From 453e29049599f29420547ece0ebe88aaad272cc4 Mon Sep 17 00:00:00 2001
From: Bartosz Kupidura <bkupidura@mirantis.com>
Date: Thu, 30 Mar 2017 15:43:41 +0200
Subject: [PATCH] Add ssl options for etcd

Change-Id: I45afdf25d8d3ebc1ceab4a38d8cc61435fed1700
---
 README.rst                      | 21 +++++++++++++--------
 prometheus/files/prometheus.yml |  8 +++++++-
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/README.rst b/README.rst
index 02a3941..4b6c4bf 100644
--- a/README.rst
+++ b/README.rst
@@ -38,15 +38,20 @@ Configure prometheus server
         kubernetes:
           api_ip: ${_param:kubernetes_control_address}
           ssl_dir: /opt/prometheus/config
-          cert_name: kubelet-client.crt
-          key_name: kubelet-client.key
+          cert_name: prometheus-server.crt
+          key_name: prometheus-server.key
         etcd:
-          - host: ${_param:cluster_node01_address}
-            port: ${_param:cluster_node01_port}
-          - host: ${_param:cluster_node02_address}
-            port: ${_param:cluster_node02_port}
-          - host: ${_param:cluster_node03_address}
-            port: ${_param:cluster_node03_port}
+          scheme: https
+          ssl_dir: /opt/prometheus/config
+          cert_name: prometheus-server.crt
+          key_name: prometheus-server.key
+          member:
+            - host: ${_param:cluster_node01_address}
+              port: ${_param:cluster_node01_port}
+            - host: ${_param:cluster_node02_address}
+              port: ${_param:cluster_node02_port}
+            - host: ${_param:cluster_node03_address}
+              port: ${_param:cluster_node03_port}
       recording:
         - name: 'instance:fd_utilization'
           query: >-
diff --git a/prometheus/files/prometheus.yml b/prometheus/files/prometheus.yml
index 5e33576..37b95e2 100644
--- a/prometheus/files/prometheus.yml
+++ b/prometheus/files/prometheus.yml
@@ -27,12 +27,18 @@ scrape_configs:
 
 {% if server.get('target', {}).get('etcd') %}
   {%- set etcd_nodes = [] %}
-  {%- for node in server.target.etcd %}
+  {%- set etcd_target = server.target.etcd %}
+  {%- for node in etcd_target.member %}
     {%- set etcd_address = "'%s:%d'" | format(node.host, node.port) %}
     {%- do etcd_nodes.append(etcd_address) %}
   {%- endfor %}
   {%- if etcd_nodes|length > 0 %}
   - job_name: 'etcd'
+    {% if etcd_target.scheme %}scheme: {{ etcd_target.scheme }}{%- endif %}
+    tls_config:
+      insecure_skip_verify: true
+      {% if etcd_target.cert_name is defined %}cert_file: {{ etcd_target.ssl_dir }}/{{ etcd_target.cert_name }}{%- endif %}
+      {% if etcd_target.key_name is defined %}key_file: {{ etcd_target.ssl_dir }}/{{ etcd_target.key_name }}{%- endif %}
     static_configs:
     - targets: [{{ etcd_nodes | join(',') }}]
   {%- endif %}