From 80ccf68f55dbb70d7e5ed52ee95b3c9d1b6ce264 Mon Sep 17 00:00:00 2001
From: Jasper Ras <jras@hostnet.nl>
Date: Thu, 20 Mar 2025 11:07:49 +0100
Subject: vault backup: 2025-03-20 11:07:48

---
 2 Areas/Werk/VPS platform/Prometheus scraping.md | 67 ++++++++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100644 2 Areas/Werk/VPS platform/Prometheus scraping.md

(limited to '2 Areas/Werk/VPS platform/Prometheus scraping.md')

diff --git a/2 Areas/Werk/VPS platform/Prometheus scraping.md b/2 Areas/Werk/VPS platform/Prometheus scraping.md
new file mode 100644
index 0000000..3b87bfd
--- /dev/null
+++ b/2 Areas/Werk/VPS platform/Prometheus scraping.md	
@@ -0,0 +1,67 @@
+---
+tags:
+  - groupvps
+  - firewall
+  - "#prometheus"
+---
+
+# Create scrape config
+`roles/prometheus/hostnet/onecom-prometheus-scrape-config-vps-gobs.json`
+
+# Testing the endpoint
+https://prometheus1.env.vps1-lej1.one.com/targets?search=&scrapePool=gobs
+
+# Metrics only accessible over HTTPS
+```
+commit e1e36bd073c8faf777577a41eb2eb67035e917b2 (HEAD -> master, upstream/master, upstream/HEAD, origin/master)
+Author: Ihor Piddubnyak <ihp@one.com>
+Date:   Mon Jan 27 13:24:30 2025 +0100
+
+    onecom-prometheus-relabel-config-vps-gobs role to scrape https from gobs
+
+diff --git a/roles/prometheus/hostnet/onecom-prometheus-relabel-config-vps-gobs.json b/roles/prometheus/hostnet/onecom-prometheus-relabel-config-vps-gobs.json
+new file mode 100644
+index 0000000000..a18adccf7c
+--- /dev/null
++++ b/roles/prometheus/hostnet/onecom-prometheus-relabel-config-vps-gobs.json
+@@ -0,0 +1,21 @@
++{
++    "name": "onecom-prometheus-relabel-config-vps-gobs",
++    "description": "Role for configuration of Prometheus gabs scrape to get metrics with https",
++    "json_class": "Chef::Role",
++    "default_attributes": {
++        "prometheus": {
++            "server": {
++                "scrape_configs": {
++                    "gobs": {
++                        "scheme": "https",
++                        "tls_config": {
++                            "insecure_skip_verify": true
++                        }
++                    }
++                }
++            }
++        }
++    },
++    "chef_type": "role"
++}
++
+diff --git a/roles/prometheus/onecom-prometheus-server.json b/roles/prometheus/onecom-prometheus-server.json
+index 6b430e4171..1089f6bb73 100644
+--- a/roles/prometheus/onecom-prometheus-server.json
++++ b/roles/prometheus/onecom-prometheus-server.json
+@@ -53,6 +53,7 @@
+         "role[pl-onecom-prometheus]",
+         "role[onecom-prometheus-scrape-config-thanos-sidecar]",
+         "role[onecom-prometheus-relabel-config-thanos]",
++        "role[onecom-prometheus-relabel-config-vps-gobs]",
+         "role[onecom-prometheus-pdns-passwd]",
+
+
+```
+
+# Zeh Firewall
+https://gitlab.group.one/systems/chef-repo/-/merge_requests/2838
+
+base servers need to have a fw rule added to allow traffic out from prom to service/port.
+if in same vlan no need for a rule on the gateways
-- 
cgit v1.2.3