restrict prometheus end-point to lan address
This commit is contained in:
parent
95b729d69c
commit
a4fc24de99
GPG key ID:
67486F107F62E9E9
2 changed files with 79 additions and 1 deletions
|
|
@ -29,4 +29,15 @@
|
|||
notify: Restart prometheus
|
||||
no_log: true
|
||||
|
||||
|
||||
- name: Setup the arguments for node-exporter
|
||||
template:
|
||||
src: prometheus
|
||||
dest: /etc/default/prometheus
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: Restart prometheus
|
||||
vars:
|
||||
args:
|
||||
- name: web.listen-address
|
||||
value: "{{ lan_address }}:9100"
|
||||
|
|
|
|||
67
roles/prometheus/templates/prometheus
Normal file
67
roles/prometheus/templates/prometheus
Normal file
|
|
@ -0,0 +1,67 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
# Set the command-line arguments to pass to the server.
|
||||
{% if not args %}
|
||||
ARGS=""
|
||||
{% else %}
|
||||
ARGS="\
|
||||
{% for arg in args %}
|
||||
--{{ arg.name }}={{ arg.value }} \
|
||||
{% endfor %}
|
||||
"
|
||||
{% endif %}
|
||||
|
||||
# Prometheus supports the following options:
|
||||
# --config.file="/etc/prometheus/prometheus.yml"
|
||||
# Prometheus configuration file path.
|
||||
# --web.listen-address="0.0.0.0:9090"
|
||||
# Address to listen on for UI, API, and telemetry.
|
||||
# --web.read-timeout=5m Maximum duration before timing out read of the
|
||||
# request, and closing idle connections.
|
||||
# --web.max-connections=512 Maximum number of simultaneous connections.
|
||||
# --web.external-url=<URL> The URL under which Prometheus is externally
|
||||
# reachable (for example, if Prometheus is served
|
||||
# via a reverse proxy). Used for generating
|
||||
# relative and absolute links back to Prometheus
|
||||
# itself. If the URL has a path portion, it will
|
||||
# be used to prefix all HTTP endpoints served by
|
||||
# Prometheus. If omitted, relevant URL components
|
||||
# will be derived automatically.
|
||||
# --web.route-prefix=<path> Prefix for the internal routes of web endpoints.
|
||||
# Defaults to path of --web.external-url.
|
||||
# --web.local-assets="/usr/share/prometheus/web/"
|
||||
# Path to static asset/templates directory.
|
||||
# --web.user-assets=<path> Path to static asset directory, available at
|
||||
# /user.
|
||||
# --web.enable-lifecycle Enable shutdown and reload via HTTP request.
|
||||
# --web.enable-admin-api Enables API endpoints for admin control actions.
|
||||
# --web.console.templates="/etc/prometheus/consoles"
|
||||
# Path to the console template directory,
|
||||
# available at /consoles.
|
||||
# --web.console.libraries="/etc/prometheus/console_libraries"
|
||||
# Path to the console library directory.
|
||||
# --storage.tsdb.path="/var/lib/prometheus/metrics2/"
|
||||
# Base path for metrics storage.
|
||||
# --storage.tsdb.min-block-duration=2h
|
||||
# Minimum duration of a data block before being
|
||||
# persisted.
|
||||
# --storage.tsdb.max-block-duration=<duration>
|
||||
# Maximum duration compacted blocks may span.
|
||||
# (Defaults to 10% of the retention period)
|
||||
# --storage.tsdb.retention=15d
|
||||
# How long to retain samples in the storage.
|
||||
# --storage.tsdb.use-lockfile
|
||||
# Create a lockfile in data directory.
|
||||
# --alertmanager.notification-queue-capacity=10000
|
||||
# The capacity of the queue for pending alert
|
||||
# manager notifications.
|
||||
# --alertmanager.timeout=10s
|
||||
# Timeout for sending alerts to Alertmanager.
|
||||
# --query.lookback-delta=5m The delta difference allowed for retrieving
|
||||
# metrics during expression evaluations.
|
||||
# --query.timeout=2m Maximum time a query may take before being
|
||||
# aborted.
|
||||
# --query.max-concurrency=20
|
||||
# Maximum number of queries executed concurrently.
|
||||
# --log.level=info Only log messages with the given severity or
|
||||
# above. One of: [debug, info, warn, error]
|
||||
Loading…
Reference in a new issue