From 531b00e5c81c71271b81b00dcd1790179c6bf0c4 Mon Sep 17 00:00:00 2001 From: Georg Pfuetzenreuter Date: Mar 25 2024 20:13:52 +0000 Subject: Allow Prometheus access to Discourse collector The discourse-prometheus-collector service shipped with the package was equipped with an IP address allow list - extend it to allow access from monitor.i.o.o in order for Prometheus to collect the metrics. Signed-off-by: Georg Pfuetzenreuter --- diff --git a/salt/profile/discourse/init.sls b/salt/profile/discourse/init.sls index f6507fd..b77610d 100644 --- a/salt/profile/discourse/init.sls +++ b/salt/profile/discourse/init.sls @@ -69,9 +69,20 @@ discourse_sidekiq_service: - require: - pkg: discourse_pkgs +discourse_collector_acl: + file.managed: + - name: /etc/systemd/system/discourse-prometheus-collector.service.d/salt.conf + - makedirs: True + - contents: + - {{ pillar['managed_by_salt'] | yaml_encode }} + - '[Service]' + - IPAddressAllow=2a07:de40:b27e:1203::50 + discourse_prometheus_collector: service.running: - name: discourse-prometheus-collector - enable: True - require: - pkg: discourse_pkgs + - watch: + - file: discourse_collector_acl