diff --git a/doc/puppet_classes/prometheus_cd_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/prometheus_cd_3A_3Afirewall_3A_3Aiptables.html
new file mode 100644
index 0000000..d438768
--- /dev/null
+++ b/doc/puppet_classes/prometheus_cd_3A_3Afirewall_3A_3Aiptables.html
@@ -0,0 +1,142 @@
+
+
+
+
+
+
+ Puppet Class: prometheus_cd::firewall::iptables
+
+ — Documentation by YARD 0.9.36
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Puppet Class: prometheus_cd::firewall::iptables
+
+
+
Summary
+ Class manages the firewall rules for the prometheus_cd module.
+
+
Overview
+
+
+
+
prometheus_cd::firewall::iptables.pp Module name: prometheus_cd Author: Arne Teuke (arne_teuke@confdroid.com)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+6
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+ |
+
+ # File 'manifests/firewall/iptables.pp', line 6
+
+class prometheus_cd::firewall::iptables (
+) inherits prometheus_cd::params {
+ if ($ps_prom_host == $fqdn) and ($ps_manage_fw == true) {
+ # main port
+ firewall { "${ps_fw_prefix}${$ps_main_port} main port":
+ proto => 'tcp',
+ dport => $ps_main_port,
+ jump => 'accept',
+ }
+ }
+}
+ |
+
+
+
+
+
+
+
+
# File 'manifests/main/dirs.pp', line 6
@@ -112,6 +124,18 @@
class prometheus_cd::main::dirs (
) inherits prometheus_cd::params {
require prometheus_cd::main::install
+ if $ps_prom_host == fqdn {
+ file { $ps_main_dir:
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ selrange => s0,
+ selrole => object_r,
+ seltype => etc_t,
+ seluser => system_u,
+ }
+ }
}
|
diff --git a/doc/puppet_classes/prometheus_cd_3A_3Amain_3A_3Aservice.html b/doc/puppet_classes/prometheus_cd_3A_3Amain_3A_3Aservice.html
index 38c7bb7..e88064a 100644
--- a/doc/puppet_classes/prometheus_cd_3A_3Amain_3A_3Aservice.html
+++ b/doc/puppet_classes/prometheus_cd_3A_3Amain_3A_3Aservice.html
@@ -120,7 +120,8 @@
22
23
24
-25
+25
+26
# File 'manifests/main/service.pp', line 6
@@ -128,7 +129,8 @@
class prometheus_cd::main::service (
) inherits prometheus_cd::params {
require prometheus_cd::main::files
- if $manage_prometheus == true {
+ require prometheus_cd::firewall::iptables
+ if ($ps_prom_host == $fqdn) and ($manage_prometheus == true) {
service { 'prometheus':
ensure => running,
hasstatus => true,
diff --git a/doc/puppet_classes/prometheus_cd_3A_3Aparams.html b/doc/puppet_classes/prometheus_cd_3A_3Aparams.html
index dab5781..f2ba616 100644
--- a/doc/puppet_classes/prometheus_cd_3A_3Aparams.html
+++ b/doc/puppet_classes/prometheus_cd_3A_3Aparams.html
@@ -79,6 +79,8 @@
prometheus_cd::main::yumrepo
+ prometheus_cd::firewall::iptables
+
@@ -194,6 +196,78 @@
—
whether to manage node exporter
+
+
+
+
+
+
+ ps_manage_fw
+
+
+ (Boolean)
+
+
+ (defaults to: false)
+
+
+ —
+
+ whether to manage the firewall
+
+ the fqdn of the prometheus server
+
+ the firewall rule prefix
+
+ the firewall main port for prometheus
-11
-12
-13
-14
15
16
17
@@ -226,18 +296,43 @@
25
26
27
-28
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
|
- # File 'manifests/params.pp', line 11
+ # File 'manifests/params.pp', line 15
class prometheus_cd::params (
+ # installation
String $reqpackage_prom = 'prometheus2',
String $reqpackage_ne = 'node_exporter',
String $pkg_ensure = 'present',
+
+ # config logic
Boolean $manage_prometheus = false,
Boolean $manage_node_exporter = false,
+ Boolean $ps_manage_fw = false,
+ String $ps_prom_host = 'prometheus.example.net',
+
+ # firewall
+ String $ps_fw_prefix = '50',
+ String $ps_main_port = '9090',
) {
# defaults
@@ -246,6 +341,9 @@ class prometheus_cd::params (
$os_name = $facts['os']['name']
$os_release = $facts['os']['release']['major']
+ # dirs
+ $ps_main_dir = '/etc/prometheus'
+
# includes must be last
include prometheus_cd::main::config
}
diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp
new file mode 100644
index 0000000..b6f44c5
--- /dev/null
+++ b/manifests/firewall/iptables.pp
@@ -0,0 +1,16 @@
+# prometheus_cd::firewall::iptables.pp
+# Module name: prometheus_cd
+# Author: Arne Teuke (arne_teuke@confdroid.com)
+# @summary Class manages the firewall rules for the prometheus_cd module.
+##############################################################################
+class prometheus_cd::firewall::iptables (
+) inherits prometheus_cd::params {
+ if ($ps_prom_host == $fqdn) and ($ps_manage_fw == true) {
+ # main port
+ firewall { "${ps_fw_prefix}${$ps_main_port} main port":
+ proto => 'tcp',
+ dport => $ps_main_port,
+ jump => 'accept',
+ }
+ }
+}
diff --git a/manifests/main/dirs.pp b/manifests/main/dirs.pp
index 7dd7f55..3c24a54 100644
--- a/manifests/main/dirs.pp
+++ b/manifests/main/dirs.pp
@@ -6,4 +6,16 @@
class prometheus_cd::main::dirs (
) inherits prometheus_cd::params {
require prometheus_cd::main::install
+ if $ps_prom_host == fqdn {
+ file { $ps_main_dir:
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ selrange => s0,
+ selrole => object_r,
+ seltype => etc_t,
+ seluser => system_u,
+ }
+ }
}
diff --git a/manifests/main/service.pp b/manifests/main/service.pp
index 42edb47..26eaeaf 100644
--- a/manifests/main/service.pp
+++ b/manifests/main/service.pp
@@ -6,7 +6,8 @@
class prometheus_cd::main::service (
) inherits prometheus_cd::params {
require prometheus_cd::main::files
- if $manage_prometheus == true {
+ require prometheus_cd::firewall::iptables
+ if ($ps_prom_host == $fqdn) and ($manage_prometheus == true) {
service { 'prometheus':
ensure => running,
hasstatus => true,
diff --git a/manifests/params.pp b/manifests/params.pp
index 846c3aa..3e04ed9 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -7,14 +7,27 @@
# @param [String] pkg_ensure which version of the package to install
# @param [boolean] manage_prometheus whether to manage prometheus
# @param [boolean] manage_node_exporter whether to manage node exporter
+# @param [boolean] ps_manage_fw whether to manage the firewall
+# @param [String] ps_prom_host the fqdn of the prometheus server
+# @param [String] ps_fw_prefix the firewall rule prefix
+# @param [String] ps_main_port the firewall main port for prometheus
##############################################################################
class prometheus_cd::params (
+ # installation
String $reqpackage_prom = 'prometheus2',
String $reqpackage_ne = 'node_exporter',
String $pkg_ensure = 'present',
+
+ # config logic
Boolean $manage_prometheus = false,
Boolean $manage_node_exporter = false,
+ Boolean $ps_manage_fw = false,
+ String $ps_prom_host = 'prometheus.example.net',
+
+ # firewall
+ String $ps_fw_prefix = '50',
+ String $ps_main_port = '9090',
) {
# defaults
@@ -23,6 +36,9 @@ class prometheus_cd::params (
$os_name = $facts['os']['name']
$os_release = $facts['os']['release']['major']
+ # dirs
+ $ps_main_dir = '/etc/prometheus'
+
# includes must be last
include prometheus_cd::main::config
}
diff --git a/templates/prometheus.yaml b/templates/prometheus.yaml
new file mode 100644
index 0000000..7092154
--- /dev/null
+++ b/templates/prometheus.yaml
@@ -0,0 +1,34 @@
+global:
+ scrape_interval: 60s
+ scrape_timeout: 10s
+ evaluation_interval: 15s
+storage:
+ tsdb:
+ out_of_order_time_window: 5m
+alerting:
+ alertmanagers:
+ - follow_redirects: true
+ scheme: http
+ timeout: 10s
+ api_version: v2
+ static_configs:
+ - targets: []
+scrape_configs:
+- job_name: prometheus
+ honor_timestamps: true
+ scrape_interval: 60s
+ scrape_timeout: 10s
+ metrics_path: /metrics
+ scheme: http
+ follow_redirects: true
+ static_configs:
+ - targets:
+ - localhost:9090
+ basic_auth:
+ username_file: /etc/prometheus/secrets/prometheus-auth/username
+ password_file: /etc/prometheus/secrets/prometheus-auth/password
+remote_write:
+ - url: "http://localhost:9090/api/v1/write"
+ basic_auth:
+ username_file: /etc/prometheus/secrets/prometheus-auth/username
+ password_file: /etc/prometheus/secrets/prometheus-auth/password
\ No newline at end of file
|