Dustin C. Hatch
b78af05fd8
The *collectd-prometheus* role now has a `collectd_prometheus_allow_outsize` variable. This variable controls whether or not external hosts are allowed to scrape data from *collectd*. When set to `false`, as is the default value, *collectd* will be configured to listen on the loopback interface only, and the TCP port will not be opened in the firewall.
52 lines
1.4 KiB
YAML
52 lines
1.4 KiB
YAML
- name: load distribution-specific values
|
|
include_vars: '{{ item }}'
|
|
with_first_found:
|
|
- '{{ ansible_distribution }}.yml'
|
|
- defaults.yml
|
|
tags:
|
|
- always
|
|
|
|
- name: ensure collectd write_prometheus plugin is installed
|
|
package:
|
|
name: '{{ collectd_prometheus_package }}'
|
|
state: present
|
|
when: collectd_prometheus_package is not none
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure collectd-local selinux module is installed
|
|
copy:
|
|
src: collectd-local.pp
|
|
mode: 'u=rw,go=r'
|
|
dest: /var/lib/selinux/collectd-local.pp
|
|
notify:
|
|
- install collectd-local selinux module
|
|
tags:
|
|
- selinux
|
|
|
|
- name: ensure collectd write_prometheus plugin is configured
|
|
template:
|
|
src: collectd-prometheus.conf.j2
|
|
dest: /etc/collectd.d/prometheus.conf
|
|
mode: '0644'
|
|
notify:
|
|
- restart collectd
|
|
tags:
|
|
- collectd-config
|
|
|
|
- name: ensure firewall is configured for collectd write_prometheus plugin
|
|
firewalld:
|
|
port: '{{ collectd_prometheus_port }}/tcp'
|
|
permanent: false
|
|
immediate: true
|
|
state: '{{ "enabled" if collectd_prometheus_allow_outside else "disabled" }}'
|
|
tags: firewalld
|
|
|
|
- name: ensure firewall is configured for collectd write_prometheus plugin
|
|
firewalld:
|
|
port: '{{ collectd_prometheus_port }}/tcp'
|
|
permanent: true
|
|
immediate: false
|
|
state: '{{ "enabled" if collectd_prometheus_allow_outside else "disabled" }}'
|
|
tags: firewalld
|