Add node_exporter to all hosts

2023-08-20 14:33:39 +00:00 · 2023-08-20 14:33:39 +00:00 · 946c7d0772
commit 946c7d0772
parent 5ec34f54c8
28 changed files with 30 additions and 24 deletions
--- a/group_vars/adm.yml
+++ b/group_vars/adm.yml
@ -5,4 +5,4 @@ datadisks:
 firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
  - {proto: tcp, port: 443, from: [172.20.20.0/22]}
-  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
--- a/group_vars/backup.yml
+++ b/group_vars/backup.yml
@ -1,3 +1,4 @@
 ---
 firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
--- a/group_vars/collab.yml
+++ b/group_vars/collab.yml
@ -5,4 +5,4 @@ datadisks:
 firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
  - {proto: tcp, port: 443, from: [172.20.20.0/22]}
-  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
--- a/group_vars/gitea.yml
+++ b/group_vars/gitea.yml
@ -5,4 +5,4 @@ datadisks:
 firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
  - {proto: tcp, port: 443, from: [172.20.20.0/22]}
-  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
--- a/group_vars/gitearunner.yml
+++ b/group_vars/gitearunner.yml
@ -1,4 +1,4 @@
 ---
 firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
-  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
--- a/group_vars/homeassistant.yml
+++ b/group_vars/homeassistant.yml
@ -4,4 +4,4 @@ datadisks:
 firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
  - {proto: tcp, port: 443, from: [172.20.20.0/22]}
-  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
--- a/group_vars/influxdb.yml
+++ b/group_vars/influxdb.yml
@ -5,4 +5,4 @@ datadisks:
 firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
  - {proto: tcp, port: 443, from: [172.20.20.0/22]}
-  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
--- a/group_vars/ldap.yml
+++ b/group_vars/ldap.yml
@ -4,4 +4,4 @@ saslauthd_mech: ldap
 firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
  - {proto: tcp, port: 636, from: [172.20.20.0/22]}
-  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
--- a/group_vars/log.yml
+++ b/group_vars/log.yml
@ -4,5 +4,5 @@ datadisks:

 firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
-  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
  - {proto: tcp, port: 6514}
--- a/group_vars/mail.yml
+++ b/group_vars/mail.yml
@ -10,4 +10,4 @@ firewall_in:
  - {proto: tcp, port: 465}
  - {proto: tcp, port: 587}
  - {proto: tcp, port: 993}
-  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
--- a/group_vars/minecraft.yml
+++ b/group_vars/minecraft.yml
@ -4,6 +4,6 @@ datadisks:
  - {size: 100, type: nvme}
 firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
-  - {proto: tcp, port: 4949, from: [172.20.30.0/24]}
+  - {proto: tcp, port: 9100, from: [172.20.30.0/24]}
  - {proto: tcp, port: 25565, from: [172.20.30.0/24]}
  - {proto: udp, port: 25565, from: [172.20.30.0/24]}
--- a/group_vars/mirror.yml
+++ b/group_vars/mirror.yml
@ -7,4 +7,4 @@ firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
  - {proto: tcp, port: 443, from: [172.20.20.0/22]}
  - {proto: tcp, port: 873, from: [172.20.20.0/22]}
-  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
--- a/group_vars/mongodb.yml
+++ b/group_vars/mongodb.yml
@ -4,3 +4,4 @@ datadisks:
 firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
  - {proto: tcp, port: 27017, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
--- a/group_vars/mqtt.yml
+++ b/group_vars/mqtt.yml
@ -3,5 +3,5 @@ firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
  - {proto: tcp, port: 443, from: [172.20.27.0/24]}
  - {proto: tcp, port: 1883, from: [172.20.27.0/24]}
-  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
  - {proto: tcp, port: 8883, from: [172.20.20.0/22, 172.20.27.0/24]}
--- a/group_vars/nas.yml
+++ b/group_vars/nas.yml
@ -9,4 +9,4 @@ firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
  - {proto: tcp, port: 2049, from: [172.20.20.0/22]}
  - {proto: tcp, port: 2049, from: [172.20.30.0/24]}
-  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
--- a/group_vars/nms.yml
+++ b/group_vars/nms.yml
@ -19,7 +19,7 @@ firewall_in:
  - {proto: udp, port: 123, from: [172.20.25.0/24]}
  - {proto: tcp, port: 443, from: [172.20.25.0/24]}
  - {proto: udp, port: 514, from: [172.20.25.0/24]}
-  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
 firewall_raw:
  - "-A INPUT -i eth1 -d 224.0.0.0/8 -j ACCEPT"
  - "-A INPUT -i eth1 -p vrrp -j ACCEPT"
--- a/group_vars/ocinode.yml
+++ b/group_vars/ocinode.yml
@ -5,3 +5,4 @@ mem_size: 4192
 firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
  - {proto: tcp, port: 443, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
--- a/group_vars/print.yml
+++ b/group_vars/print.yml
@ -14,7 +14,7 @@ firewall_in:
  - {proto: tcp, port: 53, from: [172.20.24.0/24]}
  - {proto: udp, port: 53, from: [172.20.24.0/24]}
  - {proto: tcp, port: 631, from: [172.20.20.0/22]}
-  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
 firewall_raw:
  - "-A INPUT -i eth1 -d 224.0.0.0/8 -j ACCEPT"
  - "-A INPUT -i eth1 -p vrrp -j ACCEPT"
--- a/group_vars/proxy.yml
+++ b/group_vars/proxy.yml
@ -48,4 +48,4 @@ firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
  - {proto: tcp, port: 80}
  - {proto: tcp, port: 443}
-  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
--- a/group_vars/relay.yml
+++ b/group_vars/relay.yml
@ -41,3 +41,4 @@ firewall_in:
  - {proto: tcp, port: 443}
  - {proto: tcp, port: 636}
  - {proto: tcp, port: 6514}
+  - {proto: tcp, port: 9100}
--- a/group_vars/shell.yml
+++ b/group_vars/shell.yml
@ -9,4 +9,4 @@ firewall_in:
  - {proto: tcp, port: 22}
  - {proto: tcp, port: 80}
  - {proto: tcp, port: 443}
-  - {proto: tcp, port: 4949, from: [81.175.130.44/32]}
+  - {proto: tcp, port: 9100, from: [81.175.130.44/32]}
--- a/group_vars/sqldb.yml
+++ b/group_vars/sqldb.yml
@ -4,3 +4,4 @@ datadisks:
 firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
  - {proto: tcp, port: 3306, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
--- a/group_vars/static.yml
+++ b/group_vars/static.yml
@ -2,4 +2,4 @@
 firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
  - {proto: tcp, port: 443, from: [172.20.20.0/22]}
-  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
--- a/group_vars/vmhost.yml
+++ b/group_vars/vmhost.yml
@ -1,4 +1,4 @@
 ---
 firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
-  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
--- a/group_vars/zm.yml
+++ b/group_vars/zm.yml
@ -17,7 +17,7 @@ dhcpd_template: dhcpd.conf.cam.j2
 firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
  - {proto: tcp, port: 443, from: [172.20.20.0/22]}
-  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
 firewall_raw:
  - "-A INPUT -i eth1 -d 224.0.0.0/8 -j ACCEPT"
  - "-A INPUT -i eth1 -p vrrp -j ACCEPT"
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@ -48,6 +48,7 @@
    - pki
    - psacct
    - sshd
+    - node_exporter
  loop_control:
    loop_var: role

--- a/roles/pf/files/pf.conf.gw_fsol
+++ b/roles/pf/files/pf.conf.gw_fsol
@ -30,9 +30,9 @@ pass quick inet6 proto icmp6
 antispoof for lo0
 antispoof for vio0

-# admin connection and munin (internal)
+# admin connection and node_exporter (internal)
 pass in quick on $int_if proto tcp from $int_net to self port ssh keep state (no-sync)
-pass in quick on $int_if proto tcp from $int_net to self port 4949 keep state (no-sync)
+pass in quick on $int_if proto tcp from $int_net to self port 9100 keep state (no-sync)

 # internal network
 block in quick from any to self
--- a/roles/pf/files/pf.conf.gw_home
+++ b/roles/pf/files/pf.conf.gw_home
@ -45,8 +45,8 @@ pass in quick on $ext_if proto tcp from 37.35.86.64/29 to self port ssh
 pass in quick on $ext_if proto tcp from 37.16.96.144/28 to self port ssh
 pass in quick on $ext_if proto tcp from 81.175.155.142/32 to self port ssh

-# munin from internal network
-pass in quick on $int_if proto tcp from $int_net to self port 4949
+# node_exporter from internal network
+pass in quick on $int_if proto tcp from $int_net to self port 9100

 # allow dns queries from internal net
 pass in quick on $int_if proto { tcp, udp } from $int_net to self port domain