additions and 8 deletions
--- a/roles/prometheus-node-exporter/tasks/main.yml
+++ b/roles/prometheus-node-exporter/tasks/main.yml
@ -10,12 +10,6 @@
  retries: 3
  until: apt_result is succeeded

-# TODO: add auth
-#
-# Create the file --web.config=/etc/node_exporter/config.yaml
-# and add --web.config=/etc/node_exporter/config.yaml to 
-# the args in /etc/default/prometheus-node-exporter
-
 - name: Ensure /etc/node_exporter exist
  file:
    path: /etc/node_exporter
@ -33,6 +27,24 @@
    mode: u=rw,g=r,o=r
  notify: Restart prometheus-node-exporter

+- name: Generate certificate
+  include_role:
+    name: generate-cert
+  vars:
+    directory: /etc/node_exporter/
+    cname: "node-exp-{{ lan_address }}"
+    owner: prometheus
+    group: prometheus
+    key_mode: u=rw,g=,o=
+    subject_alt_name: "IP:{{ lan_address }}"
+  notify: Restart prometheus-node-exporter
+
+- name: Copy the CA cert
+  copy:
+    content: "{{ ca_cert }}"
+    dest: /etc/node_exporter/ca.crt
+  notify: Restart prometheus-node-exporter
+
 - name: Setup the arguments for node-exporter
  template:
    src: prometheus-node-exporter
@ -45,8 +57,8 @@
    args:
      - name: web.listen-address
        value: "{{ lan_address }}:9100"
-#      - name: web.config
-#        value: /etc/node_exporter/config.yaml
+      - name: web.config
+        value: /etc/node_exporter/config.yaml

 # Add the node to the server targets