From 0b40cc4b9b8a1f2893ac189a276136b94785e7f6 Mon Sep 17 00:00:00 2001 From: elkmaennchen Date: Sat, 9 Mar 2024 19:29:34 +0100 Subject: [PATCH 1/2] configure timeout on snmp scraping for quanta --- group_vars/prom/prometheus/quanta.yml | 1 + hosts | 4 ++-- roles/prometheus/filter_plugins/prometheus.py | 3 +++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/group_vars/prom/prometheus/quanta.yml b/group_vars/prom/prometheus/quanta.yml index 41be87d..cedd93b 100644 --- a/group_vars/prom/prometheus/quanta.yml +++ b/group_vars/prom/prometheus/quanta.yml @@ -3,6 +3,7 @@ prometheus__scraping_quanta: targets: "{{ groups.quanta }}" address: 127.0.0.1:9116 path: /snmp + timeout: 60s params: module: - quanta diff --git a/hosts b/hosts index 300ffe6..edb3998 100644 --- a/hosts +++ b/hosts @@ -58,7 +58,7 @@ edge [ntp] ntp-[1:2].int.infra.auro.re -[radius] +[radiusng] radius-[1:2].isp.infra.auro.re [vm_network:children] @@ -66,7 +66,7 @@ vpn edge dhcp dns -radius +radiusng ntp #ldap isp diff --git a/roles/prometheus/filter_plugins/prometheus.py b/roles/prometheus/filter_plugins/prometheus.py index f9bbabc..036d8d5 100644 --- a/roles/prometheus/filter_plugins/prometheus.py +++ b/roles/prometheus/filter_plugins/prometheus.py @@ -25,6 +25,9 @@ def convert_jobs(config): if "path" in job: config["metrics_path"] = job["path"] + if "timeout" in job: + config["scrape_timeout"] = job["timeout"] + if "address" in job: try: From 97496ef4b8151b8424854eac3a6eef57fb239af7 Mon Sep 17 00:00:00 2001 From: elkmaennchen Date: Sat, 9 Mar 2024 20:09:24 +0100 Subject: [PATCH 2/2] path security issue (getting root privileges) --- group_vars/router/prometheus.yml | 3 +++ roles/prometheus_node/tasks/main.yml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 group_vars/router/prometheus.yml diff --git a/group_vars/router/prometheus.yml b/group_vars/router/prometheus.yml new file mode 100644 index 0000000..871c762 --- /dev/null +++ b/group_vars/router/prometheus.yml @@ -0,0 +1,3 @@ +--- +prometheus_keepalived__dest: /var/run/prometheus-node-exporter/keepalived.prom +... \ No newline at end of file diff --git a/roles/prometheus_node/tasks/main.yml b/roles/prometheus_node/tasks/main.yml index 04af608..33525ce 100644 --- a/roles/prometheus_node/tasks/main.yml +++ b/roles/prometheus_node/tasks/main.yml @@ -28,7 +28,7 @@ state: directory owner: root group: root - mode: u=rwx,g=rw,o=rw + mode: u=rwx,g=rx,o=rx - name: Override prometheus-node-exporter.service template: