From 0ab582daa129b7a8714c2899821dca1632445063 Mon Sep 17 00:00:00 2001 From: Olivier Navas Date: Wed, 25 Dec 2024 13:55:09 +0100 Subject: [PATCH] Ajout authentification et tls sur nodeexporter --- defaults/main.yml | 1 + tasks/main.yml | 16 +++++++++++----- templates/docker-compose.yml | 4 ++++ 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index dced93b..84fb39c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1 +1,2 @@ docker_nodeexporter_port: "9100" +docker_nodeexporter_enable_tlsauth: false diff --git a/tasks/main.yml b/tasks/main.yml index e3fa33e..79d3069 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -3,13 +3,17 @@ path: /opt/{{ docker_nodeexporter_service_id }}/ state: directory -- name: Prepare config +- name: Prepare docker-compose.yml ansible.builtin.template: - src: "{{ item }}" + src: docker-compose.yml dest: /opt/{{ docker_nodeexporter_service_id }}/ - with_items: - - docker-compose.yml - - config.yml + notify: docker-compose-up + +- name: Prepare config.yml + ansible.builtin.template: + src: config.yml + dest: /opt/{{ docker_nodeexporter_service_id }}/ + when: docker_nodeexporter_enable_tlsauth notify: docker-compose-up - name: Copie le certificat pour tls @@ -23,6 +27,7 @@ group: root notify: - docker-compose-up + when: docker_nodeexporter_enable_tlsauth - name: Copie la clé pour tls ansible.builtin.get_url: @@ -35,3 +40,4 @@ group: root notify: - docker-compose-up + when: docker_nodeexporter_enable_tlsauth diff --git a/templates/docker-compose.yml b/templates/docker-compose.yml index 60aee3b..1be3e65 100644 --- a/templates/docker-compose.yml +++ b/templates/docker-compose.yml @@ -8,15 +8,19 @@ services: - /proc:/host/proc:ro - /sys:/host/sys:ro - /:/rootfs:ro +{% if docker_nodeexporter_enable_tlsauth %} - ./config.yml:/config.yml - ./key.pem:/key.pem - ./cert.pem:/cert.pem +{% endif %} command: - '--path.procfs=/host/proc' - '--path.rootfs=/rootfs' - '--path.sysfs=/host/sys' - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc|run)($$|/)' +{% if docker_nodeexporter_enable_tlsauth %} - '--web.config.file=/config.yml' +{% endif %} restart: always labels: org.label-schema.group: "monitoring"