Ajout authentification et tls sur nodeexporter

tasks/main.yml

@@ -3,12 +3,35 @@
     path: /opt/{{ docker_nodeexporter_service_id }}/
     state: directory
 
-- name: prepare docker-compose.yml
+- name: prepare config
   template:
     src: "{{ item }}"
     dest: /opt/{{ docker_nodeexporter_service_id }}/
   with_items:
     - docker-compose.yml
+    - config.yml
   notify: docker-compose-up
-  
 
+- name: Copie le certificat pour tls
+  ansible.builtin.get_url:
+    url: "{{ docker_nodeexporter_certificate_url }}"
+    dest: /opt/{{ docker_nodeexporter_service_id }}/cert.pem
+    username: "{{ lookup('env', 'AAP_RESSOURCES_USER') }}"
+    password: "{{ lookup('env', 'AAP_RESSOURCES_PASSWORD') }}"
+    mode: u=rw,g=r,o=r
+    owner: root
+    group: root
+  notify:
+    - docker-compose-up
+
+- name: Copie la clé pour tls
+  ansible.builtin.get_url:
+    url: "{{ docker_nodeexporter_key_url }}"
+    dest: /opt/{{ docker_nodeexporter_service_id }}/key.pem
+    username: "{{ lookup('env', 'AAP_RESSOURCES_USER') }}"
+    password: "{{ lookup('env', 'AAP_RESSOURCES_PASSWORD') }}"
+    mode: u=rw,g=r,o=
+    owner: root
+    group: root
+  notify:
+    - docker-compose-up

templates/config.yml

@@ -0,0 +1,6 @@
+basic_auth_users:
+  prometheus: {{ docker_nodeexporter_auth_password }}
+
+tls_server_config:
+  cert_file: /cert.pem
+  key_file: /key.pem

templates/docker-compose.yml

@@ -8,11 +8,15 @@ services:
       - /proc:/host/proc:ro
       - /sys:/host/sys:ro
       - /:/rootfs:ro
+      - ./config.yml:/config.yml
+      - ./key.pem:/key.pem
+      - ./cert.pem.yml:/cert.pem
     command:
       - '--path.procfs=/host/proc'
       - '--path.rootfs=/rootfs'
       - '--path.sysfs=/host/sys'
       - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc|run)($$|/)'
+      - '--web.config.file=/config.yml'
     restart: always
     labels:
       org.label-schema.group: "monitoring"