Merge pull request #34 from noelmcloughlin/repo2
chore(firewall): improve firewalld handling
This commit is contained in:
commit
554b5bbdac
@ -50,6 +50,8 @@ prometheus:
|
||||
storage.path: /var/lib/alertmanager
|
||||
firewall:
|
||||
ports:
|
||||
- tcp/4505
|
||||
- tcp/4506
|
||||
- tcp/9093
|
||||
# tcp/9094
|
||||
archive:
|
||||
@ -67,6 +69,8 @@ prometheus:
|
||||
- blackbox_exporter
|
||||
firewall:
|
||||
ports:
|
||||
- tcp/4505
|
||||
- tcp/4506
|
||||
- tcp/9110
|
||||
consul_exporter:
|
||||
version: v0.4.0
|
||||
@ -76,6 +80,8 @@ prometheus:
|
||||
- consul_exporter
|
||||
firewall:
|
||||
ports:
|
||||
- tcp/4505
|
||||
- tcp/4506
|
||||
- tcp/9107
|
||||
graphite_exporter:
|
||||
version: v0.6.2
|
||||
@ -85,6 +91,8 @@ prometheus:
|
||||
- graphite_exporter
|
||||
firewall:
|
||||
ports:
|
||||
- tcp/4505
|
||||
- tcp/4506
|
||||
- tcp/9108
|
||||
haproxy_exporter:
|
||||
version: v0.10.0
|
||||
@ -94,6 +102,8 @@ prometheus:
|
||||
- haproxy_exporter
|
||||
firewall:
|
||||
ports:
|
||||
- tcp/4505
|
||||
- tcp/4506
|
||||
- tcp/9101
|
||||
memcached_exporter:
|
||||
version: v0.5.0
|
||||
@ -103,6 +113,8 @@ prometheus:
|
||||
- memcached_exporter
|
||||
firewall:
|
||||
ports:
|
||||
- tcp/4505
|
||||
- tcp/4506
|
||||
- tcp/9150
|
||||
mysqld_exporter:
|
||||
version: v0.11.0
|
||||
@ -112,6 +124,8 @@ prometheus:
|
||||
- mysqld_exporter
|
||||
firewall:
|
||||
ports:
|
||||
- tcp/4505
|
||||
- tcp/4506
|
||||
- tcp/9207
|
||||
node_exporter:
|
||||
version: v0.18.1
|
||||
@ -129,6 +143,8 @@ prometheus:
|
||||
- node_exporter
|
||||
firewall:
|
||||
ports:
|
||||
- tcp/4505
|
||||
- tcp/4506
|
||||
- tcp/9100
|
||||
prometheus:
|
||||
name: prometheus
|
||||
@ -149,6 +165,8 @@ prometheus:
|
||||
source_hash: f4233783826f18606b79e5cef0686e4a9c2030146a3c7ce134f0add09f5adcb7
|
||||
firewall:
|
||||
ports:
|
||||
- tcp/4505
|
||||
- tcp/4506
|
||||
- tcp/9090
|
||||
pushgateway:
|
||||
version: v0.8.0
|
||||
@ -163,6 +181,8 @@ prometheus:
|
||||
- pushgateway
|
||||
firewall:
|
||||
ports:
|
||||
- tcp/4505
|
||||
- tcp/4506
|
||||
- tcp/9091
|
||||
statsd_exporter:
|
||||
version: v0.11.2
|
||||
@ -172,6 +192,8 @@ prometheus:
|
||||
- statsd_exporter
|
||||
firewall:
|
||||
ports:
|
||||
- tcp/4505
|
||||
- tcp/4506
|
||||
- tcp/9102
|
||||
|
||||
clientlibs:
|
||||
|
@ -30,28 +30,24 @@ prometheus-service-running-{{ name }}-unmasked:
|
||||
- file: prometheus-config-file-etc-file-directory
|
||||
|
||||
prometheus-service-running-{{ name }}:
|
||||
{%- if p.wanted.firewall and grains.kernel|lower == 'linux' %}
|
||||
pkg.installed:
|
||||
- name: firewalld
|
||||
- reload_modules: true
|
||||
- onlyif: {{ grains.kernel|lower == 'linux' }}
|
||||
service.running:
|
||||
- names:
|
||||
- {{ service_name }}
|
||||
{%- if grains.kernel|lower == 'linux' %}
|
||||
- firewalld
|
||||
- onlyif: systemctl list-units | grep {{ service_name }} >/dev/null 2>&1
|
||||
{%- endif %}
|
||||
service.running:
|
||||
- onlyif: systemctl list-units | grep {{ service_name }} >/dev/null 2>&1
|
||||
- enable: True
|
||||
- require:
|
||||
- sls: {{ sls_service_args }}
|
||||
- sls: {{ sls_config_file }}
|
||||
{%- if p.wanted.firewall %}
|
||||
- names:
|
||||
- {{ service_name }}
|
||||
{%- if p.wanted.firewall and grains.kernel|lower == 'linux' %}
|
||||
- firewalld
|
||||
firewalld.present:
|
||||
- name: public
|
||||
- ports: {{ p.pkg.component[name]['firewall']['ports']|json }}
|
||||
- onlyif:
|
||||
- {{ p.wanted.firewall }}
|
||||
- {{ grains.kernel|lower == 'linux' }}
|
||||
- require:
|
||||
- service: prometheus-service-running-{{ name }}
|
||||
{%- endif %}
|
||||
|
Loading…
Reference in New Issue
Block a user