Commit ec903b27 authored by ale's avatar ale
Browse files

Add overlay IPs to the allow-monitoring chain

parent eb8f06a1
Pipeline #16752 failed with stage
in 3 minutes and 36 seconds
......@@ -26,6 +26,11 @@ allow_port tcp {{ port }} -j allow-cluster
# Chain to allow traffic from hosts running monitoring probers.
{% if 'prometheus' in services %}
{{ create_chain_from_host_group('allow-monitoring', services['prometheus'].group_name) }}
{% for network_name in net_overlays | map(attribute='name') if hostvars[inventory_hostname].get('ip_' + network_name) %}
{% for host in services['prometheus'].hosts | sort if hostvars[host].get('ip_' + network_name) %}
add_rule4 -A allow-monitoring -s {{ hostvars[host]['ip_' + net.name] }} -j ACCEPT
{% endfor %}
{% endfor %}
# Allow traffic from monitoring probers to local services (on the
# public IP).
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment