added ip rule script to make things cleaner

50ad9826 · Karl Grube · 8150411b · 50ad9826 · 50ad9826
Commit 50ad9826 authored 1 year ago by Karl Grube
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -15,6 +15,12 @@
 - name: set my interfaces
  import_role:
    name: my_interfaces
+  vars:
+    service_name: prometheus
+    ip_service_rules:
+      - '{% if loopback_ipv6_address is defined %}from {{loopback_ipv6_address}} lookup service priority 255{% endif %}'
+      - dport 9100 lookup service priority 900
+      - from all sport 9100 lookup service priority 899
  when: my_interfaces is defined
  tags: my_interfaces

--- a/templates/prometheus_systemd.j2
+++ b/templates/prometheus_systemd.j2
@@ -13,10 +13,8 @@ SendSIGKILL=no
 # IP rule adjustments for Prometheus
 {% if use_service_vrf == True %}
-ExecStartPre=+/usr/sbin/ip -6 rule add dport 9100 lookup service priority 900
+ExecStartPre=+/usr/local/bin/prometheus_ip_rule up
-ExecStartPre=+/usr/sbin/ip -6 rule add from all sport 9100 lookup service priority 899 
+ExecStop=+/usr/local/bin/prometheus_ip_rule down
-ExecStop=+/usr/sbin/ip -6 rule del from all sport 9100 lookup service priority 899 
-ExecStop=+/usr/sbin/ip -6 rule del dport 9100 lookup service priority 900
 {% endif %}
 # systemd hardening-options
@@ -43,4 +41,4 @@ RestrictRealtime=true
 SystemCallArchitectures=native
 [Install]
 WantedBy=multi-user.target
\ No newline at end of file