unbound_exporter: Initial version of role
This commit is contained in:
parent
d0d9f3430a
commit
74a517f942
2 changed files with 33 additions and 0 deletions
10
roles/unbound_exporter/files/unbound_exporter_stunnel.sh
Executable file
10
roles/unbound_exporter/files/unbound_exporter_stunnel.sh
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/bin/ksh
|
||||||
|
|
||||||
|
daemon="/usr/local/sbin/stunnel"
|
||||||
|
daemon_flags="/etc/unbound_exporter/stunnel.conf"
|
||||||
|
|
||||||
|
. /etc/rc.d/rc.subr
|
||||||
|
|
||||||
|
rc_reload=NO
|
||||||
|
|
||||||
|
rc_cmd $1
|
23
roles/unbound_exporter/templates/stunnel.conf.j2
Normal file
23
roles/unbound_exporter/templates/stunnel.conf.j2
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
setuid = _unboundexporter
|
||||||
|
setgid = _unboundexporter
|
||||||
|
|
||||||
|
sslVersionMin = TLSv1.3
|
||||||
|
ciphersuites = TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
|
||||||
|
curves = X25519:prime256v1:secp384r1
|
||||||
|
|
||||||
|
key = {{ tls_private }}/{{ inventory_hostname }}.key
|
||||||
|
cert = {{ tls_certs }}/{{ inventory_hostname }}.crt
|
||||||
|
|
||||||
|
verify = 2
|
||||||
|
CAfile = {{ tls_certs }}/ca.crt
|
||||||
|
|
||||||
|
syslog = yes
|
||||||
|
|
||||||
|
[unbound_exporter]
|
||||||
|
{% for ip in ansible_all_ipv4_addresses %}
|
||||||
|
accept = {{ ip }}:9167
|
||||||
|
{% endfor %}
|
||||||
|
connect = 127.0.0.1:9167
|
||||||
|
{% for host in groups['prometheus'] %}
|
||||||
|
checkHost = {{ host }}
|
||||||
|
{% endfor %}
|
Loading…
Add table
Reference in a new issue