From 79058e81e6f9367dbd6085dfe2f01f52283c018a Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Sun, 5 Sep 2021 21:32:21 +0200 Subject: [PATCH 01/54] Install prometheus componants --- roles/prometheus/tasks/main.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 roles/prometheus/tasks/main.yml diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml new file mode 100644 index 0000000..9a7948f --- /dev/null +++ b/roles/prometheus/tasks/main.yml @@ -0,0 +1,12 @@ +--- +- name: Install Prometheus Components + apt: + name: + - prometheus + - prometheus-alertmanager + - prometheus-pushgateway + state: latest + update_cache: true + register: apt_result + retries: 3 + until: apt_result is succeeded From ebb0ade66d1b96ec0e7090d98cfdb5561004f0ba Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Sun, 5 Sep 2021 22:02:48 +0200 Subject: [PATCH 02/54] add base config --- roles/prometheus/tasks/main.yml | 20 ++++++++++++ roles/prometheus/templates/prometheus.yml | 39 +++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 roles/prometheus/templates/prometheus.yml diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 9a7948f..61b76e1 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -10,3 +10,23 @@ register: apt_result retries: 3 until: apt_result is succeeded + +- name: Ensure the alert folder exist + file: + path: /etc/prometheus/alerts + state: directory + group: prometheus + owner: prometheus + mode: u=rwx,g=rx,o=rx + +- name: Setup the prometheus config + template: + src: prometheus.yml + dest: /etc/prometheus/prometheus.yml + owner: root + group: root + mode: '0640' + notify: Reload prometheus + no_log: true + + diff --git a/roles/prometheus/templates/prometheus.yml b/roles/prometheus/templates/prometheus.yml new file mode 100644 index 0000000..d54ce68 --- /dev/null +++ b/roles/prometheus/templates/prometheus.yml @@ -0,0 +1,39 @@ +{{ ansible_managed | comment }} + +global: + # scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. + # evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute. + # scrape_timeout is set to the global default (10s). + + # Attach these labels to any time series or alerts when communicating with + # external systems (federation, remote storage, Alertmanager). + external_labels: + # monitor: 'example' + +# Alertmanager configuration +alerting: + alertmanagers: + - static_configs: + - targets: ['localhost:9093'] + +# Load rules once and periodically evaluate them according to the global 'evaluation_interval'. +rule_files: + - "alerts/*.yml" + +# A scrape configuration containing exactly one endpoint to scrape: +# Here it's Prometheus itself. +scrape_configs: + # The job name is added as a label `job=` to any timeseries scraped from this config. + - job_name: 'prometheus' + + # metrics_path defaults to '/metrics' + # scheme defaults to 'http'. + + static_configs: + - targets: ['localhost:9090'] + + - job_name: node + # If prometheus-node-exporter is installed, grab stats about the local + # machine by default. + static_configs: + - targets: ['localhost:9100'] From 3d6da8f0a2888d6bcde385c348dd8e5a2abd0ae6 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Sun, 5 Sep 2021 22:35:10 +0200 Subject: [PATCH 03/54] add install for prometheus node exporter --- roles/prometheus-node-exporter/tasks/main.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 roles/prometheus-node-exporter/tasks/main.yml diff --git a/roles/prometheus-node-exporter/tasks/main.yml b/roles/prometheus-node-exporter/tasks/main.yml new file mode 100644 index 0000000..a58aa28 --- /dev/null +++ b/roles/prometheus-node-exporter/tasks/main.yml @@ -0,0 +1,17 @@ +--- +- name: Install Prometheus Node exporter + apt: + name: + - prometheus-node-exporter + state: latest + update_cache: true + register: apt_result + retries: 3 + until: apt_result is succeeded + +# TODO: add auth +# +# Create the file --web.config=/etc/node_exporter/config.yaml +# and add --web.config=/etc/node_exporter/config.yaml to +# the args in /etc/default/prometheus-node-exporter +# From 83110c199c686cab1eb1230aafc3d1b77efd767e Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Sun, 5 Sep 2021 22:51:19 +0200 Subject: [PATCH 04/54] add playbooks --- books/base.yml | 1 + books/monitoring.yml | 9 +++++++++ hosts | 3 +++ 3 files changed, 13 insertions(+) create mode 100644 books/monitoring.yml diff --git a/books/base.yml b/books/base.yml index 2896714..23c0daf 100644 --- a/books/base.yml +++ b/books/base.yml @@ -9,6 +9,7 @@ roles: - networking - base_config + - prometheus-node-exporter - hosts: all, !tests, !no_user, roles: diff --git a/books/monitoring.yml b/books/monitoring.yml new file mode 100644 index 0000000..c344359 --- /dev/null +++ b/books/monitoring.yml @@ -0,0 +1,9 @@ +#!/usr/bin/env ansible-playbook +--- +- hosts: prometheus-server + roles: + - prometheus + +- hosts: all, !tests, + roles: + - prometheus-node-exporter diff --git a/hosts b/hosts index d96d57e..f9973e1 100644 --- a/hosts +++ b/hosts @@ -54,6 +54,9 @@ all: apt_proxies: hosts: hindley: + prometheus-server: + hosts: + hindley: matrix: hosts: matrix_server: From 037ef8db776a034c92e0bebf689a435f899e67cd Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Sun, 5 Sep 2021 22:56:13 +0200 Subject: [PATCH 05/54] add handler for reloading prometheus --- roles/prometheus/handlers/main.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 roles/prometheus/handlers/main.yml diff --git a/roles/prometheus/handlers/main.yml b/roles/prometheus/handlers/main.yml new file mode 100644 index 0000000..5e41963 --- /dev/null +++ b/roles/prometheus/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Reload prometheus + systemd: + name: prometheus + state: reloaded From 24b9016dc29c284d38893097d15ac6672334ad78 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Mon, 6 Sep 2021 00:24:56 +0200 Subject: [PATCH 06/54] restrict the exporter to local ip --- books/monitoring.yml | 2 +- host_vars/azerty/networking.yml | 2 + host_vars/hellman/networking.yml | 2 + host_vars/hindley/networking.yml | 2 + host_vars/matrix_server/networking.yml | 2 + host_vars/rossum/networking.yml | 2 + host_vars/vm1/ansible.yml | 2 - host_vars/vm1/networking.yml | 24 --- host_vars/vm1/vpn.yml | 13 -- host_vars/vm2/ansible.yml | 2 - host_vars/vm2/networking.yml | 11 -- host_vars/vm2/vpn.yml | 13 -- host_vars/vm3/ansible.yml | 2 - host_vars/vm3/networking.yml | 14 -- host_vars/vm3/vpn.yml | 13 -- host_vars/vm4/ansible.yml | 2 - host_vars/vm4/networking.yml | 14 -- host_vars/vm4/vpn.yml | 13 -- host_vars/vm5/ansible.yml | 2 - host_vars/vm5/networking.yml | 15 -- hosts | 16 +- .../handlers/main.yml | 5 + roles/prometheus-node-exporter/tasks/main.yml | 16 +- .../templates/prometheus-node-exporter | 138 ++++++++++++++++++ 24 files changed, 170 insertions(+), 157 deletions(-) delete mode 100644 host_vars/vm1/ansible.yml delete mode 100644 host_vars/vm1/networking.yml delete mode 100644 host_vars/vm1/vpn.yml delete mode 100644 host_vars/vm2/ansible.yml delete mode 100644 host_vars/vm2/networking.yml delete mode 100644 host_vars/vm2/vpn.yml delete mode 100644 host_vars/vm3/ansible.yml delete mode 100644 host_vars/vm3/networking.yml delete mode 100644 host_vars/vm3/vpn.yml delete mode 100644 host_vars/vm4/ansible.yml delete mode 100644 host_vars/vm4/networking.yml delete mode 100644 host_vars/vm4/vpn.yml delete mode 100644 host_vars/vm5/ansible.yml delete mode 100644 host_vars/vm5/networking.yml create mode 100644 roles/prometheus-node-exporter/handlers/main.yml create mode 100644 roles/prometheus-node-exporter/templates/prometheus-node-exporter diff --git a/books/monitoring.yml b/books/monitoring.yml index c344359..5b27479 100644 --- a/books/monitoring.yml +++ b/books/monitoring.yml @@ -1,6 +1,6 @@ #!/usr/bin/env ansible-playbook --- -- hosts: prometheus-server +- hosts: prometheus_server roles: - prometheus diff --git a/host_vars/azerty/networking.yml b/host_vars/azerty/networking.yml index 04d24d7..52a91b9 100644 --- a/host_vars/azerty/networking.yml +++ b/host_vars/azerty/networking.yml @@ -12,3 +12,5 @@ interfaces: ipv4_forwarding: false ipv6_forwarding: false + +lan_address: "{{ intranet.subnets.physical.subnets.azerty.ipv4 }}" diff --git a/host_vars/hellman/networking.yml b/host_vars/hellman/networking.yml index 17eeafe..c4a499e 100644 --- a/host_vars/hellman/networking.yml +++ b/host_vars/hellman/networking.yml @@ -22,3 +22,5 @@ interfaces: ipv4_forwarding: true ipv6_forwarding: false + +lan_address: "{{ intranet.subnets.physical.subnets.hellman.ipv4 }}" diff --git a/host_vars/hindley/networking.yml b/host_vars/hindley/networking.yml index 6826896..efdd3e5 100644 --- a/host_vars/hindley/networking.yml +++ b/host_vars/hindley/networking.yml @@ -10,3 +10,5 @@ interfaces: ipv4_forwarding: true ipv6_forwarding: false + +lan_address: "{{ intranet.subnets.physical.subnets.hindley.ipv4 }}" diff --git a/host_vars/matrix_server/networking.yml b/host_vars/matrix_server/networking.yml index 3da7101..de2694d 100644 --- a/host_vars/matrix_server/networking.yml +++ b/host_vars/matrix_server/networking.yml @@ -9,3 +9,5 @@ interfaces: ipv4_forwarding: false ipv6_forwarding: false + +lan_address: "{{ intranet.subnets.physical.subnets.matrix.ipv4 }}" diff --git a/host_vars/rossum/networking.yml b/host_vars/rossum/networking.yml index 6bcc4ed..fe3abce 100644 --- a/host_vars/rossum/networking.yml +++ b/host_vars/rossum/networking.yml @@ -12,3 +12,5 @@ interfaces: ipv4_forwarding: false ipv6_forwarding: false + +lan_address: "{{ intranet.subnets.physical.subnets.rossum.ipv4 }}" diff --git a/host_vars/vm1/ansible.yml b/host_vars/vm1/ansible.yml deleted file mode 100644 index 7827357..0000000 --- a/host_vars/vm1/ansible.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -ansible_host: "vm1" diff --git a/host_vars/vm1/networking.yml b/host_vars/vm1/networking.yml deleted file mode 100644 index 3ac5ae7..0000000 --- a/host_vars/vm1/networking.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -interfaces: - enp0s3: - type: void - br0: - ipv4: 10.0.2.5 - netmaskv4: 24 - type: static - bridge: true - gateway: 10.0.2.1 - interfaces: - - enp0s3 - br1: - type: manual - bridge: true - interfaces: - - enp0s3.42 - wg0: - ipv4: "{{ intranet.subnets.test.subnets.vm1.ipv4 }}" - netmaskv4: "{{ intranet.netmaskv4 }}" - type: wireguard - -ipv4_forwarding: false -ipv6_forwarding: false diff --git a/host_vars/vm1/vpn.yml b/host_vars/vm1/vpn.yml deleted file mode 100644 index 349ec5a..0000000 --- a/host_vars/vm1/vpn.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -vpn_interfaces: - wg0: - ip: "{{ interfaces.wg0.ipv4 }}" - private_key: "{{ vpn_vault_vm1_key }}" - public_key: "uccS/p19vinH/S2GpVarDTYah4oRiSIABue8uEqKzRs=" - keepalive: true - peers: - - endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}" - public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}" - allowed_ips: - - "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}" - comment: "hindley" diff --git a/host_vars/vm2/ansible.yml b/host_vars/vm2/ansible.yml deleted file mode 100644 index da11026..0000000 --- a/host_vars/vm2/ansible.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -ansible_host: "vm2" diff --git a/host_vars/vm2/networking.yml b/host_vars/vm2/networking.yml deleted file mode 100644 index f05677f..0000000 --- a/host_vars/vm2/networking.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -interfaces: - enp0s3: - type: dhcp - wg0: - ipv4: "{{ intranet.subnets.test.subnets.vm2.ipv4 }}" - netmaskv4: "{{ intranet.netmaskv4 }}" - type: wireguard - -ipv4_forwarding: false -ipv6_forwarding: false diff --git a/host_vars/vm2/vpn.yml b/host_vars/vm2/vpn.yml deleted file mode 100644 index cce5491..0000000 --- a/host_vars/vm2/vpn.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -vpn_interfaces: - wg0: - ip: "{{ interfaces.wg0.ipv4 }}" - private_key: "{{ vpn_vault_vm2_key }}" - public_key: "pxsYnL8N3VVVLlkXA8NOkqWsrSMrgdL1vj/VnZfKdRo=" - keepalive: true - peers: - - endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}" - public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}" - allowed_ips: - - "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}" - comment: "hindley" diff --git a/host_vars/vm3/ansible.yml b/host_vars/vm3/ansible.yml deleted file mode 100644 index bd11ecb..0000000 --- a/host_vars/vm3/ansible.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -ansible_host: "vm3" diff --git a/host_vars/vm3/networking.yml b/host_vars/vm3/networking.yml deleted file mode 100644 index 71acd30..0000000 --- a/host_vars/vm3/networking.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -interfaces: - enp0s3: - ipv4: 10.0.2.7 - netmaskv4: 24 - type: static - gateway: 10.0.2.1 - wg0: - ipv4: "{{ intranet.subnets.test.subnets.vm3.ipv4 }}" - netmaskv4: "{{ intranet.netmaskv4 }}" - type: wireguard - -ipv4_forwarding: false -ipv6_forwarding: false diff --git a/host_vars/vm3/vpn.yml b/host_vars/vm3/vpn.yml deleted file mode 100644 index f6cf0a9..0000000 --- a/host_vars/vm3/vpn.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -vpn_interfaces: - wg0: - ip: "{{ interfaces.wg0.ipv4 }}" - private_key: "{{ vpn_vault_vm3_key }}" - public_key: "Cj3HAjXXr9DcmJoOkQkHvLWujZm8h6tBt2d54g0pqEg=" - keepalive: true - peers: - - endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}" - public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}" - allowed_ips: - - "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}" - comment: "hindley" diff --git a/host_vars/vm4/ansible.yml b/host_vars/vm4/ansible.yml deleted file mode 100644 index 131eced..0000000 --- a/host_vars/vm4/ansible.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -ansible_host: "vm4" diff --git a/host_vars/vm4/networking.yml b/host_vars/vm4/networking.yml deleted file mode 100644 index 1e9e9b4..0000000 --- a/host_vars/vm4/networking.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -interfaces: - enp0s3: - ipv4: 10.0.2.8 - netmaskv4: 24 - type: static - gateway: 10.0.2.1 - wg0: - ipv4: "{{ intranet.subnets.test.subnets.vm4.ipv4 }}" - netmaskv4: "{{ intranet.netmaskv4 }}" - type: wireguard - -ipv4_forwarding: false -ipv6_forwarding: false diff --git a/host_vars/vm4/vpn.yml b/host_vars/vm4/vpn.yml deleted file mode 100644 index ccd2acb..0000000 --- a/host_vars/vm4/vpn.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -vpn_interfaces: - wg0: - ip: "{{ interfaces.wg0.ipv4 }}" - private_key: "{{ vpn_vault_vm4_key }}" - public_key: "5M84IO6uobYkMPupCI9h9y3iJXVIXAyDY8wkrMPcaRw=" - keepalive: true - peers: - - endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}" - public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}" - allowed_ips: - - "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}" - comment: "hindley" diff --git a/host_vars/vm5/ansible.yml b/host_vars/vm5/ansible.yml deleted file mode 100644 index 30c6274..0000000 --- a/host_vars/vm5/ansible.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -ansible_host: "vm5" diff --git a/host_vars/vm5/networking.yml b/host_vars/vm5/networking.yml deleted file mode 100644 index 5753321..0000000 --- a/host_vars/vm5/networking.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -interfaces: - enp0s3: - type: void - br0: - ipv4: 10.0.2.9 - netmaskv4: 24 - type: static - bridge: true - gateway: 10.0.2.1 - interfaces: - - enp0s3 - -ipv4_forwarding: false -ipv6_forwarding: false diff --git a/hosts b/hosts index f9973e1..2b5c2c9 100644 --- a/hosts +++ b/hosts @@ -4,17 +4,12 @@ all: ubuntu: hosts: hindley: - vm5: debian_buster: hosts: azerty: - vm1: - vm2: - vm3: debian_bullseye: hosts: matrix_server: - vm4: proxmox_buster: hosts: hellman: @@ -34,11 +29,6 @@ all: server_hostname: azerty.fil.sand.auro.re tests: hosts: - vm1: - vm2: - vm3: - vm4: - vm5: rossum: vpn: hosts: @@ -46,15 +36,11 @@ all: hindley: hellman: rossum: - vm1: - vm2: - vm3: - vm4: matrix_server: apt_proxies: hosts: hindley: - prometheus-server: + prometheus_server: hosts: hindley: matrix: diff --git a/roles/prometheus-node-exporter/handlers/main.yml b/roles/prometheus-node-exporter/handlers/main.yml new file mode 100644 index 0000000..f55aedb --- /dev/null +++ b/roles/prometheus-node-exporter/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Restart prometheus-node-exporter + systemd: + name: prometheus-node-exporter + state: restarted diff --git a/roles/prometheus-node-exporter/tasks/main.yml b/roles/prometheus-node-exporter/tasks/main.yml index a58aa28..0a1b4fd 100644 --- a/roles/prometheus-node-exporter/tasks/main.yml +++ b/roles/prometheus-node-exporter/tasks/main.yml @@ -14,4 +14,18 @@ # Create the file --web.config=/etc/node_exporter/config.yaml # and add --web.config=/etc/node_exporter/config.yaml to # the args in /etc/default/prometheus-node-exporter -# + +- name: Setup the arguments for node-exporter + template: + src: prometheus-node-exporter + dest: /etc/default/prometheus-node-exporter + owner: root + group: root + mode: '0644' + notify: Restart prometheus-node-exporter + vars: + args: + - name: web.listen-address + value: "{{ lan_address }}:9100" +# - name: web.config +# value: /etc/node_exporter/config.yaml diff --git a/roles/prometheus-node-exporter/templates/prometheus-node-exporter b/roles/prometheus-node-exporter/templates/prometheus-node-exporter new file mode 100644 index 0000000..a42b81f --- /dev/null +++ b/roles/prometheus-node-exporter/templates/prometheus-node-exporter @@ -0,0 +1,138 @@ +{{ ansible_managed | comment }} + +# Set the command-line arguments to pass to the server. +# Due to shell scaping, to pass backslashes for regexes, you need to double +# them (\\d for \d). If running under systemd, you need to double them again +# (\\\\d to mean \d), and escape newlines too. +{% if not args %} +ARGS="" +{% else %} +ARGS="\ +{% for arg in args %} + --{{ arg.name }}={{ arg.value }} \ +{% endfor %} +" +{% endif %} + +# Prometheus-node-exporter supports the following options: +# +# --collector.diskstats.ignored-devices="^(ram|loop|fd|(h|s|v|xv)d[a-z]|nvme\\d+n\\d+p)\\d+$" +# Regexp of devices to ignore for diskstats. +# --collector.filesystem.ignored-mount-points="^/(dev|proc|run|sys|mnt|media|var/lib/docker)($|/)" +# Regexp of mount points to ignore for filesystem +# collector. +# --collector.filesystem.ignored-fs-types="^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$" +# Regexp of filesystem types to ignore for +# filesystem collector. +# --collector.netdev.ignored-devices="^lo$" +# Regexp of net devices to ignore for netdev +# collector. +# --collector.netstat.fields="^(.*_(InErrors|InErrs)|Ip_Forwarding|Ip(6|Ext)_(InOctets|OutOctets)|Icmp6?_(InMsgs|OutMsgs)|TcpExt_(Listen.*|Syncookies.*)|Tcp_(ActiveOpens|PassiveOpens|RetransSegs|CurrEstab)|Udp6?_(InDatagrams|OutDatagrams|NoPorts))$" +# Regexp of fields to return for netstat +# collector. +# --collector.ntp.server="127.0.0.1" +# NTP server to use for ntp collector +# --collector.ntp.protocol-version=4 +# NTP protocol version +# --collector.ntp.server-is-local +# Certify that collector.ntp.server address is the +# same local host as this collector. +# --collector.ntp.ip-ttl=1 IP TTL to use while sending NTP query +# --collector.ntp.max-distance=3.46608s +# Max accumulated distance to the root +# --collector.ntp.local-offset-tolerance=1ms +# Offset between local clock and local ntpd time +# to tolerate +# --path.procfs="/proc" procfs mountpoint. +# --path.sysfs="/sys" sysfs mountpoint. +# --collector.qdisc.fixtures="" +# test fixtures to use for qdisc collector +# end-to-end testing +# --collector.runit.servicedir="/etc/service" +# Path to runit service directory. +# --collector.supervisord.url="http://localhost:9001/RPC2" +# XML RPC endpoint. +# --collector.systemd.unit-whitelist=".+" +# Regexp of systemd units to whitelist. Units must +# both match whitelist and not match blacklist to +# be included. +# --collector.systemd.unit-blacklist=".+(\\.device|\\.scope|\\.slice|\\.target)" +# Regexp of systemd units to blacklist. Units must +# both match whitelist and not match blacklist to +# be included. +# --collector.systemd.private +# Establish a private, direct connection to +# systemd without dbus. +# --collector.textfile.directory="/var/lib/prometheus/node-exporter" +# Directory to read text files with metrics from. +# --collector.vmstat.fields="^(oom_kill|pgpg|pswp|pg.*fault).*" +# Regexp of fields to return for vmstat collector. +# --collector.wifi.fixtures="" +# test fixtures to use for wifi collector metrics +# --collector.arp Enable the arp collector (default: enabled). +# --collector.bcache Enable the bcache collector (default: enabled). +# --collector.bonding Enable the bonding collector (default: enabled). +# --collector.buddyinfo Enable the buddyinfo collector (default: +# disabled). +# --collector.conntrack Enable the conntrack collector (default: +# enabled). +# --collector.cpu Enable the cpu collector (default: enabled). +# --collector.diskstats Enable the diskstats collector (default: +# enabled). +# --collector.drbd Enable the drbd collector (default: disabled). +# --collector.edac Enable the edac collector (default: enabled). +# --collector.entropy Enable the entropy collector (default: enabled). +# --collector.filefd Enable the filefd collector (default: enabled). +# --collector.filesystem Enable the filesystem collector (default: +# enabled). +# --collector.hwmon Enable the hwmon collector (default: enabled). +# --collector.infiniband Enable the infiniband collector (default: +# enabled). +# --collector.interrupts Enable the interrupts collector (default: +# disabled). +# --collector.ipvs Enable the ipvs collector (default: enabled). +# --collector.ksmd Enable the ksmd collector (default: disabled). +# --collector.loadavg Enable the loadavg collector (default: enabled). +# --collector.logind Enable the logind collector (default: disabled). +# --collector.mdadm Enable the mdadm collector (default: enabled). +# --collector.meminfo Enable the meminfo collector (default: enabled). +# --collector.meminfo_numa Enable the meminfo_numa collector (default: +# disabled). +# --collector.mountstats Enable the mountstats collector (default: +# disabled). +# --collector.netdev Enable the netdev collector (default: enabled). +# --collector.netstat Enable the netstat collector (default: enabled). +# --collector.nfs Enable the nfs collector (default: enabled). +# --collector.nfsd Enable the nfsd collector (default: enabled). +# --collector.ntp Enable the ntp collector (default: disabled). +# --collector.qdisc Enable the qdisc collector (default: disabled). +# --collector.runit Enable the runit collector (default: disabled). +# --collector.sockstat Enable the sockstat collector (default: +# enabled). +# --collector.stat Enable the stat collector (default: enabled). +# --collector.supervisord Enable the supervisord collector (default: +# disabled). +# --collector.systemd Enable the systemd collector (default: enabled). +# --collector.tcpstat Enable the tcpstat collector (default: +# disabled). +# --collector.textfile Enable the textfile collector (default: +# enabled). +# --collector.time Enable the time collector (default: enabled). +# --collector.uname Enable the uname collector (default: enabled). +# --collector.vmstat Enable the vmstat collector (default: enabled). +# --collector.wifi Enable the wifi collector (default: enabled). +# --collector.xfs Enable the xfs collector (default: enabled). +# --collector.zfs Enable the zfs collector (default: enabled). +# --collector.timex Enable the timex collector (default: enabled). +# --web.listen-address=":9100" +# Address on which to expose metrics and web +# interface. +# --web.telemetry-path="/metrics" +# Path under which to expose metrics. +# --log.level="info" Only log messages with the given severity or +# above. Valid levels: [debug, info, warn, error, +# fatal] +# --log.format="logger:stderr" +# Set the log target and format. Example: +# "logger:syslog?appname=bob&local=7" or +# "logger:stdout?json=true" From 7cfc79f4b8c08c67aa296a116b3b554af98124ad Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Mon, 6 Sep 2021 00:26:11 +0200 Subject: [PATCH 07/54] temporary hard coded ip for tests --- roles/prometheus/templates/prometheus.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/prometheus/templates/prometheus.yml b/roles/prometheus/templates/prometheus.yml index d54ce68..da171dd 100644 --- a/roles/prometheus/templates/prometheus.yml +++ b/roles/prometheus/templates/prometheus.yml @@ -36,4 +36,4 @@ scrape_configs: # If prometheus-node-exporter is installed, grab stats about the local # machine by default. static_configs: - - targets: ['localhost:9100'] + - targets: ['172.20.1.1:9100'] From e691ca45b0f18e43234fedabf829ab89a7329c93 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Mon, 6 Sep 2021 00:30:05 +0200 Subject: [PATCH 08/54] "restart prometheus instead of reloading" --- roles/prometheus/handlers/main.yml | 4 ++-- roles/prometheus/tasks/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/prometheus/handlers/main.yml b/roles/prometheus/handlers/main.yml index 5e41963..7939649 100644 --- a/roles/prometheus/handlers/main.yml +++ b/roles/prometheus/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: Reload prometheus +- name: Restart prometheus systemd: name: prometheus - state: reloaded + state: restarted diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 61b76e1..943a73e 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -26,7 +26,7 @@ owner: root group: root mode: '0640' - notify: Reload prometheus + notify: Restart prometheus no_log: true From 95b729d69cd84d26a38c309779bbfbfae24e8727 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Mon, 6 Sep 2021 00:55:47 +0200 Subject: [PATCH 09/54] some more security --- roles/prometheus/tasks/main.yml | 4 ++-- roles/prometheus/templates/prometheus.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 943a73e..cef673e 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -23,8 +23,8 @@ template: src: prometheus.yml dest: /etc/prometheus/prometheus.yml - owner: root - group: root + owner: prometheus + group: prometheus mode: '0640' notify: Restart prometheus no_log: true diff --git a/roles/prometheus/templates/prometheus.yml b/roles/prometheus/templates/prometheus.yml index da171dd..80a1a80 100644 --- a/roles/prometheus/templates/prometheus.yml +++ b/roles/prometheus/templates/prometheus.yml @@ -30,10 +30,10 @@ scrape_configs: # scheme defaults to 'http'. static_configs: - - targets: ['localhost:9090'] + - targets: ['{{ lan_address }}:9090'] - job_name: node # If prometheus-node-exporter is installed, grab stats about the local # machine by default. static_configs: - - targets: ['172.20.1.1:9100'] + - targets: ['{{ lan_address }}:9100'] From a4fc24de9953e6956f2fc14ef42fa26dfad16171 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Mon, 6 Sep 2021 01:13:54 +0200 Subject: [PATCH 10/54] restrict prometheus end-point to lan address --- roles/prometheus/tasks/main.yml | 13 +++++- roles/prometheus/templates/prometheus | 67 +++++++++++++++++++++++++++ 2 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 roles/prometheus/templates/prometheus diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index cef673e..735720a 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -29,4 +29,15 @@ notify: Restart prometheus no_log: true - +- name: Setup the arguments for node-exporter + template: + src: prometheus + dest: /etc/default/prometheus + owner: root + group: root + mode: '0644' + notify: Restart prometheus + vars: + args: + - name: web.listen-address + value: "{{ lan_address }}:9100" diff --git a/roles/prometheus/templates/prometheus b/roles/prometheus/templates/prometheus new file mode 100644 index 0000000..f9b387f --- /dev/null +++ b/roles/prometheus/templates/prometheus @@ -0,0 +1,67 @@ +{{ ansible_managed | comment }} + +# Set the command-line arguments to pass to the server. +{% if not args %} +ARGS="" +{% else %} +ARGS="\ +{% for arg in args %} + --{{ arg.name }}={{ arg.value }} \ +{% endfor %} +" +{% endif %} + +# Prometheus supports the following options: +# --config.file="/etc/prometheus/prometheus.yml" +# Prometheus configuration file path. +# --web.listen-address="0.0.0.0:9090" +# Address to listen on for UI, API, and telemetry. +# --web.read-timeout=5m Maximum duration before timing out read of the +# request, and closing idle connections. +# --web.max-connections=512 Maximum number of simultaneous connections. +# --web.external-url= The URL under which Prometheus is externally +# reachable (for example, if Prometheus is served +# via a reverse proxy). Used for generating +# relative and absolute links back to Prometheus +# itself. If the URL has a path portion, it will +# be used to prefix all HTTP endpoints served by +# Prometheus. If omitted, relevant URL components +# will be derived automatically. +# --web.route-prefix= Prefix for the internal routes of web endpoints. +# Defaults to path of --web.external-url. +# --web.local-assets="/usr/share/prometheus/web/" +# Path to static asset/templates directory. +# --web.user-assets= Path to static asset directory, available at +# /user. +# --web.enable-lifecycle Enable shutdown and reload via HTTP request. +# --web.enable-admin-api Enables API endpoints for admin control actions. +# --web.console.templates="/etc/prometheus/consoles" +# Path to the console template directory, +# available at /consoles. +# --web.console.libraries="/etc/prometheus/console_libraries" +# Path to the console library directory. +# --storage.tsdb.path="/var/lib/prometheus/metrics2/" +# Base path for metrics storage. +# --storage.tsdb.min-block-duration=2h +# Minimum duration of a data block before being +# persisted. +# --storage.tsdb.max-block-duration= +# Maximum duration compacted blocks may span. +# (Defaults to 10% of the retention period) +# --storage.tsdb.retention=15d +# How long to retain samples in the storage. +# --storage.tsdb.use-lockfile +# Create a lockfile in data directory. +# --alertmanager.notification-queue-capacity=10000 +# The capacity of the queue for pending alert +# manager notifications. +# --alertmanager.timeout=10s +# Timeout for sending alerts to Alertmanager. +# --query.lookback-delta=5m The delta difference allowed for retrieving +# metrics during expression evaluations. +# --query.timeout=2m Maximum time a query may take before being +# aborted. +# --query.max-concurrency=20 +# Maximum number of queries executed concurrently. +# --log.level=info Only log messages with the given severity or +# above. One of: [debug, info, warn, error] From 53d76db9b4667abb22ab08c1c79878179c1da7d8 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Mon, 6 Sep 2021 01:16:09 +0200 Subject: [PATCH 11/54] oupsi --- roles/prometheus/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 735720a..8ee3667 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -40,4 +40,4 @@ vars: args: - name: web.listen-address - value: "{{ lan_address }}:9100" + value: "{{ lan_address }}:9090" From f8ba4916a4eb228499f07a70d8aeda75f024109c Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Mon, 6 Sep 2021 01:18:10 +0200 Subject: [PATCH 12/54] don't install smarttools --- roles/prometheus-node-exporter/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/prometheus-node-exporter/tasks/main.yml b/roles/prometheus-node-exporter/tasks/main.yml index 0a1b4fd..444a748 100644 --- a/roles/prometheus-node-exporter/tasks/main.yml +++ b/roles/prometheus-node-exporter/tasks/main.yml @@ -5,6 +5,7 @@ - prometheus-node-exporter state: latest update_cache: true + install_recommends: false # Do not install smartmontools register: apt_result retries: 3 until: apt_result is succeeded From 4246172c250e14c1772453509d22c0ab1762825e Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Tue, 7 Sep 2021 11:42:42 +0200 Subject: [PATCH 13/54] update rossum networking config --- host_vars/rossum/networking.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/host_vars/rossum/networking.yml b/host_vars/rossum/networking.yml index fe3abce..a34b62e 100644 --- a/host_vars/rossum/networking.yml +++ b/host_vars/rossum/networking.yml @@ -1,10 +1,7 @@ --- interfaces: eth0: - ipv4: 192.168.0.50 - netmaskv4: 24 - type: static - gateway: 192.168.0.1 + type: dhcp wg0: ipv4: "{{ intranet.subnets.physical.subnets.rossum.ipv4 }}" netmaskv4: "{{ intranet.netmaskv4 }}" From f870215c180ec81d45a28cd5de15fd7f7993a103 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Mon, 20 Sep 2021 14:15:46 +0200 Subject: [PATCH 14/54] add the ansible hacky pki generate-cert role --- roles/generate-cert/LICENSE | 167 ++++++++++++++++++++++++++ roles/generate-cert/README.md | 9 ++ roles/generate-cert/defaults/main.yml | 7 ++ roles/generate-cert/tasks/main.yml | 136 +++++++++++++++++++++ 4 files changed, 319 insertions(+) create mode 100644 roles/generate-cert/LICENSE create mode 100644 roles/generate-cert/README.md create mode 100644 roles/generate-cert/defaults/main.yml create mode 100644 roles/generate-cert/tasks/main.yml diff --git a/roles/generate-cert/LICENSE b/roles/generate-cert/LICENSE new file mode 100644 index 0000000..f234cd5 --- /dev/null +++ b/roles/generate-cert/LICENSE @@ -0,0 +1,167 @@ + GNU LESSER GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + + This version of the GNU Lesser General Public License incorporates +the terms and conditions of version 3 of the GNU General Public +License, supplemented by the additional permissions listed below. + + 0. Additional Definitions. + + As used herein, "this License" refers to version 3 of the GNU Lesser +General Public License, and the "GNU GPL" refers to version 3 of the GNU +General Public License. + + "The Library" refers to a covered work governed by this License, +other than an Application or a Combined Work as defined below. + + An "Application" is any work that makes use of an interface provided +by the Library, but which is not otherwise based on the Library. +Defining a subclass of a class defined by the Library is deemed a mode +of using an interface provided by the Library. + + A "Combined Work" is a work produced by combining or linking an +Application with the Library. The particular version of the Library +with which the Combined Work was made is also called the "Linked +Version". + + The "Minimal Corresponding Source" for a Combined Work means the +Corresponding Source for the Combined Work, excluding any source code +for portions of the Combined Work that, considered in isolation, are +based on the Application, and not on the Linked Version. + + The "Corresponding Application Code" for a Combined Work means the +object code and/or source code for the Application, including any data +and utility programs needed for reproducing the Combined Work from the +Application, but excluding the System Libraries of the Combined Work. + + 1. Exception to Section 3 of the GNU GPL. + + You may convey a covered work under sections 3 and 4 of this License +without being bound by section 3 of the GNU GPL. + + 2. Conveying Modified Versions. + + If you modify a copy of the Library, and, in your modifications, a +facility refers to a function or data to be supplied by an Application +that uses the facility (other than as an argument passed when the +facility is invoked), then you may convey a copy of the modified +version: + + a) under this License, provided that you make a good faith effort to + ensure that, in the event an Application does not supply the + function or data, the facility still operates, and performs + whatever part of its purpose remains meaningful, or + + b) under the GNU GPL, with none of the additional permissions of + this License applicable to that copy. + + 3. Object Code Incorporating Material from Library Header Files. + + The object code form of an Application may incorporate material from +a header file that is part of the Library. You may convey such object +code under terms of your choice, provided that, if the incorporated +material is not limited to numerical parameters, data structure +layouts and accessors, or small macros, inline functions and templates +(ten or fewer lines in length), you do both of the following: + + a) Give prominent notice with each copy of the object code that the + Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the object code with a copy of the GNU GPL and this license + document. + + 4. Combined Works. + + You may convey a Combined Work under terms of your choice that, +taken together, effectively do not restrict modification of the +portions of the Library contained in the Combined Work and reverse +engineering for debugging such modifications, if you also do each of +the following: + + a) Give prominent notice with each copy of the Combined Work that + the Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the Combined Work with a copy of the GNU GPL and this license + document. + + c) For a Combined Work that displays copyright notices during + execution, include the copyright notice for the Library among + these notices, as well as a reference directing the user to the + copies of the GNU GPL and this license document. + + d) Do one of the following: + + 0) Convey the Minimal Corresponding Source under the terms of this + License, and the Corresponding Application Code in a form + suitable for, and under terms that permit, the user to + recombine or relink the Application with a modified version of + the Linked Version to produce a modified Combined Work, in the + manner specified by section 6 of the GNU GPL for conveying + Corresponding Source. + + 1) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (a) uses at run time + a copy of the Library already present on the user's computer + system, and (b) will operate properly with a modified version + of the Library that is interface-compatible with the Linked + Version. + + e) Provide Installation Information, but only if you would otherwise + be required to provide such information under section 6 of the + GNU GPL, and only to the extent that such information is + necessary to install and execute a modified version of the + Combined Work produced by recombining or relinking the + Application with a modified version of the Linked Version. (If + you use option 4d0, the Installation Information must accompany + the Minimal Corresponding Source and Corresponding Application + Code. If you use option 4d1, you must provide the Installation + Information in the manner specified by section 6 of the GNU GPL + for conveying Corresponding Source.) + + 5. Combined Libraries. + + You may place library facilities that are a work based on the +Library side by side in a single library together with other library +facilities that are not Applications and are not covered by this +License, and convey such a combined library under terms of your +choice, if you do both of the following: + + a) Accompany the combined library with a copy of the same work based + on the Library, uncombined with any other library facilities, + conveyed under the terms of this License. + + b) Give prominent notice with the combined library that part of it + is a work based on the Library, and explaining where to find the + accompanying uncombined form of the same work. + + 6. Revised Versions of the GNU Lesser General Public License. + + The Free Software Foundation may publish revised and/or new versions +of the GNU Lesser General Public License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. + + Each version is given a distinguishing version number. If the +Library as you received it specifies that a certain numbered version +of the GNU Lesser General Public License "or any later version" +applies to it, you have the option of following the terms and +conditions either of that published version or of any later version +published by the Free Software Foundation. If the Library as you +received it does not specify a version number of the GNU Lesser +General Public License, you may choose any version of the GNU Lesser +General Public License ever published by the Free Software Foundation. + + If the Library as you received it specifies that a proxy can decide +whether future versions of the GNU Lesser General Public License shall +apply, that proxy's public statement of acceptance of any version is +permanent authorization for you to choose that version for the +Library. + + diff --git a/roles/generate-cert/README.md b/roles/generate-cert/README.md new file mode 100644 index 0000000..ce5aeca --- /dev/null +++ b/roles/generate-cert/README.md @@ -0,0 +1,9 @@ +# generate-cert + +This role is part of the project [Ansible Hacky PKI](https://gitea.auro.re/histausse/ansible_hacky_pki) licenced under the LGPL 3. + +You can use it to generate certificate and manage de small pki, but keep it mind that this program is distributed **WITHOUT ANY WARRANTY**. +In particular, the **security** of the pki generated and the process of generated the pki **is not guaranteed**. If you find any vulnerability, +please contact me to see if we can find a patch. + +Copyright 2021 Jean-Marie Mineau diff --git a/roles/generate-cert/defaults/main.yml b/roles/generate-cert/defaults/main.yml new file mode 100644 index 0000000..db793c5 --- /dev/null +++ b/roles/generate-cert/defaults/main.yml @@ -0,0 +1,7 @@ +--- +key_usage: + - digitalSignature + - keyEncipherment +validity_duration: "+365d" +time_before_expiration_for_renewal: "+30d" # need a better name +force_renewal: no diff --git a/roles/generate-cert/tasks/main.yml b/roles/generate-cert/tasks/main.yml new file mode 100644 index 0000000..8850257 --- /dev/null +++ b/roles/generate-cert/tasks/main.yml @@ -0,0 +1,136 @@ +--- +- name: Ensure the directory containing the cert exist + file: + path: "{{ directory }}" + state: directory + +- name: Test if the key already exist + stat: + path: "{{ directory }}/{{ cname }}.key" + register: key_file + +- name: Test if the cert already exist + stat: + path: "{{ directory }}/{{ cname }}.crt" + register: cert_file + +- name: Test if we need to renew the certificate + openssl_certificate_info: + path: "{{ directory }}/{{ cname }}.crt" + valid_at: + renewal: "{{ time_before_expiration_for_renewal }}" + register: validity + when: cert_file.stat.exists + +- name: Generate the certificate + block: + - name: Generate private key + become: false + openssl_privatekey: + path: "/tmp/ansible_hacky_pki_{{ cname }}.key" + mode: u=rw,g=,o= + size: "{{ key_size | default(omit) }}" + delegate_to: localhost + + - name: Generate a Certificate Signing Request + become: false + openssl_csr: + path: "/tmp/ansible_hacky_pki_{{ cname }}.csr" + privatekey_path: "/tmp/ansible_hacky_pki_{{ cname }}.key" + common_name: "{{ cname }}" + country_name: "{{ country_name | default(omit) }}" + locality_name: "{{ locality_name | default(omit) }}" + state_or_province_name: "{{ state_or_province_name | default(omit) }}" + organization_name: "{{ organization_name | default(omit) }}" + organizational_unit_name: "{{ organizational_unit_name | default(omit) }}" + email_address: "{{ email_address | default(omit) }}" + basic_constraints: + - CA:FALSE # syntax? + basic_constraints_critical: yes + key_usage: "{{ key_usage }}" + key_usage_critical: yes + subject_alt_name: "{{ subject_alt_name | default(omit) }}" + crl_distribution_points: "{{ crl_distribution_points | default(omit) }}" + delegate_to: localhost + + - name: Put the CA in a file + become: false + copy: + content: "{{ ca_cert }}" + dest: "/tmp/ansible_hacky_pki_ca.crt" + delegate_to: localhost + + - name: Put the CA key in a file + become: false + copy: + content: "{{ ca_key }}" + dest: "/tmp/ansible_hacky_pki_ca.key" + mode: u=rw,g=,o= + delegate_to: localhost + no_log: yes + + - name: Sign the certificate + become: false + openssl_certificate: + path: "/tmp/ansible_hacky_pki_{{ cname }}.crt" + csr_path: "/tmp/ansible_hacky_pki_{{ cname }}.csr" + ownca_not_after: "{{ validity_duration }}" + ownca_path: /tmp/ansible_hacky_pki_ca.crt + ownca_privatekey_passphrase: "{{ ca_passphrase }}" + ownca_privatekey_path: /tmp/ansible_hacky_pki_ca.key + provider: ownca + delegate_to: localhost + + - name: Send private key to the server + copy: + src: "/tmp/ansible_hacky_pki_{{ cname }}.key" + dest: "{{ directory }}/{{ cname }}.key" + owner: "{{ owner | default('root') }}" + group: "{{ group | default('root') }}" + mode: "{{ key_mode | default('u=rw,g=,o=') }}" + no_log: yes + + - name: Send certificate to the server + copy: + src: "/tmp/ansible_hacky_pki_{{ cname }}.crt" + dest: "{{ directory }}/{{ cname }}.crt" + owner: "{{ owner | default('root') }}" + group: "{{ group | default('root') }}" + mode: "{{ key_mode | default('u=rw,g=r,o=r') }}" + + # Clean up + - name: Remove the local cert key + become: false + file: + path: "/tmp/ansible_hacky_pki_{{ cname }}.key" + state: absent + delegate_to: localhost + + - name: Remove the CSR + become: false + file: + path: "/tmp/ansible_hacky_pki_{{ cname }}.csr" + state: absent + delegate_to: localhost + + - name: Remove the local certificate + become: false + file: + path: "/tmp/ansible_hacky_pki_{{ cname }}.crt" + state: absent + delegate_to: localhost + + - name: Remove the CA certificate + become: false + file: + path: /tmp/ansible_hacky_pki_ca.crt + state: absent + delegate_to: localhost + + - name: Remove the CA key + become: false + file: + path: /tmp/ansible_hacky_pki_ca.key + state: absent + delegate_to: localhost + when: force_renewal or (not key_file.stat.exists) or (not cert_file.stat.exists) or (not validity.valid_at.renewal) From 5ae367f05e8aac44acc7b2c4f4660941b1b7c085 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Mon, 20 Sep 2021 14:38:34 +0200 Subject: [PATCH 15/54] add ca cert and key --- group_vars/all/ca.yml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 group_vars/all/ca.yml diff --git a/group_vars/all/ca.yml b/group_vars/all/ca.yml new file mode 100644 index 0000000..a7ab8ba --- /dev/null +++ b/group_vars/all/ca.yml @@ -0,0 +1,36 @@ +--- +ca_passphrase: "{{ vault_ca_passphrase }}" +ca_key: "{{ vault_ca_key }}" +ca_cert: | + -----BEGIN CERTIFICATE----- + MIIFgTCCA2mgAwIBAgIUB0ldkBC9Ivy9/9zeIfkHaA8JIoMwDQYJKoZIhvcNAQEL + BQAwTzELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTEVMBMGA1UECgwMUGFp + bnMtUGVyZHVzMRgwFgYDVQQDDA9jYSBwYWlucyBwZXJkdXMwIBcNMjEwOTIwMTIz + NzUyWhgPMjEyMTA4MjcxMjM3NTJaME8xCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZG + cmFuY2UxFTATBgNVBAoMDFBhaW5zLVBlcmR1czEYMBYGA1UEAwwPY2EgcGFpbnMg + cGVyZHVzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0QS12/nFj2ft + Kc1LwvUvonTZxWJLytVb84N+V2zDytxqs/JsM7crVA5xKslnEXpM3QzKE4eztL/q + ytL9kDo/cmJFulGxc6hWRNc3S1JP2tosxgVh0tMxw2LattC9FRHEmvQSX7FlN61O + 6Hf6TVSw4unAsyGYqr6wwCG+4DHbdEjK5wJlSmBUMnr5OBHFkOlQw/MMeQKoQxOV + 8e7DrUCw8QaX084f5XuYz+oUbrzWspMKrvBzLG2wGVff4sIVjFHXCWFKZcsoFx/6 + iClU8Hsa0XUxNEKTS5u+gKDlvYciplDJeYNs+gMH88YC622hw4+S+dZcJQR6y8bs + WgijHLBOQrs2WYxIKdpPmsaUruObQzXUejisURty7Sn/MTG+Okplm4xq7WBVeYtN + ZjtlqHPy+MwNzQ1MUN2pSzbgRM4SAMf+fKhb9WsPu7mKAIlVRLLUIXJoTgNMpYQV + HlUjYDwUsV4pr8uWjDF+VYmZ1ODRpW6nb83C3WYM45PAVAPZ7wQG1L0xznxSRJbh + rmc0gbRjQdwgbrLQunJMA9iOj2Zsns8ElPQlEspgmeAPolKzcl1HliuMmNpAfFw+ + 5SJPUycsfuTI4RPO3RTA9rmXufwm/1jnQm4TjwioqJA0EelDg90qLVZ7pRbM7M8t + V7rQxfNsPgLeC0UjomQySva704NmVdECAwEAAaNTMFEwHQYDVR0OBBYEFGLjkJqt + 8JZ9MzSKqXEz4GDaURElMB8GA1UdIwQYMBaAFGLjkJqt8JZ9MzSKqXEz4GDaUREl + MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBABDJZwylRoagInKT + O4O96Jb2LWkc1vEAlBfusHCWZ621ifk+51qJHoU3LnbAeJ+jsZplJwXyaas68lUS + LD1WBkAAI2Wj9PU2Hl7qJL1plAzZ40fAhFUuEEoOB07kYFl1l1p0na2BXJEtNRAs + 0uMvvKLOoHWmsN/pJcSrODWpnukVeqIsGyUlGSApuXaizPaNcdTVDPAczNmCSYNw + QK2yWBWkDRMDZ+vJxCHM0E8yy8plRo6C/0BpsLiaXXDJ1XC8SlSaAzKDVqk1xXBN + ancbz7J+a6a+CtwkfaohKGbho2JUIrYr3+67aMn2cBD9bCJS2dNq1UH1tYJRlabU + Zwm+oOmdegpgyOTSI+R4fEfySDaowekwgxkNwFxMGu13p4c9zDDX816gYrH6FRPJ + +vao/44XcoLZ8cwHL5+8cBe5V6hiX1wg/3EcNr1B5jApRQucpcyLxDuX8Fv0zuXM + nG3M70kjxQy+qHHI5ah8kPiq5ojfnBZqx+YJtkLUdj7B/9/gBwKLFbsXiU/ScLTS + XYuj3rNyUNrM1rNlArdtVGNzBM4/Y2KN/Lqd9/PVq87s7AlmzQBU7v5ns907j6PV + 30+Lhx9/kHb7mGApkw/LQ1+Kitak06T/xMfgzKZ2W/1GcwR3gyDySKa+B0V0XgkI + BDuPR7FwM2JG0BR37maKxgDtkR7R + -----END CERTIFICATE----- From 3d094d13eb8f93c2c286e0d6ae71b7b18e36f2d4 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Tue, 21 Sep 2021 12:04:22 +0200 Subject: [PATCH 16/54] use file for node-targets --- roles/prometheus/tasks/main.yml | 13 ++++++++++++- roles/prometheus/templates/node-targets.json | 6 ++++++ roles/prometheus/templates/prometheus.yml | 16 ++++++++++++---- 3 files changed, 30 insertions(+), 5 deletions(-) create mode 100644 roles/prometheus/templates/node-targets.json diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 8ee3667..b296be4 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -29,7 +29,18 @@ notify: Restart prometheus no_log: true -- name: Setup the arguments for node-exporter +- name: Add node targets file + template: + src: node-targets.json + dest: /etc/prometheus/node-targets.json + owner: prometheus + group: prometheus + mode: '0640' + force: no + notify: Restart prometheus + no_log: true + +- name: Setup the arguments for prometheus template: src: prometheus dest: /etc/default/prometheus diff --git a/roles/prometheus/templates/node-targets.json b/roles/prometheus/templates/node-targets.json new file mode 100644 index 0000000..64d12f6 --- /dev/null +++ b/roles/prometheus/templates/node-targets.json @@ -0,0 +1,6 @@ +[ + { + "targets": [ + ] + } +] diff --git a/roles/prometheus/templates/prometheus.yml b/roles/prometheus/templates/prometheus.yml index 80a1a80..4608f3e 100644 --- a/roles/prometheus/templates/prometheus.yml +++ b/roles/prometheus/templates/prometheus.yml @@ -33,7 +33,15 @@ scrape_configs: - targets: ['{{ lan_address }}:9090'] - job_name: node - # If prometheus-node-exporter is installed, grab stats about the local - # machine by default. - static_configs: - - targets: ['{{ lan_address }}:9100'] + file_sd_configs: + - files: + - '/etc/prometheus/node-targets.json' + relabel_configs: + # Do not put :9100 in instance name, rather here + - source_labels: [__address__] + target_label: __param_target + - source_labels: [__param_target] + target_label: instance + - source_labels: [__param_target] + target_label: __address__ + replacement: '$1:9100' From 586244a98f9847be9d0898d4e0100e51f36ea4ad Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Tue, 21 Sep 2021 14:53:25 +0200 Subject: [PATCH 17/54] register nodes on the server --- books/monitoring.yml | 2 +- group_vars/all/vars.yml | 3 +++ hosts | 4 +++- roles/prometheus-node-exporter/tasks/main.yml | 23 +++++++++++++++++++ 4 files changed, 30 insertions(+), 2 deletions(-) diff --git a/books/monitoring.yml b/books/monitoring.yml index 5b27479..133dd87 100644 --- a/books/monitoring.yml +++ b/books/monitoring.yml @@ -1,6 +1,6 @@ #!/usr/bin/env ansible-playbook --- -- hosts: prometheus_server +- hosts: prometheus_servers roles: - prometheus diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index f1e582e..07d86a5 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -2,3 +2,6 @@ # Use python 3 ansible_python_interpreter: /usr/bin/python3 dns_resolve_server: 1.1.1.1 + +# Default prometheus serveur, to overide in host_vars or something +appointed_prometheus_server: hindley diff --git a/hosts b/hosts index 2b5c2c9..9b60703 100644 --- a/hosts +++ b/hosts @@ -30,6 +30,8 @@ all: tests: hosts: rossum: + azerty: + hellman: vpn: hosts: azerty: @@ -40,7 +42,7 @@ all: apt_proxies: hosts: hindley: - prometheus_server: + prometheus_servers: hosts: hindley: matrix: diff --git a/roles/prometheus-node-exporter/tasks/main.yml b/roles/prometheus-node-exporter/tasks/main.yml index 444a748..1c3662f 100644 --- a/roles/prometheus-node-exporter/tasks/main.yml +++ b/roles/prometheus-node-exporter/tasks/main.yml @@ -30,3 +30,26 @@ value: "{{ lan_address }}:9100" # - name: web.config # value: /etc/node_exporter/config.yaml + +# Add the node to the server targets + +- name: Get the list of targets of the server + slurp: + src: /etc/prometheus/node-targets.json + register: server_target_file + delegate_to: "{{ appointed_prometheus_server }}" + +- name: Set target variable + set_fact: + server_target: "{{ server_target_file['content'] | b64decode | from_json }}" + +- name: Add the node to the targets + set_fact: + server_target: "[{{ server_target[0] | combine({'targets': [lan_address]}, list_merge='append_rp') }}]" + +- name: Put the new target list + copy: + content: "{{ server_target | to_nice_json }}" + dest: /etc/prometheus/node-targets.json + delegate_to: "{{ appointed_prometheus_server }}" + From 2a69cb23a6475e86cf1e99eb922327df90c4c784 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Tue, 21 Sep 2021 15:50:15 +0200 Subject: [PATCH 18/54] add configuration to use mSSL --- roles/prometheus-node-exporter/tasks/main.yml | 19 ++++++++++++++++++- .../templates/config.yaml | 7 +++++++ 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 roles/prometheus-node-exporter/templates/config.yaml diff --git a/roles/prometheus-node-exporter/tasks/main.yml b/roles/prometheus-node-exporter/tasks/main.yml index 1c3662f..3f8d8b5 100644 --- a/roles/prometheus-node-exporter/tasks/main.yml +++ b/roles/prometheus-node-exporter/tasks/main.yml @@ -16,13 +16,30 @@ # and add --web.config=/etc/node_exporter/config.yaml to # the args in /etc/default/prometheus-node-exporter +- name: Ensure /etc/node_exporter exist + file: + path: /etc/node_exporter + state: directory + group: prometheus + owner: prometheus + mode: u=rwx,g=rx,o=rx + +- name: Copy the config folder + template: + src: config.yaml + dest: /etc/node_exporter/config.yaml + group: prometheus + owner: prometheus + mode: u=rw,g=r,o=r + notify: Restart prometheus-node-exporter + - name: Setup the arguments for node-exporter template: src: prometheus-node-exporter dest: /etc/default/prometheus-node-exporter owner: root group: root - mode: '0644' + mode: u=rw,g=r,o=r notify: Restart prometheus-node-exporter vars: args: diff --git a/roles/prometheus-node-exporter/templates/config.yaml b/roles/prometheus-node-exporter/templates/config.yaml new file mode 100644 index 0000000..88ced8a --- /dev/null +++ b/roles/prometheus-node-exporter/templates/config.yaml @@ -0,0 +1,7 @@ +{{ ansible_managed | comment }} + +tls_server_config: + cert_file: "/etc/node_exporter/{{ lan_address }}.crt" + key_file: "/etc/node_exporter/{{ lan_address }}.key" + client_auth_type: "RequireAndVerifyClientCert" + client_ca_file: "/etc/node_exporter/ca.crt" From 435e83476493f4508f3d7f7d1767cb3e3ccd6f93 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Tue, 21 Sep 2021 15:50:49 +0200 Subject: [PATCH 19/54] setup some variables for the ca --- group_vars/all/ca.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/group_vars/all/ca.yml b/group_vars/all/ca.yml index a7ab8ba..0f73668 100644 --- a/group_vars/all/ca.yml +++ b/group_vars/all/ca.yml @@ -34,3 +34,24 @@ ca_cert: | 30+Lhx9/kHb7mGApkw/LQ1+Kitak06T/xMfgzKZ2W/1GcwR3gyDySKa+B0V0XgkI BDuPR7FwM2JG0BR37maKxgDtkR7R -----END CERTIFICATE----- +crl_distribution_points: + - full_name: "URI:https://ca.deso-palaiseau.fr/revocations.crl" + reasons: + - key_compromise + - ca_compromise + - affiliation_changed + - superseded + - cessation_of_operation + - certificate_hold + - privilege_withdrawn + - aa_compromise + - full_name: "URI:https://ca-pains-perdus.intra/revocations.crl" + reasons: + - key_compromise + - ca_compromise + - affiliation_changed + - superseded + - cessation_of_operation + - certificate_hold + - privilege_withdrawn + - aa_compromise From 569c9df319be5f6dab86271316ad6aa30d02eb29 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Tue, 21 Sep 2021 16:16:02 +0200 Subject: [PATCH 20/54] add certificates to node exporters --- roles/prometheus-node-exporter/tasks/main.yml | 28 +++++++++++++------ 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/roles/prometheus-node-exporter/tasks/main.yml b/roles/prometheus-node-exporter/tasks/main.yml index 3f8d8b5..87dc4a5 100644 --- a/roles/prometheus-node-exporter/tasks/main.yml +++ b/roles/prometheus-node-exporter/tasks/main.yml @@ -10,12 +10,6 @@ retries: 3 until: apt_result is succeeded -# TODO: add auth -# -# Create the file --web.config=/etc/node_exporter/config.yaml -# and add --web.config=/etc/node_exporter/config.yaml to -# the args in /etc/default/prometheus-node-exporter - - name: Ensure /etc/node_exporter exist file: path: /etc/node_exporter @@ -33,6 +27,24 @@ mode: u=rw,g=r,o=r notify: Restart prometheus-node-exporter +- name: Generate certificate + include_role: + name: generate-cert + vars: + directory: /etc/node_exporter/ + cname: "node-exp-{{ lan_address }}" + owner: prometheus + group: prometheus + key_mode: u=rw,g=,o= + subject_alt_name: "IP:{{ lan_address }}" + notify: Restart prometheus-node-exporter + +- name: Copy the CA cert + copy: + content: "{{ ca_cert }}" + dest: /etc/node_exporter/ca.crt + notify: Restart prometheus-node-exporter + - name: Setup the arguments for node-exporter template: src: prometheus-node-exporter @@ -45,8 +57,8 @@ args: - name: web.listen-address value: "{{ lan_address }}:9100" -# - name: web.config -# value: /etc/node_exporter/config.yaml + - name: web.config + value: /etc/node_exporter/config.yaml # Add the node to the server targets From 5a3268dc37ec0dabf16903b233cc5e3af216e7eb Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Tue, 21 Sep 2021 16:30:49 +0200 Subject: [PATCH 21/54] add mSSL support for the prometheus server --- roles/prometheus-node-exporter/tasks/main.yml | 2 +- roles/prometheus/tasks/main.yml | 18 ++++++++++++++++++ roles/prometheus/templates/prometheus.yml | 5 +++++ 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/roles/prometheus-node-exporter/tasks/main.yml b/roles/prometheus-node-exporter/tasks/main.yml index 87dc4a5..aa6ece6 100644 --- a/roles/prometheus-node-exporter/tasks/main.yml +++ b/roles/prometheus-node-exporter/tasks/main.yml @@ -37,7 +37,7 @@ group: prometheus key_mode: u=rw,g=,o= subject_alt_name: "IP:{{ lan_address }}" - notify: Restart prometheus-node-exporter +# Need an equivalent to notify here - name: Copy the CA cert copy: diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index b296be4..9f252f7 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -19,6 +19,24 @@ owner: prometheus mode: u=rwx,g=rx,o=rx +- name: Generate certificate + include_role: + name: generate-cert + vars: + directory: /etc/prometheus/ + cname: "prometheus-{{ lan_address }}" + owner: prometheus + group: prometheus + key_mode: u=rw,g=,o= + subject_alt_name: "IP:{{ lan_address }}" +# Need an equivalent to notify here + +- name: Copy the CA cert + copy: + content: "{{ ca_cert }}" + dest: /etc/prometheus/ca.crt + notify: Restart prometheus + - name: Setup the prometheus config template: src: prometheus.yml diff --git a/roles/prometheus/templates/prometheus.yml b/roles/prometheus/templates/prometheus.yml index 4608f3e..985620d 100644 --- a/roles/prometheus/templates/prometheus.yml +++ b/roles/prometheus/templates/prometheus.yml @@ -45,3 +45,8 @@ scrape_configs: - source_labels: [__param_target] target_label: __address__ replacement: '$1:9100' + scheme: https + tls_config: + ca_file: '/etc/prometheus/ca.crt' + cert_file: '/etc/prometheus/prometheus-{{ lan_address }}.crt' + key_file: '/etc/prometheus/prometheus-{{ lan_address }}.key' From bac4960ebb176f33e5beb082c53e14d4f88c281a Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Tue, 21 Sep 2021 16:52:09 +0200 Subject: [PATCH 22/54] I can't belive I lost the CA's key --- group_vars/all/ca.yml | 60 ++++---- group_vars/all/vault | 338 ++++++++++++++++++++++++++++++++---------- 2 files changed, 288 insertions(+), 110 deletions(-) diff --git a/group_vars/all/ca.yml b/group_vars/all/ca.yml index 0f73668..6c4c46a 100644 --- a/group_vars/all/ca.yml +++ b/group_vars/all/ca.yml @@ -3,36 +3,36 @@ ca_passphrase: "{{ vault_ca_passphrase }}" ca_key: "{{ vault_ca_key }}" ca_cert: | -----BEGIN CERTIFICATE----- - MIIFgTCCA2mgAwIBAgIUB0ldkBC9Ivy9/9zeIfkHaA8JIoMwDQYJKoZIhvcNAQEL - BQAwTzELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTEVMBMGA1UECgwMUGFp - bnMtUGVyZHVzMRgwFgYDVQQDDA9jYSBwYWlucyBwZXJkdXMwIBcNMjEwOTIwMTIz - NzUyWhgPMjEyMTA4MjcxMjM3NTJaME8xCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZG - cmFuY2UxFTATBgNVBAoMDFBhaW5zLVBlcmR1czEYMBYGA1UEAwwPY2EgcGFpbnMg - cGVyZHVzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0QS12/nFj2ft - Kc1LwvUvonTZxWJLytVb84N+V2zDytxqs/JsM7crVA5xKslnEXpM3QzKE4eztL/q - ytL9kDo/cmJFulGxc6hWRNc3S1JP2tosxgVh0tMxw2LattC9FRHEmvQSX7FlN61O - 6Hf6TVSw4unAsyGYqr6wwCG+4DHbdEjK5wJlSmBUMnr5OBHFkOlQw/MMeQKoQxOV - 8e7DrUCw8QaX084f5XuYz+oUbrzWspMKrvBzLG2wGVff4sIVjFHXCWFKZcsoFx/6 - iClU8Hsa0XUxNEKTS5u+gKDlvYciplDJeYNs+gMH88YC622hw4+S+dZcJQR6y8bs - WgijHLBOQrs2WYxIKdpPmsaUruObQzXUejisURty7Sn/MTG+Okplm4xq7WBVeYtN - ZjtlqHPy+MwNzQ1MUN2pSzbgRM4SAMf+fKhb9WsPu7mKAIlVRLLUIXJoTgNMpYQV - HlUjYDwUsV4pr8uWjDF+VYmZ1ODRpW6nb83C3WYM45PAVAPZ7wQG1L0xznxSRJbh - rmc0gbRjQdwgbrLQunJMA9iOj2Zsns8ElPQlEspgmeAPolKzcl1HliuMmNpAfFw+ - 5SJPUycsfuTI4RPO3RTA9rmXufwm/1jnQm4TjwioqJA0EelDg90qLVZ7pRbM7M8t - V7rQxfNsPgLeC0UjomQySva704NmVdECAwEAAaNTMFEwHQYDVR0OBBYEFGLjkJqt - 8JZ9MzSKqXEz4GDaURElMB8GA1UdIwQYMBaAFGLjkJqt8JZ9MzSKqXEz4GDaUREl - MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBABDJZwylRoagInKT - O4O96Jb2LWkc1vEAlBfusHCWZ621ifk+51qJHoU3LnbAeJ+jsZplJwXyaas68lUS - LD1WBkAAI2Wj9PU2Hl7qJL1plAzZ40fAhFUuEEoOB07kYFl1l1p0na2BXJEtNRAs - 0uMvvKLOoHWmsN/pJcSrODWpnukVeqIsGyUlGSApuXaizPaNcdTVDPAczNmCSYNw - QK2yWBWkDRMDZ+vJxCHM0E8yy8plRo6C/0BpsLiaXXDJ1XC8SlSaAzKDVqk1xXBN - ancbz7J+a6a+CtwkfaohKGbho2JUIrYr3+67aMn2cBD9bCJS2dNq1UH1tYJRlabU - Zwm+oOmdegpgyOTSI+R4fEfySDaowekwgxkNwFxMGu13p4c9zDDX816gYrH6FRPJ - +vao/44XcoLZ8cwHL5+8cBe5V6hiX1wg/3EcNr1B5jApRQucpcyLxDuX8Fv0zuXM - nG3M70kjxQy+qHHI5ah8kPiq5ojfnBZqx+YJtkLUdj7B/9/gBwKLFbsXiU/ScLTS - XYuj3rNyUNrM1rNlArdtVGNzBM4/Y2KN/Lqd9/PVq87s7AlmzQBU7v5ns907j6PV - 30+Lhx9/kHb7mGApkw/LQ1+Kitak06T/xMfgzKZ2W/1GcwR3gyDySKa+B0V0XgkI - BDuPR7FwM2JG0BR37maKxgDtkR7R + MIIFhzCCA2+gAwIBAgIUP+ptXLNUBVsZm5oYpynQd5mhB60wDQYJKoZIhvcNAQEL + BQAwUzELMAkGA1UEBhMCRlIxEzARBgNVBAgMClNvbWUtU3RhdGUxFTATBgNVBAoM + DFBhaW5zLVBlcmR1czEYMBYGA1UEAwwPQ0EgUGFpbnMtUGVyZHVzMB4XDTIxMDky + MTE0NDUxNloXDTMxMDkxOTE0NDUxNlowUzELMAkGA1UEBhMCRlIxEzARBgNVBAgM + ClNvbWUtU3RhdGUxFTATBgNVBAoMDFBhaW5zLVBlcmR1czEYMBYGA1UEAwwPQ0Eg + UGFpbnMtUGVyZHVzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4jG+ + 8N5YN91KghYjYTOBQ+lRYJ45X5S9mfcwwf8OIMGe+NyNkXx2GX4uYpZOitYOApI4 + rGnAjhll7tdZevzfdqpUDCYUDT6iR4BzL32k22mIN+iW6zQPaZetOU7VIA9V5TsM + WbDsftqh6fj3N4SwVMpHiuiajMkX8CIELxoXDAJULvwyreWOONlwDMObtVCHBIhM + uf1Jbx2DfRNS/w6lbHPCrZefMCea1FrSaotOANXxNgQfptX3fLZbhH5RiZQLDU8k + ZChAUoW9hE4+uiSOUMd2hl9XgCWHcGEMcKyWG+/lx8UUw3Zl+oOrfb+IWo5IByVZ + 8nV5aiTMCuRlcTcMHUuedRaPcWfl5ZaEOVzhYXIYM4Oa8ShqXuWqW0WZ8oIhI2ya + hTE03mIPV1nX3ucE9GsDZpnrj7t+qd8etiZXFGVihKEqVFfhzKRsPh4wgUKH/gwG + AJshPA9NyJ0JpzUaWQ2acUjo3Hg9WPSTaMb46FS7hUdZUcZZiwSq9JjHDNAUKjNY + zudKjTyqJXkqwhNvMfKWFIGYjldvZgQXzuT8XmSHYSKuLfH9Ko28FX0Aujye1TTH + MPljXruyO04Q7NUg/jqtxdsWRpH/qCt12PmRuIiXsNCAeLjSuc75H+AOPbNudJLT + w2AUTkfn3mw/XTwEBfemHAo6GAdtCDKo6GxBqvcCAwEAAaNTMFEwHQYDVR0OBBYE + FIh4sxxlmesmbVKPWKo81BXMFVqVMB8GA1UdIwQYMBaAFIh4sxxlmesmbVKPWKo8 + 1BXMFVqVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAKipx6Nu + QwnYmwYPd3kUVBOj9ia0PVeE4LoUSRapzRTF2HilSIo9Sa7qD1HVxbWrghUPLjW/ + Ru04k82hxvAm26gc1XeqIBzpgZmxwF0QibCeuj1vDXsndACXVHd6Atvnl0rW4bEI + pVCqerXNu0T4STk2V/xNqndGMRp/vZX67BlyHAHD4el957R9RYlyxW6fADrHDKqk + tC1eTeQtEi5W7v9X3dNGdtFS+exDrYpUTHPDwM81u25oCGUFGsH3RlG7LUEQ5mYW + SsJ3EKpIkMxSZB3/GqttCIHi+yEMtwDDL3dN8UnVaTkRjVNQxraOUwe66QByGqnJ + 9YeQNpUfZxWFW/GW2fBAvD/RaLrLZ4ywhUze38ks4jsLnAIduawjQ8GlNg9i2MqD + zvDat41LWSCDjRUOfCp7fc9lMlI5blTafozrAddMV8YUs3bQ6XD0H31pP59jb7nc + 5kmwqH6RivbFZZYBquQVujiiI7d+9m+X9OfTZJTCpRPCGYZcLuqH7txyPhixxrZd + a8lWJ+5jHOdncV/ZWSB5JnjKbaMMEPcaTo3puEPt/yl74CR7UOJXr5oM0bVFKjas + 90hY5U+jPAcneCk2oc44R4NWuQ7qbsjPRfcxxi27DoLbhlmPp9jQwYQEqmdflcZ0 + zCTEq81KO2mAbJgTc/ahhcvAV/huJ5d8c9R1 -----END CERTIFICATE----- crl_distribution_points: - full_name: "URI:https://ca.deso-palaiseau.fr/revocations.crl" diff --git a/group_vars/all/vault b/group_vars/all/vault index ecd6b1c..c47faf5 100644 --- a/group_vars/all/vault +++ b/group_vars/all/vault @@ -1,81 +1,259 @@ $ANSIBLE_VAULT;1.1;AES256 -38386365383032383336346430353334613639636464383235646565306161323463363466383934 -3636386138346634386634373266643937356339373734370a366435343137643330393939353664 -39386432396430306339326435323862373135323263663139373032646136333064373365313161 -6130343436313762620a633064326538393135626536343062383862366536646239656133366133 -38616531393837313365643734303062353030333763303132646231376363386239336631643231 -38303230643135653238333132633739363333656534643765623836333936363062613132316339 -31646365623030343433623264633665353432623839393638643039653561623361366630393631 -38333636316432323165316261323337306238633237653733376539323136663231376462623035 -30336463353738373061346431333435626362383134306661343562633437656462333430653663 -30396231336336353535373337343434366536333865623065653238333637383332613338613361 -61653566303962626534636530313238363662316163336532353738313962623835343032643930 -37333864366539363131333538643963353531663132353964306263316437323866666664633435 -39636663383831393534623639343839343931363834383839363837623636643838623536396563 -35396663326661386532303238353461636435366564366534393162663834363539363335393336 -62636465666665643165653130326437393162616433386637613430623466666364333334663132 -35356364646263653131363863303532633562306661636530313766636262386361623630326633 -62653866383864366666663963643138363264363965346538306135386633626439313961623735 -62363864373266333038333430613535633636343631316439353837376331666336326432663135 -33356630353862386166306536643538643163346532663439303764396565323661373136366133 -32373765376331323431386464396137666431613365363866323438663062386365326131616264 -39616632613565323238323133343061303433653539653833653264383165333364323239643466 -32613731393065323066396563363530393264323930653839396438356164356333333137656236 -31346133343336666337633637613064666533613631313335616637653735363462663864636330 -63646163383337323933323664303961346461613065356332383531333336326632316634656231 -64346565363636363066646533303238633465653830613264663963326630366564336330343236 -32623438306238396166666539363539646137643363666332366563663231326632363230666465 -36656662313335656462386463366432656230616232663637303235646664343066363563666261 -32393536666265663038353439623536633363386335326138383565643337353031356432396339 -31323464353338326237646263366262346265643363343761313436396332646237346339346333 -66323636336537303839653962306531643762366230303963636535633537613062366236613131 -39376162363134376135656463626366343537626438656362343838323435316266656637636161 -38623134386532383862303234666338306234646538623464613362623331396339613931653262 -62633364363230353666343562343661316431333664646161616632643736646664396532303633 -62336233316435626230386565383264313062646637313234626135626566343932343563653130 -38313137306331636436633536396539373032393135393336303731633030393139616136366536 -31633936613663303837306632643730613062663262616239343263636463386230313336363237 -31626531303639666464376335366135623063343266663265393635316338306633363561376234 -63653039313532376230626533353136666262663761376432633763636131653162386131366366 -36396534303230353133306331626539623832323462393237633233393865363864656531646632 -36613137366262393163386465656233373365636437616133393862663632636131393563613763 -62376133356430303838386634363963653865336138303831636164626538633066316637643732 -30363561393862623037616232653135663765336134383037346439373335393466646530616166 -33646462313463346535346236363830643130313632366162633866373362653162623035306366 -39623734306636356135393965646534313961306632623531303830343564393361343464653961 -31623562396435616466653232623163393161336434623631313233353736303834333935626138 -35613764633564313961316236623265353037636635656331363937356363323630646537393335 -36396632383865336639393033653738323739396236383535333332396361306131303864616130 -33613762643438393261353335383565316231623963386536653334666634623136343833613137 -37396261623035353038636337323536346334613837343935386132656338633335643265616138 -36663937376231333233646466633162346630653532336536373262313337373261656130643632 -66613534363130313230323665613163356366386664653436363132356664306231356135383266 -66376336323062323863616434323465356439343434646531373365313039303639343735323836 -35613234343563356162326466366638343439333464656434643332663432393730643130623032 -65663237333338323939616565333738306634383038643630376164306530623733623933333064 -62623131323736643832616334383338383634393664653338663436626434306631643966613031 -33616362313039666130613538306561343135626235343765396335396339373630373135313832 -38383062366262663832343563613334623336343639316435386664353636643162636634653535 -39623039643336393733626634363466353437353533373764313565653766663630386234626661 -61393161383565386131636563323038373236663861363339333361646464613836623139366435 -35363463623431343634653565363066623464653961313661343963363464386361306137393763 -64616135633935393566356561363038613134363964356136643734366232366166643564653264 -36613066366266646434323862643735643333613163666334363337643263626639623433663733 -39383562363531656433633033313961303837643765626530383665316433353634396463333662 -38353936633034636461303863356564653939393239316538663838643336346331363230616630 -62353237353733326132646138373737306135653634383032363433663063613430373935653131 -38646664393133363365303130623532373438313831643230396431363333386463643031653262 -64396261303235326530636565353764316236643466623666623165383536333565633064333262 -37316237643863626561613036303061346265613730626137316136623338626564666464333862 -35393831656533616365316334633538626166616263306636313231313234306532636633646665 -33336138333632396530333363613866376535316430656134613339626262666133666264376439 -64303964633165333161613663343438393539643839366331303563613436613730383837356165 -32363231653233346438313262393462313135636566343063626436326166373866356434656561 -65386562666331316232336463373336623733393161666430616165306238616531306266626363 -66636234333231666637616163353361306331393562393938353733303139393930633965373638 -36336266343231366662643134613662643037373638316362653030383866373636386339346466 -64396639353266316264653264343036616634343964646237363036313937323833633863316231 -35363964393863346132373830383032646536356261616265353439316637396563336536373363 -37313936393662353665653134613535393865333362636262656439326331336366303139653034 -35626566333965616162663465613335316462326130396330383236396133383039636335343565 -65386630653033376163 +36656431663563353038366637646535653136343832363034626230656435383830623061666437 +6363643534636430386639386364653337303766326366310a376163616163623965646432663339 +30343061633266373061383233343238663962366435353562373134303939323933306263623331 +3635343565656631390a613961646266623931616665333964366362343361346437393833343835 +36363331363464616665306365343938303037613733393437376634663861616337366235393635 +34383466303762303730366336303534646632393766366461633932343665343836393132346562 +39393130643536636137313132303639313735336237393939343839653662343465356164623936 +30663865613265636565623562373163383934663031616361653432383038613631323039376532 +36396366663462373737343564376230326232343535383335323730333235396564303530383734 +62316537646237636530383562343731333939626562353261343839393963363862653138306630 +39316430356639633464313166333636323139613236326236326137376466303766623034386163 +39623137373737333935636533383837613637353834643030313764313266376638633735346335 +32363330333463663931333738346337643166303861303734383334343364313833306330313931 +33663230656230646163313363303539636434333235643939346538346336393566373465386562 +34383331653734316439346562376134646661373139336538323466656364383437616264626433 +64656132653963306330323234306331626663396439393338353763623963633735343931376134 +33316564346536643361316535663337333039303163303861616632333137373036663834643631 +33323732383465386533636466386463616432666239373933613037666663613261373166333637 +31663261393432613039363935316532643432336264303166326665356334323838626161346161 +39306639636465383361613336393531636464376136623061613735323432363430313263353232 +31353162396262613333613261646238343733363666343835323533626538363535613665393762 +63333566306565623964663639306336373231313833396630343435393035343063356330656661 +35383932666434633635323662383735643364656536656565656431346430333966353433373330 +35666466353737653061343835303931333934343230323761306533313136633630623532356165 +38363330666433346238303237363636353761376437393865373463623034383064623235363938 +64363661336130633731333265633235616330663563343265656331356433396237313238333232 +63316562386466323935313334326533373364646537326132623937633364353333656130373437 +33363964373938626331623863356530356139646165623735323764363530346230636462336466 +62626264393131643666346365386530353835633037633637663632613166346463393763306630 +31626664306531613261353034366464633232366631626139666161656234346633613866376531 +33636131383664636336623262383564613464663834303263643663303836643661663831663132 +35316537663831636338636363306263633336383865366632666439326637333835646465356239 +62326334336537653935313337646437613834653038653564656264353431636363383538386562 +64313366356561646565663365366264363664376464396637316439366438353962376332363964 +64383533653637646238636264643030313037343630613163383539623135383239353065626135 +65376463313638383066333439346334653137613061363463333663313963383565646439376165 +36306333313263303731626165643836653736616563333931623635333531303833653563333365 +31643364363066306534306338303833636232303365373833333664643966343639653036363831 +36613237396433363864626437303034373033623533346134663230336231356134383739343662 +31663931336366353065393636613464613430666365653736343663643639353965616537343334 +34613766613731353364363262353062653962643136393364363736343935663562333266643435 +31393863376565613235643734353933303239333562383235363531313161626564616266643465 +37306634313935303339323566333230313239653363613435343433656363326338356236303233 +34663466623530333038613930343432393530386232313536633631343230326536636237353431 +39343463386234376464643765623133303030343565323235653936343036396233386534356330 +31393835623434363063363761326165346434303633356139626163333039376135353033356364 +61666162343235316231373734646236616439313734346638336538656364633634383539336634 +31363166313535343735313536323634616139323264363434343938666561356366323236343663 +36656664613664306661383635633037626335316332393631363934623036346439613037373331 +37386434653330343937616362303532373939356432613861653265326139353161643964636538 +34333534393530323162653461386163346637363464333832613631633261623137373662336162 +39343338343631306130336165343835313630383837356135336361656330383031633134663261 +62303834646130653864303739336534326332353339623138646136366236333733396338313332 +66613839336566626261663262303738323263313464663935306239653937653763356636643135 +63336262383461653062336464356231386335353332663434373230333230313434393033343035 +62306533363063323561313438376566353533353736353730343263656161633064656664393062 +63343637303631303730393566666436623838353363356565393730383238383239323132343463 +37376232303831646438643263613466616533373464396139313730336239666530616632343934 +31386463633235663637626566333335306337346537303363626638373633613830643930363532 +39306536333166663430363539636334396631653666616266353736366435663133373436616633 +39616331316465643063306363353132646132613535666135353233343639306564306335633035 +36366165643738363032366661356638396361356535663839303333366536636335383165363461 +31386139343839636636396232343238343531376430393933326231303164393438366561653439 +34313266663932373136666634643936353237663338373136623765386564666237613861646465 +66363464326532383930613264383561326364346131613835326636613131646535396362343430 +65636133363437353564653032633163333638333137346139613430356232663432623966396361 +31666431323061616539393065336631303333376138323731373035613964373932663537393862 +36333035306535616430366639373763303530616630313366613433363063646138646137623562 +63333730323539326231643639646364343462376238613532663938666561313331303662643263 +66623266383462633432383338613464663438363532323165633232323435396265363330643736 +63363532386566633130303536636365356533356538366461653736383464353433623664306362 +61393262396239393030396362653864353034343636383834333737383564663363646530353963 +64663966313734613061613035613633383933353466326437663561383035646630383439346463 +61313161323032396165643965333434386538346133343433666637353331353634333764646262 +62623466346536366638653731303861303463346237366232306561643637396138366438343961 +65633936353562323236363664363162393664326266326430353434343732333834336435616437 +64366464363264633831666366333931646566646138326134613134343339363261313732633863 +65343663663739363365386535336462656662396363633363326430386436653838653864363863 +37326632313165313931383931646464353437653932326638636264386165343636373164636139 +37656631666536663639623764363436386433646636373061393561616338396165393631316130 +35643438663734366130383939353666636161323337303030316266366163303934323833336561 +66326665333962383933353532663737393462333832613561396337353732343463636464356435 +64376666393935616136393663653036313065366532306532633331663361636634333630653637 +62373535613764653439653332346562316266313036356230373563326465363764313035376635 +64613130386338366631663062316330363239353362363233346534636535336430626264383964 +33343561633262393065303132623431666637346661366233333935356435616361366666643834 +36383266643937653735633739303566656161306535323931643733363539336238343165663937 +36656431663737623730663364393866366264393062376134613139373535623030306566633761 +30383533366230326461346163346533656333336334623665663561323664613430386632313561 +34646639333134343863346162653130636366313133386236326161303161373737373738323065 +39363162366666626333323932313136383933303761623732633737613238633261343030303765 +62613661356263653038646461353965356232633562646131306335306664376662323464313363 +66346666643162653861383262396466373466663135653164626264656234346532616138356431 +38633662363730306663643430376238633863643035663638313937303965656262323839646637 +66643334393565323665303361303836306565323137633036306465323334346134393033633232 +38393535646536663437616536376265396262356435653035316638616566613464306232396238 +63303461363765666264346335303866373462643532646438383237633839656338313862356639 +30303039333434653338323233303138306534656366616333333566623034623137613834386437 +64343466386664383639303733396365393937613139316136613663363634323137336561356234 +31626139326131353863343432376663656638316134656366303565616131616430396636313762 +32373037386536303434313733373139373664353264623235396564646437343363383864613330 +30396531616231653133303535336132643432646631393563333034303233353138646330356366 +66616534613464306430316461616335333138363530366438663365636665313361336666323431 +61396662326561646239343763353262326636366464303134326231373931663733383764346635 +33393463363235363133323633373562366132386236316630353965356132646165316232393530 +36373538613731393765666561303630356236383634323536373739373036376636643765316534 +63363235646436653263393563346366336630303765633462613035346533643636646532633534 +32383234343761363239386262643131636638636330396261383362633665373961316431336363 +38623532653861363636343065646531643832386636383538373534346233643338663932633861 +66383766326433373662356661646363326265656431633563636163303536353665386564383163 +63643739393666616362333561623863306262653661333061643363393863383334363166643035 +63396637303933366464373439393061613534633233343763373137666434353639646334356234 +39633432643932396461336538333563303933393535623165366433386330653363323731326465 +62626362313239373130663766373038343338376234313532303462623166633039666161663431 +35636561333066343331613933626566393563656235646633643935376466343038663164313461 +62656466373832346530363364616165303861376662373638303836326135316235313735323365 +37353432623865303033356234396235373435663237653334323939353463396431646330656637 +63353130616235633561373363633865666531656135303330353932326534653738343035376538 +66343339613635613339313734646538666531386135306139363138646138323137333763363361 +35363963393161313036346536376162653031393766326163363536656561393930316134363062 +63366165366163663238386339396265666564333731343132353039643461613262343832366636 +34373430373731393161383136353266353330343666616532623034656234313265303836313565 +62323534303037666136626634303339383563353939613530363361303835613837373161646235 +62366365326535343831333234326638383831343562626131393830623234636232316133633030 +35306538383032636430653833313935336264656462643531663263396633373731366436623831 +36653333376262316430336237343633666366323138616634393331633036383661653363316361 +37626333386637396164633262653663313839393534353164636438626364656263666162386564 +37636466613038373734623536653336616437316330353636363630656132326236316465336336 +65396366343761393531333261333562393933333163353433623531656638346230316537363738 +39373331633232646434646362616162303765373066666132623436356630393563353639393539 +66643031633838346431346331383034653830353738386231323564633930633865336436643832 +66316233303731613337353130346264303935643264643061316331393237636362656430353661 +39636366386332663839363362303433646435633864396366383164373264396435646363366432 +31663236636563626135633736653433306135666464633964306237373534646632646539346636 +34663639326565653737303063313564613261623330386262633766366166363139643065343336 +30306637346664376266653537363064313632376430336563303038333036393534643238313366 +37313637306133346238303863656639653265643332666433333235616164316465653835346130 +34656433353230373933373837353530613234636633376332396438616237623339306131646564 +66663130376164316662666663346466363231646637646464386334306136653431303964346331 +61323962666265346331316638376138663664376463616131623138363837313863333231393838 +64303466636534313336383064356364363964366264326131666634656663326262393030336562 +32646430336563383834323330646633363038633766383563303833356362626664613031393139 +33643335363332333962636266633362643434623762303739623865316535333636343838663136 +30353132633036646566613033303932313832353831376331366637393935616530346165626465 +38666134303136356330636531663666373061326635316166383331663162316134373638336337 +62663565626137653532396536353332313962616439323631333665663431323838356236386530 +62353339313430373538386335633538616665303462663130653037343634393230323466303339 +62383961343861343730613531306464343562373733306362623361353462303033383332656562 +31636537333136376237343232626334326536353136333333366166623735396230653963626531 +61386238616237383762316436376166653536366163373266633434396535303566333137653733 +38343935633236326234356339353262383136343739643734356561653565356161313132356361 +38376239663364613134323763306637613134336465336431623364646431376130383138373065 +39616333356164386130636530326431613633373966663964313562646432386462346636316536 +35306466343632386437316565343933626237636132343933623766623766373634393135613365 +63393066373162653835376436656631343039386334643830666639363734636432666464333635 +61376430316261663832613034656337366131313033313139613631306337623130353731646266 +62316262336633333264316465373466656231633932663530343930306435336634336237666662 +34366330306533316361666636666661626561646136336166363136653166326238373432613065 +36303439663764623336643665396566616161323831653738356663383531393938666161343965 +39626363323139313032366264373635666530353662343637356635393236636665303733353631 +30613363353562373631363834343863383830333039313534376563353833363031613765343337 +39393335656333643732613164333562303430333539353531386333373330323130316234373830 +62366334646638386663313535656132633464383631353862633662633736323732643063333332 +33393566313839316534383139343364353862613834343639356665353231653835613332373362 +37363035393130646663333265393962646631303830393732616430303361323261616532346133 +31313766353936303564333039643764306337623064326232363831623765653231383336386134 +66386336636530396162623462336231363739313032373234633738383232643430383564643236 +38633566346331306337343233666135366331373435666536313963666465386664393939626465 +66653934393537383538666265393264386533303133626437323165353761643833666133653936 +39346639313761633835383361363963383165386434623530616164643535626535343333333435 +39313934663038303237616139386665376130653163343030666531326136303166343835346661 +39646431633836373163633761353539666564376530366531616535363930313862626339353430 +66386235656165653637336532333137626162616230396463623662656135373363633962636535 +66366332316562613863343262383066613339643263323762353734366438656535366330313334 +63373963363138386233333563306335663062303563323763333834636632393237313565653935 +32393265353333643732313361386362643432613664646361373765373238633836393664353134 +61373034326161613262373536366565386633663837313734663838653761343532343936356633 +62343638323837353936373034373833363136653936366334643162306230333464356164656231 +65666366613838656435356438363736643539356138316562623065613735343164333662663833 +62333139653130663965346135323837336336383536313363316664303066313731646562663263 +62616537383361623335616561336530343437353362353865323963313036393164333736396564 +31616339346532383466613733616662643663356361326234306266376366326466346532626533 +34633861633739356238663032666231636238646237376364303530306635313361393231643031 +61636535613139356332326337333433653636613763613662353739383637313764623132313165 +34353635326135643930346436393262353539353461333530383664386434393234376634623232 +35333135333261653432316432393433343830363133666165303764643365376637656166343465 +35323536303065353137653438343734653533643237313032666232616634656537356566666237 +31653836396436656431623230613336326133363935626137623538323462313337653732323237 +33366230653431303638333835616564316637303335373163353762346163363835393663666330 +36323366643035323537323932383734373361316533323266326663343533326633373130626131 +39353463323164313938336666646536633836393833363933303232643433303436343963613034 +38626338376663303334666539313563326334323462383161616535356635333335643266636363 +34323934323165326662376565323234623262393335383666353431346161326332616134643463 +64313530323637336565653430633733636633366561333137623763396130353265363838303538 +34366235316661643864313734373538663833373365386132323363636164643866643661393237 +31336465303165666236373962356631336337383730643335366331393763623763346166393938 +38323864373030373561613564343537386338633234613931393637396133613263613933373963 +35656234306434633633346335663937396139333130356264356237336162303437333662386265 +63643034343930336362656635666365356466366530656639613464346534373663313331653266 +61353035383335353936383638653236383763373164646462343334323735356531363035346532 +65373330333433616462653265346430633336633365306463643962326465616635383138363835 +33343634613666643034616131373961633033313135353034356461313164356436323963623863 +61396462363139356336346266653166666166653539303739373461363839386566393436376133 +61343330306662643339663531333765373966373632303136383135303464626565353363636336 +31333339353865306338323632633662313438343230643765373761313534336531646236346530 +38383439383330636435303437316664383637653536356433646664386134636537663734633134 +38306633663233316466613035613262363134646132396135613137636663336265656632623239 +33393132323935666537306639646130643465393632643864633162303136633639376666646164 +64373631333937663337653039353461323731376232636639643462353539386161623866653563 +62623034396133653437366232613463363762343934303236636233306137373533653837666632 +39656439643361303934393336333637336632356339306236343761643036316466323932376338 +62316436623032623131383031343030626233383734363237383966636364326630383362326439 +33346439336631636366323033353630376632616165643462366661313038633661636564376466 +65386232366466303336306533616539343039613434303662366464323865303165333661613733 +35613364646436653033303264393663623837373565353532633139356462326563313835663332 +35396334383633386639613333316235643738316234313932393138663861656637353933653262 +64393665336661333065623163313964333163386438383064393836613437616532313863666566 +34303231383763363961396134646566393639623235306563613838333433343531663938653835 +66366635623361623336383766363438356333376263626537313463313762333165323266613162 +65353837613038646262616330353338666433386162373833323162303931376332363866333764 +37363364633364326230666265663134356431323963663636316136613565386435613536393061 +63356434323165643931643633343431343938656362366133323635663766383266316137313533 +65623831656331643533306539666134656238303264303136396562653331346261646232626265 +33376166303030306433316630303165323662636138396165636165386235653036626236363633 +36643738383933353865383735313166306465313566333837393737303336366339346335626532 +39366331343164393039373064613461383863366261366433633764663331316630316462356635 +36303033323533623133626239366166356630663537366261386463373133336333336539393132 +36353937653038323561393030323335653630313262636266653066343332313931366135356564 +61316563646162623738303137643638396537353563353230656165353839653066363132343834 +64393339333934626665363661353238326235393933356139383436656166623934616262336562 +32373536363132393739383638353766653736623434363665633038303565316238623136353565 +34306336396136623030393338306434616631313637646539393863396330363333333132623934 +33313239303262343463623665326664326438383438643863383736623632393062613533333836 +63393233343561633862366661343964636531363932653738323763643566353934613766613932 +33616532326436313065306330306662613762616563363662313461323433323765376530356430 +66613436383138663235393239393063333631313738306639343035623462373565353337386164 +36326363333562336162356336373338626533613035646335356361383334396230313530666236 +36356662383861363665626566326237383566303161643463643631333232643566316234633335 +65613731653861353436663864343765666635386463663162366564636236326662366165333863 +66636631326532343165313038366237356633386531303164373431633163393066613165646132 +66386432633330616366666635386161363735623763353862616666663666613834353739643938 +63646435613464353533323338663334303039636437643636623161393966613136663366366561 +37646436363130303637373436383636643232323463656438366636383363643565373366376538 +65643762646632636562626462313532316132373066313533626336356431373736333262303530 +37326231653832313264336439333736623463623462666365656630326433386662343933653632 +66643232343834316562633363313636643564363832373762626631663135363031326635613665 +62626362393037383364663234613966623662343965636361356163396164363932353261613337 +37373865643066313762646335616239323864623166343163626265396263333936366365363262 +33393532393630633339646532333563653834396630313164623061363930313362363136343665 +35656161653531343132373264353162356632326132333935643161356664626232373132653334 +30643639623066313730313435633466393132316536346662616130626466626332636564373761 +63333265646363333062626539666234353766326431373162353033326235316536333663613432 +64626332393763356666386332623733663937623365623832646335333739653866633535336463 +34626139326537383434623961343461383735356366386661663565376639666565316138313130 +65396130333033353930363339646230643666633238373333353932363532363135323161326139 +37643335643162366335353033326638646464663665633963653066313036666663373036613738 +31343231346362613630653561653330623963633034306465393931326537663034653766363166 +3230343462633566663466633263316538633633653237626166 From 9b1307fba817a2c6026b6c3b9c54e1c540880f32 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Tue, 21 Sep 2021 17:21:37 +0200 Subject: [PATCH 23/54] bug fixs --- roles/generate-cert/tasks/main.yml | 2 +- roles/prometheus-node-exporter/templates/config.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/generate-cert/tasks/main.yml b/roles/generate-cert/tasks/main.yml index 8850257..88a0457 100644 --- a/roles/generate-cert/tasks/main.yml +++ b/roles/generate-cert/tasks/main.yml @@ -67,7 +67,7 @@ dest: "/tmp/ansible_hacky_pki_ca.key" mode: u=rw,g=,o= delegate_to: localhost - no_log: yes + no_log: true - name: Sign the certificate become: false diff --git a/roles/prometheus-node-exporter/templates/config.yaml b/roles/prometheus-node-exporter/templates/config.yaml index 88ced8a..978919e 100644 --- a/roles/prometheus-node-exporter/templates/config.yaml +++ b/roles/prometheus-node-exporter/templates/config.yaml @@ -1,7 +1,7 @@ {{ ansible_managed | comment }} tls_server_config: - cert_file: "/etc/node_exporter/{{ lan_address }}.crt" - key_file: "/etc/node_exporter/{{ lan_address }}.key" + cert_file: "/etc/node_exporter/node-exp-{{ lan_address }}.crt" + key_file: "/etc/node_exporter/node-exp-{{ lan_address }}.key" client_auth_type: "RequireAndVerifyClientCert" client_ca_file: "/etc/node_exporter/ca.crt" From 8da94bd6ce84045cbc39c322608dbe166076769f Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Wed, 22 Sep 2021 13:50:33 +0200 Subject: [PATCH 24/54] fetch a newer package of node-exporter for ubuntu 20.04 (we want support for mSSL) --- roles/prometheus-node-exporter/tasks/main.yml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/roles/prometheus-node-exporter/tasks/main.yml b/roles/prometheus-node-exporter/tasks/main.yml index aa6ece6..aba7fd6 100644 --- a/roles/prometheus-node-exporter/tasks/main.yml +++ b/roles/prometheus-node-exporter/tasks/main.yml @@ -1,4 +1,28 @@ --- +- name: Use a newer version of Node exporter for ubuntu 20.04 + block: + - name: Set the default release + lineinfile: + path: /etc/apt/apt.conf.d/01-vendor-ubuntu + regexp: '^APT::Default-Release ' + line: "APT::Default-Release \"{{ ansible_facts['lsb']['codename'] }}\";" + - name: Pin node exporter + copy: + dest: /etc/apt/preferences.d/pin-prometheus-node-exporter + content: | + Package: prometheus-node-exporter + Pin: release n={{ ansible_facts['lsb']['codename'] }} + Pin-Priority: -10 + + Package: prometheus-node-exporter + Pin: release n=groovy + Pin-Priority: 900 + - name: Add the repo from groovy + apt_repository: + repo: deb http://fr.archive.ubuntu.com/ubuntu groovy universe + state: present + when: ansible_facts['lsb']['id'] == 'Ubuntu' and ansible_facts['lsb']['codename'] == 'focal' + - name: Install Prometheus Node exporter apt: name: From 0da51a9b492ccce838e623e6c004bd598dd3bf12 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Wed, 22 Sep 2021 15:05:43 +0200 Subject: [PATCH 25/54] install grafana --- books/monitoring.yml | 1 + roles/grafana/tasks/main.yml | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 roles/grafana/tasks/main.yml diff --git a/books/monitoring.yml b/books/monitoring.yml index 133dd87..4982c2b 100644 --- a/books/monitoring.yml +++ b/books/monitoring.yml @@ -3,6 +3,7 @@ - hosts: prometheus_servers roles: - prometheus + - grafana - hosts: all, !tests, roles: diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml new file mode 100644 index 0000000..cd260cd --- /dev/null +++ b/roles/grafana/tasks/main.yml @@ -0,0 +1,36 @@ +--- +- name: Install apt transport https + apt: + name: + - apt-transport-https + state: latest + update_cache: true + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Add Graphana Repo Key + apt_key: + url: https://packages.grafana.com/gpg.key + state: present + +- name: Add Grafana Repository + apt_repository: + repo: deb https://packages.grafana.com/oss/deb stable main + state: present + +- name: Install Grafana + apt: + name: + - grafana + state: latest + update_cache: true + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Enable Grafana + systemd: + name: grafana-server + enabled: true + state: started From b4a4eda55bdc03466f6b9d8c79bc24585fe4b0f9 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Wed, 22 Sep 2021 15:10:43 +0200 Subject: [PATCH 26/54] ignore permutation of targets --- roles/prometheus-node-exporter/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/prometheus-node-exporter/tasks/main.yml b/roles/prometheus-node-exporter/tasks/main.yml index aba7fd6..6dda7ad 100644 --- a/roles/prometheus-node-exporter/tasks/main.yml +++ b/roles/prometheus-node-exporter/tasks/main.yml @@ -99,6 +99,7 @@ - name: Add the node to the targets set_fact: server_target: "[{{ server_target[0] | combine({'targets': [lan_address]}, list_merge='append_rp') }}]" + when: lan_address not in server_target.0.targets - name: Put the new target list copy: From 82bf5161cb6496d713f2a717f51697a608fb0fe8 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Wed, 22 Sep 2021 16:23:22 +0200 Subject: [PATCH 27/54] configure grafana --- group_vars/all/vars.yml | 2 + group_vars/all/vault | 523 +++++++------- roles/grafana/handlers/main.yml | 5 + roles/grafana/tasks/main.yml | 10 + roles/grafana/templates/grafana.ini | 1008 +++++++++++++++++++++++++++ 5 files changed, 1290 insertions(+), 258 deletions(-) create mode 100644 roles/grafana/handlers/main.yml create mode 100644 roles/grafana/templates/grafana.ini diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 07d86a5..533dc37 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -5,3 +5,5 @@ dns_resolve_server: 1.1.1.1 # Default prometheus serveur, to overide in host_vars or something appointed_prometheus_server: hindley + +grafana_admin_password: "{{ vault_grafana_admin_password }}" diff --git a/group_vars/all/vault b/group_vars/all/vault index c47faf5..3d77467 100644 --- a/group_vars/all/vault +++ b/group_vars/all/vault @@ -1,259 +1,266 @@ $ANSIBLE_VAULT;1.1;AES256 -36656431663563353038366637646535653136343832363034626230656435383830623061666437 -6363643534636430386639386364653337303766326366310a376163616163623965646432663339 -30343061633266373061383233343238663962366435353562373134303939323933306263623331 -3635343565656631390a613961646266623931616665333964366362343361346437393833343835 -36363331363464616665306365343938303037613733393437376634663861616337366235393635 -34383466303762303730366336303534646632393766366461633932343665343836393132346562 -39393130643536636137313132303639313735336237393939343839653662343465356164623936 -30663865613265636565623562373163383934663031616361653432383038613631323039376532 -36396366663462373737343564376230326232343535383335323730333235396564303530383734 -62316537646237636530383562343731333939626562353261343839393963363862653138306630 -39316430356639633464313166333636323139613236326236326137376466303766623034386163 -39623137373737333935636533383837613637353834643030313764313266376638633735346335 -32363330333463663931333738346337643166303861303734383334343364313833306330313931 -33663230656230646163313363303539636434333235643939346538346336393566373465386562 -34383331653734316439346562376134646661373139336538323466656364383437616264626433 -64656132653963306330323234306331626663396439393338353763623963633735343931376134 -33316564346536643361316535663337333039303163303861616632333137373036663834643631 -33323732383465386533636466386463616432666239373933613037666663613261373166333637 -31663261393432613039363935316532643432336264303166326665356334323838626161346161 -39306639636465383361613336393531636464376136623061613735323432363430313263353232 -31353162396262613333613261646238343733363666343835323533626538363535613665393762 -63333566306565623964663639306336373231313833396630343435393035343063356330656661 -35383932666434633635323662383735643364656536656565656431346430333966353433373330 -35666466353737653061343835303931333934343230323761306533313136633630623532356165 -38363330666433346238303237363636353761376437393865373463623034383064623235363938 -64363661336130633731333265633235616330663563343265656331356433396237313238333232 -63316562386466323935313334326533373364646537326132623937633364353333656130373437 -33363964373938626331623863356530356139646165623735323764363530346230636462336466 -62626264393131643666346365386530353835633037633637663632613166346463393763306630 -31626664306531613261353034366464633232366631626139666161656234346633613866376531 -33636131383664636336623262383564613464663834303263643663303836643661663831663132 -35316537663831636338636363306263633336383865366632666439326637333835646465356239 -62326334336537653935313337646437613834653038653564656264353431636363383538386562 -64313366356561646565663365366264363664376464396637316439366438353962376332363964 -64383533653637646238636264643030313037343630613163383539623135383239353065626135 -65376463313638383066333439346334653137613061363463333663313963383565646439376165 -36306333313263303731626165643836653736616563333931623635333531303833653563333365 -31643364363066306534306338303833636232303365373833333664643966343639653036363831 -36613237396433363864626437303034373033623533346134663230336231356134383739343662 -31663931336366353065393636613464613430666365653736343663643639353965616537343334 -34613766613731353364363262353062653962643136393364363736343935663562333266643435 -31393863376565613235643734353933303239333562383235363531313161626564616266643465 -37306634313935303339323566333230313239653363613435343433656363326338356236303233 -34663466623530333038613930343432393530386232313536633631343230326536636237353431 -39343463386234376464643765623133303030343565323235653936343036396233386534356330 -31393835623434363063363761326165346434303633356139626163333039376135353033356364 -61666162343235316231373734646236616439313734346638336538656364633634383539336634 -31363166313535343735313536323634616139323264363434343938666561356366323236343663 -36656664613664306661383635633037626335316332393631363934623036346439613037373331 -37386434653330343937616362303532373939356432613861653265326139353161643964636538 -34333534393530323162653461386163346637363464333832613631633261623137373662336162 -39343338343631306130336165343835313630383837356135336361656330383031633134663261 -62303834646130653864303739336534326332353339623138646136366236333733396338313332 -66613839336566626261663262303738323263313464663935306239653937653763356636643135 -63336262383461653062336464356231386335353332663434373230333230313434393033343035 -62306533363063323561313438376566353533353736353730343263656161633064656664393062 -63343637303631303730393566666436623838353363356565393730383238383239323132343463 -37376232303831646438643263613466616533373464396139313730336239666530616632343934 -31386463633235663637626566333335306337346537303363626638373633613830643930363532 -39306536333166663430363539636334396631653666616266353736366435663133373436616633 -39616331316465643063306363353132646132613535666135353233343639306564306335633035 -36366165643738363032366661356638396361356535663839303333366536636335383165363461 -31386139343839636636396232343238343531376430393933326231303164393438366561653439 -34313266663932373136666634643936353237663338373136623765386564666237613861646465 -66363464326532383930613264383561326364346131613835326636613131646535396362343430 -65636133363437353564653032633163333638333137346139613430356232663432623966396361 -31666431323061616539393065336631303333376138323731373035613964373932663537393862 -36333035306535616430366639373763303530616630313366613433363063646138646137623562 -63333730323539326231643639646364343462376238613532663938666561313331303662643263 -66623266383462633432383338613464663438363532323165633232323435396265363330643736 -63363532386566633130303536636365356533356538366461653736383464353433623664306362 -61393262396239393030396362653864353034343636383834333737383564663363646530353963 -64663966313734613061613035613633383933353466326437663561383035646630383439346463 -61313161323032396165643965333434386538346133343433666637353331353634333764646262 -62623466346536366638653731303861303463346237366232306561643637396138366438343961 -65633936353562323236363664363162393664326266326430353434343732333834336435616437 -64366464363264633831666366333931646566646138326134613134343339363261313732633863 -65343663663739363365386535336462656662396363633363326430386436653838653864363863 -37326632313165313931383931646464353437653932326638636264386165343636373164636139 -37656631666536663639623764363436386433646636373061393561616338396165393631316130 -35643438663734366130383939353666636161323337303030316266366163303934323833336561 -66326665333962383933353532663737393462333832613561396337353732343463636464356435 -64376666393935616136393663653036313065366532306532633331663361636634333630653637 -62373535613764653439653332346562316266313036356230373563326465363764313035376635 -64613130386338366631663062316330363239353362363233346534636535336430626264383964 -33343561633262393065303132623431666637346661366233333935356435616361366666643834 -36383266643937653735633739303566656161306535323931643733363539336238343165663937 -36656431663737623730663364393866366264393062376134613139373535623030306566633761 -30383533366230326461346163346533656333336334623665663561323664613430386632313561 -34646639333134343863346162653130636366313133386236326161303161373737373738323065 -39363162366666626333323932313136383933303761623732633737613238633261343030303765 -62613661356263653038646461353965356232633562646131306335306664376662323464313363 -66346666643162653861383262396466373466663135653164626264656234346532616138356431 -38633662363730306663643430376238633863643035663638313937303965656262323839646637 -66643334393565323665303361303836306565323137633036306465323334346134393033633232 -38393535646536663437616536376265396262356435653035316638616566613464306232396238 -63303461363765666264346335303866373462643532646438383237633839656338313862356639 -30303039333434653338323233303138306534656366616333333566623034623137613834386437 -64343466386664383639303733396365393937613139316136613663363634323137336561356234 -31626139326131353863343432376663656638316134656366303565616131616430396636313762 -32373037386536303434313733373139373664353264623235396564646437343363383864613330 -30396531616231653133303535336132643432646631393563333034303233353138646330356366 -66616534613464306430316461616335333138363530366438663365636665313361336666323431 -61396662326561646239343763353262326636366464303134326231373931663733383764346635 -33393463363235363133323633373562366132386236316630353965356132646165316232393530 -36373538613731393765666561303630356236383634323536373739373036376636643765316534 -63363235646436653263393563346366336630303765633462613035346533643636646532633534 -32383234343761363239386262643131636638636330396261383362633665373961316431336363 -38623532653861363636343065646531643832386636383538373534346233643338663932633861 -66383766326433373662356661646363326265656431633563636163303536353665386564383163 -63643739393666616362333561623863306262653661333061643363393863383334363166643035 -63396637303933366464373439393061613534633233343763373137666434353639646334356234 -39633432643932396461336538333563303933393535623165366433386330653363323731326465 -62626362313239373130663766373038343338376234313532303462623166633039666161663431 -35636561333066343331613933626566393563656235646633643935376466343038663164313461 -62656466373832346530363364616165303861376662373638303836326135316235313735323365 -37353432623865303033356234396235373435663237653334323939353463396431646330656637 -63353130616235633561373363633865666531656135303330353932326534653738343035376538 -66343339613635613339313734646538666531386135306139363138646138323137333763363361 -35363963393161313036346536376162653031393766326163363536656561393930316134363062 -63366165366163663238386339396265666564333731343132353039643461613262343832366636 -34373430373731393161383136353266353330343666616532623034656234313265303836313565 -62323534303037666136626634303339383563353939613530363361303835613837373161646235 -62366365326535343831333234326638383831343562626131393830623234636232316133633030 -35306538383032636430653833313935336264656462643531663263396633373731366436623831 -36653333376262316430336237343633666366323138616634393331633036383661653363316361 -37626333386637396164633262653663313839393534353164636438626364656263666162386564 -37636466613038373734623536653336616437316330353636363630656132326236316465336336 -65396366343761393531333261333562393933333163353433623531656638346230316537363738 -39373331633232646434646362616162303765373066666132623436356630393563353639393539 -66643031633838346431346331383034653830353738386231323564633930633865336436643832 -66316233303731613337353130346264303935643264643061316331393237636362656430353661 -39636366386332663839363362303433646435633864396366383164373264396435646363366432 -31663236636563626135633736653433306135666464633964306237373534646632646539346636 -34663639326565653737303063313564613261623330386262633766366166363139643065343336 -30306637346664376266653537363064313632376430336563303038333036393534643238313366 -37313637306133346238303863656639653265643332666433333235616164316465653835346130 -34656433353230373933373837353530613234636633376332396438616237623339306131646564 -66663130376164316662666663346466363231646637646464386334306136653431303964346331 -61323962666265346331316638376138663664376463616131623138363837313863333231393838 -64303466636534313336383064356364363964366264326131666634656663326262393030336562 -32646430336563383834323330646633363038633766383563303833356362626664613031393139 -33643335363332333962636266633362643434623762303739623865316535333636343838663136 -30353132633036646566613033303932313832353831376331366637393935616530346165626465 -38666134303136356330636531663666373061326635316166383331663162316134373638336337 -62663565626137653532396536353332313962616439323631333665663431323838356236386530 -62353339313430373538386335633538616665303462663130653037343634393230323466303339 -62383961343861343730613531306464343562373733306362623361353462303033383332656562 -31636537333136376237343232626334326536353136333333366166623735396230653963626531 -61386238616237383762316436376166653536366163373266633434396535303566333137653733 -38343935633236326234356339353262383136343739643734356561653565356161313132356361 -38376239663364613134323763306637613134336465336431623364646431376130383138373065 -39616333356164386130636530326431613633373966663964313562646432386462346636316536 -35306466343632386437316565343933626237636132343933623766623766373634393135613365 -63393066373162653835376436656631343039386334643830666639363734636432666464333635 -61376430316261663832613034656337366131313033313139613631306337623130353731646266 -62316262336633333264316465373466656231633932663530343930306435336634336237666662 -34366330306533316361666636666661626561646136336166363136653166326238373432613065 -36303439663764623336643665396566616161323831653738356663383531393938666161343965 -39626363323139313032366264373635666530353662343637356635393236636665303733353631 -30613363353562373631363834343863383830333039313534376563353833363031613765343337 -39393335656333643732613164333562303430333539353531386333373330323130316234373830 -62366334646638386663313535656132633464383631353862633662633736323732643063333332 -33393566313839316534383139343364353862613834343639356665353231653835613332373362 -37363035393130646663333265393962646631303830393732616430303361323261616532346133 -31313766353936303564333039643764306337623064326232363831623765653231383336386134 -66386336636530396162623462336231363739313032373234633738383232643430383564643236 -38633566346331306337343233666135366331373435666536313963666465386664393939626465 -66653934393537383538666265393264386533303133626437323165353761643833666133653936 -39346639313761633835383361363963383165386434623530616164643535626535343333333435 -39313934663038303237616139386665376130653163343030666531326136303166343835346661 -39646431633836373163633761353539666564376530366531616535363930313862626339353430 -66386235656165653637336532333137626162616230396463623662656135373363633962636535 -66366332316562613863343262383066613339643263323762353734366438656535366330313334 -63373963363138386233333563306335663062303563323763333834636632393237313565653935 -32393265353333643732313361386362643432613664646361373765373238633836393664353134 -61373034326161613262373536366565386633663837313734663838653761343532343936356633 -62343638323837353936373034373833363136653936366334643162306230333464356164656231 -65666366613838656435356438363736643539356138316562623065613735343164333662663833 -62333139653130663965346135323837336336383536313363316664303066313731646562663263 -62616537383361623335616561336530343437353362353865323963313036393164333736396564 -31616339346532383466613733616662643663356361326234306266376366326466346532626533 -34633861633739356238663032666231636238646237376364303530306635313361393231643031 -61636535613139356332326337333433653636613763613662353739383637313764623132313165 -34353635326135643930346436393262353539353461333530383664386434393234376634623232 -35333135333261653432316432393433343830363133666165303764643365376637656166343465 -35323536303065353137653438343734653533643237313032666232616634656537356566666237 -31653836396436656431623230613336326133363935626137623538323462313337653732323237 -33366230653431303638333835616564316637303335373163353762346163363835393663666330 -36323366643035323537323932383734373361316533323266326663343533326633373130626131 -39353463323164313938336666646536633836393833363933303232643433303436343963613034 -38626338376663303334666539313563326334323462383161616535356635333335643266636363 -34323934323165326662376565323234623262393335383666353431346161326332616134643463 -64313530323637336565653430633733636633366561333137623763396130353265363838303538 -34366235316661643864313734373538663833373365386132323363636164643866643661393237 -31336465303165666236373962356631336337383730643335366331393763623763346166393938 -38323864373030373561613564343537386338633234613931393637396133613263613933373963 -35656234306434633633346335663937396139333130356264356237336162303437333662386265 -63643034343930336362656635666365356466366530656639613464346534373663313331653266 -61353035383335353936383638653236383763373164646462343334323735356531363035346532 -65373330333433616462653265346430633336633365306463643962326465616635383138363835 -33343634613666643034616131373961633033313135353034356461313164356436323963623863 -61396462363139356336346266653166666166653539303739373461363839386566393436376133 -61343330306662643339663531333765373966373632303136383135303464626565353363636336 -31333339353865306338323632633662313438343230643765373761313534336531646236346530 -38383439383330636435303437316664383637653536356433646664386134636537663734633134 -38306633663233316466613035613262363134646132396135613137636663336265656632623239 -33393132323935666537306639646130643465393632643864633162303136633639376666646164 -64373631333937663337653039353461323731376232636639643462353539386161623866653563 -62623034396133653437366232613463363762343934303236636233306137373533653837666632 -39656439643361303934393336333637336632356339306236343761643036316466323932376338 -62316436623032623131383031343030626233383734363237383966636364326630383362326439 -33346439336631636366323033353630376632616165643462366661313038633661636564376466 -65386232366466303336306533616539343039613434303662366464323865303165333661613733 -35613364646436653033303264393663623837373565353532633139356462326563313835663332 -35396334383633386639613333316235643738316234313932393138663861656637353933653262 -64393665336661333065623163313964333163386438383064393836613437616532313863666566 -34303231383763363961396134646566393639623235306563613838333433343531663938653835 -66366635623361623336383766363438356333376263626537313463313762333165323266613162 -65353837613038646262616330353338666433386162373833323162303931376332363866333764 -37363364633364326230666265663134356431323963663636316136613565386435613536393061 -63356434323165643931643633343431343938656362366133323635663766383266316137313533 -65623831656331643533306539666134656238303264303136396562653331346261646232626265 -33376166303030306433316630303165323662636138396165636165386235653036626236363633 -36643738383933353865383735313166306465313566333837393737303336366339346335626532 -39366331343164393039373064613461383863366261366433633764663331316630316462356635 -36303033323533623133626239366166356630663537366261386463373133336333336539393132 -36353937653038323561393030323335653630313262636266653066343332313931366135356564 -61316563646162623738303137643638396537353563353230656165353839653066363132343834 -64393339333934626665363661353238326235393933356139383436656166623934616262336562 -32373536363132393739383638353766653736623434363665633038303565316238623136353565 -34306336396136623030393338306434616631313637646539393863396330363333333132623934 -33313239303262343463623665326664326438383438643863383736623632393062613533333836 -63393233343561633862366661343964636531363932653738323763643566353934613766613932 -33616532326436313065306330306662613762616563363662313461323433323765376530356430 -66613436383138663235393239393063333631313738306639343035623462373565353337386164 -36326363333562336162356336373338626533613035646335356361383334396230313530666236 -36356662383861363665626566326237383566303161643463643631333232643566316234633335 -65613731653861353436663864343765666635386463663162366564636236326662366165333863 -66636631326532343165313038366237356633386531303164373431633163393066613165646132 -66386432633330616366666635386161363735623763353862616666663666613834353739643938 -63646435613464353533323338663334303039636437643636623161393966613136663366366561 -37646436363130303637373436383636643232323463656438366636383363643565373366376538 -65643762646632636562626462313532316132373066313533626336356431373736333262303530 -37326231653832313264336439333736623463623462666365656630326433386662343933653632 -66643232343834316562633363313636643564363832373762626631663135363031326635613665 -62626362393037383364663234613966623662343965636361356163396164363932353261613337 -37373865643066313762646335616239323864623166343163626265396263333936366365363262 -33393532393630633339646532333563653834396630313164623061363930313362363136343665 -35656161653531343132373264353162356632326132333935643161356664626232373132653334 -30643639623066313730313435633466393132316536346662616130626466626332636564373761 -63333265646363333062626539666234353766326431373162353033326235316536333663613432 -64626332393763356666386332623733663937623365623832646335333739653866633535336463 -34626139326537383434623961343461383735356366386661663565376639666565316138313130 -65396130333033353930363339646230643666633238373333353932363532363135323161326139 -37643335643162366335353033326638646464663665633963653066313036666663373036613738 -31343231346362613630653561653330623963633034306465393931326537663034653766363166 -3230343462633566663466633263316538633633653237626166 +31396332353866353033636465633564303630366334326637343231623262613131356661643963 +3764303530633039356633653162343531393235376164640a666136643062376561383034346539 +38393838313364633639656566336430333865333632356235396136373166643434306138316338 +3364383138303538390a653439326538396463363938383639623733663265383038333037373734 +31363330643036346661343034373761356238353339343665633630396337623137646462353064 +37323231643566313561343236666232646262373731636264376161386534376336323937313730 +34636435366465653261316134336530346661333062356561616231346133313934633962646536 +66613237656630396233343661633035393132623364326462323930636535323438396130343663 +64346664323734373033643436386333323735313064313932326333323434646239366361326436 +30336234346138636530623139326535643961393634653762323631633030663839323663313539 +34316336383834616632336534663533336430373638663866303337366162303463333430343062 +34356166383931663062323036396664636231633830653965393063303030313037363738343031 +35383164636630666236646231353732383466336535323238303930666230393833373538613336 +33326164383336376233303937353865303065333238316461313063623832623939353436643731 +65373636363630343230613263633161666234666638663162356233383331323462316566353130 +34656365636166616663363934323834393130646363306434366566376366313738343862306339 +31663061326562626334346334636430323236353737363135386634623635633932653633386437 +62323634373336326461353661353036633031333466313532636135373831653239663439643833 +62323931353639303661626666636666396133326433386164663539623031373034306330656566 +64313333613964613865616336363739666431353638313036393631343530633633306631326330 +34663462626662333464393064623063666334623737626232383461306532646266333132663763 +32663561653735376164303463653233353638616562333039373336343633623639323362353963 +35656138653963356366363339356639306234366666646266306332363433396362393161373732 +32663735376265353038643730303362333238643535623664363339613431396637363162313538 +61666561666439333862303034636230386366363262626263643261313731653637383634363831 +66386463393337623461333734323963373938353665316337333564623063363133653037306639 +33376133636266623839363734643362366330633261346463373464633566303034633132616337 +64313636366139343339663765343361363737613434383631653134626565313539326335336436 +66346561393931353939633534376138626662363236656634303663373436333239303135326462 +65333034336135626264383433303261323262303732323032393864363461323364383335636335 +31643530663534366430653934633432656161663061386330323933376565333465633436333634 +36333464383963346431616632383236333739663632616532313462643265326635616662396364 +30393738633639303334626664643936356361626536373535363862333962376438316132303039 +36643338333034663266663032626466336130646533346630363066613265376630303434616235 +37313838636431666536646164376139346163646362666232396538636530666131343035383935 +66363435383464343230366137346363366631626639653532303434666230373963323665663532 +61346237383230323766663539666637633734336464343332656265356135376434303437353764 +36613363343530643833396662626563343233646162646636633835393634323734343934666461 +39613562613037323231363438346631383163316432396437663463396430356563646665616133 +62653363323330393266333235616435386564363632363765646237646430376235656561393336 +61613461633361376235326536326237323663646262346230613634336564323430623030356663 +62613064643937353862616132313030363437326131333639346636613832343138363037373839 +35626563666437623837353434646432353361633130643734383336633337643062396266306463 +64326239653232356466383766623632633463623835663034646666323636623461613839303535 +37656133313631353463346133313563393131613566303830636536646430643936363237333163 +36366466323030316261663562623634663335363639343033623163343065356362386535303033 +32646561663162373037326430373463363836313833623261623939313864363039626362363332 +33373631656230643064653630383335613938366236356231613230623534386637323137303730 +31643732653331353737343336613638656463303862333830323432396165333938663136393064 +30366231663065363866376534663664326231333930383433313439356332616139396235643632 +64313234646563383531376565313663623237306639313733616433326231326135656631396134 +36656335306662656333323738313939323765623665356561663633366361633331386131376161 +32396463373932636332336337636138666563636461323761356534376433363465356633343462 +30396532383939633030356434396331396438353634623839303437353235346630303261346361 +35303038333832336438643161303430373664393732656236373335633830336262393530313463 +34663138623366396230333765323939656337366332613634333835636666326130613538346235 +35646433303064313930356662636539653066383438323266383835376465383662323666386431 +37633235336134373231666166333866626135313233376332626363356466646139636662663165 +62623862336333353937343437656266386665333435373834663631613861393265306534353533 +35303064633632326637383933363230366632666135363435376631346138623334386632366235 +62323238396434666332353739356465363061373135326133636236333032326535396630636239 +37323962616131313835346565386330666238653634363162313431316164326137633162663331 +32383735386364386530666139656433343833326164323736333130613161373563343562326462 +30626535666436643765613437396638366237626531353731646435663234313061656466653234 +34386334393131303765363665613736333530643163623262323833313461626132623037663965 +34623537653337313461383865366531613261393333663137353030663763336337636664316131 +65626239656161356462373762336161613461333366383233626131313762393464306366623239 +39613264633466326336613164316266316537643964663562383432393438663035636363376237 +62396335373233623663613066646538373632303663323035356462316432356634616232653835 +63366437633565353764646363636638323836633637306432633466323438376134363963396434 +36336234633263376463383135663266643265323433666637613064633431333138333866386664 +32313762333666626164363865626635666535333530613631303563613131666339373334313730 +31646130316139346130656539636565346563353136626534633937313133356465303233353330 +34663562636365383165633834376239653130356266646231373164626537323466376361656232 +33356664653833383338313630383633383266343662393764376361313364343230333935313337 +30613631623962623130386334373337313933326665323633623865346563643431646230613966 +39313861353866333335626666303433336266656163313538343039656530633535633730646437 +38303833626532336238303332656235313936386466366432383039383865613138323238336238 +38313332333330346233663761323938343330376238623866666134623661356464376465313237 +62666130373861656162353463653066393531613661346638626164626136646639653930363462 +65343462366138386333653463323865333935633366643731663637393633656532626532656131 +66636464333337613136663861363435633934613239386663636162353330323431383231303966 +62653236336634313961373031653662363033336464343562373330646437663431616539303636 +39643439653161323266643333623737646266313262653837376133333638393232636363643863 +64323463363737646164363234313138333963366664636562303861346336303834656165306331 +32303330373461393832306133343038363434646666646464366336303439623037633538313537 +65633835323064303066393838333261353561333938343164383664616166303164386164323962 +35363566363938373538353866343461613664366439346366646162313434623930383739333834 +30383532383563633864633234343333643965636366313465616435363862396438633233633236 +61646236333736363730643161376361326366376131386436343563363764643464613839623837 +64646338396337346562346336333464346432376566353235646366313130663535306336303562 +39366535346633313135326637376266386339323331626462323433636634343839663339353762 +66376231303066376331323138383463333338653666376664643339343433336134626433653639 +64303331646133646564353165343966326263663761323436316437396464626333316336356162 +66363761326366343165343235613465623134346365633337663232656561313130363632313965 +61646430323230353438623066356561643836643735313663623732356266653364343963353030 +63356434303363613631626362396334313232653832643337376238336434616537333864663034 +31303065306139643034323531656534396364346431623561336533363164323434653762333066 +38376165316135643165653861326563613835383539376532303566653039633764383163303537 +62396531343135653535633434356435633763393831386362663836653661653365636234653466 +63643463626639326164613266386465383633626264613633396337633832393938376464393036 +38663162643137336435663366366364366365336162316532646631646237306337643539383439 +36346234313134646363633265393132373962636139636663356164313039616436343961343137 +31366436636564373566306434373062613130616139313530316565646363366263613462353636 +33613264653962303062636463353134303535323836646532386237393063646537623936383932 +33323133343233643963316132653438356561633336336635383630633066396132636561366461 +37663464313266333339303538336538356436383133326538626437386334613464663262366264 +39303066376166663664636562666665666233353465363031623135376465373633626234303465 +37346136393738383062346533306138386366383462386164323531386164313432356338663836 +61323438363666393536356532353239336365366463383839353062306236373365626330643930 +35383738626635616431663631326365663161386461613738306264636232323462363332393136 +39653638613934383430393364666636333764373731616339646465656230646333323630333165 +63613861616462316331316332316133383166323435343930656537613530376132616562663539 +64323036336530656537616132313737666465303864646262303339343664626132343231353134 +37363466353263663934666366336333326436623961636330663065313764663635306339626163 +36313133366634633133366362343365666135653664353837376536646135343437666663616466 +63353362383636383936623261363435373862656135323166643665616535396631653566323064 +30386631303932633165306435323961613232393338346134653465643836636236643964356230 +33626464353233306437393238376539366562643035663130313434376231363863333363366331 +35613338663734366462333261646661303532383335613538353733333265616263613330343836 +63633663393136346335343763623032653939636236646136313134326536353566623864343731 +61353566336436663666313136393932356461626362333264303936633034363930636132313135 +32616131643362633964623137666361363031373837383533653834386331313863323032383664 +63306333613939376465386362363335303238626637653065356432303862633336653438393763 +39373333646431326435633834643363336166323738663062613237656666613965303333623133 +66326139343565646163626631313833633038623934326435363364316139373634353165343063 +34313430373036313636386336643230366637396539393266643734303461313931316164313338 +65386139313434623664313531316533303366626666626432333831653862653734333066356461 +64316564613162386339333966333661656438356463363937656132346637653333323831643433 +36633365653263336634373661646433346138623936376166636464366331353362663838316161 +62393531353134326434613665646465353235636261616662656537666337353436336265306131 +39653066356236333235306437383730666436613164396233336438383230633763653335366436 +31663061346239346133616136306537643864393765636466343030396134666138383762653632 +30613532306364633364343637613930636464316435396331356436363030633962666136363935 +66613930353961623636666331323239663136613837393033353733656635623936386563663965 +66626531666262666233353066626665313931633862343531633538323030363636313033303163 +64343330346666336564333865383262346361366630366162303132633766313439333536356563 +66336439343735643534663031306333306638313261326163633933613830633464613037356639 +66376432336130393635613238353133356131623664343663313861383163613565653939313136 +65313761663965313038616436613735346536636365353434633432633466373633653334623835 +39613633363539303065306333366532623432343964333766666232643666653037636565643337 +38353036393136323536646636353735353030356666626133643837373838326662326430613162 +33376262646136306632383937633239366137626533393665346337323832646336313233346535 +61336330396563323863303333383038326565396139343030343537366130373030623962656364 +61333336623864643365323463306137346530613465393438656230313363383235303935316538 +65313438393162313534326130386531666339323636626362356330353232316231353635303337 +31663838386339623539376332373136653830336633363432653065333539643861393966313132 +66313266363363376161333436643437356638343961396537396237343731373135386161366162 +35356261333137386162383637613237393132353562383130643032326534653061336238353462 +61303965363861653835633539393935313862346134376638646238626532646539393438313935 +39633562356363326230653434646266636635373465303066343562363332333934363065633130 +62336464333665656133663230616237643531616665623235633434353039326438356330323065 +32653961373731343065396232386262653739646463343939303831383437353561646435373730 +37366539353637346465396533653465616130396630653766633766636432393463616533633331 +30666636646631363838663665363433393962643035303332363330396631663739363363376663 +33666435343837623039326565323934306563613432623130313134616538386631353866333266 +31653463623637356433623336353436653763643934313433343234373563666566363564623032 +61666535666430666161653636333032356361333937323765326432623065656463363331346536 +66356430306436356531323531303264616139633663376461633931663438326335323565643266 +61333265643832396633633338613736663335383962386331656438386433653465353966663338 +31656531643831646263313833373832343531333530336332366430393738303630646332363365 +63386339393666306632363164353661333830376434373666336563613232336336373561626538 +36613435643133396538613930336330383138643734393530323036623565356162643330393632 +33386534636166613134643666616566346265656361643333313566663162306330363761663565 +32333035613533636339613830396637393030633530643663396239396161336661376465646361 +35656631323261366265666434313437363063316462373261613639313534336235343165376130 +66393366636338653332356262613238663735313035623362623032663933626162323036316536 +61333161306437623733663836656634366261353134336535663561666461666339366134356432 +64356633666133613439663634363233306338653536346631643961636136343435333537303063 +33633331313635623936326664343363313331653135366433393365336138306637366137643764 +37386464343030376335646430396530363035333732303061646630626662343163616465346336 +64656437393264373330353463646561633735653434383433643130646562643734383839613230 +63383663333135646665623637636333383564623238316564646437363831363930633931623930 +65636635656261386362626637383835376439646462306633663365663131313539343631346664 +37643739623436653830313161396238306537616364333431386665313461326138346633643335 +34326135316534383030306635636633323035396566386538633531613139633138633539386366 +65356635663634343334633538663461636133326237646363393433623662316461613232303134 +63373263653563313264636633663630613533623636643465313633333262616337363061376334 +63626364356133373535306563623665656632363532643563313034353861363332623339643835 +39346234643064663462663337633632343037663462346363633332306237643239303530633134 +33363462373036623939623561626165653232643931393531373635303635663061666666613565 +31613239633766633766383236383432343361353562663062313563623831333866646635646561 +35353863303861633830326665623330393864336364646664656433663663353030613964646138 +38336661633831663436336538333935366266306332353132623039356537323834396136653634 +32616330646265633539363534616665633137303439616161616564363565646137616535323761 +34353865366263636364633837653133623333636462623138616633353263316661366637313566 +65366664663136646539363337376665616434326561366465663037383630343433383266613535 +62396162386663623130373534323462316634653661326531646635343061643139343264306639 +64333031363265353032313433353461643536376530326261663561653835326465633466313961 +39643330653363316233643032663563643162376266316139306433346564373933613230356335 +30373461653935393666393535303839336266633435313030666261316439353037653639613937 +61303263633261656132623534653236393561336630636665386634393430623730653564386539 +62666665346638373333373264333635636435376361313339393363393661356333373138626366 +30336665633365346330346338343337613430666231313037313361363236363032383966633936 +34653635623161313832643764663164616661313530323733353337386339306439313738646563 +36623935353832616538663535626262363237613361303234343063356234373334643962373366 +31303061393436333833393739653864343032613233663333323930636536333132633665666632 +34303063636366383162306438353361326532303331353561326230613036333562396530373635 +37373866623362336633616637386437313932393535366562323733613437313638303665646138 +32643531633333333162353830643763613638363865353239646535383939383063356337393035 +31656666343730373961336437653061396165376363383439343131306131313437616432383834 +66343831383362346264613766613062373337306532313763336663353137666662353031366363 +63323037383139313131373265633933666563393464336564313434353834373331643865316665 +63626531316230326237643235323339653762386164336131396630363639303361613262623262 +35656236323837393732376535353633313762306438363131376337313134326331383730643634 +37366232616563356664613265656161643261663535346364636230393464626464376437306232 +61366263333065393937633437326565306438613834623937623537363562653332323335303738 +34633766396335646138636463316237306564323832613765353630613238303439626437656330 +66613838313766306234613563323331653466653263646132393437363435633931616438363338 +38363832616362323237383935633930376166663430303032303165303362646236326636653938 +35623764613939313235313237633636643839343936313139373933383966306434623265646562 +37656563376232666164653061303866373962343137373034356534663935336331646664323838 +36323263623537653966646361613239323264643665396163303331386232333036646362633338 +62353061343336316339626264616364393939666133313962666430343931633933343232353033 +62383564353465306166303936363363343962316132613835306636636562393061336639326139 +39643935663530303766363834656665313564366563313135613431633734303639626238653935 +61396436326633383037386533326664363739626364656138393063373264386465313436323961 +65353637323264633033623432373435333036626565346632393635336131353732323933613364 +36363231313362356338373738386665353736643365343363663336656162303232646536383132 +36353665326634363233646530383738306238653965343132333734363232343535396335323937 +63613432356331306238643631393035653038626565656566333665303139626662333564303631 +61613637306564616565383735376465356264343137623631363966393261623561333364323136 +30666636346132363564363332646236333736643438666230636236333463373764656234333134 +65386539663032613532363635653935616533313230643637366364313735616231333937346137 +36663166386338383638303231323431316262343430343032613035663537386463393232376362 +38356566303066326436663564396564306331393665386434366564386164336365376135346437 +32323437313865396232623761323736666432336138326462326535643664373839633433633464 +35373035616238613132393738656364626235646163656561643936626432366262393530373865 +65383462623266663164383332636464343134383931636539636165623230356462323336313166 +65396535376663636166353266393138326163306231393335626434333663363832613733306539 +63643035356264333062613562643032383662633730643634376632363965323165396334326630 +66363033313365363739646566323834333733383833633733363639646465326435313338346336 +34623839326664326338653732623138653164303935306438653439616130376334616339616336 +38336262623035636637623030313131393163346236656263366364396566336661616636313031 +30663635386634393933616534656630353736366461396336323336323035626465366434313438 +36306436336238663435653634633933313431356635353735323937363038636534383633663362 +66363834626338373766613362356261656163616434383163353439396639316237633762623761 +36663936303135656337663630393235383837396535333837383335656532386366316563623766 +38616435613038633561356631366139396633313166636661323763653761333630316230643333 +63653234333435623638346530623839363965326166333062353164653132643762656161366161 +61633635356533623665653032316533303732353461376538626634373664396565626239633463 +66363735306139383366373661663739643430636436356330646235653234306636333264303134 +30386635653263336136316366623932633165666237356633663430396331313839356661323534 +38333933633533386137656538623263303664376232373635633733666237613836336366393339 +61363636326166303965663838616134656564336661663364313435303966636132613461383463 +62373733633566366232656136336564313039616661303064643065343765323963376430313633 +39646436646465333261633237666665666265636631333631626530353234386430396439316433 +66363830656638363662653239316532306334346535353034613037383935336531333239303762 +63393837353835663639623665313035643266393964643735663133613133383565613663643132 +31633731363965346366623165356162373339646166626631323864353433303338643066393966 +61643539643765656339613330653830306263316664633537336362323062366339303666616536 +65373533616263303037333565633761626666383066353063393435306232353837636339346662 +32643133333838373737663763333230336531663936376434333061316330613137343031326437 +64346632396265303565646536303334373831386130653136343835313765313431383565633432 +39313266343732306463623762666361386261306565323835656535616635646538656161663234 +32663761353736616666303662346338613435343931373539613762396565333135303461626534 +65646132343636663664363130383033343333643065343865323764653437353932336664383031 +37633237303933376131343837303239356538343739383233383639383762343131326161326364 +38396266383237613835393039633732366634313635373831373238313965623236376265653136 +38373666623435613165326138396432666231383537626162393232386565633461636664373265 +30366263653839616435663732643539323739306662376135326136356334336465663363646430 +37643533303364393266306139393431623563326431626265356264336462313931616631303739 +32353463323663333039363938326361326661623664383330343062653264353166633366636166 +39656665366435376131343430303663633337656331316433373465383431343936666336353062 +64336639353335303734656136363765643266346262393134373262383366616362 diff --git a/roles/grafana/handlers/main.yml b/roles/grafana/handlers/main.yml new file mode 100644 index 0000000..cfedf9f --- /dev/null +++ b/roles/grafana/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Restart Grafana + systemd: + name: grafana-server + state: restarted diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml index cd260cd..20bc45f 100644 --- a/roles/grafana/tasks/main.yml +++ b/roles/grafana/tasks/main.yml @@ -29,6 +29,16 @@ retries: 3 until: apt_result is succeeded +- name: Configure Grafana + template: + src: grafana.ini + dest: /etc/grafana/grafana.ini + owner: grafana + group: grafana + mode: u=rw,g=r,o= + no_log: true + notify: Restart Grafana + - name: Enable Grafana systemd: name: grafana-server diff --git a/roles/grafana/templates/grafana.ini b/roles/grafana/templates/grafana.ini new file mode 100644 index 0000000..d779585 --- /dev/null +++ b/roles/grafana/templates/grafana.ini @@ -0,0 +1,1008 @@ +{{ ansible_managed | comment }} + +##################### Grafana Configuration Example ##################### +# +# Everything has defaults so you only need to uncomment things you want to +# change + +# possible values : production, development +;app_mode = production + +# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty +;instance_name = ${HOSTNAME} + +#################################### Paths #################################### +[paths] +# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used) +;data = /var/lib/grafana + +# Temporary files in `data` directory older than given duration will be removed +;temp_data_lifetime = 24h + +# Directory where grafana can store logs +;logs = /var/log/grafana + +# Directory where grafana will automatically scan and look for plugins +;plugins = /var/lib/grafana/plugins + +# folder that contains provisioning config files that grafana will apply on startup and while running. +;provisioning = conf/provisioning + +#################################### Server #################################### +[server] +# Protocol (http, https, h2, socket) +;protocol = http + +# The ip address to bind to, empty will bind to all interfaces +http_addr = 127.0.0.1 + +# The http port to use +;http_port = 3000 + +# The public facing domain name used to access grafana from a browser +;domain = localhost + +# Redirect to correct domain if host header does not match domain +# Prevents DNS rebinding attacks +;enforce_domain = false + +# The full public facing url you use in browser, used for redirects and emails +# If you use reverse proxy and sub path specify full url (with sub path) +;root_url = %(protocol)s://%(domain)s:%(http_port)s/ + +# Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons. +;serve_from_sub_path = false + +# Log web requests +router_logging = true + +# the path relative working path +;static_root_path = public + +# enable gzip +;enable_gzip = false + +# https certs & key file +;cert_file = +;cert_key = + +# Unix socket path +;socket = + +# CDN Url +;cdn_url = + +# Sets the maximum time using a duration format (5s/5m/5ms) before timing out read of an incoming request and closing idle connections. +# `0` means there is no timeout for reading the request. +;read_timeout = 0 + +#################################### Database #################################### +[database] +# You can configure the database connection by specifying type, host, name, user and password +# as separate properties or as on string using the url properties. + +# Either "mysql", "postgres" or "sqlite3", it's your choice +;type = sqlite3 +;host = 127.0.0.1:3306 +;name = grafana +;user = root +# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" +;password = + +# Use either URL or the previous fields to configure the database +# Example: mysql://user:secret@host:port/database +;url = + +# For "postgres" only, either "disable", "require" or "verify-full" +;ssl_mode = disable + +# Database drivers may support different transaction isolation levels. +# Currently, only "mysql" driver supports isolation levels. +# If the value is empty - driver's default isolation level is applied. +# For "mysql" use "READ-UNCOMMITTED", "READ-COMMITTED", "REPEATABLE-READ" or "SERIALIZABLE". +;isolation_level = + +;ca_cert_path = +;client_key_path = +;client_cert_path = +;server_cert_name = + +# For "sqlite3" only, path relative to data_path setting +;path = grafana.db + +# Max idle conn setting default is 2 +;max_idle_conn = 2 + +# Max conn setting default is 0 (mean not set) +;max_open_conn = + +# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours) +;conn_max_lifetime = 14400 + +# Set to true to log the sql calls and execution times. +;log_queries = + +# For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared) +;cache_mode = private + +################################### Data sources ######################### +[datasources] +# Upper limit of data sources that Grafana will return. This limit is a temporary configuration and it will be deprecated when pagination will be introduced on the list data sources API. +;datasource_limit = 5000 + +#################################### Cache server ############################# +[remote_cache] +# Either "redis", "memcached" or "database" default is "database" +;type = database + +# cache connectionstring options +# database: will use Grafana primary database. +# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=0,ssl=false`. Only addr is required. ssl may be 'true', 'false', or 'insecure'. +# memcache: 127.0.0.1:11211 +;connstr = + +#################################### Data proxy ########################### +[dataproxy] + +# This enables data proxy logging, default is false +;logging = false + +# How long the data proxy waits to read the headers of the response before timing out, default is 30 seconds. +# This setting also applies to core backend HTTP data sources where query requests use an HTTP client with timeout set. +;timeout = 30 + +# How long the data proxy waits to establish a TCP connection before timing out, default is 10 seconds. +;dialTimeout = 10 + +# How many seconds the data proxy waits before sending a keepalive probe request. +;keep_alive_seconds = 30 + +# How many seconds the data proxy waits for a successful TLS Handshake before timing out. +;tls_handshake_timeout_seconds = 10 + +# How many seconds the data proxy will wait for a server's first response headers after +# fully writing the request headers if the request has an "Expect: 100-continue" +# header. A value of 0 will result in the body being sent immediately, without +# waiting for the server to approve. +;expect_continue_timeout_seconds = 1 + +# Optionally limits the total number of connections per host, including connections in the dialing, +# active, and idle states. On limit violation, dials will block. +# A value of zero (0) means no limit. +;max_conns_per_host = 0 + +# The maximum number of idle connections that Grafana will keep alive. +;max_idle_connections = 100 + +# How many seconds the data proxy keeps an idle connection open before timing out. +;idle_conn_timeout_seconds = 90 + +# If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request, default is false. +;send_user_header = false + +#################################### Analytics #################################### +[analytics] +# Server reporting, sends usage counters to stats.grafana.org every 24 hours. +# No ip addresses are being tracked, only simple counters to track +# running instances, dashboard and error counts. It is very helpful to us. +# Change this option to false to disable reporting. +;reporting_enabled = true + +# The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs +;reporting_distributor = grafana-labs + +# Set to false to disable all checks to https://grafana.net +# for new versions (grafana itself and plugins), check is used +# in some UI views to notify that grafana or plugin update exists +# This option does not cause any auto updates, nor send any information +# only a GET request to http://grafana.com to get latest versions +;check_for_updates = true + +# Google Analytics universal tracking code, only enabled if you specify an id here +;google_analytics_ua_id = + +# Google Tag Manager ID, only enabled if you specify an id here +;google_tag_manager_id = + +#################################### Security #################################### +[security] +# disable creation of admin user on first start of grafana +;disable_initial_admin_creation = false + +# default admin user, created on startup +;admin_user = admin + +# default admin password, can be changed before first start of grafana, or in profile settings +admin_password = {{ grafana_admin_password }} + +# used for signing +;secret_key = SW2YcwTIb9zpOOhoPsMm + +# disable gravatar profile images +;disable_gravatar = false + +# data source proxy whitelist (ip_or_domain:port separated by spaces) +;data_source_proxy_whitelist = + +# disable protection against brute force login attempts +;disable_brute_force_login_protection = false + +# set to true if you host Grafana behind HTTPS. default is false. +;cookie_secure = false + +# set cookie SameSite attribute. defaults to `lax`. can be set to "lax", "strict", "none" and "disabled" +;cookie_samesite = lax + +# set to true if you want to allow browsers to render Grafana in a ,