Pains-Perdus/ansible
3
1
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

add mSSL auth for prometheus serveur

Browse source
This commit is contained in:
histausse 2021-09-24 22:44:10 +02:00
parent f487bb87e1
commit 894a7e23ee
Signed by: histausse
GPG key ID: 67486F107F62E9E9
2 changed files with 19 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
roles/prometheus/tasks/main.yml
View file

@ -58,6 +58,15 @@
notify: Restart prometheus notify: Restart prometheus
no_log: true no_log: true
- name: Copy the web-config folder
template:
src: web-config.yaml
dest: /etc/prometheus/web-config.yaml
group: prometheus
owner: prometheus
mode: u=rw,g=r,o=r
notify: Restart prometheus
- name: Setup the arguments for prometheus - name: Setup the arguments for prometheus
template: template:
src: prometheus src: prometheus
@ -69,4 +78,6 @@
vars: vars:
args: args:
- name: web.listen-address - name: web.listen-address
value: "{{ lan_address }}:9090" value: "{{ lan_address }}:9090"
- name: web.config
value: /etc/prometheus/web-config.yaml

7
roles/prometheus/templates/web-config.yaml Normal file
View file

@ -0,0 +1,7 @@
{{ ansible_managed | comment }}
tls_server_config:
cert_file: "/etc/prometheus/prometheus-{{ lan_address }}.crt"
key_file: "/etc/prometheus/prometheus-{{ lan_address }}.key"
client_auth_type: "RequireAndVerifyClientCert"
client_ca_file: "/etc/prometheus/ca.crt"