feat: Add certificate.

2022-12-28 17:08:40 +01:00 · 2022-12-28 17:08:40 +01:00 · 0996b72043
commit 0996b72043
parent 4c4fb5f647
3 changed files with 63 additions and 1 deletions
--- a/prometheus-slave/main.yml
+++ b/prometheus-slave/main.yml
@ -4,6 +4,27 @@
  become: yes

  tasks:
+    - name: Install dependencies
+      apt:
+        name:
+          - libffi-dev
+          - python3
+          - python3-pip
+          - python3-setuptools
+        state: latest
+        update_cache: true
+
+    - name: Upgrade pip
+      pip:
+        name: pip
+        state: latest
+
+    - name: Install required pip packages
+      pip:
+        name:
+          - pyopenssl
+        state: present
+
    - name: Create node_exporter group
      group:
        name: "node_exporter"
@ -20,6 +41,44 @@
        system: true
        state: present

+    - name: Create config directory
+      file:
+        path: "/etc/node_exporter"
+        state: directory
+        owner: "node_exporter"
+        group: "node_exporter"
+
+    - name: Generate an OpenSSL private key
+      openssl_privatekey:
+        path: /etc/node_exporter/node_exporter.key
+        owner: "node_exporter"
+        group: "node_exporter"
+
+    - name: Generate an OpenSSL Certificate Signing Request
+      openssl_csr:
+        path: /etc/node_exporter/node_exporter.csr
+        privatekey_path: /etc/node_exporter/node_exporter.key
+        common_name: localhost
+        owner: "node_exporter"
+        group: "node_exporter"
+
+    - name: Generate a Self Signed OpenSSL certificate
+      openssl_certificate:
+        path: /etc/node_exporter/node_exporter.crt
+        privatekey_path: /etc/node_exporter/node_exporter.key
+        csr_path: /etc/node_exporter/node_exporter.csr
+        provider: selfsigned
+        owner: "node_exporter"
+        group: "node_exporter"        
+
+    - name: Copy config
+      template:
+        src: config.yml.j2
+        dest: /etc/node_exporter/config.yml
+        owner: "node_exporter"
+        group: "node_exporter"
+        mode: 0755        
+
    - name: Download and unzip Node Exporter
      unarchive:
        src: "https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/node_exporter-{{ node_exporter_version }}.linux-amd64.tar.gz"
--- a/prometheus-slave/templates/config.yml.j2
+++ b/prometheus-slave/templates/config.yml.j2
@ -0,0 +1,3 @@
+tls_server_config:
+  cert_file: node_exporter.crt
+  key_file: node_exporter.key
--- a/prometheus-slave/templates/node_exporter.service.j2
+++ b/prometheus-slave/templates/node_exporter.service.j2
@ -10,6 +10,6 @@ Group=node_exporter
 Type=simple
 Restart=on-failure
 RestartSec=5s
-ExecStart=/usr/local/bin/node_exporter
+ExecStart=/usr/local/bin/node_exporter --web.config.file=/etc/node_exporter/config.yml
 [Install]
 WantedBy=multi-user.target