34 lines
941 B
YAML
34 lines
941 B
YAML
# since this host likely has access to sensitive networks,
|
|
# restrict the destinations where monitoring daemons can connect
|
|
- name: Set up outbound firewall rules
|
|
copy:
|
|
dest: "/etc/nftables.d/{{ item }}.nft"
|
|
src: "{{ item }}.nft"
|
|
loop:
|
|
- prometheus
|
|
- telegraf
|
|
notify: reload nftables
|
|
|
|
- name: Configure telegraf to expose SNMP data as prometheus metrics
|
|
template:
|
|
dest: "/etc/telegraf.conf.d/{{ item }}.conf"
|
|
src: "{{ item }}.conf.j2"
|
|
loop:
|
|
- output
|
|
- snmp
|
|
notify: restart telegraf
|
|
|
|
- name: Configure prometheus to pull SNMP data
|
|
copy:
|
|
dest: "/etc/prometheus/conf.d/snmp.yml"
|
|
src: "prometheus-snmp.yml"
|
|
notify: reload prometheus
|
|
|
|
- name: Configure prometheus to pull custom data
|
|
template:
|
|
dest: "/etc/prometheus/conf.d/{{ item.name }}.yml"
|
|
src: "prometheus-job.yml.j2"
|
|
loop: "{{ prometheus_hosts }}"
|
|
loop_control:
|
|
label: "{{ item.name }}"
|
|
notify: reload prometheus
|