diff --git a/roles/collectd-prometheus/defaults/main.yml b/roles/collectd-prometheus/defaults/main.yml index 30a73ea..e9f13aa 100644 --- a/roles/collectd-prometheus/defaults/main.yml +++ b/roles/collectd-prometheus/defaults/main.yml @@ -1,2 +1,5 @@ collectd_load_prometheus_plugin: true collectd_prometheus_port: 9103 +collectd_prometheus_allow_outside: false +collectd_prometheus_host: >- + {% if not collectd_prometheus_allow_outside %}::1{% endif %} diff --git a/roles/collectd-prometheus/tasks/main.yml b/roles/collectd-prometheus/tasks/main.yml index 93c7d0d..653ac96 100644 --- a/roles/collectd-prometheus/tasks/main.yml +++ b/roles/collectd-prometheus/tasks/main.yml @@ -17,6 +17,7 @@ - name: ensure collectd-local selinux module is installed copy: src: collectd-local.pp + mode: 'u=rw,go=r' dest: /var/lib/selinux/collectd-local.pp notify: - install collectd-local selinux module @@ -32,3 +33,19 @@ - restart collectd tags: - collectd-config + +- name: ensure firewall is configured for collectd write_prometheus plugin + firewalld: + port: '{{ collectd_prometheus_port }}/tcp' + permanent: false + immediate: true + state: '{{ "enabled" if collectd_prometheus_allow_outside else "disabled" }}' + tags: firewalld + +- name: ensure firewall is configured for collectd write_prometheus plugin + firewalld: + port: '{{ collectd_prometheus_port }}/tcp' + permanent: true + immediate: false + state: '{{ "enabled" if collectd_prometheus_allow_outside else "disabled" }}' + tags: firewalld diff --git a/roles/collectd-prometheus/templates/collectd-prometheus.conf.j2 b/roles/collectd-prometheus/templates/collectd-prometheus.conf.j2 index 8a6369d..d5fbf8c 100644 --- a/roles/collectd-prometheus/templates/collectd-prometheus.conf.j2 +++ b/roles/collectd-prometheus/templates/collectd-prometheus.conf.j2 @@ -4,7 +4,7 @@ LoadPlugin write_prometheus {% endif %} Port {{ collectd_prometheus_port }} -{% if collectd_prometheus_host is defined %} +{% if collectd_prometheus_host|d %} Host "{{ collectd_prometheus_host }}" {% endif %}