From 0730cbb4c20c5d3e32cc2217530d4e27574bc7c7 Mon Sep 17 00:00:00 2001
From: Georg Pfuetzenreuter
Date: Thu, 16 Feb 2023 01:31:57 +0100
Subject: Manage Prometheus firewall rules

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
---
 pillar/role/monitoring/prometheus-exporter-blackbox.sls | 9 +++++++++
 pillar/role/monitoring/prometheus.sls                   | 6 ++++++
 2 files changed, 15 insertions(+)

diff --git a/pillar/role/monitoring/prometheus-exporter-blackbox.sls b/pillar/role/monitoring/prometheus-exporter-blackbox.sls
index 59b9945..3e9ab08 100644
--- a/pillar/role/monitoring/prometheus-exporter-blackbox.sls
+++ b/pillar/role/monitoring/prometheus-exporter-blackbox.sls
@@ -39,3 +39,12 @@ prometheus:
                 - expect: "^:[^ ]+ 001"
             icmp:
               prober: icmp
+
+firewalld:
+  zones:
+    internal:
+      ports:
+        - comment: 'Prometheus Blackbox Exporter'
+          port: 9115
+          protocol: tcp
+
diff --git a/pillar/role/monitoring/prometheus.sls b/pillar/role/monitoring/prometheus.sls
index 6cd2235..c9c2b01 100644
--- a/pillar/role/monitoring/prometheus.sls
+++ b/pillar/role/monitoring/prometheus.sls
@@ -9,3 +9,9 @@ prometheus:
           global:
             scrape_interval: 15s
             evaluation_interval: 1m
+
+firewalld:
+  zones:
+    internal:
+      services:
+        - prometheus
-- 
cgit v1.2.3