-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmetrics.yaml
104 lines (93 loc) · 3.24 KB
/
metrics.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
---
- name: Install or update Nginx
ansible.builtin.apt:
name:
- nginx
notify: "Reload Nginx"
- name: Generate host private key
delegate_to: localhost
throttle: "{{ jobs }}"
community.crypto.openssl_privatekey:
path: "{{ ssl_dir }}/clients/keys/{{ inventory_hostname }}.key"
- name: Generate host CSR
delegate_to: localhost
throttle: "{{ jobs }}"
community.crypto.openssl_csr:
path: "{{ ssl_dir }}/clients/csrs/{{ inventory_hostname }}.csr"
privatekey_path: "{{ ssl_dir }}/clients/keys/{{ inventory_hostname }}.key"
common_name: "{{ inventory_hostname }}"
country_name: "DE"
subject_alt_name:
- "DNS:{{ inventory_hostname }}"
- "IP:{{ ansible_facts.default_ipv4.address }}"
- "IP:{{ ansible_facts.default_ipv6.address }}"
key_usage:
- digitalSignature
- nonRepudiation
- keyEncipherment
- dataEncipherment
- name: Generate host certificate
delegate_to: localhost
throttle: "{{ jobs }}"
community.crypto.x509_certificate:
path: "{{ ssl_dir }}/clients/certs/{{ inventory_hostname }}.crt"
csr_path: "{{ ssl_dir }}/clients/csrs/{{ inventory_hostname }}.csr"
ownca_path: "{{ ssl_dir }}/CA/certs/CA.crt"
ownca_privatekey_path: "{{ ssl_dir }}/CA/keys/CA.key"
provider: ownca
- name: Copy host key
ansible.builtin.copy:
src: "{{ ssl_dir }}/clients/keys/{{ inventory_hostname }}.key"
dest: /etc/nginx/conf.d/
notify: "Reload Nginx"
- name: Copy host certificate
ansible.builtin.copy:
content: "{{
lookup('file','{{ ssl_dir }}/clients/certs/{{ inventory_hostname }}.crt')+'\n'+
lookup('file','{{ ssl_dir }}/CA/certs/CA.crt')+'\n'
}}"
dest: "/etc/nginx/conf.d/{{ inventory_hostname }}.crt"
notify: "Reload Nginx"
- name: Configure Nginx
ansible.builtin.template:
src: metrics.conf.j2
dest: /etc/nginx/conf.d/metrics.conf
mode: "0644"
notify: "Reload Nginx"
- name: Remove Nginx default listener
ansible.builtin.file:
path: /etc/nginx/sites-enabled/default
state: absent
notify: "Reload Nginx"
- name: Prometheus node exporter
when: node_metrics
block:
- name: Install Prometheus node exporter
ansible.builtin.apt:
name:
- prometheus-node-exporter
notify: "Restart Prometheus node exporter"
# needed if manually disabled
- name: Enable Prometheus node exporter at boot
ansible.builtin.systemd_service:
name: prometheus-node-exporter
notify: "Restart Prometheus node exporter"
- name: Create Prometheus node exporter data directory
ansible.builtin.file:
path: /var/lib/node_exporter/
state: directory
mode: "0755"
notify: "Restart Prometheus node exporter"
- name: Configure Prometheus node exporter
ansible.builtin.lineinfile:
create: false
line: >-
ARGS='
--web.listen-address=localhost:9100
--collector.tcpstat
--collector.textfile.directory=/var/lib/node_exporter/
--collector.filesystem.mount-points-exclude="^/(dev|proc|run/credentials/.+|sys|var/lib/docker/.+|var/lib/containers/storage/.+)($|/)"
'
path: /etc/default/prometheus-node-exporter
regex: "^ARGS="
notify: "Restart Prometheus node exporter"