From 569c9df319be5f6dab86271316ad6aa30d02eb29 Mon Sep 17 00:00:00 2001
From: Jean-Marie Mineau <jean-marie.mineau@protonmail.com>
Date: Tue, 21 Sep 2021 16:16:02 +0200
Subject: [PATCH] add certificates to node exporters

---
 roles/prometheus-node-exporter/tasks/main.yml | 28 +++++++++++++------
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/roles/prometheus-node-exporter/tasks/main.yml b/roles/prometheus-node-exporter/tasks/main.yml
index 3f8d8b5..87dc4a5 100644
--- a/roles/prometheus-node-exporter/tasks/main.yml
+++ b/roles/prometheus-node-exporter/tasks/main.yml
@@ -10,12 +10,6 @@
   retries: 3
   until: apt_result is succeeded
 
-# TODO: add auth
-#
-# Create the file --web.config=/etc/node_exporter/config.yaml
-# and add --web.config=/etc/node_exporter/config.yaml to 
-# the args in /etc/default/prometheus-node-exporter
-
 - name: Ensure /etc/node_exporter exist
   file:
     path: /etc/node_exporter
@@ -33,6 +27,24 @@
     mode: u=rw,g=r,o=r
   notify: Restart prometheus-node-exporter
 
+- name: Generate certificate
+  include_role:
+    name: generate-cert
+  vars:
+    directory: /etc/node_exporter/
+    cname: "node-exp-{{ lan_address }}"
+    owner: prometheus
+    group: prometheus
+    key_mode: u=rw,g=,o=
+    subject_alt_name: "IP:{{ lan_address }}"
+  notify: Restart prometheus-node-exporter
+
+- name: Copy the CA cert
+  copy:
+    content: "{{ ca_cert }}"
+    dest: /etc/node_exporter/ca.crt
+  notify: Restart prometheus-node-exporter
+
 - name: Setup the arguments for node-exporter
   template:
     src: prometheus-node-exporter
@@ -45,8 +57,8 @@
     args:
       - name: web.listen-address
         value: "{{ lan_address }}:9100"
-#      - name: web.config
-#        value: /etc/node_exporter/config.yaml
+      - name: web.config
+        value: /etc/node_exporter/config.yaml
 
 # Add the node to the server targets