Establish wireguard tunnels from gateways to prometheus servers

author Tom Hughes <tom@compton.nu>

Wed, 27 Jan 2021 21:31:35 +0000 (21:31 +0000)

committer Tom Hughes <tom@compton.nu>

Wed, 27 Jan 2021 21:49:21 +0000 (21:49 +0000)
author Tom Hughes <tom@compton.nu>
Wed, 27 Jan 2021 21:31:35 +0000 (21:31 +0000)
committer Tom Hughes <tom@compton.nu>
Wed, 27 Jan 2021 21:49:21 +0000 (21:49 +0000)
diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb

index 8eed59556e415b854d03e7dcc8d3d77079e1d6cb..c24686d0b0344a2a968b8001d6a28b96f27371c4 100644 (file)
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -236,7 +236,7 @@ if node[:networking][:wireguard][:enabled]
        }
      end
  
-    search(:node, "roles:mail") do |server|
+    search(:node, "roles:mail OR roles:prometheus") do |server|
        allowed_ips = server.interfaces(:role => :internal).map do |interface|
          "#{interface[:network]}/#{interface[:prefix]}"
        end
diff --git a/cookbooks/prometheus/recipes/server.rb b/cookbooks/prometheus/recipes/server.rb

index 7e4f4b2bf9ee83a05c866901bad9f07df45cbf3a..bd1f3b50cec2560902cab77dc4ea073bf9ffe454 100644 (file)
--- a/cookbooks/prometheus/recipes/server.rb
+++ b/cookbooks/prometheus/recipes/server.rb
@@ -146,6 +146,18 @@ end
  
  jobs = {}
  
+search(:node, "roles:gateway") do |gateway|
+  allowed_ips = gateway.interfaces(:role => :internal).map do |interface|
+    "#{interface[:network]}/#{interface[:prefix]}"
+  end
+
+  node.default[:networking][:wireguard][:peers] << {
+    :public_key => gateway[:networking][:wireguard][:public_key],
+    :allowed_ips => allowed_ips,
+    :endpoint => "#{gateway.name}:51820"
+  }
+end
+
  search(:node, "recipes:prometheus\\:\\:default").sort_by(&:name).each do |client|
    if client[:prometheus][:mode] == "wireguard"
      node.default[:networking][:wireguard][:peers] << {
diff --git a/roles/stormfly-03.rb b/roles/stormfly-03.rb

index f17fb5a8ca40982b08fb43640b3f9298aec95fc9..664c061dea9094be2b529b908bb50267cbbe5c2e 100644 (file)
--- a/roles/stormfly-03.rb
+++ b/roles/stormfly-03.rb
@@ -19,7 +19,8 @@ default_attributes(
          :family => :inet6,
          :address => "2605:bc80:3010:700::8cd3:a763"
        }
-    }
+    },
+    :private_address => "10.0.16.200"
    },
    :tilecache => {
      :tile_parent => "corvallis.render.openstreetmap.org"
author	Tom Hughes <tom@compton.nu>
	Wed, 27 Jan 2021 21:31:35 +0000 (21:31 +0000)
committer	Tom Hughes <tom@compton.nu>
	Wed, 27 Jan 2021 21:49:21 +0000 (21:49 +0000)
cookbooks/networking/recipes/default.rb		patch \| blob \| history
cookbooks/prometheus/recipes/server.rb		patch \| blob \| history
roles/stormfly-03.rb		patch \| blob \| history