From 45041be2ab9e7888b688f27b7250a28d97c35f06 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Sat, 10 Apr 2021 17:29:50 +0200
Subject: [PATCH 001/116] Install postgres exporter

---
 monitoring.yml                              |  5 +++
 roles/prometheus_postgres/handlers/main.yml |  5 +++
 roles/prometheus_postgres/tasks/main.yml    | 41 +++++++++++++++++++++
 3 files changed, 51 insertions(+)
 create mode 100644 roles/prometheus_postgres/handlers/main.yml
 create mode 100644 roles/prometheus_postgres/tasks/main.yml

diff --git a/monitoring.yml b/monitoring.yml
index ac0d59f..23e7844 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -151,6 +151,11 @@
   roles:
     - prometheus_federate
 
+#Postgres Exporters
+- hosts: bdd.adm.auro.re,bdd-ovh.adm.auro.re
+  roles:
+    - prometheus_postgres
+
 
 # Monitor all hosts
 - hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
diff --git a/roles/prometheus_postgres/handlers/main.yml b/roles/prometheus_postgres/handlers/main.yml
new file mode 100644
index 0000000..05837d1
--- /dev/null
+++ b/roles/prometheus_postgres/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart prometheus-postgres-exporter
+  service:
+    name: prometheus-postgres-exporter
+    state: restarted
diff --git a/roles/prometheus_postgres/tasks/main.yml b/roles/prometheus_postgres/tasks/main.yml
new file mode 100644
index 0000000..10d612c
--- /dev/null
+++ b/roles/prometheus_postgres/tasks/main.yml
@@ -0,0 +1,41 @@
+---
+- name: Install Prometheus postgres-exporter
+  apt:
+    update_cache: true
+    name: prometheus-postgres-exporter
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+  when:
+    - ansible_lsb.codename == 'bullseye'
+
+- name: Make Prometheus postgres-exporter connect to databases using peercred
+  lineinfile:
+    path: /etc/default/prometheus-postgres-exporter
+    regexp: '^DATA_SOURCE_NAME='
+    line: |
+      DATA_SOURCE_NAME="user=postgres host=/var/run/postgresql/ sslmode=disable"
+  notify: Restart prometheus-postgres-exporter
+
+- name: Make Prometheus postgres-exporter launched by postgres user
+  lineinfile:
+    path: /lib/systemd/system/prometheus-postgres-exporter.service
+    regexp: '^User='
+    line: |
+      User=postgres
+  notify: Restart prometheus-postgres-exporter
+
+- name: Make Prometheus postgres-exporter listen on adm only
+  lineinfile:
+    path: /etc/default/prometheus-postgres-exporter
+    regexp: '^ARGS='
+    line: |
+      ARGS="--web.listen-address={{ ansible_hostname }}.adm.auro.re:9187"
+  notify: Restart prometheus-postgres-exporter
+
+- name: Activate prometheus-postgres-exporter service
+  systemd:
+    name: prometheus-postgres-exporter
+    enabled: true
+    daemon_reload: yes
+    state: started

From dd48302585c49e83b7941eef7301a142e2179b53 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Sat, 10 Apr 2021 18:01:55 +0200
Subject: [PATCH 002/116] Configure Prometheus and Prometheus federate to
 scrape Postgres Exporter

---
 monitoring.yml                                     |  6 ++++++
 roles/prometheus/tasks/main.yml                    |  8 +++++++-
 roles/prometheus/templates/prometheus.yml.j2       | 14 ++++++++++++++
 .../templates/prometheus.yml.j2                    |  1 +
 4 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/monitoring.yml b/monitoring.yml
index 23e7844..13f439d 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -99,6 +99,9 @@
     prometheus_targets:
       - targets: |
           {{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
+    prometheus_postgres_targets:
+      - targets: 
+        - bdd.adm.auro.re
     prometheus_switch_snmp_targets:
       - targets:
           - yggdrasil.switch.auro.re
@@ -128,6 +131,9 @@
     prometheus_targets:
       - targets: |
           {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
+    prometheus_postgres_targets:
+      - targets: 
+        - bdd-ovh.adm.auro.re
     prometheus_docker_targets:
       - docker-ovh.adm.auro.re:8087
   roles:
diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index 4dc518b..4db338b 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -75,6 +75,13 @@
     mode: 0644
   when: prometheus_docker_targets is defined
 
+- name: Configure Prometheus postgres monitoring
+  copy:
+    content: "{{ prometheus_postgres_targets | to_nice_json }}\n"
+    dest: /etc/prometheus/targets_postgres.json
+    mode: 0644
+  when: prometheus_postgres_targets is defined
+
 - name: Activate prometheus service
   systemd:
     name: prometheus
@@ -88,4 +95,3 @@
       - key: 05-prometheus
         message: >-
           Prometheus est déployé sur cette machine (voir /etc/prometheus)
-...
diff --git a/roles/prometheus/templates/prometheus.yml.j2 b/roles/prometheus/templates/prometheus.yml.j2
index e97e986..8fe3424 100644
--- a/roles/prometheus/templates/prometheus.yml.j2
+++ b/roles/prometheus/templates/prometheus.yml.j2
@@ -101,4 +101,18 @@ scrape_configs:
     file_sd_configs:
       - files:
         - '/etc/prometheus/targets_docker.json'
+
+  - job_name: postgresql
+    file_sd_configs:
+      - files:
+        - '/etc/prometheus/targets_postgres.json'
+    relabel_configs:
+      # Do not put :9187 in instance name, rather here
+      - source_labels: [__address__]
+        target_label: __param_target
+      - source_labels: [__param_target]
+        target_label: instance
+      - source_labels: [__param_target]
+        target_label: __address__
+        replacement: '$1:9187'
 ...
diff --git a/roles/prometheus_federate/templates/prometheus.yml.j2 b/roles/prometheus_federate/templates/prometheus.yml.j2
index 23e649b..71e6874 100644
--- a/roles/prometheus_federate/templates/prometheus.yml.j2
+++ b/roles/prometheus_federate/templates/prometheus.yml.j2
@@ -31,6 +31,7 @@ scrape_configs:
     params:
       match[]:
         - '{job="servers"}'
+        - '{job="postgresql"}'
         - '{job="prometheus"}'
         - '{job="unifi_snmp"}'
         - '{job="django"}'

From 9ebdf15bb905247328dfeb424d8c14bbe26f282e Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Sun, 11 Apr 2021 15:58:35 +0200
Subject: [PATCH 003/116] Splite alerts on some files

---
 roles/prometheus/tasks/main.yml               |  27 ++-
 .../templates/postgres.rules.yml.j2           | 219 ++++++++++++++++++
 roles/prometheus/templates/prometheus.yml.j2  |   3 +-
 ...alert.rules.yml.j2 => server.rules.yml.j2} |  75 +-----
 roles/prometheus/templates/ups.rules.yml.j2   |  87 +++++++
 roles/prometheus_postgres/tasks/main.yml.save |  21 ++
 6 files changed, 355 insertions(+), 77 deletions(-)
 create mode 100644 roles/prometheus/templates/postgres.rules.yml.j2
 rename roles/prometheus/templates/{alert.rules.yml.j2 => server.rules.yml.j2} (67%)
 create mode 100644 roles/prometheus/templates/ups.rules.yml.j2
 create mode 100644 roles/prometheus_postgres/tasks/main.yml.save

diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index 4db338b..3fe3db8 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -18,8 +18,33 @@
     mode: u=r,g=r,o=
   loop:
     - prometheus.yml
-    - alert.rules.yml
+  notify: Restart Prometheus
+
+- name: Creates directory for alerts 
+  file:
+    path: /etc/prometheus/alerts
+    state: directory
+
+- name: Remove old files 
+  file:
+    path: "/etc/prometheus/{{ item }}"
+    state: absent
+  with_items:
+    - alerts.rules.yml
     - django.rules.yml
+
+- name: Configure Prometheus alerts
+  template:
+    src: "{{ item }}.j2"
+    dest: "/etc/prometheus/alerts/{{ item }}"
+    owner: prometheus
+    group: prometheus
+    mode: u=r,g=r,o=
+  loop:
+    - server.rules.yml
+    - django.rules.yml
+    - ups.rules.yml
+    - postgres.rules.yml
   notify: Restart Prometheus
 
 - name: Make Prometheus snmp-exporter listen on localhost only
diff --git a/roles/prometheus/templates/postgres.rules.yml.j2 b/roles/prometheus/templates/postgres.rules.yml.j2
new file mode 100644
index 0000000..281e554
--- /dev/null
+++ b/roles/prometheus/templates/postgres.rules.yml.j2
@@ -0,0 +1,219 @@
+---
+{{ ansible_managed | comment }}
+
+{% macro raw(string) -%}
+{{ "{{" }} {{ string }} {{ "}}" }}
+{%- endmacro %}
+
+groups:
+
+  - name: postgres.rules
+    rules:
+      - alert: PostgresqlDown
+        expr: pg_up == 0
+        for: 0m
+        labels:
+          severity: critical
+        annotations:
+          summary: Serveur Postgresql down (instance {{ raw('$labels.instance') }})
+
+      - alert: PostgresqlRestarted
+        expr: time() - pg_postmaster_start_time_seconds < 60
+        for: 0m
+        labels:
+          severity: critical
+        annotations:
+          summary: Serveur Postgresql redémarré (instance {{ raw('$labels.instance') }})
+
+      - alert: PostgresqlExporterError
+        expr: pg_exporter_last_scrape_error > 0
+        for: 0m
+        labels:
+          severity: critical
+        annotations:
+          summary: Erreur dans l'exporter Postgresql (instance {{ raw('$labels.instance') }})
+
+      - alert: PostgresqlReplicationLag
+        expr:
+          pg_replication_lag > 30
+          and
+          ON(instance) pg_replication_is_replica == 1
+        for: 0m
+        labels:
+          severity: critical
+        annotations:
+          summary: >-
+            Réplication Postgresql lag ({{ raw('$value') }} > 30s)
+            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname')}} )
+
+      - alert: PostgresqlTableNotVaccumed
+        expr:
+          time() - pg_stat_user_tables_last_autovacuum
+          > 60 * 60 * 24
+        for: 0m
+        labels:
+          severity: warning
+        annotations:
+          summary: >-
+            La table n'a pas été aspirée depuis 24h
+            (Instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }} )
+
+      - alert: PostgresqlTableNotAnalyzed
+        expr:
+          time() - pg_stat_user_tables_last_autoanalyze
+          > 60 * 60 * 24
+        for: 0m
+        labels:
+          severity: warning
+        annotations:
+          summary: >-
+            Table non-analysée depuis 24h
+            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }})
+
+      - alert: PostgresqlTooManyConnections
+        expr:
+          (
+            sum by (datname)
+              (pg_stat_activity_count{datname!~"template.*|postgres"})
+          ) * 100
+          > pg_settings_max_connections * 80
+        for: 2m
+        labels:
+          severity: warning
+        annotations:
+          summary: >-
+            PostgreSQL a trop de connexions
+            ({{ raw('$value | printf "%.1f"') }} > 80%)
+            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }})
+
+      - alert: PostgresqlDeadLocks
+        expr: increase(pg_stat_database_deadlocks{datname!~"template.*|postgres"}[1m]) > 5
+        for: 0m
+        labels:
+          severity: warning
+        annotations:
+          summary: >-
+            PostgreSQL a des cadenas morts
+            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }} )
+
+      - alert: PostgresqlSlowQueries
+        expr: pg_slow_queries > 0
+        for: 2m
+        labels:
+          severity: warning
+        annotations:
+          summary: >-
+            Présence de requêtes lentes (slow-queries)
+            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }} )
+
+      - alert: PostgresqlHighRollbackRate
+        expr:
+          (
+            rate(pg_stat_database_xact_rollback{datname!~"template.*"}[3m]) /
+            rate(pg_stat_database_xact_commit{datname!~"template.*"}[3m])
+          ) * 100 
+          > 2
+        for: 0m
+        labels:
+          severity: warning
+        annotations:
+          summary: >-
+            Postgresql a un taux de retour en arrière (rollback) élevé
+            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }}, value {{ raw('$value | printf "%.1f"') }} %)
+
+      - alert: PostgresqlWaleReplicationStopped
+        expr: rate(pg_xlog_position_bytes[1m]) == 0
+        for: 0m
+        labels:
+          severity: critical
+        annotations:
+          summary: >-
+            Réplication de Postgresql WALE stopée
+            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }} )
+
+      - alert: PostgresqlHighRateStatementTimeout
+        expr: rate(postgresql_errors_total{type="statement_timeout"}[1m]) > 3
+        for: 0m
+        labels:
+          severity: critical
+        annotations:
+          summary: >-
+            Beaucoup de requêtes Postgresql sont timeout
+            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }}, value {{ raw('$value | printf "%.1f"') }} )
+
+      - alert: PostgresqlHighRateDeadlock
+        expr: increase(postgresql_errors_total{type="deadlock_detected"}[1m]) > 1
+        for: 0m
+        labels:
+          severity: critical
+        annotations:
+          summary: >-
+            Postgresql a un fort taux de deadlock
+            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }}, value {{ raw('$value | printf "%.1f"') }} )
+
+#      - alert: PostgresqlReplicationLagBytes
+#        expr:
+#          (pg_xlog_position_bytes and pg_replication_is_replica == 0)
+#          - GROUP_RIGHT(instance) (pg_xlog_position_bytes and pg_replication_is_replica == 1)
+#          > 1e+09
+#        for: 0m
+#        labels:
+#          severity: critical
+#        annotations:
+#          summary: La réplication Postgresql a des octets de retard (instance {{ raw('$labels.name') }}, value {{ raw('$value') }} )
+
+      - alert: PostgresqlTooManyDeadTuples
+        expr:
+          (
+            (pg_stat_user_tables_n_dead_tup > 10000)
+            / (pg_stat_user_tables_n_live_tup + pg_stat_user_tables_n_dead_tup)
+          ) >= 0.1 unless ON(instance) (pg_replication_is_replica == 1)
+        for: 2m
+        labels:
+          severity: warning
+        annotations:
+          summary: >-
+            Les tuples morts PostgreSQL sont trop volumineux
+            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }}, value {{ raw('$value | printf "%.1f"') }} )
+
+      - alert: PostgresqlSplitBrain
+        expr: count(pg_replication_is_replica == 0) != 1
+        for: 0m
+        labels:
+          severity: critical
+        annotations:
+          summary: >-
+            Split Brain, trop de bases de données Postgresql primaires en mode lecture-écriture
+            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }}, value {{ raw('$value') }} )
+
+      - alert: PostgresqlPromotedNode
+        expr:
+          pg_replication_is_replica
+          and
+          changes(pg_replication_is_replica[1m]) > 0
+        for: 0m
+        labels:
+          severity: warning
+        annotations:
+          summary: >-
+            Le serveur de secours PostgreSQL a été promu comme nœud principal
+            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }}, value {{ raw('$value') }})
+
+      - alert: PostgresqlTooManyLocksAcquired
+        expr:
+          (
+            (sum (pg_locks_count))
+            / (pg_settings_max_locks_per_transaction * pg_settings_max_connections)
+          ) * 100 > 20
+        for: 2m
+        labels:
+          severity: critical
+        annotations:
+          summary: >-
+            Trop de verrous acquis sur la base de données.
+            Si cette alerte se produit fréquemment, nous devrons peut-être augmenter
+            le paramètre postgres max_locks_per_transaction
+            (instance {{ raw('$labels.instance') }}, value = {{ raw('$value | printf "%.1f"') }} )
+
+...
+
diff --git a/roles/prometheus/templates/prometheus.yml.j2 b/roles/prometheus/templates/prometheus.yml.j2
index 8fe3424..26020dc 100644
--- a/roles/prometheus/templates/prometheus.yml.j2
+++ b/roles/prometheus/templates/prometheus.yml.j2
@@ -20,8 +20,7 @@ alerting:
 
 # Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
 rule_files:
-  - "alert.rules.yml"  # Monitoring alerts, this is the file you may be searching!
-  - "django.rules.yml"  # Custom rules specific for Django project monitoring
+  - "alerts/*.yml"  # Monitoring alerts, this is the file you may be searching!
 
 # A scrape configuration containing exactly one endpoint to scrape:
 # Here it's Prometheus itself.
diff --git a/roles/prometheus/templates/alert.rules.yml.j2 b/roles/prometheus/templates/server.rules.yml.j2
similarity index 67%
rename from roles/prometheus/templates/alert.rules.yml.j2
rename to roles/prometheus/templates/server.rules.yml.j2
index 84d8aa2..ac09881 100644
--- a/roles/prometheus/templates/alert.rules.yml.j2
+++ b/roles/prometheus/templates/server.rules.yml.j2
@@ -7,7 +7,7 @@
 
 groups:
 
-  - name: alert.rules
+  - name: server.rules
     rules:
 
       - alert: InstanceDown
@@ -149,78 +149,5 @@ groups:
           summary: >
             Charge à {{ raw('$value') }}
       
-      - alert: UpsOutputSourceChanged
-        expr: upsOutputSource != 3
-        for: 0m
-        labels:
-          severity: critical
-        annotations:
-          summary: >-
-            Source d'alimentation changée
-
-      - alert: UpsBatteryStatus
-        expr: upsBatteryStatus == 3
-        for: 0m
-        labels:
-          severity: warning
-        annotations:
-          summary: >-
-            État de la batterie faible
-
-      - alert: UpsBatteryStatus
-        expr: upsBatteryStatus == 4
-        for: 0m
-        labels:
-          severity: critical
-        annotations:
-          summary: >-
-            État de la batterie critique
-
-      - alert: UpsHighLoad
-        expr: upsOutputPercentLoad > 70
-        for: 3m
-        labels:
-          severity: critical
-        annotations:
-          summary: >-
-            Charge de {{ raw('$value | printf "%.1f"') }}%
-
-      - alert: UpsWrongInputVoltage
-        expr: (upsInputVoltage < 210) or (upsInputVoltage > 250)
-        for: 5m
-        labels:
-          severity: warning
-        annotations:
-          summary: >-
-            Tension d'entrée de {{ raw('$value') }}V
-
-      - alert: UpsWrongOutputVoltage
-        expr: >-
-          abs(upsInputVoltage - avg_over_time(upsOutputVoltage[1d]))
-            < 3 * stddev_over_time(upsOutputVoltage[1d])
-        for: 5m
-        labels:
-          severity: warning
-        annotations:
-          summary: >-
-            Tension de sortie de {{ raw('$value') }}V
-
-      - alert: UpsTimeRemaining
-        expr: upsEstimatedMinutesRemaining < 8
-        for: 0m
-        labels:
-          severity: warning
-        annotations:
-          summary: >-
-            Autonomie restante de {{ raw('$value') }} min
-
-      - alert: UpsTimeRemaining
-        expr: upsEstimatedMinutesRemaining < 5
-        for: 0m
-        labels:
-          severity: critical
-        annotations:
-          summary: >-
-            Autonomie restante de {{ raw('$value') }} min
 
 ...
diff --git a/roles/prometheus/templates/ups.rules.yml.j2 b/roles/prometheus/templates/ups.rules.yml.j2
new file mode 100644
index 0000000..eafdee3
--- /dev/null
+++ b/roles/prometheus/templates/ups.rules.yml.j2
@@ -0,0 +1,87 @@
+---
+{{ ansible_managed | comment }}
+
+{% macro raw(string) -%}
+{{ "{{" }} {{ string }} {{ "}}" }}
+{%- endmacro %}
+
+groups:
+
+  - name: ups.rules
+    rules:
+
+      - alert: UpsOutputSourceChanged
+        expr: upsOutputSource != 3
+        for: 0m
+        labels:
+          severity: critical
+        annotations:
+          summary: >-
+            Source d'alimentation changée
+
+      - alert: UpsBatteryStatus
+        expr: upsBatteryStatus == 3
+        for: 0m
+        labels:
+          severity: warning
+        annotations:
+          summary: >-
+            État de la batterie faible
+
+      - alert: UpsBatteryStatus
+        expr: upsBatteryStatus == 4
+        for: 0m
+        labels:
+          severity: critical
+        annotations:
+          summary: >-
+            État de la batterie critique
+
+      - alert: UpsHighLoad
+        expr: upsOutputPercentLoad > 70
+        for: 3m
+        labels:
+          severity: critical
+        annotations:
+          summary: >-
+            Charge de {{ raw('$value | printf "%.1f"') }}%
+
+      - alert: UpsWrongInputVoltage
+        expr: (upsInputVoltage < 210) or (upsInputVoltage > 250)
+        for: 5m
+        labels:
+          severity: warning
+        annotations:
+          summary: >-
+            Tension d'entrée de {{ raw('$value') }}V
+
+      - alert: UpsWrongOutputVoltage
+        expr: >-
+          abs(upsInputVoltage - avg_over_time(upsOutputVoltage[1d]))
+            < 3 * stddev_over_time(upsOutputVoltage[1d])
+        for: 5m
+        labels:
+          severity: warning
+        annotations:
+          summary: >-
+            Tension de sortie de {{ raw('$value') }}V
+
+      - alert: UpsTimeRemaining
+        expr: upsEstimatedMinutesRemaining < 8
+        for: 0m
+        labels:
+          severity: warning
+        annotations:
+          summary: >-
+            Autonomie restante de {{ raw('$value') }} min
+
+      - alert: UpsTimeRemaining
+        expr: upsEstimatedMinutesRemaining < 5
+        for: 0m
+        labels:
+          severity: critical
+        annotations:
+          summary: >-
+            Autonomie restante de {{ raw('$value') }} min
+
+...
diff --git a/roles/prometheus_postgres/tasks/main.yml.save b/roles/prometheus_postgres/tasks/main.yml.save
new file mode 100644
index 0000000..2ef8d87
--- /dev/null
+++ b/roles/prometheus_postgres/tasks/main.yml.save
@@ -0,0 +1,21 @@
+---
+- name: Install Prometheus postgres-exporter
+  apt:
+    update_cache: true
+    name: prometheus-postgres-exporter
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+  when:
+    - ansible_lsb.codename != 'bullseye'
+
+# Doesn't work on Debian Stretch with the old prometheus package
+- name: Make Prometheus node-exporter listen on adm only
+  lineinfile:
+    path: /etc/default/prometheus-node-exporter
+    regexp: '^ARGS='
+    line: |
+      ARGS="--web.listen-address={{ ansible_hostname }}.adm.auro.re:9100"
+  notify: Restart prometheus-node-exporter
+
+git push --set-upstream origin add_ups_231

From 6775d9ecde8745225f2294fa30573fe48cf8dfd9 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Sun, 11 Apr 2021 16:43:34 +0200
Subject: [PATCH 004/116] Add docker rules

---
 roles/prometheus/tasks/main.yml               |  1 +
 .../prometheus/templates/docker.rules.yml.j2  | 50 +++++++++++++++++++
 2 files changed, 51 insertions(+)
 create mode 100644 roles/prometheus/templates/docker.rules.yml.j2

diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index 3fe3db8..075da46 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -42,6 +42,7 @@
     mode: u=r,g=r,o=
   loop:
     - server.rules.yml
+    - docker.rules.yml
     - django.rules.yml
     - ups.rules.yml
     - postgres.rules.yml
diff --git a/roles/prometheus/templates/docker.rules.yml.j2 b/roles/prometheus/templates/docker.rules.yml.j2
new file mode 100644
index 0000000..8ccc565
--- /dev/null
+++ b/roles/prometheus/templates/docker.rules.yml.j2
@@ -0,0 +1,50 @@
+---
+{{ ansible_managed | comment }}
+
+{% macro raw(string) -%}
+{{ "{{" }} {{ string }} {{ "}}" }}
+{%- endmacro %}
+
+groups:
+
+  - name: docker.rules
+    rules:
+
+  - alert: ContainerDown
+    expr: docker_container_running_state
+    for: 0m
+    labels:
+      severity: critical
+    annotations:
+      summary: >-
+        Container Docker mort 
+        (instance {{ raw('$labels.instance') }}, container {{ raw('$labels.name') }})
+
+  - alert: ContainerFailed
+    expr: sum(increase(docker_container_restart_count[5m])) > 2
+    for: 0m
+    labels:
+      severity: critical
+    annotations:
+      summary: >- 
+        Container Docker redémarre souvent 
+        (instance raw('{{ $labels.instance') }}, container {{ raw('$labels.name') }})
+
+  - alert: ContainerFailed
+    expr: 
+        (
+          docker_container_cpu_used_total 
+          / 
+          docker_container_cpu_capacity_total
+        ) * 100
+        > 30
+    for: 0m
+    labels:
+      severity: critical
+    annotations:
+      summary: >-
+        Container Docker utilise beaucoup de CPU 
+        (instance {{ raw('$labels.instance') }}, container {{ raw('$labels.name') }}, 
+        value {{ raw('$value | printf "%.1f"'') }})
+
+...

From 9d18ebb7f14a5b4f543ed9a9066711c46877620b Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Sun, 11 Apr 2021 17:18:32 +0200
Subject: [PATCH 005/116] Fix docker rules

---
 roles/prometheus/tasks/main.yml               |  1 +
 .../prometheus/templates/docker.rules.yml.j2  | 74 +++++++++----------
 2 files changed, 38 insertions(+), 37 deletions(-)

diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index 075da46..0c76907 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -33,6 +33,7 @@
     - alerts.rules.yml
     - django.rules.yml
 
+
 - name: Configure Prometheus alerts
   template:
     src: "{{ item }}.j2"
diff --git a/roles/prometheus/templates/docker.rules.yml.j2 b/roles/prometheus/templates/docker.rules.yml.j2
index 8ccc565..ce825ad 100644
--- a/roles/prometheus/templates/docker.rules.yml.j2
+++ b/roles/prometheus/templates/docker.rules.yml.j2
@@ -10,41 +10,41 @@ groups:
   - name: docker.rules
     rules:
 
-  - alert: ContainerDown
-    expr: docker_container_running_state
-    for: 0m
-    labels:
-      severity: critical
-    annotations:
-      summary: >-
-        Container Docker mort 
-        (instance {{ raw('$labels.instance') }}, container {{ raw('$labels.name') }})
-
-  - alert: ContainerFailed
-    expr: sum(increase(docker_container_restart_count[5m])) > 2
-    for: 0m
-    labels:
-      severity: critical
-    annotations:
-      summary: >- 
-        Container Docker redémarre souvent 
-        (instance raw('{{ $labels.instance') }}, container {{ raw('$labels.name') }})
-
-  - alert: ContainerFailed
-    expr: 
-        (
-          docker_container_cpu_used_total 
-          / 
-          docker_container_cpu_capacity_total
-        ) * 100
-        > 30
-    for: 0m
-    labels:
-      severity: critical
-    annotations:
-      summary: >-
-        Container Docker utilise beaucoup de CPU 
-        (instance {{ raw('$labels.instance') }}, container {{ raw('$labels.name') }}, 
-        value {{ raw('$value | printf "%.1f"'') }})
-
+    - alert: ContainerDown
+      expr: docker_container_running_state != 1
+      for: 0m
+      labels:
+        severity: critical
+      annotations:
+        summary: >-
+          Container Docker mort 
+          (instance {{ raw('$labels.instance') }}, container {{ raw('$labels.name') }})
+    
+    - alert: ContainerFailed
+      expr: sum(increase(docker_container_restart_count[5m])) > 2
+      for: 0m
+      labels:
+        severity: critical
+      annotations:
+        summary: >- 
+          Container Docker redémarre souvent 
+          (instance {{ raw('$labels.instance') }}, container {{ raw('$labels.name') }})
+    
+    - alert: ContainerFailed
+      expr: 
+          (
+            docker_container_cpu_used_total 
+            / 
+            docker_container_cpu_capacity_total
+          ) * 100
+          > 30
+      for: 0m
+      labels:
+        severity: critical
+      annotations:
+        summary: >-
+          Container Docker utilise beaucoup de CPU 
+          (instance {{ raw('$labels.instance') }}, container {{ raw('$labels.name') }}, 
+          value {{ raw('$value | printf "%.1f"') }})
+        
 ...

From 304437da978d89c6e59afe4716cfed59c39473cf Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Sun, 11 Apr 2021 20:56:40 +0200
Subject: [PATCH 006/116] Remove .save file

---
 roles/prometheus_postgres/tasks/main.yml.save | 21 -------------------
 1 file changed, 21 deletions(-)
 delete mode 100644 roles/prometheus_postgres/tasks/main.yml.save

diff --git a/roles/prometheus_postgres/tasks/main.yml.save b/roles/prometheus_postgres/tasks/main.yml.save
deleted file mode 100644
index 2ef8d87..0000000
--- a/roles/prometheus_postgres/tasks/main.yml.save
+++ /dev/null
@@ -1,21 +0,0 @@
----
-- name: Install Prometheus postgres-exporter
-  apt:
-    update_cache: true
-    name: prometheus-postgres-exporter
-  register: apt_result
-  retries: 3
-  until: apt_result is succeeded
-  when:
-    - ansible_lsb.codename != 'bullseye'
-
-# Doesn't work on Debian Stretch with the old prometheus package
-- name: Make Prometheus node-exporter listen on adm only
-  lineinfile:
-    path: /etc/default/prometheus-node-exporter
-    regexp: '^ARGS='
-    line: |
-      ARGS="--web.listen-address={{ ansible_hostname }}.adm.auro.re:9100"
-  notify: Restart prometheus-node-exporter
-
-git push --set-upstream origin add_ups_231

From c48fe1ae1772b21282d8349e88633ed11ab12798 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Sun, 11 Apr 2021 20:57:53 +0200
Subject: [PATCH 007/116] 7% rollback for the warning

---
 roles/prometheus/templates/postgres.rules.yml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/prometheus/templates/postgres.rules.yml.j2 b/roles/prometheus/templates/postgres.rules.yml.j2
index 281e554..61af5dc 100644
--- a/roles/prometheus/templates/postgres.rules.yml.j2
+++ b/roles/prometheus/templates/postgres.rules.yml.j2
@@ -112,7 +112,7 @@ groups:
             rate(pg_stat_database_xact_rollback{datname!~"template.*"}[3m]) /
             rate(pg_stat_database_xact_commit{datname!~"template.*"}[3m])
           ) * 100 
-          > 2
+          > 7
         for: 0m
         labels:
           severity: warning

From 749188e297a2c59bf410dd85863dc4bb58d850c5 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Sun, 11 Apr 2021 21:27:43 +0200
Subject: [PATCH 008/116] Add a group with all radius

---
 hosts          | 13 +++++++++++++
 monitoring.yml |  4 ++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/hosts b/hosts
index 0f1c61a..5403ae1 100644
--- a/hosts
+++ b/hosts
@@ -549,3 +549,16 @@ proxy.adm.auro.re
 bdd.adm.auro.re
 bdd-ovh.adm.auro.re
 re2o-db.adm.auro.re
+
+[radius]
+radius-aurore.adm.auro.re
+radius-fleming.adm.auro.re
+radius-fleming-backup.adm.auro.re
+radius-edc.adm.auro.re
+radius-edc-backup.adm.auro.re
+radius-gs.adm.auro.re
+radius-gs-backup.adm.auro.re
+radius-pacaterie.adm.auro.re
+radius-pacaterie-backup.adm.auro.re
+radius-rives.adm.auro.re
+radis-rives-backup.adm.auro.re
diff --git a/monitoring.yml b/monitoring.yml
index 13f439d..9d7495a 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -101,7 +101,7 @@
           {{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
     prometheus_postgres_targets:
       - targets: 
-        - bdd.adm.auro.re
+        - {{ groups['bdd'] | list | sort }}
     prometheus_switch_snmp_targets:
       - targets:
           - yggdrasil.switch.auro.re
@@ -158,7 +158,7 @@
     - prometheus_federate
 
 #Postgres Exporters
-- hosts: bdd.adm.auro.re,bdd-ovh.adm.auro.re
+- hosts: bdd,radius-*.adm.auro.re
   roles:
     - prometheus_postgres
 

From ca3d89e671acf49e3581a7717342f8ed5925d224 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Sun, 11 Apr 2021 21:29:02 +0200
Subject: [PATCH 009/116] Install postgresql on radius. Monitore it on
 prometheus-aurore

---
 monitoring.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/monitoring.yml b/monitoring.yml
index 9d7495a..6628165 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -101,7 +101,7 @@
           {{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
     prometheus_postgres_targets:
       - targets: 
-        - {{ groups['bdd'] | list | sort }}
+        - {{ groups['bdd'] + groups['radius'] | list | sort }}
     prometheus_switch_snmp_targets:
       - targets:
           - yggdrasil.switch.auro.re
@@ -158,7 +158,7 @@
     - prometheus_federate
 
 #Postgres Exporters
-- hosts: bdd,radius-*.adm.auro.re
+- hosts: bdd,radius
   roles:
     - prometheus_postgres
 

From 7d99cef57c681830f9c3c58030edf7caa3d3916d Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Sun, 11 Apr 2021 21:32:20 +0200
Subject: [PATCH 010/116] Fix typo

---
 monitoring.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/monitoring.yml b/monitoring.yml
index 6628165..6b88b07 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -100,8 +100,8 @@
       - targets: |
           {{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
     prometheus_postgres_targets:
-      - targets: 
-        - {{ groups['bdd'] + groups['radius'] | list | sort }}
+      - targets: |
+          {{ groups['bdd'] + groups['radius'] | list | sort }}
     prometheus_switch_snmp_targets:
       - targets:
           - yggdrasil.switch.auro.re

From bdcdb8ceaeb6d5f93b90eebf99a04a8cc03c8554 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Sun, 11 Apr 2021 21:32:53 +0200
Subject: [PATCH 011/116] Radius, not a radis ! Fix typo...

---
 hosts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts b/hosts
index 5403ae1..75243c8 100644
--- a/hosts
+++ b/hosts
@@ -561,4 +561,4 @@ radius-gs-backup.adm.auro.re
 radius-pacaterie.adm.auro.re
 radius-pacaterie-backup.adm.auro.re
 radius-rives.adm.auro.re
-radis-rives-backup.adm.auro.re
+radius-rives-backup.adm.auro.re

From 764f0f106d7aff4a63db00d3d4f15a2c929cbaa5 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Sun, 11 Apr 2021 21:38:29 +0200
Subject: [PATCH 012/116] Install postgres exporter when it is bullseye or
 buster

---
 roles/prometheus_postgres/tasks/main.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/roles/prometheus_postgres/tasks/main.yml b/roles/prometheus_postgres/tasks/main.yml
index 10d612c..80136bd 100644
--- a/roles/prometheus_postgres/tasks/main.yml
+++ b/roles/prometheus_postgres/tasks/main.yml
@@ -6,8 +6,6 @@
   register: apt_result
   retries: 3
   until: apt_result is succeeded
-  when:
-    - ansible_lsb.codename == 'bullseye'
 
 - name: Make Prometheus postgres-exporter connect to databases using peercred
   lineinfile:

From 6c64bb214c0232d1721942a1f77cb94925b45ecf Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Sun, 11 Apr 2021 22:01:21 +0200
Subject: [PATCH 013/116] fix CI

---
 monitoring.yml                  | 4 ++--
 roles/prometheus/tasks/main.yml | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/monitoring.yml b/monitoring.yml
index 6b88b07..16cd489 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -130,7 +130,7 @@
     # Prometheus targets.json
     prometheus_targets:
       - targets: |
-          {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
+        {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
     prometheus_postgres_targets:
       - targets: 
         - bdd-ovh.adm.auro.re
@@ -145,7 +145,7 @@
     prometheus_alertmanager: docker-ovh.adm.auro.re:9093
     snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
 
-    # Prometheus targets.json
+    #Prometheus targets.json
     prometheus_targets:
       - prometheus-edc.adm.auro.re
       - prometheus-gs.adm.auro.re
diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index 0c76907..b1fa112 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -20,12 +20,12 @@
     - prometheus.yml
   notify: Restart Prometheus
 
-- name: Creates directory for alerts 
+- name: Creates directory for alerts
   file:
     path: /etc/prometheus/alerts
     state: directory
 
-- name: Remove old files 
+- name: Remove old files
   file:
     path: "/etc/prometheus/{{ item }}"
     state: absent

From 6e376a72e31936c20c02de972a582ef876c44f33 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Sun, 11 Apr 2021 22:04:05 +0200
Subject: [PATCH 014/116] fix CI

---
 monitoring.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/monitoring.yml b/monitoring.yml
index 16cd489..c2f607b 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -129,8 +129,8 @@
 
     # Prometheus targets.json
     prometheus_targets:
-      - targets: |
-        {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
+      - targets: | 
+          {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
     prometheus_postgres_targets:
       - targets: 
         - bdd-ovh.adm.auro.re

From e2b1f8eae5a76dda0f4b26fdd253362c96886a31 Mon Sep 17 00:00:00 2001
From: Jeltz <tom.barthe+aurore@ens-paris-saclay.fr>
Date: Sun, 11 Apr 2021 22:08:11 +0200
Subject: [PATCH 015/116] Allow root to connect using peer authentication

---
 .../templates/postgresql/pg_hba.conf.j2            | 14 +-------------
 .../templates/postgresql/pg_ident.conf.j2          |  3 ++-
 2 files changed, 3 insertions(+), 14 deletions(-)

diff --git a/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 b/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2
index a43b1c1..ec527b3 100644
--- a/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2
+++ b/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2
@@ -1,19 +1,7 @@
 {{ ansible_managed | comment }}
 
 # TYPE  DATABASE        USER            ADDRESS                 METHOD
-
-# DO NOT DISABLE!
-# If you change this first entry you will need to make sure that the
-# database superuser can access the database using some other method.
-# Noninteractive access to all databases is required during automatic
-# maintenance (custom daily cronjobs, replication, and similar tasks).
-#
-# Database administrative login by Unix domain socket
-local   all             postgres                                peer map=map_root
-
-# "local" is for Unix domain socket connections only
-local   all             all                                     peer
-
+local   all             postgres                                peer map=map_local
 {% for host in postgresql_hosts %}  
 host "{{ host.database }}" "{{ host.user }}" {{ host.net }} {{ host.method }}
 {% endfor %}
diff --git a/roles/postgresql_server/templates/postgresql/pg_ident.conf.j2 b/roles/postgresql_server/templates/postgresql/pg_ident.conf.j2
index dd8efa8..5361cda 100644
--- a/roles/postgresql_server/templates/postgresql/pg_ident.conf.j2
+++ b/roles/postgresql_server/templates/postgresql/pg_ident.conf.j2
@@ -1,4 +1,5 @@
 {{ ansible_managed | comment }}
 
 # MAPNAME       SYSTEM-USERNAME         PG-USERNAME
-map_root        root                    postgress
+map_local       root                    postgres
+map_local       postgres                postgres

From 1908deee9c5ace7ec2a9eaac7a9e77da06a5667e Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Mon, 12 Apr 2021 10:01:39 +0200
Subject: [PATCH 016/116] fix CI

---
 monitoring.yml                           | 8 ++++----
 roles/prometheus/tasks/main.yml          | 1 +
 roles/prometheus_postgres/tasks/main.yml | 2 +-
 roles/radius/tasks/main.yml              | 2 +-
 4 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/monitoring.yml b/monitoring.yml
index c2f607b..978197f 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -132,8 +132,8 @@
       - targets: | 
           {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
     prometheus_postgres_targets:
-      - targets: 
-        - bdd-ovh.adm.auro.re
+      - targets:
+          - bdd-ovh.adm.auro.re
     prometheus_docker_targets:
       - docker-ovh.adm.auro.re:8087
   roles:
@@ -145,7 +145,7 @@
     prometheus_alertmanager: docker-ovh.adm.auro.re:9093
     snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
 
-    #Prometheus targets.json
+    # Prometheus targets.json
     prometheus_targets:
       - prometheus-edc.adm.auro.re
       - prometheus-gs.adm.auro.re
@@ -157,7 +157,7 @@
   roles:
     - prometheus_federate
 
-#Postgres Exporters
+# Postgres Exporters
 - hosts: bdd,radius
   roles:
     - prometheus_postgres
diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index b1fa112..1d55290 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -24,6 +24,7 @@
   file:
     path: /etc/prometheus/alerts
     state: directory
+    mode: 0644
 
 - name: Remove old files
   file:
diff --git a/roles/prometheus_postgres/tasks/main.yml b/roles/prometheus_postgres/tasks/main.yml
index 80136bd..734fa3c 100644
--- a/roles/prometheus_postgres/tasks/main.yml
+++ b/roles/prometheus_postgres/tasks/main.yml
@@ -35,5 +35,5 @@
   systemd:
     name: prometheus-postgres-exporter
     enabled: true
-    daemon_reload: yes
+    daemon_reload: true
     state: started
diff --git a/roles/radius/tasks/main.yml b/roles/radius/tasks/main.yml
index e79d742..bafb166 100644
--- a/roles/radius/tasks/main.yml
+++ b/roles/radius/tasks/main.yml
@@ -129,7 +129,7 @@
     name:
       - postgresql
       - postgresql-client-11=11.7-0+deb10u1
-    force: yes
+    force: true
 
 - name: Install postgresql ansible module requirement(s)
   pip:

From d891559e286201d7a46ff3b2a88b16862755bafe Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Mon, 12 Apr 2021 10:03:53 +0200
Subject: [PATCH 017/116] Fix CI

---
 monitoring.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/monitoring.yml b/monitoring.yml
index 978197f..c01fb0b 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -129,7 +129,7 @@
 
     # Prometheus targets.json
     prometheus_targets:
-      - targets: | 
+      - targets: |
           {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
     prometheus_postgres_targets:
       - targets:

From 954e3e08923f1f8032f72b513a483f998220e879 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Mon, 12 Apr 2021 10:58:59 +0200
Subject: [PATCH 018/116] End of yaml file (bad copy/paste)

---
 roles/prometheus/tasks/main.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index 1d55290..e78248e 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -123,3 +123,4 @@
       - key: 05-prometheus
         message: >-
           Prometheus est déployé sur cette machine (voir /etc/prometheus)
+...

From 676cc716cf05de238232f7b8bf253669e728ea6e Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Mon, 12 Apr 2021 11:00:31 +0200
Subject: [PATCH 019/116] Modify label for the alert

---
 roles/prometheus/templates/docker.rules.yml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/prometheus/templates/docker.rules.yml.j2 b/roles/prometheus/templates/docker.rules.yml.j2
index ce825ad..23eec40 100644
--- a/roles/prometheus/templates/docker.rules.yml.j2
+++ b/roles/prometheus/templates/docker.rules.yml.j2
@@ -17,7 +17,7 @@ groups:
         severity: critical
       annotations:
         summary: >-
-          Container Docker mort 
+          Container Docker éteint / tombé 
           (instance {{ raw('$labels.instance') }}, container {{ raw('$labels.name') }})
     
     - alert: ContainerFailed

From 3320e3e0c65a5d580c8250c7528531625685746d Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Mon, 12 Apr 2021 11:01:43 +0200
Subject: [PATCH 020/116] Update the labels for the alert (make complete
 tenses)

---
 roles/prometheus/templates/docker.rules.yml.j2 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/prometheus/templates/docker.rules.yml.j2 b/roles/prometheus/templates/docker.rules.yml.j2
index 23eec40..e891b1c 100644
--- a/roles/prometheus/templates/docker.rules.yml.j2
+++ b/roles/prometheus/templates/docker.rules.yml.j2
@@ -17,7 +17,7 @@ groups:
         severity: critical
       annotations:
         summary: >-
-          Container Docker éteint / tombé 
+          Le container Docker est éteint / tombé 
           (instance {{ raw('$labels.instance') }}, container {{ raw('$labels.name') }})
     
     - alert: ContainerFailed
@@ -27,7 +27,7 @@ groups:
         severity: critical
       annotations:
         summary: >- 
-          Container Docker redémarre souvent 
+          Le container Docker redémarre souvent 
           (instance {{ raw('$labels.instance') }}, container {{ raw('$labels.name') }})
     
     - alert: ContainerFailed
@@ -43,7 +43,7 @@ groups:
         severity: critical
       annotations:
         summary: >-
-          Container Docker utilise beaucoup de CPU 
+          Le container Docker utilise beaucoup de CPU 
           (instance {{ raw('$labels.instance') }}, container {{ raw('$labels.name') }}, 
           value {{ raw('$value | printf "%.1f"') }})
         

From 5d9a6599e834beee9451d3c41a44fa5d269fa9c3 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Mon, 12 Apr 2021 11:10:15 +0200
Subject: [PATCH 021/116] Fix some typos, in accordance to Solal's comments

---
 .../templates/postgres.rules.yml.j2           | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/roles/prometheus/templates/postgres.rules.yml.j2 b/roles/prometheus/templates/postgres.rules.yml.j2
index 61af5dc..16695cf 100644
--- a/roles/prometheus/templates/postgres.rules.yml.j2
+++ b/roles/prometheus/templates/postgres.rules.yml.j2
@@ -15,7 +15,7 @@ groups:
         labels:
           severity: critical
         annotations:
-          summary: Serveur Postgresql down (instance {{ raw('$labels.instance') }})
+          summary: Serveur PostgreSQL down (instance {{ raw('$labels.instance') }})
 
       - alert: PostgresqlRestarted
         expr: time() - pg_postmaster_start_time_seconds < 60
@@ -23,7 +23,7 @@ groups:
         labels:
           severity: critical
         annotations:
-          summary: Serveur Postgresql redémarré (instance {{ raw('$labels.instance') }})
+          summary: Serveur PostgreSQL redémarré (instance {{ raw('$labels.instance') }})
 
       - alert: PostgresqlExporterError
         expr: pg_exporter_last_scrape_error > 0
@@ -43,7 +43,7 @@ groups:
           severity: critical
         annotations:
           summary: >-
-            Réplication Postgresql lag ({{ raw('$value') }} > 30s)
+            La réplication PostgreSQL lag ({{ raw('$value') }} > 30s)
             (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname')}} )
 
       - alert: PostgresqlTableNotVaccumed
@@ -55,7 +55,7 @@ groups:
           severity: warning
         annotations:
           summary: >-
-            La table n'a pas été aspirée depuis 24h
+            Le démon autovacuum n'a pas été lancé depuis 24h
             (Instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }} )
 
       - alert: PostgresqlTableNotAnalyzed
@@ -93,7 +93,7 @@ groups:
           severity: warning
         annotations:
           summary: >-
-            PostgreSQL a des cadenas morts
+            PostgreSQL a plus de 5 deadlocks.
             (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }} )
 
       - alert: PostgresqlSlowQueries
@@ -118,7 +118,7 @@ groups:
           severity: warning
         annotations:
           summary: >-
-            Postgresql a un taux de retour en arrière (rollback) élevé
+            PostgreSQL a un taux de retour en arrière (rollback) élevé
             (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }}, value {{ raw('$value | printf "%.1f"') }} %)
 
       - alert: PostgresqlWaleReplicationStopped
@@ -128,7 +128,7 @@ groups:
           severity: critical
         annotations:
           summary: >-
-            Réplication de Postgresql WALE stopée
+            Réplication de PostgreSQL WALE stopée
             (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }} )
 
       - alert: PostgresqlHighRateStatementTimeout
@@ -138,7 +138,7 @@ groups:
           severity: critical
         annotations:
           summary: >-
-            Beaucoup de requêtes Postgresql sont timeout
+            Beaucoup de requêtes PostgreSQL sont timeout
             (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }}, value {{ raw('$value | printf "%.1f"') }} )
 
       - alert: PostgresqlHighRateDeadlock
@@ -148,7 +148,7 @@ groups:
           severity: critical
         annotations:
           summary: >-
-            Postgresql a un fort taux de deadlock
+            PostgreSQL a un fort taux de deadlock
             (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }}, value {{ raw('$value | printf "%.1f"') }} )
 
 #      - alert: PostgresqlReplicationLagBytes
@@ -183,7 +183,7 @@ groups:
           severity: critical
         annotations:
           summary: >-
-            Split Brain, trop de bases de données Postgresql primaires en mode lecture-écriture
+            Split Brain : trop de bases de données PostgreSQL primaires en mode lecture-écriture
             (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }}, value {{ raw('$value') }} )
 
       - alert: PostgresqlPromotedNode
@@ -210,7 +210,7 @@ groups:
           severity: critical
         annotations:
           summary: >-
-            Trop de verrous acquis sur la base de données.
+            Trop de deadlocks acquis sur la base de données.
             Si cette alerte se produit fréquemment, nous devrons peut-être augmenter
             le paramètre postgres max_locks_per_transaction
             (instance {{ raw('$labels.instance') }}, value = {{ raw('$value | printf "%.1f"') }} )

From 2d9d66c16db51a85f5e686b184a4a5496f40eedd Mon Sep 17 00:00:00 2001
From: Otthorn <otthorn@crans.org>
Date: Mon, 12 Apr 2021 22:30:52 +0200
Subject: [PATCH 022/116] :arrow_up: Update CI: ansible-lint version

---
 docker-ansible-lint/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-ansible-lint/Dockerfile b/docker-ansible-lint/Dockerfile
index 1db9744..7acf954 100644
--- a/docker-ansible-lint/Dockerfile
+++ b/docker-ansible-lint/Dockerfile
@@ -3,5 +3,5 @@ LABEL description="Aurore's docker image for ansible-lint"
 
 RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
 RUN pip install --no-cache-dir "yamllint>=1.26.0,<2.0"
-RUN pip install --no-cache-dir "ansible-lint==5.0.0"
+RUN pip install --no-cache-dir "ansible-lint>=5.0.0"
 RUN pip install --no-cache-dir "ansible>=2.10,<2.11"

From 5c08fed9dec687bca4e947167996dba3169b9433 Mon Sep 17 00:00:00 2001
From: Otthorn <otthorn@crans.org>
Date: Mon, 12 Apr 2021 22:32:03 +0200
Subject: [PATCH 023/116] :construction_worker: Only warn for unnamed tasks
 (used in include_role)

---
 .ansible-lint | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.ansible-lint b/.ansible-lint
index de44c0b..dbd729e 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -6,6 +6,7 @@ skip_list:
 
 warn_list:
   - experimental  # all rules tagged as experimental
+  - unnamed-task # only warn for unnamed tag (used in include_role)
 
 exclude_paths:
   - group_vars/all/vault.yml

From 226b55b0d123f43d5aba81edae207f7c196d59c0 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Wed, 14 Apr 2021 19:10:42 +0200
Subject: [PATCH 024/116] Update alerts (remove instance, translations)

---
 .../templates/postgres.rules.yml.j2           | 34 +++++++++----------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/roles/prometheus/templates/postgres.rules.yml.j2 b/roles/prometheus/templates/postgres.rules.yml.j2
index 16695cf..bf10d2d 100644
--- a/roles/prometheus/templates/postgres.rules.yml.j2
+++ b/roles/prometheus/templates/postgres.rules.yml.j2
@@ -15,7 +15,7 @@ groups:
         labels:
           severity: critical
         annotations:
-          summary: Serveur PostgreSQL down (instance {{ raw('$labels.instance') }})
+          summary: Serveur PostgreSQL down
 
       - alert: PostgresqlRestarted
         expr: time() - pg_postmaster_start_time_seconds < 60
@@ -23,7 +23,7 @@ groups:
         labels:
           severity: critical
         annotations:
-          summary: Serveur PostgreSQL redémarré (instance {{ raw('$labels.instance') }})
+          summary: Serveur PostgreSQL redémarré
 
       - alert: PostgresqlExporterError
         expr: pg_exporter_last_scrape_error > 0
@@ -31,7 +31,7 @@ groups:
         labels:
           severity: critical
         annotations:
-          summary: Erreur dans l'exporter Postgresql (instance {{ raw('$labels.instance') }})
+          summary: Erreur dans l'exporter PostgreSQL
 
       - alert: PostgresqlReplicationLag
         expr:
@@ -44,7 +44,7 @@ groups:
         annotations:
           summary: >-
             La réplication PostgreSQL lag ({{ raw('$value') }} > 30s)
-            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname')}} )
+            (base de données {{ raw('$labels.datname')}} )
 
       - alert: PostgresqlTableNotVaccumed
         expr:
@@ -56,7 +56,7 @@ groups:
         annotations:
           summary: >-
             Le démon autovacuum n'a pas été lancé depuis 24h
-            (Instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }} )
+            (base de données {{ raw('$labels.datname') }} )
 
       - alert: PostgresqlTableNotAnalyzed
         expr:
@@ -68,7 +68,7 @@ groups:
         annotations:
           summary: >-
             Table non-analysée depuis 24h
-            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }})
+            (base de données {{ raw('$labels.datname') }})
 
       - alert: PostgresqlTooManyConnections
         expr:
@@ -84,7 +84,7 @@ groups:
           summary: >-
             PostgreSQL a trop de connexions
             ({{ raw('$value | printf "%.1f"') }} > 80%)
-            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }})
+            (base de données {{ raw('$labels.datname') }})
 
       - alert: PostgresqlDeadLocks
         expr: increase(pg_stat_database_deadlocks{datname!~"template.*|postgres"}[1m]) > 5
@@ -94,7 +94,7 @@ groups:
         annotations:
           summary: >-
             PostgreSQL a plus de 5 deadlocks.
-            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }} )
+            (base de données {{ raw('$labels.datname') }} )
 
       - alert: PostgresqlSlowQueries
         expr: pg_slow_queries > 0
@@ -104,7 +104,7 @@ groups:
         annotations:
           summary: >-
             Présence de requêtes lentes (slow-queries)
-            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }} )
+            (base de données {{ raw('$labels.datname') }} )
 
       - alert: PostgresqlHighRollbackRate
         expr:
@@ -119,7 +119,7 @@ groups:
         annotations:
           summary: >-
             PostgreSQL a un taux de retour en arrière (rollback) élevé
-            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }}, value {{ raw('$value | printf "%.1f"') }} %)
+            (base de données {{ raw('$labels.datname') }}, valeur {{ raw('$value | printf "%.1f"') }} %)
 
       - alert: PostgresqlWaleReplicationStopped
         expr: rate(pg_xlog_position_bytes[1m]) == 0
@@ -129,7 +129,7 @@ groups:
         annotations:
           summary: >-
             Réplication de PostgreSQL WALE stopée
-            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }} )
+            (base de données {{ raw('$labels.datname') }} )
 
       - alert: PostgresqlHighRateStatementTimeout
         expr: rate(postgresql_errors_total{type="statement_timeout"}[1m]) > 3
@@ -139,7 +139,7 @@ groups:
         annotations:
           summary: >-
             Beaucoup de requêtes PostgreSQL sont timeout
-            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }}, value {{ raw('$value | printf "%.1f"') }} )
+            (base de données {{ raw('$labels.datname') }}, valeur {{ raw('$value | printf "%.1f"') }} )
 
       - alert: PostgresqlHighRateDeadlock
         expr: increase(postgresql_errors_total{type="deadlock_detected"}[1m]) > 1
@@ -149,7 +149,7 @@ groups:
         annotations:
           summary: >-
             PostgreSQL a un fort taux de deadlock
-            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }}, value {{ raw('$value | printf "%.1f"') }} )
+            (base de données {{ raw('$labels.datname') }}, valeur {{ raw('$value | printf "%.1f"') }} )
 
 #      - alert: PostgresqlReplicationLagBytes
 #        expr:
@@ -174,7 +174,7 @@ groups:
         annotations:
           summary: >-
             Les tuples morts PostgreSQL sont trop volumineux
-            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }}, value {{ raw('$value | printf "%.1f"') }} )
+            (base de données {{ raw('$labels.datname') }}, valeur {{ raw('$value | printf "%.1f"') }} )
 
       - alert: PostgresqlSplitBrain
         expr: count(pg_replication_is_replica == 0) != 1
@@ -184,7 +184,7 @@ groups:
         annotations:
           summary: >-
             Split Brain : trop de bases de données PostgreSQL primaires en mode lecture-écriture
-            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }}, value {{ raw('$value') }} )
+            (base de données {{ raw('$labels.datname') }}, valeur {{ raw('$value') }} )
 
       - alert: PostgresqlPromotedNode
         expr:
@@ -197,7 +197,7 @@ groups:
         annotations:
           summary: >-
             Le serveur de secours PostgreSQL a été promu comme nœud principal
-            (instance {{ raw('$labels.instance') }}, database {{ raw('$labels.datname') }}, value {{ raw('$value') }})
+            (base de données {{ raw('$labels.datname') }}, valeur {{ raw('$value') }})
 
       - alert: PostgresqlTooManyLocksAcquired
         expr:
@@ -213,7 +213,7 @@ groups:
             Trop de deadlocks acquis sur la base de données.
             Si cette alerte se produit fréquemment, nous devrons peut-être augmenter
             le paramètre postgres max_locks_per_transaction
-            (instance {{ raw('$labels.instance') }}, value = {{ raw('$value | printf "%.1f"') }} )
+            (Valeur = {{ raw('$value | printf "%.1f"') }} )
 
 ...
 

From e4d2416722f0ec5c7cc641c26db091c1b5c8f9a3 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Wed, 14 Apr 2021 19:27:13 +0200
Subject: [PATCH 025/116] fix typo

---
 roles/prometheus/templates/postgres.rules.yml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/prometheus/templates/postgres.rules.yml.j2 b/roles/prometheus/templates/postgres.rules.yml.j2
index bf10d2d..99103c5 100644
--- a/roles/prometheus/templates/postgres.rules.yml.j2
+++ b/roles/prometheus/templates/postgres.rules.yml.j2
@@ -128,7 +128,7 @@ groups:
           severity: critical
         annotations:
           summary: >-
-            Réplication de PostgreSQL WALE stopée
+            Réplication de PostgreSQL WALE stoppée
             (base de données {{ raw('$labels.datname') }} )
 
       - alert: PostgresqlHighRateStatementTimeout

From fde52f2e42dc754c7d3f4d3225091282e5c84ae3 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Wed, 14 Apr 2021 19:29:12 +0200
Subject: [PATCH 026/116] Alerts repository owned by prometheus

---
 roles/prometheus/tasks/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index e78248e..17e377f 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -24,6 +24,8 @@
   file:
     path: /etc/prometheus/alerts
     state: directory
+    owner: prometheus
+    group: prometheus
     mode: 0644
 
 - name: Remove old files

From 1b0bff4c51019628f897e35161226a9e35aeacae Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Wed, 14 Apr 2021 19:51:47 +0200
Subject: [PATCH 027/116] Fix deployment and add prometheus groups for hosts

---
 hosts                                            | 10 ++++++++++
 roles/prometheus/tasks/main.yml                  |  4 ++--
 roles/prometheus/templates/postgres.rules.yml.j2 |  2 +-
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/hosts b/hosts
index 75243c8..e6ca0b7 100644
--- a/hosts
+++ b/hosts
@@ -562,3 +562,13 @@ radius-pacaterie.adm.auro.re
 radius-pacaterie-backup.adm.auro.re
 radius-rives.adm.auro.re
 radius-rives-backup.adm.auro.re
+
+[prometheus]
+prometheus-ovh.adm.auro.re
+prometheus-aurore.adm.auro.re
+prometheus-rives.adm.auro.re
+prometheus-gs.adm.auro.re
+prometheus-edc.adm.auro.re
+prometheus-pacaterie.adm.auro.re
+prometheus-fleming.adm.auro.re
+prometheus-federate.adm.auro.re
diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index 17e377f..0946165 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -26,14 +26,14 @@
     state: directory
     owner: prometheus
     group: prometheus
-    mode: 0644
+    mode: 0755
 
 - name: Remove old files
   file:
     path: "/etc/prometheus/{{ item }}"
     state: absent
   with_items:
-    - alerts.rules.yml
+    - alert.rules.yml
     - django.rules.yml
 
 
diff --git a/roles/prometheus/templates/postgres.rules.yml.j2 b/roles/prometheus/templates/postgres.rules.yml.j2
index 99103c5..0ec4952 100644
--- a/roles/prometheus/templates/postgres.rules.yml.j2
+++ b/roles/prometheus/templates/postgres.rules.yml.j2
@@ -44,7 +44,7 @@ groups:
         annotations:
           summary: >-
             La réplication PostgreSQL lag ({{ raw('$value') }} > 30s)
-            (base de données {{ raw('$labels.datname')}} )
+            (base de données {{ raw('$labels.datname') }} )
 
       - alert: PostgresqlTableNotVaccumed
         expr:

From 013743f910367704131695d1d811b983c50584a1 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Wed, 14 Apr 2021 19:54:37 +0200
Subject: [PATCH 028/116] typo in docker rules

---
 roles/prometheus/templates/docker.rules.yml.j2 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/prometheus/templates/docker.rules.yml.j2 b/roles/prometheus/templates/docker.rules.yml.j2
index e891b1c..d911698 100644
--- a/roles/prometheus/templates/docker.rules.yml.j2
+++ b/roles/prometheus/templates/docker.rules.yml.j2
@@ -18,7 +18,7 @@ groups:
       annotations:
         summary: >-
           Le container Docker est éteint / tombé 
-          (instance {{ raw('$labels.instance') }}, container {{ raw('$labels.name') }})
+          (container {{ raw('$labels.name') }})
     
     - alert: ContainerFailed
       expr: sum(increase(docker_container_restart_count[5m])) > 2
@@ -28,7 +28,7 @@ groups:
       annotations:
         summary: >- 
           Le container Docker redémarre souvent 
-          (instance {{ raw('$labels.instance') }}, container {{ raw('$labels.name') }})
+          (container {{ raw('$labels.name') }})
     
     - alert: ContainerFailed
       expr: 
@@ -44,7 +44,7 @@ groups:
       annotations:
         summary: >-
           Le container Docker utilise beaucoup de CPU 
-          (instance {{ raw('$labels.instance') }}, container {{ raw('$labels.name') }}, 
-          value {{ raw('$value | printf "%.1f"') }})
+          (container {{ raw('$labels.name') }}, 
+          valeur {{ raw('$value | printf "%.1f"') }})
         
 ...

From 11d0b46ef0a267ecb339b4fa4507a99c72a3e20a Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Wed, 14 Apr 2021 20:00:16 +0200
Subject: [PATCH 029/116] Remove port for docker instances. Remove 'remove old
 files' tasks

---
 roles/prometheus/tasks/main.yml              | 9 ---------
 roles/prometheus/templates/prometheus.yml.j2 | 9 +++++++++
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index 0946165..d141ecc 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -28,15 +28,6 @@
     group: prometheus
     mode: 0755
 
-- name: Remove old files
-  file:
-    path: "/etc/prometheus/{{ item }}"
-    state: absent
-  with_items:
-    - alert.rules.yml
-    - django.rules.yml
-
-
 - name: Configure Prometheus alerts
   template:
     src: "{{ item }}.j2"
diff --git a/roles/prometheus/templates/prometheus.yml.j2 b/roles/prometheus/templates/prometheus.yml.j2
index 26020dc..bae1d2b 100644
--- a/roles/prometheus/templates/prometheus.yml.j2
+++ b/roles/prometheus/templates/prometheus.yml.j2
@@ -100,6 +100,15 @@ scrape_configs:
     file_sd_configs:
       - files:
         - '/etc/prometheus/targets_docker.json'
+    relabel_configs:
+      # Do not put :8087 in instance name, rather here
+      - source_labels: [__address__]
+        target_label: __param_target
+      - source_labels: [__param_target]
+        target_label: instance
+      - source_labels: [__param_target]
+        target_label: __address__
+        replacement: '$1:8087'
 
   - job_name: postgresql
     file_sd_configs:

From f409fb53cbc295a34010747e6456bfd5c71fa6e4 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Wed, 14 Apr 2021 20:11:23 +0200
Subject: [PATCH 030/116] remove port for docker

---
 monitoring.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/monitoring.yml b/monitoring.yml
index c01fb0b..114945d 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -135,7 +135,7 @@
       - targets:
           - bdd-ovh.adm.auro.re
     prometheus_docker_targets:
-      - docker-ovh.adm.auro.re:8087
+      - docker-ovh.adm.auro.re
   roles:
     - prometheus
 

From 3a600d9061ca6fe3046059308ef6cf2d5d33a18f Mon Sep 17 00:00:00 2001
From: Otthorn <otthorn@crans.org>
Date: Sat, 17 Apr 2021 17:37:45 +0200
Subject: [PATCH 031/116] Give a name to unnamed tasks

---
 roles/baseconfig/tasks/main.yml          | 3 ++-
 roles/borgbackup_client/tasks/main.yml   | 3 ++-
 roles/borgbackup_server/tasks/main.yml   | 3 ++-
 roles/docker/tasks/main.yml              | 3 ++-
 roles/nginx/tasks/main.yml               | 3 ++-
 roles/prometheus/tasks/main.yml          | 3 ++-
 roles/prometheus_federate/tasks/main.yml | 3 ++-
 roles/re2o_service/tasks/main.yml        | 3 ++-
 roles/unifi_controller/tasks/main.yml    | 3 ++-
 9 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/roles/baseconfig/tasks/main.yml b/roles/baseconfig/tasks/main.yml
index 77cb834..0af0b40 100644
--- a/roles/baseconfig/tasks/main.yml
+++ b/roles/baseconfig/tasks/main.yml
@@ -29,7 +29,8 @@
   retries: 3
   until: apt_result is succeeded
 
-- include_role:
+- name: Configure MOTD
+  include_role:
     name: update_motd
 
 # Configure APT mirrors on Debian Stretch
diff --git a/roles/borgbackup_client/tasks/main.yml b/roles/borgbackup_client/tasks/main.yml
index 728d253..fcf1226 100644
--- a/roles/borgbackup_client/tasks/main.yml
+++ b/roles/borgbackup_client/tasks/main.yml
@@ -108,7 +108,8 @@
     state: started
     enabled: true
 
-- include_role:
+- name: Configure MOTD
+  include_role:
     name: update_motd
   vars:
     key: 10-borgmatic
diff --git a/roles/borgbackup_server/tasks/main.yml b/roles/borgbackup_server/tasks/main.yml
index 9c77196..ff31c07 100644
--- a/roles/borgbackup_server/tasks/main.yml
+++ b/roles/borgbackup_server/tasks/main.yml
@@ -36,7 +36,8 @@
     group: "{{ borg_server_group }}"
     mode: u=rwx,g=,o=
 
-- include_role:
+- name: Configure MOTD
+  include_role:
     name: update_motd
   vars:
     motd_messages:
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 5484f88..38d3a55 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -51,7 +51,8 @@
     dest: /usr/local/bin/docker-compose
     mode: "0755"
 
-- include_role:
+- name: Configure MOTD
+  include_role:
     name: update_motd
   vars:
     motd_messages:
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 146b93c..7a3af07 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -148,7 +148,8 @@
     group: www-data
     mode: 0644
 
-- include_role:
+- name: Configure MOTD
+  include_role:
     name: update_motd
   vars:
     motd_messages:
diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index d141ecc..f4a5b04 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -109,7 +109,8 @@
     enabled: true
     state: started
 
-- include_role:
+- name: Configure MOTD
+  include_role:
     name: update_motd
   vars:
     motd_messages:
diff --git a/roles/prometheus_federate/tasks/main.yml b/roles/prometheus_federate/tasks/main.yml
index 02ae85e..cc96e65 100644
--- a/roles/prometheus_federate/tasks/main.yml
+++ b/roles/prometheus_federate/tasks/main.yml
@@ -34,7 +34,8 @@
     enabled: true
     state: started
 
-- include_role:
+- name: Configure MOTD
+  include_role:
     name: update_motd
   vars:
     motd_messages:
diff --git a/roles/re2o_service/tasks/main.yml b/roles/re2o_service/tasks/main.yml
index 882fdf9..2bed1a3 100644
--- a/roles/re2o_service/tasks/main.yml
+++ b/roles/re2o_service/tasks/main.yml
@@ -40,7 +40,8 @@
     group: nogroup
     state: link
 
-- include_role:
+- name: Configure MOTD
+  include_role:
     name: update_motd
   vars:
     motd_messages:
diff --git a/roles/unifi_controller/tasks/main.yml b/roles/unifi_controller/tasks/main.yml
index b43c74b..811b5e1 100644
--- a/roles/unifi_controller/tasks/main.yml
+++ b/roles/unifi_controller/tasks/main.yml
@@ -40,7 +40,8 @@
   retries: 3
   until: apt_result is succeeded
 
-- include_role:
+- name: Configure MOTD
+  include_role:
     name: update_motd
   vars:
     motd_messages:

From 9c47067f939723c6a859061923caefc78c65b26f Mon Sep 17 00:00:00 2001
From: Otthorn <otthorn@crans.org>
Date: Sat, 17 Apr 2021 17:38:41 +0200
Subject: [PATCH 032/116] No need to only warm for unnamed task anymore

---
 .ansible-lint | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.ansible-lint b/.ansible-lint
index dbd729e..de44c0b 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -6,7 +6,6 @@ skip_list:
 
 warn_list:
   - experimental  # all rules tagged as experimental
-  - unnamed-task # only warn for unnamed tag (used in include_role)
 
 exclude_paths:
   - group_vars/all/vault.yml

From cc681e4fac07edf929a6161ee0f5e032b70872eb Mon Sep 17 00:00:00 2001
From: Jeltz <tom.barthe+aurore@ens-paris-saclay.fr>
Date: Fri, 30 Apr 2021 16:39:52 +0200
Subject: [PATCH 033/116] Add an inventory group for routers.

---
 hosts | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/hosts b/hosts
index 0f1c61a..c302267 100644
--- a/hosts
+++ b/hosts
@@ -503,6 +503,18 @@ pacaterie_unifi
 ###############################################################################
 # Groups by service
 
+[routeur]
+routeur-fleming.adm.auro.re
+routeur-fleming-backup.adm.auro.re
+routeur-pacaterie.adm.auro.re
+routeur-pacaterie-backup.adm.auro.re
+routeur-edc.adm.auro.re
+routeur-edc-backup.adm.auro.re
+routeur-gs.adm.auro.re
+routeur-gs-backup.adm.auro.re
+routeur-rives.adm.auro.re
+routeur-rives-backup.adm.auro.re
+
 [ldap_replica:children]
 ldap_replica_fleming
 ldap_replica_pacaterie

From b29e9c0e458446307a11578f57ad5a00d7889976 Mon Sep 17 00:00:00 2001
From: Jeltz <tom.barthe+aurore@ens-paris-saclay.fr>
Date: Fri, 30 Apr 2021 16:49:00 +0200
Subject: [PATCH 034/116] Configure a disk-assisted queue for output actions

---
 roles/rsyslog_common/defaults/main.yml        |  1 +
 .../templates/10-common.conf.j2               | 22 +++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/roles/rsyslog_common/defaults/main.yml b/roles/rsyslog_common/defaults/main.yml
index e5e6024..f175014 100644
--- a/roles/rsyslog_common/defaults/main.yml
+++ b/roles/rsyslog_common/defaults/main.yml
@@ -1,3 +1,4 @@
 ---
 rsyslog_outputs: []
+rsyslog_high_density: false
 ...
diff --git a/roles/rsyslog_common/templates/10-common.conf.j2 b/roles/rsyslog_common/templates/10-common.conf.j2
index 36cd4dc..74969ac 100644
--- a/roles/rsyslog_common/templates/10-common.conf.j2
+++ b/roles/rsyslog_common/templates/10-common.conf.j2
@@ -91,6 +91,28 @@ ruleset(name="sendLogsToRemote") {
         port="{{ output.port }}"
 {% endif %}
 
+        queue.type="LinkedList"
+        queue.spoolDirectory="/var/spool/rsyslog"
+        queue.fileName="queue_{{ loop.index }}"
+        queue.saveOnShutdown="on"
+
+{% if rsyslog_high_density %}
+        queue.highWatermark="20000"
+        queue.lowWatermark="5000"
+        queue.checkpointInterval="10000"
+        queue.maxDiskSpace="4g"
+{% else %}
+        queue.highWatermark="500"
+        queue.lowWatermark="100"
+        queue.checkpointInterval="200"
+        queue.syncqueuefiles="on"
+        queue.maxDiskSpace="500m"
+{% endif %}
+
+        action.resumeRetryCount="-1"
+        action.reportSuspension="on"
+        action.reportSuspensionContinuation="on"
+
 {% if loop.index > 1 and output.fallback %}
         action.execOnlyWhenPreviousIsSuspended="on"
 {% endif %}

From 604373db0364dc879d67b2c72924f545c8b77bb7 Mon Sep 17 00:00:00 2001
From: Jeltz <tom.barthe+aurore@ens-paris-saclay.fr>
Date: Fri, 30 Apr 2021 16:49:36 +0200
Subject: [PATCH 035/116] Set rsyslog_high_density for routers

---
 group_vars/routeur.yml | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 group_vars/routeur.yml

diff --git a/group_vars/routeur.yml b/group_vars/routeur.yml
new file mode 100644
index 0000000..a670bd3
--- /dev/null
+++ b/group_vars/routeur.yml
@@ -0,0 +1,3 @@
+---
+rsyslog_high_density: true
+...

From 926790844b354fad7241fb885b69e4ac67f9e180 Mon Sep 17 00:00:00 2001
From: Jeltz <tom.barthe+aurore@ens-paris-saclay.fr>
Date: Mon, 10 May 2021 13:00:47 +0200
Subject: [PATCH 036/116] Add routeur-aurore* to routeur group

---
 hosts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hosts b/hosts
index c302267..cf21f4c 100644
--- a/hosts
+++ b/hosts
@@ -514,6 +514,8 @@ routeur-gs.adm.auro.re
 routeur-gs-backup.adm.auro.re
 routeur-rives.adm.auro.re
 routeur-rives-backup.adm.auro.re
+routeur-aurore.adm.auro.re
+routeur-aurore-backup.adm.auro.re
 
 [ldap_replica:children]
 ldap_replica_fleming

From 4f2f0ffe641e274b27ff313f889d3ceb7fed840e Mon Sep 17 00:00:00 2001
From: Jeltz <tom.barthe+aurore@ens-paris-saclay.fr>
Date: Wed, 19 May 2021 15:32:33 +0200
Subject: [PATCH 037/116] Increase swap alert threshold

---
 roles/prometheus/templates/server.rules.yml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/prometheus/templates/server.rules.yml.j2 b/roles/prometheus/templates/server.rules.yml.j2
index ac09881..db82ae8 100644
--- a/roles/prometheus/templates/server.rules.yml.j2
+++ b/roles/prometheus/templates/server.rules.yml.j2
@@ -50,7 +50,7 @@ groups:
               node_memory_SwapFree_bytes
               / node_memory_SwapTotal_bytes
             )
-          ) * 100 > 10
+          ) * 100 >= 20
         for: 3m
         labels:
           severity: warning

From 9296a2ed915fdfa251fcaf4692951f0aafcde62c Mon Sep 17 00:00:00 2001
From: Jeltz <tom.barthe+aurore@ens-paris-saclay.fr>
Date: Sun, 23 May 2021 14:02:20 +0200
Subject: [PATCH 038/116] Add caradoc.adm.auro.re

---
 hosts                                  | 1 +
 roles/borgbackup_client/tasks/main.yml | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/hosts b/hosts
index 001fd29..93c70ce 100644
--- a/hosts
+++ b/hosts
@@ -245,6 +245,7 @@ ps-4-3.borne.auro.re
 
 [edc_server]
 perceval.adm.auro.re
+caradoc.adm.auro.re
 
 [edc_pve]
 chapalux.adm.auro.re
diff --git a/roles/borgbackup_client/tasks/main.yml b/roles/borgbackup_client/tasks/main.yml
index fcf1226..8fa0852 100644
--- a/roles/borgbackup_client/tasks/main.yml
+++ b/roles/borgbackup_client/tasks/main.yml
@@ -13,7 +13,7 @@
       dest: /etc/apt/preferences.d/borgmatic-bullseye
   when:
     - "ansible_distribution == 'Debian'"
-    - "ansible_distribution_major_version in ('stretch', 'buster')"
+    - "ansible_distribution_major_version in ('stretch', 'buster', '9', '10')"
 
 - name: Install borgmatic
   apt:

From b7ead19d509613740d8199a6e6c037e1179aa2ae Mon Sep 17 00:00:00 2001
From: Gabriel Detraz <detraz@crans.org>
Date: Tue, 25 May 2021 23:10:34 +0200
Subject: [PATCH 039/116] Remove mail from re2o bug report

---
 roles/radius/templates/settings_local.py.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/radius/templates/settings_local.py.j2 b/roles/radius/templates/settings_local.py.j2
index fb1ac29..3fc63c8 100644
--- a/roles/radius/templates/settings_local.py.j2
+++ b/roles/radius/templates/settings_local.py.j2
@@ -41,7 +41,7 @@ AES_KEY = "{{ re2o_aes_key }}"
 DEBUG = False
 
 # A list of admins of the services. Receive mails when an error occurs
-ADMINS = [('AURORE', 'monitoring.aurore@lists.crans.org'), ('Gabriel Detraz', 'detraz@crans.org')]
+ADMINS = [('AURORE', 'monitoring.aurore@lists.crans.org'),]
 
 # The list of hostname the server will respond to.
 ALLOWED_HOSTS = ['{{ inventory_hostname }}']

From ab11e6cd65df027d56806732b8ee700f263a9d73 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Sat, 17 Jul 2021 16:12:13 +0200
Subject: [PATCH 040/116] Access Point EDC removed (InWall)

---
 hosts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hosts b/hosts
index 93c70ce..b7c5aff 100644
--- a/hosts
+++ b/hosts
@@ -268,7 +268,6 @@ ee-2-1.borne.auro.re
 ee-2-2.borne.auro.re
 eo-0-1.borne.auro.re
 eo-2-1.borne.auro.re
-eo-2-2.borne.auro.re
 ep-0-1.borne.auro.re
 ep-1-1.borne.auro.re
 ep-1-2.borne.auro.re

From e6b6790f636cb4ea17f26bc30cd380a955b1b185 Mon Sep 17 00:00:00 2001
From: pz2891 <pz2891@noreply@auro.re>
Date: Fri, 13 Aug 2021 15:24:12 +0200
Subject: [PATCH 041/116] New rule for unhealthy disks

---
 roles/prometheus/templates/server.rules.yml.j2 | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/roles/prometheus/templates/server.rules.yml.j2 b/roles/prometheus/templates/server.rules.yml.j2
index db82ae8..c4cb6bd 100644
--- a/roles/prometheus/templates/server.rules.yml.j2
+++ b/roles/prometheus/templates/server.rules.yml.j2
@@ -149,5 +149,11 @@ groups:
           summary: >
             Charge à {{ raw('$value') }}
       
-
+      - alert: UnhealthyDisk
+        expr: smartmon_device_smart_healthy < 1 
+        for: 10m
+        labels:
+          severity: "critical"
+        annotations:
+          summary: "Le Disque {{ $labels.disk }} n'est pas en bonne santé !"
 ...

From ab697bafcef03bda639c6b09480a2789503deab2 Mon Sep 17 00:00:00 2001
From: pz2891 <pz2891@noreply@auro.re>
Date: Mon, 16 Aug 2021 08:32:20 +0200
Subject: [PATCH 042/116] Perceval was moved from EDC to Fleming. Add group by
 server.

---
 hosts | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/hosts b/hosts
index b7c5aff..5b24998 100644
--- a/hosts
+++ b/hosts
@@ -73,6 +73,9 @@ prometheus-federate.adm.auro.re
 ###############################################################################
 # Les Jardins de Fleming
 
+[fleming_server]
+perceval.adm.auro.re
+
 [fleming_pve]
 freya.adm.auro.re
 marki.adm.auro.re
@@ -244,7 +247,6 @@ ps-4-3.borne.auro.re
 # Emilie du Chatelet
 
 [edc_server]
-perceval.adm.auro.re
 caradoc.adm.auro.re
 
 [edc_pve]
@@ -439,6 +441,7 @@ ovh_vm
 
 # everything at fleming
 [fleming:children]
+fleming_server
 fleming_pve
 fleming_vm
 fleming_unifi
@@ -451,6 +454,7 @@ pacaterie_unifi
 
 # everything at edc
 [edc:children]
+edc_server
 edc_pve
 edc_vm
 edc_unifi
@@ -483,6 +487,11 @@ edc_vm
 gs_vm
 rives_vm
 
+# every server
+[server:children]
+fleming_server
+edc_server
+
 # every PVE
 [pve:children]
 ovh_pve

From 54b073bd020985d9b9cd100788f9e72dd115cfce Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Wed, 18 Aug 2021 18:53:27 +0200
Subject: [PATCH 043/116] Typo in unhealthy disk rule

---
 roles/prometheus/templates/server.rules.yml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/prometheus/templates/server.rules.yml.j2 b/roles/prometheus/templates/server.rules.yml.j2
index c4cb6bd..5277fdf 100644
--- a/roles/prometheus/templates/server.rules.yml.j2
+++ b/roles/prometheus/templates/server.rules.yml.j2
@@ -155,5 +155,5 @@ groups:
         labels:
           severity: "critical"
         annotations:
-          summary: "Le Disque {{ $labels.disk }} n'est pas en bonne santé !"
+          summary: "Le Disque {{ raw('$labels.disk') }} n'est pas en bonne santé !"
 ...

From db969625cdda6b75a28c66de30672cd3b39bd875 Mon Sep 17 00:00:00 2001
From: pz2891 <pz2891@noreply@auro.re>
Date: Fri, 20 Aug 2021 12:17:17 +0200
Subject: [PATCH 044/116] Add the PDU from GS

---
 monitoring.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/monitoring.yml b/monitoring.yml
index c40afab..629352f 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -67,6 +67,7 @@
       - targets: "{{ groups['gs_unifi'] | list | sort }}"
     prometheus_ups_snmp_targets:
       - ups-gk-1.ups.auro.re
+      - pdu-ga-1.ups.auro.re
   roles:
     - prometheus
 

From 7ca7c27fec1f177633817677ad652ad98fdaf7d8 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Fri, 20 Aug 2021 13:28:19 +0200
Subject: [PATCH 045/116] Add PDU snmp credentials

---
 group_vars/all/vault.yml | 430 ++++++++++++++++++++-------------------
 1 file changed, 217 insertions(+), 213 deletions(-)

diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
index 481fb90..8f78c92 100644
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@@ -1,214 +1,218 @@
 $ANSIBLE_VAULT;1.1;AES256
-65616665376265626636393064366339323264623332323337356438303634646361303530626536
-3134646236376339666130646239626333613866383766340a366465373839396639623862636436
-34336636326332313432373162356565383034636366613135353037393138363466626235353261
-3634306231333966350a323133396531626565633433313761343433303964316163643365626466
-33376632643937663566386232383161303231326638356338383536626531313462636335363166
-35353138393964663063613331386138363030356661633530313533336138336362306437626431
-34613435383966333538363734613730386634393532653334393766613262666434303666386537
-33643832653236313136663761613762656334356466623431383533333563646135336332653331
-39376164363533383930343237366638323534313232613561643936336330353538393136363534
-37353536623939386131616638623531326531316233656166383133316564393731623366353833
-31613665303532303435363765373434653933386530356433653061623232306239316534653432
-39663938616637363238623866303439326666303438613066633866343830303762633233383333
-65343332616430613839636337396238666466666430383031663939323239383964346638356538
-65306463303330373534316438313932373864626637643935636165333835373662623737613734
-36373161386163383831623065323763356637313364303539343763653065383139623934353638
-34373861616336363861363761373665393465623566393063346331333861326337316363373163
-31633532373966656565303866653335356364633063313665386335663863363163303431656165
-61383231666665346162303635393838323462613261663231356531393734313063663231616632
-30343562366433363261393037313062343036663139353431663330383263316662313330636534
-33666463393664636538376365663236613536633663303738373034303136383939343039316463
-38363731333435333262383064336138303062303836303735383836626430623738666635383637
-36383031646561666632666339616632366138383534393030636331323037643564306363303864
-33616664326330656136336538363539623039376565383166373032386230383639326564343961
-39623465366233383663383433313862306366643432623130363037643033366531376163386165
-64353930386233373561356530316361623665643531333632376266633963303262346532386633
-34363938363765313366636134636364616634393061333264386262386261383236386532393966
-62636332633165383730313365366631303032336339346138633231656165646465643039666362
-39613534303532616433646433616261653739663366383566303862386666383363633736306265
-65366434626634303033616463316433393730373034666463663333376633656630386665313934
-36626337383236373533623830326134303931653434613837353961366130623665623336303139
-63616265366638393064666166343331306530313438636436306264636235643762623564653762
-65393435363564366266313161393631383836396464643635643361363034306134626535353962
-63393530313438383731303666343637303666616239643334626338393864613635363330653062
-31633030396362666237376232306238373065616238373934313930313234353433343934363432
-35633636656632643964613431333435656532653038373532343036396136636231306436326639
-36376163656634303236396133316664613164346661346565646165303664343735303233636164
-38393361343561396336333133326539346561373038613265666364316630363339336565363265
-64623063346232346334373836346231353336383931393663373365623838363036643232646330
-37303139663166653634336363626637653666363965383632313261326530323236303961343130
-39663165303836346339396536313137636462373765313135303039386339393536303263636236
-31333534323735373638666364643365396435636533393932643432386630663135633839643965
-34346330613132383533393361626333636132616130343266663835616534616562646366366336
-38303337373331303638643639373535633331626461613862333562653165306663383237383232
-63303331656338656137613162323138333661613834323863633265353737633666336263636665
-34393064376330306562343930376337626165373562336630633938316566343434633734613561
-39363531383233666437373562663136303834373838383632356436643638306633346434316362
-63343866353465396630383562306230313737353863363935346630396134393534353531336535
-65366634316230323264366662376133303565626638386635616536303839363737663538353338
-32663834636363643034316165303164386430346663303635323634373465326537653132366230
-38376361663233646266663330363236666533663861303365303833386465653864656331616162
-66323532643737643539643562653335393338643465373838656464326133393466373733343666
-39613331376538653934333061376664323230636663336232333361623136393836326262336430
-35663930336364376230356537326131323666343330373030303765653763323863646631666136
-39623936613762393332303763633966303966396536643236366534316539386136633230653433
-65326634323062313730376338343965386338306135393033333161313839333963326134653966
-66363365353537323034646537633331336134363239393465363164663263313731666335613032
-61643935623064626464346430353033313961326164316637316664363830633137383335316538
-31646133623461386434343663313365376230613237326638393464366166633635646462373939
-31313165616363373730393733386430633065373433643935643931363965393465323264626164
-65333431653566646134646132626136323035323362313163303463393962306631363631383762
-63333063633934646332303966666461663566626564643365643232323732646530303834616639
-63616262316563636636613764663563323063636331643063373364373337373664333763363464
-31346663633866653162323934613532333934626430643138613631653164343063323661383163
-36633431376463633334306663346462373166613531663064323238323434346439333936313539
-33663036663234383934626661383530666566323336363734336265346235306135336136373864
-38313937663965313334653139366430316632313737303639636135666235346633303861626430
-34373938633331666535336438313363626636363063333265316166333562616330306563386335
-65366366303937376438313032643037656465393263393434623462336430393031373433383532
-66306566656437323530323434353835303838303438613662356134343136386630643338333264
-30643039666535323736303930336239643730653233393538633235303938623161343437616136
-34613337383363656536373737396261396261653264373362313161336435623466366436623736
-61313036383063656537613664633437336361396665633764313062396265323766346363656666
-33656130316566633563353631323438343532393563633830343131653063353331323961343636
-38303239623566383337356262313538316437323731326166366139623665356132313563663734
-34353065316164653638313439303466316338373565323435343937653632313566656438333730
-62373366333335643366356438613838373963363436393035623132626233373830666238323464
-33356562636261376665303262633665323830316137306239626432323330393863613938313539
-33613438373733633661633266353866373834346436383466636138393736373638623136383639
-38653439373230353265386166663562633738306232623132636333396135343461646136303162
-36343636306333376564383764356433653362356434306566376565653736643035336433303331
-38626430623633313336653261633834323430323137313533333166393966633662613561643863
-65653237636436373739633862313132623831623461643063626361613231343537383032346132
-61383666383134373061643061656164366364656231343434616366356237303766343166613964
-36376461366663373132326263616263316663323039626239643361363362306334633636343064
-66336533626562323832633133653366323137616431363566653561363233626239616262346165
-30396466343639383665383762383765396638323761653065356339343965373032306136656563
-31353033343532366339303331366235373838356461353564623430333561356635336163396466
-38303438616436383763386538663039393862636333326630623862353732343961646162653933
-35633235303530353065343434333164306530363839663366316235333563663965623934383634
-32616565313232373964366163323739353261643432363037666639663664303861383033333462
-62333633626263393637306365353565306636386238613365643537353861396638643065616236
-63303130313363326333663936393765623930636331663837313835333862386263303238386262
-35646634663163626438356536346239666461306462326465613339653337326436356638323666
-38323134396238356532623430303233303636343839646436363066383136366436336536313766
-33373036386465623737316435643430616434336165343832386539666432613365326664663237
-61333166343438313131643635663234626638623139363034616263643463356632353932383938
-61383065343231633438313536633039633266323563336531663365326137666535623230336134
-34646661306330653631383364343566386531313137643233376265313461396538373132396366
-66313534386133346161373130386465383139623831653566326434646461306139633433656630
-64623164376361643062396139356464373131653036336361623738633263326234323066613661
-31306163313038333861656561356661383436363534366665376362346661616464633065303234
-61616237313434363761636261313630356639346434636465363763373235636462666338343265
-34336533376366393339306539633238326663656266373965623962623665626238366333393734
-35646636666535396638373134376362396134353035633566336461326630323833383734356161
-62303738343662633735663965336435316630653061373736643035653337363635623863626533
-31306138313839616131363333326439323863646236613133333163366162353063366561656631
-61623237633361313631633463666335643935616237656134383830393335346632393066666632
-66326331653430633165333037316637303138353133313264643739626566353137383265366264
-38353533613863353431656665363339633265303463613565636565393836616230643932333762
-30353437343761613236613431626536666538336234633166623961363031393235333763626337
-65623836323538653730393533383532626133393834376339303630626533613339623666353839
-38613833623830306566333035336334383733626166363239356661353965353462393161626136
-37336365663863393963653031303337396666653262646635386337386230383562616564653966
-34393831383639303562333464653736363330326462623266383038326561323264363563623065
-30366435323961613463653636666238383632353661326439346430356134643866396531623039
-66663830353732663863393762626161383263663535333032393632633066363836363939316262
-30373766363637316535306538663235656137363038623936366465376636393535326437666334
-30343437326362613761376262383265313264383464383838386638653065313864353235373331
-62646366333137643931316339373761663731633766363864633461323266663236613231656633
-31653132343031313535656538663761386266333062646439383633336531373764366166646165
-64343439386336323064616634363532353166353531633332663862653666666436666564356236
-62336332386437626137386566333934393636313933386466366361633232383135383066396263
-38343432323865353563363631646535633438336333316134343862336666313063643036343030
-62323732353837363639376564336665343265663861303938316564646533346337306338623834
-62353835356465303561346337366136396664383961663237653538643462666263346638303363
-32663564646333343532613861336132396530363435626361643631666464383364613336383235
-64376465636238633765643234383665663637643565626663393066316538313563393730396430
-36373037396264613731353337393261346534343263393862376464393565353739393431313031
-61353538366439383234316530326338633635393035376335616565356630633964636639386639
-63356666653532666435663564393332303234363465636335316365326365633837663930616233
-61343933653232666138613866666430376439396336353535663361373564366262646663653064
-31353765386537656235613131323763323930363162646236333632663034356237363231313762
-39323531333264633863363163333735303636333866653763373362626265396265356564303533
-31353838333337393732633961353561633430616637396235626261316433366339356239633737
-64333636333566366237303231376337613539643464663839303438313532323538643738353866
-38626438303033346531323836336534633732366631376665663139323037643161326561363635
-34633237623537383466316433336636633962623161383338656339613139346138366132356365
-38363635666234616532316333366236396639353130646234626533666133363661393038353666
-38343530306239336234336463646332356462356565376463383930656561336239656465303231
-61323862333032343137636434643335383163366236373161653366323139646235306564366637
-31313335653732633434616436636532343037383861393931323734383964346437323933653737
-39653633663064313933346231663931343163336166663662333239376634386135666230393563
-34333163653935326532386662613537373161366331633737653539333161386461313638643034
-62323433613164383731653534383662316364333538613433623731376234306538663766363965
-64376432396361636637343539393330323835353562393031616137393363333662346332616464
-32643939663266343038356539656464393665616637383030666630333834613830373837353738
-63623130653465386135636635643637366231383765623761356563323061343337306538633031
-66326334303539623763636362333534643431383962383539613964613531353135663463373266
-37326632353861383964653430656362613930353138316566636531323733396231333361663431
-66356561366634323832386437336130363535343132333436633761613731636561333039303965
-33336532373764303334636461646464633866656237656466613361613131613764366339336233
-38373030366130613230636365303233393631383538316230366434326137336532333261383236
-64306566343964643139646438633066373261363836386361316138326362373361316536313839
-39663633343330663732376230633638626533313963306266363030306431373862633833383532
-36623537323532373934613962613761376463363337393666316434383463393962616366643436
-34326566383666663266396165613534633464656130313535383963353238623238393837353133
-66396661626432313038306362393136616166653962363736363133303835376264616561343736
-38383531623733326366333661393262613335653238343235353165613339393535316236353563
-35663037363935386634623064636333666135313361303837383630643665613863373931626333
-36316138343462636538616466383461353639613264653831323133333262626633353766643730
-63343030346536616539643832303238393539383362316137386437356630313438623436636465
-35363436306634393764386362616330373732623763373064306562326337303732333733346563
-63356231343165653132303338343439356666646162626639646232623064656664336133666233
-36366366363264663033333731616632383438306435663631613439646466663434343931663764
-36623437666232323336366363333333373430303639393761636463333135626263333066656538
-35336431623265663239633963353162366534653864653530623935333137653761336234616133
-61643231663033393535383063373236363538623964303435623337383031653734626461623731
-62306565303739313166333663363935313362356362303066323635626638393961623138613864
-33626639323030306461326232323533303131633630316437333936653839626362613162336339
-39373339626238303238306363356166646532623963306438626264633961643765353434326430
-65323535306566343537663632393866616239613732643032356536303764636564306630383633
-66356435616237376538653539366636636533343866623764316462346634313032333636336166
-33653231336563363336303936336430343137653966393530393532323563393532353434393231
-38363662613161626132383266323635613165363433623630653663396562366262376634326561
-66643938306331663931386535613833613761313639363038616139343966656662646432663666
-63393931373738373536323631353361303366343330306565393230396332373932303866333034
-35396166633165396537373638333730303730613939386663653032626439363466623231303833
-63656338656435383531613734643165613536353632393535646132303034663731396631303237
-64376438373538373362353766303963396639333732373266343766363534623063313138616139
-39313861616164613031643934313466633431316230656566306666303932343039383737313565
-66356432336663636631666138636538323238303462376330663134616365323536386234666136
-63343032383465616437303437303063626335363333656166393435343834646634313435653334
-31366465386238393133366364376565656639656230343161613463393931373537383564353866
-31313464663531353165646665356231646634383936643539323866376631666635306334616261
-39383439366664386563386133356239333133306162316466343334356631616434623363643535
-38663530623063373965666530386632323034623139303839323761376638313362316430373536
-62363265366537656237633663663266653631653561303965616635363438613061306362336430
-35303461633864353735613330643966396230623434323132383135623331353361633134663931
-33333435306635313161613930656239346461623931356430306364383937353433626435633832
-64613437313464323861356338643733386432656233663333343437353935353236346561366330
-32396465333833343732653136616636663736623434363765336161383433356333313135313161
-33373764393265376661613465626638353636653931323162363031666262653062626166363930
-39613931356338393862356537343332633635366134343037633765616634316362386335663036
-32666465323538356634346662383238326663333339623430376362306534363630613337626266
-39326361383435623939663163373835626439643433393839383730666166666266356361633731
-33336265613531303735613239316362633538386632343836613230326164366165616265313066
-35333361303734343231633930346230343432336665383337343431303031383962383366343433
-63363364333063313632663765633831323863626636643862323865356461366361343563383363
-33363138646366333136326435376537356338633862623531393938373935353466376266333664
-31633039336362363237376266346561313064393537613832663130653761636633313562316639
-36633432613931663263343861396632356136366636336163343333323661666663346365626564
-32613734313663656164333537653666313033643262336239623961313638306634343666303938
-62636236353161336134323430336263643038623663353965656236623465326661633766363765
-35653261663335313065383266383833393431333631653363363030363939323862653262316637
-62343263623037643435656165623466326365363532353434643665336632383765313937666535
-37663463303034363531386465383663393534393435633764646138313962373735393334326137
-61653933316435363130333335323066386532626234626534396435383061333961363739333033
-61656364313963303132623837666463633066653165316633373166373161343539393132316665
-37646631643265333665643262666265653339616530336361333333633939373839323264613761
-62643363356431306330313761623933623333383066333364663439646536333232386232623238
-62356533636632396330353430653935613965383938643638353632643865323832623737646635
-32636464343734653765396236653538343463373662653733326362363330643038663766383861
-34316338343064393862353364613037393231343366633364393535343965623431
+34353636353331626234623838643238343237306237313336663433326164313030646263393165
+3964666632653139323634663061363763656533373538660a393464333663313633393866383432
+31303736366665306465333037373835383266383035626666353461623435393438303861376435
+3161393136653361610a336438393566393936633637613436366634353237313363653232333263
+38643566626564656635316564363362386236356164646238336265663839363430623739366266
+66333233666439656561626161653336633136396565336633356630303436303234613063396238
+62363437306639343236636537303363313236633765363430623865323734316531383662353763
+37636439356164303730323235346362393436656333393062333566336536316131343338663630
+31613063313034396162323034313562356662653266636638633665376531663932653461636363
+32653061386562376237653837333239326438656630646138393362383539616339393365343435
+63616462363733623930623435333435333937336538353735626161666162333337633931333338
+62316638373736326432373464326266373361613864633262656432313364343366373832643865
+64343866393966346534623238386437373632326632376166396630613630613365393932333066
+37663162656134346564353762383961386161343064373637373634353231653137383461626666
+34666365656632333764613931643266613737393032366431323764623830666131386566613535
+30346631396237336332636438653339613633636662663266663235613634346162316134336533
+61353361353437626231393137653464363934383233363830373961373033653336323666313836
+63643638353438363661653239346530366630336661343336303836383439613462333532653263
+63643437323166386230663635333130333632376661393830646365333666323239323134386636
+30656266323839633237663433376136313437366264633039376165633961656137363038616534
+32393330656464373739353833646232633634333937613932393834356535396464613633653334
+33386231313830656562366335333162386461616331333733343163313562636232646261383135
+36376131333931303566343337343539323265313931346538343539363230643030646531373134
+36636364326539356533363832333661396435363365633831346664393165626330356536343961
+64613935636333333331633931313266633732663430373166393362373431353363316630663235
+31353936343932386665366134643962313937366634396262386434396334383332343537383163
+37323235326161636339323237643366323430623136323937353665383364306436616664356662
+38616466636465313330303464343665333163626231613164663030623963626634383965613135
+31336632366231613062366430393636646535616134383232386334343137333138643866393633
+38636161623734613862313638666562393164356536613665303839633035636330353965356163
+65646530383162323630633865363334306234383466383033663762633933653162356166376138
+33343832323466333132386564336636323765383839366134636433613866623830626133303434
+64643066366638316633663338333335313466366433313134306239393233663233333730333138
+32666133633931393961323663353565653532323837316165653536396339316364623633613137
+30626636623037396438636261633939643363326136613631376139396538623932356237313637
+62656337663438623666633435373564313566636538373339663731393564653264623863353032
+33613639616135623735393364623439393432316632626239313837653464623563393663346163
+36303764343562376337366465643434646263383133336162376166383434633436633263303263
+61656536363037666230393063336263363865356465616231333966396332383434366265343434
+66363732313435656164613135333762306464373133343739636266346336346261366535316230
+36663433616332386166323965643436393433666264343062393463653339646264353264366663
+31653331613138316138383930336163616333666161386466616566323664346263396637393735
+38386462313763346164613430653133316631633261356663613738663435313963303734373364
+34353332643366353930633339373962376162383239316134346561336539643737656239336230
+33613662646466383434303638343362323933643831653932393030383762323539346332333961
+34616338386361353362366434663365663262383835383031393430633235393631666332623261
+36393231366164303165336633663565376334643864323366666434383634353031326633313266
+66346234323036396562313366346661333130363434643565333763316234353733383733623839
+37663761656131363932333330663638323733666333336636613264363164643230343964643061
+37633264313865373732653466356639653335313236646331623932303963326364343132656464
+65636665616364373538613732643938323364626166316437623166383734316662386134316233
+66313430626133303461336465333532373361616334393139663233363132393265643865656561
+63303734313934343636333135373164636536663935323030366563623635616535616230363061
+38653362343264626432373866313363373439333331333963333765356462323762333739313061
+33626365663433396562633534643630326364346135383531343063373266633635353130363166
+30363735386665346661343166373034663466636335323838666465613163353039366233386562
+39626462383635356230343031633666346561376462376634636236323164626537396337323337
+64653163623030326435623833383136386366613764623633303732613337373732386432303737
+61303530356461343339333165663161343262613434306162653563643765323837303537653963
+30383964336230326336313765333832323639626131303063363030313537346463393765303132
+33376633313135613832616239343939363562363132666433373966616166383836376636363630
+65376266323266636430383236616338373632323134626165393961383733363365383761653538
+61386365363262623665313637333761626561643530376433326531313161303733626432333866
+63663762313130336535666134343961353337653034643436363263306664666562356431313433
+63333034623762663630323031653363356666366538323064363866366662656466666361373938
+35653562383865363437346466663963326439316531396165376439383931366132386161346364
+66633334666239393336383336376130663633613161306564336131356435396639336566636131
+37653763373537353635393536363531626332313461626166373763613861346433653237306636
+39393435633163386164356131636530623732316538646133316365383561653061376431333431
+66356561333637353537316231616133646231306462626439326462393131633562393462396132
+62396337626436336230636338373439343839646266613033633930383530363932616463633538
+35646230393536396330383566346138633434333063333362313139643537346236313336376463
+31363335633333333262316239383735633139383332303235623430626539626466336365306465
+66396336323637613036616532363963363430383737343566366162663836396132353933346534
+35366565336462646364643137323864656334336635376435623561666530386334623964323136
+39653365646161366330376336353931633366653832383966656639393364386438363832333934
+34616536653064363739333363663233376631636134323162626333343035396265666662636230
+31343931323435373964383562616333333835326238623131646433366134343830616432643866
+36353363356532383963623364636363393834343132303434393331653335313938393662376534
+33376565613433373864666536313439656339306532643233336137363264303638346563643932
+35343838616538343262613066343665386433386339373362313533643639326136663430363135
+37393734306565613566663632643639343939353361656566663431386539333136393663656262
+34363537333431356363633932373736383262343336396666383237616661353763643861376537
+63306133353331653833346339663062353438356162356431333336373536623439366132343930
+31623736353532323230373264363163386339346563313236633061313239663962623136323962
+62333166636230363333633661336539373962623337666538636565643664396132613263633461
+64663430666630303562323065613838666265653438383838363561303637663931613239326639
+30663533376662333162613731636665646565336465396132663165613431343332313038613335
+62643030376564306335633138373937613934653738396361303064306263353566336232346639
+38323266373537646334633761643933653931646439353939326536383463373666646262353362
+61356230333461646435353332656564616464363539373966333535653365326330333230373539
+62613335363632393335306535643862653262363031356439386639656262353662656432656331
+34323431356337646238353135326332346431383535643735646562386161353164393961646264
+63396161316563323537396431646561633730373930306637623438323761613935396238363965
+61613339353234626565653939643139626665343439626365656165616437653234326530316464
+39303433333533643439313464623531646133316563306337386261356332393435613237653632
+63386439353136383265323965646538316334343661376532323461636666363630613836366233
+63326465633438633564396135386137383061663264373530313330666639333236343539653734
+62323637313131613839363665633163316235306536343039626166396263383332363365373936
+66356135646330373162346261326531616538303566663761626639363635633064623361663463
+34373937653165376262643064653738396365353532343864653836306231306566386665343963
+36353066346161323733346131386466653964653961343136643039653035383864653238663265
+35623565303731636164353664666636303430333933616230336330393530633032353037626339
+34326664373239663330356430346531663635646161356130623733303862613964613433393334
+33303735333934343964363230326634653465623465366465386639616361316139323536363261
+30313531363533356636303565303265363430363530356662313838646435316439363263346165
+37666463393332323066376464313339383138343235613438663464613436376237333565616563
+31363936393731623562363331666433626636396136636533353435386634336363613963636162
+33306233616636363432316236363665333162393133616130313530313764643738336666316639
+36613263303138633039376135396266613766666261373436626333373035393863376133386162
+38633333353963313433636236636339666135376530323731663761303938313764356636363963
+34393035333561626564313638656266313666643166633163636630633938346661653033643832
+36393632633765656661353236376432383034343766643336353236623437356638336264326364
+30616161633130653131373932303337616237656633346438323832623964323332613836326365
+66666666663766653865636435623562643637363134333336636231356332356439396262386338
+62643738326437343139616134386130616533653066666631633139653038646336306363373233
+30626134623732393361653637313235363463336331666231336434363432646363373534336661
+39623864643130613337336232313263323161313030353535313336393233643237343566373063
+64633935366430316566306461313261633031656562356461376632373031333462323237646263
+37343535393539393032653135653666393933326632653166666633613638333130623937383530
+35323737363662346337326134366239666137343031326663356533353033633332633931333738
+34383937316461313231313936626436633030373833306636643633343266343461363732373132
+66396233396432336336623166653361646561313432383861313061376234656636663864616132
+32336664636162346633376633353938613865323162356437373330306236383164376261613461
+37313839363331653139623264336631663534643530663434393535333865353965343161636638
+34653334373865356439333736366432323832323834633239333130386639366163643337303832
+37383637366231613930633661316466346136333666343266393137663965653331303034356661
+61643439383630353139613635636665616534396639643161653334626434616132333731323532
+39363462313039336661636332623530363832316564343135343330323362366633333632646239
+34633736383534653130343437376134616363363736613462326332643031376331636164623837
+32316331663030383762333562373937663663633931623535303139306163613962643762353633
+66643038633630633736316634316238643136363532396363323361323163363638653331616631
+30303832363163346663613433646432326566613738356133386238386266376261336532356338
+61383539336138666261636234316461646365373236383038363965626635393530346236666263
+38636164336463393565613362626334346565653464663136316564646631323835626364333536
+36633566613432346334656665636134386334663362633562623938343264396538656432366166
+65626635336139306335366265616430366337656265346235653333646362383232386434663832
+65636634646363323736323165666637373661333136636164613933396130633932373837393030
+38303466303363623038336363633037666631356262396631396464383065343730346537303534
+62383764653763313639313332386331653163313134303336396336323862323063643265383761
+35633939626636613030653564366266346338346239356163383864383762393261396561613032
+31313866356666666538613935653965373932366666303634636436633662333638396563336161
+32303934373238323838366563623035663863393835353839343230626235353830336532306532
+36303035613238656133643936353735646336396238363334326561336365666238363735633561
+62616338336664366631336364636564393539363163626465613530343939303961353364666364
+38666665326563333039386462656261666531646637306261316233336130343730663661336431
+62666138343766393262313431386136613139386265623939613830646233666134386235326564
+36353032383336353763363231313564396630363565666163316237323363633866323734326664
+30316533383363363461613564646137646337303738373833373238396661656265626139333637
+30353835363062393333646433356362613132653463656532366137356136306431633836653333
+65326266303038393233373263313933323637303539353065663233356333326235633064353536
+30626433356630316364386332393331626135656266376233363837303438636539386434613038
+31313938653662306533663635333564653232306436396331386433343561313365633664383865
+33356163343232626165353739386534346231336634656231613235383536616338383133383664
+31303734363836326662633062396130343637343731613532353533323164353934383230626436
+33356139303663326361333535306261386431343736396238616435633565613266306339363166
+61646233353636303739353336336662633662303861623864323033376133623734373436646365
+33626332366464393166613339623663346234653830386664396630376539656163633263663664
+63646539353035323263306136396537373561646264363939613737313462643063663136623136
+61643138623962383039313836633032323861313937643164343832303634643833393230656637
+35393566396562343863323235333835353135323139613166303539306266636265363931336162
+32363361356231326164376533346464613836373162323333336438333532333161633432343637
+65356364636264313036643836643863396435663837393564393833303037643331363633643065
+36396662626462303232386531653234373231306131353732656663353538356636646331646163
+32306362366264343966393237633831633263383236336133343166633639366266316235386538
+32623039366561643663653564633066306339613938386234666430666462316363373863626337
+37366232633365653462613732353064396539356432393661626462313663363634613434376462
+61316266366131343239616133613038303338323566633363666330336364393261636130313164
+32336237383536363562663537343661306434313964373034376263373262643635316664646130
+35333631626236653638633661363831323262336465323339356637356331313738666634656538
+34363438633566393866313662386365313030646230393862343735356535633366666138623863
+65306336356633326530303932373634613733643364336561653737363132343534333336376264
+34663965373532393330393763646232623533376332323239376232303935393339656230356537
+30306264636362353733656366363139613637303264323361333138666462666531323131663564
+62616362303035613733386231316431326333643739373738666135363232616564346238636462
+64623234363632613436636336323965383762626261626137386631393334666266343636323862
+34326431303365393234616263653862376466363861353835316336633336613534373235353436
+65663531303939386233353934376335643732373063666362343234353037363430356233356138
+34663530643266343535333336643938326131366239333630336163363263613561393639333631
+63333031643033623964303361383462343339353264656435626365393938613162623835646539
+62626331393339373839316166613965373862316438636561306162376535633861396531396637
+66623936323361616333326330616361323232343034343366643130623037653463333730316337
+61383965663130646334343833333737383931363339326266666437353030626262633263626135
+32626239383137303538623735343033633465653861316231636564653535646662646561333832
+30613639353563363534663764376232643630626434626466306663303331643565313239353131
+36303363306538393164663563313133636663653664616438346235646637636132373532393332
+35633533346432616532653937636565363431323161336430323566363239373035616264373636
+62306337323935336332663262396466323064633738306334386233663531313633656232373330
+38656635636264353635356165343233643061363836396266386631393433366265646662633239
+63303939363637663030663965626637336366666638386532666466613965396533373935346135
+62623837643462356334323234633263636130653762636461353037396461623961383330613731
+61626634383232313337313363363637623036653630396266623265363961303662366165373462
+66656364633735626231323335373135663462373966396136653634653865316238393263316464
+66663537383763386335383131303438353930366534616637636564313431346163353534366431
+34356262653134656633636631373963393032393061353636363333313464386463616638663939
+39306136373433346362613934626332316633353232373963633939336338656331366661666232
+37646566393062643738383832363230393337363361653566303433666561643936313037653662
+65666266353032313862666365313237323431666365613666373931383838383435663034343239
+39323139336266373463323465656237366166653230373236613335616433363465613131326234
+39393363386334303963613036333661373364633437386262363937333565316639313261643133
+62626235303163666435333030353039316432316661383933353834313733326435613366313030
+33303631323132323861613366313532333931623739623731353566373039656133653061633637
+36366365653836346662616135303536613331656364306163633731376634313739633634646132
+31396138663337656332653331616462333936313531646135663930616130623338323733663634
+62373866353663336138346335383637333738363035393366613434306536643239356436396333
+39333133366235666562383239363530343464353735666436356333313932613965613065663639
+39383962376264643337633365386164353166343165306634376634646233626466363661666465
+34306533616238616131306130323637656536663561306437346238303464616636306134366130
+30386566326465323962396130336661613433613938633565363635356166643263383364636164
+34643465353664386437316366396130383533626132363566656265353366663865616531386238
+32633831623334643166356237353164356563646132656130363634343664663765373839616430
+37346432616161636139643733346631643165313636323231643461313164646663623439663966
+33323230376337663566636233333038633465323238636533336136363037633065336538383033
+31356634363261643064326335656535356434373862663935316434613938663833626139646636
+63333936363637356234373237326430376232623561663461633138363032616138343730663939
+37353462326266636562373331326161646338623261303762316265323432313139356439306361
+32336132376439616662386132363566363438313739313830393336393439343839

From c5e6fbcfdf2783c43d983ec236af130a73acc427 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Fri, 20 Aug 2021 16:58:28 +0200
Subject: [PATCH 046/116] Configuration for monitoring APC PDU

---
 monitoring.yml                                |   3 +
 roles/prometheus/tasks/main.yml               |  15 +-
 roles/prometheus/templates/prometheus.yml.j2  |  17 ++
 roles/prometheus/templates/snmp.yml.j2        |  66 +++++
 .../prometheus/templates/snmp_apc_pdu.yml.j2  |  68 +++++
 .../templates/snmp_procurve_switcs.yml.j2     |  72 +++++
 .../templates/snmp_ubiquiti_unifi.yml.j2      | 268 ++++++++++++++++++
 7 files changed, 506 insertions(+), 3 deletions(-)
 create mode 100644 roles/prometheus/templates/snmp_apc_pdu.yml.j2
 create mode 100644 roles/prometheus/templates/snmp_procurve_switcs.yml.j2
 create mode 100644 roles/prometheus/templates/snmp_ubiquiti_unifi.yml.j2

diff --git a/monitoring.yml b/monitoring.yml
index 629352f..16c0981 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -58,6 +58,8 @@
     prometheus_alertmanager: docker-ovh.adm.auro.re:9093
     snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
     snmp_switch_community: "{{ vault_snmp_switch_community }}"
+    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
+    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
 
     # Prometheus targets.json
     prometheus_targets:
@@ -67,6 +69,7 @@
       - targets: "{{ groups['gs_unifi'] | list | sort }}"
     prometheus_ups_snmp_targets:
       - ups-gk-1.ups.auro.re
+    prometheus_pdu_snmp_targets:
       - pdu-ga-1.ups.auro.re
   roles:
     - prometheus
diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index f4a5b04..790c108 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -50,14 +50,16 @@
     line: "ARGS=\"--web.listen-address=127.0.0.1:9116\""
   notify: Restart prometheus-snmp-exporter
 
-# This file store SNMP OIDs
+# These files store SNMP OIDs
 - name: Configure Prometheus snmp-exporter
   template:
-    src: snmp.yml.j2
-    dest: /etc/prometheus/snmp.yml
+    src: "{{ item }}.j2"
+    dest: "/etc/prometheus/{{ item }}"
     owner: prometheus
     group: prometheus
     mode: u=r,g=r,o=
+  loop:
+    - snmp.yml
   notify: Restart prometheus-snmp-exporter
 
 # We don't need to restart Prometheus when updating nodes
@@ -103,6 +105,13 @@
     mode: 0644
   when: prometheus_postgres_targets is defined
 
+- name: Configure Prometheus apc_pdu monitoring
+  copy:
+    content: "{{ [{'targets': prometheus_pdu_snmp_targets }] | to_nice_json }}\n"
+    dest: /etc/prometheus/targets_apc_pdu_snmp.json
+    mode: 0644
+  when: prometheus_pdu_snmp_targets is defined
+
 - name: Activate prometheus service
   systemd:
     name: prometheus
diff --git a/roles/prometheus/templates/prometheus.yml.j2 b/roles/prometheus/templates/prometheus.yml.j2
index bae1d2b..4400de3 100644
--- a/roles/prometheus/templates/prometheus.yml.j2
+++ b/roles/prometheus/templates/prometheus.yml.j2
@@ -123,4 +123,21 @@ scrape_configs:
       - source_labels: [__param_target]
         target_label: __address__
         replacement: '$1:9187'
+
+  - job_name: apc_pdu_snmp
+    file_sd_configs:
+      - files:
+        - '/etc/prometheus/targets_apc_pdu_snmp.json'
+    metrics_path: /snmp
+    params:
+      module:
+      - apc_pdu
+    relabel_configs:
+      - source_labels: [__address__]
+        target_label: __param_target
+      - source_labels: [__param_target]
+        target_label: instance
+      - target_label: __address__
+        replacement: 127.0.0.1:9116
+
 ...
diff --git a/roles/prometheus/templates/snmp.yml.j2 b/roles/prometheus/templates/snmp.yml.j2
index cd8abd0..5ed5fa1 100644
--- a/roles/prometheus/templates/snmp.yml.j2
+++ b/roles/prometheus/templates/snmp.yml.j2
@@ -416,4 +416,70 @@ ubiquiti_unifi:
     auth_protocol: SHA
     priv_protocol: AES
     priv_password: {{ snmp_unifi_password }}
+
+
+apc_pdu:
+  walk:
+  - 1.3.6.1.4.1.318.1.1.26.10.2.2.1.8
+  - 1.3.6.1.4.1.318.1.1.26.4.3.1.4
+  - 1.3.6.1.4.1.318.1.1.26.4.3.1.5
+  - 1.3.6.1.4.1.318.1.1.26.4.3.1.6
+  - 1.3.6.1.4.1.318.1.1.26.6.3.1.9
+  - 1.3.6.1.4.1.318.1.1.26.9.4.3.1.7
+  metrics:
+  - name: rPDU2SensorTempHumidityStatusTempC
+    oid: 1.3.6.1.4.1.318.1.1.26.10.2.2.1.8
+    type: gauge
+    help: Sensor temperature reading in tenths of degrees Celsius - 1.3.6.1.4.1.318.1.1.26.10.2.2.1.8
+    indexes:
+    - labelname: rPDU2SensorTempHumidityStatusIndex
+      type: gauge
+  - name: rPDU2DeviceStatusLoadState
+    oid: 1.3.6.1.4.1.318.1.1.26.4.3.1.4
+    type: gauge
+    help: Indicates the present load status of the Rack PDU - 1.3.6.1.4.1.318.1.1.26.4.3.1.4
+    indexes:
+    - labelname: rPDU2DeviceStatusIndex
+      type: gauge
+  - name: rPDU2DeviceStatusPower
+    oid: 1.3.6.1.4.1.318.1.1.26.4.3.1.5
+    type: gauge
+    help: The power consumption of the Rack PDU load in hundredths of kilowatts -
+      1.3.6.1.4.1.318.1.1.26.4.3.1.5
+    indexes:
+    - labelname: rPDU2DeviceStatusIndex
+      type: gauge
+  - name: rPDU2DeviceStatusPeakPower
+    oid: 1.3.6.1.4.1.318.1.1.26.4.3.1.6
+    type: gauge
+    help: The peak power consumption of the Rack PDU load in hundredths of kilowatts
+      - 1.3.6.1.4.1.318.1.1.26.4.3.1.6
+    indexes:
+    - labelname: rPDU2DeviceStatusIndex
+      type: gauge
+  - name: rPDU2PhaseStatusPowerFactor
+    oid: 1.3.6.1.4.1.318.1.1.26.6.3.1.9
+    type: gauge
+    help: Indicates the load power factor, in hundredths, of the Rack PDU phase being
+      queried - 1.3.6.1.4.1.318.1.1.26.6.3.1.9
+    indexes:
+    - labelname: rPDU2PhaseStatusIndex
+      type: gauge
+  - name: rPDU2OutletMeteredStatusPower
+    oid: 1.3.6.1.4.1.318.1.1.26.9.4.3.1.7
+    type: gauge
+    help: Indicates the power draw of the load on the Rack PDU outlet being queried
+      - 1.3.6.1.4.1.318.1.1.26.9.4.3.1.7
+    indexes:
+    - labelname: rPDU2OutletMeteredStatusIndex
+      type: gauge
+  version: 3
+  auth:
+    security_level: authPriv
+    username: {{ snmp_pdu_user }}
+    password: {{ snmp_pdu_password }}
+    auth_protocol: SHA
+    priv_protocol: AES
+    priv_password: {{ snmp_pdu_password }}
+
 ...
diff --git a/roles/prometheus/templates/snmp_apc_pdu.yml.j2 b/roles/prometheus/templates/snmp_apc_pdu.yml.j2
new file mode 100644
index 0000000..0fe4aa3
--- /dev/null
+++ b/roles/prometheus/templates/snmp_apc_pdu.yml.j2
@@ -0,0 +1,68 @@
+---
+{{ ansible_managed | comment }}
+
+apc_pdu:
+  walk:
+  - 1.3.6.1.4.1.318.1.1.26.10.2.2.1.8
+  - 1.3.6.1.4.1.318.1.1.26.4.3.1.4
+  - 1.3.6.1.4.1.318.1.1.26.4.3.1.5
+  - 1.3.6.1.4.1.318.1.1.26.4.3.1.6
+  - 1.3.6.1.4.1.318.1.1.26.6.3.1.9
+  - 1.3.6.1.4.1.318.1.1.26.9.4.3.1.7
+  metrics:
+  - name: rPDU2SensorTempHumidityStatusTempC
+    oid: 1.3.6.1.4.1.318.1.1.26.10.2.2.1.8
+    type: gauge
+    help: Sensor temperature reading in tenths of degrees Celsius - 1.3.6.1.4.1.318.1.1.26.10.2.2.1.8
+    indexes:
+    - labelname: rPDU2SensorTempHumidityStatusIndex
+      type: gauge
+  - name: rPDU2DeviceStatusLoadState
+    oid: 1.3.6.1.4.1.318.1.1.26.4.3.1.4
+    type: gauge
+    help: Indicates the present load status of the Rack PDU - 1.3.6.1.4.1.318.1.1.26.4.3.1.4
+    indexes:
+    - labelname: rPDU2DeviceStatusIndex
+      type: gauge
+  - name: rPDU2DeviceStatusPower
+    oid: 1.3.6.1.4.1.318.1.1.26.4.3.1.5
+    type: gauge
+    help: The power consumption of the Rack PDU load in hundredths of kilowatts -
+      1.3.6.1.4.1.318.1.1.26.4.3.1.5
+    indexes:
+    - labelname: rPDU2DeviceStatusIndex
+      type: gauge
+  - name: rPDU2DeviceStatusPeakPower
+    oid: 1.3.6.1.4.1.318.1.1.26.4.3.1.6
+    type: gauge
+    help: The peak power consumption of the Rack PDU load in hundredths of kilowatts
+      - 1.3.6.1.4.1.318.1.1.26.4.3.1.6
+    indexes:
+    - labelname: rPDU2DeviceStatusIndex
+      type: gauge
+  - name: rPDU2PhaseStatusPowerFactor
+    oid: 1.3.6.1.4.1.318.1.1.26.6.3.1.9
+    type: gauge
+    help: Indicates the load power factor, in hundredths, of the Rack PDU phase being
+      queried - 1.3.6.1.4.1.318.1.1.26.6.3.1.9
+    indexes:
+    - labelname: rPDU2PhaseStatusIndex
+      type: gauge
+  - name: rPDU2OutletMeteredStatusPower
+    oid: 1.3.6.1.4.1.318.1.1.26.9.4.3.1.7
+    type: gauge
+    help: Indicates the power draw of the load on the Rack PDU outlet being queried
+      - 1.3.6.1.4.1.318.1.1.26.9.4.3.1.7
+    indexes:
+    - labelname: rPDU2OutletMeteredStatusIndex
+      type: gauge
+  version: 3
+  auth:
+    security_level: authPriv
+    username: {{ snmp_pdu_user }}
+    password: {{ snmp_pdu_password }}
+    auth_protocol: SHA
+    priv_protocol: AES
+    priv_password: {{ snmp_pdu_password }}
+
+...
diff --git a/roles/prometheus/templates/snmp_procurve_switcs.yml.j2 b/roles/prometheus/templates/snmp_procurve_switcs.yml.j2
new file mode 100644
index 0000000..61e2937
--- /dev/null
+++ b/roles/prometheus/templates/snmp_procurve_switcs.yml.j2
@@ -0,0 +1,72 @@
+---
+{{ ansible_managed | comment }}
+
+procurve_switch:
+  walk:
+    - 1.3.6.1.2.1.31.1.1.1.10
+    - 1.3.6.1.2.1.31.1.1.1
+    - 1.3.6.1.2.1.2.2.1.2
+    - 1.3.6.1.2.1.31.1.1.1.18
+  get:
+    - 1.3.6.1.2.1.1.3.0
+    - 1.3.6.1.2.1.1.5.0
+    - 1.3.6.1.2.1.1.6.0
+  metrics:
+    - name: sysUpTime
+      oid: 1.3.6.1.2.1.1.3
+      type: gauge
+      help: The time (in hundredths of a second) since the network management
+        portion of the system was last re-initialized. - 1.3.6.1.2.1.1.3
+    - name: sysName
+      oid: 1.3.6.1.2.1.1.5
+      type: DisplayString
+      help: An administratively-assigned name for this managed node
+        - 1.3.6.1.2.1.1.5
+    - name: sysLocation
+      oid: 1.3.6.1.2.1.1.6
+      type: DisplayString
+      help: The physical location of this node (e.g., 'telephone closet, 3rd
+        floor') - 1.3.6.1.2.1.1.6
+    - name: ifHCOutOctets
+      oid: 1.3.6.1.2.1.31.1.1.1.10
+      type: counter
+      help: The total number of octets transmitted out of the interface,
+        including framing characters - 1.3.6.1.2.1.31.1.1.1.10
+      indexes:
+        - labelname: ifIndex
+          type: gauge
+      lookups:
+        - labels:
+            - ifIndex
+          labelname: ifDescr
+          oid: 1.3.6.1.2.1.2.2.1.2
+          type: DisplayString
+        - labels:
+            - ifIndex
+          labelname: ifName
+          oid: 1.3.6.1.2.1.31.1.1.1.1
+          type: DisplayString
+    - name: ifHCInOctets
+      oid: 1.3.6.1.2.1.31.1.1.1.6
+      type: counter
+      help: The total number of octets received on the interface, including
+        framing characters - 1.3.6.1.2.1.31.1.1.1.6
+      indexes:
+        - labelname: ifIndex
+          type: gauge
+      lookups:
+        - labels:
+            - ifIndex
+          labelname: ifDescr
+          oid: 1.3.6.1.2.1.2.2.1.2
+          type: DisplayString
+        - labels:
+            - ifIndex
+          labelname: ifName
+          oid: 1.3.6.1.2.1.31.1.1.1.1
+          type: DisplayString
+  version: 2
+  auth:
+    community: "{{ snmp_switch_community }}"
+
+...
diff --git a/roles/prometheus/templates/snmp_ubiquiti_unifi.yml.j2 b/roles/prometheus/templates/snmp_ubiquiti_unifi.yml.j2
new file mode 100644
index 0000000..f6793eb
--- /dev/null
+++ b/roles/prometheus/templates/snmp_ubiquiti_unifi.yml.j2
@@ -0,0 +1,268 @@
+---
+{{ ansible_managed | comment }}
+
+ubiquiti_unifi:
+  walk:
+  - 1.3.6.1.4.1.41112.1.6
+  get:
+  - 1.3.6.1.2.1.1.5.0
+  - 1.3.6.1.2.1.1.6.0
+  metrics:
+# Pour faire une WifiMap un jour, on peut entrer la location dans la conf des bornes
+#  - name: sysLocation
+#    oid: 1.3.6.1.2.1.1.6
+#    type: DisplayString
+#    help: The physical location of this node (e.g., 'telephone closet, 3rd floor')
+#      - 1.3.6.1.2.1.1.6
+  - name: unifiVapIndex
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.1
+    type: gauge
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.1'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapChannel
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.4
+    type: gauge
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.4'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapEssId
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6
+    type: DisplayString
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.6'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapName
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.7
+    type: DisplayString
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.7'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifi_vap_num_stations
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8
+    type: gauge
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8'
+    indexes:
+    - labelname: unifi_vap_index
+      type: gauge
+    lookups:
+    - labels: [unifi_vap_index]
+      labelname: unifi_vap_essid
+      oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6
+      type: DisplayString
+    - labels: [unifi_vap_index]
+      labelname: unifi_vap_radio
+      oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9
+      type: DisplayString
+    - labels: []
+      labelname: unifi_vap_index
+#  - name: unifiVapNumStations
+#    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8
+#    type: gauge
+#    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8'
+#    indexes:
+#    - labelname: unifiVapIndex
+#      type: gauge
+  - name: unifiVapRadio
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9
+    type: DisplayString
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.9'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapRxBytes
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.10
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.10'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapRxCrypts
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.11
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.11'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapRxDropped
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.12
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.12'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapRxErrors
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.13
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.13'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapRxFrags
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.14
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.14'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapRxPackets
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.15
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.15'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapTxBytes
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.16
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.16'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapTxDropped
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.17
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.17'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapTxErrors
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.18
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.18'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapTxPackets
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.19
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.19'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapTxRetries
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.20
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.20'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapTxPower
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.21
+    type: gauge
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.21'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapUp
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.22
+    type: gauge
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.22'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapUsage
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.23
+    type: DisplayString
+    help: guest or regular user - 1.3.6.1.4.1.41112.1.6.1.2.1.23
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiIfIndex
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.1
+    type: gauge
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.1'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfName
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.5
+    type: DisplayString
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.5'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfRxBytes
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.6
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.6'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfRxDropped
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.7
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.7'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfRxError
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.8
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.8'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfRxMulticast
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.9
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.9'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfRxPackets
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.10
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.10'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfTxBytes
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.12
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.12'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfTxDropped
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.13
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.13'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfTxError
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.14
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.14'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfTxPackets
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.15
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.15'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiApSystemModel
+    oid: 1.3.6.1.4.1.41112.1.6.3.3
+    type: DisplayString
+    help: ' - 1.3.6.1.4.1.41112.1.6.3.3'
+  - name: unifiApSystemUptime
+    oid: 1.3.6.1.4.1.41112.1.6.3.5
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.3.5'
+  version: 3
+  auth:
+    security_level: authPriv
+    username: snmp_prometheus
+    password: {{ snmp_unifi_password }}
+    auth_protocol: SHA
+    priv_protocol: AES
+    priv_password: {{ snmp_unifi_password }}
+...

From 0bfc631465703236d02bdaf13107b9f2458bd84d Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Fri, 20 Aug 2021 17:00:19 +0200
Subject: [PATCH 047/116] Remove unused files

---
 .../prometheus/templates/snmp_apc_pdu.yml.j2  |  68 -----
 .../templates/snmp_procurve_switcs.yml.j2     |  72 -----
 .../templates/snmp_ubiquiti_unifi.yml.j2      | 268 ------------------
 3 files changed, 408 deletions(-)
 delete mode 100644 roles/prometheus/templates/snmp_apc_pdu.yml.j2
 delete mode 100644 roles/prometheus/templates/snmp_procurve_switcs.yml.j2
 delete mode 100644 roles/prometheus/templates/snmp_ubiquiti_unifi.yml.j2

diff --git a/roles/prometheus/templates/snmp_apc_pdu.yml.j2 b/roles/prometheus/templates/snmp_apc_pdu.yml.j2
deleted file mode 100644
index 0fe4aa3..0000000
--- a/roles/prometheus/templates/snmp_apc_pdu.yml.j2
+++ /dev/null
@@ -1,68 +0,0 @@
----
-{{ ansible_managed | comment }}
-
-apc_pdu:
-  walk:
-  - 1.3.6.1.4.1.318.1.1.26.10.2.2.1.8
-  - 1.3.6.1.4.1.318.1.1.26.4.3.1.4
-  - 1.3.6.1.4.1.318.1.1.26.4.3.1.5
-  - 1.3.6.1.4.1.318.1.1.26.4.3.1.6
-  - 1.3.6.1.4.1.318.1.1.26.6.3.1.9
-  - 1.3.6.1.4.1.318.1.1.26.9.4.3.1.7
-  metrics:
-  - name: rPDU2SensorTempHumidityStatusTempC
-    oid: 1.3.6.1.4.1.318.1.1.26.10.2.2.1.8
-    type: gauge
-    help: Sensor temperature reading in tenths of degrees Celsius - 1.3.6.1.4.1.318.1.1.26.10.2.2.1.8
-    indexes:
-    - labelname: rPDU2SensorTempHumidityStatusIndex
-      type: gauge
-  - name: rPDU2DeviceStatusLoadState
-    oid: 1.3.6.1.4.1.318.1.1.26.4.3.1.4
-    type: gauge
-    help: Indicates the present load status of the Rack PDU - 1.3.6.1.4.1.318.1.1.26.4.3.1.4
-    indexes:
-    - labelname: rPDU2DeviceStatusIndex
-      type: gauge
-  - name: rPDU2DeviceStatusPower
-    oid: 1.3.6.1.4.1.318.1.1.26.4.3.1.5
-    type: gauge
-    help: The power consumption of the Rack PDU load in hundredths of kilowatts -
-      1.3.6.1.4.1.318.1.1.26.4.3.1.5
-    indexes:
-    - labelname: rPDU2DeviceStatusIndex
-      type: gauge
-  - name: rPDU2DeviceStatusPeakPower
-    oid: 1.3.6.1.4.1.318.1.1.26.4.3.1.6
-    type: gauge
-    help: The peak power consumption of the Rack PDU load in hundredths of kilowatts
-      - 1.3.6.1.4.1.318.1.1.26.4.3.1.6
-    indexes:
-    - labelname: rPDU2DeviceStatusIndex
-      type: gauge
-  - name: rPDU2PhaseStatusPowerFactor
-    oid: 1.3.6.1.4.1.318.1.1.26.6.3.1.9
-    type: gauge
-    help: Indicates the load power factor, in hundredths, of the Rack PDU phase being
-      queried - 1.3.6.1.4.1.318.1.1.26.6.3.1.9
-    indexes:
-    - labelname: rPDU2PhaseStatusIndex
-      type: gauge
-  - name: rPDU2OutletMeteredStatusPower
-    oid: 1.3.6.1.4.1.318.1.1.26.9.4.3.1.7
-    type: gauge
-    help: Indicates the power draw of the load on the Rack PDU outlet being queried
-      - 1.3.6.1.4.1.318.1.1.26.9.4.3.1.7
-    indexes:
-    - labelname: rPDU2OutletMeteredStatusIndex
-      type: gauge
-  version: 3
-  auth:
-    security_level: authPriv
-    username: {{ snmp_pdu_user }}
-    password: {{ snmp_pdu_password }}
-    auth_protocol: SHA
-    priv_protocol: AES
-    priv_password: {{ snmp_pdu_password }}
-
-...
diff --git a/roles/prometheus/templates/snmp_procurve_switcs.yml.j2 b/roles/prometheus/templates/snmp_procurve_switcs.yml.j2
deleted file mode 100644
index 61e2937..0000000
--- a/roles/prometheus/templates/snmp_procurve_switcs.yml.j2
+++ /dev/null
@@ -1,72 +0,0 @@
----
-{{ ansible_managed | comment }}
-
-procurve_switch:
-  walk:
-    - 1.3.6.1.2.1.31.1.1.1.10
-    - 1.3.6.1.2.1.31.1.1.1
-    - 1.3.6.1.2.1.2.2.1.2
-    - 1.3.6.1.2.1.31.1.1.1.18
-  get:
-    - 1.3.6.1.2.1.1.3.0
-    - 1.3.6.1.2.1.1.5.0
-    - 1.3.6.1.2.1.1.6.0
-  metrics:
-    - name: sysUpTime
-      oid: 1.3.6.1.2.1.1.3
-      type: gauge
-      help: The time (in hundredths of a second) since the network management
-        portion of the system was last re-initialized. - 1.3.6.1.2.1.1.3
-    - name: sysName
-      oid: 1.3.6.1.2.1.1.5
-      type: DisplayString
-      help: An administratively-assigned name for this managed node
-        - 1.3.6.1.2.1.1.5
-    - name: sysLocation
-      oid: 1.3.6.1.2.1.1.6
-      type: DisplayString
-      help: The physical location of this node (e.g., 'telephone closet, 3rd
-        floor') - 1.3.6.1.2.1.1.6
-    - name: ifHCOutOctets
-      oid: 1.3.6.1.2.1.31.1.1.1.10
-      type: counter
-      help: The total number of octets transmitted out of the interface,
-        including framing characters - 1.3.6.1.2.1.31.1.1.1.10
-      indexes:
-        - labelname: ifIndex
-          type: gauge
-      lookups:
-        - labels:
-            - ifIndex
-          labelname: ifDescr
-          oid: 1.3.6.1.2.1.2.2.1.2
-          type: DisplayString
-        - labels:
-            - ifIndex
-          labelname: ifName
-          oid: 1.3.6.1.2.1.31.1.1.1.1
-          type: DisplayString
-    - name: ifHCInOctets
-      oid: 1.3.6.1.2.1.31.1.1.1.6
-      type: counter
-      help: The total number of octets received on the interface, including
-        framing characters - 1.3.6.1.2.1.31.1.1.1.6
-      indexes:
-        - labelname: ifIndex
-          type: gauge
-      lookups:
-        - labels:
-            - ifIndex
-          labelname: ifDescr
-          oid: 1.3.6.1.2.1.2.2.1.2
-          type: DisplayString
-        - labels:
-            - ifIndex
-          labelname: ifName
-          oid: 1.3.6.1.2.1.31.1.1.1.1
-          type: DisplayString
-  version: 2
-  auth:
-    community: "{{ snmp_switch_community }}"
-
-...
diff --git a/roles/prometheus/templates/snmp_ubiquiti_unifi.yml.j2 b/roles/prometheus/templates/snmp_ubiquiti_unifi.yml.j2
deleted file mode 100644
index f6793eb..0000000
--- a/roles/prometheus/templates/snmp_ubiquiti_unifi.yml.j2
+++ /dev/null
@@ -1,268 +0,0 @@
----
-{{ ansible_managed | comment }}
-
-ubiquiti_unifi:
-  walk:
-  - 1.3.6.1.4.1.41112.1.6
-  get:
-  - 1.3.6.1.2.1.1.5.0
-  - 1.3.6.1.2.1.1.6.0
-  metrics:
-# Pour faire une WifiMap un jour, on peut entrer la location dans la conf des bornes
-#  - name: sysLocation
-#    oid: 1.3.6.1.2.1.1.6
-#    type: DisplayString
-#    help: The physical location of this node (e.g., 'telephone closet, 3rd floor')
-#      - 1.3.6.1.2.1.1.6
-  - name: unifiVapIndex
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.1
-    type: gauge
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.1'
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifiVapChannel
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.4
-    type: gauge
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.4'
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifiVapEssId
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6
-    type: DisplayString
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.6'
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifiVapName
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.7
-    type: DisplayString
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.7'
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifi_vap_num_stations
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8
-    type: gauge
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8'
-    indexes:
-    - labelname: unifi_vap_index
-      type: gauge
-    lookups:
-    - labels: [unifi_vap_index]
-      labelname: unifi_vap_essid
-      oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6
-      type: DisplayString
-    - labels: [unifi_vap_index]
-      labelname: unifi_vap_radio
-      oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9
-      type: DisplayString
-    - labels: []
-      labelname: unifi_vap_index
-#  - name: unifiVapNumStations
-#    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8
-#    type: gauge
-#    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8'
-#    indexes:
-#    - labelname: unifiVapIndex
-#      type: gauge
-  - name: unifiVapRadio
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9
-    type: DisplayString
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.9'
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifiVapRxBytes
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.10
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.10'
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifiVapRxCrypts
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.11
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.11'
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifiVapRxDropped
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.12
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.12'
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifiVapRxErrors
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.13
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.13'
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifiVapRxFrags
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.14
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.14'
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifiVapRxPackets
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.15
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.15'
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifiVapTxBytes
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.16
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.16'
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifiVapTxDropped
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.17
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.17'
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifiVapTxErrors
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.18
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.18'
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifiVapTxPackets
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.19
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.19'
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifiVapTxRetries
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.20
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.20'
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifiVapTxPower
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.21
-    type: gauge
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.21'
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifiVapUp
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.22
-    type: gauge
-    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.22'
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifiVapUsage
-    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.23
-    type: DisplayString
-    help: guest or regular user - 1.3.6.1.4.1.41112.1.6.1.2.1.23
-    indexes:
-    - labelname: unifiVapIndex
-      type: gauge
-  - name: unifiIfIndex
-    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.1
-    type: gauge
-    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.1'
-    indexes:
-    - labelname: unifiIfIndex
-      type: gauge
-  - name: unifiIfName
-    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.5
-    type: DisplayString
-    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.5'
-    indexes:
-    - labelname: unifiIfIndex
-      type: gauge
-  - name: unifiIfRxBytes
-    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.6
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.6'
-    indexes:
-    - labelname: unifiIfIndex
-      type: gauge
-  - name: unifiIfRxDropped
-    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.7
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.7'
-    indexes:
-    - labelname: unifiIfIndex
-      type: gauge
-  - name: unifiIfRxError
-    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.8
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.8'
-    indexes:
-    - labelname: unifiIfIndex
-      type: gauge
-  - name: unifiIfRxMulticast
-    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.9
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.9'
-    indexes:
-    - labelname: unifiIfIndex
-      type: gauge
-  - name: unifiIfRxPackets
-    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.10
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.10'
-    indexes:
-    - labelname: unifiIfIndex
-      type: gauge
-  - name: unifiIfTxBytes
-    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.12
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.12'
-    indexes:
-    - labelname: unifiIfIndex
-      type: gauge
-  - name: unifiIfTxDropped
-    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.13
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.13'
-    indexes:
-    - labelname: unifiIfIndex
-      type: gauge
-  - name: unifiIfTxError
-    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.14
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.14'
-    indexes:
-    - labelname: unifiIfIndex
-      type: gauge
-  - name: unifiIfTxPackets
-    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.15
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.15'
-    indexes:
-    - labelname: unifiIfIndex
-      type: gauge
-  - name: unifiApSystemModel
-    oid: 1.3.6.1.4.1.41112.1.6.3.3
-    type: DisplayString
-    help: ' - 1.3.6.1.4.1.41112.1.6.3.3'
-  - name: unifiApSystemUptime
-    oid: 1.3.6.1.4.1.41112.1.6.3.5
-    type: counter
-    help: ' - 1.3.6.1.4.1.41112.1.6.3.5'
-  version: 3
-  auth:
-    security_level: authPriv
-    username: snmp_prometheus
-    password: {{ snmp_unifi_password }}
-    auth_protocol: SHA
-    priv_protocol: AES
-    priv_password: {{ snmp_unifi_password }}
-...

From f17e7f752427db175810e567f33cd9fb5d92e45a Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Fri, 20 Aug 2021 18:22:00 +0200
Subject: [PATCH 048/116] Add snmp pdu password to generate config

---
 monitoring.yml                                     | 14 ++++++++++++++
 .../templates/prometheus.yml.j2                    |  2 +-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/monitoring.yml b/monitoring.yml
index 16c0981..bb3c92a 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -5,6 +5,8 @@
     prometheus_alertmanager: docker-ovh.adm.auro.re:9093
     snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
     snmp_switch_community: "{{ vault_snmp_switch_community }}"
+    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
+    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
 
     # Prometheus targets.json
     prometheus_targets:
@@ -20,6 +22,8 @@
     prometheus_alertmanager: docker-ovh.adm.auro.re:9093
     snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
     snmp_switch_community: "{{ vault_snmp_switch_community }}"
+    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
+    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
 
     # Prometheus targets.json
     prometheus_targets:
@@ -38,6 +42,8 @@
     prometheus_alertmanager: docker-ovh.adm.auro.re:9093
     snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
     snmp_switch_community: "{{ vault_snmp_switch_community }}"
+    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
+    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
 
     # Prometheus targets.json
     prometheus_ups_snmp_targets:
@@ -79,6 +85,8 @@
     prometheus_alertmanager: docker-ovh.adm.auro.re:9093
     snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
     snmp_switch_community: "{{ vault_snmp_switch_community }}"
+    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
+    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
 
     # Prometheus targets.json
     prometheus_ups_snmp_targets:
@@ -98,6 +106,8 @@
     prometheus_alertmanager: docker-ovh.adm.auro.re:9093
     snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
     snmp_switch_community: "{{ vault_snmp_switch_community }}"
+    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
+    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
 
     # Prometheus targets.json
     prometheus_targets:
@@ -130,6 +140,8 @@
     prometheus_alertmanager: docker-ovh.adm.auro.re:9093
     snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
     snmp_switch_community: "{{ vault_snmp_switch_community }}"
+    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
+    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
 
     # Prometheus targets.json
     prometheus_targets:
@@ -148,6 +160,8 @@
   vars:
     prometheus_alertmanager: docker-ovh.adm.auro.re:9093
     snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
+    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
+    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
 
     # Prometheus targets.json
     prometheus_targets:
diff --git a/roles/prometheus_federate/templates/prometheus.yml.j2 b/roles/prometheus_federate/templates/prometheus.yml.j2
index 71e6874..4757b98 100644
--- a/roles/prometheus_federate/templates/prometheus.yml.j2
+++ b/roles/prometheus_federate/templates/prometheus.yml.j2
@@ -36,7 +36,7 @@ scrape_configs:
         - '{job="unifi_snmp"}'
         - '{job="django"}'
         - '{job="ups_snmp"}'
-        - '{job="django"}'
+        - '{job="apc_pdu_snmp"}'
         - '{job="docker"}'
         - '{job="switch_snmp"}'
 ...

From cc3b4294aea94b8dae863199d6401de544933a73 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Fri, 20 Aug 2021 19:31:04 +0200
Subject: [PATCH 049/116] Kepp federated datas 4 months (120 days)

---
 roles/prometheus/tasks/main.yml               |  1 +
 .../templates/environmental.rules.yml.j2      | 52 +++++++++++++++++++
 roles/prometheus_federate/tasks/main.yml      |  7 +++
 3 files changed, 60 insertions(+)
 create mode 100644 roles/prometheus/templates/environmental.rules.yml.j2

diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index 790c108..f9e48e8 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -41,6 +41,7 @@
     - django.rules.yml
     - ups.rules.yml
     - postgres.rules.yml
+    - environmental.rules.yml
   notify: Restart Prometheus
 
 - name: Make Prometheus snmp-exporter listen on localhost only
diff --git a/roles/prometheus/templates/environmental.rules.yml.j2 b/roles/prometheus/templates/environmental.rules.yml.j2
new file mode 100644
index 0000000..f371329
--- /dev/null
+++ b/roles/prometheus/templates/environmental.rules.yml.j2
@@ -0,0 +1,52 @@
+---
+{{ ansible_managed | comment }}
+
+{% macro raw(string) -%}
+{{ "{{" }} {{ string }} {{ "}}" }}
+{%- endmacro %}
+
+groups:
+
+  - name: environmental.rules
+    rules:
+
+      - alert: EnvironmentalTemperature
+        expr: rPDU2SensorTempHumidityStatusTempC / 10 > 30
+        for: 10m
+        labels:
+          severity: warning
+        annotations:
+          summary: >-
+            Température environnementale à {{ raw('$value') }}°
+
+      - alert: EnvironmentalTemperature
+        expr: rPDU2SensorTempHumidityStatusTempC / 10 > 40
+        for: 10m
+        labels:
+          severity: critical
+        annotations:
+          summary: >-
+            Température environnementale à {{ raw('$value') }}° 
+
+
+      - alert: EnvironmentalTemperature
+        expr: xupsEnvRemoteTemp > 30
+        for: 10m
+        labels:
+          severity: warning
+        annotations:
+          summary: >-
+            Température environnementale à {{ raw('$value') }}°
+
+      - alert: EnvironmentalTemperature
+        expr: xupsEnvRemoteTemp > 40
+        for: 10m
+        labels:
+          severity: critical
+        annotations:
+          summary: >-
+            Température environnementale à {{ raw('$value') }}° 
+
+
+
+...
diff --git a/roles/prometheus_federate/tasks/main.yml b/roles/prometheus_federate/tasks/main.yml
index cc96e65..366f614 100644
--- a/roles/prometheus_federate/tasks/main.yml
+++ b/roles/prometheus_federate/tasks/main.yml
@@ -20,6 +20,13 @@
     - alert.rules.yml
   notify: Restart Prometheus
 
+- name: Define Prometheus retention time
+  lineinfile:
+    path: /etc/default/prometheus
+    regexp: '^ARGS=\"--log.level=debug\"'
+    line: "ARGS=\"--log.level=debug --storage.tsdb.retention.time=120d\""
+  notify: Restart Prometheus
+
 # We don't need to restart Prometheus when updating nodes
 - name: Configure Prometheus Federate devices
   copy:

From b31f9bd952be11c42c2d3ad9825b1ddfb9732f0b Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Sat, 21 Aug 2021 11:25:39 +0200
Subject: [PATCH 050/116] Retention time is now a file that will be copied

---
 roles/prometheus_federate/files/prometheus | 112 +++++++++++++++++++++
 roles/prometheus_federate/tasks/main.yml   |  10 +-
 2 files changed, 118 insertions(+), 4 deletions(-)
 create mode 100644 roles/prometheus_federate/files/prometheus

diff --git a/roles/prometheus_federate/files/prometheus b/roles/prometheus_federate/files/prometheus
new file mode 100644
index 0000000..c409f3b
--- /dev/null
+++ b/roles/prometheus_federate/files/prometheus
@@ -0,0 +1,112 @@
+# Set the command-line arguments to pass to the server.
+ARGS="--log.level=debug --storage.tsdb.retention.time=120d"
+
+# Prometheus supports the following options:
+#  --config.file="/etc/prometheus/prometheus.yml"
+#                             Prometheus configuration file path.
+#  --web.listen-address="0.0.0.0:9090"
+#                             Address to listen on for UI, API, and telemetry.
+#  --web.read-timeout=5m      Maximum duration before timing out read of the
+#                             request, and closing idle connections.
+#  --web.max-connections=512  Maximum number of simultaneous connections.
+#  --web.external-url=<URL>   The URL under which Prometheus is externally
+#                             reachable (for example, if Prometheus is served
+#                             via a reverse proxy). Used for generating
+#                             relative and absolute links back to Prometheus
+#                             itself. If the URL has a path portion, it will
+#                             be used to prefix all HTTP endpoints served by
+#                             Prometheus. If omitted, relevant URL components
+#                             will be derived automatically.
+#  --web.route-prefix=<path>  Prefix for the internal routes of web endpoints.
+#                             Defaults to path of --web.external-url.
+#  --web.local-assets="/usr/share/prometheus/web/"
+#                             Path to static asset/templates directory.
+#  --web.user-assets=<path>   Path to user asset directory, available at
+#                             /user.
+#  --web.enable-lifecycle     Enable shutdown and reload via HTTP request.
+#  --web.enable-admin-api     Enable API endpoints for admin control actions.
+#  --web.console.templates="/etc/prometheus/consoles"
+#                             Path to the console template directory,
+#                             available at /consoles.
+#  --web.console.libraries="/etc/prometheus/console_libraries"
+#                             Path to the console library directory.
+#  --web.page-title="Prometheus Time Series Collection and Processing Server"
+#                             Document title of Prometheus instance.
+#  --web.cors.origin=".*"     Regex for CORS origin. It is fully anchored.
+#                             Example: 'https?://(domain1|domain2)\.com'
+#  --storage.tsdb.path="/var/lib/prometheus/metrics2/"
+#                             Base path for metrics storage.
+#  --storage.tsdb.retention=15d
+#                             [DEPRECATED] How long to retain samples in
+#                             storage. This flag has been deprecated, use
+#                             "storage.tsdb.retention.time" instead
+#  --storage.tsdb.retention.time=15d
+#                             How long to retain samples in storage. When this
+#                             flag is set it overrides
+#                             "storage.tsdb.retention".
+#                             If neither this flag nor "storage.tsdb.retention"
+#                             nor "storage.tsdb.retention.size" is set, the
+#                             retention time defaults to 15d.
+#                             Units Supported: y, w, d, h, m, s, ms.
+#  --storage.tsdb.retention.size=
+#                             [EXPERIMENTAL] Maximum number of bytes that can
+#                             be stored for blocks. Units supported: KB, MB,
+#                             GB, TB, PB. This flag is experimental and can be
+#                             changed in future releases.
+#  --storage.tsdb.use-lockfile
+#                             Create a lockfile in data directory.
+#  --storage.tsdb.allow-overlapping-blocks
+#                             [EXPERIMENTAL] Allow overlapping blocks, which
+#                             in turn enables vertical compaction and
+#                             vertical query merge.
+#  --storage.tsdb.wal-compression
+#                             Compress the tsdb WAL.
+#  --storage.remote.flush-deadline=<duration>
+#                             How long to wait flushing sample on shutdown or
+#                             config reload.
+#  --storage.remote.read-sample-limit=5e7
+#                             Maximum overall number of samples to return via
+#                             the remote read interface, in a single query. 0
+#                             means no limit. This limit is ignored for
+#                             streamed response types.
+#  --storage.remote.read-concurrent-limit=10
+#                             Maximum number of concurrent remote read calls.
+#                             0 means no limit.
+#  --storage.remote.read-max-bytes-in-frame=1048576
+#                             Maximum number of bytes in a single frame for
+#                             streaming remote read response types before
+#                             marshalling. Note that client might have limit on
+#                             frame size as well. 1MB as recommended by
+#                             protobuf by default.
+#  --rules.alert.for-outage-tolerance=1h
+#                             Max time to tolerate prometheus outage for
+#                             restoring "for" state of alert.
+#  --rules.alert.for-grace-period=10m
+#                             Minimum duration between alert and restored "for"
+#                             state. This is maintained only for alerts with
+#                             configured "for" time greater than grace period.
+#  --rules.alert.resend-delay=1m
+#                             Minimum amount of time to wait before resending
+#                             an alert to Alertmanager.
+#  --alertmanager.notification-queue-capacity=10000
+#                             The capacity of the queue for pending
+#                             Alertmanager notifications.
+#  --alertmanager.timeout=10s
+#                             Timeout for sending alerts to Alertmanager.
+#  --query.lookback-delta=5m  The maximum lookback duration for retrieving
+#                             metrics during expression evaluations and
+#                             federation.
+#  --query.timeout=2m         Maximum time a query may take before being
+#                             aborted.
+#  --query.max-concurrency=20
+#                             Maximum number of queries executed concurrently.
+#  --query.max-samples=50000000
+#                             Maximum number of samples a single query can load
+#                             into memory. Note that queries will fail if they
+#                             try to load more samples than this into memory,
+#                             so this also limits the number of samples a query
+#                             can return.
+#  --log.level=info           Only log messages with the given severity or
+#                             above. One of: [debug, info, warn, error]
+#  --log.format=logfmt        Output format of log messages. One of: [logfmt,
+#                             json]
diff --git a/roles/prometheus_federate/tasks/main.yml b/roles/prometheus_federate/tasks/main.yml
index 366f614..bcadbc0 100644
--- a/roles/prometheus_federate/tasks/main.yml
+++ b/roles/prometheus_federate/tasks/main.yml
@@ -21,10 +21,12 @@
   notify: Restart Prometheus
 
 - name: Define Prometheus retention time
-  lineinfile:
-    path: /etc/default/prometheus
-    regexp: '^ARGS=\"--log.level=debug\"'
-    line: "ARGS=\"--log.level=debug --storage.tsdb.retention.time=120d\""
+  copy:
+    src: files/prometheus
+    dest: /etc/default/prometheus
+    owner: prometheus
+    group: prometheus
+    mode: u=r,g=r,o=
   notify: Restart Prometheus
 
 # We don't need to restart Prometheus when updating nodes

From 73e522f0c65006a8328137c65084c0a2f0ad5f81 Mon Sep 17 00:00:00 2001
From: Jean-Marie Mineau <jean-marie.mineau@protonmail.com>
Date: Thu, 23 Sep 2021 18:54:06 +0200
Subject: [PATCH 051/116] add exporter on bullseye

---
 roles/prometheus_node/files/apt.sh            | 32 ++++++++++
 .../prometheus-node-exporter-apt.service      |  7 +++
 .../files/prometheus-node-exporter-apt.timer  |  9 +++
 roles/prometheus_node/tasks/main.yml          | 58 +++++++++++++++++++
 4 files changed, 106 insertions(+)
 create mode 100644 roles/prometheus_node/files/apt.sh
 create mode 100644 roles/prometheus_node/files/prometheus-node-exporter-apt.service
 create mode 100644 roles/prometheus_node/files/prometheus-node-exporter-apt.timer

diff --git a/roles/prometheus_node/files/apt.sh b/roles/prometheus_node/files/apt.sh
new file mode 100644
index 0000000..b61e72f
--- /dev/null
+++ b/roles/prometheus_node/files/apt.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+#
+# Description: Expose metrics from apt updates.
+#
+# Author: Ben Kochie <superq@gmail.com>
+
+upgrades="$(/usr/bin/apt-get --just-print dist-upgrade \
+  | /usr/bin/awk -F'[()]' \
+      '/^Inst/ { sub("^[^ ]+ ", "", $2); gsub(" ","",$2);
+                 sub("\\[", " ", $2); sub("\\]", "", $2); print $2 }' \
+  | /usr/bin/sort \
+  | /usr/bin/uniq -c \
+  | awk '{ gsub(/\\\\/, "\\\\", $2); gsub(/\"/, "\\\"", $2);
+           gsub(/\[/, "", $3); gsub(/\]/, "", $3);
+           print "apt_upgrades_pending{origin=\"" $2 "\",arch=\"" $NF "\"} " $1}'
+)"
+
+echo '# HELP apt_upgrades_pending Apt package pending updates by origin.'
+echo '# TYPE apt_upgrades_pending gauge'
+if [[ -n "${upgrades}" ]] ; then
+  echo "${upgrades}"
+else
+  echo 'apt_upgrades_pending{origin="",arch=""} 0'
+fi
+
+echo '# HELP node_reboot_required Node reboot is required for software updates.'
+echo '# TYPE node_reboot_required gauge'
+if [[ -f '/run/reboot-required' ]] ; then
+  echo 'node_reboot_required 1'
+else
+  echo 'node_reboot_required 0'
+fi
diff --git a/roles/prometheus_node/files/prometheus-node-exporter-apt.service b/roles/prometheus_node/files/prometheus-node-exporter-apt.service
new file mode 100644
index 0000000..63c901d
--- /dev/null
+++ b/roles/prometheus_node/files/prometheus-node-exporter-apt.service
@@ -0,0 +1,7 @@
+[Unit]
+Description=Collect apt metrics for prometheus-node-exporter
+
+[Service]
+Type=oneshot
+Environment=TMPDIR=/var/lib/prometheus/node-exporter
+ExecStart=/bin/bash -c "/usr/share/prometheus-node-exporter/apt.sh | sponge /var/lib/prometheus/node-exporter/apt.prom"
diff --git a/roles/prometheus_node/files/prometheus-node-exporter-apt.timer b/roles/prometheus_node/files/prometheus-node-exporter-apt.timer
new file mode 100644
index 0000000..6ed4b45
--- /dev/null
+++ b/roles/prometheus_node/files/prometheus-node-exporter-apt.timer
@@ -0,0 +1,9 @@
+[Unit]
+Description=Run apt metrics collection every 15 minutes
+
+[Timer]
+OnBootSec=0
+OnUnitActiveSec=15min
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/prometheus_node/tasks/main.yml b/roles/prometheus_node/tasks/main.yml
index 8a82947..b1bf76f 100644
--- a/roles/prometheus_node/tasks/main.yml
+++ b/roles/prometheus_node/tasks/main.yml
@@ -37,3 +37,61 @@
     line: |
       ARGS="--web.listen-address={{ ansible_hostname }}.adm.auro.re:9100"
   notify: Restart prometheus-node-exporter
+
+- name: Add monitoring for apt on bullseye
+  block:
+    - name: Install moreutils # we need the sponge command
+      apt:
+        name:
+          - moreutils
+        state: latest
+        update_cache: true
+      register: apt_result
+      retries: 3
+      until: apt_result is succeeded
+
+    - name: Ensure /usr/share/prometheus-node-exporter exist
+      file:
+        path: /usr/share/prometheus-node-exporter/
+        state: directory
+        group: root
+        owner: root
+        mode: u=rwx,g=rx,o=rx
+
+    - name: Add the script
+      copy:
+        src: apt.sh
+        dest: /usr/share/prometheus-node-exporter/apt.sh
+        group: root
+        owner: root
+        mode: u=rwx,g=rx,o=rx
+
+    - name: Add the timer
+      copy:
+        src: prometheus-node-exporter-apt.timer
+        dest: /lib/systemd/system/prometheus-node-exporter-apt.timer
+        group: root
+        owner: root
+        mode: u=rw,g=r,o=r
+
+    - name: Add the service
+      copy:
+        src: prometheus-node-exporter-apt.service
+        dest: /lib/systemd/system/prometheus-node-exporter-apt.service
+        group: root
+        owner: root
+        mode: u=rw,g=r,o=r
+
+    - name: Enable the timer
+      systemd:
+        name: prometheus-node-exporter-apt.timer
+        state: started
+        enabled: true
+
+    - name: Enable the service
+      systemd:
+        name: prometheus-node-exporter-apt.service
+        state: started
+        enabled: true
+
+  when: ansible_facts['lsb']['codename'] == 'bullseye'

From 5d3d965112e398dc53186f817abcfea6a6cf8eed Mon Sep 17 00:00:00 2001
From: Jean-Marie Mineau <jean-marie.mineau@protonmail.com>
Date: Thu, 23 Sep 2021 19:02:26 +0200
Subject: [PATCH 052/116] the service does not need to be enabled

---
 roles/prometheus_node/tasks/main.yml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/roles/prometheus_node/tasks/main.yml b/roles/prometheus_node/tasks/main.yml
index b1bf76f..ac5a14a 100644
--- a/roles/prometheus_node/tasks/main.yml
+++ b/roles/prometheus_node/tasks/main.yml
@@ -88,10 +88,4 @@
         state: started
         enabled: true
 
-    - name: Enable the service
-      systemd:
-        name: prometheus-node-exporter-apt.service
-        state: started
-        enabled: true
-
   when: ansible_facts['lsb']['codename'] == 'bullseye'

From 8b54121a877e2d9458a21c67eaba77b1ba16c60b Mon Sep 17 00:00:00 2001
From: Jeltz <tom.barthe+aurore@ens-paris-saclay.fr>
Date: Fri, 24 Sep 2021 01:41:01 +0200
Subject: [PATCH 053/116] Install prometheus-node-exporter-collectors

---
 roles/prometheus_node/tasks/main.yml | 62 +++++-----------------------
 1 file changed, 10 insertions(+), 52 deletions(-)

diff --git a/roles/prometheus_node/tasks/main.yml b/roles/prometheus_node/tasks/main.yml
index ac5a14a..dea8596 100644
--- a/roles/prometheus_node/tasks/main.yml
+++ b/roles/prometheus_node/tasks/main.yml
@@ -23,6 +23,16 @@
   when:
     - ansible_lsb.codename == 'stretch'
 
+- name: Install Prometheus node-exporter collectors (bullseye)
+  apt:
+    update_cache: true
+    name: prometheus-node-exporter-collectors
+    install_recommends: false
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+  when: ansible_facts['lsb']['codename'] == 'bullseye'
+
 - name: Activate prometheus-node-exporter service
   systemd:
     name: prometheus-node-exporter
@@ -37,55 +47,3 @@
     line: |
       ARGS="--web.listen-address={{ ansible_hostname }}.adm.auro.re:9100"
   notify: Restart prometheus-node-exporter
-
-- name: Add monitoring for apt on bullseye
-  block:
-    - name: Install moreutils # we need the sponge command
-      apt:
-        name:
-          - moreutils
-        state: latest
-        update_cache: true
-      register: apt_result
-      retries: 3
-      until: apt_result is succeeded
-
-    - name: Ensure /usr/share/prometheus-node-exporter exist
-      file:
-        path: /usr/share/prometheus-node-exporter/
-        state: directory
-        group: root
-        owner: root
-        mode: u=rwx,g=rx,o=rx
-
-    - name: Add the script
-      copy:
-        src: apt.sh
-        dest: /usr/share/prometheus-node-exporter/apt.sh
-        group: root
-        owner: root
-        mode: u=rwx,g=rx,o=rx
-
-    - name: Add the timer
-      copy:
-        src: prometheus-node-exporter-apt.timer
-        dest: /lib/systemd/system/prometheus-node-exporter-apt.timer
-        group: root
-        owner: root
-        mode: u=rw,g=r,o=r
-
-    - name: Add the service
-      copy:
-        src: prometheus-node-exporter-apt.service
-        dest: /lib/systemd/system/prometheus-node-exporter-apt.service
-        group: root
-        owner: root
-        mode: u=rw,g=r,o=r
-
-    - name: Enable the timer
-      systemd:
-        name: prometheus-node-exporter-apt.timer
-        state: started
-        enabled: true
-
-  when: ansible_facts['lsb']['codename'] == 'bullseye'

From f60795beaa72afae99f7ab32ef6fc00f8e511085 Mon Sep 17 00:00:00 2001
From: Jeltz <tom.barthe+aurore@ens-paris-saclay.fr>
Date: Thu, 28 Oct 2021 10:54:21 +0200
Subject: [PATCH 054/116] Add syslog over TCP support

---
 host_vars/log.adm.auro.re.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/host_vars/log.adm.auro.re.yml b/host_vars/log.adm.auro.re.yml
index 2d7a21a..f088784 100644
--- a/host_vars/log.adm.auro.re.yml
+++ b/host_vars/log.adm.auro.re.yml
@@ -10,5 +10,7 @@ rsyslog_inputs:
     port: 20514
   - proto: udp
     port: 514
+  - proto: tcp
+    port: 6514
 rsyslog_outputs: []
 ...

From 6e77b4cb3cd7e0aa84962b2ac22fe66a660eb572 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 21 Nov 2021 09:40:37 +0100
Subject: [PATCH 055/116] Update copy-keys.sh script and SSH configuration

---
 README.md    | 9 ++++++---
 copy-keys.sh | 2 +-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index cb8683f..d05d2e2 100644
--- a/README.md
+++ b/README.md
@@ -88,9 +88,12 @@ On va utiliser plutôt `ProxyJump`.
 Dans la configuration SSH :
 
 ```
-# Use a proxy jump server to log on all Aurore inventory
-Host 10.128.0.* *.adm.auro.re
-    ProxyJump passerelle.auro.re
+Host *.adm.auro.re *.pve.auro.re
+    # Accept new host keys
+    StrictHostKeyChecking accept-new
+
+    # Use routeur-aurore to connect to administration VLANs
+    ProxyJump routeur-aurore.auro.re
 ```
 
 Il faut sa clé SSH configurée sur le serveur que l'on déploit.
diff --git a/copy-keys.sh b/copy-keys.sh
index 6aa1bb6..857e1a5 100755
--- a/copy-keys.sh
+++ b/copy-keys.sh
@@ -15,6 +15,6 @@ for host in $HOSTS; do
 
   # sshpass can be used for non-interactive password authentication.
   # place your password in ldap-password.txt.
-  SSHPASS=${passwd} sshpass -v -e ssh-copy-id -i ~/.ssh/id_rsa "$host"
+  SSHPASS=${passwd} sshpass -v -e ssh-copy-id "$host"
 done
 

From 311cfb223b37ff04f6fa3d25d922f1d386443498 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 21 Nov 2021 10:06:08 +0100
Subject: [PATCH 056/116] Remove defunct servers

---
 hosts | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/hosts b/hosts
index 5b24998..ad493c7 100644
--- a/hosts
+++ b/hosts
@@ -8,10 +8,7 @@
 ###############################################################################
 # Aurore : main services
 
-viviane.adm.auro.re
-
 [aurore_pve]
-merlin.adm.auro.re
 
 [aurore_vm]
 routeur-aurore.adm.auro.re
@@ -41,7 +38,6 @@ litl.adm.auro.re
 log.adm.auro.re
 
 [aurore_testing_vm]
-pendragon.adm.auro.re
 
 ###############################################################################
 # OVH
@@ -51,11 +47,8 @@ horus.adm.auro.re
 
 [ovh_container]
 synapse.adm.auro.re
-phabricator.adm.auro.re
-wiki.adm.auro.re
 www.adm.auro.re
 proxy-ovh.adm.auro.re
-matrix-services.adm.auro.re
 
 [ovh_vm]
 serge.adm.auro.re
@@ -77,7 +70,6 @@ prometheus-federate.adm.auro.re
 perceval.adm.auro.re
 
 [fleming_pve]
-freya.adm.auro.re
 marki.adm.auro.re
 
 [fleming_vm]
@@ -350,7 +342,6 @@ gh-1-2.borne.auro.re
 ###############################################################################
 # Les Rives
 [rives_pve]
-thor.adm.auro.re
 loki.adm.auro.re
 
 [rives_vm]

From b2a17e20f294c5c10ae9dac7d5c9ea17909323f0 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 21 Nov 2021 10:23:24 +0100
Subject: [PATCH 057/116] Rename stream to galene

---
 hosts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts b/hosts
index ad493c7..984da24 100644
--- a/hosts
+++ b/hosts
@@ -22,7 +22,7 @@ camelot.adm.auro.re
 gitea.adm.auro.re
 drone.adm.auro.re
 nextcloud.adm.auro.re
-stream.adm.auro.re
+galene.adm.auro.re
 re2o-server.adm.auro.re
 re2o-ldap.adm.auro.re
 re2o-db.adm.auro.re

From 11b3738fcd945a9dddace5e7f4f801a3f2b96c45 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Mon, 22 Nov 2021 18:00:57 +0100
Subject: [PATCH 058/116] ldap_client: Add one extra line to follow Debian

---
 roles/ldap_client/templates/nslcd.conf.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/ldap_client/templates/nslcd.conf.j2 b/roles/ldap_client/templates/nslcd.conf.j2
index e5b8841..3fe094b 100644
--- a/roles/ldap_client/templates/nslcd.conf.j2
+++ b/roles/ldap_client/templates/nslcd.conf.j2
@@ -60,3 +60,4 @@ tls_cacertfile /etc/ssl/certs/ca-certificates.crt
 
 # The search scope.
 #scope sub
+

From cfb891d10c1d5d0545fe54defa362e228ad7aa2a Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Mon, 22 Nov 2021 18:01:11 +0100
Subject: [PATCH 059/116] Add netbox machine

---
 hosts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hosts b/hosts
index 984da24..c216aba 100644
--- a/hosts
+++ b/hosts
@@ -36,6 +36,7 @@ bdd.adm.auro.re
 bdd-ovh.adm.auro.re
 litl.adm.auro.re
 log.adm.auro.re
+netbox.adm.auro.re
 
 [aurore_testing_vm]
 

From 1392e3fe6486fc8313617e891d6ca651873a1895 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Mon, 22 Nov 2021 18:01:21 +0100
Subject: [PATCH 060/116] Remove cached motd

---
 roles/update_motd/tasks/main.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/roles/update_motd/tasks/main.yml b/roles/update_motd/tasks/main.yml
index f4a125d..9479003 100644
--- a/roles/update_motd/tasks/main.yml
+++ b/roles/update_motd/tasks/main.yml
@@ -22,6 +22,13 @@
     - 20-uname
   notify: Remove cached motd
 
+- name: Remove Debian uname motd
+  become: true
+  file:
+    path: /etc/update-motd.d/10-uname
+    state: absent
+  notify: Remove cached motd
+
 - name: Remove Debian warranty motd
   become: true
   file:

From 94b8f3730269c5bc433383a0e30bb7db9053b555 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Mon, 22 Nov 2021 18:02:53 +0100
Subject: [PATCH 061/116] rsyslog_common: remove become true

---
 roles/rsyslog_common/tasks/main.yml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/roles/rsyslog_common/tasks/main.yml b/roles/rsyslog_common/tasks/main.yml
index 6ca28d1..c481935 100644
--- a/roles/rsyslog_common/tasks/main.yml
+++ b/roles/rsyslog_common/tasks/main.yml
@@ -1,12 +1,10 @@
 ---
 - name: Install rsyslog
-  become: true
   apt:
     name: rsyslog
     state: present
 
 - name: Install rsyslog modules if needed
-  become: true
   apt:
     name: "{{ item.pkg }}"
     state: present
@@ -18,7 +16,6 @@
       pkg: rsyslog-hiredis
 
 - name: Deploy main rsyslog configuration
-  become: true
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
@@ -33,7 +30,6 @@
   notify: Restart rsyslog
 
 - name: Create journald.conf.d directory
-  become: true
   file:
     path: /etc/systemd/journald.conf.d
     state: directory
@@ -42,7 +38,6 @@
     mode: u=rwx,g=rx,o=rx
 
 - name: Deploy journald configuration
-  become: true
   template:
     src: forward-syslog.conf.j2
     dest: /etc/systemd/journald.conf.d/forward-syslog.conf
@@ -52,7 +47,6 @@
   notify: Restart systemd-journald
 
 - name: Deploy logrotate configuration
-  become: true
   template:
     src: logrotate.j2
     dest: /etc/logrotate.d/rsyslog
@@ -62,7 +56,6 @@
   notify: Reload logrotate
 
 - name: Enable rsyslog service
-  become: true
   systemd:
     name: rsyslog.service
     state: started

From 3a56439facc0c2f963dd1a818244b16b88339c2b Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Mon, 22 Nov 2021 18:03:09 +0100
Subject: [PATCH 062/116] update_motd: remove become true

---
 roles/update_motd/tasks/main.yml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/roles/update_motd/tasks/main.yml b/roles/update_motd/tasks/main.yml
index 9479003..e0ae1f8 100644
--- a/roles/update_motd/tasks/main.yml
+++ b/roles/update_motd/tasks/main.yml
@@ -1,6 +1,5 @@
 ---
 - name: Ensure update-motd.d exists
-  become: true
   file:
     path: /etc/update-motd.d
     state: directory
@@ -9,7 +8,6 @@
     group: root
 
 - name: Customize motd
-  become: true
   template:
     src: "{{ item }}"
     dest: "/etc/update-motd.d/{{ item }}"
@@ -23,21 +21,18 @@
   notify: Remove cached motd
 
 - name: Remove Debian uname motd
-  become: true
   file:
     path: /etc/update-motd.d/10-uname
     state: absent
   notify: Remove cached motd
 
 - name: Remove Debian warranty motd
-  become: true
   file:
     path: /etc/motd
     state: absent
   notify: Remove cached motd
 
 - name: Ensure motd-messages exists
-  become: true
   file:
     path: /etc/motd-messages
     state: directory
@@ -47,7 +42,6 @@
   notify: Remove cached motd
 
 - name: Install additional motd messages
-  become: true
   copy:
     content: "✨ {{ item.message }}\n"
     dest: "/etc/motd-messages/{{ item.key }}"

From 3efc8179bc9e2d9d5fe059928fd02552553b78c3 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Mon, 22 Nov 2021 18:08:25 +0100
Subject: [PATCH 063/116] logrotate: restore Debian formatting

---
 roles/logrotate/templates/logrotate.conf | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/roles/logrotate/templates/logrotate.conf b/roles/logrotate/templates/logrotate.conf
index 7e65378..385db96 100644
--- a/roles/logrotate/templates/logrotate.conf
+++ b/roles/logrotate/templates/logrotate.conf
@@ -1,7 +1,24 @@
+# see "man logrotate" for details
 {{ ansible_managed | comment }}
 
+# global options do not affect preceding include directives
+
+# rotate log files weekly
 weekly
+
+# keep 4 weeks worth of backlogs
 rotate 4
+
+# create new (empty) log files after rotating old ones
 create
 
+# use date as a suffix of the rotated file
+#dateext
+
+# uncomment this if you want your log files compressed
+#compress
+
+# packages drop log rotation information into this directory
 include /etc/logrotate.d
+
+# system-specific logs may also be configured here.

From 2ac9c4057960b91dc941491ddb2d1d635693e28a Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Mon, 22 Nov 2021 18:12:27 +0100
Subject: [PATCH 064/116] make log.yml executable

---
 log.yml | 1 +
 1 file changed, 1 insertion(+)
 mode change 100644 => 100755 log.yml

diff --git a/log.yml b/log.yml
old mode 100644
new mode 100755
index e63f59a..b37e4d5
--- a/log.yml
+++ b/log.yml
@@ -1,3 +1,4 @@
+#!/usr/bin/env ansible-playbook
 ---
 - hosts: log.adm.auro.re
   roles:

From eed6ec558c53f46d0bf1fa799a51bf3041d021d8 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Mon, 22 Nov 2021 18:24:38 +0100
Subject: [PATCH 065/116] README: use passerelle.auro.re

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index d05d2e2..541ca42 100644
--- a/README.md
+++ b/README.md
@@ -92,8 +92,8 @@ Host *.adm.auro.re *.pve.auro.re
     # Accept new host keys
     StrictHostKeyChecking accept-new
 
-    # Use routeur-aurore to connect to administration VLANs
-    ProxyJump routeur-aurore.auro.re
+    # Use passerelle to connect to administration VLANs
+    ProxyJump passerelle.auro.re
 ```
 
 Il faut sa clé SSH configurée sur le serveur que l'on déploit.

From 7f531209662960a3436fc430b112c0fad1d84997 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Thu, 25 Nov 2021 11:55:01 +0100
Subject: [PATCH 066/116] proxy.adm.auro.re: reverse netbox and wiki

---
 host_vars/proxy.adm.auro.re.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/host_vars/proxy.adm.auro.re.yml b/host_vars/proxy.adm.auro.re.yml
index 6eb74f2..105732f 100644
--- a/host_vars/proxy.adm.auro.re.yml
+++ b/host_vars/proxy.adm.auro.re.yml
@@ -64,3 +64,9 @@ loc_reverseproxy:
 
     - from: wikijs.auro.re
       to: "10.128.0.66:3000"
+
+    - from: wiki.auro.re
+      to: "10.128.0.66:3000"
+
+    - from: netbox.auro.re
+      to: 10.128.0.97

From 7b82a3f7eaae03510ca9d327fa76994756d208d6 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 17:10:51 +0100
Subject: [PATCH 067/116] Add YAML headers

---
 group_vars/reverseproxy.yml        | 1 +
 host_vars/re2o-bdd.adm.auro.re.yml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/group_vars/reverseproxy.yml b/group_vars/reverseproxy.yml
index fdb4685..34d7d6b 100644
--- a/group_vars/reverseproxy.yml
+++ b/group_vars/reverseproxy.yml
@@ -1,3 +1,4 @@
+---
 loc_nginx:
   servers: []
 
diff --git a/host_vars/re2o-bdd.adm.auro.re.yml b/host_vars/re2o-bdd.adm.auro.re.yml
index 3b7266a..7991f13 100644
--- a/host_vars/re2o-bdd.adm.auro.re.yml
+++ b/host_vars/re2o-bdd.adm.auro.re.yml
@@ -1 +1,2 @@
+---
 postgresql_databases: true

From a523b29ac70d8c8af24831f0f573b3c55f095117 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 17:10:59 +0100
Subject: [PATCH 068/116] Add escalope.adm.auro.re

---
 hosts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hosts b/hosts
index c216aba..0a257be 100644
--- a/hosts
+++ b/hosts
@@ -9,6 +9,7 @@
 # Aurore : main services
 
 [aurore_pve]
+escalope.adm.auro.re
 
 [aurore_vm]
 routeur-aurore.adm.auro.re

From aba0370c5bb7d27c7e497858fa2facded7e88b63 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 10:05:11 +0100
Subject: [PATCH 069/116] Add grafana playbook and machine

---
 grafana.yml                          |  19 ++
 group_vars/all/vault.yml             | 438 ++++++++++++++-------------
 host_vars/proxy.adm.auro.re.yml      |   3 +
 hosts                                |   1 +
 roles/grafana/handlers/main.yml      |   6 +
 roles/grafana/tasks/main.yml         | 113 +++++++
 roles/grafana/templates/ldap.toml.j2 |  63 ++++
 7 files changed, 426 insertions(+), 217 deletions(-)
 create mode 100755 grafana.yml
 create mode 100644 roles/grafana/handlers/main.yml
 create mode 100644 roles/grafana/tasks/main.yml
 create mode 100644 roles/grafana/templates/ldap.toml.j2

diff --git a/grafana.yml b/grafana.yml
new file mode 100755
index 0000000..fedc0c2
--- /dev/null
+++ b/grafana.yml
@@ -0,0 +1,19 @@
+#!/usr/bin/env ansible-playbook
+---
+# Deploy Grafana
+- hosts: grafana.adm.auro.re
+  vars:
+    grafana:
+      root_url: https://grafana.auro.re
+      database:
+        type: postgres
+        host: 10.128.0.95
+        name: grafana
+        user: grafana
+        password: "{{ vault_postgresql_grafana_passwd }}"
+      ldap:
+        host: "re2o-ldap.adm.auro.re ldap-replica-ovh.adm.auro.re 10.128.0.21 10.128.0.149"
+        bind_dn: cn=grafana,ou=service-users,dc=auro,dc=re
+        bind_password: "{{ vault_ldap_grafana_password }}"
+  roles:
+    - grafana
diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
index 8f78c92..ac9dd3b 100644
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@@ -1,218 +1,222 @@
 $ANSIBLE_VAULT;1.1;AES256
-34353636353331626234623838643238343237306237313336663433326164313030646263393165
-3964666632653139323634663061363763656533373538660a393464333663313633393866383432
-31303736366665306465333037373835383266383035626666353461623435393438303861376435
-3161393136653361610a336438393566393936633637613436366634353237313363653232333263
-38643566626564656635316564363362386236356164646238336265663839363430623739366266
-66333233666439656561626161653336633136396565336633356630303436303234613063396238
-62363437306639343236636537303363313236633765363430623865323734316531383662353763
-37636439356164303730323235346362393436656333393062333566336536316131343338663630
-31613063313034396162323034313562356662653266636638633665376531663932653461636363
-32653061386562376237653837333239326438656630646138393362383539616339393365343435
-63616462363733623930623435333435333937336538353735626161666162333337633931333338
-62316638373736326432373464326266373361613864633262656432313364343366373832643865
-64343866393966346534623238386437373632326632376166396630613630613365393932333066
-37663162656134346564353762383961386161343064373637373634353231653137383461626666
-34666365656632333764613931643266613737393032366431323764623830666131386566613535
-30346631396237336332636438653339613633636662663266663235613634346162316134336533
-61353361353437626231393137653464363934383233363830373961373033653336323666313836
-63643638353438363661653239346530366630336661343336303836383439613462333532653263
-63643437323166386230663635333130333632376661393830646365333666323239323134386636
-30656266323839633237663433376136313437366264633039376165633961656137363038616534
-32393330656464373739353833646232633634333937613932393834356535396464613633653334
-33386231313830656562366335333162386461616331333733343163313562636232646261383135
-36376131333931303566343337343539323265313931346538343539363230643030646531373134
-36636364326539356533363832333661396435363365633831346664393165626330356536343961
-64613935636333333331633931313266633732663430373166393362373431353363316630663235
-31353936343932386665366134643962313937366634396262386434396334383332343537383163
-37323235326161636339323237643366323430623136323937353665383364306436616664356662
-38616466636465313330303464343665333163626231613164663030623963626634383965613135
-31336632366231613062366430393636646535616134383232386334343137333138643866393633
-38636161623734613862313638666562393164356536613665303839633035636330353965356163
-65646530383162323630633865363334306234383466383033663762633933653162356166376138
-33343832323466333132386564336636323765383839366134636433613866623830626133303434
-64643066366638316633663338333335313466366433313134306239393233663233333730333138
-32666133633931393961323663353565653532323837316165653536396339316364623633613137
-30626636623037396438636261633939643363326136613631376139396538623932356237313637
-62656337663438623666633435373564313566636538373339663731393564653264623863353032
-33613639616135623735393364623439393432316632626239313837653464623563393663346163
-36303764343562376337366465643434646263383133336162376166383434633436633263303263
-61656536363037666230393063336263363865356465616231333966396332383434366265343434
-66363732313435656164613135333762306464373133343739636266346336346261366535316230
-36663433616332386166323965643436393433666264343062393463653339646264353264366663
-31653331613138316138383930336163616333666161386466616566323664346263396637393735
-38386462313763346164613430653133316631633261356663613738663435313963303734373364
-34353332643366353930633339373962376162383239316134346561336539643737656239336230
-33613662646466383434303638343362323933643831653932393030383762323539346332333961
-34616338386361353362366434663365663262383835383031393430633235393631666332623261
-36393231366164303165336633663565376334643864323366666434383634353031326633313266
-66346234323036396562313366346661333130363434643565333763316234353733383733623839
-37663761656131363932333330663638323733666333336636613264363164643230343964643061
-37633264313865373732653466356639653335313236646331623932303963326364343132656464
-65636665616364373538613732643938323364626166316437623166383734316662386134316233
-66313430626133303461336465333532373361616334393139663233363132393265643865656561
-63303734313934343636333135373164636536663935323030366563623635616535616230363061
-38653362343264626432373866313363373439333331333963333765356462323762333739313061
-33626365663433396562633534643630326364346135383531343063373266633635353130363166
-30363735386665346661343166373034663466636335323838666465613163353039366233386562
-39626462383635356230343031633666346561376462376634636236323164626537396337323337
-64653163623030326435623833383136386366613764623633303732613337373732386432303737
-61303530356461343339333165663161343262613434306162653563643765323837303537653963
-30383964336230326336313765333832323639626131303063363030313537346463393765303132
-33376633313135613832616239343939363562363132666433373966616166383836376636363630
-65376266323266636430383236616338373632323134626165393961383733363365383761653538
-61386365363262623665313637333761626561643530376433326531313161303733626432333866
-63663762313130336535666134343961353337653034643436363263306664666562356431313433
-63333034623762663630323031653363356666366538323064363866366662656466666361373938
-35653562383865363437346466663963326439316531396165376439383931366132386161346364
-66633334666239393336383336376130663633613161306564336131356435396639336566636131
-37653763373537353635393536363531626332313461626166373763613861346433653237306636
-39393435633163386164356131636530623732316538646133316365383561653061376431333431
-66356561333637353537316231616133646231306462626439326462393131633562393462396132
-62396337626436336230636338373439343839646266613033633930383530363932616463633538
-35646230393536396330383566346138633434333063333362313139643537346236313336376463
-31363335633333333262316239383735633139383332303235623430626539626466336365306465
-66396336323637613036616532363963363430383737343566366162663836396132353933346534
-35366565336462646364643137323864656334336635376435623561666530386334623964323136
-39653365646161366330376336353931633366653832383966656639393364386438363832333934
-34616536653064363739333363663233376631636134323162626333343035396265666662636230
-31343931323435373964383562616333333835326238623131646433366134343830616432643866
-36353363356532383963623364636363393834343132303434393331653335313938393662376534
-33376565613433373864666536313439656339306532643233336137363264303638346563643932
-35343838616538343262613066343665386433386339373362313533643639326136663430363135
-37393734306565613566663632643639343939353361656566663431386539333136393663656262
-34363537333431356363633932373736383262343336396666383237616661353763643861376537
-63306133353331653833346339663062353438356162356431333336373536623439366132343930
-31623736353532323230373264363163386339346563313236633061313239663962623136323962
-62333166636230363333633661336539373962623337666538636565643664396132613263633461
-64663430666630303562323065613838666265653438383838363561303637663931613239326639
-30663533376662333162613731636665646565336465396132663165613431343332313038613335
-62643030376564306335633138373937613934653738396361303064306263353566336232346639
-38323266373537646334633761643933653931646439353939326536383463373666646262353362
-61356230333461646435353332656564616464363539373966333535653365326330333230373539
-62613335363632393335306535643862653262363031356439386639656262353662656432656331
-34323431356337646238353135326332346431383535643735646562386161353164393961646264
-63396161316563323537396431646561633730373930306637623438323761613935396238363965
-61613339353234626565653939643139626665343439626365656165616437653234326530316464
-39303433333533643439313464623531646133316563306337386261356332393435613237653632
-63386439353136383265323965646538316334343661376532323461636666363630613836366233
-63326465633438633564396135386137383061663264373530313330666639333236343539653734
-62323637313131613839363665633163316235306536343039626166396263383332363365373936
-66356135646330373162346261326531616538303566663761626639363635633064623361663463
-34373937653165376262643064653738396365353532343864653836306231306566386665343963
-36353066346161323733346131386466653964653961343136643039653035383864653238663265
-35623565303731636164353664666636303430333933616230336330393530633032353037626339
-34326664373239663330356430346531663635646161356130623733303862613964613433393334
-33303735333934343964363230326634653465623465366465386639616361316139323536363261
-30313531363533356636303565303265363430363530356662313838646435316439363263346165
-37666463393332323066376464313339383138343235613438663464613436376237333565616563
-31363936393731623562363331666433626636396136636533353435386634336363613963636162
-33306233616636363432316236363665333162393133616130313530313764643738336666316639
-36613263303138633039376135396266613766666261373436626333373035393863376133386162
-38633333353963313433636236636339666135376530323731663761303938313764356636363963
-34393035333561626564313638656266313666643166633163636630633938346661653033643832
-36393632633765656661353236376432383034343766643336353236623437356638336264326364
-30616161633130653131373932303337616237656633346438323832623964323332613836326365
-66666666663766653865636435623562643637363134333336636231356332356439396262386338
-62643738326437343139616134386130616533653066666631633139653038646336306363373233
-30626134623732393361653637313235363463336331666231336434363432646363373534336661
-39623864643130613337336232313263323161313030353535313336393233643237343566373063
-64633935366430316566306461313261633031656562356461376632373031333462323237646263
-37343535393539393032653135653666393933326632653166666633613638333130623937383530
-35323737363662346337326134366239666137343031326663356533353033633332633931333738
-34383937316461313231313936626436633030373833306636643633343266343461363732373132
-66396233396432336336623166653361646561313432383861313061376234656636663864616132
-32336664636162346633376633353938613865323162356437373330306236383164376261613461
-37313839363331653139623264336631663534643530663434393535333865353965343161636638
-34653334373865356439333736366432323832323834633239333130386639366163643337303832
-37383637366231613930633661316466346136333666343266393137663965653331303034356661
-61643439383630353139613635636665616534396639643161653334626434616132333731323532
-39363462313039336661636332623530363832316564343135343330323362366633333632646239
-34633736383534653130343437376134616363363736613462326332643031376331636164623837
-32316331663030383762333562373937663663633931623535303139306163613962643762353633
-66643038633630633736316634316238643136363532396363323361323163363638653331616631
-30303832363163346663613433646432326566613738356133386238386266376261336532356338
-61383539336138666261636234316461646365373236383038363965626635393530346236666263
-38636164336463393565613362626334346565653464663136316564646631323835626364333536
-36633566613432346334656665636134386334663362633562623938343264396538656432366166
-65626635336139306335366265616430366337656265346235653333646362383232386434663832
-65636634646363323736323165666637373661333136636164613933396130633932373837393030
-38303466303363623038336363633037666631356262396631396464383065343730346537303534
-62383764653763313639313332386331653163313134303336396336323862323063643265383761
-35633939626636613030653564366266346338346239356163383864383762393261396561613032
-31313866356666666538613935653965373932366666303634636436633662333638396563336161
-32303934373238323838366563623035663863393835353839343230626235353830336532306532
-36303035613238656133643936353735646336396238363334326561336365666238363735633561
-62616338336664366631336364636564393539363163626465613530343939303961353364666364
-38666665326563333039386462656261666531646637306261316233336130343730663661336431
-62666138343766393262313431386136613139386265623939613830646233666134386235326564
-36353032383336353763363231313564396630363565666163316237323363633866323734326664
-30316533383363363461613564646137646337303738373833373238396661656265626139333637
-30353835363062393333646433356362613132653463656532366137356136306431633836653333
-65326266303038393233373263313933323637303539353065663233356333326235633064353536
-30626433356630316364386332393331626135656266376233363837303438636539386434613038
-31313938653662306533663635333564653232306436396331386433343561313365633664383865
-33356163343232626165353739386534346231336634656231613235383536616338383133383664
-31303734363836326662633062396130343637343731613532353533323164353934383230626436
-33356139303663326361333535306261386431343736396238616435633565613266306339363166
-61646233353636303739353336336662633662303861623864323033376133623734373436646365
-33626332366464393166613339623663346234653830386664396630376539656163633263663664
-63646539353035323263306136396537373561646264363939613737313462643063663136623136
-61643138623962383039313836633032323861313937643164343832303634643833393230656637
-35393566396562343863323235333835353135323139613166303539306266636265363931336162
-32363361356231326164376533346464613836373162323333336438333532333161633432343637
-65356364636264313036643836643863396435663837393564393833303037643331363633643065
-36396662626462303232386531653234373231306131353732656663353538356636646331646163
-32306362366264343966393237633831633263383236336133343166633639366266316235386538
-32623039366561643663653564633066306339613938386234666430666462316363373863626337
-37366232633365653462613732353064396539356432393661626462313663363634613434376462
-61316266366131343239616133613038303338323566633363666330336364393261636130313164
-32336237383536363562663537343661306434313964373034376263373262643635316664646130
-35333631626236653638633661363831323262336465323339356637356331313738666634656538
-34363438633566393866313662386365313030646230393862343735356535633366666138623863
-65306336356633326530303932373634613733643364336561653737363132343534333336376264
-34663965373532393330393763646232623533376332323239376232303935393339656230356537
-30306264636362353733656366363139613637303264323361333138666462666531323131663564
-62616362303035613733386231316431326333643739373738666135363232616564346238636462
-64623234363632613436636336323965383762626261626137386631393334666266343636323862
-34326431303365393234616263653862376466363861353835316336633336613534373235353436
-65663531303939386233353934376335643732373063666362343234353037363430356233356138
-34663530643266343535333336643938326131366239333630336163363263613561393639333631
-63333031643033623964303361383462343339353264656435626365393938613162623835646539
-62626331393339373839316166613965373862316438636561306162376535633861396531396637
-66623936323361616333326330616361323232343034343366643130623037653463333730316337
-61383965663130646334343833333737383931363339326266666437353030626262633263626135
-32626239383137303538623735343033633465653861316231636564653535646662646561333832
-30613639353563363534663764376232643630626434626466306663303331643565313239353131
-36303363306538393164663563313133636663653664616438346235646637636132373532393332
-35633533346432616532653937636565363431323161336430323566363239373035616264373636
-62306337323935336332663262396466323064633738306334386233663531313633656232373330
-38656635636264353635356165343233643061363836396266386631393433366265646662633239
-63303939363637663030663965626637336366666638386532666466613965396533373935346135
-62623837643462356334323234633263636130653762636461353037396461623961383330613731
-61626634383232313337313363363637623036653630396266623265363961303662366165373462
-66656364633735626231323335373135663462373966396136653634653865316238393263316464
-66663537383763386335383131303438353930366534616637636564313431346163353534366431
-34356262653134656633636631373963393032393061353636363333313464386463616638663939
-39306136373433346362613934626332316633353232373963633939336338656331366661666232
-37646566393062643738383832363230393337363361653566303433666561643936313037653662
-65666266353032313862666365313237323431666365613666373931383838383435663034343239
-39323139336266373463323465656237366166653230373236613335616433363465613131326234
-39393363386334303963613036333661373364633437386262363937333565316639313261643133
-62626235303163666435333030353039316432316661383933353834313733326435613366313030
-33303631323132323861613366313532333931623739623731353566373039656133653061633637
-36366365653836346662616135303536613331656364306163633731376634313739633634646132
-31396138663337656332653331616462333936313531646135663930616130623338323733663634
-62373866353663336138346335383637333738363035393366613434306536643239356436396333
-39333133366235666562383239363530343464353735666436356333313932613965613065663639
-39383962376264643337633365386164353166343165306634376634646233626466363661666465
-34306533616238616131306130323637656536663561306437346238303464616636306134366130
-30386566326465323962396130336661613433613938633565363635356166643263383364636164
-34643465353664386437316366396130383533626132363566656265353366663865616531386238
-32633831623334643166356237353164356563646132656130363634343664663765373839616430
-37346432616161636139643733346631643165313636323231643461313164646663623439663966
-33323230376337663566636233333038633465323238636533336136363037633065336538383033
-31356634363261643064326335656535356434373862663935316434613938663833626139646636
-63333936363637356234373237326430376232623561663461633138363032616138343730663939
-37353462326266636562373331326161646338623261303762316265323432313139356439306361
-32336132376439616662386132363566363438313739313830393336393439343839
+34373734643731373964636230646139623730383435353633356332333639343236366235333731
+3934326537386335393763623466613139366534396331640a323936636562333365343732643736
+39646133356363363838646662303862306531303330643863616436313762383138306538363335
+6563663532373438310a363235336531613561613337316131623330373933303035343465653032
+61343736333939636230383332636366636235303134393761626564363630336134626233623532
+33646363333435353663383332633635653033353335393638343831326431316535333032646266
+36353734356339343533306330323335396636666161356466316666373466646166396263316531
+33613534396634306437393561343036336538643862656362386563356464663135333537303438
+36633264666364323434393062383435343438316565626339323834343166633361306137313764
+64613736316566666534616636376334613032656563623565333933306434623364623833386131
+34613035613336626165363939393939306233316232376631363363396231336161623236656131
+31633434643862353333386437383036326239356332373434623834326631383137386135313464
+66643735343338373034336461346135643939643861646238366334323036633164303838353563
+34616366333761363865313134393131343739383862376361373965313634363762616564346465
+34336130393164386234623138373036343931323863336133323066326663303939646437383563
+64323338623539373332333430313235653666353436333234643734656334656161336539663463
+33336632343562316539353166623839646336316264356139646566303436333537396166346435
+64373262383839616136373030633738333536663430316664383330336536366630303765376664
+30623330363536333032303631326361613035366533366464663932643238616137643834313730
+35346563616136343239313164343466613836376365663665346164396332366134626337383635
+35613064623964306539363033653061656662373838313766376630323336653561373863396664
+32353263353733313062653934313261373763386231636132323139626135393132313530636539
+64623839363835333237313334313334663637363063376665653236613631663036623764303036
+34646333313531396562306633646432323436303732343832313562643265636531333364313136
+33643033643834313030656639373163333634656266306634306263633865386537303163636230
+64366664333131353866333331653938313737326135373334343539666239663537323238343930
+62613334343466336431343031373432313763643031316163626463643463653539663362383966
+33323431373630663138383734663636363932346538393637633832323364326164313662366666
+64303265373931333231643064643563613666633036376632343266386338333461313764373131
+38393435353634653565646465643061643766663661633333323665356534396437613539313465
+30353862353536663239383036353438376439323236666432396366316335376232323464356633
+64386461356363323732366263643130663461306131386535386131333230633465313537356332
+33643533613030333364346663646231613466396461393266323564663932626138663738363363
+34666439383532313062313436306561613330383433366136626135333330386266636531323461
+37313530393839336461626131366264396332303966353731376635336666323239653334356337
+32396431633965616566383538356431643031636234633730386639363934636134616463343639
+62373934386332313130323437313737623337373735653838316231396663343931393336393731
+66313263646633663165613066643439346530333163633733636366383135633265386262376338
+37366261316165643434353733373339656564386236353732633831396461613138643962363732
+33303331346365323437653933643763303161613338383236376139366561333737653639353066
+61646432306336316235346136636364356233366366383832336263353638356265616165666538
+62663431303231363238623061393032343263383535636339303762316261386161666464323132
+62383835373934626262623538313836373034623931616562626131636362616133663965633966
+65363435373639333236613335363666326462656638313132313361376638613238373634303031
+64326338323631663738333032363638613439633134363236396237663735336332643662646538
+39313239343834316263626663353432396232363362663365326430633862663335666630323062
+63363062336532303266306436383437346239356566613432653638666539633835373933633934
+66626162633539613765386437613565393737363962396265343835353930363231356433383238
+66613661396639333539333634333064646230663666303832333163643663386162363833356233
+34363465636136353465313932363636633261393839363934663366373164316239663437363631
+37343038636339313563643933356435396664343233376365323265306165376264396638306135
+62353034376637386631353133626662643238663864666266366163646366613036363538303133
+32613566376633663530383062643538323466313837303430666232343832323136323531666133
+37623231386365633938666564643862396466633430653038333833313163316230373032323939
+39616433316461326334643333306338663938626636303536656337646432386666613163366331
+32313263323566313038383339613765363834353133313834623932633736323964383939613139
+66366266653862333361343761643535643738623536646336653531356361363539616665613665
+61306330626230393365643964626133333831343830383666306364386539366336663064653361
+62643631653037316234616637386663313031336662353765363530333731356636353337623336
+31396462383030643435336231333266666262613336303232333164393935336261393863643764
+35393038346166663430353032346537623165393033353330636433663262623766373330626166
+31366636393466613733623536666537636361343734643938346634323939666264633430633934
+30376431336533626631306261653634663565623037616432613166396262313162353363346138
+32376461393064666661663566363336343437633065646434663430633334346335663733653234
+38353939306366383930616564313938653065636261373564313166353639363863326530333831
+32346137613166316163376632656539616135316539383432653530323033323232656636653435
+31633061643235313933623462353865343637333937383630653665323038316461316561303931
+61616135373666313165396664316538313434336331396539343733353461353138306138303538
+34393362613264313939396265616631646563363631316564353432346330353434646537313736
+63303861623734656463663762316435383963623035633533373736373762643930616562666138
+34383839616231646436653033313635343466326437613930396361316433646435643137323731
+39396537353665643434656235393665396465623135656638313933613765373536306665663361
+62393339356633393861666461663064306331653961616331396262643463393634336662333166
+66626635656634303030373336616563663730376562613335626435373232376465646362383436
+30666333373836626264633837386662333635333737616534343862636237613933613433326433
+30306639346666636230386130383932336566653636613264366462353439396335666330623736
+31643236343538326261653433333736653035343037343330643732653435623566373336326461
+35643236613038656438643238666635386433623365353436333632376564633261306365386238
+36646262613139303731396165633539653839383234666131346165343031666565646637323630
+39626536353230366364623962646163623732356434623839333464636132623466336637333736
+62393862356137616339313735626464316562343464373531333838626333393331623734313565
+64303535333265613634386565616634636133306162313738643834613035643062396233303364
+39316261633665343262363866366466363234643565336663643335396564633463633538373363
+36373331313339653938646132356362306232623435323336626437313934353364313762623930
+30303065356565633932653364613530613435396664363938326433303761663336363234326532
+63656134643234383862323730373333386130646565393165656463353062626130613237373834
+63313764646334623436356236393333376262373238373266363131396437333331616333623663
+36626532613730353932336437316239386164346335353635393661386561643531333731333939
+61616637343766626431306632316265306138636639356637306630336263363061346439376563
+32373166393835343362653330306535613465636264376561346461323266623934633965376536
+30633639343935633863636465643535626164636635623662333036313930633062373861356334
+34333631396530646532656439343238383865646534303564653038396534363234646638613766
+38356463613765656239663131356439323738373862383063313433356632636331383266323661
+38353364343338303461323533613562383637656633366435616530383735626464663635613465
+64646638326333666236323831303364363530383236626237303130343839656561653866346461
+35613835613761663262353036363465623538616162636234643962396330336161373739333763
+66636332613433303362623533323433353565383430343536616162366435653439353863313836
+31323531623237303165633164623235666134343765613836313561363663333734653161393162
+36386464363031366466343962383661313435616263323338366432373661336137316530393737
+37346432633065626634616630643533323163383362383034383166326136313061306165356639
+32646166373564326566336435626530343337393262323434323464333537363638346534313265
+34313133326236346565656138626263646165386235363834373833643538323764626236336333
+36343833383164316136326263303730386662656365393137343361643538646465306664363032
+31373862313330346630646439393965383735316563303838653461383864396230643033313531
+38663237343838336339653439643336383366656431386464646464323562663763363930623336
+63333936653133623565396264356261313063376236636462326432326433393863323236326136
+39396563393963653963323631393934346639656632303632363332326562383534653732663861
+31653933653066313134613634326562656632613932396136333639353633653635376562363066
+62316264613032313963313437636432393336313336656365663536306135666130356230346132
+34626563323039326237616562653336653065663435363163383765393733376639633839393731
+33623533623635656432626431653565303934663765633364316232316461363832376364666566
+38396334613438366264363730613238303065613765343839336532373838396630613165643937
+38376135646133363938336534613437343061303832313461376336323937343465616132383330
+30313831363333383962393934303134313735623234383662623935643831653462353334323733
+32366361383536343134633337393363376231343539663331353063326234633135376663343937
+66366665653963616639343735343438386637396664346537353534313366376439383739303364
+64393464653832633565653635343938306239376538633064373338303837336434383566316366
+62636539386464303663613261343262303536643530633238643565636636666131623530323861
+63353761366462396533303637316230393461383066616332336333626435396134363938343732
+63313464623061353565366337346563373237656437373936623237373163626466663432653831
+64303064313035393138646131313563333230383965333534363032393134633538643966656564
+64633934386632323663653035373234616438363534663439653130633533643234323737353165
+61356464643534323237626261366661396637323065396239313831323233313534313766393763
+33613062353338623936666463333138303761383336386431386637353365666635306362653866
+66326339303363313531376537323363656431666131303563316134616363633335356232663536
+30366339613063303166366139373065393130393436343838313261393331663239303531303735
+33336236383539363131616366633030633333316530313137643836363938306136353536613764
+63313035656530653837323662303032626630613033656133313663633439643835613539396530
+36383936346164333566666133303637343363336331306530336139626234376538636464636533
+37316438623235376633663462633632353630633363336163623835396561656434643736303330
+63323230346364316130643563363637313062323630643865663031643637613136333130623765
+31323463316463393465306538626435343935376664356337316166323136633433653737666663
+66666532396136373931616539363737303232393638346630366636643561393034636436386464
+64613066303432663734346538383766313333316562346130376565333636376330343530363735
+33333733353230393761633032623065633830353739633937306461316266353439356138626538
+61643631386239323638386664613234343635636666643835343039326530636263373435343633
+63393261333933376335366137326536316134636438323131323263663538393931623639646662
+30343032653936303066336135626363333032333265383661383563316532323165303838626566
+36373934303836643361633734363733356165643037616430663432623233393065396166396364
+33333265313666386463633636636439373861303661623166326631656434663262396630376231
+32366331386539343436373534626339313335393038303832376666613766363032663062323965
+61303265636235363330656264346332376261316532346465626235393961643734623161333736
+66666631393738653365656664633436333964666364386239333031383664313763373034386466
+63653931343630386635303263363962393635616663633834373138376134643437373563656237
+32643138663334643764356562316537633065666233363133303032393534316135323761313866
+39383139326131363731613536363434313163643033633730613330363032333937396633383536
+66363262313336363131306538366634386333356132333066333335343237393830333734643464
+66343635643632316438353761333864353566663863333362343637646231366666663433643763
+61326638303131326439316462336164396335653736373938393833316661616335343064653632
+65623739313433643262633832303664666635663930623864653935626532343863343834313037
+32306534353863656235333533383438366261653465323066643130346333383562323464343666
+34623431313334313062323335323230303438626162316139616361633366313066313265643065
+36366433643766616561386465303936613030633164636237363034663865313535313564373534
+62313334623337316537353131383833653465626431353161306163333338616136646531313162
+66333464653565383463363738326232613864626561613132663930363464666537323938333836
+32643665613761626561306534656331393931383262343762323333653963333838643035326362
+37336264383539363232313332363463653030633331643161643263386235646664623634343063
+36376632396663626635626530376235613132336161363361353964666263313837316130346665
+65303736343037343337376134666631626432313065303737656365373233396635366463666239
+30373264363034346333663766383563616136643862373135343735336637616361313532666437
+38396434356432383935663239366237373361656235636263333037323238626238653032323839
+64376430346430383735653836633939373066383562373166376665343162346164336161656464
+64383638373066333535373664666661666466326162623536323837643137326261663237343030
+65616135643032623138633566353362663061623566326464313365383831383434633164396238
+62396437343338366338386433363934306232346533346638643739613066666663633861313864
+33376466613164316662626262616635353239646466373334303164306331343761653633376530
+36646436653966366637326364383531336637623162393763646561323034653938663038663536
+31306163653534333161653863393532383032343030616330356462353530336232383037643064
+39383630346164356665373737623863386664333264613463643530626465313237623232633837
+34386534323334323431646430353061623135663537366335346661373338303033616238666334
+38666564396238346166616634353732313630636664313938656664303935373165393936386132
+30383361376339356662326666643966396266386630313863643830656230623234633135653333
+66383234346434643761386337363264376538623433643337316239656339663565306661653439
+35663764356563376161323232316533613132656533663535653237653861633463373536393733
+37396634373033656437613162346333306435623536353437346366386537613563306333393039
+37383437373339643566636561623933373931396164653232363331633663616530353935376437
+66366633636338666262363637313132366463646134663833393537653139643136323961363537
+64323661383138656637383239623930343631623564663834623265393430316161653837386665
+32363037346563653131653735623763303965393864376436613636616632656631616562613538
+32393962653530653433626162326633643866383461376335656134396431626465303137393763
+64306433353363633762653737626536623639333432653137643166636662366163646265393332
+39363031646561633532306531363838323063393130346232323839393932316330303337346439
+36643733623762656134316331363365376237393937653961653263343463373562656433356163
+30663861636139333061303664373462313131383265363137633363346635373337663834633333
+34386431613938373037643865393735646335323466306563626139306637663461643561336335
+66383765623734353931393837613637313864626562656365316439303234626364353766643031
+33353830643236346265663738306463636338306434323139323132396464633264366338303637
+61663439323035353034336366363737666538623432326262656164613962303466626562613031
+33616134333136393165326335643164613433633361353839656464346331323762323339623263
+65306634613434316666396262373332653563313534303064633934326239646263663438623738
+37396630336133626436336263363732653537653133383231346130653136616439396131306565
+35313134383037363439663266383435616136323134633565613836306333356230623031393634
+38643634653162663933623334633364653632353262303664643132633033373461383662316131
+36373064633464616464643333616534613333363938663131356431666331333638353561353037
+35326339333131646536353766343537656331353130663762346333656264316539623833356266
+66646337313430303134623232653633326466393031356330393463353730383236613236333266
+32376561663437393764303563383535386263356161626266323231633866393339333032353132
+62363636393133663164663436373839353032336131646563623562623431333831383761623236
+30363239313161366634343935313930306364346162643461636430303863663136363238346339
+37326564623735363065643066303431373662353736616333336234326266663435333966366339
+36366362613961363766396636396561626532383639643839303266616131353931376366313862
+33356639346566333065373831386566363035303339346632393730633861356231383238333239
+65636435353937646137323463613066343531356236386663626530316139643539376536616161
+39353562613930326234666662383461333666313032663032303962656465353731323736376231
+36366437653739346138633761373931313465613837663863636666323039323866333933336432
+31663138356633386131323766396264353566653132393439643533313966393631643433633436
+32316336656465366162323665613166303938313431363861666564303138323534396230653766
+36636265343236393539663936646265376436343564376362646334323962356266626662336463
+39336334383162396262653464333766666431363862383738376336343961636435333263323061
+62636135643131623636306535666136323964306133666438336335643761393339616438343065
+63386661663532653138663165663932663838356236313534323462373539623465356664383435
+64363361366335316139353431666536343331396366316265313964373438366633643766393139
+39656564373462353531623234356534306530353436663333306165343932333232613132356664
+64323735323535353036386430366363616337376532376630383834393336613034396262623130
+35613663643436633464633866343963386535383165666163643563353763366661616166626131
+35626139333533313336333633326439613363333339333531666432633861623063333461343933
+66363135376562633239333637333730663862383863653438333763346434326134646161386438
+38356237376637396664666164643332666163316337353038316437616233666338643638306663
+30643130636264333439633263663739623463626334633730333265623263666566333237396630
+63393936383365316237633936313533316364646364643534656436383230663066373533383734
+6130
diff --git a/host_vars/proxy.adm.auro.re.yml b/host_vars/proxy.adm.auro.re.yml
index 105732f..c85c7fa 100644
--- a/host_vars/proxy.adm.auro.re.yml
+++ b/host_vars/proxy.adm.auro.re.yml
@@ -70,3 +70,6 @@ loc_reverseproxy:
 
     - from: netbox.auro.re
       to: 10.128.0.97
+
+    - from: grafana.auro.re
+      to: "10.128.0.98:3000"
diff --git a/hosts b/hosts
index 0a257be..dec08b1 100644
--- a/hosts
+++ b/hosts
@@ -38,6 +38,7 @@ bdd-ovh.adm.auro.re
 litl.adm.auro.re
 log.adm.auro.re
 netbox.adm.auro.re
+grafana.adm.auro.re
 
 [aurore_testing_vm]
 
diff --git a/roles/grafana/handlers/main.yml b/roles/grafana/handlers/main.yml
new file mode 100644
index 0000000..942149c
--- /dev/null
+++ b/roles/grafana/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Restart grafana
+  service:
+    name: grafana-server
+    state: restarted
+
diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml
new file mode 100644
index 0000000..d20b847
--- /dev/null
+++ b/roles/grafana/tasks/main.yml
@@ -0,0 +1,113 @@
+---
+- name: Install gpg (to import Grafana key)
+  apt:
+    name: gpg
+    state: present
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Import Grafana GPG signing key
+  apt_key:
+    url: https://packages.grafana.com/gpg.key
+    state: present
+    validate_certs: false
+  register: apt_key_result
+  retries: 3
+  until: apt_key_result is succeeded
+
+- name: Add Grafana repository
+  apt_repository:
+    repo: deb https://packages.grafana.com/oss/deb stable main
+    state: present
+    update_cache: true
+
+- name: Install Grafana
+  apt:
+    name: grafana
+    state: present
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Configure Grafana
+  ini_file:
+    path: /etc/grafana/grafana.ini
+    section: "{{ item.section }}"
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+    mode: 0640
+  loop:
+    - section: server
+      option: root_url
+      value: "{{ grafana.root_url }}"
+    - section: analytics
+      option: reporting_enabled
+      value: "false"
+    - section: analytics
+      option: check_for_updates
+      value: "false"
+    - section: security
+      option: disable_initial_admin_creation
+      value: "true"
+    - section: security
+      option: cookie_secure
+      value: "true"
+    - section: security
+      option: disable_gravatar
+      value: "true"
+    - section: snapshots
+      option: external_enabled
+      value: "false"
+    - section: users
+      option: allow_sign_up
+      value: "false"
+    - section: users
+      option: allow_org_create
+      value: "false"
+    - section: auth.anonymous
+      option: enabled
+      value: "false"  # no public access
+    - section: auth.anonymous
+      option: hide_version
+      value: "true"
+    - section: auth.basic  # only LDAP auth
+      option: enabled
+      value: "false"
+    - section: auth.ldap
+      option: enabled
+      value: "true"
+    - section: alerting
+      option: enabled
+      value: "false"
+    - section: database
+      option: type
+      value: "{{ grafana.database.type }}"
+    - section: database
+      option: host
+      value: "{{ grafana.database.host }}"
+    - section: database
+      option: name
+      value: "{{ grafana.database.name }}"
+    - section: database
+      option: user
+      value: "{{ grafana.database.user }}"
+    - section: database
+      option: password
+      value: "{{ grafana.database.password }}"
+  notify: Restart grafana
+
+- name: Configure Grafana LDAP
+  template:
+    src: ldap.toml.j2
+    dest: /etc/grafana/ldap.toml
+    mode: 0640
+  notify: Restart grafana
+
+- name: Enable and start Grafana
+  systemd:
+    name: grafana-server
+    enabled: true
+    state: started
+    daemon_reload: true
+
diff --git a/roles/grafana/templates/ldap.toml.j2 b/roles/grafana/templates/ldap.toml.j2
new file mode 100644
index 0000000..ce97e46
--- /dev/null
+++ b/roles/grafana/templates/ldap.toml.j2
@@ -0,0 +1,63 @@
+{{ ansible_managed | comment }}
+# To troubleshoot and get more log info enable ldap debug logging in grafana.ini
+# [log]
+# filters = ldap:debug
+
+[[servers]]
+# Ldap server host (specify multiple hosts space separated)
+host = "{{ grafana.ldap.host }}"
+# Default port is 389 or 636 if use_ssl = true
+port = 389
+# Set to true if ldap server supports TLS
+use_ssl = false
+# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
+start_tls = false
+# set to true if you want to skip ssl cert validation
+ssl_skip_verify = false
+# set to the path to your root CA certificate or leave unset to use system defaults
+# root_ca_cert = "/path/to/certificate.crt"
+# Authentication against LDAP servers requiring client certificates
+# client_cert = "/path/to/client.crt"
+# client_key = "/path/to/client.key"
+
+# Search user bind dn
+bind_dn = "{{ grafana.ldap.bind_dn }}"
+# Search user bind password
+# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
+bind_password = "{{ grafana.ldap.bind_password }}"
+
+# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
+search_filter = "(cn=%s)"
+
+# An array of base dns to search through
+search_base_dns = ["cn=Utilisateurs,dc=auro,dc=re"]
+
+## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
+## Please check grafana LDAP docs for examples
+group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
+group_search_base_dns = ["ou=posix,ou=groups,dc=auro,dc=re"]
+group_search_filter_user_attribute = "cn"
+
+# Specify names of the ldap attributes your ldap uses
+[servers.attributes]
+name = "sn"
+surname = ""
+username = "cn"
+member_of = "dn"
+email =  "mail"
+
+# Editors (RT and technicien)
+[[servers.group_mappings]]
+group_dn = "cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re"
+org_role = "Editor"
+
+[[servers.group_mappings]]
+group_dn = "cn=technicien,ou=posix,ou=groups,dc=auro,dc=re"
+org_role = "Editor"
+
+# Viewers
+[[servers.group_mappings]]
+# If you want to match all (or no ldap groups) then you can use wildcard
+group_dn = "*"
+org_role = "Viewer"
+

From c7f94b54c8b9402022824a539780b7aa086bba22 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 16:44:54 +0100
Subject: [PATCH 070/116] grafana: validate gpg key

---
 roles/grafana/tasks/main.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml
index d20b847..f113cba 100644
--- a/roles/grafana/tasks/main.yml
+++ b/roles/grafana/tasks/main.yml
@@ -11,7 +11,6 @@
   apt_key:
     url: https://packages.grafana.com/gpg.key
     state: present
-    validate_certs: false
   register: apt_key_result
   retries: 3
   until: apt_key_result is succeeded

From e2acfd4031fd736f68154a2a4038b11c131a9eea Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 16:45:09 +0100
Subject: [PATCH 071/116] grafana: single quote LDAP password

---
 roles/grafana/templates/ldap.toml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/grafana/templates/ldap.toml.j2 b/roles/grafana/templates/ldap.toml.j2
index ce97e46..e80c8be 100644
--- a/roles/grafana/templates/ldap.toml.j2
+++ b/roles/grafana/templates/ldap.toml.j2
@@ -24,7 +24,7 @@ ssl_skip_verify = false
 bind_dn = "{{ grafana.ldap.bind_dn }}"
 # Search user bind password
 # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
-bind_password = "{{ grafana.ldap.bind_password }}"
+bind_password = '{{ grafana.ldap.bind_password }}'
 
 # User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
 search_filter = "(cn=%s)"

From fdfed1a05a7eb4aba8f8e6b36336bcbd0645b877 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 17:02:04 +0100
Subject: [PATCH 072/116] grafana: remove trailing lines

---
 roles/grafana/handlers/main.yml | 1 -
 roles/grafana/tasks/main.yml    | 1 -
 2 files changed, 2 deletions(-)

diff --git a/roles/grafana/handlers/main.yml b/roles/grafana/handlers/main.yml
index 942149c..cbd4ffd 100644
--- a/roles/grafana/handlers/main.yml
+++ b/roles/grafana/handlers/main.yml
@@ -3,4 +3,3 @@
   service:
     name: grafana-server
     state: restarted
-
diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml
index f113cba..e0666cc 100644
--- a/roles/grafana/tasks/main.yml
+++ b/roles/grafana/tasks/main.yml
@@ -109,4 +109,3 @@
     enabled: true
     state: started
     daemon_reload: true
-

From a791cda6527d3cb13eeb072c620197b6ed9ccacb Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 18:29:05 +0100
Subject: [PATCH 073/116] grafana: move Aurore specific variables out of the
 role

---
 grafana.yml                          |  5 +++++
 roles/grafana/templates/ldap.toml.j2 | 14 ++++++--------
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/grafana.yml b/grafana.yml
index fedc0c2..df5a984 100755
--- a/grafana.yml
+++ b/grafana.yml
@@ -15,5 +15,10 @@
         host: "re2o-ldap.adm.auro.re ldap-replica-ovh.adm.auro.re 10.128.0.21 10.128.0.149"
         bind_dn: cn=grafana,ou=service-users,dc=auro,dc=re
         bind_password: "{{ vault_ldap_grafana_password }}"
+        search_base_dns: "cn=Utilisateurs,dc=auro,dc=re"
+        group_search_base_dns: "ou=posix,ou=groups,dc=auro,dc=re"
+        editors_group_dn:
+          - cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
+          - cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
   roles:
     - grafana
diff --git a/roles/grafana/templates/ldap.toml.j2 b/roles/grafana/templates/ldap.toml.j2
index e80c8be..7e637f0 100644
--- a/roles/grafana/templates/ldap.toml.j2
+++ b/roles/grafana/templates/ldap.toml.j2
@@ -30,12 +30,12 @@ bind_password = '{{ grafana.ldap.bind_password }}'
 search_filter = "(cn=%s)"
 
 # An array of base dns to search through
-search_base_dns = ["cn=Utilisateurs,dc=auro,dc=re"]
+search_base_dns = ["{{ grafana.ldap.search_base_dns }}"]
 
 ## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
 ## Please check grafana LDAP docs for examples
 group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
-group_search_base_dns = ["ou=posix,ou=groups,dc=auro,dc=re"]
+group_search_base_dns = ["{{ grafana.ldap.group_search_base_dns }}"]
 group_search_filter_user_attribute = "cn"
 
 # Specify names of the ldap attributes your ldap uses
@@ -46,14 +46,12 @@ username = "cn"
 member_of = "dn"
 email =  "mail"
 
-# Editors (RT and technicien)
+# Editors
+{% for group_dn in grafana.ldap.editors_group_dn %}
 [[servers.group_mappings]]
-group_dn = "cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re"
-org_role = "Editor"
-
-[[servers.group_mappings]]
-group_dn = "cn=technicien,ou=posix,ou=groups,dc=auro,dc=re"
+group_dn = "{{ group_dn }}"
 org_role = "Editor"
+{% endfor %}
 
 # Viewers
 [[servers.group_mappings]]

From b82afd13d9c2475080e3ed8d82844286375bfa07 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 19:14:39 +0100
Subject: [PATCH 074/116] update_motd: use update_motd dict

---
 backups.yml                      | 6 ++++++
 roles/update_motd/tasks/main.yml | 8 ++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/backups.yml b/backups.yml
index 4886548..f4d305c 100644
--- a/backups.yml
+++ b/backups.yml
@@ -1,7 +1,13 @@
 ---
 - hosts: perceval.adm.auro.re
+  vars:
+    update_motd:
+      borgbackup_server: >-
+        Les sauvegardes (borg) sont stockées dans
+        {{ borg_server_backups_dir }}.
   roles:
     - borgbackup_server
+    - update_motd
 
 - hosts: all,!unifi,!unifi-*,!wiki.adm.auro.re
   roles:
diff --git a/roles/update_motd/tasks/main.yml b/roles/update_motd/tasks/main.yml
index e0ae1f8..1ba08f5 100644
--- a/roles/update_motd/tasks/main.yml
+++ b/roles/update_motd/tasks/main.yml
@@ -43,12 +43,12 @@
 
 - name: Install additional motd messages
   copy:
-    content: "✨ {{ item.message }}\n"
+    content: "✨ {{ item.value }}\n"
     dest: "/etc/motd-messages/{{ item.key }}"
-    mode: u=rwx,g=rx,o=rx
+    mode: u=rw,g=r,o=r
     owner: root
     group: root
-  loop: "{{ motd_messages }}"
+  loop: "{{ update_motd | dict2items }}"
   notify: Remove cached motd
-  when: motd_messages is defined
+  when: update_motd is defined
 ...

From 82fdcd026ea6b809455cbede379f5fc543fe93e0 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 19:14:56 +0100
Subject: [PATCH 075/116] grafana: update motd

---
 grafana.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/grafana.yml b/grafana.yml
index df5a984..edc2f0a 100755
--- a/grafana.yml
+++ b/grafana.yml
@@ -20,5 +20,8 @@
         editors_group_dn:
           - cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
           - cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
+    update_motd:
+      grafana: Grafana est déployé (/etc/grafana).
   roles:
     - grafana
+    - update_motd

From ea394a01db7cfe7818f4aa224d508cc4eb64f2d2 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 19:16:11 +0100
Subject: [PATCH 076/116] prometheus-federate: call update_motd role in play

---
 monitoring.yml                           |  4 ++++
 roles/prometheus_federate/tasks/main.yml | 10 ----------
 2 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/monitoring.yml b/monitoring.yml
index bb3c92a..f5b2ef8 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -172,8 +172,12 @@
       - prometheus-rives.adm.auro.re
       - prometheus-aurore.adm.auro.re
       - prometheus-ovh.adm.auro.re
+    update_motd:
+      prometheus_federate: >-
+        Prometheus (en configuration fédération) est déployé (/etc/prometheus).
   roles:
     - prometheus_federate
+    - update_motd
 
 # Postgres Exporters
 - hosts: bdd,radius
diff --git a/roles/prometheus_federate/tasks/main.yml b/roles/prometheus_federate/tasks/main.yml
index bcadbc0..24f46e0 100644
--- a/roles/prometheus_federate/tasks/main.yml
+++ b/roles/prometheus_federate/tasks/main.yml
@@ -42,14 +42,4 @@
     name: prometheus
     enabled: true
     state: started
-
-- name: Configure MOTD
-  include_role:
-    name: update_motd
-  vars:
-    motd_messages:
-      - key: 05-prometheus-federate
-        message: >-
-          Prometheus (en configuration fédération) est déployé sur cette
-          machine (voir /etc/prometheus)
 ...

From 1009298023ee721437194de4f4b51c1672e2a0e7 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 19:16:24 +0100
Subject: [PATCH 077/116] borgbackup_server: call update_motd role in play

---
 roles/borgbackup_server/tasks/main.yml | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/roles/borgbackup_server/tasks/main.yml b/roles/borgbackup_server/tasks/main.yml
index ff31c07..fc31e60 100644
--- a/roles/borgbackup_server/tasks/main.yml
+++ b/roles/borgbackup_server/tasks/main.yml
@@ -35,14 +35,4 @@
     owner: "{{ borg_server_user }}"
     group: "{{ borg_server_group }}"
     mode: u=rwx,g=,o=
-
-- name: Configure MOTD
-  include_role:
-    name: update_motd
-  vars:
-    motd_messages:
-      - key: 10-borg-server
-        message: >-
-          Les sauvegardes (borg) sont stockées dans
-          {{ borg_server_backups_dir }}.
 ...

From ce04f937db9ca8b2ea567e6ec597ba65b204ec30 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 19:20:32 +0100
Subject: [PATCH 078/116] prometheus: call update_motd role in play

---
 monitoring.yml                  | 30 ++++++++++++++++++++++++++++--
 roles/prometheus/tasks/main.yml |  9 ---------
 2 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/monitoring.yml b/monitoring.yml
index f5b2ef8..9be7fb6 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -14,8 +14,12 @@
           {{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
     prometheus_unifi_snmp_targets:
       - targets: "{{ groups['fleming_unifi'] | list | sort }}"
+    update_motd:
+      prometheus: >-
+        Prometheus (en configuration fleming) est déployé (/etc/prometheus).
   roles:
     - prometheus
+    - update_motd
 
 - hosts: prometheus-pacaterie.adm.auro.re
   vars:
@@ -34,8 +38,12 @@
     prometheus_ups_snmp_targets:
       - ups-pn-1.ups.auro.re
       - ups-ps-1.ups.auro.re
+    update_motd:
+      prometheus: >-
+        Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
   roles:
     - prometheus
+    - update_motd
 
 - hosts: prometheus-edc.adm.auro.re
   vars:
@@ -56,8 +64,12 @@
           {{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
     prometheus_unifi_snmp_targets:
       - targets: "{{ groups['edc_unifi'] | list | sort }}"
+    update_motd:
+      prometheus: >-
+        Prometheus (en configuration edc) est déployé (/etc/prometheus).
   roles:
     - prometheus
+    - update_motd
 
 - hosts: prometheus-gs.adm.auro.re
   vars:
@@ -77,8 +89,12 @@
       - ups-gk-1.ups.auro.re
     prometheus_pdu_snmp_targets:
       - pdu-ga-1.ups.auro.re
+    update_motd:
+      prometheus: >-
+        Prometheus (en configuration gs) est déployé (/etc/prometheus).
   roles:
     - prometheus
+    - update_motd
 
 - hosts: prometheus-rives.adm.auro.re
   vars:
@@ -98,8 +114,12 @@
           {{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
     prometheus_unifi_snmp_targets:
       - targets: "{{ groups['rives_unifi'] | list | sort }}"
+    update_motd:
+      prometheus: >-
+        Prometheus (en configuration rives) est déployé (/etc/prometheus).
   roles:
     - prometheus
+    - update_motd
 
 - hosts: prometheus-aurore.adm.auro.re
   vars:
@@ -132,8 +152,12 @@
           - sw-ec-core.switch.auro.re
           - sw-gk-core.switch.auro.re
           - sw-r3-core.switch.auro.re
+    update_motd:
+      prometheus: >-
+        Prometheus (en configuration aurore) est déployé (/etc/prometheus).
   roles:
     - prometheus
+    - update_motd
 
 - hosts: prometheus-ovh.adm.auro.re
   vars:
@@ -152,9 +176,12 @@
           - bdd-ovh.adm.auro.re
     prometheus_docker_targets:
       - docker-ovh.adm.auro.re
+    update_motd:
+      prometheus: >-
+        Prometheus (en configuration ovh) est déployé (/etc/prometheus).
   roles:
     - prometheus
-
+    - update_motd
 
 - hosts: prometheus-federate.adm.auro.re
   vars:
@@ -184,7 +211,6 @@
   roles:
     - prometheus_postgres
 
-
 # Monitor all hosts
 - hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
   roles:
diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index f9e48e8..e7dd24d 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -118,13 +118,4 @@
     name: prometheus
     enabled: true
     state: started
-
-- name: Configure MOTD
-  include_role:
-    name: update_motd
-  vars:
-    motd_messages:
-      - key: 05-prometheus
-        message: >-
-          Prometheus est déployé sur cette machine (voir /etc/prometheus)
 ...

From 07a0429ae0ae595e9ab1570fb2429092f54d0c99 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 20:02:08 +0100
Subject: [PATCH 079/116] nginx: call update_motd role in play

---
 roles/nginx/tasks/main.yml | 9 ---------
 services_web.yml           | 8 ++++++++
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 7a3af07..6f3a251 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -148,15 +148,6 @@
     group: www-data
     mode: 0644
 
-- name: Configure MOTD
-  include_role:
-    name: update_motd
-  vars:
-    motd_messages:
-      - key: 10-nginx
-        message: >-
-          NGinx est installé sur ce serveur. Voir /etc/nginx.
-
 - name: Clean old files
   file:
     path: "{{ item }}"
diff --git a/services_web.yml b/services_web.yml
index 00d5b7b..c72321b 100755
--- a/services_web.yml
+++ b/services_web.yml
@@ -15,14 +15,22 @@
     certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
     nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
     reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
+    update_motd:
+      nginx: >-
+        Le reverse-proxy NGINX est déployé (/etc/nginx).
   roles:
     - certbot
     - nginx
+    - update_motd
 
 - hosts: nginx,!reverseproxy
   vars:
     certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
     nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+    update_motd:
+      nginx: >-
+        NGINX avec certbot est déployé (/etc/nginx).
   roles:
     - certbot
     - nginx
+    - update_motd

From cc6f96bbc81763ded2902c2a97281874a68a983c Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 20:04:05 +0100
Subject: [PATCH 080/116] borgbackup-client: call update_motd role in play

---
 backups.yml                            | 5 +++++
 roles/borgbackup_client/tasks/main.yml | 7 -------
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/backups.yml b/backups.yml
index f4d305c..a926719 100644
--- a/backups.yml
+++ b/backups.yml
@@ -10,6 +10,11 @@
     - update_motd
 
 - hosts: all,!unifi,!unifi-*,!wiki.adm.auro.re
+  vars:
+    update_motd:
+      borgbackup_client: >-
+        BorgBackup est déployé (/etc/borgmatic/config.yaml)
   roles:
     - borgbackup_client
+    - update_motd
 ...
diff --git a/roles/borgbackup_client/tasks/main.yml b/roles/borgbackup_client/tasks/main.yml
index 8fa0852..de004f2 100644
--- a/roles/borgbackup_client/tasks/main.yml
+++ b/roles/borgbackup_client/tasks/main.yml
@@ -107,11 +107,4 @@
     name: borgmatic.timer
     state: started
     enabled: true
-
-- name: Configure MOTD
-  include_role:
-    name: update_motd
-  vars:
-    key: 10-borgmatic
-    message: Borgmatic (client) est installé dans /etc/borgmatic/config.yaml.
 ...

From 14b6a6804037bf39edbdea46f16f9406c9b0dbd2 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 20:05:14 +0100
Subject: [PATCH 081/116] base: configure motd

---
 base.yml                        | 1 +
 roles/baseconfig/tasks/main.yml | 4 ----
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/base.yml b/base.yml
index 38ec360..ed05dbd 100755
--- a/base.yml
+++ b/base.yml
@@ -5,6 +5,7 @@
   roles:
     - baseconfig
     - basesecurity
+    - update_motd
 
 # Plug LDAP on all servers
 - hosts: all,!unifi
diff --git a/roles/baseconfig/tasks/main.yml b/roles/baseconfig/tasks/main.yml
index 0af0b40..b122f4d 100644
--- a/roles/baseconfig/tasks/main.yml
+++ b/roles/baseconfig/tasks/main.yml
@@ -29,10 +29,6 @@
   retries: 3
   until: apt_result is succeeded
 
-- name: Configure MOTD
-  include_role:
-    name: update_motd
-
 # Configure APT mirrors on Debian Stretch
 - name: Configure APT mirrors
   when:

From 09793704188de9b6cf7db07a5bc6e16f08c80fea Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 22:16:29 +0100
Subject: [PATCH 082/116] Add motd for most plays

---
 bdd.yml                               |  4 ++++
 matrix.yml                            |  5 +++++
 network.yml                           | 23 ++++++++++++++++++++---
 roles/docker/tasks/main.yml           |  9 ---------
 roles/re2o_service/tasks/main.yml     | 10 ----------
 roles/unifi_controller/tasks/main.yml |  9 ---------
 services_web.yml                      |  4 ++++
 7 files changed, 33 insertions(+), 31 deletions(-)

diff --git a/bdd.yml b/bdd.yml
index f3fa7d3..eceddaf 100644
--- a/bdd.yml
+++ b/bdd.yml
@@ -2,6 +2,10 @@
 ---
 # Install and configure bdd servers at Saclay and at OVH
 - hosts: bdd,!re2o-bdd.adm.auro.re,!services-bdd-local.adm.auro.re
+  vars:
+    router:
+      postgresql: PostgreSQL est déployé.
   roles:
     - postgresql_server
+    - update_motd
 ...
diff --git a/matrix.yml b/matrix.yml
index be54c53..ac3f4ce 100755
--- a/matrix.yml
+++ b/matrix.yml
@@ -5,12 +5,17 @@
   vars:
     mxisd_releases: https://github.com/kamax-matrix/mxisd/releases
     mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb"
+    router:
+      matrix-synapse: matrix-synapse est déployé.
+      matrix-appservice-irc: matrix-appservice-irc est déployé.
+      matrix-appservice-webhooks: matrix-appservice-webhooks est déployé.
   roles:
     - debian_backports
     - nodejs
     - matrix_synapse
     - matrix_appservice_irc
     - matrix_appservice_webhooks
+    - update_motd
 
 # Install Matrix services
 - hosts: matrix-services.adm.auro.re
diff --git a/network.yml b/network.yml
index 50fde19..c389c24 100755
--- a/network.yml
+++ b/network.yml
@@ -2,35 +2,52 @@
 ---
 # Set up DHCP servers.
 - hosts: dhcp-*.adm.auro.re
+  vars:
+    update_motd:
+      unbound: isc-dhcp-server est déployé.
   roles:
     - isc_dhcp_server
-
+    - update_motd
 
 # Deploy unbound DNS server (recursive).
 - hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
+  vars:
+    update_motd:
+      unbound: Unbound est déployé.
   roles:
     - unbound
-
+    - update_motd
 
 # Déploiement du service re2o aurore-firewall et keepalived
 # radvd: IPv6 SLAAC (/64 subnets, private IPs).
 #   Must NOT be on routeur-aurore-*, or will with DHCPv6!
 - hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
+  vars:
+    router:
+      unbound: Le routage (avec radvd) est déployé.
   roles:
     - router
     - radvd
+    - update_motd
 
 # No radvd here
 - hosts: ~routeur-aurore.*\.adm\.auro\.re
+  vars:
+    router:
+      unbound: Le routage (avec DHCPv6) est déployé.
   roles:
     - router
     - ipv6_edge_router
+    - update_motd
 
 # Radius (backup only for now)
 - hosts: radius-*.adm.auro.re
+  vars:
+    router:
+      unbound: FreeRADIUS est déployé.
   roles:
     - radius
-
+    - update_motd
 
 # WIP: Deploy authoritative DNS servers
 # - hosts: authoritative_dns
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 38d3a55..a1ec160 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -50,13 +50,4 @@
     url: https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64
     dest: /usr/local/bin/docker-compose
     mode: "0755"
-
-- name: Configure MOTD
-  include_role:
-    name: update_motd
-  vars:
-    motd_messages:
-      - key: 10-docker
-        message: >-
-          Docker est installé sur ce serveur.
 ...
diff --git a/roles/re2o_service/tasks/main.yml b/roles/re2o_service/tasks/main.yml
index 2bed1a3..fb72045 100644
--- a/roles/re2o_service/tasks/main.yml
+++ b/roles/re2o_service/tasks/main.yml
@@ -39,14 +39,4 @@
     owner: "{{ service_user }}"
     group: nogroup
     state: link
-
-- name: Configure MOTD
-  include_role:
-    name: update_motd
-  vars:
-    motd_messages:
-      - key: "15-re2o-service-{{ service_name }}"
-        message: >-
-          Le service re2o {{ service_name }} est dans
-          {{ service_homedir }}/{{ service_name }}.
 ...
diff --git a/roles/unifi_controller/tasks/main.yml b/roles/unifi_controller/tasks/main.yml
index 811b5e1..ddabe3b 100644
--- a/roles/unifi_controller/tasks/main.yml
+++ b/roles/unifi_controller/tasks/main.yml
@@ -39,13 +39,4 @@
   register: apt_result
   retries: 3
   until: apt_result is succeeded
-
-- name: Configure MOTD
-  include_role:
-    name: update_motd
-  vars:
-    motd_messages:
-      - key: 10-unifi-controller
-        message: >-
-          Le contrôleur Unifi a été installé sur ce serveur.
 ...
diff --git a/services_web.yml b/services_web.yml
index c72321b..3beffd0 100755
--- a/services_web.yml
+++ b/services_web.yml
@@ -2,8 +2,12 @@
 ---
 # Deploy Docker hosts
 - hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,stream.adm.auro.re,wikijs.adm.auro.re
+  vars:
+    router:
+      docker: Docker est déployé.
   roles:
     - docker
+    - update_motd
 
 # Deploy Passbolt
 - hosts: passbolt.adm.auro.re

From 5bc84dbdd248a62ea09e1c9f083dc31af3138134 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 22:22:29 +0100
Subject: [PATCH 083/116] Add sheband to backups, bdd and postfix playbooks

---
 backups.yml                     | 1 +
 bdd.yml                         | 0
 deploy_postfix_non_mailhost.yml | 1 +
 3 files changed, 2 insertions(+)
 mode change 100644 => 100755 backups.yml
 mode change 100644 => 100755 bdd.yml
 mode change 100644 => 100755 deploy_postfix_non_mailhost.yml

diff --git a/backups.yml b/backups.yml
old mode 100644
new mode 100755
index a926719..60200b9
--- a/backups.yml
+++ b/backups.yml
@@ -1,3 +1,4 @@
+#!/usr/bin/env ansible-playbook
 ---
 - hosts: perceval.adm.auro.re
   vars:
diff --git a/bdd.yml b/bdd.yml
old mode 100644
new mode 100755
diff --git a/deploy_postfix_non_mailhost.yml b/deploy_postfix_non_mailhost.yml
old mode 100644
new mode 100755
index e335928..741d653
--- a/deploy_postfix_non_mailhost.yml
+++ b/deploy_postfix_non_mailhost.yml
@@ -1,3 +1,4 @@
+#!/usr/bin/env ansible-playbook
 ---
 # Deploy a correclty configured postfix on non mailhost servers
 - hosts: all,!unifi

From cdaf3dc77a36f45c09c6c034bf1b2b02aee42695 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 22:30:58 +0100
Subject: [PATCH 084/116] update_motd: Fix typo in vars

---
 bdd.yml          | 2 +-
 matrix.yml       | 2 +-
 network.yml      | 6 +++---
 services_web.yml | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/bdd.yml b/bdd.yml
index eceddaf..da4248d 100755
--- a/bdd.yml
+++ b/bdd.yml
@@ -3,7 +3,7 @@
 # Install and configure bdd servers at Saclay and at OVH
 - hosts: bdd,!re2o-bdd.adm.auro.re,!services-bdd-local.adm.auro.re
   vars:
-    router:
+    update_motd:
       postgresql: PostgreSQL est déployé.
   roles:
     - postgresql_server
diff --git a/matrix.yml b/matrix.yml
index ac3f4ce..4cec87b 100755
--- a/matrix.yml
+++ b/matrix.yml
@@ -5,7 +5,7 @@
   vars:
     mxisd_releases: https://github.com/kamax-matrix/mxisd/releases
     mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb"
-    router:
+    update_motd:
       matrix-synapse: matrix-synapse est déployé.
       matrix-appservice-irc: matrix-appservice-irc est déployé.
       matrix-appservice-webhooks: matrix-appservice-webhooks est déployé.
diff --git a/network.yml b/network.yml
index c389c24..dee41b3 100755
--- a/network.yml
+++ b/network.yml
@@ -23,7 +23,7 @@
 #   Must NOT be on routeur-aurore-*, or will with DHCPv6!
 - hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
   vars:
-    router:
+    update_motd:
       unbound: Le routage (avec radvd) est déployé.
   roles:
     - router
@@ -33,7 +33,7 @@
 # No radvd here
 - hosts: ~routeur-aurore.*\.adm\.auro\.re
   vars:
-    router:
+    update_motd:
       unbound: Le routage (avec DHCPv6) est déployé.
   roles:
     - router
@@ -43,7 +43,7 @@
 # Radius (backup only for now)
 - hosts: radius-*.adm.auro.re
   vars:
-    router:
+    update_motd:
       unbound: FreeRADIUS est déployé.
   roles:
     - radius
diff --git a/services_web.yml b/services_web.yml
index 3beffd0..d79a735 100755
--- a/services_web.yml
+++ b/services_web.yml
@@ -3,7 +3,7 @@
 # Deploy Docker hosts
 - hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,stream.adm.auro.re,wikijs.adm.auro.re
   vars:
-    router:
+    update_motd:
       docker: Docker est déployé.
   roles:
     - docker

From 03a9281b88bdd2dc13d7c732e88793c6e3bb0cc6 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 22:34:44 +0100
Subject: [PATCH 085/116] Remove proxmox.yml

---
 proxmox.yml | 432 ----------------------------------------------------
 1 file changed, 432 deletions(-)
 delete mode 100755 proxmox.yml

diff --git a/proxmox.yml b/proxmox.yml
deleted file mode 100755
index 15b62ca..0000000
--- a/proxmox.yml
+++ /dev/null
@@ -1,432 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-# This is a special playbook to create a new VM !
-- hosts: proxy.adm.auro.re  # Host with python-proxmoxer and python-requests
-  become: false  # We do not need root as we use Proxmox API
-
-  vars:
-    vm_definitions:
-
-      # Réseau Pacaterie
-      - name: ldap-replica-pacaterie
-        virtu: mordred
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: dhcp-pacaterie
-        virtu: mordred
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: dns-pacaterie
-        virtu: mordred
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: prometheus-pacaterie
-        virtu: mordred
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: radius-pacaterie
-        virtu: mordred
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: unifi-pacaterie
-        virtu: mordred
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-9.9.0-amd64-netinst.iso
-
-      # Réseau Fleming
-      - name: ldap-replica-fleming1
-        virtu: freya
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: dhcp-fleming
-        virtu: freya
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: dns-fleming
-        virtu: freya
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: prometheus-fleming
-        virtu: freya
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: radius-fleming
-        virtu: freya
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: unifi-fleming
-        virtu: freya
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-9.9.0-amd64-netinst.iso
-
-      # Réseau EdC
-      - name: ldap-replica-edc1
-        virtu: chapalux
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: dhcp-edc
-        virtu: chapalux
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: dns-edc
-        virtu: chapalux
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: prometheus-edc
-        virtu: chapalux
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: radius-edc
-        virtu: chapalux
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: unifi-edc
-        virtu: chapalux
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-9.9.0-amd64-netinst.iso
-
-      # Réseau George Sand
-      - name: ldap-replica-gs1
-        virtu: perceval
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: dhcp-gs
-        virtu: perceval
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: dns-gs
-        virtu: perceval
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: prometheus-gs
-        virtu: perceval
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: radius-gs
-        virtu: perceval
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-10.0.0-amd64-netinst.iso
-      - name: unifi-gs
-        virtu: perceval
-        cores: 2  # 2 mimimum, 10 maximum
-        memory: 1024  # M
-        disksize: 16  # G
-        installiso: debian-9.9.0-amd64-netinst.iso
-
-  vars_prompt:
-    - name: "password"
-      prompt: "Enter LDAP password for your user"
-      private: true
-
-  tasks:
-    - name: Define a virtual machine in Proxmox
-      proxmox_kvm:
-        api_user: "{{ ansible_user_id }}@pam"
-        api_password: "{{ password }}"
-        api_host: "{{ item.virtu }}.adm.auro.re"
-        name: "{{ item.name }}"
-        node: "{{ item.virtu }}"
-        scsihw: virtio-scsi-pci
-        scsi: '{"scsi0":"{{ item.virtu }}:{{ item.disksize }},format=raw"}'
-        sata: '{"sata0":"local:iso/{{ item.installiso }},media=cdrom"}'
-        net: '{"net0":"virtio,bridge=vmbr2"}'  # Adm only by default
-        cores: "{{ item.cores }}"
-        memory: "{{ item.memory }}"
-        balloon: "{{ item.memory // 2 }}"
-        bios: seabios  # Ansible module doesn't support UEFI boot disk
-      loop:
-        # Réseau Fleming
-        - name: ldap-replica-fleming
-          virtu: freya
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: dhcp-fleming
-          virtu: freya
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: dns-fleming
-          virtu: freya
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: prometheus-fleming
-          virtu: freya
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: radius-fleming
-          virtu: freya
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: unifi-fleming
-          virtu: freya
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-9.9.0-amd64-netinst.iso
-        - name: routeur-fleming
-          virtu: freya
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-
-        - name: ldap-replica-fleming-fo
-          virtu: marki
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: dhcp-fleming-fo
-          virtu: marki
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: dns-fleming-fo
-          virtu: marki
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: prometheus-fleming-fo
-          virtu: marki
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: radius-fleming-fo
-          virtu: marki
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: routeur-fleming-fo
-          virtu: marki
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-
-        # Réseau Pacaterie
-        - name: ldap-replica-pacaterie
-          virtu: mordred
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: dhcp-pacaterie
-          virtu: mordred
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: dns-pacaterie
-          virtu: mordred
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: prometheus-pacaterie
-          virtu: mordred
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: radius-pacaterie
-          virtu: mordred
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: unifi-pacaterie
-          virtu: mordred
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-9.9.0-amd64-netinst.iso
-        - name: routeur-pacaterie
-          virtu: mordred
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-
-        - name: ldap-replica-pacaterie-fo
-          virtu: titan
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: dhcp-pacaterie-fo
-          virtu: titan
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: dns-pacaterie-fo
-          virtu: titan
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: prometheus-pacaterie-fo
-          virtu: titan
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: radius-pacaterie-fo
-          virtu: titan
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: routeur-pacaterie-fo
-          virtu: titan
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-
-        # Réseau EDC
-        - name: ldap-replica-edc
-          virtu: chapalux
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: dhcp-edc
-          virtu: chapalux
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: dns-edc
-          virtu: chapalux
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: prometheus-edc
-          virtu: chapalux
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: radius-edc
-          virtu: chapalux
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: unifi-edc
-          virtu: chapalux
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-9.9.0-amd64-netinst.iso
-        - name: routeur-edc
-          virtu: chapalux
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-
-        # Réseau George Sand
-        - name: ldap-replica-georgesand
-          virtu: perceval
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: dhcp-georgesand
-          virtu: perceval
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: dns-georgesand
-          virtu: perceval
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: prometheus-georgesand
-          virtu: perceval
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: radius-georgesand
-          virtu: perceval
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso
-        - name: unifi-georgesand
-          virtu: perceval
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-9.9.0-amd64-netinst.iso
-        - name: routeur-georgesand
-          virtu: perceval
-          cores: 2  # 2 mimimum, 10 maximum
-          memory: 1024  # M
-          disksize: 16  # G
-          installiso: debian-10.0.0-amd64-netinst.iso

From a0dd5ef4b71588774eaf45fc6ed161dcf2baadd0 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 27 Nov 2021 22:56:00 +0100
Subject: [PATCH 086/116] Move playbooks in subfolder

---
 ansible.cfg                                                 | 3 +++
 deploy_all.sh                                               | 3 +++
 backups.yml => playbooks/backups.yml                        | 0
 base.yml => playbooks/base.yml                              | 0
 bdd.yml => playbooks/bdd.yml                                | 0
 .../deploy_postfix_non_mailhost.yml                         | 0
 grafana.yml => playbooks/grafana.yml                        | 0
 ldap_replica.yml => playbooks/ldap_replica.yml              | 6 +++---
 log.yml => playbooks/log.yml                                | 0
 matrix.yml => playbooks/matrix.yml                          | 0
 monitoring.yml => playbooks/monitoring.yml                  | 0
 network.yml => playbooks/network.yml                        | 0
 services_web.yml => playbooks/services_web.yml              | 0
 13 files changed, 9 insertions(+), 3 deletions(-)
 create mode 100755 deploy_all.sh
 rename backups.yml => playbooks/backups.yml (100%)
 rename base.yml => playbooks/base.yml (100%)
 rename bdd.yml => playbooks/bdd.yml (100%)
 rename deploy_postfix_non_mailhost.yml => playbooks/deploy_postfix_non_mailhost.yml (100%)
 rename grafana.yml => playbooks/grafana.yml (100%)
 rename ldap_replica.yml => playbooks/ldap_replica.yml (69%)
 rename log.yml => playbooks/log.yml (100%)
 rename matrix.yml => playbooks/matrix.yml (100%)
 rename monitoring.yml => playbooks/monitoring.yml (100%)
 rename network.yml => playbooks/network.yml (100%)
 rename services_web.yml => playbooks/services_web.yml (100%)

diff --git a/ansible.cfg b/ansible.cfg
index e2d6a32..33120be 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -2,6 +2,9 @@
 
 [defaults]
 
+# Explicitely redefined some defaults to make subfolder execution work
+roles_path = ./roles
+
 # Do not create .retry files
 retry_files_enabled = False
 
diff --git a/deploy_all.sh b/deploy_all.sh
new file mode 100755
index 0000000..f450a8f
--- /dev/null
+++ b/deploy_all.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+# Deploy all playbooks
+ansible-playbook playbooks/*.yml $@
diff --git a/backups.yml b/playbooks/backups.yml
similarity index 100%
rename from backups.yml
rename to playbooks/backups.yml
diff --git a/base.yml b/playbooks/base.yml
similarity index 100%
rename from base.yml
rename to playbooks/base.yml
diff --git a/bdd.yml b/playbooks/bdd.yml
similarity index 100%
rename from bdd.yml
rename to playbooks/bdd.yml
diff --git a/deploy_postfix_non_mailhost.yml b/playbooks/deploy_postfix_non_mailhost.yml
similarity index 100%
rename from deploy_postfix_non_mailhost.yml
rename to playbooks/deploy_postfix_non_mailhost.yml
diff --git a/grafana.yml b/playbooks/grafana.yml
similarity index 100%
rename from grafana.yml
rename to playbooks/grafana.yml
diff --git a/ldap_replica.yml b/playbooks/ldap_replica.yml
similarity index 69%
rename from ldap_replica.yml
rename to playbooks/ldap_replica.yml
index b921957..1dfdbca 100755
--- a/ldap_replica.yml
+++ b/playbooks/ldap_replica.yml
@@ -2,6 +2,6 @@
 ---
 # Clone LDAP on local geographic location
 # DON'T DO THIS AS IT RECREATES THE REPLICA
-- hosts: ldap_replica
-  roles:
-    - ldap_replica
+#- hosts: ldap_replica
+#  roles:
+#    - ldap_replica
diff --git a/log.yml b/playbooks/log.yml
similarity index 100%
rename from log.yml
rename to playbooks/log.yml
diff --git a/matrix.yml b/playbooks/matrix.yml
similarity index 100%
rename from matrix.yml
rename to playbooks/matrix.yml
diff --git a/monitoring.yml b/playbooks/monitoring.yml
similarity index 100%
rename from monitoring.yml
rename to playbooks/monitoring.yml
diff --git a/network.yml b/playbooks/network.yml
similarity index 100%
rename from network.yml
rename to playbooks/network.yml
diff --git a/services_web.yml b/playbooks/services_web.yml
similarity index 100%
rename from services_web.yml
rename to playbooks/services_web.yml

From daac91f3afca87fa2ee9908a958f66ef70f8e78a Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 08:46:53 +0100
Subject: [PATCH 087/116] Rename backups.yml to borgbackup.yml

---
 playbooks/{backups.yml => borgbackup.yml} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename playbooks/{backups.yml => borgbackup.yml} (90%)

diff --git a/playbooks/backups.yml b/playbooks/borgbackup.yml
similarity index 90%
rename from playbooks/backups.yml
rename to playbooks/borgbackup.yml
index 60200b9..df8c37e 100755
--- a/playbooks/backups.yml
+++ b/playbooks/borgbackup.yml
@@ -10,7 +10,7 @@
     - borgbackup_server
     - update_motd
 
-- hosts: all,!unifi,!unifi-*,!wiki.adm.auro.re
+- hosts: all,!unifi,!unifi-*
   vars:
     update_motd:
       borgbackup_client: >-

From 9481af3201a64dc60fe7025821df6d6c75223ad5 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 08:48:20 +0100
Subject: [PATCH 088/116] Rename bdd.yml to postgres.yml

---
 playbooks/{bdd.yml => postgresql.yml} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename playbooks/{bdd.yml => postgresql.yml} (56%)

diff --git a/playbooks/bdd.yml b/playbooks/postgresql.yml
similarity index 56%
rename from playbooks/bdd.yml
rename to playbooks/postgresql.yml
index da4248d..1b587f1 100755
--- a/playbooks/bdd.yml
+++ b/playbooks/postgresql.yml
@@ -1,7 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Install and configure bdd servers at Saclay and at OVH
-- hosts: bdd,!re2o-bdd.adm.auro.re,!services-bdd-local.adm.auro.re
+# Install and configure database servers at Saclay and at OVH
+- hosts: bdd.adm.auro.re,bdd-ovh.adm.auro.re
   vars:
     update_motd:
       postgresql: PostgreSQL est déployé.

From 278928550cd2642335e1006a349443f7b6cae674 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 08:49:43 +0100
Subject: [PATCH 089/116] Rename monitoring.yml to prometheus.yml

---
 playbooks/{monitoring.yml => prometheus.yml} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename playbooks/{monitoring.yml => prometheus.yml} (100%)

diff --git a/playbooks/monitoring.yml b/playbooks/prometheus.yml
similarity index 100%
rename from playbooks/monitoring.yml
rename to playbooks/prometheus.yml

From 7bdf66f73a99aa5d5a37a4c87d38badb23c5729b Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 08:51:15 +0100
Subject: [PATCH 090/116] Rename log.yml to rsyslog.yml

---
 playbooks/{log.yml => rsyslog.yml} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename playbooks/{log.yml => rsyslog.yml} (100%)

diff --git a/playbooks/log.yml b/playbooks/rsyslog.yml
similarity index 100%
rename from playbooks/log.yml
rename to playbooks/rsyslog.yml

From 446c02da5e9d306d3fd7e79fe319f3167a2ffb6e Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 08:52:58 +0100
Subject: [PATCH 091/116] Split services_web.yml into nginx.yml and docker.yml

---
 playbooks/docker.yml                      | 10 ++++++++++
 playbooks/{services_web.yml => nginx.yml} | 14 --------------
 2 files changed, 10 insertions(+), 14 deletions(-)
 create mode 100755 playbooks/docker.yml
 rename playbooks/{services_web.yml => nginx.yml} (72%)

diff --git a/playbooks/docker.yml b/playbooks/docker.yml
new file mode 100755
index 0000000..61047cc
--- /dev/null
+++ b/playbooks/docker.yml
@@ -0,0 +1,10 @@
+#!/usr/bin/env ansible-playbook
+---
+# Deploy Docker hosts
+- hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,stream.adm.auro.re,wikijs.adm.auro.re
+  vars:
+    update_motd:
+      docker: Docker est déployé.
+  roles:
+    - docker
+    - update_motd
diff --git a/playbooks/services_web.yml b/playbooks/nginx.yml
similarity index 72%
rename from playbooks/services_web.yml
rename to playbooks/nginx.yml
index d79a735..656f83b 100755
--- a/playbooks/services_web.yml
+++ b/playbooks/nginx.yml
@@ -1,19 +1,5 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Deploy Docker hosts
-- hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,stream.adm.auro.re,wikijs.adm.auro.re
-  vars:
-    update_motd:
-      docker: Docker est déployé.
-  roles:
-    - docker
-    - update_motd
-
-# Deploy Passbolt
-- hosts: passbolt.adm.auro.re
-  roles:
-    - passbolt
-
 - hosts: reverseproxy
   vars:
     certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'

From 1133f614e49b2c2a8c9555e0996b4988ae3e3274 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 08:57:27 +0100
Subject: [PATCH 092/116] Split network.yml into each subject

---
 playbooks/isc-dhcp-server.yml |  9 ++++
 playbooks/knot.yml            | 14 ++++++
 playbooks/network.yml         | 82 -----------------------------------
 playbooks/radius.yml          | 10 +++++
 playbooks/router.yml          | 23 ++++++++++
 playbooks/switchs-manager.yml | 14 ++++++
 playbooks/unbound.yml         | 10 +++++
 playbooks/unifi.yml           |  6 +++
 8 files changed, 86 insertions(+), 82 deletions(-)
 create mode 100755 playbooks/isc-dhcp-server.yml
 create mode 100755 playbooks/knot.yml
 delete mode 100755 playbooks/network.yml
 create mode 100755 playbooks/radius.yml
 create mode 100755 playbooks/router.yml
 create mode 100755 playbooks/switchs-manager.yml
 create mode 100755 playbooks/unbound.yml
 create mode 100755 playbooks/unifi.yml

diff --git a/playbooks/isc-dhcp-server.yml b/playbooks/isc-dhcp-server.yml
new file mode 100755
index 0000000..c46b691
--- /dev/null
+++ b/playbooks/isc-dhcp-server.yml
@@ -0,0 +1,9 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: dhcp-*.adm.auro.re
+  vars:
+    update_motd:
+      unbound: isc-dhcp-server est déployé.
+  roles:
+    - isc_dhcp_server
+    - update_motd
diff --git a/playbooks/knot.yml b/playbooks/knot.yml
new file mode 100755
index 0000000..2948c16
--- /dev/null
+++ b/playbooks/knot.yml
@@ -0,0 +1,14 @@
+#!/usr/bin/env ansible-playbook
+---
+# WIP: Deploy authoritative DNS servers
+# - hosts: authoritative_dns
+#   vars:
+#     service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
+#     service_name: dns
+#     service_version: crans
+#     service_config:
+#       hostname: re2o-server.adm.auro.re
+#       username: service-user
+#       password: "{{ vault_serviceuser_passwd }}"
+#   roles:
+#     - re2o_service
diff --git a/playbooks/network.yml b/playbooks/network.yml
deleted file mode 100755
index dee41b3..0000000
--- a/playbooks/network.yml
+++ /dev/null
@@ -1,82 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-# Set up DHCP servers.
-- hosts: dhcp-*.adm.auro.re
-  vars:
-    update_motd:
-      unbound: isc-dhcp-server est déployé.
-  roles:
-    - isc_dhcp_server
-    - update_motd
-
-# Deploy unbound DNS server (recursive).
-- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
-  vars:
-    update_motd:
-      unbound: Unbound est déployé.
-  roles:
-    - unbound
-    - update_motd
-
-# Déploiement du service re2o aurore-firewall et keepalived
-# radvd: IPv6 SLAAC (/64 subnets, private IPs).
-#   Must NOT be on routeur-aurore-*, or will with DHCPv6!
-- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
-  vars:
-    update_motd:
-      unbound: Le routage (avec radvd) est déployé.
-  roles:
-    - router
-    - radvd
-    - update_motd
-
-# No radvd here
-- hosts: ~routeur-aurore.*\.adm\.auro\.re
-  vars:
-    update_motd:
-      unbound: Le routage (avec DHCPv6) est déployé.
-  roles:
-    - router
-    - ipv6_edge_router
-    - update_motd
-
-# Radius (backup only for now)
-- hosts: radius-*.adm.auro.re
-  vars:
-    update_motd:
-      unbound: FreeRADIUS est déployé.
-  roles:
-    - radius
-    - update_motd
-
-# WIP: Deploy authoritative DNS servers
-# - hosts: authoritative_dns
-#   vars:
-#     service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
-#     service_name: dns
-#     service_version: crans
-#     service_config:
-#       hostname: re2o-server.adm.auro.re
-#       username: service-user
-#       password: "{{ vault_serviceuser_passwd }}"
-#   roles:
-#     - re2o_service
-
-
-# Deploy Unifi Controller
-# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
-#   roles:
-#     - unifi-controller
-
-# Deploy Re2o switch service
-# - hosts: switchs-manager.adm.auro.re
-#   vars:
-#     service_repo: https://gitlab.federez.net/re2o/switchs.git
-#     service_name: switchs
-#     service_version: master
-#     service_config:
-#       hostname: re2o-server.adm.auro.re
-#       username: service-user
-#       password: "{{ vault_serviceuser_passwd }}"
-#   roles:
-#     - re2o_service
diff --git a/playbooks/radius.yml b/playbooks/radius.yml
new file mode 100755
index 0000000..ddd5564
--- /dev/null
+++ b/playbooks/radius.yml
@@ -0,0 +1,10 @@
+#!/usr/bin/env ansible-playbook
+---
+# Radius (backup only for now)
+- hosts: radius-*.adm.auro.re
+  vars:
+    update_motd:
+      unbound: FreeRADIUS est déployé.
+  roles:
+    - radius
+    - update_motd
diff --git a/playbooks/router.yml b/playbooks/router.yml
new file mode 100755
index 0000000..02dccb1
--- /dev/null
+++ b/playbooks/router.yml
@@ -0,0 +1,23 @@
+#!/usr/bin/env ansible-playbook
+---
+# Déploiement du service re2o aurore-firewall et keepalived
+# radvd: IPv6 SLAAC (/64 subnets, private IPs).
+#   Must NOT be on routeur-aurore-*, or will with DHCPv6!
+- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
+  vars:
+    update_motd:
+      unbound: Le routage (avec radvd) est déployé.
+  roles:
+    - router
+    - radvd
+    - update_motd
+
+# No radvd here
+- hosts: ~routeur-aurore.*\.adm\.auro\.re
+  vars:
+    update_motd:
+      unbound: Le routage (avec DHCPv6) est déployé.
+  roles:
+    - router
+    - ipv6_edge_router
+    - update_motd
diff --git a/playbooks/switchs-manager.yml b/playbooks/switchs-manager.yml
new file mode 100755
index 0000000..b2930ec
--- /dev/null
+++ b/playbooks/switchs-manager.yml
@@ -0,0 +1,14 @@
+#!/usr/bin/env ansible-playbook
+---
+# Deploy Re2o switch service
+# - hosts: switchs-manager.adm.auro.re
+#   vars:
+#     service_repo: https://gitlab.federez.net/re2o/switchs.git
+#     service_name: switchs
+#     service_version: master
+#     service_config:
+#       hostname: re2o-server.adm.auro.re
+#       username: service-user
+#       password: "{{ vault_serviceuser_passwd }}"
+#   roles:
+#     - re2o_service
diff --git a/playbooks/unbound.yml b/playbooks/unbound.yml
new file mode 100755
index 0000000..d443aec
--- /dev/null
+++ b/playbooks/unbound.yml
@@ -0,0 +1,10 @@
+#!/usr/bin/env ansible-playbook
+---
+# Deploy unbound DNS server (recursive).
+- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
+  vars:
+    update_motd:
+      unbound: Unbound est déployé.
+  roles:
+    - unbound
+    - update_motd
diff --git a/playbooks/unifi.yml b/playbooks/unifi.yml
new file mode 100755
index 0000000..a596824
--- /dev/null
+++ b/playbooks/unifi.yml
@@ -0,0 +1,6 @@
+#!/usr/bin/env ansible-playbook
+---
+# Deploy Unifi Controller
+# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
+#   roles:
+#     - unifi-controller

From 9bb2d3f32464620f62b4b5c4b562044c6e106a86 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 08:58:43 +0100
Subject: [PATCH 093/116] Simplify base.yml

---
 playbooks/base.yml | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/playbooks/base.yml b/playbooks/base.yml
index ed05dbd..e663efc 100755
--- a/playbooks/base.yml
+++ b/playbooks/base.yml
@@ -6,13 +6,9 @@
     - baseconfig
     - basesecurity
     - update_motd
-
-# Plug LDAP on all servers
-- hosts: all,!unifi
-  roles:
     - ldap_client
 
-# Install logrotate
+# Install logrotate on all servers except PVE
 - hosts: all,!unifi,!pve
   roles:
     - logrotate

From 2a9e1f4def9e278fa4503fe7accafa9998553e54 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 08:59:54 +0100
Subject: [PATCH 094/116] Rename matrix.yml to matrix-synapse.yml

---
 playbooks/{matrix.yml => matrix-synapse.yml} | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)
 rename playbooks/{matrix.yml => matrix-synapse.yml} (79%)

diff --git a/playbooks/matrix.yml b/playbooks/matrix-synapse.yml
similarity index 79%
rename from playbooks/matrix.yml
rename to playbooks/matrix-synapse.yml
index 4cec87b..88213aa 100755
--- a/playbooks/matrix.yml
+++ b/playbooks/matrix-synapse.yml
@@ -1,6 +1,6 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Install Matrix Synapse on corresponding containers
+# Install Matrix Synapse
 - hosts: synapse.adm.auro.re
   vars:
     mxisd_releases: https://github.com/kamax-matrix/mxisd/releases
@@ -16,8 +16,3 @@
     - matrix_appservice_irc
     - matrix_appservice_webhooks
     - update_motd
-
-# Install Matrix services
-- hosts: matrix-services.adm.auro.re
-  roles:
-    - debian_backports

From 747c93139baaeb10eda2384a30d9929700818453 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 09:00:57 +0100
Subject: [PATCH 095/116] Rename deploy_postfix_non_mailhost.yml to postfix.yml

---
 playbooks/{deploy_postfix_non_mailhost.yml => postfix.yml} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename playbooks/{deploy_postfix_non_mailhost.yml => postfix.yml} (72%)

diff --git a/playbooks/deploy_postfix_non_mailhost.yml b/playbooks/postfix.yml
similarity index 72%
rename from playbooks/deploy_postfix_non_mailhost.yml
rename to playbooks/postfix.yml
index 741d653..6bc6e2b 100755
--- a/playbooks/deploy_postfix_non_mailhost.yml
+++ b/playbooks/postfix.yml
@@ -1,6 +1,6 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Deploy a correclty configured postfix on non mailhost servers
+# Deploy Postfix on non mailhost servers
 - hosts: all,!unifi
   vars:
     local_network: 10.128.0.0/16

From c49dfb24b0062a61fa2e8b73663163e908309aad Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 09:03:49 +0100
Subject: [PATCH 096/116] Move re2o mail service in postfix playbook

---
 playbooks/postfix.yml      | 13 +++++++++++++
 utils/re2o_mail_server.yml | 13 -------------
 2 files changed, 13 insertions(+), 13 deletions(-)
 delete mode 100755 utils/re2o_mail_server.yml

diff --git a/playbooks/postfix.yml b/playbooks/postfix.yml
index 6bc6e2b..1e46561 100755
--- a/playbooks/postfix.yml
+++ b/playbooks/postfix.yml
@@ -7,3 +7,16 @@
     relay_host: proxy.adm.auro.re
   roles:
     - postfix_non_mailhost
+
+# Deploy Re2o mail service
+- hosts: mail.auro.re
+  vars:
+    service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git
+    service_name: mail-server
+    service_version: aurore
+    service_config:
+      hostname: re2o-test.adm.auro.re  # use test instance for now, should be changed for prod!
+      username: service-user
+      password: "{{ vault_serviceuser_passwd }}"
+  roles:
+    - re2o-service
diff --git a/utils/re2o_mail_server.yml b/utils/re2o_mail_server.yml
deleted file mode 100755
index 79fd7ff..0000000
--- a/utils/re2o_mail_server.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-# Deploy Re2o mail service
-- hosts: mail.auro.re
-  vars:
-    service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git
-    service_name: mail-server
-    service_version: aurore
-    service_config:
-      hostname: re2o-test.adm.auro.re  # use test instance for now, should be changed for prod!
-      username: service-user
-      password: "{{ vault_serviceuser_passwd }}"
-  roles:
-    - re2o-service

From 4cf4ed0964d355b3295ff267865a2053a693f2d4 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 09:04:00 +0100
Subject: [PATCH 097/116] Remove sudo upgrade playbook

---
 utils/sudo_upgrade.yml | 17 -----------------
 1 file changed, 17 deletions(-)
 delete mode 100755 utils/sudo_upgrade.yml

diff --git a/utils/sudo_upgrade.yml b/utils/sudo_upgrade.yml
deleted file mode 100755
index 45b01ad..0000000
--- a/utils/sudo_upgrade.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-# This is a special playbook to upgrade sudo everywhere after the
-# CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
-# Please always use with --limit myserver.adm.auro.re
-# And list updates with --check
-- hosts: all
-  tasks:
-    - name: Upgrade sudo
-      apt:
-        name: sudo
-        state: latest
-        update_cache: true
-        cache_valid_time: 3600  # one hour
-      register: apt_result
-      retries: 3
-      until: apt_result is succeeded

From b827195c32c321e35518f4b58a2672ed77602ce9 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 09:49:31 +0100
Subject: [PATCH 098/116] README: require at least Ansible 2.9

---
 README.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 541ca42..5f2da81 100644
--- a/README.md
+++ b/README.md
@@ -2,8 +2,9 @@
 
 # Recettes Ansible d'Aurore
 
-Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore.
-Pour les utiliser, vérifiez que vous avez au moins Ansible 2.7.
+Dépendances requises :
+
+ * Ansible 2.9 ou plus récent.
 
 ## Ansible 101
 

From 511091c808bc6224f9fb420cbc9af12f4d020ff7 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 09:50:02 +0100
Subject: [PATCH 099/116] Make empty playbooks run fine

---
 playbooks/knot.yml            | 3 +++
 playbooks/ldap_replica.yml    | 3 +++
 playbooks/postfix.yml         | 2 +-
 playbooks/switchs-manager.yml | 3 +++
 playbooks/unifi.yml           | 3 +++
 5 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/playbooks/knot.yml b/playbooks/knot.yml
index 2948c16..43b59c3 100755
--- a/playbooks/knot.yml
+++ b/playbooks/knot.yml
@@ -1,5 +1,8 @@
 #!/usr/bin/env ansible-playbook
 ---
+- hosts: all
+  roles: []
+
 # WIP: Deploy authoritative DNS servers
 # - hosts: authoritative_dns
 #   vars:
diff --git a/playbooks/ldap_replica.yml b/playbooks/ldap_replica.yml
index 1dfdbca..d9042a2 100755
--- a/playbooks/ldap_replica.yml
+++ b/playbooks/ldap_replica.yml
@@ -1,5 +1,8 @@
 #!/usr/bin/env ansible-playbook
 ---
+- hosts: all
+  roles: []
+
 # Clone LDAP on local geographic location
 # DON'T DO THIS AS IT RECREATES THE REPLICA
 #- hosts: ldap_replica
diff --git a/playbooks/postfix.yml b/playbooks/postfix.yml
index 1e46561..0f24dc9 100755
--- a/playbooks/postfix.yml
+++ b/playbooks/postfix.yml
@@ -19,4 +19,4 @@
       username: service-user
       password: "{{ vault_serviceuser_passwd }}"
   roles:
-    - re2o-service
+    - re2o_service
diff --git a/playbooks/switchs-manager.yml b/playbooks/switchs-manager.yml
index b2930ec..c8f2a1b 100755
--- a/playbooks/switchs-manager.yml
+++ b/playbooks/switchs-manager.yml
@@ -1,5 +1,8 @@
 #!/usr/bin/env ansible-playbook
 ---
+- hosts: all
+  roles: []
+
 # Deploy Re2o switch service
 # - hosts: switchs-manager.adm.auro.re
 #   vars:
diff --git a/playbooks/unifi.yml b/playbooks/unifi.yml
index a596824..638580e 100755
--- a/playbooks/unifi.yml
+++ b/playbooks/unifi.yml
@@ -1,5 +1,8 @@
 #!/usr/bin/env ansible-playbook
 ---
+- hosts: all
+  roles: []
+
 # Deploy Unifi Controller
 # - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
 #   roles:

From b6d5f4206a3b68460c40e8cad25740f42a33a47a Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 10:04:43 +0100
Subject: [PATCH 100/116] ansible.cfg: typo

---
 ansible.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible.cfg b/ansible.cfg
index 33120be..c5f49b4 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -2,7 +2,7 @@
 
 [defaults]
 
-# Explicitely redefined some defaults to make subfolder execution work
+# Explicitly redefine some defaults to make subfolder execution work
 roles_path = ./roles
 
 # Do not create .retry files

From 3ccdacde13b71222b0295435f9aa2669bfb9e50d Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 10:05:00 +0100
Subject: [PATCH 101/116] docker: do not deploy on stream

---
 playbooks/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/playbooks/docker.yml b/playbooks/docker.yml
index 61047cc..9d64f11 100755
--- a/playbooks/docker.yml
+++ b/playbooks/docker.yml
@@ -1,7 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---
 # Deploy Docker hosts
-- hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,stream.adm.auro.re,wikijs.adm.auro.re
+- hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,wikijs.adm.auro.re
   vars:
     update_motd:
       docker: Docker est déployé.

From f0631e341b10d4f4bdacc882e618ecae3f39df74 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 10:08:14 +0100
Subject: [PATCH 102/116] Change some comments

---
 playbooks/radius.yml | 2 +-
 playbooks/router.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/playbooks/radius.yml b/playbooks/radius.yml
index ddd5564..b48765e 100755
--- a/playbooks/radius.yml
+++ b/playbooks/radius.yml
@@ -1,6 +1,6 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Radius (backup only for now)
+# Deploy Radius
 - hosts: radius-*.adm.auro.re
   vars:
     update_motd:
diff --git a/playbooks/router.yml b/playbooks/router.yml
index 02dccb1..c273f0d 100755
--- a/playbooks/router.yml
+++ b/playbooks/router.yml
@@ -1,6 +1,6 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Déploiement du service re2o aurore-firewall et keepalived
+# Deploy firewall and keepalived
 # radvd: IPv6 SLAAC (/64 subnets, private IPs).
 #   Must NOT be on routeur-aurore-*, or will with DHCPv6!
 - hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re

From 40a91da78b32a09e7d02d99a255d9b4496862461 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 10:15:38 +0100
Subject: [PATCH 103/116] base: add logrotate on pve

---
 playbooks/base.yml | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/playbooks/base.yml b/playbooks/base.yml
index e663efc..6126147 100755
--- a/playbooks/base.yml
+++ b/playbooks/base.yml
@@ -5,10 +5,6 @@
   roles:
     - baseconfig
     - basesecurity
-    - update_motd
     - ldap_client
-
-# Install logrotate on all servers except PVE
-- hosts: all,!unifi,!pve
-  roles:
     - logrotate
+    - update_motd

From a818fd8ed936454126aefb97726389d4f4c9cb6d Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 10:20:17 +0100
Subject: [PATCH 104/116] Rename postgresql_server to postgresql

---
 playbooks/postgresql.yml                          | 15 ++++++++++++---
 .../defaults/main.yml                             |  0
 .../handlers/main.yml                             |  0
 .../tasks/main.yml                                |  0
 .../templates/postgresql/pg_hba.conf.j2           |  0
 .../templates/postgresql/pg_ident.conf.j2         |  0
 .../templates/postgresql/postgresql.conf.j2       |  0
 7 files changed, 12 insertions(+), 3 deletions(-)
 rename roles/{postgresql_server => postgresql}/defaults/main.yml (100%)
 rename roles/{postgresql_server => postgresql}/handlers/main.yml (100%)
 rename roles/{postgresql_server => postgresql}/tasks/main.yml (100%)
 rename roles/{postgresql_server => postgresql}/templates/postgresql/pg_hba.conf.j2 (100%)
 rename roles/{postgresql_server => postgresql}/templates/postgresql/pg_ident.conf.j2 (100%)
 rename roles/{postgresql_server => postgresql}/templates/postgresql/postgresql.conf.j2 (100%)

diff --git a/playbooks/postgresql.yml b/playbooks/postgresql.yml
index 1b587f1..de81123 100755
--- a/playbooks/postgresql.yml
+++ b/playbooks/postgresql.yml
@@ -1,11 +1,20 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Install and configure database servers at Saclay and at OVH
-- hosts: bdd.adm.auro.re,bdd-ovh.adm.auro.re
+# Install and configure database servers at Saclay
+- hosts: bdd.adm.auro.re
   vars:
     update_motd:
       postgresql: PostgreSQL est déployé.
   roles:
-    - postgresql_server
+    - postgresql
+    - update_motd
+
+# Install and configure database servers at OVH
+- hosts: bdd-ovh.adm.auro.re
+  vars:
+    update_motd:
+      postgresql: PostgreSQL est déployé.
+  roles:
+    - postgresql
     - update_motd
 ...
diff --git a/roles/postgresql_server/defaults/main.yml b/roles/postgresql/defaults/main.yml
similarity index 100%
rename from roles/postgresql_server/defaults/main.yml
rename to roles/postgresql/defaults/main.yml
diff --git a/roles/postgresql_server/handlers/main.yml b/roles/postgresql/handlers/main.yml
similarity index 100%
rename from roles/postgresql_server/handlers/main.yml
rename to roles/postgresql/handlers/main.yml
diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql/tasks/main.yml
similarity index 100%
rename from roles/postgresql_server/tasks/main.yml
rename to roles/postgresql/tasks/main.yml
diff --git a/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 b/roles/postgresql/templates/postgresql/pg_hba.conf.j2
similarity index 100%
rename from roles/postgresql_server/templates/postgresql/pg_hba.conf.j2
rename to roles/postgresql/templates/postgresql/pg_hba.conf.j2
diff --git a/roles/postgresql_server/templates/postgresql/pg_ident.conf.j2 b/roles/postgresql/templates/postgresql/pg_ident.conf.j2
similarity index 100%
rename from roles/postgresql_server/templates/postgresql/pg_ident.conf.j2
rename to roles/postgresql/templates/postgresql/pg_ident.conf.j2
diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql/templates/postgresql/postgresql.conf.j2
similarity index 100%
rename from roles/postgresql_server/templates/postgresql/postgresql.conf.j2
rename to roles/postgresql/templates/postgresql/postgresql.conf.j2

From f0b8075ca68a111ed5cf9e49681e046031652c1e Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 10:33:42 +0100
Subject: [PATCH 105/116] postgresql: move variables in playbook

---
 group_vars/all/vars.yml           |  10 -
 group_vars/all/vault.yml          | 444 +++++++++++++++---------------
 host_vars/bdd-ovh.adm.auro.re.yml |  70 -----
 host_vars/bdd.adm.auro.re.yml     |  50 ----
 playbooks/postgresql.yml          | 120 ++++++++
 5 files changed, 343 insertions(+), 351 deletions(-)
 delete mode 100644 host_vars/bdd-ovh.adm.auro.re.yml
 delete mode 100644 host_vars/bdd.adm.auro.re.yml

diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index 4ac35c4..2f5c748 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -18,16 +18,6 @@ ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}"
 
 # Databases
 postgresql_services_url: 'bdd-ovh.adm.auro.re'
-postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}"
-postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}"
-postgresql_etherpad_passwd: "{{ vault_postgresql_etherpad_passwd }}"
-postgresql_kanboard_passwd: "{{ vault_postgresql_kanboard_passwd }}"
-postgresql_grafana_passwd: "{{ vault_postgresql_grafana_passwd }}"
-postgresql_cas_passwd: "{{ vault_postgresql_cas_passwd }}"
-postgresql_drone_passwd: "{{ vault_postgresql_drone_passwd }}"
-postgresql_wikijs_passwd: "{{ vault_postgresql_wikijs_passwd }}"
-postgresql_nextcloud_passwd: "{{ vault_postgresql_nextcloud_passwd }}"
-postgresql_gitea_passwd: "{{ vault_postgresql_gitea_passwd }}"
 
 # Scripts will tell users to go there to manage their account
 intranet_url: 'https://re2o.auro.re/'
diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
index ac9dd3b..a9f19bf 100644
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@@ -1,222 +1,224 @@
 $ANSIBLE_VAULT;1.1;AES256
-34373734643731373964636230646139623730383435353633356332333639343236366235333731
-3934326537386335393763623466613139366534396331640a323936636562333365343732643736
-39646133356363363838646662303862306531303330643863616436313762383138306538363335
-6563663532373438310a363235336531613561613337316131623330373933303035343465653032
-61343736333939636230383332636366636235303134393761626564363630336134626233623532
-33646363333435353663383332633635653033353335393638343831326431316535333032646266
-36353734356339343533306330323335396636666161356466316666373466646166396263316531
-33613534396634306437393561343036336538643862656362386563356464663135333537303438
-36633264666364323434393062383435343438316565626339323834343166633361306137313764
-64613736316566666534616636376334613032656563623565333933306434623364623833386131
-34613035613336626165363939393939306233316232376631363363396231336161623236656131
-31633434643862353333386437383036326239356332373434623834326631383137386135313464
-66643735343338373034336461346135643939643861646238366334323036633164303838353563
-34616366333761363865313134393131343739383862376361373965313634363762616564346465
-34336130393164386234623138373036343931323863336133323066326663303939646437383563
-64323338623539373332333430313235653666353436333234643734656334656161336539663463
-33336632343562316539353166623839646336316264356139646566303436333537396166346435
-64373262383839616136373030633738333536663430316664383330336536366630303765376664
-30623330363536333032303631326361613035366533366464663932643238616137643834313730
-35346563616136343239313164343466613836376365663665346164396332366134626337383635
-35613064623964306539363033653061656662373838313766376630323336653561373863396664
-32353263353733313062653934313261373763386231636132323139626135393132313530636539
-64623839363835333237313334313334663637363063376665653236613631663036623764303036
-34646333313531396562306633646432323436303732343832313562643265636531333364313136
-33643033643834313030656639373163333634656266306634306263633865386537303163636230
-64366664333131353866333331653938313737326135373334343539666239663537323238343930
-62613334343466336431343031373432313763643031316163626463643463653539663362383966
-33323431373630663138383734663636363932346538393637633832323364326164313662366666
-64303265373931333231643064643563613666633036376632343266386338333461313764373131
-38393435353634653565646465643061643766663661633333323665356534396437613539313465
-30353862353536663239383036353438376439323236666432396366316335376232323464356633
-64386461356363323732366263643130663461306131386535386131333230633465313537356332
-33643533613030333364346663646231613466396461393266323564663932626138663738363363
-34666439383532313062313436306561613330383433366136626135333330386266636531323461
-37313530393839336461626131366264396332303966353731376635336666323239653334356337
-32396431633965616566383538356431643031636234633730386639363934636134616463343639
-62373934386332313130323437313737623337373735653838316231396663343931393336393731
-66313263646633663165613066643439346530333163633733636366383135633265386262376338
-37366261316165643434353733373339656564386236353732633831396461613138643962363732
-33303331346365323437653933643763303161613338383236376139366561333737653639353066
-61646432306336316235346136636364356233366366383832336263353638356265616165666538
-62663431303231363238623061393032343263383535636339303762316261386161666464323132
-62383835373934626262623538313836373034623931616562626131636362616133663965633966
-65363435373639333236613335363666326462656638313132313361376638613238373634303031
-64326338323631663738333032363638613439633134363236396237663735336332643662646538
-39313239343834316263626663353432396232363362663365326430633862663335666630323062
-63363062336532303266306436383437346239356566613432653638666539633835373933633934
-66626162633539613765386437613565393737363962396265343835353930363231356433383238
-66613661396639333539333634333064646230663666303832333163643663386162363833356233
-34363465636136353465313932363636633261393839363934663366373164316239663437363631
-37343038636339313563643933356435396664343233376365323265306165376264396638306135
-62353034376637386631353133626662643238663864666266366163646366613036363538303133
-32613566376633663530383062643538323466313837303430666232343832323136323531666133
-37623231386365633938666564643862396466633430653038333833313163316230373032323939
-39616433316461326334643333306338663938626636303536656337646432386666613163366331
-32313263323566313038383339613765363834353133313834623932633736323964383939613139
-66366266653862333361343761643535643738623536646336653531356361363539616665613665
-61306330626230393365643964626133333831343830383666306364386539366336663064653361
-62643631653037316234616637386663313031336662353765363530333731356636353337623336
-31396462383030643435336231333266666262613336303232333164393935336261393863643764
-35393038346166663430353032346537623165393033353330636433663262623766373330626166
-31366636393466613733623536666537636361343734643938346634323939666264633430633934
-30376431336533626631306261653634663565623037616432613166396262313162353363346138
-32376461393064666661663566363336343437633065646434663430633334346335663733653234
-38353939306366383930616564313938653065636261373564313166353639363863326530333831
-32346137613166316163376632656539616135316539383432653530323033323232656636653435
-31633061643235313933623462353865343637333937383630653665323038316461316561303931
-61616135373666313165396664316538313434336331396539343733353461353138306138303538
-34393362613264313939396265616631646563363631316564353432346330353434646537313736
-63303861623734656463663762316435383963623035633533373736373762643930616562666138
-34383839616231646436653033313635343466326437613930396361316433646435643137323731
-39396537353665643434656235393665396465623135656638313933613765373536306665663361
-62393339356633393861666461663064306331653961616331396262643463393634336662333166
-66626635656634303030373336616563663730376562613335626435373232376465646362383436
-30666333373836626264633837386662333635333737616534343862636237613933613433326433
-30306639346666636230386130383932336566653636613264366462353439396335666330623736
-31643236343538326261653433333736653035343037343330643732653435623566373336326461
-35643236613038656438643238666635386433623365353436333632376564633261306365386238
-36646262613139303731396165633539653839383234666131346165343031666565646637323630
-39626536353230366364623962646163623732356434623839333464636132623466336637333736
-62393862356137616339313735626464316562343464373531333838626333393331623734313565
-64303535333265613634386565616634636133306162313738643834613035643062396233303364
-39316261633665343262363866366466363234643565336663643335396564633463633538373363
-36373331313339653938646132356362306232623435323336626437313934353364313762623930
-30303065356565633932653364613530613435396664363938326433303761663336363234326532
-63656134643234383862323730373333386130646565393165656463353062626130613237373834
-63313764646334623436356236393333376262373238373266363131396437333331616333623663
-36626532613730353932336437316239386164346335353635393661386561643531333731333939
-61616637343766626431306632316265306138636639356637306630336263363061346439376563
-32373166393835343362653330306535613465636264376561346461323266623934633965376536
-30633639343935633863636465643535626164636635623662333036313930633062373861356334
-34333631396530646532656439343238383865646534303564653038396534363234646638613766
-38356463613765656239663131356439323738373862383063313433356632636331383266323661
-38353364343338303461323533613562383637656633366435616530383735626464663635613465
-64646638326333666236323831303364363530383236626237303130343839656561653866346461
-35613835613761663262353036363465623538616162636234643962396330336161373739333763
-66636332613433303362623533323433353565383430343536616162366435653439353863313836
-31323531623237303165633164623235666134343765613836313561363663333734653161393162
-36386464363031366466343962383661313435616263323338366432373661336137316530393737
-37346432633065626634616630643533323163383362383034383166326136313061306165356639
-32646166373564326566336435626530343337393262323434323464333537363638346534313265
-34313133326236346565656138626263646165386235363834373833643538323764626236336333
-36343833383164316136326263303730386662656365393137343361643538646465306664363032
-31373862313330346630646439393965383735316563303838653461383864396230643033313531
-38663237343838336339653439643336383366656431386464646464323562663763363930623336
-63333936653133623565396264356261313063376236636462326432326433393863323236326136
-39396563393963653963323631393934346639656632303632363332326562383534653732663861
-31653933653066313134613634326562656632613932396136333639353633653635376562363066
-62316264613032313963313437636432393336313336656365663536306135666130356230346132
-34626563323039326237616562653336653065663435363163383765393733376639633839393731
-33623533623635656432626431653565303934663765633364316232316461363832376364666566
-38396334613438366264363730613238303065613765343839336532373838396630613165643937
-38376135646133363938336534613437343061303832313461376336323937343465616132383330
-30313831363333383962393934303134313735623234383662623935643831653462353334323733
-32366361383536343134633337393363376231343539663331353063326234633135376663343937
-66366665653963616639343735343438386637396664346537353534313366376439383739303364
-64393464653832633565653635343938306239376538633064373338303837336434383566316366
-62636539386464303663613261343262303536643530633238643565636636666131623530323861
-63353761366462396533303637316230393461383066616332336333626435396134363938343732
-63313464623061353565366337346563373237656437373936623237373163626466663432653831
-64303064313035393138646131313563333230383965333534363032393134633538643966656564
-64633934386632323663653035373234616438363534663439653130633533643234323737353165
-61356464643534323237626261366661396637323065396239313831323233313534313766393763
-33613062353338623936666463333138303761383336386431386637353365666635306362653866
-66326339303363313531376537323363656431666131303563316134616363633335356232663536
-30366339613063303166366139373065393130393436343838313261393331663239303531303735
-33336236383539363131616366633030633333316530313137643836363938306136353536613764
-63313035656530653837323662303032626630613033656133313663633439643835613539396530
-36383936346164333566666133303637343363336331306530336139626234376538636464636533
-37316438623235376633663462633632353630633363336163623835396561656434643736303330
-63323230346364316130643563363637313062323630643865663031643637613136333130623765
-31323463316463393465306538626435343935376664356337316166323136633433653737666663
-66666532396136373931616539363737303232393638346630366636643561393034636436386464
-64613066303432663734346538383766313333316562346130376565333636376330343530363735
-33333733353230393761633032623065633830353739633937306461316266353439356138626538
-61643631386239323638386664613234343635636666643835343039326530636263373435343633
-63393261333933376335366137326536316134636438323131323263663538393931623639646662
-30343032653936303066336135626363333032333265383661383563316532323165303838626566
-36373934303836643361633734363733356165643037616430663432623233393065396166396364
-33333265313666386463633636636439373861303661623166326631656434663262396630376231
-32366331386539343436373534626339313335393038303832376666613766363032663062323965
-61303265636235363330656264346332376261316532346465626235393961643734623161333736
-66666631393738653365656664633436333964666364386239333031383664313763373034386466
-63653931343630386635303263363962393635616663633834373138376134643437373563656237
-32643138663334643764356562316537633065666233363133303032393534316135323761313866
-39383139326131363731613536363434313163643033633730613330363032333937396633383536
-66363262313336363131306538366634386333356132333066333335343237393830333734643464
-66343635643632316438353761333864353566663863333362343637646231366666663433643763
-61326638303131326439316462336164396335653736373938393833316661616335343064653632
-65623739313433643262633832303664666635663930623864653935626532343863343834313037
-32306534353863656235333533383438366261653465323066643130346333383562323464343666
-34623431313334313062323335323230303438626162316139616361633366313066313265643065
-36366433643766616561386465303936613030633164636237363034663865313535313564373534
-62313334623337316537353131383833653465626431353161306163333338616136646531313162
-66333464653565383463363738326232613864626561613132663930363464666537323938333836
-32643665613761626561306534656331393931383262343762323333653963333838643035326362
-37336264383539363232313332363463653030633331643161643263386235646664623634343063
-36376632396663626635626530376235613132336161363361353964666263313837316130346665
-65303736343037343337376134666631626432313065303737656365373233396635366463666239
-30373264363034346333663766383563616136643862373135343735336637616361313532666437
-38396434356432383935663239366237373361656235636263333037323238626238653032323839
-64376430346430383735653836633939373066383562373166376665343162346164336161656464
-64383638373066333535373664666661666466326162623536323837643137326261663237343030
-65616135643032623138633566353362663061623566326464313365383831383434633164396238
-62396437343338366338386433363934306232346533346638643739613066666663633861313864
-33376466613164316662626262616635353239646466373334303164306331343761653633376530
-36646436653966366637326364383531336637623162393763646561323034653938663038663536
-31306163653534333161653863393532383032343030616330356462353530336232383037643064
-39383630346164356665373737623863386664333264613463643530626465313237623232633837
-34386534323334323431646430353061623135663537366335346661373338303033616238666334
-38666564396238346166616634353732313630636664313938656664303935373165393936386132
-30383361376339356662326666643966396266386630313863643830656230623234633135653333
-66383234346434643761386337363264376538623433643337316239656339663565306661653439
-35663764356563376161323232316533613132656533663535653237653861633463373536393733
-37396634373033656437613162346333306435623536353437346366386537613563306333393039
-37383437373339643566636561623933373931396164653232363331633663616530353935376437
-66366633636338666262363637313132366463646134663833393537653139643136323961363537
-64323661383138656637383239623930343631623564663834623265393430316161653837386665
-32363037346563653131653735623763303965393864376436613636616632656631616562613538
-32393962653530653433626162326633643866383461376335656134396431626465303137393763
-64306433353363633762653737626536623639333432653137643166636662366163646265393332
-39363031646561633532306531363838323063393130346232323839393932316330303337346439
-36643733623762656134316331363365376237393937653961653263343463373562656433356163
-30663861636139333061303664373462313131383265363137633363346635373337663834633333
-34386431613938373037643865393735646335323466306563626139306637663461643561336335
-66383765623734353931393837613637313864626562656365316439303234626364353766643031
-33353830643236346265663738306463636338306434323139323132396464633264366338303637
-61663439323035353034336366363737666538623432326262656164613962303466626562613031
-33616134333136393165326335643164613433633361353839656464346331323762323339623263
-65306634613434316666396262373332653563313534303064633934326239646263663438623738
-37396630336133626436336263363732653537653133383231346130653136616439396131306565
-35313134383037363439663266383435616136323134633565613836306333356230623031393634
-38643634653162663933623334633364653632353262303664643132633033373461383662316131
-36373064633464616464643333616534613333363938663131356431666331333638353561353037
-35326339333131646536353766343537656331353130663762346333656264316539623833356266
-66646337313430303134623232653633326466393031356330393463353730383236613236333266
-32376561663437393764303563383535386263356161626266323231633866393339333032353132
-62363636393133663164663436373839353032336131646563623562623431333831383761623236
-30363239313161366634343935313930306364346162643461636430303863663136363238346339
-37326564623735363065643066303431373662353736616333336234326266663435333966366339
-36366362613961363766396636396561626532383639643839303266616131353931376366313862
-33356639346566333065373831386566363035303339346632393730633861356231383238333239
-65636435353937646137323463613066343531356236386663626530316139643539376536616161
-39353562613930326234666662383461333666313032663032303962656465353731323736376231
-36366437653739346138633761373931313465613837663863636666323039323866333933336432
-31663138356633386131323766396264353566653132393439643533313966393631643433633436
-32316336656465366162323665613166303938313431363861666564303138323534396230653766
-36636265343236393539663936646265376436343564376362646334323962356266626662336463
-39336334383162396262653464333766666431363862383738376336343961636435333263323061
-62636135643131623636306535666136323964306133666438336335643761393339616438343065
-63386661663532653138663165663932663838356236313534323462373539623465356664383435
-64363361366335316139353431666536343331396366316265313964373438366633643766393139
-39656564373462353531623234356534306530353436663333306165343932333232613132356664
-64323735323535353036386430366363616337376532376630383834393336613034396262623130
-35613663643436633464633866343963386535383165666163643563353763366661616166626131
-35626139333533313336333633326439613363333339333531666432633861623063333461343933
-66363135376562633239333637333730663862383863653438333763346434326134646161386438
-38356237376637396664666164643332666163316337353038316437616233666338643638306663
-30643130636264333439633263663739623463626334633730333265623263666566333237396630
-63393936383365316237633936313533316364646364643534656436383230663066373533383734
-6130
+66666438656133326638326138663066643238626366633137646134376233336639326365653163
+3737613361383538663934626164356535313133643730610a663634653164623665336136326430
+63383735653262393538383663653966623462326332653163316138313832346532326535336263
+6638373331343838610a323166393664633431323461396135653464396236333235333134613834
+37333866663935653832613036643131306333653565623261346134396534316163366636363134
+34653939363835303037666333623230643339333165613265653638376234646438393630383165
+38376162626538383263626664373634343063623630326334313265323330656465343865306361
+37643835366461353335626639646430633135616130646638376461316434306537346532353630
+31373039303862613264653836313763333566663065383361343261343462633934343139326135
+66393363393962636438383362613162303931316337626665336362633030653430346436326530
+62326664396534626664383834613936356462393163666431333731613339353038336634623532
+33633432363730616439386536626163383563333265386134356231376665336332376439333232
+31336466633135646461373364363534636439356137616632616431363638386234303637626537
+37653332366234386562656365333533326539353837343631636662666236643761323463376137
+35343834636562646339316139613265393736376265636564386639646537323136616464306630
+66333065323533663536336238356537373030333630626464363731313533313537346138616664
+34313635636664636135633035356666613261373065636462306438386461663361326132363439
+34396162373635313732653039326639366362653962376135613636396639656634313234396136
+65363639393532653237613237313563343865613833373562643764333930326539303138636166
+39313565653462613337616263663739333136393966663664653335333237626565636462663261
+62313831663732616133396662343332353365356162353436333135393738323761363164653161
+64393137343738393939316532613639373430656630386532366136393235383063626433396338
+66373337343232343964326435653039386338623166616537383466653030613361396462323038
+33623637323135313664306538323137333763653263326533323039373139396633313135333166
+38356236653731373132353063643038623866653330623537356230306563646262343531333830
+38626161393330303161313932616531326331633938656236313166313035613163323539353535
+63343136643361333431353762643631643262633266346139353165393962326634363764373930
+30363463623434633032366338316332313736656465366461633864373236653863393637636330
+34313936666432363562633531666466356633616664663063363263356632343931333766663466
+64633438333436623639333036636633366337383065313162666231613337306532653335363739
+36356139303461336139323963383465376366633064343031303864373735656430666261643565
+61323236623330636561653962323738323332383331303335663036626638383334333730303965
+33383063323438393532306330393366326561323632623238613836396635656631373430343662
+39333464643037666233373565633132386233353333313135306133343765373565393937656163
+38316238383832343063666334663733313162303337313262666430363538626134313065373336
+32393763633530326161333861333137363066366332613963393734663130613735393764653334
+39613439643364333665383465633765363063313536383835303964363731376165383830616265
+39663762306232646533353963353663343832353739333132366662306335313435663434383431
+36323032333731373032313263396565643561656531643462613931313435616438366132393135
+34303334383662386261386537373438373334623235643037613136653639353164353763613965
+62346231613333353331376433633633353537646639393739356137316131313536343736366532
+62313438326264303638323832653232643266626561303032666432353935396262316538333361
+39323138313234363764303036656631323636626633316436626637333863383230613132353563
+30623161643535643431663535386130643662616263343535326433353764626264343937383730
+66616433623234316262343531643531396662356135336336356233393438656263316138613138
+62323432306563313462366464653965663137383536633437653135343739393839343335366634
+30333834656335383763643637366565633339386330386237313236373463353663363463616636
+61326539363461343639366534643363353038663539366565653234646332626661613333336563
+63663939343465366565653665376237313366376162363833366666373264383131386531396436
+36383430613036633734346561633366613731373133373261626331336266383133653735646638
+64353266653531613264373864353631626331343166656263303165326665326163313539336230
+33656438613833306538643737663763343836393234633630633665393631373736353963343431
+63666366303230386336363933613935313636316361346632626561376562386264666464333639
+65396136623735326462316565356337363537343764653562653731386136366537306137666438
+63646364646138316264336334363437363638393561343138323762626666643039633130623537
+62363938323136326134633039646464353262393731313962373032623966343264333661393934
+38336435346161306238373963396265376263336632646436663837356331663138366561316433
+36623139336231366632323133623639356633393035333761363630633563306436326361306662
+31383261343035636164313463333532373064393765363332336465663430326164373538333530
+62393131666539343933393339306466336235396430326265656661643865663362616332343065
+66613561326162313235613131336130333565363263343665373565386164376165646136386136
+65656361316138303865636462326331353934376365613665316538616164646433356262663931
+65363166386139383736643664353266613133353263313336613361616237633066356562616534
+61303038666338313063383431313239393062653661393336333938663937306536383431646632
+63623031323034643664663134626433323466376133636330316533663462383736623463633332
+32373166313562613461643163366563656638346464343064636632373835393236336438633061
+63363363353437356339643333356531633033376230313330393365626164666335623262313533
+65373234346666663264373238663430373262313435316134313832303964656330386431663833
+33313363366566303535326365353135303863363534646439626664323032346664656530396530
+37633666383162343231333464633439643637356437383866303235616462346664316363336132
+62376661323764323936666165366566636531363736306561663934653533653433666466343438
+35306130323336613764633438626339636531626135373530373066363839313132346538613836
+65623635346233363331633261303761393466636137346331383038613739636366616164306265
+35646333653666373930303535643961343832653062303736613436666661323965373433363537
+35626533386162333364333538653166663838613433353138396661303930613838623635636366
+37626662303434303331666437363138336261303031343964383364313239623739343233353636
+34373433343539613664313164653364353835346263643031626434333037353766376233663236
+61313735303437393230663766323262383130623039393637633039316335383032346261323534
+35656666306262353638623638366339353364383939306330343430366631386161343061346462
+31623431626239376538663463393265366430626565396266393063646532353563663630623363
+36663436346161303066633435353863663163376231303732363563313263326637346234666231
+37656331623838366535303863376233356336613237353966653334343835613738343435646630
+31353731613934653462356630313164313262363966356336323437653037386234303531636465
+39393433373931393234633363383864336465346434333436643139643437656238623737363630
+35656334396438623132373164366464646462353033623965663963633437356337346636633563
+30376236303661323764643536353230373333316237323065616366363262643765666433623735
+64323663666434653761313431333131343536626537393161373063363163393563343465633664
+61356637636161386362363065313730366362373833633830353466356435323533356335636138
+64346266316530376437663336663161376330326331663664653634633537613835366233356132
+62636337613966306439613666336539313866323465366235396630353461613339623830336332
+31653865663734616462356637303332303339393937313031326330373639643934326336366431
+61383465373564393337333137616432626233306631623463316131633331346465646632326231
+32616261666531613265383536653139653335616130333030363433646561336634643464646164
+61383536336139376134336662353931623365353238333835353731373031323535373764303235
+39656362383665366463363730356264313564313035393332353136323763373538643864663966
+35313364323863643063353261613036346533326336633562623730363661333336336266626562
+35373037366166323363343362616562346264626564356631303463636432343635383965633136
+35663632306465353533383166666230363635326637656561333137366263376261383562386538
+63613563663463643737333537646335353137333434313363656531333465623562653864306665
+34313736346131636261663035326361613036393433346233373963333134616235393532333763
+62313136623031393364316361663536353063383065613334663239353932646230306461333764
+62306532653130353032306530636164363730323538613965323661393439613161356237656335
+30343330336131393636646639306532333864646563303363313331613630313430303834653864
+38313465303332303530326466373939343161633534353064333731343431336334303133343531
+64336534623066333863666636326364353839613565643132643266333861636663313930363434
+37656338356566646632393831613237613936663934333766633365373636643234346136633264
+64643865613938366530613365326163376566616562383032633636393234373439656538343130
+63666535646163346166396538386631373532626133643530326532353066313139656266313135
+38633131613364306165646630346361303136636434653234633164333235666166613061626337
+66396461636264616562666337343831303335373835386265666265616366393934323265333235
+30346332373635633935616539323331326165666362316462633432353666633135653136373662
+66306138633738653266336164346566616266626434356665386137313631646565646331303961
+30383961373962333133396665333339333230356666636636643235373236346666333239353763
+62653737313566376461336230623962353136666263656239373138353162666464633239386265
+39646336313932306236346534643431373562636265306166653433636565353037363633653530
+36393638663965613337646633363664663432303231366662646435626233303538346537366130
+65336232353162323337303234633734356236373131626339316363666537666538623438313833
+65383535636234303036346661373630303731663839323663336236643739303836333030343136
+62326539356535323731373938393238613133636432323166326133336362313465326262353530
+32613765633035616431656632366264633134626335356133363561383163396334313738376437
+66383266396365336338383338646465616438386234353635303565326365396432383431616636
+39346566306535306534383965313861343336326462316566643962346465333764653131383031
+32306533313137346166653863386134623062653637346535383130643936656331613866346337
+61366632316332316664613031323033626235326461336133343335323531633639363465306438
+66616262353066363637616530396362626161396439613134373537643266666562386436346638
+63623033353734373062373365663733666161366262303030306162386366653933326234646333
+61633337326265326334346261343663633539373533613963636438663638306130646234386434
+38346537623566313763383064666639376237656662383865653162336234303232386439373962
+31383961616333623736626534333536356136613137636662353664396135623134343663646638
+64376366346534663132616265356263356638303162306233383230363636323962333963353262
+64343232373063313036616634613939623433373262386134633233643635306137373630316334
+65336466646532343633663739626336393730383836653065356632333533633162646437366665
+31376531383262373566323664323161346563626366623133643462636363393835373834313862
+61323533306137356330666531366466303230653864386566613535363465313063363962653666
+62333639636332366537363631623430376163396333333663396430393334343732626361306439
+31623862663736633362373466626333663964356162653337633039323138353035656562396132
+33333837396164646564623735366266376562623835656566393361633730616130373931663461
+62376537613661616135346562393539346632343530363335373965323664653463383637656336
+31383835363931393537646132656164653730323639373835336334653561363835373663363730
+32376435626431356336633939326636313834346666656237376264633162323062663238353537
+34376336616234373165313064396361356263383239393036643761613630666230346361336666
+32333462313161656563323534393936373535316236393865636630366263373765323632643065
+66396465306234623565663139613830356139376135336230373364646465343562373361646337
+63363937663461636334366630303530343065323065633965643561366264613865356235636337
+65616564636635376635623937303330386537323966353034363331316363653136653939376439
+33323262396138316665383163306131383331623338343263353638343033323638323462303439
+33333631623638616430356666663161636534313038373130663030356537653265363232386530
+31646637333263613937646330363139353531373361376466396331386266393264366239356237
+66336333663665393035626639376163623435666530656563336434626238373736336335613036
+37303038646534363161343735633330343734616339633039376539343438373264393938663463
+32356562353161396230373239653631323038383661383037393761323131323038643064656665
+65346362373430656162346438653533306638303364386438383436333232363033383933666562
+32336630303932303636653438336462313466393463343363633662383237643837323363353765
+31666537643665343431613462616663303732666535363536613534656236356237336564363134
+33633266396630393837363364303963663435646166363566356530313835316236346332633164
+62656636643930363235636162646166626337326535643565616139363738396631613665626536
+66303238363335656538353265383864663436363834633664653433333163643537333433383766
+66613437366632346263623233646338316239316430303336323465656531326637323263343162
+31346632363464313637373766303765323435663939353063313236373632393866363562346335
+33386334653833663832396536663031613432656665306662396135363632333961663663386635
+62653631623636623963616431613131393734396365333131386433613561646266623739353330
+35336234653334653030356261353438363232366230316366313661626261646633333365393563
+66636532326239623463303662386536313461376464633738633038346664373032373364336166
+65306433316365613261383534326530376430323938306265313838626536373530636533336462
+33323034393765613737666237303233333439656463306633343237633634396331306338336139
+30336637633064373033363333353838646365313733646461663763373661366237366433363638
+31303565396133313932636665663261393136623730663535396337663961393363626435663062
+34343536383864323231653632393839616539333438353039633764336535653962393135333035
+39343332396130643239633639353661623565323861303137303764633266613130323431636164
+65653235386661333363653665626231356331333666363133343830326431396366373064653063
+61316233633635663866356261383766666430663130636166656330356639666233386131313737
+62333637366430636362316166356464643361363165616630393461356661396263316234346562
+61653032333639383762353335643036616566666230666465646338663834666161626263623862
+36383166623766623730333337313932363337356430373165666537346637316438313133656362
+65303936363730356131316232346433376261656661353533613265343065356539343366383538
+32366561663366656562356666303936336663353964623263336435653964626133383332373436
+30346236633266613363626632636464366435383430323365383436626361336531353363313439
+65663664623531363039303431303137623164633332616436353631633361383536616330363737
+39656535666131333863363832353664326534646233346435623937646566623466646131383335
+37643038306363336638393132666464393636623331306366636435633335333064383630393763
+62346366613238366532343761323663633137393133306564386533643132323661323938643933
+37316165346536393465613233666166633935666361376131613762383933363935353034653662
+30393138633665366336373038326436353932613138396462383163376361356435376462333237
+66363535616639356336323838653633323064643635373630653639613834386465363536306664
+34303831366364346361643564616435396661373765323530396635376161316334356137656664
+61333762366365633038653934653436613637636132353062373134316162336539653239613333
+34383666643136373337303466346165363137306563643964303839626264323231343262303836
+36643664633535326166313832666230656532353538363765316362336136323430636666356339
+30656635343038646131663837313232316262393863613863393031386336663730613761393466
+65343331346435393764343565326531653263336463346633653231643937323237383134626462
+32383362633666303131376164353261353232393036353636626566633862383063356136333036
+64346239363633393065633631343061343639323437303163343565646661366265643133386465
+30616235653231623263353736636231356136653236366531316131323635333137643666373437
+61336435613237306430343966383839663261386335616234363864353632653433393033656433
+39613835326130383864373832663536383261363135303664383131636164316634383831363233
+34386639616233373731306537633962383565336565343434663361343062326435343565666632
+64303830326436613932333161333930656666306165316333386237633161366161303537383465
+63326265626662376136636131323261643234656239316131383235636336303733386632633436
+65636663626434303637616366626463346533616237306130666365366564333735383032346635
+31623663363164316362343933663530663038616137633235656466366565306331343961343362
+65333935653664323266356637616532393538653231383935643432363838343335656165633832
+65626531316161646233626337626165656133643362626263363261326363306439353863353633
+38323161383739336631373266303633363964663833643130643235366137383637663134623664
+37363363306632646433376133383964643965623833373436663436393164666430363663363036
+62346538353538356566623562666166383162666537656335346337643132303339326333363933
+31396461346434623362353863303335623866316562316234386538343364343561333937326166
+33613237386239613533653036613636666662616461613031623065323630333766653265666439
+37653936303438333235366232343436346463643330373038646330306236643737386330663266
+33323631303836363239663731623435666630626335663134393532306235343033663365613237
+61643233356264306465623062303231643335643737366434306663393035613365616139646538
+34613338346633326432353064336233343765633638626639643430333233353235616639626239
+61663361643636653930666437633865386537383163643832326665316465616232636266366539
+62653061396265393831396431626462663033383637363565313531343764383931663665613064
+39383461353133306434323562393136313536623739353235346565376134306636613465633630
+34633737633536353338663061373738336337633134636639663730366537343463373635653833
+62393937393232316161366135353638666466373639613363653032666530633634306639333366
+38386432636639386435306638383035353134373261663038616137336164396235356131323038
+61333031316666353336343638623963616266643432613533616466353362353565363237636630
+38343662623838666134356537353434383564616335363032663436333133613762383063353562
+66646138383064636463623939643834396165633164333038373938636631306439356436373561
+64663835393863353131343334633137346162373838353738323938313162396165393632316566
+65326462613361643964386564376464353666386133616666623039366638383236653832393665
+623466653930303838323161316265323031
diff --git a/host_vars/bdd-ovh.adm.auro.re.yml b/host_vars/bdd-ovh.adm.auro.re.yml
deleted file mode 100644
index 2164cb6..0000000
--- a/host_vars/bdd-ovh.adm.auro.re.yml
+++ /dev/null
@@ -1,70 +0,0 @@
----
-postgresql:
-  version: 13
-
-postgresql_hosts:
-  - database: etherpad
-    user: etherpad
-    net: 10.128.0.150/32
-    method: md5
-  - database: codimd
-    user: codimd
-    net: 10.128.0.150/32
-    method: md5
-  - database: synapse
-    user: synapse
-    net: 10.128.0.56/32
-    method: md5
-  - database: kanboard
-    user: kanboard
-    net: 10.128.0.150/32
-    method: md5
-  - database: grafana
-    user: grafana
-    net: 10.128.0.150/32
-    method: md5
-  - database: cas
-    user: cas
-    net: 10.128.0.150/32
-    method: md5
-
-postgresql_databases:
-  - synapse
-  - codimd
-  - etherpad
-  - kanboard
-  - grafana
-  - cas
-
-postgresql_users:
-  - name: synapse
-    database: synapse
-    password: "{{ postgresql_synapse_passwd }}"
-    privs:
-      - ALL
-  - name: codimd
-    database: codimd
-    password: "{{ postgresql_codimd_passwd }}"
-    privs:
-      - ALL
-  - name: etherpad
-    database: etherpad
-    password: "{{ postgresql_etherpad_passwd }}"
-    privs:
-      - ALL
-  - name: kanboard
-    database: kanboard
-    password: "{{ postgresql_kanboard_passwd }}"
-    privs:
-      - ALL
-  - name: grafana
-    database: grafana
-    password: "{{ postgresql_grafana_passwd }}"
-    privs:
-      - ALL
-  - name: cas
-    database: cas
-    password: "{{ postgresql_cas_passwd }}"
-    privs:
-      - ALL
-...
diff --git a/host_vars/bdd.adm.auro.re.yml b/host_vars/bdd.adm.auro.re.yml
deleted file mode 100644
index f782355..0000000
--- a/host_vars/bdd.adm.auro.re.yml
+++ /dev/null
@@ -1,50 +0,0 @@
----
-postgresql:
-  version: 13
-
-postgresql_hosts:
-  - database: nextcloud
-    user: nextcloud
-    net: 10.128.0.58/32
-    method: md5
-  - database: gitea
-    user: gitea
-    net: 10.128.0.60/32
-    method: md5
-  - database: wikijs
-    user: wikijs
-    net: 10.128.0.66/32
-    method: md5
-  - database: drone
-    user: drone
-    net: 10.128.0.64/32
-    method: md5
-
-postgresql_databases:
-  - nextcloud
-  - gitea
-  - wikijs
-  - drone
-
-postgresql_users:
-  - name: nextcloud
-    database: nextcloud
-    password: "{{ postgresql_nextcloud_passwd }}"
-    privs:
-      - ALL
-  - name: gitea
-    database: gitea
-    password: "{{ postgresql_gitea_passwd }}"
-    privs:
-      - ALL
-  - name: wikijs
-    database: wikijs
-    password: "{{ postgresql_wikijs_passwd }}"
-    privs:
-      - ALL
-  - name: drone
-    database: drone
-    password: "{{ postgresql_drone_passwd }}"
-    privs:
-      - ALL
-...
diff --git a/playbooks/postgresql.yml b/playbooks/postgresql.yml
index de81123..48b3863 100755
--- a/playbooks/postgresql.yml
+++ b/playbooks/postgresql.yml
@@ -3,6 +3,71 @@
 # Install and configure database servers at Saclay
 - hosts: bdd.adm.auro.re
   vars:
+    postgresql:
+      version: 13
+    postgresql_hosts:
+      - database: nextcloud
+        user: nextcloud
+        net: 10.128.0.58/32
+        method: md5
+      - database: gitea
+        user: gitea
+        net: 10.128.0.60/32
+        method: md5
+      - database: wikijs
+        user: wikijs
+        net: 10.128.0.66/32
+        method: md5
+      - database: drone
+        user: drone
+        net: 10.128.0.64/32
+        method: md5
+      - database: netbox
+        user: netbox
+        net: 10.128.0.97/32
+        method: md5
+      - database: grafana
+        user: grafana
+        net: 10.128.0.98/32
+        method: md5
+    postgresql_databases:
+      - nextcloud
+      - gitea
+      - wikijs
+      - drone
+      - netbox
+      - grafana
+    postgresql_users:
+      - name: nextcloud
+        database: nextcloud
+        password: "{{ vault_postgresql_nextcloud_passwd }}"
+        privs:
+          - ALL
+      - name: gitea
+        database: gitea
+        password: "{{ vault_postgresql_gitea_passwd }}"
+        privs:
+          - ALL
+      - name: wikijs
+        database: wikijs
+        password: "{{ vault_postgresql_wikijs_passwd }}"
+        privs:
+          - ALL
+      - name: drone
+        database: drone
+        password: "{{ vault_postgresql_drone_passwd }}"
+        privs:
+          - ALL
+      - name: netbox
+        database: netbox
+        password: "{{ vault_postgresql_netbox_passwd }}"
+        privs:
+          - ALL
+      - name: grafana
+        database: grafana
+        password: "{{ vault_postgresql_grafana_passwd }}"
+        privs:
+          - ALL
     update_motd:
       postgresql: PostgreSQL est déployé.
   roles:
@@ -12,6 +77,61 @@
 # Install and configure database servers at OVH
 - hosts: bdd-ovh.adm.auro.re
   vars:
+    postgresql:
+      version: 13
+    postgresql_hosts:
+      - database: etherpad
+        user: etherpad
+        net: 10.128.0.150/32
+        method: md5
+      - database: codimd
+        user: codimd
+        net: 10.128.0.150/32
+        method: md5
+      - database: synapse
+        user: synapse
+        net: 10.128.0.56/32
+        method: md5
+      - database: kanboard
+        user: kanboard
+        net: 10.128.0.150/32
+        method: md5
+      - database: cas
+        user: cas
+        net: 10.128.0.150/32
+        method: md5
+    postgresql_databases:
+      - synapse
+      - codimd
+      - etherpad
+      - kanboard
+      - cas
+    postgresql_users:
+      - name: synapse
+        database: synapse
+        password: "{{ vault_postgresql_synapse_passwd }}"
+        privs:
+          - ALL
+      - name: codimd
+        database: codimd
+        password: "{{ vault_postgresql_codimd_passwd }}"
+        privs:
+          - ALL
+      - name: etherpad
+        database: etherpad
+        password: "{{ vault_postgresql_etherpad_passwd }}"
+        privs:
+          - ALL
+      - name: kanboard
+        database: kanboard
+        password: "{{ vault_postgresql_kanboard_passwd }}"
+        privs:
+          - ALL
+      - name: cas
+        database: cas
+        password: "{{ vault_postgresql_cas_passwd }}"
+        privs:
+          - ALL
     update_motd:
       postgresql: PostgreSQL est déployé.
   roles:

From 4bd431f9c3a55487815042488bda482b9162fffb Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 10:45:21 +0100
Subject: [PATCH 106/116] postgresql: variables in dict

---
 host_vars/re2o-bdd.adm.auro.re.yml            |   2 -
 playbooks/postgresql.yml                      | 232 +++++++++---------
 .../templates/config.yaml.j2                  |   2 +-
 roles/postgresql/tasks/main.yml               |   6 +-
 .../templates/postgresql/pg_hba.conf.j2       |   2 +-
 5 files changed, 121 insertions(+), 123 deletions(-)
 delete mode 100644 host_vars/re2o-bdd.adm.auro.re.yml

diff --git a/host_vars/re2o-bdd.adm.auro.re.yml b/host_vars/re2o-bdd.adm.auro.re.yml
deleted file mode 100644
index 7991f13..0000000
--- a/host_vars/re2o-bdd.adm.auro.re.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-postgresql_databases: true
diff --git a/playbooks/postgresql.yml b/playbooks/postgresql.yml
index 48b3863..3431b5b 100755
--- a/playbooks/postgresql.yml
+++ b/playbooks/postgresql.yml
@@ -5,69 +5,69 @@
   vars:
     postgresql:
       version: 13
-    postgresql_hosts:
-      - database: nextcloud
-        user: nextcloud
-        net: 10.128.0.58/32
-        method: md5
-      - database: gitea
-        user: gitea
-        net: 10.128.0.60/32
-        method: md5
-      - database: wikijs
-        user: wikijs
-        net: 10.128.0.66/32
-        method: md5
-      - database: drone
-        user: drone
-        net: 10.128.0.64/32
-        method: md5
-      - database: netbox
-        user: netbox
-        net: 10.128.0.97/32
-        method: md5
-      - database: grafana
-        user: grafana
-        net: 10.128.0.98/32
-        method: md5
-    postgresql_databases:
-      - nextcloud
-      - gitea
-      - wikijs
-      - drone
-      - netbox
-      - grafana
-    postgresql_users:
-      - name: nextcloud
-        database: nextcloud
-        password: "{{ vault_postgresql_nextcloud_passwd }}"
-        privs:
-          - ALL
-      - name: gitea
-        database: gitea
-        password: "{{ vault_postgresql_gitea_passwd }}"
-        privs:
-          - ALL
-      - name: wikijs
-        database: wikijs
-        password: "{{ vault_postgresql_wikijs_passwd }}"
-        privs:
-          - ALL
-      - name: drone
-        database: drone
-        password: "{{ vault_postgresql_drone_passwd }}"
-        privs:
-          - ALL
-      - name: netbox
-        database: netbox
-        password: "{{ vault_postgresql_netbox_passwd }}"
-        privs:
-          - ALL
-      - name: grafana
-        database: grafana
-        password: "{{ vault_postgresql_grafana_passwd }}"
-        privs:
-          - ALL
+      hosts:
+        - database: nextcloud
+          user: nextcloud
+          net: 10.128.0.58/32
+          method: md5
+        - database: gitea
+          user: gitea
+          net: 10.128.0.60/32
+          method: md5
+        - database: wikijs
+          user: wikijs
+          net: 10.128.0.66/32
+          method: md5
+        - database: drone
+          user: drone
+          net: 10.128.0.64/32
+          method: md5
+        - database: netbox
+          user: netbox
+          net: 10.128.0.97/32
+          method: md5
+        - database: grafana
+          user: grafana
+          net: 10.128.0.98/32
+          method: md5
+      databases:
+        - nextcloud
+        - gitea
+        - wikijs
+        - drone
+        - netbox
+        - grafana
+      users:
+        - name: nextcloud
+          database: nextcloud
+          password: "{{ vault_postgresql_nextcloud_passwd }}"
+          privs:
+            - ALL
+        - name: gitea
+          database: gitea
+          password: "{{ vault_postgresql_gitea_passwd }}"
+          privs:
+            - ALL
+        - name: wikijs
+          database: wikijs
+          password: "{{ vault_postgresql_wikijs_passwd }}"
+          privs:
+            - ALL
+        - name: drone
+          database: drone
+          password: "{{ vault_postgresql_drone_passwd }}"
+          privs:
+            - ALL
+        - name: netbox
+          database: netbox
+          password: "{{ vault_postgresql_netbox_passwd }}"
+          privs:
+            - ALL
+        - name: grafana
+          database: grafana
+          password: "{{ vault_postgresql_grafana_passwd }}"
+          privs:
+            - ALL
     update_motd:
       postgresql: PostgreSQL est déployé.
   roles:
@@ -79,59 +79,59 @@
   vars:
     postgresql:
       version: 13
-    postgresql_hosts:
-      - database: etherpad
-        user: etherpad
-        net: 10.128.0.150/32
-        method: md5
-      - database: codimd
-        user: codimd
-        net: 10.128.0.150/32
-        method: md5
-      - database: synapse
-        user: synapse
-        net: 10.128.0.56/32
-        method: md5
-      - database: kanboard
-        user: kanboard
-        net: 10.128.0.150/32
-        method: md5
-      - database: cas
-        user: cas
-        net: 10.128.0.150/32
-        method: md5
-    postgresql_databases:
-      - synapse
-      - codimd
-      - etherpad
-      - kanboard
-      - cas
-    postgresql_users:
-      - name: synapse
-        database: synapse
-        password: "{{ vault_postgresql_synapse_passwd }}"
-        privs:
-          - ALL
-      - name: codimd
-        database: codimd
-        password: "{{ vault_postgresql_codimd_passwd }}"
-        privs:
-          - ALL
-      - name: etherpad
-        database: etherpad
-        password: "{{ vault_postgresql_etherpad_passwd }}"
-        privs:
-          - ALL
-      - name: kanboard
-        database: kanboard
-        password: "{{ vault_postgresql_kanboard_passwd }}"
-        privs:
-          - ALL
-      - name: cas
-        database: cas
-        password: "{{ vault_postgresql_cas_passwd }}"
-        privs:
-          - ALL
+      hosts:
+        - database: etherpad
+          user: etherpad
+          net: 10.128.0.150/32
+          method: md5
+        - database: codimd
+          user: codimd
+          net: 10.128.0.150/32
+          method: md5
+        - database: synapse
+          user: synapse
+          net: 10.128.0.56/32
+          method: md5
+        - database: kanboard
+          user: kanboard
+          net: 10.128.0.150/32
+          method: md5
+        - database: cas
+          user: cas
+          net: 10.128.0.150/32
+          method: md5
+      databases:
+        - synapse
+        - codimd
+        - etherpad
+        - kanboard
+        - cas
+      users:
+        - name: synapse
+          database: synapse
+          password: "{{ vault_postgresql_synapse_passwd }}"
+          privs:
+            - ALL
+        - name: codimd
+          database: codimd
+          password: "{{ vault_postgresql_codimd_passwd }}"
+          privs:
+            - ALL
+        - name: etherpad
+          database: etherpad
+          password: "{{ vault_postgresql_etherpad_passwd }}"
+          privs:
+            - ALL
+        - name: kanboard
+          database: kanboard
+          password: "{{ vault_postgresql_kanboard_passwd }}"
+          privs:
+            - ALL
+        - name: cas
+          database: cas
+          password: "{{ vault_postgresql_cas_passwd }}"
+          privs:
+            - ALL
     update_motd:
       postgresql: PostgreSQL est déployé.
   roles:
diff --git a/roles/borgbackup_client/templates/config.yaml.j2 b/roles/borgbackup_client/templates/config.yaml.j2
index a8eb2cb..6c2f455 100644
--- a/roles/borgbackup_client/templates/config.yaml.j2
+++ b/roles/borgbackup_client/templates/config.yaml.j2
@@ -42,7 +42,7 @@ consistency:
     - repository
     - archives
 
-{% if postgresql_databases is defined %}
+{% if borg_postgresql_databases is defined %}
 hooks:
   postgresql_databases:
     - name: all
diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml
index 3472be3..8a1800d 100644
--- a/roles/postgresql/tasks/main.yml
+++ b/roles/postgresql/tasks/main.yml
@@ -55,7 +55,7 @@
     lc_collate: en_US.UTF-8
     lc_ctype: en_US.UTF-8
     template: template0
-  loop: "{{ postgresql_databases }}"
+  loop: "{{ postgresql.databases }}"
 
 - name: Create users
   become: true
@@ -65,7 +65,7 @@
     name: "{{ item.name }}"
     password: "{{ item.password }}"
   no_log: true
-  loop: "{{ postgresql_users }}"
+  loop: "{{ postgresql.users }}"
 
 - name: Grant privileges to users
   become: true
@@ -77,5 +77,5 @@
     privs: "{{ item.privs | join(',') }}"
     obj: "{{ item.database }}"
   no_log: true
-  loop: "{{ postgresql_users }}"
+  loop: "{{ postgresql.users }}"
 ...
diff --git a/roles/postgresql/templates/postgresql/pg_hba.conf.j2 b/roles/postgresql/templates/postgresql/pg_hba.conf.j2
index ec527b3..bf8f545 100644
--- a/roles/postgresql/templates/postgresql/pg_hba.conf.j2
+++ b/roles/postgresql/templates/postgresql/pg_hba.conf.j2
@@ -2,6 +2,6 @@
 
 # TYPE  DATABASE        USER            ADDRESS                 METHOD
 local   all             postgres                                peer map=map_local
-{% for host in postgresql_hosts %}  
+{% for host in postgresql.hosts %}
 host "{{ host.database }}" "{{ host.user }}" {{ host.net }} {{ host.method }}
 {% endfor %}

From 45802cf65dd69b3576d118c103f49b5c20e8fb67 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 10:49:45 +0100
Subject: [PATCH 107/116] borgbackup: backup all postgresql databases

---
 playbooks/borgbackup.yml | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/playbooks/borgbackup.yml b/playbooks/borgbackup.yml
index df8c37e..804f2b0 100755
--- a/playbooks/borgbackup.yml
+++ b/playbooks/borgbackup.yml
@@ -10,7 +10,7 @@
     - borgbackup_server
     - update_motd
 
-- hosts: all,!unifi,!unifi-*
+- hosts: all,!unifi,!unifi-*,!bdd
   vars:
     update_motd:
       borgbackup_client: >-
@@ -18,4 +18,15 @@
   roles:
     - borgbackup_client
     - update_motd
+
+# On databases server, also backup databases
+- hosts: bdd
+  vars:
+    borg_postgresql_databases: true
+    update_motd:
+      borgbackup_client: >-
+        BorgBackup est déployé (/etc/borgmatic/config.yaml)
+  roles:
+    - borgbackup_client
+    - update_motd
 ...

From fd0cb811a74ae51746491d4444c5ed63a4a22cef Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 11:07:13 +0100
Subject: [PATCH 108/116] postgres: fix defaults

---
 roles/postgresql/defaults/main.yml                   | 5 -----
 roles/postgresql/tasks/main.yml                      | 6 +++---
 roles/postgresql/templates/postgresql/pg_hba.conf.j2 | 2 +-
 3 files changed, 4 insertions(+), 9 deletions(-)
 delete mode 100644 roles/postgresql/defaults/main.yml

diff --git a/roles/postgresql/defaults/main.yml b/roles/postgresql/defaults/main.yml
deleted file mode 100644
index 8eb5639..0000000
--- a/roles/postgresql/defaults/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-postgresql_hosts: []
-postgresql_databases: []
-postgresql_users: []
-...
diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml
index 8a1800d..bde4367 100644
--- a/roles/postgresql/tasks/main.yml
+++ b/roles/postgresql/tasks/main.yml
@@ -55,7 +55,7 @@
     lc_collate: en_US.UTF-8
     lc_ctype: en_US.UTF-8
     template: template0
-  loop: "{{ postgresql.databases }}"
+  loop: "{{ postgresql.databases | default([]) }}"
 
 - name: Create users
   become: true
@@ -65,7 +65,7 @@
     name: "{{ item.name }}"
     password: "{{ item.password }}"
   no_log: true
-  loop: "{{ postgresql.users }}"
+  loop: "{{ postgresql.users | default([]) }}"
 
 - name: Grant privileges to users
   become: true
@@ -77,5 +77,5 @@
     privs: "{{ item.privs | join(',') }}"
     obj: "{{ item.database }}"
   no_log: true
-  loop: "{{ postgresql.users }}"
+  loop: "{{ postgresql.users | default([]) }}"
 ...
diff --git a/roles/postgresql/templates/postgresql/pg_hba.conf.j2 b/roles/postgresql/templates/postgresql/pg_hba.conf.j2
index bf8f545..bc14c01 100644
--- a/roles/postgresql/templates/postgresql/pg_hba.conf.j2
+++ b/roles/postgresql/templates/postgresql/pg_hba.conf.j2
@@ -2,6 +2,6 @@
 
 # TYPE  DATABASE        USER            ADDRESS                 METHOD
 local   all             postgres                                peer map=map_local
-{% for host in postgresql.hosts %}
+{% for host in postgresql.hosts | default([]) %}
 host "{{ host.database }}" "{{ host.user }}" {{ host.net }} {{ host.method }}
 {% endfor %}

From cc3d5d9b7f10bfdfe8afd14cd7bc27cec472eecc Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 11:12:23 +0100
Subject: [PATCH 109/116] nginx: remove bbb.auro.re

---
 host_vars/proxy.adm.auro.re.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/host_vars/proxy.adm.auro.re.yml b/host_vars/proxy.adm.auro.re.yml
index c85c7fa..1c28257 100644
--- a/host_vars/proxy.adm.auro.re.yml
+++ b/host_vars/proxy.adm.auro.re.yml
@@ -41,9 +41,6 @@ loc_reverseproxy:
     - from: intranet.auro.re
       to: 10.128.0.20
 
-    - from: bbb.auro.re
-      to: 10.128.0.54
-
     - from: nextcloud.auro.re
       to: "10.128.0.58:8080"
 

From 3c85a2bfb22db32681d8aa40b396b3dada311366 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 11:13:34 +0100
Subject: [PATCH 110/116] passbolt: remove role

---
 roles/passbolt/defaults/main.yml | 10 --------
 roles/passbolt/tasks/main.yml    | 39 --------------------------------
 2 files changed, 49 deletions(-)
 delete mode 100644 roles/passbolt/defaults/main.yml
 delete mode 100644 roles/passbolt/tasks/main.yml

diff --git a/roles/passbolt/defaults/main.yml b/roles/passbolt/defaults/main.yml
deleted file mode 100644
index d499d24..0000000
--- a/roles/passbolt/defaults/main.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-# URL to clone
-passbolt_repo: https://github.com/passbolt/passbolt_api.git
-passbolt_version: v2.10.0
-
-# Install target
-passbolt_path: /var/www/passbolt
-
-# User used to run passbolt
-passbolt_user: www-data
diff --git a/roles/passbolt/tasks/main.yml b/roles/passbolt/tasks/main.yml
deleted file mode 100644
index 0c10a53..0000000
--- a/roles/passbolt/tasks/main.yml
+++ /dev/null
@@ -1,39 +0,0 @@
----
-# See https://help.passbolt.com/hosting/install/ce/from-source.html
-
-- name: Clone passbolt project
-  git:
-    repo: "{{ passbolt_repo }}"
-    dest: "{{ passbolt_path }}"
-    version: "{{ passbolt_version }}"
-  become: true
-  become_user: "{{ passbolt_user }}"
-
-- name: Install passbolt dependencies
-  apt:
-    name:
-      - composer
-      - php-fpm
-      - php-intl
-      - php-gnupg
-      - php-gd
-      - php-mysql
-      - nginx
-      - mariadb-server
-    state: present
-    update_cache: true
-  register: apt_result
-  retries: 3
-  until: apt_result is succeeded
-
-# Setup dependencies
-- name: Install passbolt PHP dependencies
-  composer:
-    command: install
-    working_dir: "{{ passbolt_path }}"
-    no_dev: true
-  become: true
-  become_user: "{{ passbolt_user }}"
-  register: composer_result
-  retries: 3
-  until: composer_result is succeeded

From a56cea369cad60ccdad3ae6e6e1fd1147b783967 Mon Sep 17 00:00:00 2001
From: Jeltz <tom.barthe+aurore@ens-paris-saclay.fr>
Date: Sun, 28 Nov 2021 11:17:47 +0100
Subject: [PATCH 111/116] Remove 'dokuwiki' role

---
 roles/dokuwiki/tasks/main.yml               | 30 ---------------------
 roles/dokuwiki/templates/apt/buster.list.j2 |  9 -------
 roles/dokuwiki/templates/apt/dokuwiki.j2    |  9 -------
 3 files changed, 48 deletions(-)
 delete mode 100644 roles/dokuwiki/tasks/main.yml
 delete mode 100644 roles/dokuwiki/templates/apt/buster.list.j2
 delete mode 100644 roles/dokuwiki/templates/apt/dokuwiki.j2

diff --git a/roles/dokuwiki/tasks/main.yml b/roles/dokuwiki/tasks/main.yml
deleted file mode 100644
index 76321ba..0000000
--- a/roles/dokuwiki/tasks/main.yml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-# For DokuWiki package
-- name: Configure Debian Buster mirrors
-  when:
-    - ansible_distribution == 'Debian'
-    - ansible_distribution_release == 'stretch'
-  template:
-    src: apt/buster.list.j2
-    dest: /etc/apt/sources.list.d/buster.list
-    mode: 0644
-
-# For DokuWiki package
-- name: Configure DokuWiki pin
-  when:
-    - ansible_distribution == 'Debian'
-    - ansible_distribution_release == 'stretch'
-  template:
-    src: apt/dokuwiki.j2
-    dest: /etc/apt/preferences.d/dokuwiki
-    mode: 0644
-
-# Install
-- name: Install DokuWiki
-  apt:
-    update_cache: true
-    name: dokuwiki
-    state: present
-  register: apt_result
-  retries: 3
-  until: apt_result is succeeded
diff --git a/roles/dokuwiki/templates/apt/buster.list.j2 b/roles/dokuwiki/templates/apt/buster.list.j2
deleted file mode 100644
index 6d2617b..0000000
--- a/roles/dokuwiki/templates/apt/buster.list.j2
+++ /dev/null
@@ -1,9 +0,0 @@
-# {{ ansible_managed }}
-{# #}
-{# Default mirror #}
-{% if debian_mirror is not defined %}
-{% set debian_mirror = 'http://ftp.fr.debian.org/debian' %}
-{% endif %}
-
-deb {{ debian_mirror }} buster main
-deb-src {{ debian_mirror }} buster main
diff --git a/roles/dokuwiki/templates/apt/dokuwiki.j2 b/roles/dokuwiki/templates/apt/dokuwiki.j2
deleted file mode 100644
index 3a20a1d..0000000
--- a/roles/dokuwiki/templates/apt/dokuwiki.j2
+++ /dev/null
@@ -1,9 +0,0 @@
-# {{ ansible_managed }}
-
-Package: *
-Pin: release n=stretch*
-Pin-Priority: 990
-
-Package: dokuwiki
-Pin: release n=buster
-Pin-Priority: 990

From dd0d5dd4bea7fe2f556f6d839e442e4ac71a4c08 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 12:42:57 +0100
Subject: [PATCH 112/116] CI: use upstream ansible/toolset

---
 .drone.yml                     |  3 +--
 docker-ansible-lint/Dockerfile |  7 -------
 docker-ansible-lint/README.md  | 18 ------------------
 3 files changed, 1 insertion(+), 27 deletions(-)
 delete mode 100644 docker-ansible-lint/Dockerfile
 delete mode 100644 docker-ansible-lint/README.md

diff --git a/.drone.yml b/.drone.yml
index eb6ce40..bc2b808 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -5,8 +5,7 @@ name: check
 
 steps:
   - name: ansible and yaml linting
-    pull: never
-    image: aurore-ansible-lint-image
+    image: quay.io/ansible/toolset:3.5.0
     commands:
       - ansible-lint
 ...
diff --git a/docker-ansible-lint/Dockerfile b/docker-ansible-lint/Dockerfile
deleted file mode 100644
index 7acf954..0000000
--- a/docker-ansible-lint/Dockerfile
+++ /dev/null
@@ -1,7 +0,0 @@
-FROM python:3.9-alpine
-LABEL description="Aurore's docker image for ansible-lint"
-
-RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
-RUN pip install --no-cache-dir "yamllint>=1.26.0,<2.0"
-RUN pip install --no-cache-dir "ansible-lint>=5.0.0"
-RUN pip install --no-cache-dir "ansible>=2.10,<2.11"
diff --git a/docker-ansible-lint/README.md b/docker-ansible-lint/README.md
deleted file mode 100644
index adabac3..0000000
--- a/docker-ansible-lint/README.md
+++ /dev/null
@@ -1,18 +0,0 @@
-# Ansible-lint image
-
-In order to build this image when a new version comes out, you need to
-1. ssh into the `drone.adm.auro.re` server
-2. git pull this repo to the lastest version
-3. optionally make the changes if it has not been done yet
-4. `sudo docker build -t aurore-ansible-lint-image docker-ansible-lint/`
-5. ???
-6. enjoy
-
-You can verify that the image was correclty built by running
-```
-# list the images present
-sudo docker image ls
-
-# run your image with an interactive shell
-sudo docker run -it --rm aurore-ansible-lint-image /bin/sh
-```

From eb2abcfebe5de773e2f55f77612218f310734403 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 13:13:25 +0100
Subject: [PATCH 113/116] CI: Update linter rules

---
 .ansible-lint | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.ansible-lint b/.ansible-lint
index de44c0b..ca87fe3 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -3,9 +3,7 @@ skip_list:
   - load-failure
   - document-start
   - meta-no-info
-
-warn_list:
-  - experimental  # all rules tagged as experimental
+  - ignore-errors
 
 exclude_paths:
   - group_vars/all/vault.yml

From e0328d029419120280c2c569e18879a7febcb8bb Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 28 Nov 2021 13:16:38 +0100
Subject: [PATCH 114/116] ldap_replica: add missing space

---
 playbooks/ldap_replica.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/playbooks/ldap_replica.yml b/playbooks/ldap_replica.yml
index d9042a2..1930362 100755
--- a/playbooks/ldap_replica.yml
+++ b/playbooks/ldap_replica.yml
@@ -5,6 +5,6 @@
 
 # Clone LDAP on local geographic location
 # DON'T DO THIS AS IT RECREATES THE REPLICA
-#- hosts: ldap_replica
-#  roles:
-#    - ldap_replica
+# - hosts: ldap_replica
+#   roles:
+#     - ldap_replica

From e6363e9668372f8946eb851b70f29307ce6a2a96 Mon Sep 17 00:00:00 2001
From: Jeltz <tom.barthe+aurore@ens-paris-saclay.fr>
Date: Sun, 12 Dec 2021 05:56:26 +0100
Subject: [PATCH 115/116] Use the Users CA for authentication

---
 ansible.cfg                                   | 11 +----
 hosts                                         |  3 ++
 playbooks/ssh.yml                             | 12 +++++
 roles/openssh_server/defaults/main.yml        |  4 ++
 roles/openssh_server/handlers/main.yml        |  6 +++
 roles/openssh_server/tasks/main.yml           | 39 ++++++++++++++++
 roles/openssh_server/templates/sshd_config.j2 | 45 +++++++++++++++++++
 7 files changed, 111 insertions(+), 9 deletions(-)
 create mode 100755 playbooks/ssh.yml
 create mode 100644 roles/openssh_server/defaults/main.yml
 create mode 100644 roles/openssh_server/handlers/main.yml
 create mode 100644 roles/openssh_server/tasks/main.yml
 create mode 100644 roles/openssh_server/templates/sshd_config.j2

diff --git a/ansible.cfg b/ansible.cfg
index c5f49b4..ebe93da 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -12,7 +12,7 @@ retry_files_enabled = False
 inventory = ./hosts
 
 # Custom header in templates
-ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S by {uid}
+ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S
 
 # Do not use cows (with cowsay)
 nocows = 1
@@ -23,19 +23,12 @@ forks = 15
 # Some SSH connection will take time
 timeout = 60
 
-[privilege_escalation]
-
-# Use sudo to get priviledge access
-become = True
-
-# Ask for password
-become_ask_pass = True
+remote_user = root
 
 [diff]
 
 # TO know what changed
 always = yes
 
-
 [ssh_connection]
 pipelining = True
diff --git a/hosts b/hosts
index dec08b1..2f397b4 100644
--- a/hosts
+++ b/hosts
@@ -10,6 +10,9 @@
 
 [aurore_pve]
 escalope.adm.auro.re
+services-1.pve.auro.re
+services-2.pve.auro.re
+services-3.pve.auro.re
 
 [aurore_vm]
 routeur-aurore.adm.auro.re
diff --git a/playbooks/ssh.yml b/playbooks/ssh.yml
new file mode 100755
index 0000000..8fc50b7
--- /dev/null
+++ b/playbooks/ssh.yml
@@ -0,0 +1,12 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: services-*.pve.auro.re
+  vars:
+    openssh_users_ca_public_key: >-
+      ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBIpT7d7WeR88bs53KkNkZNOzkPJ7CQ5Ui6Wl9LXzAjjIdH+hKJieBMHrKew7+kzxGYaTqXWF1fQWsACG6aniy7VZpsdgTaNw7qr9frGfmo950V7IlU6w1HRc5c+3oVBWpg==
+    openssh_authorized_principals:
+      - any
+      - "{{ inventory_hostname }}"
+  roles:
+    - openssh_server
+...
diff --git a/roles/openssh_server/defaults/main.yml b/roles/openssh_server/defaults/main.yml
new file mode 100644
index 0000000..606659a
--- /dev/null
+++ b/roles/openssh_server/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+openssh_authorized_principals:
+  - any
+...
diff --git a/roles/openssh_server/handlers/main.yml b/roles/openssh_server/handlers/main.yml
new file mode 100644
index 0000000..f9db470
--- /dev/null
+++ b/roles/openssh_server/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Restart sshd
+  systemd:
+    name: ssh.service
+    state: restarted
+...
diff --git a/roles/openssh_server/tasks/main.yml b/roles/openssh_server/tasks/main.yml
new file mode 100644
index 0000000..f22b82c
--- /dev/null
+++ b/roles/openssh_server/tasks/main.yml
@@ -0,0 +1,39 @@
+---
+- name: Install OpenSSH server
+  apt:
+    name: openssh-server
+
+- name: Enable OpenSSH Server
+  systemd:
+    name: sshd.service
+    enabled: true
+    state: started
+
+- name: Install sshd configuration file
+  template:
+    src: sshd_config.j2
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: u=r,g=,o=
+    validate: "/usr/sbin/sshd -tf %s"
+  notify: Restart sshd
+
+- name: Install Users CA public key
+  copy:
+    content: "{{ openssh_users_ca_public_key }}"
+    dest: /etc/ssh/users_ca.pub
+    owner: root
+    group: root
+    mode: u=r,g=,o=
+  notify: Restart sshd
+
+- name: Install authorized principals file
+  copy:
+    content: "{{ openssh_authorized_principals | join('\n') }}"
+    dest: /etc/ssh/authorized_principals
+    owner: root
+    group: root
+    mode: u=r,g=,o=
+  notify: Restart sshd
+...
diff --git a/roles/openssh_server/templates/sshd_config.j2 b/roles/openssh_server/templates/sshd_config.j2
new file mode 100644
index 0000000..fd3d50f
--- /dev/null
+++ b/roles/openssh_server/templates/sshd_config.j2
@@ -0,0 +1,45 @@
+{{ ansible_managed | comment }}
+
+SyslogFacility AUTH
+LogLevel VERBOSE
+
+AddressFamily any
+ListenAddress 0.0.0.0
+ListenAddress ::
+
+Port 22
+
+MaxStartups 10:30:100
+
+HostKey /etc/ssh/ssh_host_ed25519_key
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+
+# https://infosec.mozilla.org/guidelines/openssh.html
+KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
+
+AuthenticationMethods publickey
+
+TrustedUserCAKeys /etc/ssh/users_ca.pub
+AuthorizedPrincipalsFile /etc/ssh/authorized_principals
+
+StrictModes yes
+UsePAM no
+PermitRootLogin yes
+PermitUserRC no
+PermitUserEnvironment no
+AllowAgentForwarding no
+AllowTcpForwarding yes
+X11Forwarding no
+PermitTTY yes
+PermitTunnel no
+VersionAddendum none
+PrintLastLog yes
+PrintMotd yes
+TCPKeepAlive yes
+UseDNS no
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO

From 7212154fbb4ed09b7352011cf4f4553a15634f02 Mon Sep 17 00:00:00 2001
From: Jeltz <tom.barthe+aurore@ens-paris-saclay.fr>
Date: Sun, 12 Dec 2021 06:08:27 +0100
Subject: [PATCH 116/116] Split public SSH key into multiple lines

Respect the 79 characters per line limit.
---
 playbooks/ssh.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/playbooks/ssh.yml b/playbooks/ssh.yml
index 8fc50b7..a03f4f1 100755
--- a/playbooks/ssh.yml
+++ b/playbooks/ssh.yml
@@ -2,8 +2,10 @@
 ---
 - hosts: services-*.pve.auro.re
   vars:
-    openssh_users_ca_public_key: >-
-      ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBIpT7d7WeR88bs53KkNkZNOzkPJ7CQ5Ui6Wl9LXzAjjIdH+hKJieBMHrKew7+kzxGYaTqXWF1fQWsACG6aniy7VZpsdgTaNw7qr9frGfmo950V7IlU6w1HRc5c+3oVBWpg==
+    openssh_users_ca_public_key:
+      "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\
+      hBIpT7d7WeR88bs53KkNkZNOzkPJ7CQ5Ui6Wl9LXzAjjIdH+hKJieBMHrKew7+kzxGYaTqXW\
+      F1fQWsACG6aniy7VZpsdgTaNw7qr9frGfmo950V7IlU6w1HRc5c+3oVBWpg=="
     openssh_authorized_principals:
       - any
       - "{{ inventory_hostname }}"