mirror of
https://github.com/RWejlgaard/pez-infra.git
synced 2026-05-06 04:14:43 +00:00
Rasmus Wejlgaard
54cf0c484c
node_exporter was listening on 0.0.0.0:9100 on helsinki-a and london-a, exposing metrics to the public internet. Changes: - Add node_exporter_bind_tailscale flag (default false) to opt in - Set flag on helsinki-a and london-a host_vars - Debian: configure ARGS in /etc/default/prometheus-node-exporter - FreeBSD: use native node_exporter_listen_address rc.conf variable - Add handlers to restart on config change Prometheus already scrapes via Tailscale IPs, no scrape config changes needed. Fixes PESO-98
69 lines
2.1 KiB
YAML
69 lines
2.1 KiB
YAML
---
|
|
# Install node_exporter for Prometheus monitoring.
|
|
# Uses system packages on Linux, pkg on FreeBSD.
|
|
# Optionally binds to Tailscale IP on public-facing hosts.
|
|
|
|
- name: Install prometheus-node-exporter (Debian)
|
|
ansible.builtin.apt:
|
|
name: prometheus-node-exporter
|
|
state: present
|
|
when: ansible_facts["os_family"] == "Debian"
|
|
|
|
- name: Install prometheus-node-exporter (Alpine)
|
|
community.general.apk:
|
|
name: prometheus-node-exporter
|
|
state: present
|
|
when: ansible_facts["os_family"] == "Alpine"
|
|
|
|
- name: Configure listen address (Debian)
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/default/prometheus-node-exporter
|
|
regexp: '^ARGS='
|
|
line: 'ARGS="--web.listen-address={{ ansible_host }}:9100"'
|
|
when:
|
|
- ansible_facts["os_family"] == "Debian"
|
|
- node_exporter_bind_tailscale | bool
|
|
notify: Restart node-exporter (Debian)
|
|
|
|
- name: Enable and start node-exporter (Debian)
|
|
ansible.builtin.service:
|
|
name: prometheus-node-exporter
|
|
state: started
|
|
enabled: true
|
|
when: ansible_facts["os_family"] == "Debian"
|
|
|
|
- name: Enable and start node-exporter (Alpine)
|
|
ansible.builtin.service:
|
|
name: node-exporter
|
|
state: started
|
|
enabled: true
|
|
when: ansible_facts["os_family"] == "Alpine"
|
|
|
|
- name: Install node_exporter (FreeBSD)
|
|
community.general.pkgng:
|
|
name: node_exporter
|
|
state: present
|
|
when: ansible_facts["os_family"] == "FreeBSD"
|
|
|
|
- name: Enable node_exporter (FreeBSD)
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/rc.conf
|
|
regexp: '^node_exporter_enable='
|
|
line: 'node_exporter_enable="YES"'
|
|
when: ansible_facts["os_family"] == "FreeBSD"
|
|
|
|
- name: Configure listen address (FreeBSD)
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/rc.conf
|
|
regexp: '^node_exporter_listen_address='
|
|
line: 'node_exporter_listen_address="{{ ansible_host }}:9100"'
|
|
when:
|
|
- ansible_facts["os_family"] == "FreeBSD"
|
|
- node_exporter_bind_tailscale | bool
|
|
notify: Restart node_exporter (FreeBSD)
|
|
|
|
- name: Start node_exporter (FreeBSD)
|
|
ansible.builtin.service:
|
|
name: node_exporter
|
|
state: started
|
|
when: ansible_facts["os_family"] == "FreeBSD"
|