From c0ca8f5e7c5921bb5c8f4239dd2016a514b48dce Mon Sep 17 00:00:00 2001 From: Olivier Navas Date: Wed, 25 Dec 2024 12:45:27 +0100 Subject: [PATCH] Ajout authentification et tls sur nodeexporter --- tasks/main.yml | 27 +++++++++++++++++++++++++-- templates/config.yml | 6 ++++++ templates/docker-compose.yml | 4 ++++ 3 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 templates/config.yml diff --git a/tasks/main.yml b/tasks/main.yml index 504918a..62cf177 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -3,12 +3,35 @@ path: /opt/{{ docker_nodeexporter_service_id }}/ state: directory -- name: prepare docker-compose.yml +- name: prepare config template: src: "{{ item }}" dest: /opt/{{ docker_nodeexporter_service_id }}/ with_items: - docker-compose.yml + - config.yml notify: docker-compose-up - +- name: Copie le certificat pour tls + ansible.builtin.get_url: + url: "{{ docker_nodeexporter_certificate_url }}" + dest: /opt/{{ docker_nodeexporter_service_id }}/cert.pem + username: "{{ lookup('env', 'AAP_RESSOURCES_USER') }}" + password: "{{ lookup('env', 'AAP_RESSOURCES_PASSWORD') }}" + mode: u=rw,g=r,o=r + owner: root + group: root + notify: + - docker-compose-up + +- name: Copie la clé pour tls + ansible.builtin.get_url: + url: "{{ docker_nodeexporter_key_url }}" + dest: /opt/{{ docker_nodeexporter_service_id }}/key.pem + username: "{{ lookup('env', 'AAP_RESSOURCES_USER') }}" + password: "{{ lookup('env', 'AAP_RESSOURCES_PASSWORD') }}" + mode: u=rw,g=r,o= + owner: root + group: root + notify: + - docker-compose-up diff --git a/templates/config.yml b/templates/config.yml new file mode 100644 index 0000000..5a23734 --- /dev/null +++ b/templates/config.yml @@ -0,0 +1,6 @@ +basic_auth_users: + prometheus: {{ docker_nodeexporter_auth_password }} + +tls_server_config: + cert_file: /cert.pem + key_file: /key.pem diff --git a/templates/docker-compose.yml b/templates/docker-compose.yml index 9b9e88f..b45ed2b 100644 --- a/templates/docker-compose.yml +++ b/templates/docker-compose.yml @@ -8,11 +8,15 @@ services: - /proc:/host/proc:ro - /sys:/host/sys:ro - /:/rootfs:ro + - ./config.yml:/config.yml + - ./key.pem:/key.pem + - ./cert.pem.yml:/cert.pem command: - '--path.procfs=/host/proc' - '--path.rootfs=/rootfs' - '--path.sysfs=/host/sys' - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc|run)($$|/)' + - '--web.config.file=/config.yml' restart: always labels: org.label-schema.group: "monitoring"