mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-06-02 22:26:05 +02:00
9d8146c844
No reason this should be 0600 as it doesn't contain any sensitive data; switch it back to the package's default permissions of 0644.
31 lines
1.3 KiB
YAML
31 lines
1.3 KiB
YAML
- name: Install prometheus server
|
|
pacman: name=prometheus,python-passlib,python-bcrypt state=present
|
|
|
|
- name: Install prometheus configuration
|
|
template: src=prometheus.yml.j2 dest=/etc/prometheus/prometheus.yml owner=root group=prometheus mode=640
|
|
notify: Reload prometheus
|
|
|
|
- name: Install prometheus cli configuration
|
|
template: src=prometheus.conf.j2 dest=/etc/conf.d/prometheus owner=root group=root mode=644
|
|
notify: Reload prometheus
|
|
|
|
- name: Install prometheus web-config configuration
|
|
template: src=web-config.yml.j2 dest=/etc/prometheus/web-config.yml owner=root group=prometheus mode=640
|
|
notify: Reload prometheus
|
|
when: prometheus_receive_only
|
|
|
|
- name: Install prometheus alert configuration
|
|
copy: src=node.rules.yml dest=/etc/prometheus/node.rules.yml owner=root group=root mode=644
|
|
notify: Reload prometheus
|
|
when: not prometheus_receive_only
|
|
|
|
- name: Enable prometheus server service
|
|
systemd: name=prometheus enabled=yes daemon_reload=yes state=started
|
|
|
|
- name: Open prometheus port for monitoring.archlinux.org
|
|
ansible.posix.firewalld: zone=wireguard state=enabled permanent=true immediate=yes
|
|
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['wireguard_address'] }} port protocol=tcp port=9090 accept"
|
|
when: configure_firewall and prometheus_receive_only
|
|
tags:
|
|
- firewall
|