update..

2024-11-05 22:07:35 +01:00
parent 8a3feaf8b7
commit 823444d1e7
9 changed files with 1310 additions and 52 deletions
--- a/roles/modify-ipt-server/tasks/ipt-server.yml
+++ b/roles/modify-ipt-server/tasks/ipt-server.yml
@ -99,69 +99,103 @@
 # ===

 # ---
-# LOG CGI script Traffic out
+# Add Prometheus Services
 # ---

- name: Check if String 'log_cgi_traffic_out=..' is present
-  shell: grep -q -E "^log_cgi_traffic_out=" /etc/ipt-firewall/main_ipv4.conf
-  register: log_cgi_traffic_out_ipv4_present
+- name: Check if String 'prometheus_local_server_ips=..' is present
+  shell: grep -q -E "^prometheus_local_server_ips=" /etc/ipt-firewall/main_ipv4.conf
+  register: prometheus_local_server_ips_ipv4_present
  when: main_ipv4_exists.stat.exists
-  failed_when: "log_cgi_traffic_out_ipv4_present.rc > 1"
-  changed_when: "log_cgi_traffic_out_ipv4_present.rc > 0"
+  failed_when: "prometheus_local_server_ips_ipv4_present.rc > 1"
+  changed_when: "prometheus_local_server_ips_ipv4_present.rc > 0"

- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (log_cgi_traffic_out)
+- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (prometheus_local_server_ips)
  blockinfile:
    path: /etc/ipt-firewall/main_ipv4.conf
-    insertafter: '^#?\s*http_ports'
+    insertafter: '^#?\s*tftp_server_ips'
    block: |

-      # - LOG CGI script Traffic out
+      # - Prometheus Monitoring - local Server
      # -
-      log_cgi_traffic_out=false
+      # - blank separated list of IPv4 addresses
+      # -
+      prometheus_local_server_ips=""

-      # - cgi_script_users
+      # - (Remote) prometheus ports
      # -
-      # - List of CGI script users (suexec user, php-fpm user. ...)
+      # - !! comma separated list of ports
      # -
-      # - Blank separated list
+      prometheus_remote_client_ports="$standard_prometheus_ports"
+
+
+      # - Prometheus Monitoring - local Client
      # -
-      cgi_script_users=""
-    marker: "# Marker set by modify-ipt-server.yml (log_cgi_traffic_out)"
+      # - blank separated list of IPv4 addresses
+      # -
+      prometheus_local_client_ips=""
+
+      # - Local prometheus ports
+      # -
+      # - !! comma separated list of ports
+      # -
+      prometheus_local_client_ports="$standard_prometheus_ports"
+
+      # - blank separated list of IPv4 addresses
+      # -
+      prometheus_remote_server_ips=""
+    marker: "# Marker set by modify-ipt-server.yml (prometheus_local_server_ips)"
  when:
    - main_ipv4_exists.stat.exists
-    - log_cgi_traffic_out_ipv4_present is changed
+    - prometheus_local_server_ips_ipv4_present is changed
  notify:
    - Restart IPv4 Firewall


- name: Check if String 'log_cgi_traffic_out=..' is present
-  shell: grep -q -E "^log_cgi_traffic_out=" /etc/ipt-firewall/main_ipv6.conf
-  register: log_cgi_traffic_out_ipv6_present
+- name: Check if String 'prometheus_local_server_ips=..' is present
+  shell: grep -q -E "^prometheus_local_server_ips=" /etc/ipt-firewall/main_ipv6.conf
+  register: prometheus_local_server_ips_ipv6_present
  when: main_ipv6_exists.stat.exists
-  failed_when: "log_cgi_traffic_out_ipv6_present.rc > 1"
-  changed_when: "log_cgi_traffic_out_ipv6_present.rc > 0"
+  failed_when: "prometheus_local_server_ips_ipv6_present.rc > 1"
+  changed_when: "prometheus_local_server_ips_ipv6_present.rc > 0"

- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (log_cgi_traffic_out)
+- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (prometheus_local_server_ips)
  blockinfile:
    path: /etc/ipt-firewall/main_ipv6.conf
-    insertafter: '^#?\s*http_ports'
+    insertafter: '^#?\s*tftp_server_ips'
    block: |

-      # - LOG CGI script Traffic out
+      # - Prometheus Monitoring - local Server
      # -
-      log_cgi_traffic_out=false
+      # - blank separated list of IPv6 addresses
+      # -
+      prometheus_local_server_ips=""

-      # - cgi_script_users
+      # - (Remote) prometheus ports
      # -
-      # - List of CGI script users (suexec user, php-fpm user. ...)
+      # - !! comma separated list of ports
      # -
-      # - Blank separated list
+      prometheus_remote_client_ports="$standard_prometheus_ports"
+
+
+      # - Prometheus Monitoring - local Client
      # -
-      cgi_script_users=""
-    marker: "# Marker set by modify-ipt-server.yml (log_cgi_traffic_out)"
+      # - blank separated list of IPv6 addresses
+      # -
+      prometheus_local_client_ips=""
+
+      # - Local prometheus ports
+      # -
+      # - !! comma separated list of ports
+      # -
+      prometheus_local_client_ports="$standard_prometheus_ports"
+
+      # - blank separated list of IPv6 addresses
+      # -
+      prometheus_remote_server_ips=""
+    marker: "# Marker set by modify-ipt-server.yml (prometheus_local_server_ips)"
  when:
    - main_ipv6_exists.stat.exists
-    - log_cgi_traffic_out_ipv6_present is changed
+    - prometheus_local_server_ips_ipv6_present is changed
  notify:
    - Restart IPv6 Firewall