add mSSL auth for prometheus serveur

3 years ago · 894a7e23ee
parent f487bb87e1
commit 894a7e23ee
2 changed files with 19 additions and 1 deletions
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@ -58,6 +58,15 @@
  notify: Restart prometheus
  no_log: true

+- name: Copy the web-config folder
+  template:
+    src: web-config.yaml
+    dest: /etc/prometheus/web-config.yaml
+    group: prometheus
+    owner: prometheus
+    mode: u=rw,g=r,o=r
+  notify: Restart prometheus
+
 - name: Setup the arguments for prometheus
  template:
    src: prometheus
@ -69,4 +78,6 @@
  vars:
    args:
      - name: web.listen-address
-        value: "{{ lan_address }}:9090"
+       value: "{{ lan_address }}:9090"
+      - name: web.config
+        value: /etc/prometheus/web-config.yaml
--- a/roles/prometheus/templates/web-config.yaml
+++ b/roles/prometheus/templates/web-config.yaml
@ -0,0 +1,7 @@
+{{ ansible_managed | comment }}
+
+tls_server_config:
+  cert_file: "/etc/prometheus/prometheus-{{ lan_address }}.crt"
+  key_file: "/etc/prometheus/prometheus-{{ lan_address }}.key"
+  client_auth_type: "RequireAndVerifyClientCert"
+  client_ca_file: "/etc/prometheus/ca.crt"