From 5a3268dc37ec0dabf16903b233cc5e3af216e7eb Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Tue, 21 Sep 2021 16:30:49 +0200 Subject: [PATCH] add mSSL support for the prometheus server --- roles/prometheus-node-exporter/tasks/main.yml | 2 +- roles/prometheus/tasks/main.yml | 18 ++++++++++++++++++ roles/prometheus/templates/prometheus.yml | 5 +++++ 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/roles/prometheus-node-exporter/tasks/main.yml b/roles/prometheus-node-exporter/tasks/main.yml index 87dc4a5..aa6ece6 100644 --- a/roles/prometheus-node-exporter/tasks/main.yml +++ b/roles/prometheus-node-exporter/tasks/main.yml @@ -37,7 +37,7 @@ group: prometheus key_mode: u=rw,g=,o= subject_alt_name: "IP:{{ lan_address }}" - notify: Restart prometheus-node-exporter +# Need an equivalent to notify here - name: Copy the CA cert copy: diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index b296be4..9f252f7 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -19,6 +19,24 @@ owner: prometheus mode: u=rwx,g=rx,o=rx +- name: Generate certificate + include_role: + name: generate-cert + vars: + directory: /etc/prometheus/ + cname: "prometheus-{{ lan_address }}" + owner: prometheus + group: prometheus + key_mode: u=rw,g=,o= + subject_alt_name: "IP:{{ lan_address }}" +# Need an equivalent to notify here + +- name: Copy the CA cert + copy: + content: "{{ ca_cert }}" + dest: /etc/prometheus/ca.crt + notify: Restart prometheus + - name: Setup the prometheus config template: src: prometheus.yml diff --git a/roles/prometheus/templates/prometheus.yml b/roles/prometheus/templates/prometheus.yml index 4608f3e..985620d 100644 --- a/roles/prometheus/templates/prometheus.yml +++ b/roles/prometheus/templates/prometheus.yml @@ -45,3 +45,8 @@ scrape_configs: - source_labels: [__param_target] target_label: __address__ replacement: '$1:9100' + scheme: https + tls_config: + ca_file: '/etc/prometheus/ca.crt' + cert_file: '/etc/prometheus/prometheus-{{ lan_address }}.crt' + key_file: '/etc/prometheus/prometheus-{{ lan_address }}.key'