Merge pull request #34 from noelmcloughlin/repo2

chore(firewall): improve firewalld handling
This commit is contained in:
N 2020-08-19 01:27:39 +02:00 committed by GitHub
commit 554b5bbdac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 29 additions and 11 deletions

View File

@ -50,6 +50,8 @@ prometheus:
storage.path: /var/lib/alertmanager
firewall:
ports:
- tcp/4505
- tcp/4506
- tcp/9093
# tcp/9094
archive:
@ -67,6 +69,8 @@ prometheus:
- blackbox_exporter
firewall:
ports:
- tcp/4505
- tcp/4506
- tcp/9110
consul_exporter:
version: v0.4.0
@ -76,6 +80,8 @@ prometheus:
- consul_exporter
firewall:
ports:
- tcp/4505
- tcp/4506
- tcp/9107
graphite_exporter:
version: v0.6.2
@ -85,6 +91,8 @@ prometheus:
- graphite_exporter
firewall:
ports:
- tcp/4505
- tcp/4506
- tcp/9108
haproxy_exporter:
version: v0.10.0
@ -94,6 +102,8 @@ prometheus:
- haproxy_exporter
firewall:
ports:
- tcp/4505
- tcp/4506
- tcp/9101
memcached_exporter:
version: v0.5.0
@ -103,6 +113,8 @@ prometheus:
- memcached_exporter
firewall:
ports:
- tcp/4505
- tcp/4506
- tcp/9150
mysqld_exporter:
version: v0.11.0
@ -112,6 +124,8 @@ prometheus:
- mysqld_exporter
firewall:
ports:
- tcp/4505
- tcp/4506
- tcp/9207
node_exporter:
version: v0.18.1
@ -129,6 +143,8 @@ prometheus:
- node_exporter
firewall:
ports:
- tcp/4505
- tcp/4506
- tcp/9100
prometheus:
name: prometheus
@ -149,6 +165,8 @@ prometheus:
source_hash: f4233783826f18606b79e5cef0686e4a9c2030146a3c7ce134f0add09f5adcb7
firewall:
ports:
- tcp/4505
- tcp/4506
- tcp/9090
pushgateway:
version: v0.8.0
@ -163,6 +181,8 @@ prometheus:
- pushgateway
firewall:
ports:
- tcp/4505
- tcp/4506
- tcp/9091
statsd_exporter:
version: v0.11.2
@ -172,6 +192,8 @@ prometheus:
- statsd_exporter
firewall:
ports:
- tcp/4505
- tcp/4506
- tcp/9102
clientlibs:

View File

@ -30,28 +30,24 @@ prometheus-service-running-{{ name }}-unmasked:
- file: prometheus-config-file-etc-file-directory
prometheus-service-running-{{ name }}:
{%- if p.wanted.firewall and grains.kernel|lower == 'linux' %}
pkg.installed:
- name: firewalld
- reload_modules: true
- onlyif: {{ grains.kernel|lower == 'linux' }}
service.running:
- names:
- {{ service_name }}
{%- if grains.kernel|lower == 'linux' %}
- firewalld
- onlyif: systemctl list-units | grep {{ service_name }} >/dev/null 2>&1
{%- endif %}
service.running:
- onlyif: systemctl list-units | grep {{ service_name }} >/dev/null 2>&1
- enable: True
- require:
- sls: {{ sls_service_args }}
- sls: {{ sls_config_file }}
{%- if p.wanted.firewall %}
- names:
- {{ service_name }}
{%- if p.wanted.firewall and grains.kernel|lower == 'linux' %}
- firewalld
firewalld.present:
- name: public
- ports: {{ p.pkg.component[name]['firewall']['ports']|json }}
- onlyif:
- {{ p.wanted.firewall }}
- {{ grains.kernel|lower == 'linux' }}
- require:
- service: prometheus-service-running-{{ name }}
{%- endif %}