summaryrefslogtreecommitdiff
path: root/2 Areas/Werk/VPS platform/Prometheus scraping.md
blob: 3b87bfd2db19b67d3cdc73dc2f4c61773e58724e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

---
tags:
  - groupvps
  - firewall
  - "#prometheus"
---

# Create scrape config
`roles/prometheus/hostnet/onecom-prometheus-scrape-config-vps-gobs.json`

# Testing the endpoint
https://prometheus1.env.vps1-lej1.one.com/targets?search=&scrapePool=gobs

# Metrics only accessible over HTTPS
```
commit e1e36bd073c8faf777577a41eb2eb67035e917b2 (HEAD -> master, upstream/master, upstream/HEAD, origin/master)
Author: Ihor Piddubnyak <ihp@one.com>
Date:   Mon Jan 27 13:24:30 2025 +0100

    onecom-prometheus-relabel-config-vps-gobs role to scrape https from gobs

diff --git a/roles/prometheus/hostnet/onecom-prometheus-relabel-config-vps-gobs.json b/roles/prometheus/hostnet/onecom-prometheus-relabel-config-vps-gobs.json
new file mode 100644
index 0000000000..a18adccf7c
--- /dev/null
+++ b/roles/prometheus/hostnet/onecom-prometheus-relabel-config-vps-gobs.json
@@ -0,0 +1,21 @@
+{
+    "name": "onecom-prometheus-relabel-config-vps-gobs",
+    "description": "Role for configuration of Prometheus gabs scrape to get metrics with https",
+    "json_class": "Chef::Role",
+    "default_attributes": {
+        "prometheus": {
+            "server": {
+                "scrape_configs": {
+                    "gobs": {
+                        "scheme": "https",
+                        "tls_config": {
+                            "insecure_skip_verify": true
+                        }
+                    }
+                }
+            }
+        }
+    },
+    "chef_type": "role"
+}
+
diff --git a/roles/prometheus/onecom-prometheus-server.json b/roles/prometheus/onecom-prometheus-server.json
index 6b430e4171..1089f6bb73 100644
--- a/roles/prometheus/onecom-prometheus-server.json
+++ b/roles/prometheus/onecom-prometheus-server.json
@@ -53,6 +53,7 @@
         "role[pl-onecom-prometheus]",
         "role[onecom-prometheus-scrape-config-thanos-sidecar]",
         "role[onecom-prometheus-relabel-config-thanos]",
+        "role[onecom-prometheus-relabel-config-vps-gobs]",
         "role[onecom-prometheus-pdns-passwd]",


```

# Zeh Firewall
https://gitlab.group.one/systems/chef-repo/-/merge_requests/2838

base servers need to have a fw rule added to allow traffic out from prom to service/port.
if in same vlan no need for a rule on the gateways
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-16 07:18:39 +0000