From 40d3c2227642e3223f8a4a3ad538d64dfcafcc4d Mon Sep 17 00:00:00 2001 From: pz2891 Date: Thu, 21 Jan 2021 21:26:40 +0100 Subject: [PATCH 001/146] Setup config snmp for Prometheus, to monitore Aurore's PDU --- monitoring.yml | 3 + roles/baseconfig/tasks/main.yml.save | 89 +++++++++++++++++++ roles/prometheus/tasks/main.yml | 7 ++ roles/prometheus/tasks/main.yml.save | 76 ++++++++++++++++ .../templates/prometheus/prometheus.yml.j2 | 16 ++++ .../templates/prometheus/snmp.yml.j2 | 72 +++++++++++++++ 6 files changed, 263 insertions(+) create mode 100644 roles/baseconfig/tasks/main.yml.save create mode 100644 roles/prometheus/tasks/main.yml.save diff --git a/monitoring.yml b/monitoring.yml index 714baa6..a64c5b5 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -34,6 +34,9 @@ snmp_unifi_password: "{{ vault_snmp_unifi_password }}" # Prometheus targets.json + prometheus_ups_snmp_targets: + - ups-ec-1.ups.auro.re + prometheus_targets: - targets: | {{ groups['edc_pve'] + groups['edc_vm'] | list | sort }} diff --git a/roles/baseconfig/tasks/main.yml.save b/roles/baseconfig/tasks/main.yml.save new file mode 100644 index 0000000..d73cf07 --- /dev/null +++ b/roles/baseconfig/tasks/main.yml.save @@ -0,0 +1,89 @@ +--- +# Should contain only small tools that everyone can't live without +- name: Install basic tools + when: ansible_os_family == "Debian" + apt: + name: + - sudo + - molly-guard # prevent reboot + - ntp # network time sync + - apt # better than apt-get + - nano # for vulcain + - vim # better than nano + - emacs-nox # for maman + - htop # better than top + - zsh # to be able to ssh @erdnaxe + - fish # to motivate @edpibu + - oidentd # postgresql identification + - aptitude # nice to have for Ansible + - acl # advanced ACL + - iotop # monitor i/o + - tree # create a graphical tree of files + - bash-completion # because bash + - git # code versioning + - less # i like cats + - screen # Vulcain asked for this + - lsb-release + update_cache: true + register: apt_result + retries: 3 + until: apt_result is succeeded + +# Pimp my server +- name: Customize motd + copy: + src: "update-motd.d/{{ item }}" + dest: "/etc/update-motd.d/{{ item }}" + mode: 0755 + loop: + - 00-logo + - 10-uname + +- name: Remove Debian warranty motd + file: + path: /etc/motd + state: absent + +# Configure APT mirrors on Debian Stretch +- name: Configure APT mirrors + when: + - ansible_distribution == 'Debian' + - ansible_distribution_release == 'stretch' + template: + src: apt/sources.list.j2 + dest: /etc/apt/sources.list + mode: 0644 + +# Patriotisme +- name: Ensure French UTF-8 locale exists + locale_gen: + name: fr_FR.UTF-8 + state: present + +# Fix LC_CTYPE="C" +- name: Select default locale + debconf: + name: locales + question: locales/default_environment_locale + value: fr_FR.UTF-8 + vtype: select + notify: Reconfigure locales + +# APT-List Changes : send email with changelog +- include_tasks: apt-listchanges.yml + +# User skeleton +- name: Configure user skeleton + copy: + src: "skel/dot_{{ item }}" + dest: "/etc/skel/.{{ item }}" + mode: 0644 + loop: + - zshrc + - zshrc.local + +- name: Configure resolvconf + template: + src: resolv.conf + dest: /etc/resolv.conf + mode: 0644 diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 211aee3..0b5ad0e 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -56,6 +56,13 @@ dest: /etc/prometheus/targets_unifi_snmp.json mode: 0644 +- name: Configure Prometheus UPS SNMP devices + copy: + content: "{{ [{'targets': prometheus_ups_snmp_targets }] | to_nice_json }}\n" + dest: /etc/prometheus/targets_ups_snmp.json + mode: 0644 + + - name: Activate prometheus service systemd: name: prometheus diff --git a/roles/prometheus/tasks/main.yml.save b/roles/prometheus/tasks/main.yml.save new file mode 100644 index 0000000..cca66e5 --- /dev/null +++ b/roles/prometheus/tasks/main.yml.save @@ -0,0 +1,76 @@ +--- +- name: Install Prometheus + apt: + update_cache: true + name: + - prometheus + - prometheus-snmp-exporter + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Configure Prometheus + template: + src: prometheus/prometheus.yml.j2 + dest: /etc/prometheus/prometheus.yml + mode: 0644 + notify: Restart Prometheus + +- name: Configure Prometheus alert rules + template: + src: "prometheus/{{ item }}.j2" + dest: "/etc/prometheus/{{ item }}" + mode: 0644 + notify: Restart Prometheus + loop: + - alert.rules.yml + - django.rules.yml + +- name: Make Prometheus snmp-exporter listen on localhost only + lineinfile: + path: /etc/default/prometheus-snmp-exporter + regexp: '^ARGS=' + line: "ARGS=\"--web.listen-address=127.0.0.1:9116\"" + notify: Restart prometheus-snmp-exporter + +# This file store SNMP OIDs +- name: Configure Prometheus snmp-exporter + template: + src: "prometheus/snmp.yml.j2" + dest: "/etc/prometheus/snmp.yml" + mode: 0600 + owner: prometheus + notify: Restart prometheus-snmp-exporter + +# We don't need to restart Prometheus when updating nodes +- name: Configure Prometheus nodes + copy: + content: "{{ prometheus_targets | to_nice_json }}" + dest: /etc/prometheus/targets.json + mode: 0644 + +# We don't need to restart Prometheus when updating nodes +- name: Configure Prometheus Ubiquity Unifi SNMP devices + copy: + content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}" + dest: /etc/prometheus/targets_unifi_snmp.json + mode: 0644 + +- name: Configure Prometheus UPS SNMP devices + copy: + content: "{{ [{'target | to_nice_json }}" + dest: /etc/prometheus/targets_ups_snmp.json + mode: 0644 + + +- name: Activate prometheus service + systemd: + name: prometheus + enabled: true + state: started + +- name: Indicate role in motd + template: + src: update-motd.d/05-service.j2 + dest: /etc/update-motd.d/05-prometheus + mode: 0755 diff --git a/roles/prometheus/templates/prometheus/prometheus.yml.j2 b/roles/prometheus/templates/prometheus/prometheus.yml.j2 index 31df6bd..e35a0cf 100644 --- a/roles/prometheus/templates/prometheus/prometheus.yml.j2 +++ b/roles/prometheus/templates/prometheus/prometheus.yml.j2 @@ -65,3 +65,19 @@ scrape_configs: scheme: https static_configs: - targets: [] + + - job_name: ups_snmp + file_sd_configs: + - files: + - '/etc/prometheus/targets_ups_snmp.json' + metrics_path: /snmp + params: + module: [eatonups] + relabel_configs: + - source_labels: [__address__] + target_label: __param_target + - source_labels: [__param_target] + target_label: instance + - target_label: __address__ + replacement: 127.0.0.1:9116 + diff --git a/roles/prometheus/templates/prometheus/snmp.yml.j2 b/roles/prometheus/templates/prometheus/snmp.yml.j2 index 84dcb65..5968095 100644 --- a/roles/prometheus/templates/prometheus/snmp.yml.j2 +++ b/roles/prometheus/templates/prometheus/snmp.yml.j2 @@ -6,6 +6,78 @@ # - Optimiser les règles pour les bornes Unifi, # on pourrait indexer avec les SSID +eatonups: + walk: + - 1.3.6.1.2.1.33.1.2 + - 1.3.6.1.2.1.33.1.3 + - 1.3.6.1.2.1.33.1.4 + - 1.3.6.1.4.1.534.1.6 + get: + - 1.3.6.1.2.1.1.3.0 + metrics: + - name: sysUpTime + oid: 1.3.6.1.2.1.1.3 + type: gauge + help: The time (in hundredths of a second) since the network management portion + of the system was last re-initialized. - 1.3.6.1.2.1.1.3 + - name: upsBatteryStatus + oid: 1.3.6.1.2.1.33.1.2.1 + type: gauge + help: The indication of the capacity remaining in the UPS system's batteries - + 1.3.6.1.2.1.33.1.2.1 + - name: upsEstimatedMinutesRemaining + oid: 1.3.6.1.2.1.33.1.2.3 + type: gauge + help: An estimate of the time to battery charge depletion under the present load + conditions if the utility power is off and remains off, or if it were to be + lost and remain off. - 1.3.6.1.2.1.33.1.2.3 + - name: upsInputVoltage + oid: 1.3.6.1.2.1.33.1.3.3.1.3 + type: gauge + help: The magnitude of the present input voltage. - 1.3.6.1.2.1.33.1.3.3.1.3 + indexes: + - labelname: upsInputLineIndex + type: gauge + - name: upsOutputSource + oid: 1.3.6.1.2.1.33.1.4.1 + type: gauge + help: The present source of output power - 1.3.6.1.2.1.33.1.4.1 + - name: upsOutputVoltage + oid: 1.3.6.1.2.1.33.1.4.4.1.2 + type: gauge + help: The present output voltage. - 1.3.6.1.2.1.33.1.4.4.1.2 + indexes: + - labelname: upsOutputLineIndex + type: gauge + - name: upsOutputPower + oid: 1.3.6.1.2.1.33.1.4.4.1.4 + type: gauge + help: The present output true power. - 1.3.6.1.2.1.33.1.4.4.1.4 + indexes: + - labelname: upsOutputLineIndex + type: gauge + - name: upsOutputPercentLoad + oid: 1.3.6.1.2.1.33.1.4.4.1.5 + type: gauge + help: The percentage of the UPS power capacity presently being used on this output + line, i.e., the greater of the percent load of true power capacity and the percent + load of VA. - 1.3.6.1.2.1.33.1.4.4.1.5 + indexes: + - labelname: upsOutputLineIndex + type: gauge + - name: xupsEnvRemoteTemp + oid: 1.3.6.1.4.1.534.1.6.5 + type: gauge + help: The reading of an EMP's temperature sensor. - 1.3.6.1.4.1.534.1.6.5 + - name: xupsEnvRemoteHumidity + oid: 1.3.6.1.4.1.534.1.6.6 + type: gauge + help: The reading of an EMP's humidity sensor. - 1.3.6.1.4.1.534.1.6.6 + version: 1 + auth: + community: public + + procurve_switch: walk: - 1.3.6.1.2.1.31.1.1.1.10 From c7a3495ae52cef3689e8d708bc832750120aadd2 Mon Sep 17 00:00:00 2001 From: pz2891 Date: Fri, 22 Jan 2021 12:16:36 +0100 Subject: [PATCH 002/146] Alert rules for UPS --- .../templates/prometheus/alert.rules.yml.j2 | 67 +++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 index 2a10358..db99ab7 100644 --- a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 +++ b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 @@ -59,4 +59,71 @@ groups: severity: warning annotations: summary: "{{ $labels.name }} a échoué sur {{ $labels.instance }}" + + # Check UPS + - alert: UpsOutputSourceChanged + expr: upsOutputSource != 3 + for: 5m + labels: + severity: warning + annotations: + summary: "La source d'alimentation de {{ $labels.instance }} a changé !" + + - alert: UpsBatteryStatusWarning + expr: upsBatteryStatus == 3 + for: 5m + labels: + severity: warning + annotations: + summary: "L'état de la batterie de {{ $labels.instance }} est faible !" + + - alert: UpsBatteryStatusCritical + expr: upsBatteryStatus == 4 + for: 5m + labels: + severity: warning + annotations: + summary: "L'état de la batterie de {{ $labels.instance }} est affaibli !" + + - alert: UpsHighLoad + expr: upsOutputPercentLoad > 70 + for: 5m + labels: + severity: critical + annotations: + summary: "La charge de {{ $labels.instance }} est de {{ $value }}% !" + + - alert: UpsWrongInputVoltage + expr: (upsInputVoltage < 210) or (upsInputVoltage > 250) + for: 5m + labels: + severity: warning + annotations: + summary: "La tension d'entrée de {{ $labels.instance }} est de {{ $value }}V." + + - alert: UpsWrongOutputVoltage + expr: (upsOutputVoltage < 225) or (upsOutputVoltage > 235) + for: 5m + labels: + severity: warning + annotations: + summary: "La tension de sortie de {{ $labels.instance }} est de {{ $value }}V." + + - alert: UpsTimeRemainingWarning + expr: upsEstimatedMinutesRemaining < 15 + for: 5m + labels: + severity: warning + annotations: + summary: "L'autonomie restante sur {{ $labels.instance }} est de {{ $value }} min." + + - alert: UpsTimeRemainingCritical + expr: upsEstimatedMinutesRemaining < 5 + for: 5m + labels: + severity: critical + annotations: + summary: "L'autonomie restante sur {{ $labels.instance }} est de {{ $value }} min." + + {% endraw %} From 705fe953ae5bdb534982001cf130f89fba5abdb1 Mon Sep 17 00:00:00 2001 From: pz2891 Date: Fri, 22 Jan 2021 18:20:13 +0100 Subject: [PATCH 003/146] Monitoring of Pacaterie's UPS --- monitoring.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/monitoring.yml b/monitoring.yml index a64c5b5..9bcc370 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -14,7 +14,7 @@ roles: - prometheus -- hosts: prometheus-pacaterie.adm.auro.re,prometheus-pacaterie-fo.adm.auro.re +- hosts: prometheus-pacaterie.adm.auro.re vars: prometheus_alertmanager: docker-ovh.adm.auro.re:9093 snmp_unifi_password: "{{ vault_snmp_unifi_password }}" @@ -25,8 +25,10 @@ {{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }} prometheus_unifi_snmp_targets: - targets: "{{ groups['pacaterie_unifi'] | list | sort }}" + prometheus_ups_snmp_targets: + - ups-pn-1.ups.auro.re roles: - - prometheus + - prometheus - hosts: prometheus-edc.adm.auro.re vars: From bac377f6348691b31783199dbc282f8969963f0f Mon Sep 17 00:00:00 2001 From: pz2891 Date: Sat, 23 Jan 2021 19:01:27 +0100 Subject: [PATCH 004/146] Update alert rules of UPS --- hosts | 9 ++- monitoring.yml | 18 +++++ roles/prometheus/tasks/main.yml | 2 +- roles/prometheus/tasks/main.yml.save | 76 ------------------- .../templates/prometheus/alert.rules.yml.j2 | 2 +- test.sh | 5 -- 6 files changed, 26 insertions(+), 86 deletions(-) delete mode 100644 roles/prometheus/tasks/main.yml.save delete mode 100755 test.sh diff --git a/hosts b/hosts index a06cac8..6639a21 100644 --- a/hosts +++ b/hosts @@ -345,6 +345,7 @@ dns-rives-backup.adm.auro.re radius-rives-backup.adm.auro.re routeur-rives-backup.adm.auro.re ldap-replica-rives.adm.auro.re +prometheus-rives.adm.auro.re [rives_unifi] r3-4-4.borne.auro.re @@ -396,29 +397,31 @@ ovh_vm [fleming:children] fleming_pve fleming_vm -#fleming_unifi +fleming_unifi # everything at pacaterie [pacaterie:children] pacaterie_pve pacaterie_vm -#pacaterie_unifi +pacaterie_unifi # everything at edc [edc:children] edc_pve edc_vm +edc_unifi # everything at georgesand [gs:children] gs_pve gs_vm +gs_unifi # everything at Les Rives [rives:children] rives_pve rives_vm - +rives_unifi ############################################################################### # Groups by type diff --git a/monitoring.yml b/monitoring.yml index 9bcc370..fc59738 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -61,6 +61,24 @@ roles: - prometheus +- hosts: prometheus-rives.adm.auro.re + vars: + prometheus_alertmanager: docker-ovh.adm.auro.re:9093 + snmp_unifi_password: "{{ vault_snmp_unifi_password }}" + + # Prometheus targets.json + prometheus_ups_snmp_targets: + - ups-r3-1.ups.auro.re + + prometheus_targets: + - targets: | + {{ groups['rives_pve'] + groups['rives_vm'] | list | sort }} + prometheus_unifi_snmp_targets: + - targets: "{{ groups['rives_unifi'] | list | sort }}" + roles: + - prometheus + + # Monitor all hosts - hosts: all,!unifi,!ovh roles: diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 0b5ad0e..38deaa3 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -61,7 +61,7 @@ content: "{{ [{'targets': prometheus_ups_snmp_targets }] | to_nice_json }}\n" dest: /etc/prometheus/targets_ups_snmp.json mode: 0644 - + when: prometheus_ups_snmp_targets is defined - name: Activate prometheus service systemd: diff --git a/roles/prometheus/tasks/main.yml.save b/roles/prometheus/tasks/main.yml.save deleted file mode 100644 index cca66e5..0000000 --- a/roles/prometheus/tasks/main.yml.save +++ /dev/null @@ -1,76 +0,0 @@ ---- -- name: Install Prometheus - apt: - update_cache: true - name: - - prometheus - - prometheus-snmp-exporter - register: apt_result - retries: 3 - until: apt_result is succeeded - -- name: Configure Prometheus - template: - src: prometheus/prometheus.yml.j2 - dest: /etc/prometheus/prometheus.yml - mode: 0644 - notify: Restart Prometheus - -- name: Configure Prometheus alert rules - template: - src: "prometheus/{{ item }}.j2" - dest: "/etc/prometheus/{{ item }}" - mode: 0644 - notify: Restart Prometheus - loop: - - alert.rules.yml - - django.rules.yml - -- name: Make Prometheus snmp-exporter listen on localhost only - lineinfile: - path: /etc/default/prometheus-snmp-exporter - regexp: '^ARGS=' - line: "ARGS=\"--web.listen-address=127.0.0.1:9116\"" - notify: Restart prometheus-snmp-exporter - -# This file store SNMP OIDs -- name: Configure Prometheus snmp-exporter - template: - src: "prometheus/snmp.yml.j2" - dest: "/etc/prometheus/snmp.yml" - mode: 0600 - owner: prometheus - notify: Restart prometheus-snmp-exporter - -# We don't need to restart Prometheus when updating nodes -- name: Configure Prometheus nodes - copy: - content: "{{ prometheus_targets | to_nice_json }}" - dest: /etc/prometheus/targets.json - mode: 0644 - -# We don't need to restart Prometheus when updating nodes -- name: Configure Prometheus Ubiquity Unifi SNMP devices - copy: - content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}" - dest: /etc/prometheus/targets_unifi_snmp.json - mode: 0644 - -- name: Configure Prometheus UPS SNMP devices - copy: - content: "{{ [{'target | to_nice_json }}" - dest: /etc/prometheus/targets_ups_snmp.json - mode: 0644 - - -- name: Activate prometheus service - systemd: - name: prometheus - enabled: true - state: started - -- name: Indicate role in motd - template: - src: update-motd.d/05-service.j2 - dest: /etc/update-motd.d/05-prometheus - mode: 0755 diff --git a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 index db99ab7..7ae1928 100644 --- a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 +++ b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 @@ -102,7 +102,7 @@ groups: summary: "La tension d'entrée de {{ $labels.instance }} est de {{ $value }}V." - alert: UpsWrongOutputVoltage - expr: (upsOutputVoltage < 225) or (upsOutputVoltage > 235) + expr: (upsOutputVoltage < 220) or (upsOutputVoltage > 240) for: 5m labels: severity: warning diff --git a/test.sh b/test.sh deleted file mode 100755 index 3e77d04..0000000 --- a/test.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -for ip in `cat hosts|grep pacaterie.adm.auro.re`; do - ssh-copy-id $ip -done - From e3ae912f44d6b5f3db16f3b11cedf9178fcc08ad Mon Sep 17 00:00:00 2001 From: pz2891 Date: Sat, 23 Jan 2021 22:10:57 +0100 Subject: [PATCH 005/146] Add prometheus-aurore to monitor all service VM and physical servers. Modifying monitoring role to exclude wireless access points when running the role on all hosts --- hosts | 4 +++- monitoring.yml | 14 +++++++++++++- roles/prometheus/tasks/main.yml | 1 + 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/hosts b/hosts index 6639a21..ad8b045 100644 --- a/hosts +++ b/hosts @@ -29,13 +29,15 @@ stream.adm.auro.re re2o-server.adm.auro.re re2o-ldap.adm.auro.re re2o-db.adm.auro.re -pendragon.adm.auro.re services-bdd-local.adm.auro.re backup.adm.auro.re services-web.adm.auro.re mail.adm.auro.re wikijs.adm.auro.re +prometheus-aurore.adm.auro.re +[aurore_testing_vm] +pendragon.adm.auro.re ############################################################################### # OVH diff --git a/monitoring.yml b/monitoring.yml index fc59738..a5e9a97 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -78,8 +78,20 @@ roles: - prometheus +- hosts: prometheus-aurore.adm.auro.re + vars: + prometheus_alertmanager: docker-ovh.adm.auro.re:9093 + snmp_unifi_password: "{{ vault_snmp_unifi_password }}" + + # Prometheus targets.json + prometheus_targets: + - targets: | + {{ groups['aurore_pve'] + groups['aurore_vm'] + groups['ovh_pve'] + groups['ovh_vm'] | list | sort }} + roles: + - prometheus + # Monitor all hosts -- hosts: all,!unifi,!ovh +- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container roles: - prometheus_node diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 38deaa3..036b58c 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -55,6 +55,7 @@ content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}" dest: /etc/prometheus/targets_unifi_snmp.json mode: 0644 + when : prometheus_unifi_snmp_targets is defined - name: Configure Prometheus UPS SNMP devices copy: From 3d05acbd03d1718af0bdde3cd955684912ba6864 Mon Sep 17 00:00:00 2001 From: pz2891 Date: Tue, 26 Jan 2021 19:18:35 +0100 Subject: [PATCH 006/146] Add Loki server --- hosts | 1 + monitoring.yml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/hosts b/hosts index ad8b045..ec09073 100644 --- a/hosts +++ b/hosts @@ -339,6 +339,7 @@ gf-5-1.borne.auro.re # Les Rives [rives_pve] thor.adm.auro.re +loki.adm.auro.re [rives_vm] dhcp-rives-backup.adm.auro.re diff --git a/monitoring.yml b/monitoring.yml index a5e9a97..38a019d 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -58,6 +58,8 @@ {{ groups['gs_pve'] + groups['gs_vm'] | list | sort }} prometheus_unifi_snmp_targets: - targets: "{{ groups['gs_unifi'] | list | sort }}" + prometheus_ups_snmp_targets: + - ups-gk-1.ups.auro.re roles: - prometheus From d59cb41d5e99650f5de6b8476572f5ba124cc8b8 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Thu, 28 Jan 2021 03:42:07 +0100 Subject: [PATCH 007/146] Use unattended-upgrades for Debian-Security --- roles/baseconfig/tasks/apt-unattended.yml | 21 ++++++++++++++++++ roles/baseconfig/tasks/main.yml | 3 +++ .../templates/apt/20auto-upgrades.j2 | 4 ++++ .../templates/apt/50unattended-upgrades.j2 | 22 +++++++++++++++++++ 4 files changed, 50 insertions(+) create mode 100644 roles/baseconfig/tasks/apt-unattended.yml create mode 100644 roles/baseconfig/templates/apt/20auto-upgrades.j2 create mode 100644 roles/baseconfig/templates/apt/50unattended-upgrades.j2 diff --git a/roles/baseconfig/tasks/apt-unattended.yml b/roles/baseconfig/tasks/apt-unattended.yml new file mode 100644 index 0000000..9251e17 --- /dev/null +++ b/roles/baseconfig/tasks/apt-unattended.yml @@ -0,0 +1,21 @@ +--- +- name: Install unattended-upgrades + when: ansible_os_family == "Debian" + apt: + name: unattended-upgrades + state: present + update_cache: true + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Configure unattended-upgrades + template: + src: "apt/{{ item }}.j2" + dest: "/etc/apt/apt.conf.d/{{ item }}" + owner: root + mode: u=rw,g=r,o=r + loop: + - 50unattended-upgrades + - 20auto-upgrades +... diff --git a/roles/baseconfig/tasks/main.yml b/roles/baseconfig/tasks/main.yml index 2455998..c1d3eda 100644 --- a/roles/baseconfig/tasks/main.yml +++ b/roles/baseconfig/tasks/main.yml @@ -74,6 +74,9 @@ # APT-List Changes : send email with changelog - include_tasks: apt-listchanges.yml +# APT Unattended upgrades +- include_tasks: apt-unattended.yml + # User skeleton - name: Configure user skeleton copy: diff --git a/roles/baseconfig/templates/apt/20auto-upgrades.j2 b/roles/baseconfig/templates/apt/20auto-upgrades.j2 new file mode 100644 index 0000000..a1ba39e --- /dev/null +++ b/roles/baseconfig/templates/apt/20auto-upgrades.j2 @@ -0,0 +1,4 @@ +// {{ ansible_managed }} + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Unattended-Upgrade "1"; diff --git a/roles/baseconfig/templates/apt/50unattended-upgrades.j2 b/roles/baseconfig/templates/apt/50unattended-upgrades.j2 new file mode 100644 index 0000000..b2932b5 --- /dev/null +++ b/roles/baseconfig/templates/apt/50unattended-upgrades.j2 @@ -0,0 +1,22 @@ +// {{ ansible_managed }} + +Unattended-Upgrade::Origins-Pattern { + "origin=Debian,codename=${distro_codename},label=Debian-Security"; +}; + +Unattended-Upgrade::Package-Blacklist {}; + +Unattended-Upgrade::MinimalSteps "true"; +Unattended-Upgrade::InstallOnShutdown "false"; + +Unattended-Upgrade::Mail "{{ monitoring_mail }}"; +// Unattended-Upgrade::MailOnlyOnError "false"; + +Unattended-Upgrade::Remove-Unused-Kernel-Packages "false"; +Unattended-Upgrade::Remove-New-Unused-Dependencies "false"; +Unattended-Upgrade::Remove-Unused-Dependencies "false"; + +Unattended-Upgrade::Automatic-Reboot "false"; + +Unattended-Upgrade::SyslogEnable "true"; +Unattended-Upgrade::SyslogFacility "daemon"; From 6ec89b88d85a983246391a0f81d51d6082f7c954 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Fri, 29 Jan 2021 19:33:38 +0100 Subject: [PATCH 008/146] Limit floats in alerts to 2 decimal places --- roles/prometheus/templates/prometheus/alert.rules.yml.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 index 2a10358..6df102f 100644 --- a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 +++ b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 @@ -22,7 +22,7 @@ groups: labels: severity: warning annotations: - summary: "Mémoire libre de {{ $labels.instance }} à {{ $value }}%." + summary: "Mémoire libre de {{ $labels.instance }} à {{ $value | printf "%.2f" }}%." # Alert for out of disk space - alert: OutOfDiskSpace @@ -31,7 +31,7 @@ groups: labels: severity: warning annotations: - summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.instance }} à {{ $value }}%." + summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.instance }} à {{ $value | printf "%.2f" }}%." # Alert for out of inode space on disk - alert: OutOfInodes @@ -49,7 +49,7 @@ groups: labels: severity: warning annotations: - summary: "CPU sur {{ $labels.instance }} à {{ $value }}%." + summary: "CPU sur {{ $labels.instance }} à {{ $value | printf "%.2f" }}%." # Check systemd unit (> buster) - alert: SystemdServiceFailed From a12bcbc97f4e5d1425ce543f5a6dd5417c500506 Mon Sep 17 00:00:00 2001 From: pz2891 Date: Fri, 29 Jan 2021 20:12:14 +0100 Subject: [PATCH 009/146] Correct yamlint --- monitoring.yml | 8 ++++---- roles/prometheus/tasks/main.yml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/monitoring.yml b/monitoring.yml index 38a019d..c31fe86 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -26,9 +26,9 @@ prometheus_unifi_snmp_targets: - targets: "{{ groups['pacaterie_unifi'] | list | sort }}" prometheus_ups_snmp_targets: - - ups-pn-1.ups.auro.re + - ups-pn-1.ups.auro.re roles: - - prometheus + - prometheus - hosts: prometheus-edc.adm.auro.re vars: @@ -37,7 +37,7 @@ # Prometheus targets.json prometheus_ups_snmp_targets: - - ups-ec-1.ups.auro.re + - ups-ec-1.ups.auro.re prometheus_targets: - targets: | @@ -70,7 +70,7 @@ # Prometheus targets.json prometheus_ups_snmp_targets: - - ups-r3-1.ups.auro.re + - ups-r3-1.ups.auro.re prometheus_targets: - targets: | diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 036b58c..8697ef9 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -55,7 +55,7 @@ content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}" dest: /etc/prometheus/targets_unifi_snmp.json mode: 0644 - when : prometheus_unifi_snmp_targets is defined + when: prometheus_unifi_snmp_targets is defined - name: Configure Prometheus UPS SNMP devices copy: From eecf807b532657f02312e604f9bd7d86ef9fa0de Mon Sep 17 00:00:00 2001 From: pz2891 Date: Fri, 29 Jan 2021 20:15:21 +0100 Subject: [PATCH 010/146] Delte main.yml.save --- roles/baseconfig/tasks/main.yml.save | 89 ---------------------------- 1 file changed, 89 deletions(-) delete mode 100644 roles/baseconfig/tasks/main.yml.save diff --git a/roles/baseconfig/tasks/main.yml.save b/roles/baseconfig/tasks/main.yml.save deleted file mode 100644 index d73cf07..0000000 --- a/roles/baseconfig/tasks/main.yml.save +++ /dev/null @@ -1,89 +0,0 @@ ---- -# Should contain only small tools that everyone can't live without -- name: Install basic tools - when: ansible_os_family == "Debian" - apt: - name: - - sudo - - molly-guard # prevent reboot - - ntp # network time sync - - apt # better than apt-get - - nano # for vulcain - - vim # better than nano - - emacs-nox # for maman - - htop # better than top - - zsh # to be able to ssh @erdnaxe - - fish # to motivate @edpibu - - oidentd # postgresql identification - - aptitude # nice to have for Ansible - - acl # advanced ACL - - iotop # monitor i/o - - tree # create a graphical tree of files - - bash-completion # because bash - - git # code versioning - - less # i like cats - - screen # Vulcain asked for this - - lsb-release - update_cache: true - register: apt_result - retries: 3 - until: apt_result is succeeded - -# Pimp my server -- name: Customize motd - copy: - src: "update-motd.d/{{ item }}" - dest: "/etc/update-motd.d/{{ item }}" - mode: 0755 - loop: - - 00-logo - - 10-uname - -- name: Remove Debian warranty motd - file: - path: /etc/motd - state: absent - -# Configure APT mirrors on Debian Stretch -- name: Configure APT mirrors - when: - - ansible_distribution == 'Debian' - - ansible_distribution_release == 'stretch' - template: - src: apt/sources.list.j2 - dest: /etc/apt/sources.list - mode: 0644 - -# Patriotisme -- name: Ensure French UTF-8 locale exists - locale_gen: - name: fr_FR.UTF-8 - state: present - -# Fix LC_CTYPE="C" -- name: Select default locale - debconf: - name: locales - question: locales/default_environment_locale - value: fr_FR.UTF-8 - vtype: select - notify: Reconfigure locales - -# APT-List Changes : send email with changelog -- include_tasks: apt-listchanges.yml - -# User skeleton -- name: Configure user skeleton - copy: - src: "skel/dot_{{ item }}" - dest: "/etc/skel/.{{ item }}" - mode: 0644 - loop: - - zshrc - - zshrc.local - -- name: Configure resolvconf - template: - src: resolv.conf - dest: /etc/resolv.conf - mode: 0644 From 3eb48edccdd72a93bd8bc27f669e6c8345d00cc9 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Tue, 2 Feb 2021 23:17:47 +0100 Subject: [PATCH 011/146] Tmux everywhere Signed-off-by: Yohann D'ANELLO --- roles/baseconfig/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/baseconfig/tasks/main.yml b/roles/baseconfig/tasks/main.yml index c1d3eda..0c13978 100644 --- a/roles/baseconfig/tasks/main.yml +++ b/roles/baseconfig/tasks/main.yml @@ -23,6 +23,7 @@ - oidentd # postgresql identification - screen # Vulcain asked for this - sudo + - tmux # For shirenn - tree # create a graphical tree of files - vim # better than nano - zsh # to be able to ssh @erdnaxe From 7cdef7ee9651e2838b802d718e5f1d376f53be67 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 23 Jan 2021 17:19:50 +0100 Subject: [PATCH 012/146] Fix: keep the logs for 90 days --- roles/logrotate/templates/logrotate.d/rsyslog.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/logrotate/templates/logrotate.d/rsyslog.j2 b/roles/logrotate/templates/logrotate.d/rsyslog.j2 index beab470..f47e725 100644 --- a/roles/logrotate/templates/logrotate.d/rsyslog.j2 +++ b/roles/logrotate/templates/logrotate.d/rsyslog.j2 @@ -26,7 +26,7 @@ /var/log/debug /var/log/messages { - rotate 1 + rotate 90 daily missingok notifempty From 5fc2d0a3f9f30aae5a6699a0e62584e6e2f75c46 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sun, 24 Jan 2021 00:09:48 +0100 Subject: [PATCH 013/146] Ajout d'accueil dans keepalived --- roles/router/templates/keepalived.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/router/templates/keepalived.conf b/roles/router/templates/keepalived.conf index cd217f3..45f5661 100644 --- a/roles/router/templates/keepalived.conf +++ b/roles/router/templates/keepalived.conf @@ -50,6 +50,9 @@ vrrp_instance VI_ROUT_{{ apartment_block }}_IPv4 { # Wifi 10.{{ subnet_ids.users_wifi }}.0.254/16 brd 10.{{ subnet_ids.users_wifi }}.255.255 dev ens21 scope global + + # Accueil + 10.{{ subnet_ids.users_accueil }}.0.254/16 brd 10.{{ subnet_ids.users_accueil }}.255.255 dev ens23 scope global } From 5a09b77070d26d70d6d43afbe547892939b2e1d2 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Sun, 24 Jan 2021 01:30:31 +0100 Subject: [PATCH 014/146] Resolve DNS for the accueil vlan Signed-off-by: Yohann D'ANELLO --- roles/unbound/templates/recursive.conf.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/unbound/templates/recursive.conf.j2 b/roles/unbound/templates/recursive.conf.j2 index efdebe1..74d77d9 100644 --- a/roles/unbound/templates/recursive.conf.j2 +++ b/roles/unbound/templates/recursive.conf.j2 @@ -23,12 +23,14 @@ server: interface: 10.{{ subnet_ids.ap }}.0.{{ dns_host_suffix }} interface: 10.{{ subnet_ids.users_wired }}.0.{{ dns_host_suffix }} interface: 10.{{ subnet_ids.users_wifi }}.0.{{ dns_host_suffix }} + interface: 10.{{ subnet_ids.users_accueil }}.0.{{ dns_host_suffix }} # IPv6 interface: {{ ipv6_base_prefix }}:{{ subnet_ids.ap }}::0:{{ dns_host_suffix }} interface: {{ ipv6_base_prefix }}:{{ subnet_ids.users_wired }}::0:{{ dns_host_suffix }} interface: {{ ipv6_base_prefix }}:{{ subnet_ids.users_wifi }}::0:{{ dns_host_suffix }} + interface: {{ ipv6_base_prefix }}:{{ subnet_ids.users_accueil }}::0:{{ dns_host_suffix }} # By default, anything other than localhost is refused. @@ -36,6 +38,7 @@ server: access-control: 10.{{ subnet_ids.ap }}.0.0/16 allow access-control: 10.{{ subnet_ids.users_wired }}.0.0/16 allow access-control: 10.{{ subnet_ids.users_wifi }}.0.0/16 allow + access-control: 10.{{ subnet_ids.users_accueil }}.0.0/16 allow access-control: {{ ipv6_base_prefix }}::/32 allow # Fuck it... :) num-threads: {{ ansible_processor_vcpus }} From 9af9a7bab8f9c1b7b5fde963c8b8a4a9827f5a51 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Sun, 24 Jan 2021 11:38:52 +0100 Subject: [PATCH 015/146] Redirect the proxy IP address to intranet.auro.re by default Signed-off-by: Yohann D'ANELLO --- host_vars/proxy.adm.auro.re.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/host_vars/proxy.adm.auro.re.yml b/host_vars/proxy.adm.auro.re.yml index b8fb2c3..04184fc 100644 --- a/host_vars/proxy.adm.auro.re.yml +++ b/host_vars/proxy.adm.auro.re.yml @@ -33,7 +33,7 @@ nginx: redirect_sites: - from: 45.66.111.61 - to: auro.re + to: intranet.auro.re reverseproxy_sites: - from: re2o.auro.re From 89ebbd423e3d3f128766616776962af8f8a024e6 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Sun, 24 Jan 2021 11:44:30 +0100 Subject: [PATCH 016/146] Use the local firewall repository Signed-off-by: Yohann D'ANELLO --- roles/router/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/router/tasks/main.yml b/roles/router/tasks/main.yml index 2014572..a0b8805 100644 --- a/roles/router/tasks/main.yml +++ b/roles/router/tasks/main.yml @@ -34,7 +34,7 @@ import_role: name: re2o-service vars: - service_repo: https://gitlab.federez.net/aurore/aurore-firewall.git + service_repo: https://gitea.auro.re/Aurore/aurore-firewall.git service_name: aurore-firewall service_version: aurore service_config: From a7b073e1cc8cf92a1bb2741853a14b4c53e30c35 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Sun, 24 Jan 2021 12:04:21 +0100 Subject: [PATCH 017/146] Add captive portal firewall configuration Signed-off-by: Yohann D'ANELLO --- roles/router/templates/firewall_config.py | 31 ++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/roles/router/templates/firewall_config.py b/roles/router/templates/firewall_config.py index 4f6b755..68f66b2 100644 --- a/roles/router/templates/firewall_config.py +++ b/roles/router/templates/firewall_config.py @@ -25,13 +25,14 @@ ### Give me a role # previously: routeur4 = routeur IPv4 -role = ['routeur'] +role = ['routeur', 'portail'] ### Specify each interface role interfaces_type = { - 'routable' : ['ens20', 'ens21'], + 'routable' : ['ens20', 'ens21', 'ens23'], + 'routable-portail' : ['ens23'], 'sortie' : ['ens19'], 'admin' : ['ens18'] } @@ -61,5 +62,29 @@ nat = [ apartment_block_id }}', '10.129.{{ apartment_block_id }}.254' : '45.66.108.25{{ apartment_block_id }}' } - } + }, + { + 'name': 'Accueil', + 'ip_sources': '10.{{ subnet_ids.users_accueil }}.0.0/16', + 'extra_nat': { + '10.{{ subnet_ids.users_accueil }}.0.0/16': '45.66.108.25{{ apartment_block_id }}' + }, + }, ] + +portail = { + "authorized_hosts": { + "tcp": { + "45.66.111.61": ["80", "443"], + "92.222.211.195": ["80", "443"] + }, + "udp": {} + }, + "ip_redirect": { + "0.0.0.0/0": { + "tcp": { + "45.66.111.61": ["80", "443"] + } + } + } +} From e02670afb0e3919a3135f9595e4f4960402a1755 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sun, 24 Jan 2021 14:28:31 +0100 Subject: [PATCH 018/146] Les caches unbound renvoie les addresses en 10/8 --- roles/unbound/templates/recursive.conf.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/unbound/templates/recursive.conf.j2 b/roles/unbound/templates/recursive.conf.j2 index 74d77d9..6956ae5 100644 --- a/roles/unbound/templates/recursive.conf.j2 +++ b/roles/unbound/templates/recursive.conf.j2 @@ -43,8 +43,6 @@ server: num-threads: {{ ansible_processor_vcpus }} - private-address: 10.0.0.0/8 - # The host cache TTL affects blacklisting of supposedly bogus hosts. # The default was 900 (15 minutes). infra-host-ttl: 60 From 6df41d16b52e5c9c4539074cb55f4a7d0228680b Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Sun, 24 Jan 2021 15:50:40 +0100 Subject: [PATCH 019/146] Add portail VM Signed-off-by: Yohann D'ANELLO --- hosts | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts b/hosts index eec54a0..3f03ed2 100644 --- a/hosts +++ b/hosts @@ -35,6 +35,7 @@ services-web.adm.auro.re mail.adm.auro.re wikijs.adm.auro.re prometheus-aurore.adm.auro.re +portail.adm.auro.re [aurore_testing_vm] pendragon.adm.auro.re From 9bd06520fb8671bbcded98a24f345b5988dfe0b3 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Sun, 24 Jan 2021 21:20:53 +0100 Subject: [PATCH 020/146] Add reverse-proxy for Re2o on the portal VM Signed-off-by: Yohann D'ANELLO --- host_vars/portail.adm.auro.re.yml | 40 +++++++++++++++++++ .../nginx/sites-available/redirect.j2 | 8 ++-- .../nginx/sites-available/reverseproxy.j2 | 6 +++ services_web.yml | 2 +- 4 files changed, 51 insertions(+), 5 deletions(-) create mode 100644 host_vars/portail.adm.auro.re.yml diff --git a/host_vars/portail.adm.auro.re.yml b/host_vars/portail.adm.auro.re.yml new file mode 100644 index 0000000..65aea34 --- /dev/null +++ b/host_vars/portail.adm.auro.re.yml @@ -0,0 +1,40 @@ +--- +certbot: + domains: + - portail.auro.re + mail: tech.aurore@lists.crans.org + certname: auro.re + +nginx: + ssl: + cert: /etc/letsencrypt/live/auro.re/fullchain.pem + cert_key: /etc/letsencrypt/live/auro.re/privkey.pem + trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem + + redirect_dnames: {} + + redirect_tcp: {} + + redirect_sites: + - from: portail.adm.auro.re + to: portail.auro.re + norequesturi: true + + - from: 10.128.0.247 + to: portail.auro.re + norequesturi: true + + - from: 45.66.111.247 + to: portail.auro.re + norequesturi: true + + reverseproxy_sites: + - from: portail.auro.re + to: 10.128.0.20 + custom_args: + - "allow 45.66.108.251" + - "allow 45.66.108.252" + - "allow 45.66.108.253" + - "allow 45.66.108.254" + - "allow 45.66.108.255" + - "deny all" diff --git a/roles/nginx_reverseproxy/templates/nginx/sites-available/redirect.j2 b/roles/nginx_reverseproxy/templates/nginx/sites-available/redirect.j2 index 28e9b7d..9b0e8ca 100644 --- a/roles/nginx_reverseproxy/templates/nginx/sites-available/redirect.j2 +++ b/roles/nginx_reverseproxy/templates/nginx/sites-available/redirect.j2 @@ -9,7 +9,7 @@ server { server_name {{ site.from }}; location / { - return 302 http://{{ site.to }}$request_uri; + return 302 http://{{ site.to }}{% if site.norequesturi is not defined %}$request_uri{% endif %}; } } @@ -24,7 +24,7 @@ server { include "/etc/nginx/snippets/options-ssl.conf"; location / { - return 302 https://{{ site.to }}$request_uri; + return 302 https://{{ site.to }}{% if site.norequesturi is not defined %}$request_uri{% endif %}; } } @@ -43,7 +43,7 @@ server { server_name {{ from }}; location / { - return 302 http://{{ site.to }}$request_uri; + return 302 http://{{ site.to }}{% if site.norequesturi is not defined %}$request_uri{% endif %}; } } @@ -58,7 +58,7 @@ server { include "/etc/nginx/snippets/options-ssl.conf"; location / { - return 302 https://{{ site.to }}$request_uri; + return 302 https://{{ site.to }}{% if site.norequesturi is not defined %}$request_uri{% endif %}; } } diff --git a/roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy.j2 b/roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy.j2 index d29d13c..9c8c152 100644 --- a/roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy.j2 +++ b/roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy.j2 @@ -47,6 +47,12 @@ server { set_real_ip_from 2a0c:700:0:2::/64; real_ip_header P-Real-Ip; +{% if site.custom_args is defined -%} +{% for arg in site.custom_args %} + {{ arg }}; +{% endfor %} +{% endif %} + location / { proxy_pass http://{{ site.to }}; include "/etc/nginx/snippets/options-proxypass.conf"; diff --git a/services_web.yml b/services_web.yml index 6bc6a6d..73b900b 100755 --- a/services_web.yml +++ b/services_web.yml @@ -11,7 +11,7 @@ - passbolt # Deploy reverse proxy -- hosts: proxy*.adm.auro.re +- hosts: portail.adm.auro.re,proxy*.adm.auro.re roles: - certbot - nginx_reverseproxy From ba9e60dba88918f70af5759bc02be26fffb59d99 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Thu, 28 Jan 2021 22:08:48 +0100 Subject: [PATCH 021/146] Update the nginx configuration of the captive portal Signed-off-by: Yohann D'ANELLO --- host_vars/portail.adm.auro.re.yml | 41 ++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/host_vars/portail.adm.auro.re.yml b/host_vars/portail.adm.auro.re.yml index 65aea34..8af0987 100644 --- a/host_vars/portail.adm.auro.re.yml +++ b/host_vars/portail.adm.auro.re.yml @@ -16,25 +16,38 @@ nginx: redirect_tcp: {} redirect_sites: - - from: portail.adm.auro.re - to: portail.auro.re + - from: 10.13.0.247 + to: portail-fleming.auro.re norequesturi: true - - from: 10.128.0.247 - to: portail.auro.re + - from: 10.23.0.247 + to: portail-.auro.re norequesturi: true - - from: 45.66.111.247 - to: portail.auro.re + - from: 10.33.0.247 + to: portail-rives.auro.re + norequesturi: true + + - from: 10.43.0.247 + to: portail-edc.auro.re + norequesturi: true + + - from: 10.53.0.247 + to: portail-gs.auro.re norequesturi: true reverseproxy_sites: - - from: portail.auro.re + - from: portail-fleming.auro.re + to: 10.128.0.20 + + - from: portail-pacaterie.auro.re + to: 10.128.0.20 + + - from: portail-rives.auro.re + to: 10.128.0.20 + + - from: portail-edc.auro.re + to: 10.128.0.20 + + - from: portail-gs.auro.re to: 10.128.0.20 - custom_args: - - "allow 45.66.108.251" - - "allow 45.66.108.252" - - "allow 45.66.108.253" - - "allow 45.66.108.254" - - "allow 45.66.108.255" - - "deny all" From 154cbedec214b61e012a94e7114f57f01e6cf284 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Mon, 1 Feb 2021 15:50:32 +0100 Subject: [PATCH 022/146] Deploy firewall config for the captive portal Signed-off-by: Yohann D'ANELLO --- roles/router/templates/firewall_config.py | 42 ++++++++++++++--------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/roles/router/templates/firewall_config.py b/roles/router/templates/firewall_config.py index 68f66b2..6909b85 100644 --- a/roles/router/templates/firewall_config.py +++ b/roles/router/templates/firewall_config.py @@ -25,14 +25,13 @@ ### Give me a role # previously: routeur4 = routeur IPv4 -role = ['routeur', 'portail'] +role = ['routeur'] ### Specify each interface role interfaces_type = { 'routable' : ['ens20', 'ens21', 'ens23'], - 'routable-portail' : ['ens23'], 'sortie' : ['ens19'], 'admin' : ['ens18'] } @@ -67,24 +66,35 @@ nat = [ 'name': 'Accueil', 'ip_sources': '10.{{ subnet_ids.users_accueil }}.0.0/16', 'extra_nat': { - '10.{{ subnet_ids.users_accueil }}.0.0/16': '45.66.108.25{{ apartment_block_id }}' + '10.{{ subnet_ids.users_accueil }}.1.0/24': '45.66.108.25{{ + apartment_block_id }}', + '10.{{ subnet_ids.users_accueil }}.2.0/24': '45.66.108.25{{ apartment_block_id }}' }, + 'extra_nat_group': 'accueil_ens23_allowed', }, ] -portail = { - "authorized_hosts": { - "tcp": { - "45.66.111.61": ["80", "443"], - "92.222.211.195": ["80", "443"] - }, - "udp": {} - }, - "ip_redirect": { - "0.0.0.0/0": { +# ATTENTION: on doit avoir retry ≥ grace +# ATTENTION: il faut que ip_redirect gère tous les ports +# autorisés dans le profile re2o, sinon on laisse sortir +# du trafic +accueils = [ + { + 'iface': 'ens23', + 'grace_period': 1800, + 'retry_period': 86400, + 'ip_sources': [ + '10.{{ subnet_ids.users_accueil }}.1.0/24', + '10.{{ subnet_ids.users_accueil }}.2.0/24', + ], + 'ip_redirect': { "tcp": { - "45.66.111.61": ["80", "443"] + "10.{{ subnet_ids.users_accueil }}.0.247": ["80", "443"], } - } + }, + 'triggers': [ + ('4', 'tcp', '46.255.53.35', 443), # ComNPay + ('4', 'tcp', '46.255.53.35', 80), + ] } -} +] From 889cb764c138887bbeb5d5e564f3c45eabc947b2 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Mon, 1 Feb 2021 17:07:10 +0100 Subject: [PATCH 023/146] Clone certbot role from Crans Signed-off-by: Yohann D'ANELLO --- group_vars/certbot.yml | 8 ++++++++ roles/certbot/tasks/main.yml | 17 +++++++++++++++-- .../letsencrypt/conf.d/certname.ini.j2 | 9 +++++++-- .../templates/letsencrypt/rfc2136.ini.j2 | 7 +++++++ 4 files changed, 37 insertions(+), 4 deletions(-) create mode 100644 group_vars/certbot.yml create mode 100644 roles/certbot/templates/letsencrypt/rfc2136.ini.j2 diff --git a/group_vars/certbot.yml b/group_vars/certbot.yml new file mode 100644 index 0000000..011aa68 --- /dev/null +++ b/group_vars/certbot.yml @@ -0,0 +1,8 @@ +--- +glob_certbot: + dns_rfc2136_server: '10.128.0.30' + dns_rfc2136_name: certbot_challenge. + dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}" + mail: tech.aurore@lists.crans.org + certname: auro.re + domains: "auro.re" diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml index cbce286..549e7a2 100644 --- a/roles/certbot/tasks/main.yml +++ b/roles/certbot/tasks/main.yml @@ -1,10 +1,10 @@ --- -- name: Install certbot and nginx plugin +- name: Install certbot and RFC2136 plugin apt: update_cache: true name: - certbot - - python3-certbot-nginx + - python3-certbot-dns-rfc2136 register: pkg_result retries: 3 until: pkg_result is succeeded @@ -15,6 +15,19 @@ state: directory mode: 0755 +- name: Lookup DNS masters IPv4 + set_fact: + dns_masters_ipv4: + - "10.128.0.30" + cacheable: true + +- name: Add DNS credentials + template: + src: letsencrypt/rfc2136.ini.j2 + dest: /etc/letsencrypt/rfc2136.ini + mode: 0600 + owner: root + - name: Add Certbot configuration template: src: "letsencrypt/conf.d/certname.ini.j2" diff --git a/roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2 b/roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2 index c23d930..88512d2 100644 --- a/roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2 +++ b/roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2 @@ -15,8 +15,13 @@ email = {{ certbot.mail }} # Uncomment to use a text interface instead of ncurses text = True -# Use nginx challenge -authenticator = nginx +# Yes I want to sell my soul and my guinea pig. +agree-tos = True + +# Use DNS-01 challenge +authenticator = dns-rfc2136 +dns-rfc2136-credentials = /etc/letsencrypt/rfc2136.ini +dns-rfc2136-propagation-seconds = 30 # Wildcard the domain cert-name = {{ certbot.certname }} diff --git a/roles/certbot/templates/letsencrypt/rfc2136.ini.j2 b/roles/certbot/templates/letsencrypt/rfc2136.ini.j2 new file mode 100644 index 0000000..948f6a1 --- /dev/null +++ b/roles/certbot/templates/letsencrypt/rfc2136.ini.j2 @@ -0,0 +1,7 @@ +{{ ansible_managed | comment(decoration='# ') }} + +dns_rfc2136_server = {{ certbot.dns_rfc2136_server }} +dns_rfc2136_port = 53 +dns_rfc2136_name = {{ certbot.dns_rfc2136_name }} +dns_rfc2136_secret = {{ certbot.dns_rfc2136_secret }} +dns_rfc2136_algorithm = HMAC-SHA512 From 7e4a2d20c01157247d3abf124dd2203785580c7d Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Mon, 1 Feb 2021 17:07:23 +0100 Subject: [PATCH 024/146] Clone nginx role from Crans Signed-off-by: Yohann D'ANELLO --- group_vars/nginx.yml | 24 ++++ roles/nginx/handlers/main.yml | 5 + roles/nginx/tasks/main.yml | 121 ++++++++++++++++++ roles/nginx/templates/letsencrypt/dhparam.j2 | 8 ++ roles/nginx/templates/nginx/passwd.j2 | 4 + .../nginx/sites-available/redirect.j2 | 67 ++++++++++ .../nginx/sites-available/reverseproxy.j2 | 56 ++++++++ .../reverseproxy_redirect_dname.j2 | 37 ++++++ .../nginx/sites-available/service.j2 | 114 +++++++++++++++++ .../templates/nginx/snippets/fastcgi.conf.j2 | 18 +++ .../nginx/snippets/options-proxypass.conf.j2 | 19 +++ .../nginx/snippets/options-ssl.conf.j2 | 17 +++ .../templates/update-motd.d/05-service.j2 | 3 + roles/nginx/templates/www/html/401.html.j2 | 18 +++ roles/nginx/templates/www/html/50x.html.j2 | 63 +++++++++ roles/nginx/templates/www/html/robots.txt.j2 | 4 + 16 files changed, 578 insertions(+) create mode 100644 group_vars/nginx.yml create mode 100644 roles/nginx/handlers/main.yml create mode 100644 roles/nginx/tasks/main.yml create mode 100644 roles/nginx/templates/letsencrypt/dhparam.j2 create mode 100644 roles/nginx/templates/nginx/passwd.j2 create mode 100644 roles/nginx/templates/nginx/sites-available/redirect.j2 create mode 100644 roles/nginx/templates/nginx/sites-available/reverseproxy.j2 create mode 100644 roles/nginx/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 create mode 100644 roles/nginx/templates/nginx/sites-available/service.j2 create mode 100644 roles/nginx/templates/nginx/snippets/fastcgi.conf.j2 create mode 100644 roles/nginx/templates/nginx/snippets/options-proxypass.conf.j2 create mode 100644 roles/nginx/templates/nginx/snippets/options-ssl.conf.j2 create mode 100755 roles/nginx/templates/update-motd.d/05-service.j2 create mode 100644 roles/nginx/templates/www/html/401.html.j2 create mode 100644 roles/nginx/templates/www/html/50x.html.j2 create mode 100644 roles/nginx/templates/www/html/robots.txt.j2 diff --git a/group_vars/nginx.yml b/group_vars/nginx.yml new file mode 100644 index 0000000..eef80da --- /dev/null +++ b/group_vars/nginx.yml @@ -0,0 +1,24 @@ +--- +glob_nginx: + contact: tech.aurore@lists.crans.org + who: "L'équipe technique d'Aurore" + service_name: service + ssl: + cert: /etc/letsencrypt/live/auro.re/fullchain.pem + cert_key: /etc/letsencrypt/live/auro.re/privkey.pem + trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem + servers: + - ssl: false + server_name: + - "default" + - "_" + root: "/var/www/html" + locations: + - filter: "/" + params: [] + upstreams: [] + + auth_passwd: [] + default_server: + default_ssl_server: + deploy_robots_file: false diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml new file mode 100644 index 0000000..6dfcdd7 --- /dev/null +++ b/roles/nginx/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Reload nginx + systemd: + name: nginx + state: reloaded diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml new file mode 100644 index 0000000..4d4179c --- /dev/null +++ b/roles/nginx/tasks/main.yml @@ -0,0 +1,121 @@ +--- +- name: Install NGINX + apt: + update_cache: true + name: nginx + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Copy snippets + template: + src: "nginx/snippets/{{ item }}.j2" + dest: "/etc/nginx/snippets/{{ item }}" + owner: root + group: root + mode: 0644 + loop: + - options-ssl.conf + - options-proxypass.conf + +- name: Copy dhparam + template: + src: letsencrypt/dhparam.j2 + dest: /etc/letsencrypt/dhparam + owner: root + group: root + mode: 0644 + +- name: Disable default site + file: + dest: "/etc/nginx/sites-enabled/default" + state: absent + +- name: Copy reverse proxy sites + when: nginx.reverseproxy_sites is defined or nginx.redirect_sites is defined + template: + src: "nginx/sites-available/{{ item }}.j2" + dest: "/etc/nginx/sites-available/{{ item }}" + owner: root + group: root + mode: 0644 + loop: + - reverseproxy + - reverseproxy_redirect_dname + - redirect + notify: Reload nginx + +- name: Activate reverse proxy sites + when: nginx.reverseproxy_sites is defined or nginx.redirect_sites is defined + file: + src: "/etc/nginx/sites-available/{{ item }}" + dest: "/etc/nginx/sites-enabled/{{ item }}" + owner: root + group: root + state: link + loop: + - reverseproxy + - reverseproxy_redirect_dname + - redirect + notify: Reload nginx + ignore_errors: "{{ ansible_check_mode }}" + +- name: Copy service nginx configuration + when: nginx.servers is defined and nginx.servers|length > 0 + template: + src: "nginx/sites-available/service.j2" + dest: "/etc/nginx/sites-available/{{ nginx.service_name }}" + owner: root + group: root + mode: 0644 + notify: Reload nginx + +- name: Activate local nginx service site + when: nginx.servers is defined and nginx.servers|length > 0 + file: + src: "/etc/nginx/sites-available/{{ nginx.service_name }}" + dest: "/etc/nginx/sites-enabled/{{ nginx.service_name }}" + owner: root + group: root + state: link + notify: Reload nginx + ignore_errors: "{{ ansible_check_mode }}" + +- name: Copy 50x error page + template: + src: www/html/50x.html.j2 + dest: /var/www/html/50x.html + owner: www-data + group: www-data + mode: 0644 + +- name: Copy robots.txt file + when: nginx.deploy_robots_file + template: + src: www/html/robots.txt.j2 + dest: /var/www/html/robots.txt + owner: www-data + group: www-data + mode: 0644 + +- name: Indicate role in motd + template: + src: update-motd.d/05-service.j2 + dest: /etc/update-motd.d/05-nginx + mode: 0755 + +- name: Install passwords + when: nginx.auth_passwd|length > 0 + template: + src: nginx/passwd.j2 + dest: /etc/nginx/passwd + mode: 0644 + +- name: Copy 401 error page + when: nginx.auth_passwd|length > 0 + template: + src: www/html/401.html.j2 + dest: /var/www/html/401.html + owner: www-data + group: www-data + mode: 0644 diff --git a/roles/nginx/templates/letsencrypt/dhparam.j2 b/roles/nginx/templates/letsencrypt/dhparam.j2 new file mode 100644 index 0000000..9b182b7 --- /dev/null +++ b/roles/nginx/templates/letsencrypt/dhparam.j2 @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz ++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a +87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 +YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi +7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD +ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg== +-----END DH PARAMETERS----- diff --git a/roles/nginx/templates/nginx/passwd.j2 b/roles/nginx/templates/nginx/passwd.j2 new file mode 100644 index 0000000..6e61ce2 --- /dev/null +++ b/roles/nginx/templates/nginx/passwd.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} +{% for user, hash in nginx.auth_passwd.items() -%} +{{ user }}: {{ hash }} +{% endfor -%} diff --git a/roles/nginx/templates/nginx/sites-available/redirect.j2 b/roles/nginx/templates/nginx/sites-available/redirect.j2 new file mode 100644 index 0000000..28e9b7d --- /dev/null +++ b/roles/nginx/templates/nginx/sites-available/redirect.j2 @@ -0,0 +1,67 @@ +# {{ ansible_managed }} + +{% for site in nginx.redirect_sites %} +# Redirect http://{{ site.from }} to http://{{ site.to }} +server { + listen 80; + listen [::]:80; + + server_name {{ site.from }}; + + location / { + return 302 http://{{ site.to }}$request_uri; + } +} + +# Redirect https://{{ site.from }} to https://{{ site.to }} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name {{ site.from }}; + + # SSL common conf + include "/etc/nginx/snippets/options-ssl.conf"; + + location / { + return 302 https://{{ site.to }}$request_uri; + } +} + +{% endfor %} + +{# Also redirect for DNAMEs #} +{% for dname in nginx.redirect_dnames %} +{% for site in nginx.redirect_sites %} +{% set from = site.from | regex_replace('crans.org', dname) %} +{% if from != site.from %} +# Redirect http://{{ from }} to http://{{ site.to }} +server { + listen 80; + listen [::]:80; + + server_name {{ from }}; + + location / { + return 302 http://{{ site.to }}$request_uri; + } +} + +# Redirect https://{{ from }} to https://{{ site.to }} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name {{ from }}; + + # SSL common conf + include "/etc/nginx/snippets/options-ssl.conf"; + + location / { + return 302 https://{{ site.to }}$request_uri; + } +} + +{% endif %} +{% endfor %} +{% endfor %} diff --git a/roles/nginx/templates/nginx/sites-available/reverseproxy.j2 b/roles/nginx/templates/nginx/sites-available/reverseproxy.j2 new file mode 100644 index 0000000..d29d13c --- /dev/null +++ b/roles/nginx/templates/nginx/sites-available/reverseproxy.j2 @@ -0,0 +1,56 @@ +# {{ ansible_managed }} + +# Automatic Connection header for WebSocket support +# See http://nginx.org/en/docs/http/websocket.html +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +{% for site in nginx.reverseproxy_sites %} +# Redirect http://{{ site.from }} to https://{{ site.from }} +server { + listen 80; + listen [::]:80; + + server_name {{ site.from }}; + + location / { + return 302 https://$host$request_uri; + } +} + +# Reverse proxify https://{{ site.from }} to http://{{ site.to }} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name {{ site.from }}; + + # SSL common conf + include "/etc/nginx/snippets/options-ssl.conf"; + + # Log into separate log files + access_log /var/log/nginx/{{ site.from }}.log; + error_log /var/log/nginx/{{ site.from }}_error.log; + + # Keep the TCP connection open a bit for faster browsing + keepalive_timeout 70; + + # Custom error page + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /var/www/html; + } + + set_real_ip_from 10.231.136.0/24; + set_real_ip_from 2a0c:700:0:2::/64; + real_ip_header P-Real-Ip; + + location / { + proxy_pass http://{{ site.to }}; + include "/etc/nginx/snippets/options-proxypass.conf"; + } +} + +{% endfor %} diff --git a/roles/nginx/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 b/roles/nginx/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 new file mode 100644 index 0000000..4edda25 --- /dev/null +++ b/roles/nginx/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 @@ -0,0 +1,37 @@ +# {{ ansible_managed }} + +{% for dname in nginx.redirect_dnames %} +{% for site in nginx.reverseproxy_sites %} +{% set from = site.from | regex_replace('crans.org', dname) %} +{% set to = site.from %} +{% if from != site.from %} +# Redirect http://{{ from }} to http://{{ to }} +server { + listen 80; + listen [::]:80; + + server_name {{ from }}; + + location / { + return 302 http://{{ to }}$request_uri; + } +} + +# Redirect https://{{ from }} to https://{{ to }} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name {{ from }}; + + # SSL common conf + include "/etc/nginx/snippets/options-ssl.conf"; + + location / { + return 302 https://{{ to }}$request_uri; + } +} + +{% endif %} +{% endfor %} +{% endfor %} diff --git a/roles/nginx/templates/nginx/sites-available/service.j2 b/roles/nginx/templates/nginx/sites-available/service.j2 new file mode 100644 index 0000000..3d9db5d --- /dev/null +++ b/roles/nginx/templates/nginx/sites-available/service.j2 @@ -0,0 +1,114 @@ +# {{ ansible_managed }} + +# Automatic Connection header for WebSocket support +# See http://nginx.org/en/docs/http/websocket.html +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +{% for upstream in nginx.upstreams -%} +upstream {{ upstream.name }} { + # Path of the server + server {{ upstream.server }}; +} +{% endfor -%} + +{% if nginx.default_ssl_server -%} +# Redirect all services to the main site +server { + listen 443 default_server ssl; + listen [::]:443 default_server ssl; + include "/etc/nginx/snippets/options-ssl.conf"; + + server_name _; + charset utf-8; + + # Hide Nginx version + server_tokens off; + + location / { + return 302 https://{{ nginx.default_ssl_server }}$request_uri; + } +} +{% endif -%} + +{% if nginx.default_server -%} +# Redirect all services to the main site +server { + listen 80 default_server; + listen [::]:80 default_server; + + server_name _; + charset utf-8; + + # Hide Nginx version + server_tokens off; + + location / { + return 302 http://{{ nginx.default_server }}$request_uri; + } +} +{% endif -%} + +{% for server in nginx.servers %} +{% if server.ssl is defined and server.ssl -%} +# Redirect HTTP to HTTPS +server { + listen 80; + listen [::]:80; + + server_name {{ server.server_name|join(" ") }}; + charset utf-8; + + # Hide Nginx version + server_tokens off; + + location / { + return 302 https://$host$request_uri; + } +} +{% endif -%} + +server { + {% if server.ssl is defined and server.ssl -%} + listen 443 ssl; + listen [::]:443 ssl; + include "/etc/nginx/snippets/options-ssl.conf"; + {% else -%} + listen 80; + listen [::]:80; + {% endif -%} + + server_name {{ server.server_name|join(" ") }}; + charset utf-8; + + # Hide Nginx version + server_tokens off; + + {% if server.root is defined -%} + root {{ server.root }}; + {% endif -%} + {% if server.index is defined -%} + index {{ server.index|join(" ") }}; + {% endif -%} + + {% if server.access_log is defined -%} + access_log {{ server.access_log }}; + {% endif -%} + {% if server.error_log is defined -%} + error_log {{ server.error_log }}; + {% endif -%} + + {% if server.locations is defined -%} + + {% for location in server.locations -%} + location {{ location.filter }} { + {% for param in location.params -%} + {{ param }}; + {% endfor -%} + } + {% endfor -%} +{% endif -%} +} +{% endfor %} diff --git a/roles/nginx/templates/nginx/snippets/fastcgi.conf.j2 b/roles/nginx/templates/nginx/snippets/fastcgi.conf.j2 new file mode 100644 index 0000000..0b21030 --- /dev/null +++ b/roles/nginx/templates/nginx/snippets/fastcgi.conf.j2 @@ -0,0 +1,18 @@ +# {{ ansible_managed }} + +# regex to split $uri to $fastcgi_script_name and $fastcgi_path +fastcgi_split_path_info (^/[^/]*)(.*)$; + +# check that the PHP script exists before passing it +try_files $fastcgi_script_name =404; + +# Bypass the fact that try_files resets $fastcgi_path_info +# see: http://trac.nginx.org/nginx/ticket/321 +set $path_info $fastcgi_path_info; +fastcgi_param PATH_INFO $path_info; + +# Let NGINX handle errors +fastcgi_intercept_errors on; + +include /etc/nginx/fastcgi.conf; +fastcgi_pass unix:/var/run/fcgiwrap.socket; diff --git a/roles/nginx/templates/nginx/snippets/options-proxypass.conf.j2 b/roles/nginx/templates/nginx/snippets/options-proxypass.conf.j2 new file mode 100644 index 0000000..9515d81 --- /dev/null +++ b/roles/nginx/templates/nginx/snippets/options-proxypass.conf.j2 @@ -0,0 +1,19 @@ +# {{ ansible_managed }} + +proxy_redirect off; +proxy_set_header Host $host; + +# Pass the real client IP +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + +# Tell proxified server that we are HTTPS, fix Wordpress +proxy_set_header X-Forwarded-Proto https; + +# WebSocket support +proxy_http_version 1.1; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection $connection_upgrade; + +# For Owncloud WebDav +client_max_body_size 10G; diff --git a/roles/nginx/templates/nginx/snippets/options-ssl.conf.j2 b/roles/nginx/templates/nginx/snippets/options-ssl.conf.j2 new file mode 100644 index 0000000..fee51c6 --- /dev/null +++ b/roles/nginx/templates/nginx/snippets/options-ssl.conf.j2 @@ -0,0 +1,17 @@ +# {{ ansible_managed }} + +ssl_certificate {{ nginx.ssl.cert }}; +ssl_certificate_key {{ nginx.ssl.cert_key }}; +ssl_session_timeout 1d; +ssl_session_cache shared:MozSSL:10m; +ssl_session_tickets off; +ssl_dhparam /etc/letsencrypt/dhparam; +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; +ssl_prefer_server_ciphers off; + +# Enable OCSP Stapling, point to certificate chain +ssl_stapling on; +ssl_stapling_verify on; +ssl_trusted_certificate {{ nginx.ssl.trusted_cert }}; + diff --git a/roles/nginx/templates/update-motd.d/05-service.j2 b/roles/nginx/templates/update-motd.d/05-service.j2 new file mode 100755 index 0000000..fdff0b8 --- /dev/null +++ b/roles/nginx/templates/update-motd.d/05-service.j2 @@ -0,0 +1,3 @@ +#!/usr/bin/tail +14 +# {{ ansible_managed }} +> NGINX a été déployé sur cette machine. Voir /etc/nginx/. diff --git a/roles/nginx/templates/www/html/401.html.j2 b/roles/nginx/templates/www/html/401.html.j2 new file mode 100644 index 0000000..93fc38a --- /dev/null +++ b/roles/nginx/templates/www/html/401.html.j2 @@ -0,0 +1,18 @@ +{{ ansible_header | comment('xml') }} + + + + Accès refusé + + + +

Accès refusé

+

+ Pour éviter le scan des adresses de diffusions par un robot, cette page demande un identifiant et mot de passe. +

+
    +
  • Identifiant : Stop
  • +
  • Mot de passe : Spam
  • +
+ + diff --git a/roles/nginx/templates/www/html/50x.html.j2 b/roles/nginx/templates/www/html/50x.html.j2 new file mode 100644 index 0000000..078e2de --- /dev/null +++ b/roles/nginx/templates/www/html/50x.html.j2 @@ -0,0 +1,63 @@ + + + + + 502 + + + + +

502

+

Whoops, le service prend trop de temps à répondre…

+

Essayez de rafraîchir la page. Si le problème persiste, pensez + à contacter {{ nginx.who }}.

+ + + diff --git a/roles/nginx/templates/www/html/robots.txt.j2 b/roles/nginx/templates/www/html/robots.txt.j2 new file mode 100644 index 0000000..3fbaed7 --- /dev/null +++ b/roles/nginx/templates/www/html/robots.txt.j2 @@ -0,0 +1,4 @@ +{{ ansible_header | comment }} + +User-agent: * +Disallow: / From a808e3c7938c6a729ac78eef775ead423f09bdf1 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Mon, 1 Feb 2021 17:08:06 +0100 Subject: [PATCH 025/146] Update captive portal nginx configuration Signed-off-by: Yohann D'ANELLO --- host_vars/portail.adm.auro.re.yml | 139 ++++++++++++++++++++++-------- hosts | 5 ++ services_web.yml | 10 ++- 3 files changed, 115 insertions(+), 39 deletions(-) diff --git a/host_vars/portail.adm.auro.re.yml b/host_vars/portail.adm.auro.re.yml index 8af0987..cb3c466 100644 --- a/host_vars/portail.adm.auro.re.yml +++ b/host_vars/portail.adm.auro.re.yml @@ -1,53 +1,116 @@ --- -certbot: +loc_certbot: domains: - - portail.auro.re + - portail-fleming.auro.re + - portail-pacaterie.auro.re + - portail-rives.auro.re + - portail-edc.auro.re + - portail-gs.auro.re mail: tech.aurore@lists.crans.org certname: auro.re -nginx: - ssl: - cert: /etc/letsencrypt/live/auro.re/fullchain.pem - cert_key: /etc/letsencrypt/live/auro.re/privkey.pem - trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem +loc_nginx: + service_name: captive_portal + default_server: '$server_addr' + default_ssl_server: '$server_addr' - redirect_dnames: {} + servers: + - ssl: false + server_name: + - "10.13.0.247" + locations: + - filter: "/" + params: + - "return 302 https://portail-fleming.auro.re/portail/" - redirect_tcp: {} + - ssl: true + server_name: + - portail-fleming.auro.re + locations: + - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)" + params: + - "proxy_pass http://10.128.0.80" + - "include /etc/nginx/snippets/options-proxypass.conf" + - filter: "/" + params: + - "return 302 https://portail-fleming.auro.re/portail/" - redirect_sites: - - from: 10.13.0.247 - to: portail-fleming.auro.re - norequesturi: true + - ssl: false + server_name: + - 10.23.0.247 + locations: + - filter: "/" + params: + - "return 302 https://portail-pacaterie.auro.re/portail/" - - from: 10.23.0.247 - to: portail-.auro.re - norequesturi: true + - ssl: true + server_name: + - portail-pacaterie.auro.re + locations: + - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)" + params: + - "proxy_pass http://10.128.0.80" + - "include /etc/nginx/snippets/options-proxypass.conf" + - filter: "/" + params: + - "return 302 https://portail-pacaterie.auro.re/portail/" - - from: 10.33.0.247 - to: portail-rives.auro.re - norequesturi: true + - ssl: false + server_name: + - "10.33.0.247" + locations: + - filter: "/" + params: + - "return 302 https://portail-rives.auro.re/portail/" - - from: 10.43.0.247 - to: portail-edc.auro.re - norequesturi: true + - ssl: true + server_name: + - portail-rives.auro.re + locations: + - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)" + params: + - "proxy_pass http://10.128.0.80" + - "include /etc/nginx/snippets/options-proxypass.conf" + - filter: "/" + params: + - "return 302 https://portail-rives.auro.re/portail/" - - from: 10.53.0.247 - to: portail-gs.auro.re - norequesturi: true + - ssl: false + server_name: + - "10.43.0.247" + locations: + - filter: "/" + params: + - "return 302 https://portail-edc.auro.re/portail/" - reverseproxy_sites: - - from: portail-fleming.auro.re - to: 10.128.0.20 + - ssl: true + server_name: + - portail-edc.auro.re + locations: + - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)" + params: + - "proxy_pass http://10.128.0.80" + - "include /etc/nginx/snippets/options-proxypass.conf" + - filter: "/" + params: + - "return 302 https://portail-edc.auro.re/portail/" - - from: portail-pacaterie.auro.re - to: 10.128.0.20 + - ssl: false + server_name: + - "10.53.0.247" + locations: + - filter: "/" + params: + - "return 302 https://portail-gs.auro.re/portail/" - - from: portail-rives.auro.re - to: 10.128.0.20 - - - from: portail-edc.auro.re - to: 10.128.0.20 - - - from: portail-gs.auro.re - to: 10.128.0.20 + - ssl: true + server_name: + - portail-gs.auro.re + locations: + - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)" + params: + - "proxy_pass http://10.128.0.80" + - "include /etc/nginx/snippets/options-proxypass.conf" + - filter: "/" + params: + - "return 302 https://portail-gs.auro.re/portail/" diff --git a/hosts b/hosts index 3f03ed2..55cf3fc 100644 --- a/hosts +++ b/hosts @@ -489,3 +489,8 @@ ldap-replica-ovh.adm.auro.re [ldap_replica_rives] ldap-replica-rives.adm.auro.re +[certbot] +portail.adm.auro.re + +[nginx] +portail.adm.auro.re diff --git a/services_web.yml b/services_web.yml index 73b900b..62b7044 100755 --- a/services_web.yml +++ b/services_web.yml @@ -11,7 +11,15 @@ - passbolt # Deploy reverse proxy -- hosts: portail.adm.auro.re,proxy*.adm.auro.re +- hosts: proxy*.adm.auro.re roles: - certbot - nginx_reverseproxy + +- hosts: portail.adm.auro.re + vars: + certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}' + nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}' + roles: + - certbot + - nginx From bbac76023c85307a089cf56be72c9b274edcf5c2 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Mon, 1 Feb 2021 17:08:24 +0100 Subject: [PATCH 026/146] Update masquerade configuration for the captive portal Signed-off-by: Yohann D'ANELLO --- roles/router/templates/firewall_config.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/router/templates/firewall_config.py b/roles/router/templates/firewall_config.py index 6909b85..5ccd388 100644 --- a/roles/router/templates/firewall_config.py +++ b/roles/router/templates/firewall_config.py @@ -71,6 +71,10 @@ nat = [ '10.{{ subnet_ids.users_accueil }}.2.0/24': '45.66.108.25{{ apartment_block_id }}' }, 'extra_nat_group': 'accueil_ens23_allowed', + 'masquerade': [ + '10.{{ subnet_ids.users_accueil }}.1.0/24', + '10.{{ subnet_ids.users_accueil }}.2.0/24', + ] }, ] From a82edc3e24a3a0f24d5fd0ea95e253e2efaa8f07 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Mon, 1 Feb 2021 18:30:37 +0100 Subject: [PATCH 027/146] Firewall configuration without MASQUERADE Signed-off-by: Yohann D'ANELLO --- roles/router/templates/firewall_config.py | 25 +++++++++++-------- .../templates/firewall_config_aurore.py | 12 ++++++--- 2 files changed, 24 insertions(+), 13 deletions(-) diff --git a/roles/router/templates/firewall_config.py b/roles/router/templates/firewall_config.py index 5ccd388..9971765 100644 --- a/roles/router/templates/firewall_config.py +++ b/roles/router/templates/firewall_config.py @@ -57,24 +57,29 @@ nat = [ }, 'ip_sources' : '10.{{ subnet_ids.users_wired }}.0.0/16', 'extra_nat' : { - '10.129.{{ apartment_block_id }}.{{ '1' if "backup" in inventory_hostname else '2' }}40' : '45.66.108.25{{ + 'ens19': { + '10.129.{{ apartment_block_id }}.{{ '1' if "backup" in inventory_hostname else '2' }}40' : '45.66.108.25{{ apartment_block_id }}', - '10.129.{{ apartment_block_id }}.254' : '45.66.108.25{{ apartment_block_id }}' + '10.129.{{ apartment_block_id }}.254' : '45.66.108.25{{ apartment_block_id }}', + }, } }, { 'name': 'Accueil', 'ip_sources': '10.{{ subnet_ids.users_accueil }}.0.0/16', 'extra_nat': { - '10.{{ subnet_ids.users_accueil }}.1.0/24': '45.66.108.25{{ - apartment_block_id }}', - '10.{{ subnet_ids.users_accueil }}.2.0/24': '45.66.108.25{{ apartment_block_id }}' + 'ens19': { + '10.{{ subnet_ids.users_accueil }}.1.0/24': '45.66.108.25{{ apartment_block_id }}', + '10.{{ subnet_ids.users_accueil }}.2.0/24': '45.66.108.25{{ apartment_block_id }}', + }, + 'ens23' : { + '10.{{ subnet_ids.users_accueil }}.1.0/24': '10.{{ subnet_ids.users_accueil }}.0.240', + '10.{{ subnet_ids.users_accueil }}.2.0/24': '10.{{ subnet_ids.users_accueil }}.0.240', + }, + }, + 'extra_nat_group': { + 'ens19': 'accueil_ens23_allowed', }, - 'extra_nat_group': 'accueil_ens23_allowed', - 'masquerade': [ - '10.{{ subnet_ids.users_accueil }}.1.0/24', - '10.{{ subnet_ids.users_accueil }}.2.0/24', - ] }, ] diff --git a/roles/router/templates/firewall_config_aurore.py b/roles/router/templates/firewall_config_aurore.py index c41fd92..af757a0 100644 --- a/roles/router/templates/firewall_config_aurore.py +++ b/roles/router/templates/firewall_config_aurore.py @@ -41,9 +41,15 @@ nat = [ { 'name' : 'AdminVlans', 'extra_nat' : { - '10.129.0.254/32' : '45.66.111.{{ router_hard_ip_suffix }}', - '10.128.0.0/16' : '45.66.111.{{ router_hard_ip_suffix }}', - '10.130.0.0/16' : '45.66.111.{{ router_hard_ip_suffix }}' + 'ens18': { + '10.129.0.254/32' : '45.66.111.{{ router_hard_ip_suffix }}', + }, + 'ens19': { + '10.128.0.0/16' : '45.66.111.{{ router_hard_ip_suffix }}', + }, + 'ens20': { + '10.130.0.0/16' : '45.66.111.{{ router_hard_ip_suffix }}', + }, } } ] From 3f626449272bb313cf55d19666cef7d0fc9c01ab Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Mon, 1 Feb 2021 19:02:14 +0100 Subject: [PATCH 028/146] Use production server Signed-off-by: Yohann D'ANELLO --- host_vars/portail.adm.auro.re.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/host_vars/portail.adm.auro.re.yml b/host_vars/portail.adm.auro.re.yml index cb3c466..e9d005d 100644 --- a/host_vars/portail.adm.auro.re.yml +++ b/host_vars/portail.adm.auro.re.yml @@ -29,7 +29,7 @@ loc_nginx: locations: - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)" params: - - "proxy_pass http://10.128.0.80" + - "proxy_pass http://10.128.0.20" - "include /etc/nginx/snippets/options-proxypass.conf" - filter: "/" params: @@ -49,7 +49,7 @@ loc_nginx: locations: - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)" params: - - "proxy_pass http://10.128.0.80" + - "proxy_pass http://10.128.0.20" - "include /etc/nginx/snippets/options-proxypass.conf" - filter: "/" params: @@ -69,7 +69,7 @@ loc_nginx: locations: - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)" params: - - "proxy_pass http://10.128.0.80" + - "proxy_pass http://10.128.0.20" - "include /etc/nginx/snippets/options-proxypass.conf" - filter: "/" params: @@ -89,7 +89,7 @@ loc_nginx: locations: - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)" params: - - "proxy_pass http://10.128.0.80" + - "proxy_pass http://10.128.0.20" - "include /etc/nginx/snippets/options-proxypass.conf" - filter: "/" params: @@ -109,7 +109,7 @@ loc_nginx: locations: - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)" params: - - "proxy_pass http://10.128.0.80" + - "proxy_pass http://10.128.0.20" - "include /etc/nginx/snippets/options-proxypass.conf" - filter: "/" params: From c527ce16b09ed4246fcc66ed776ddf24785cc61c Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Mon, 1 Feb 2021 19:03:08 +0100 Subject: [PATCH 029/146] Use good output interface for the main router Signed-off-by: Yohann D'ANELLO --- roles/router/templates/firewall_config_aurore.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/roles/router/templates/firewall_config_aurore.py b/roles/router/templates/firewall_config_aurore.py index af757a0..9565e3b 100644 --- a/roles/router/templates/firewall_config_aurore.py +++ b/roles/router/templates/firewall_config_aurore.py @@ -43,11 +43,7 @@ nat = [ 'extra_nat' : { 'ens18': { '10.129.0.254/32' : '45.66.111.{{ router_hard_ip_suffix }}', - }, - 'ens19': { '10.128.0.0/16' : '45.66.111.{{ router_hard_ip_suffix }}', - }, - 'ens20': { '10.130.0.0/16' : '45.66.111.{{ router_hard_ip_suffix }}', }, } From ce00d5e50fc9a4034ac2b00300d7bba7a266f93a Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Mon, 1 Feb 2021 19:57:33 +0100 Subject: [PATCH 030/146] Authorize comnpay urls in the captive portal Signed-off-by: Yohann D'ANELLO --- host_vars/portail.adm.auro.re.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/host_vars/portail.adm.auro.re.yml b/host_vars/portail.adm.auro.re.yml index e9d005d..e13a06d 100644 --- a/host_vars/portail.adm.auro.re.yml +++ b/host_vars/portail.adm.auro.re.yml @@ -27,7 +27,7 @@ loc_nginx: server_name: - portail-fleming.auro.re locations: - - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)" + - filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)" params: - "proxy_pass http://10.128.0.20" - "include /etc/nginx/snippets/options-proxypass.conf" @@ -47,7 +47,7 @@ loc_nginx: server_name: - portail-pacaterie.auro.re locations: - - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)" + - filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)" params: - "proxy_pass http://10.128.0.20" - "include /etc/nginx/snippets/options-proxypass.conf" @@ -67,7 +67,7 @@ loc_nginx: server_name: - portail-rives.auro.re locations: - - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)" + - filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)" params: - "proxy_pass http://10.128.0.20" - "include /etc/nginx/snippets/options-proxypass.conf" @@ -87,7 +87,7 @@ loc_nginx: server_name: - portail-edc.auro.re locations: - - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)" + - filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)" params: - "proxy_pass http://10.128.0.20" - "include /etc/nginx/snippets/options-proxypass.conf" @@ -107,7 +107,7 @@ loc_nginx: server_name: - portail-gs.auro.re locations: - - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)" + - filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)" params: - "proxy_pass http://10.128.0.20" - "include /etc/nginx/snippets/options-proxypass.conf" From 0e224df41f3a8156f11fd9cca838d39889d88d2a Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Mon, 1 Feb 2021 20:28:27 +0100 Subject: [PATCH 031/146] Install ipset on each router Signed-off-by: Yohann D'ANELLO --- roles/router/tasks/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/router/tasks/main.yml b/roles/router/tasks/main.yml index a0b8805..cfbf28e 100644 --- a/roles/router/tasks/main.yml +++ b/roles/router/tasks/main.yml @@ -30,6 +30,14 @@ mode: 0644 when: "'routeur-aurore' in ansible_hostname" +- name: Install ipset + apt: + name: ipset + update_cache: true + register: apt_result + retries: 3 + until: apt_result is succeeded + - name: Install aurore-firewall (re2o-service) import_role: name: re2o-service From 4ecb6ed7be8d2702468bd123514c657a5ba6aed8 Mon Sep 17 00:00:00 2001 From: ynerant Date: Fri, 5 Feb 2021 21:18:26 +0100 Subject: [PATCH 032/146] Update re2o-service password Signed-off-by: ynerant --- group_vars/all/vault.yml | 345 +++++++++++++++++++-------------------- 1 file changed, 172 insertions(+), 173 deletions(-) diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index b813ba3..8698d49 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,174 +1,173 @@ $ANSIBLE_VAULT;1.1;AES256 -34336231623938346631313932323131336439623837626366646338396137633436646365386639 -6332383765386235396331373836366230663563376665380a616436373136633933376435653230 -64333963663436393265666434653164643164616134353665306462326666623530383838343135 -3531343533656332350a343432336636316131386132306238653736633966363235623833343638 -38643061383963396466346536343061653034333037393664356661376565643765306462626231 -39326233363962373839303464333833306532343834306232653731326135653934643836323639 -36343937626536346331613263663865346634666534646266623061303639626636393230616261 -32336366356439353738633234326138656464656630303362623664616634306230623538373965 -32346439306337623737616666353830626630373562366436653131393532313035303836326430 -64613235646366616533313065396663366434363832333535336631323366336437396664303834 -30336466313064636565326564356435306136396363373464326534303366323262303732626661 -38326663313332633530353739346538343434316133343066313530366637376135323564306537 -65626261303231656432333364333965663065346436626631666466643934623064333163626339 -32633565303734303862326365336339346133393431636266303530626564326361653230626536 -32313231373037633134623761663832393666353732613965613436323939343233613433343538 -37326438383130303861316663396333376662386337353964633930353536653437653061356635 -35646232343535313130646237643835376162623639333961323964353830653366626438346237 -36343663346332656537363434396633336161373730663364306239306432343930643230656465 -37633537616232656661313764626232303535383563353861396431643735326162383866626231 -61383165613332666537656137636430323332326335323763303537386662646263353539613964 -37323966306364306436653033393931663239383435613836356164633135306233356364313036 -39356661613434633930633066646437636535313565356366303732613731333062643231313035 -65333461396131663764626665393562623030343561313136363964393664376136303839333664 -65313465623331333538393734373264313562643232666130303930333662616465656432363039 -66616530336666343861336434633063343561323931323931346132376263376565313366306639 -64646465303432333136353661323936633965666364356633653861363139616562653834313861 -63306133613066373462383236613939316130623937643939323134343936356638376335323836 -39383334656236633037633230313138326238303863623231353465346661663162623138353461 -33343738613137366364633730346261366564646161373837613865393233663431636361663962 -38313230363737306265636435353533666262333666383639343364633464396566333433333538 -39643934646537653234336361613664333434623739353831316531313666396638333136343638 -33653034366362363562633462303165626333306664326366353334363964663936616430643662 -30616334326638323133366632663237356238353934323361376237613632396134663536336364 -39363439326335363437373939353564646663616464663763353931323233316135656634343137 -34396130386134386331643534353461663963323435656337653032376565313635623231343135 -34303130316239303065386134663332393938636332363665643832326439653733633231346537 -63383634333034323434376237663932613638363835393837613632663265616363303233653539 -61333765313463616665613136303533343230303735626437343635303934613365326166333966 -66613538393466666630363333643730653239393435616634303430396635383631613439623433 -36646431393865666162373232343335356366366633633264326639643434396234313863333163 -63396534623931633833656565396635333133376165613031663831633564663061656131303564 -61303132666264636139313738643161313134643733633366376538366135663135333333333564 -64366262353837363061653663616265393264373230346330636465336439623063636639356136 -65383638643961326661396336373163643832366561363764626461623662333436373136616437 -30316537653432356133616338353165633462643634323563306366343965326635363863316232 -61633135643861333635383464383937306236626632366235363433313335663431366531356337 -37303465323638383930336138356665343966336137356137656564303733373565366162343330 -38326366653733376138356339313564616165626235356363343430353239616339656239323964 -31643734653263653461333135386261646265323134633334376262323330396634643764323635 -30336262323035613338333166353364333836623865393132613338393237363734616330366463 -64646163303337323531636532383438356237306337656439663565643032633462316366663164 -33613039326337353531303831313136653539353261373930613030383134653261363833653439 -31343662623035393238646263633066653362323434306137633339393330376462356139333362 -35363436356530363134663064653031376561343732346262383333353733363136396262643135 -31326566303535343833326562376464643632363434323839366366626134303830323563633237 -37313964353033316163303738636632346137353437333463303135323631383132623133663130 -32373163393861366137303138363134653534613236636439623731393837306130626638343134 -39313532386338343662333134353761653162663665396664366239633536613132313735373334 -37613161383633653861376433633632333163653439633938386137313632396137616337373465 -65383238396439666537313833663364333731613434333739393161363437306665363834653761 -34303464386633633163353636643964393233383232623765373239376633393139326630653765 -62646439646534376234323661383063656463313437323231333165626163626262626562376338 -62646362346261313738323830613037663035666361386139666432613230346334323063326239 -65303065343061613736343663363630336333623439383032313137616131623933323636306331 -34636130626338303039356137353532346562363531623936316162336663306437386532363236 -36333661316161613237343032623764396435346632363963643438316430666539393566353939 -33333234313839636537366465356364303438313830663261373563346538626432313139303030 -33333066626463663663643833323764643737386162663766356665643064313263376434353038 -37643630643737663566653562353261333734636262626437393239383063613661643166626630 -31313564346239396561326162333534376264616435313762623032636432363832383630343964 -30343663643935633465393465626131633931623930653962303830333065363435383237653566 -65646632376330306437663334313932653230653562356338663366616463303466366263366137 -64633934626339633235386630396561376130373763313137386531356637633863393035306634 -65353432323235363135633832373032623837376333346131303162303464616234313062316563 -64646634633963663032613533636665333335656539323238623362306363313835626632306236 -30663637356463363530316434316639326639633539333335633330333834643035353932313638 -64356565653065666131373538356462306633343161376537323762313666373235353236313963 -65613561633266306632616538616461626532666435663038646138386430376164663766363138 -35316262393065653739323035666531333330326235386133383834383865356635666537333533 -31376138353231313262646334386566376264323066373934666363313431643738383064666437 -36656437313039656666373530346534393735353163646635663839326366643333393665626464 -36616637303631653661373433653865323634363065303433386534363064356564636465366265 -31333064383233636538393032376234663663353162343530376631356533653231303730396465 -33366162376464633633313664303939306330613865663431653037303061633130626635653638 -66626264363333376463386666313663333964333137333231303361616533393236373861656534 -32326335306566623332396638383133353434363565316432353963353062313662326361336537 -34396632656234333263663831326566353434316234613365316132363730643665373761666562 -31393565653663653731633333633730326265376135666162656132623238333765333363653130 -61353632313532616266363139336162336565356365316531336364623930636430353831623233 -61616131313438306633333066613764313161333934316139633738623164623564646365663566 -66356464376133363137313036623930373362306166623838373131313330393837396261656561 -66396233313530643164353264656563383632363139333262626532376562613630643437666266 -66656335656634613138316138643666623430363833663035616138336461303035633731636262 -36393939333765346239666433323032323361343934656463396365333366623337316663396263 -36616431626633663963636135643833666234613830366434636532373031343263316436306162 -39356365376561643665323866656465313434623138326238353662653735613565623264333336 -61393763363862613766653064636130323732663466366133666361636339356464313037353462 -63633936653235656538383433393065393162643034393538666433616131343462346235393164 -39353663373338626665663563663162633430343330373430376336326432346233663365376533 -32656465343538643137326366653232343530363834383831386634366262303333636261353863 -32633437343432653936643766363338636535613532323362656435613363393238626466303861 -38633861333638613466306338613932353964393365356637306261626535323732316362623731 -33313963623439613939333639346461663338373334396165636231666266613065323731373964 -64313133383435333935376531313432663766633133633863356563663535333263636237386136 -61653963633166383135333436646465383536373039383538326366636634313061613730653962 -37623962643866396637336231363038373465393637356463656566666661313130313863383233 -37343636346535363832626365396262303862393535336565393635663637323730373564336634 -37363036323733306535336366373630356531353737303165376530656433626634343365626239 -64346136363030663862313431653761666432393933366665346361626361623039326434633835 -32666538653037613361343536383634643762356234366433663639653461303933306434333864 -37386436393465323139306161333738383265323436376536656264356230303163326134323864 -63396331666431666464656161633466333764653631623131646566303366333030653834333335 -31323365353239366232643863386365633861376235643034303563613363663661616564363663 -63326562613365653539383336383339646164623864323830653434623365393432666466323134 -33626330373361393734656632393232363866613863373135636537613934343065306265623964 -34643765636165393336356630353663343065333431656164363638646233663762346536343362 -65653364343537383336373933313464663464653465383830363631316336303464313731356230 -34336130323766386465373162346535396565346630353734303937396130656132376331326563 -36386339383338346533646331666262396432336434646333653664326635386238333763626637 -31363464306465666339316436323265623437636533643431363161323139653065323534636533 -64386334353439373133313937343234373963353331646233346432646430636530663336316134 -66303337313034396232643531643262343036313762633165353665653938313665386363353865 -66333166303636626565613136653365313763303263313239333033353638616566656134396131 -38356434343931303134303362313363343634613361353538636634336332373132356165326163 -30386130326239366532363962316435663862393836326439623862366166376234343439306465 -36346639623939353232366333643963646336383833386565643435393734653936313638663930 -32323065343737663564333961373034393261613862333431663562353964666561643831316432 -35313832356639333937333266306166656538643065386639346337306134613536356137316331 -38376434666332366531393639303561663934353130333161636530383932653236313530616531 -61656664626663373164343863333039356362343034326131376666623264663732303734366363 -30306430353732616131346637626332656434393163313661356465393263393235396662623962 -62643538623331646265643561623366383937313136383939366164613235666234663137653432 -34316138643139336331356663333632656539653632626136613431393736613630353237356164 -33623632643335663163656236633134343464353837346237316162346634633336663564656531 -39373730346130363963376463326238366235613539613466653139306237343164336462353236 -39323361636333353661633863663162633563343937366461346338363061623730633537626562 -30353938383664333861366431343033313961376436363065373430353736343563313531386663 -37313534303564333237616331396437376436383833373936376664666366373235613533663239 -64653863613531356666646233393533646131333961343730663461346235633961306263343831 -64386332653330323937643266373437633465363933653833343930616134626566363339366362 -36356163333730656233653431326430326566386264343330666131393166323537623137396237 -65386234653231666631366533383762643830333261363532666138386263643662633932626335 -66303363613035643931393933303035323566373634663037313338616132373162366334373962 -33666463613435396331326565353433336361303562326562663035313639333232333430373266 -65383235356132353838636565636436356361653831356430663935613766613237366564316566 -37396130393363386566306162346466326165353863636633306335383265306139396339383866 -34326335323962633032386162623033353036643437313832323166363764653339343638343964 -66626662326234306362656162336538353131366337643761643930306163333661653062663832 -61303963623433313565633235306132366663336662616232613339366363373934613631623431 -34323736383366333032343364373533363761323338346163323836653235653136646162306166 -65333734623663346233343961396566313838653036396430396134393839326535363237363638 -38333232333863396334366561303136333863356666656335633630616531363766343535616533 -35656166303837653365303436623431613931336331356531666665346562613263363666626238 -62626236323863383366643162356462306163653032626130333863656337623136646439316337 -33306432663134383038646133346131333732633932383239643733643138303434646565663266 -34616265383733343963323538656138656331396438616133393063356638633965323363653066 -65353837333363613762333839313631373137363064383830353565333832356162323862393030 -35373038613133643466636537626437393837633865363566343565626633376262373766613738 -39343334336238363131373762646564653839623531323066356430326263376534373664363331 -64373735383933303638303661333964333464306338613363326261623438336530636262373766 -35346339643939666162386232666236326131366366303432393838326239313730323431376231 -39363032616666393431326533643865643937363937356431623763363037373333653266376561 -63323462363063343234373534663063353865363037383932386231313338343239653131633561 -34623439396232633265616438623562666333303932396366663330326565363736633461333463 -66346537323061306662323062393061353565393165363532306439343262343632616465363364 -30376331346430313536313963333136663833323064633631653935326366633862336163316538 -33383434336666303434363236396662366664393637656462363331356631613332353766636663 -62323264336235306532343065323834313730353237616463373766303439663533336366363565 -35646461636263646633343634323735383235376330616334373937646165623639363663353361 -65613034353736633332663333616564356265323731613537393430633137333337643663323137 -31623732663331653935316337306433333633353565343265666333363864346562363961333439 -30656136636661396335623566386362333861616663393738626632633537613564636261383138 -3233 +37356434643231623932626166316532633039323736303737363933373263623433653031356331 +3431376135666263353431396663363539333164643462340a383832373965653835633937373432 +31393936666535633137333739346135316463636166343063666363633966626639663265373935 +3865353439646331640a326137373039666263366330626537363566613135346263663761663732 +65363064356530373430633562623132373565326364656631313639376131313563316136623966 +35386236313238396436303765366365346335353166376164353936313536393665326439653861 +35623832623365386232353163656339333031323937383862656532636436386334643362653532 +66636365316161316536636131613438356464636163386233333333313531353935346264366231 +36346561303163663735386533333835313231333965633737376537396531323935383134643563 +32643566323564363762306438376431383237313633376437333339623936376664346137333561 +65656336303964623964616230306332636535343833336535303832666137663865336564623233 +33653361646533613462373163363736386634663038666232313432653037643330653639666663 +61643533363938366634616632626131663164393338623539636430363166323935396439373337 +34343930336631326634366331353836323465613934383231313364383061636631346633383634 +36646439336530353761613831343236373936666632333965323964643862616633303732333230 +36313132323965323831336265306565346461343235383864613762343536653434333163616663 +34303731666632666630313763323239633435386330363339363631646432633762383464303837 +39336630343833646666383237376238316264393262336136393662363261643961666332623138 +65633661343265643731396663376262613566613135663161393833373766396632303734336261 +30326436363237653431396563326264646335643536616530343863623130643666653733323331 +30616363306636396439376661633035326430313363656433636465623737636565333436653031 +33326662336239633930303665373965393037303238393630343338383362363439386634613838 +61356533383032656663613966383131623333613639633062343639393865376433316464653738 +64346465633263383662313934343732363536343662653532393837383062333565636662626634 +30393364336566343264373538386230623136316632666237646431333233376562356439626536 +61613835346636346139316665623463363339623863373961386661656361363232396533636233 +61326236643162623331633066333138326533323835366534336361396263353432373532326437 +30666234666235343739343834316234346630373661666634616461383639363664656534663636 +33376237313333393632313839373436616631336130393930373136623335666235386162376464 +31646437393336313433643534363138636461373837336634646464356437306265353731663362 +64316530326536333235386531613931303238363062383639626238346337356539323938663464 +62613432376563616238303938663933363564613532333633346132373361346231643130653833 +62313631313563343437373032626339366538313764333666353633363637333965633533373633 +33353134373730636638633432313932363264623531303135636566653038396131633230343839 +35303337613935666231303638663832663339626463353862616139346664356261656433313930 +65383336393934633036663261636434636461363161646239363135643536633836353965353462 +62636264373332643333356636616230376135363539393139383666363534626131663736393139 +36653862303066633365383435363637316262646338663437313435643334383835393238613763 +33656136646465373938653263376162633032336536613535356431393135396432636637356632 +31306132353632333833643434663930613936646233623935323761353461363139353238396633 +63363731613336643635333961336664343430353133373937396565343366363634653330663336 +62393866643665393232636232373964616335646363613466373666666661346139373938616463 +37613931613033323538323662356432306639626636666338666565343336323363633966316137 +32346538303935616265313461383731356462336435303936663931376133616365626466346435 +63313333643361363665653862663338376630613666356538616336643139666636663461323163 +35613365363032343831653639373866393635633363393961613339313234366232346662646132 +36636362356431366631373635613936653162323736303434353130343834323530393330613633 +66393130323637346561616435623562313037393161666236323834323836326161613963626236 +38343362343335343437656434303130626165646661393638336435343933326462343366323964 +39346433663533346262316461623732363963396161353139613663393264623335623832653436 +62306337653062666137373930303334643630623432303932303039343764633361613063643965 +34646133353132663662303665373836643238323932336663333730363137323532663164633862 +39383963336236646161653136626662313764373530623161663437373330666332316362623031 +66653832653035353662353638336239313336663765373966383030316137316135303134616439 +30386332366639653835663530643931326635373836663166313165633137623738636438663261 +34613135643363343232313061616337333562373764663733666666376233313534396132303536 +63643030623962626432653938336633313561303236363762353536613464353331373436666238 +65623961383736633934326165336637323630613032326163303436646530363063316334366665 +35303237613130326339306436343262313733663031333539343163323530653035356431386236 +63373564383233653165623034616262393966343262646461303562363763613261656235623533 +39643963646266623663343537663364633036373838313139313966663031376162666661363161 +36626332313535616638623837666565343734643037343761346238366665646461343532643434 +31356339613066646338306262323336373161326531326137353937343139386562383063666433 +61343861396465316663373963333237633736313735653138646366323334653963323831383864 +61636565333739663633623334336463643362343335663237393161383963373364303864393361 +61333935353634336637343961363237346565313633313366376336366139613563333336316565 +31653066323537646163666539356663633438386437386432313239356466356635303837326434 +66373934303932323732616563353566663766626335356662383732363266346636666231333864 +33663634313364353162666462383735653162383438393939306530393064626666366431633432 +63363139663632336333333562656339366133646630343533386535393234383638346532326132 +65326538373439373839656634613830656138643166616163663430323266366535646463303564 +38383537613964643761623330313563633939616432643134333266653038306136613962303162 +65393932353131323739333463363764346638633664383539616562353831653033633135656131 +35663136613835383538303134646631386331393032653539336632373439326238376233346238 +66623164643361646262373766353066633562343739393637653664623339333035323231663633 +66373134346231313239616534613065656563653662376434366161303163346533643866376266 +39383631396631633932653163343237313166633134346161653463393930613765373239303061 +33373466376563373739646130613566666132636666343266306135376636333730613034356430 +66373764376234363438613439643931323365636663376236666162643731646366623430373334 +32653962343839316534383034353535303839336361366666343961383930383237373164333065 +39643965386336393666633666376434303463633035373064383266646434343163396636343237 +66366561383237666566643035633635373966306464313765316665363532623638343030633733 +34663061663565303730613339623465653934363337396164383164363134373034356339643665 +38333662313862393631336533383631306130353963313337663031363061323762613966346333 +31356462336431336239353061653165376138326561346266353235636262613932633135303430 +64326536643334313262383132616434633131356537393263613761316535356631336461393930 +64386564306533656436653161383230313238396336656162656464663637336230663466323530 +34353730623033623866393266346134666230623139636132653739313738633037303563396162 +35366564376561306530353361616337386361326436366532656662376336373662636135663532 +38616631343733646564616264636239623136313037386561646632663463383430343632643935 +38663135346664626133373732306461383935366637303235316337376432626464396135343433 +31623230653464656538333263353061343761656638386537313163386132326635666531373334 +61313364646262346637623165643263313336626561376166326333333636303631353231373365 +31656664646330663063383135626534306338303161313438313162313866343035363234333432 +65613937373763623163653464636366316131653337346339626565643639663239313631336164 +39626263303361653864636433653038613938663037373735343637383733386230353663653865 +33663235613338636434303735386432383534663263656634353839663632343738376161393736 +35393062656533376261336130663235333766373832306563366538393763646339333334373063 +63396332303536336435323665316138613830306531356366383666343334323338616165306338 +61626364613062643131656239336466386664316661636664336466303931643236613761323130 +63656638633736383734313439366135613038326133646665303035646137393133636163393261 +66633864636362393630323436646233303664326634613235633438343930346538633466623064 +64643136326363356631343136366333613266336439326335323163306566313537646336383963 +35373936356137396366656237343432656236343339376538363339366334646130333030383464 +66333961643236653235663865353366313862633138376265366136636438633065653535663931 +35393166326337633337313465306565396161393534393563353166343935646362303465333833 +32326661633838333563663565643134616139353831343663313134306639656163653138383530 +63336462363862353935646563393766316665653561643765326161396439393866643565313161 +66343466313465343563316361643732313830633439336534316136303463366633653662643565 +33653533626531393536343033333433393032363862343661313836346561376565316361653032 +36613738663233333766613236613239336663323931653230313761643765666632363362643034 +39646130623161613332636330393936336532653861393935366266396536616465356362396635 +62643438643665326163366239386364633434383838613735396231383762316565373665363531 +32666131653961656566376631303239323262623330383438386164363162303662306535313162 +34343539636463626430386630653934306665333266336234313362343366633366373131383861 +31616535346236666264316535646236633363623533656332353037646231653236613664356362 +65656333303461646131366365323266656661343864633536396238333962393066336537353234 +31353337646131373533346161643432656361366464613437643230366261613662356435303339 +33623665373231656539326533353035383038633731386531633064623339653831306430333265 +35386538323561663433323939393564336539636432633738663337353937633837323062616266 +36363766373661356261643966623937633334303539343665343266386630363663663037396263 +61346330313665373533326437623838366634303335383433626137383434333166623138383931 +31643333366662333930393039333232613363313065633734303339323265323861633831646663 +33663934353664306665346631653561613463643265336431643532333533323764323937653934 +32356630383633666538386461653334343363656539383838613239626336366634383266323462 +38393534656635313739653461343835336134333166653463316464393063613831653837346663 +39626133643239353530303263663635326561306665363034393565326463343061313563366431 +39303333396166346138376530646532376333646636613664326536663133623532663462316439 +61343239623166616466316465653532646137336135656164386532623266386633326164336566 +65623436343531623133353366623763333137303132396435653632623534623061393036656161 +36373564306564363432373633326535383038623933343834386634653839353933343965366137 +34343334626661656265393461393339346139633136373936653630383732393461386463313263 +63366263333637363339323534636234386237393663316435323130663438343930336333643838 +34353264373261306439393732343530393765346161653562383939623234356562626664373263 +33343234366639663666346564383866623231356164396435363035373063643566326665373864 +32616131383530663033633866613236366264636564343462326265373762396364323232393131 +39636432356334353439333938643331366263353237633234643233373364393133366537653738 +63383531643334656537316663393235646331613365393330633064663939353633383035643866 +61376632636430646135363761393131626664326235316639646332366564396561633037363866 +65353563643632323364313134613339356563333431353931653738323162316666346466663266 +62653433666136613734623361363066336230326562663730643230616463613936633738643135 +66373935653939613537306265623532616133353365303433303562353831663534343165316362 +39613937326561383264323361666439613865316138386266393261616135346433323466333234 +33356138623132383063356633613066356161616662623961313562636636386463346266366137 +63396535353236623765626634663132633261643036333762323836636138643737373031653266 +37333836383937386238326162626166656134313165336437323834326635623036616130313539 +34356337666536666230333231326463343938396366353238313639656531663363636164626438 +30656439626361386633343236373733656334353061316239303764363236353639626637376534 +36313630613336633533613437663563656436356130336333346432616638343463316636326236 +30323737623330393565616532363835373766626432356137376561336261353864333266313033 +31663665626439336362363836613032393934613438333663373565393662663066353337343233 +31356261396664653865326532326136356134626631333530306633666538376630396163643761 +65636630346134353431646137613766326365613463373130666665663166356639333532326238 +32303238346632303831316631303733346433366665643234646439363737363462336539343534 +62623363353135303732613939613430363338313539616336656433356664343365663835626366 +62663232386638323265643133343433303133616437666139616337363036316135356333366533 +35666466303365623835663266373765393031643637333663663030366465333764653466373366 +38303863373864656431666434353064343166613132656266393939393163326631363931616637 +66396161633133646164646339396634623766643065306666373464323562363963333431636638 +66616166643762656433646661643931663639353237623461616561363164333634613338636336 +30626234333237366563663163366633666165343933316636646630653031393139393534376334 +64346166623061303930313432316665646266613834633139306662343537653736393134623032 +62643537393239643265663433653737386464353130303130323538626164306637323665623736 +39626238333038366263336630373139343064303833646634313331653033396364646462356639 +62333331336561373839636631363934653363386365363132646464653363313866616435633138 +34623638666534663131616631306566303365623339386137623666633833393134393735623264 +35323330366134613635656438323566346263306231343536306539633366653062316638396532 +62306133386530386436633661356331323261353738623865333531363036633535643537393362 +62396565636566343932373361373163356639313236306161366237356264336330366130333530 +63613363313930386438343330376463626438343439313866653039363036316566613932313230 +63323330373866613032343235623334336635343062623461366263623033353335623137356439 +39393834343230363362 From 5330718945c4e2bd9d372e97008fa8896a8a3dd6 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Sun, 7 Feb 2021 14:38:32 +0100 Subject: [PATCH 033/146] Add the Jitsi VM --- hosts | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts b/hosts index 55cf3fc..04893ce 100644 --- a/hosts +++ b/hosts @@ -36,6 +36,7 @@ mail.adm.auro.re wikijs.adm.auro.re prometheus-aurore.adm.auro.re portail.adm.auro.re +jitsi-aurore.adm.auro.re [aurore_testing_vm] pendragon.adm.auro.re From 1e136e37362a66490e42ee9003e1adb51838018f Mon Sep 17 00:00:00 2001 From: Otthorn Date: Sun, 7 Feb 2021 17:31:21 +0100 Subject: [PATCH 034/146] Remove rules from warn list when it is not needed --- .ansible-lint | 2 -- roles/{debian-backports => debian_backports}/tasks/main.yml | 0 .../templates/backports.list.j2 | 0 3 files changed, 2 deletions(-) rename roles/{debian-backports => debian_backports}/tasks/main.yml (100%) rename roles/{debian-backports => debian_backports}/templates/backports.list.j2 (100%) diff --git a/.ansible-lint b/.ansible-lint index a85e701..3f851df 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -2,6 +2,4 @@ skip_list: - '301' warn_list: - - '305' # Use shell only when shell functionality is required - - '503' # Tasks that run when changed should likely be handlers - experimental # all rules tagged as experimental diff --git a/roles/debian-backports/tasks/main.yml b/roles/debian_backports/tasks/main.yml similarity index 100% rename from roles/debian-backports/tasks/main.yml rename to roles/debian_backports/tasks/main.yml diff --git a/roles/debian-backports/templates/backports.list.j2 b/roles/debian_backports/templates/backports.list.j2 similarity index 100% rename from roles/debian-backports/templates/backports.list.j2 rename to roles/debian_backports/templates/backports.list.j2 From 83cdd60e27f0f39d8e2292b7b0ebac318a06155d Mon Sep 17 00:00:00 2001 From: Otthorn Date: Sun, 7 Feb 2021 17:32:02 +0100 Subject: [PATCH 035/146] Ansible-lint every file, not just playbooks --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 416e400..58679a2 100644 --- a/.drone.yml +++ b/.drone.yml @@ -15,5 +15,5 @@ steps: commands: - apk add --no-cache gcc libc-dev libffi-dev openssl-dev - pip install ansible-lint==4.3.7 - - ansible-lint *.yml + - ansible-lint ... From 679daa633ff33e3cb7c6eb5be5be9032d603d219 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Sun, 7 Feb 2021 17:32:44 +0100 Subject: [PATCH 036/146] Fix ansible lint --- roles/isc_dhcp_server/handlers/main.yml | 2 +- roles/isc_dhcp_server/tasks/main.yml | 2 +- roles/radius/tasks/main.yml | 7 +++---- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/roles/isc_dhcp_server/handlers/main.yml b/roles/isc_dhcp_server/handlers/main.yml index 05b48c6..fd4dd48 100644 --- a/roles/isc_dhcp_server/handlers/main.yml +++ b/roles/isc_dhcp_server/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: force run dhcp re2o-service - shell: /var/local/re2o-services/dhcp/main.py --force + command: /var/local/re2o-services/dhcp/main.py --force become_user: re2o-services - name: restart dhcpd diff --git a/roles/isc_dhcp_server/tasks/main.yml b/roles/isc_dhcp_server/tasks/main.yml index 57d2d25..02fdb75 100644 --- a/roles/isc_dhcp_server/tasks/main.yml +++ b/roles/isc_dhcp_server/tasks/main.yml @@ -18,7 +18,7 @@ owner: re2o-services group: nogroup recurse: true - mode: 755 + mode: 0755 - name: Install isc-dhcp-server apt: diff --git a/roles/radius/tasks/main.yml b/roles/radius/tasks/main.yml index 941f7c9..303a86f 100644 --- a/roles/radius/tasks/main.yml +++ b/roles/radius/tasks/main.yml @@ -106,12 +106,11 @@ - name: Install radius requirements (except freeradius-python3) shell: - cmd: "{{ item }}" + cmd: "cat apt_requirements_radius.txt | grep -v freeradius-python3 | xargs apt-get -y install" chdir: /var/www/re2o/ - loop: - - "cat apt_requirements_radius.txt | grep -v freeradius-python3 | xargs apt-get -y install" - - "pip3 install -r pip_requirements.txt" +- name: Install PyPi requirements for radius + command: "pip3 install -r /var/www/re2o/pip_requirements.txt" # End of hideousness (hopefully). From e6b853a552051a43c739ed8a0e78d332ba5e79ec Mon Sep 17 00:00:00 2001 From: Otthorn Date: Sun, 7 Feb 2021 17:33:29 +0100 Subject: [PATCH 037/146] fix role name --- roles/{re2o-service => re2o_service}/defaults/main.yml | 0 roles/{re2o-service => re2o_service}/tasks/main.yml | 0 roles/{re2o-service => re2o_service}/tasks/service_user.yml | 0 .../templates/update-motd.d/05-service.j2 | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename roles/{re2o-service => re2o_service}/defaults/main.yml (100%) rename roles/{re2o-service => re2o_service}/tasks/main.yml (100%) rename roles/{re2o-service => re2o_service}/tasks/service_user.yml (100%) rename roles/{re2o-service => re2o_service}/templates/update-motd.d/05-service.j2 (100%) diff --git a/roles/re2o-service/defaults/main.yml b/roles/re2o_service/defaults/main.yml similarity index 100% rename from roles/re2o-service/defaults/main.yml rename to roles/re2o_service/defaults/main.yml diff --git a/roles/re2o-service/tasks/main.yml b/roles/re2o_service/tasks/main.yml similarity index 100% rename from roles/re2o-service/tasks/main.yml rename to roles/re2o_service/tasks/main.yml diff --git a/roles/re2o-service/tasks/service_user.yml b/roles/re2o_service/tasks/service_user.yml similarity index 100% rename from roles/re2o-service/tasks/service_user.yml rename to roles/re2o_service/tasks/service_user.yml diff --git a/roles/re2o-service/templates/update-motd.d/05-service.j2 b/roles/re2o_service/templates/update-motd.d/05-service.j2 similarity index 100% rename from roles/re2o-service/templates/update-motd.d/05-service.j2 rename to roles/re2o_service/templates/update-motd.d/05-service.j2 From faf5fc736297b524440457f0fbfa8dff4b59f19e Mon Sep 17 00:00:00 2001 From: Otthorn Date: Sun, 7 Feb 2021 17:39:04 +0100 Subject: [PATCH 038/146] fix re2o-service -> re2o_service role name --- network.yml | 4 ++-- roles/isc_dhcp_server/tasks/main.yml | 2 +- roles/router/tasks/main.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/network.yml b/network.yml index e64d8ff..50fde19 100755 --- a/network.yml +++ b/network.yml @@ -43,7 +43,7 @@ # username: service-user # password: "{{ vault_serviceuser_passwd }}" # roles: -# - re2o-service +# - re2o_service # Deploy Unifi Controller @@ -62,4 +62,4 @@ # username: service-user # password: "{{ vault_serviceuser_passwd }}" # roles: -# - re2o-service +# - re2o_service diff --git a/roles/isc_dhcp_server/tasks/main.yml b/roles/isc_dhcp_server/tasks/main.yml index 02fdb75..9d69d63 100644 --- a/roles/isc_dhcp_server/tasks/main.yml +++ b/roles/isc_dhcp_server/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Install dhcp (re2o-service) import_role: - name: re2o-service + name: re2o_service vars: service_repo: https://gitlab.federez.net/re2o/dhcp.git service_name: dhcp diff --git a/roles/router/tasks/main.yml b/roles/router/tasks/main.yml index cfbf28e..87b0086 100644 --- a/roles/router/tasks/main.yml +++ b/roles/router/tasks/main.yml @@ -40,7 +40,7 @@ - name: Install aurore-firewall (re2o-service) import_role: - name: re2o-service + name: re2o_service vars: service_repo: https://gitea.auro.re/Aurore/aurore-firewall.git service_name: aurore-firewall From 8bfe83f73c9bbb22027c6d6cb2d0d352fc0a2122 Mon Sep 17 00:00:00 2001 From: pz2891 Date: Mon, 8 Feb 2021 13:52:17 +0100 Subject: [PATCH 039/146] Adaptation of UPS alerts --- .../templates/prometheus/alert.rules.yml.j2 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 index 5c8cf56..1dffe4b 100644 --- a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 +++ b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 @@ -63,7 +63,7 @@ groups: # Check UPS - alert: UpsOutputSourceChanged expr: upsOutputSource != 3 - for: 5m + for: 1m labels: severity: warning annotations: @@ -71,7 +71,7 @@ groups: - alert: UpsBatteryStatusWarning expr: upsBatteryStatus == 3 - for: 5m + for: 2m labels: severity: warning annotations: @@ -79,7 +79,7 @@ groups: - alert: UpsBatteryStatusCritical expr: upsBatteryStatus == 4 - for: 5m + for: 10m labels: severity: warning annotations: @@ -95,7 +95,7 @@ groups: - alert: UpsWrongInputVoltage expr: (upsInputVoltage < 210) or (upsInputVoltage > 250) - for: 5m + for: 10m labels: severity: warning annotations: @@ -103,7 +103,7 @@ groups: - alert: UpsWrongOutputVoltage expr: (upsOutputVoltage < 220) or (upsOutputVoltage > 240) - for: 5m + for: 10m labels: severity: warning annotations: @@ -111,7 +111,7 @@ groups: - alert: UpsTimeRemainingWarning expr: upsEstimatedMinutesRemaining < 15 - for: 5m + for: 1m labels: severity: warning annotations: @@ -119,7 +119,7 @@ groups: - alert: UpsTimeRemainingCritical expr: upsEstimatedMinutesRemaining < 5 - for: 5m + for: 1m labels: severity: critical annotations: From 428b6f57336334d717a892accb1db330dd92e314 Mon Sep 17 00:00:00 2001 From: pz2891 Date: Mon, 8 Feb 2021 13:57:32 +0100 Subject: [PATCH 040/146] Correcting grafana stats for wireless --- .../templates/prometheus/snmp.yml.j2 | 22 +++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/roles/prometheus/templates/prometheus/snmp.yml.j2 b/roles/prometheus/templates/prometheus/snmp.yml.j2 index 5968095..d4dc51c 100644 --- a/roles/prometheus/templates/prometheus/snmp.yml.j2 +++ b/roles/prometheus/templates/prometheus/snmp.yml.j2 @@ -162,13 +162,31 @@ ubiquiti_unifi: indexes: - labelname: unifiVapIndex type: gauge - - name: unifiVapNumStations + - name: unifi_vap_num_stations oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8 type: gauge help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8' indexes: - - labelname: unifiVapIndex + - labelname: unifi_vap_index type: gauge + lookups: + - labels: [unifi_vap_index] + labelname: unifi_vap_essid + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6 + type: DisplayString + - labels: [unifi_vap_index] + labelname: unifi_vap_radio + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9 + type: DisplayString + - labels: [] + labelname: unifi_vap_index +# - name: unifiVapNumStations +# oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8 +# type: gauge +# help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8' +# indexes: +# - labelname: unifiVapIndex +# type: gauge - name: unifiVapRadio oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9 type: DisplayString From d7cf61dd943af3a6e2a99e974ca165ab935a886e Mon Sep 17 00:00:00 2001 From: pz2891 Date: Mon, 8 Feb 2021 13:58:28 +0100 Subject: [PATCH 041/146] Add new EDC Borne --- hosts | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts b/hosts index 04893ce..3578d95 100644 --- a/hosts +++ b/hosts @@ -267,6 +267,7 @@ ep-1-3.borne.auro.re ep-1-2.borne.auro.re ep-0-1.borne.auro.re eo-2-1.borne.auro.re +ee-2-1.borne.auro.re ############################################################################### # George Sand From bd5b88c4fc01d886b46d48d0190e3219fad216e4 Mon Sep 17 00:00:00 2001 From: pz2891 Date: Mon, 8 Feb 2021 18:22:08 +0100 Subject: [PATCH 042/146] Correcting format of percentage --- roles/prometheus/templates/prometheus/alert.rules.yml.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 index 1dffe4b..e2cb42c 100644 --- a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 +++ b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 @@ -22,7 +22,7 @@ groups: labels: severity: warning annotations: - summary: "Mémoire libre de {{ $labels.instance }} à {{ $value | printf "%.2f" }}%." + summary: "Mémoire libre de {{ $labels.instance }} à {{ humanize $value }}%." # Alert for out of disk space - alert: OutOfDiskSpace @@ -31,7 +31,7 @@ groups: labels: severity: warning annotations: - summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.instance }} à {{ $value | printf "%.2f" }}%." + summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.instance }} à {{ humanize $value }}%." # Alert for out of inode space on disk - alert: OutOfInodes @@ -49,7 +49,7 @@ groups: labels: severity: warning annotations: - summary: "CPU sur {{ $labels.instance }} à {{ $value | printf "%.2f" }}%." + summary: "CPU sur {{ $labels.instance }} à {{ humanize $value }}%." # Check systemd unit (> buster) - alert: SystemdServiceFailed From df8bae6df7a02df7a7c55aae16b1a434f0b31c0a Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Wed, 10 Feb 2021 11:01:42 +0100 Subject: [PATCH 043/146] Add utils --- utils/README.md | 4 +++ logrotate.yml => utils/logrotate.yml | 0 .../nuke_radius_dbs.yml | 0 utils/re2o_mail_server.yml | 13 ++++++++ utils/reboot_needed_check.yml | 31 +++++++++++++++++++ upgrade.yml => utils/upgrade.yml | 0 utils/version_check.yml | 19 ++++++++++++ 7 files changed, 67 insertions(+) create mode 100644 utils/README.md rename logrotate.yml => utils/logrotate.yml (100%) rename nuke_radius_dbs.yml => utils/nuke_radius_dbs.yml (100%) create mode 100755 utils/re2o_mail_server.yml create mode 100755 utils/reboot_needed_check.yml rename upgrade.yml => utils/upgrade.yml (100%) create mode 100755 utils/version_check.yml diff --git a/utils/README.md b/utils/README.md new file mode 100644 index 0000000..651404b --- /dev/null +++ b/utils/README.md @@ -0,0 +1,4 @@ +# Utils + +A repository of Ansible Playbooks that are useful, as little script or various +utilities, but not used in production. diff --git a/logrotate.yml b/utils/logrotate.yml similarity index 100% rename from logrotate.yml rename to utils/logrotate.yml diff --git a/nuke_radius_dbs.yml b/utils/nuke_radius_dbs.yml similarity index 100% rename from nuke_radius_dbs.yml rename to utils/nuke_radius_dbs.yml diff --git a/utils/re2o_mail_server.yml b/utils/re2o_mail_server.yml new file mode 100755 index 0000000..79fd7ff --- /dev/null +++ b/utils/re2o_mail_server.yml @@ -0,0 +1,13 @@ +--- +# Deploy Re2o mail service +- hosts: mail.auro.re + vars: + service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git + service_name: mail-server + service_version: aurore + service_config: + hostname: re2o-test.adm.auro.re # use test instance for now, should be changed for prod! + username: service-user + password: "{{ vault_serviceuser_passwd }}" + roles: + - re2o-service diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml new file mode 100755 index 0000000..5759c53 --- /dev/null +++ b/utils/reboot_needed_check.yml @@ -0,0 +1,31 @@ +#!/usr/bin/env ansible-playbook +--- +# Check if a reboot is required by the installation of some packages (ie kernel) +- hosts: localhost + tasks: + - name: Make sure local file exist but is empty # weird hack, I know + copy: + dest: /tmp/ansible_dump_reboot_needed.txt + content: "" + force: true + +- hosts: all,!unifi,!escalope.adm.auro.re,!loki.adm.auro.re,!viviane.adm.auro.re,!vpn-ovh.adm.auro.re + tasks: + # Register the output of the file /var/run/reboot-required.pkgs + - name: Register if boot is required + shell: if [ -e /var/run/reboot-required.pkgs ]; then cat /var/run/reboot-required.pkgs; fi + register: result + + - name: DEBUG + debug: + msg: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" + when: result.stdout != "" + + # Add info line by line + - name: Dump all info into the local file + delegate_to: localhost + lineinfile: + path: /tmp/ansible_dump_reboot_needed.txt + line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" + when: result.stdout != "" + diff --git a/upgrade.yml b/utils/upgrade.yml similarity index 100% rename from upgrade.yml rename to utils/upgrade.yml diff --git a/utils/version_check.yml b/utils/version_check.yml new file mode 100755 index 0000000..e608e43 --- /dev/null +++ b/utils/version_check.yml @@ -0,0 +1,19 @@ +#!/usr/bin/env ansible-playbook +--- +# Check for the distribution +- hosts: localhost + tasks: + - name: Delete local tmp file + file: + path: /tmp/ansible_dump_dist_version.txt + state: absent + +- hosts: all,!unifi + tasks: + # Add info line by line + - name: Dump all info into the local file + delegate_to: localhost + lineinfile: + path: /tmp/ansible_dump_dist_version.txt + line: "[{{ ansible_facts['nodename'] }}] {{ansible_fqdn}} : {{ + ansible_distribution }} {{ ansible_distribution_version }}" From 08891be5a30c67c1332a97496655bc15f0d6ebff Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Wed, 10 Feb 2021 11:04:06 +0100 Subject: [PATCH 044/146] fix if file is not already present --- utils/version_check.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/utils/version_check.yml b/utils/version_check.yml index e608e43..b543053 100755 --- a/utils/version_check.yml +++ b/utils/version_check.yml @@ -3,10 +3,11 @@ # Check for the distribution - hosts: localhost tasks: - - name: Delete local tmp file - file: - path: /tmp/ansible_dump_dist_version.txt - state: absent + - name: Make sure local file exist but is empty # weird hack, I know + copy: + dest: /tmp/ansible_dump_reboot_needed.txt + content: "" + force: true - hosts: all,!unifi tasks: From 63f0ebec7dbe91913a8741a746767dc51fc2ebac Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Wed, 10 Feb 2021 11:07:36 +0100 Subject: [PATCH 045/146] Fix yaml lint --- utils/reboot_needed_check.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml index 5759c53..4f48a3d 100755 --- a/utils/reboot_needed_check.yml +++ b/utils/reboot_needed_check.yml @@ -28,4 +28,3 @@ path: /tmp/ansible_dump_reboot_needed.txt line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" when: result.stdout != "" - From 5dfadc0b52aed2af961014a471f60c8fa91d775e Mon Sep 17 00:00:00 2001 From: pz2891 Date: Wed, 10 Feb 2021 18:39:13 +0100 Subject: [PATCH 046/146] Add prometheus federate and ovh in hosts --- hosts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts b/hosts index 3578d95..4e9b264 100644 --- a/hosts +++ b/hosts @@ -63,6 +63,8 @@ vpn-ovh.adm.auro.re docker-ovh.adm.auro.re switchs-manager.adm.auro.re ldap-replica-ovh.adm.auro.re +prometheus-ovh.adm.auro.re +prometheus-federate.adm.auro.re [ovh_testing_vm] #re2o-test.adm.auro.re From b5dbe2c5c9f7347a7575666a24f9b813428b5396 Mon Sep 17 00:00:00 2001 From: pz2891 Date: Wed, 10 Feb 2021 18:40:28 +0100 Subject: [PATCH 047/146] Prometheus-ovh role --- monitoring.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/monitoring.yml b/monitoring.yml index c31fe86..a47ca0d 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -92,6 +92,18 @@ roles: - prometheus +- hosts: prometheus-ovh.adm.auro.re + vars: + prometheus_alertmanager: docker-ovh.adm.auro.re:9093 + snmp_unifi_password: "{{ vault_snmp_unifi_password }}" + + # Prometheus targets.json + prometheus_targets: + - targets: | + {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }} + roles: + - prometheus + # Monitor all hosts - hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container From 4308bedf8f2c4bf8046775d9d17bd10e14f457a4 Mon Sep 17 00:00:00 2001 From: pz2891 Date: Wed, 10 Feb 2021 19:06:28 +0100 Subject: [PATCH 048/146] Monitoring of docker containers --- monitoring.yml | 2 ++ roles/prometheus/tasks/main.yml | 7 +++++++ roles/prometheus/templates/prometheus/prometheus.yml.j2 | 4 ++++ 3 files changed, 13 insertions(+) diff --git a/monitoring.yml b/monitoring.yml index a47ca0d..98192b2 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -101,6 +101,8 @@ prometheus_targets: - targets: | {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }} + prometheus_docker_targets: + - targets: docker-ovh.adm.auro.re:8087 roles: - prometheus diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 8697ef9..f215930 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -64,6 +64,13 @@ mode: 0644 when: prometheus_ups_snmp_targets is defined +- name: Configure Prometheus docker monitoring + copy: + content: "{{ [{'targets': prometheus_docker_targets }] | to_nice_json }}\n" + dest: /etc/prometheus/targets_docker.json + mode: 0644 + when: prometheus_docker_targets is defined + - name: Activate prometheus service systemd: name: prometheus diff --git a/roles/prometheus/templates/prometheus/prometheus.yml.j2 b/roles/prometheus/templates/prometheus/prometheus.yml.j2 index e35a0cf..75c8be9 100644 --- a/roles/prometheus/templates/prometheus/prometheus.yml.j2 +++ b/roles/prometheus/templates/prometheus/prometheus.yml.j2 @@ -81,3 +81,7 @@ scrape_configs: - target_label: __address__ replacement: 127.0.0.1:9116 + - job_name: docker + file_sd_configs: + - files: + - '/etc/prometheus/targets_docker.json' From 45d8ca80a4e382a180eaa520a37fab88ab1532cc Mon Sep 17 00:00:00 2001 From: pz2891 Date: Wed, 10 Feb 2021 20:12:04 +0100 Subject: [PATCH 049/146] OVH PVE and VM are now monitored by prometheus-ovh --- monitoring.yml | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/monitoring.yml b/monitoring.yml index 98192b2..10895bb 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -88,7 +88,7 @@ # Prometheus targets.json prometheus_targets: - targets: | - {{ groups['aurore_pve'] + groups['aurore_vm'] + groups['ovh_pve'] + groups['ovh_vm'] | list | sort }} + {{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }} roles: - prometheus @@ -102,11 +102,27 @@ - targets: | {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }} prometheus_docker_targets: - - targets: docker-ovh.adm.auro.re:8087 + - docker-ovh.adm.auro.re:8087 roles: - prometheus +- hosts: prometheus-federate.adm.auro.re + vars: + prometheus_alertmanager: docker-ovh.adm.auro.re:9093 + snmp_unifi_password: "{{ vault_snmp_unifi_password }}" + + # Prometheus targets.json + prometheus_targets: + - prometheus-edc.adm.auro.re + - prometheus-gs.adm.auro.re + - prometheus-fleming.adm.auro.re + - prometheus-pacaterie.adm.auro.re + - prometheus-rives.adm.auro.re + roles: + - prometheus-federate + + # Monitor all hosts - hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container roles: From d8924abe6693eaf6da59491d978922395b46f1be Mon Sep 17 00:00:00 2001 From: pz2891 Date: Wed, 10 Feb 2021 20:42:37 +0100 Subject: [PATCH 050/146] Add prometheus-federate role --- monitoring.yml | 2 + roles/prometheus-federate/handlers/main.yml | 10 + roles/prometheus-federate/tasks/main.yml | 46 +++ .../templates/prometheus/alert.rules.yml.j2 | 129 ++++++ .../templates/prometheus/django.rules.yml.j2 | 106 +++++ .../templates/prometheus/prometheus.yml.j2 | 55 +++ .../templates/prometheus/snmp.yml.j2 | 387 ++++++++++++++++++ .../templates/update-motd.d/05-service.j2 | 4 + 8 files changed, 739 insertions(+) create mode 100644 roles/prometheus-federate/handlers/main.yml create mode 100644 roles/prometheus-federate/tasks/main.yml create mode 100644 roles/prometheus-federate/templates/prometheus/alert.rules.yml.j2 create mode 100644 roles/prometheus-federate/templates/prometheus/django.rules.yml.j2 create mode 100644 roles/prometheus-federate/templates/prometheus/prometheus.yml.j2 create mode 100644 roles/prometheus-federate/templates/prometheus/snmp.yml.j2 create mode 100755 roles/prometheus-federate/templates/update-motd.d/05-service.j2 diff --git a/monitoring.yml b/monitoring.yml index 10895bb..bcf4ef2 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -119,6 +119,8 @@ - prometheus-fleming.adm.auro.re - prometheus-pacaterie.adm.auro.re - prometheus-rives.adm.auro.re + - prometheus-aurore.adm.auro.re + - prometheus-ovh.adm.auro.re roles: - prometheus-federate diff --git a/roles/prometheus-federate/handlers/main.yml b/roles/prometheus-federate/handlers/main.yml new file mode 100644 index 0000000..670847b --- /dev/null +++ b/roles/prometheus-federate/handlers/main.yml @@ -0,0 +1,10 @@ +--- +- name: Restart Prometheus + service: + name: prometheus + state: restarted + +- name: Restart prometheus-snmp-exporter + service: + name: prometheus-snmp-exporter + state: restarted diff --git a/roles/prometheus-federate/tasks/main.yml b/roles/prometheus-federate/tasks/main.yml new file mode 100644 index 0000000..33feb90 --- /dev/null +++ b/roles/prometheus-federate/tasks/main.yml @@ -0,0 +1,46 @@ +--- +- name: Install Prometheus + apt: + update_cache: true + name: + - prometheus + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Configure Prometheus + template: + src: prometheus/prometheus.yml.j2 + dest: /etc/prometheus/prometheus.yml + mode: 0644 + notify: Restart Prometheus + +- name: Configure Prometheus alert rules + template: + src: "prometheus/{{ item }}.j2" + dest: "/etc/prometheus/{{ item }}" + mode: 0644 + notify: Restart Prometheus + loop: + - alert.rules.yml + - django.rules.yml + +# We don't need to restart Prometheus when updating nodes +- name: Configure Prometheus Federate devices + copy: + content: "{{ [{'targets': prometheus_targets }] | to_nice_json }}" + dest: /etc/prometheus/targets.json + mode: 0644 + when: prometheus_targets is defined + +- name: Activate prometheus service + systemd: + name: prometheus + enabled: true + state: started + +- name: Indicate role in motd + template: + src: update-motd.d/05-service.j2 + dest: /etc/update-motd.d/05-prometheus + mode: 0755 diff --git a/roles/prometheus-federate/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus-federate/templates/prometheus/alert.rules.yml.j2 new file mode 100644 index 0000000..e2cb42c --- /dev/null +++ b/roles/prometheus-federate/templates/prometheus/alert.rules.yml.j2 @@ -0,0 +1,129 @@ +# {{ ansible_managed }} +{# As this is also Jinja2 it will conflict without a raw block #} +{# Depending of Prometheus Node exporter version, rules can change depending of version #} +{% raw %} +groups: +- name: alert.rules + rules: + + # Alert for any instance that is unreachable for >3 minutes. + - alert: InstanceDown + expr: up == 0 + for: 3m + labels: + severity: critical + annotations: + summary: "{{ $labels.instance }} est invisible depuis plus de 3 minutes !" + + # Alert for out of memory + - alert: OutOfMemory + expr: (node_memory_MemFree_bytes + node_memory_Cached_bytes + node_memory_Buffers_bytes) / node_memory_MemTotal_bytes * 100 < 10 + for: 5m + labels: + severity: warning + annotations: + summary: "Mémoire libre de {{ $labels.instance }} à {{ humanize $value }}%." + + # Alert for out of disk space + - alert: OutOfDiskSpace + expr: node_filesystem_free_bytes{fstype="ext4"} / node_filesystem_size_bytes{fstype="ext4"} * 100 < 10 + for: 5m + labels: + severity: warning + annotations: + summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.instance }} à {{ humanize $value }}%." + + # Alert for out of inode space on disk + - alert: OutOfInodes + expr: node_filesystem_files_free{fstype="ext4"} / node_filesystem_files{fstype="ext4"} * 100 < 10 + for: 5m + labels: + severity: warning + annotations: + summary: "Presque plus d'inodes disponibles ({{ $value }}% restant) dans {{ $labels.mountpoint }} sur {{ $labels.instance }}." + + # Alert for high CPU usage + - alert: CpuUsage + expr: (100 - avg by (instance) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 75 + for: 10m + labels: + severity: warning + annotations: + summary: "CPU sur {{ $labels.instance }} à {{ humanize $value }}%." + + # Check systemd unit (> buster) + - alert: SystemdServiceFailed + expr: node_systemd_unit_state{state="failed"} == 1 + for: 10m + labels: + severity: warning + annotations: + summary: "{{ $labels.name }} a échoué sur {{ $labels.instance }}" + + # Check UPS + - alert: UpsOutputSourceChanged + expr: upsOutputSource != 3 + for: 1m + labels: + severity: warning + annotations: + summary: "La source d'alimentation de {{ $labels.instance }} a changé !" + + - alert: UpsBatteryStatusWarning + expr: upsBatteryStatus == 3 + for: 2m + labels: + severity: warning + annotations: + summary: "L'état de la batterie de {{ $labels.instance }} est faible !" + + - alert: UpsBatteryStatusCritical + expr: upsBatteryStatus == 4 + for: 10m + labels: + severity: warning + annotations: + summary: "L'état de la batterie de {{ $labels.instance }} est affaibli !" + + - alert: UpsHighLoad + expr: upsOutputPercentLoad > 70 + for: 5m + labels: + severity: critical + annotations: + summary: "La charge de {{ $labels.instance }} est de {{ $value }}% !" + + - alert: UpsWrongInputVoltage + expr: (upsInputVoltage < 210) or (upsInputVoltage > 250) + for: 10m + labels: + severity: warning + annotations: + summary: "La tension d'entrée de {{ $labels.instance }} est de {{ $value }}V." + + - alert: UpsWrongOutputVoltage + expr: (upsOutputVoltage < 220) or (upsOutputVoltage > 240) + for: 10m + labels: + severity: warning + annotations: + summary: "La tension de sortie de {{ $labels.instance }} est de {{ $value }}V." + + - alert: UpsTimeRemainingWarning + expr: upsEstimatedMinutesRemaining < 15 + for: 1m + labels: + severity: warning + annotations: + summary: "L'autonomie restante sur {{ $labels.instance }} est de {{ $value }} min." + + - alert: UpsTimeRemainingCritical + expr: upsEstimatedMinutesRemaining < 5 + for: 1m + labels: + severity: critical + annotations: + summary: "L'autonomie restante sur {{ $labels.instance }} est de {{ $value }} min." + + +{% endraw %} diff --git a/roles/prometheus-federate/templates/prometheus/django.rules.yml.j2 b/roles/prometheus-federate/templates/prometheus/django.rules.yml.j2 new file mode 100644 index 0000000..fddd398 --- /dev/null +++ b/roles/prometheus-federate/templates/prometheus/django.rules.yml.j2 @@ -0,0 +1,106 @@ +# {{ ansible_managed }} +{# As this is also Jinja2 it will conflict without a raw block #} +{% raw %} +groups: +- name: django.rules + rules: + - record: job:django_http_requests_before_middlewares_total:sum_rate30s + expr: sum(rate(django_http_requests_before_middlewares_total[30s])) BY (job) + - record: job:django_http_requests_unknown_latency_total:sum_rate30s + expr: sum(rate(django_http_requests_unknown_latency_total[30s])) BY (job) + - record: job:django_http_ajax_requests_total:sum_rate30s + expr: sum(rate(django_http_ajax_requests_total[30s])) BY (job) + - record: job:django_http_responses_before_middlewares_total:sum_rate30s + expr: sum(rate(django_http_responses_before_middlewares_total[30s])) BY (job) + - record: job:django_http_requests_unknown_latency_including_middlewares_total:sum_rate30s + expr: sum(rate(django_http_requests_unknown_latency_including_middlewares_total[30s])) + BY (job) + - record: job:django_http_requests_body_total_bytes:sum_rate30s + expr: sum(rate(django_http_requests_body_total_bytes[30s])) BY (job) + - record: job:django_http_responses_streaming_total:sum_rate30s + expr: sum(rate(django_http_responses_streaming_total[30s])) BY (job) + - record: job:django_http_responses_body_total_bytes:sum_rate30s + expr: sum(rate(django_http_responses_body_total_bytes[30s])) BY (job) + - record: job:django_http_requests_total:sum_rate30s + expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job) + - record: job:django_http_requests_total_by_method:sum_rate30s + expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job, method) + - record: job:django_http_requests_total_by_transport:sum_rate30s + expr: sum(rate(django_http_requests_total_by_transport[30s])) BY (job, transport) + - record: job:django_http_requests_total_by_view:sum_rate30s + expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job, + view) + - record: job:django_http_requests_total_by_view_transport_method:sum_rate30s + expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job, + view, transport, method) + - record: job:django_http_responses_total_by_templatename:sum_rate30s + expr: sum(rate(django_http_responses_total_by_templatename[30s])) BY (job, templatename) + - record: job:django_http_responses_total_by_status:sum_rate30s + expr: sum(rate(django_http_responses_total_by_status[30s])) BY (job, status) + - record: job:django_http_responses_total_by_charset:sum_rate30s + expr: sum(rate(django_http_responses_total_by_charset[30s])) BY (job, charset) + - record: job:django_http_exceptions_total_by_type:sum_rate30s + expr: sum(rate(django_http_exceptions_total_by_type[30s])) BY (job, type) + - record: job:django_http_exceptions_total_by_view:sum_rate30s + expr: sum(rate(django_http_exceptions_total_by_view[30s])) BY (job, view) + - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s + expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) + BY (job, le)) + labels: + quantile: "50" + - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s + expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) + BY (job, le)) + labels: + quantile: "95" + - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s + expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) + BY (job, le)) + labels: + quantile: "99" + - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s + expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) + BY (job, le)) + labels: + quantile: "99.9" + - record: job:django_http_requests_latency_seconds:quantile_rate30s + expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_seconds_bucket[30s])) + BY (job, le)) + labels: + quantile: "50" + - record: job:django_http_requests_latency_seconds:quantile_rate30s + expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_seconds_bucket[30s])) + BY (job, le)) + labels: + quantile: "95" + - record: job:django_http_requests_latency_seconds:quantile_rate30s + expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_seconds_bucket[30s])) + BY (job, le)) + labels: + quantile: "99" + - record: job:django_http_requests_latency_seconds:quantile_rate30s + expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_seconds_bucket[30s])) + BY (job, le)) + labels: + quantile: "99.9" + - record: job:django_model_inserts_total:sum_rate1m + expr: sum(rate(django_model_inserts_total[1m])) BY (job, model) + - record: job:django_model_updates_total:sum_rate1m + expr: sum(rate(django_model_updates_total[1m])) BY (job, model) + - record: job:django_model_deletes_total:sum_rate1m + expr: sum(rate(django_model_deletes_total[1m])) BY (job, model) + - record: job:django_db_new_connections_total:sum_rate30s + expr: sum(rate(django_db_new_connections_total[30s])) BY (alias, vendor) + - record: job:django_db_new_connection_errors_total:sum_rate30s + expr: sum(rate(django_db_new_connection_errors_total[30s])) BY (alias, vendor) + - record: job:django_db_execute_total:sum_rate30s + expr: sum(rate(django_db_execute_total[30s])) BY (alias, vendor) + - record: job:django_db_execute_many_total:sum_rate30s + expr: sum(rate(django_db_execute_many_total[30s])) BY (alias, vendor) + - record: job:django_db_errors_total:sum_rate30s + expr: sum(rate(django_db_errors_total[30s])) BY (alias, vendor, type) + - record: job:django_migrations_applied_total:max + expr: max(django_migrations_applied_total) BY (job, connection) + - record: job:django_migrations_unapplied_total:max + expr: max(django_migrations_unapplied_total) BY (job, connection) +{% endraw %} diff --git a/roles/prometheus-federate/templates/prometheus/prometheus.yml.j2 b/roles/prometheus-federate/templates/prometheus/prometheus.yml.j2 new file mode 100644 index 0000000..0d4c601 --- /dev/null +++ b/roles/prometheus-federate/templates/prometheus/prometheus.yml.j2 @@ -0,0 +1,55 @@ +# {{ ansible_managed }} + +global: + # scrape_interval is set to the global default (60s) + # evaluation_interval is set to the global default (60s) + # scrape_timeout is set to the global default (10s). + + # Attach these labels to any time series or alerts when communicating with + # external systems (federation, remote storage, Alertmanager). + external_labels: + monitor: 'example' + +# Alertmanager configuration +# Use prometheus alertmanager installed on the same machine +alerting: + alertmanagers: + - static_configs: + - targets: ['{{ prometheus_alertmanager }}'] + +# Load rules once and periodically evaluate them according to the global 'evaluation_interval'. +rule_files: + - "alert.rules.yml" # Monitoring alerts, this is the file you may be searching! + - "django.rules.yml" # Custom rules specific for Django project monitoring + +# A scrape configuration containing exactly one endpoint to scrape: +# Here it's Prometheus itself. +scrape_configs: + # The .json in file_sd_configs is dynamically reloaded + + + - job_name: federate + scrape_interval: 15s + metrics_path: '/federate' + file_sd_configs: + - files: + - '/etc/prometheus/targets.json' + relabel_configs: + # Do not put :9100 in instance name, rather here + - source_labels: [__address__] + target_label: __param_target + - source_labels: [__param_target] + target_label: instance + - source_labels: [__param_target] + target_label: __address__ + replacement: '$1:9090' + params: + 'match[]': + - '{job="servers"}' + - '{job="prometheus"}' + - '{job="unifi_snmp"}' + - '{job="django"}' + - '{job="ups_snmp"}' + - '{job="django"}' + - '{job="docker"}' + diff --git a/roles/prometheus-federate/templates/prometheus/snmp.yml.j2 b/roles/prometheus-federate/templates/prometheus/snmp.yml.j2 new file mode 100644 index 0000000..d4dc51c --- /dev/null +++ b/roles/prometheus-federate/templates/prometheus/snmp.yml.j2 @@ -0,0 +1,387 @@ +# {{ ansible_managed }} +# TODOlist : +# - Faire fonctionner le monitoring des switchs défini ici +# * Configurer tous les switchs avec un compte SNMPv3 +# * Mettre l'inventaire des switchs dans Ansible +# - Optimiser les règles pour les bornes Unifi, +# on pourrait indexer avec les SSID + +eatonups: + walk: + - 1.3.6.1.2.1.33.1.2 + - 1.3.6.1.2.1.33.1.3 + - 1.3.6.1.2.1.33.1.4 + - 1.3.6.1.4.1.534.1.6 + get: + - 1.3.6.1.2.1.1.3.0 + metrics: + - name: sysUpTime + oid: 1.3.6.1.2.1.1.3 + type: gauge + help: The time (in hundredths of a second) since the network management portion + of the system was last re-initialized. - 1.3.6.1.2.1.1.3 + - name: upsBatteryStatus + oid: 1.3.6.1.2.1.33.1.2.1 + type: gauge + help: The indication of the capacity remaining in the UPS system's batteries - + 1.3.6.1.2.1.33.1.2.1 + - name: upsEstimatedMinutesRemaining + oid: 1.3.6.1.2.1.33.1.2.3 + type: gauge + help: An estimate of the time to battery charge depletion under the present load + conditions if the utility power is off and remains off, or if it were to be + lost and remain off. - 1.3.6.1.2.1.33.1.2.3 + - name: upsInputVoltage + oid: 1.3.6.1.2.1.33.1.3.3.1.3 + type: gauge + help: The magnitude of the present input voltage. - 1.3.6.1.2.1.33.1.3.3.1.3 + indexes: + - labelname: upsInputLineIndex + type: gauge + - name: upsOutputSource + oid: 1.3.6.1.2.1.33.1.4.1 + type: gauge + help: The present source of output power - 1.3.6.1.2.1.33.1.4.1 + - name: upsOutputVoltage + oid: 1.3.6.1.2.1.33.1.4.4.1.2 + type: gauge + help: The present output voltage. - 1.3.6.1.2.1.33.1.4.4.1.2 + indexes: + - labelname: upsOutputLineIndex + type: gauge + - name: upsOutputPower + oid: 1.3.6.1.2.1.33.1.4.4.1.4 + type: gauge + help: The present output true power. - 1.3.6.1.2.1.33.1.4.4.1.4 + indexes: + - labelname: upsOutputLineIndex + type: gauge + - name: upsOutputPercentLoad + oid: 1.3.6.1.2.1.33.1.4.4.1.5 + type: gauge + help: The percentage of the UPS power capacity presently being used on this output + line, i.e., the greater of the percent load of true power capacity and the percent + load of VA. - 1.3.6.1.2.1.33.1.4.4.1.5 + indexes: + - labelname: upsOutputLineIndex + type: gauge + - name: xupsEnvRemoteTemp + oid: 1.3.6.1.4.1.534.1.6.5 + type: gauge + help: The reading of an EMP's temperature sensor. - 1.3.6.1.4.1.534.1.6.5 + - name: xupsEnvRemoteHumidity + oid: 1.3.6.1.4.1.534.1.6.6 + type: gauge + help: The reading of an EMP's humidity sensor. - 1.3.6.1.4.1.534.1.6.6 + version: 1 + auth: + community: public + + +procurve_switch: + walk: + - 1.3.6.1.2.1.31.1.1.1.10 + - 1.3.6.1.2.1.31.1.1.1.6 + get: + - 1.3.6.1.2.1.1.3.0 + - 1.3.6.1.2.1.1.5.0 + - 1.3.6.1.2.1.1.6.0 + metrics: + - name: sysUpTime + oid: 1.3.6.1.2.1.1.3 + type: gauge + help: The time (in hundredths of a second) since the network management portion + of the system was last re-initialized. - 1.3.6.1.2.1.1.3 + - name: sysName + oid: 1.3.6.1.2.1.1.5 + type: DisplayString + help: An administratively-assigned name for this managed node - 1.3.6.1.2.1.1.5 + - name: sysLocation + oid: 1.3.6.1.2.1.1.6 + type: DisplayString + help: The physical location of this node (e.g., 'telephone closet, 3rd floor') + - 1.3.6.1.2.1.1.6 + - name: ifHCOutOctets + oid: 1.3.6.1.2.1.31.1.1.1.10 + type: counter + help: The total number of octets transmitted out of the interface, including framing + characters - 1.3.6.1.2.1.31.1.1.1.10 + indexes: + - labelname: ifIndex + type: gauge + - name: ifHCInOctets + oid: 1.3.6.1.2.1.31.1.1.1.6 + type: counter + help: The total number of octets received on the interface, including framing + characters - 1.3.6.1.2.1.31.1.1.1.6 + indexes: + - labelname: ifIndex + type: gauge + version: 3 + auth: + username: prometheus + +ubiquiti_unifi: + walk: + - 1.3.6.1.4.1.41112.1.6 + get: + - 1.3.6.1.2.1.1.5.0 + - 1.3.6.1.2.1.1.6.0 + metrics: +# Pour faire une WifiMap un jour, on peut entrer la location dans la conf des bornes +# - name: sysLocation +# oid: 1.3.6.1.2.1.1.6 +# type: DisplayString +# help: The physical location of this node (e.g., 'telephone closet, 3rd floor') +# - 1.3.6.1.2.1.1.6 + - name: unifiVapIndex + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.1 + type: gauge + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.1' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapChannel + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.4 + type: gauge + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.4' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapEssId + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6 + type: DisplayString + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.6' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapName + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.7 + type: DisplayString + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.7' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifi_vap_num_stations + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8 + type: gauge + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8' + indexes: + - labelname: unifi_vap_index + type: gauge + lookups: + - labels: [unifi_vap_index] + labelname: unifi_vap_essid + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6 + type: DisplayString + - labels: [unifi_vap_index] + labelname: unifi_vap_radio + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9 + type: DisplayString + - labels: [] + labelname: unifi_vap_index +# - name: unifiVapNumStations +# oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8 +# type: gauge +# help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8' +# indexes: +# - labelname: unifiVapIndex +# type: gauge + - name: unifiVapRadio + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9 + type: DisplayString + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.9' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRxBytes + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.10 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.10' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRxCrypts + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.11 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.11' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRxDropped + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.12 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.12' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRxErrors + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.13 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.13' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRxFrags + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.14 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.14' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRxPackets + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.15 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.15' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapTxBytes + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.16 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.16' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapTxDropped + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.17 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.17' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapTxErrors + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.18 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.18' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapTxPackets + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.19 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.19' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapTxRetries + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.20 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.20' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapTxPower + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.21 + type: gauge + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.21' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapUp + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.22 + type: gauge + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.22' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapUsage + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.23 + type: DisplayString + help: guest or regular user - 1.3.6.1.4.1.41112.1.6.1.2.1.23 + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiIfIndex + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.1 + type: gauge + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.1' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfName + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.5 + type: DisplayString + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.5' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfRxBytes + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.6 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.6' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfRxDropped + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.7 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.7' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfRxError + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.8 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.8' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfRxMulticast + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.9 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.9' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfRxPackets + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.10 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.10' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfTxBytes + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.12 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.12' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfTxDropped + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.13 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.13' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfTxError + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.14 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.14' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfTxPackets + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.15 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.15' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiApSystemModel + oid: 1.3.6.1.4.1.41112.1.6.3.3 + type: DisplayString + help: ' - 1.3.6.1.4.1.41112.1.6.3.3' + - name: unifiApSystemUptime + oid: 1.3.6.1.4.1.41112.1.6.3.5 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.3.5' + version: 3 + auth: + security_level: authPriv + username: snmp_prometheus + password: {{ snmp_unifi_password }} + auth_protocol: SHA + priv_protocol: AES + priv_password: {{ snmp_unifi_password }} diff --git a/roles/prometheus-federate/templates/update-motd.d/05-service.j2 b/roles/prometheus-federate/templates/update-motd.d/05-service.j2 new file mode 100755 index 0000000..f027dc4 --- /dev/null +++ b/roles/prometheus-federate/templates/update-motd.d/05-service.j2 @@ -0,0 +1,4 @@ +#!/bin/sh +# {{ ansible_managed }} +echo "> prometheus a été déployé sur cette machine." +echo " Voir /etc/prometheus/" From 6ec449c3b33e11fa5b9f9c2e1d7cea51f7700d7f Mon Sep 17 00:00:00 2001 From: pz2891 Date: Wed, 10 Feb 2021 20:43:43 +0100 Subject: [PATCH 051/146] Fix restarting prometheus snmp (not installed) --- roles/prometheus-federate/handlers/main.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/roles/prometheus-federate/handlers/main.yml b/roles/prometheus-federate/handlers/main.yml index 670847b..d648db2 100644 --- a/roles/prometheus-federate/handlers/main.yml +++ b/roles/prometheus-federate/handlers/main.yml @@ -4,7 +4,3 @@ name: prometheus state: restarted -- name: Restart prometheus-snmp-exporter - service: - name: prometheus-snmp-exporter - state: restarted From 6963d9fc16ffe699d9562c4633d1808d7a9fc458 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Wed, 10 Feb 2021 11:01:42 +0100 Subject: [PATCH 052/146] Add utils --- utils/README.md | 4 +++ logrotate.yml => utils/logrotate.yml | 0 .../nuke_radius_dbs.yml | 0 utils/re2o_mail_server.yml | 13 ++++++++ utils/reboot_needed_check.yml | 31 +++++++++++++++++++ upgrade.yml => utils/upgrade.yml | 0 utils/version_check.yml | 19 ++++++++++++ 7 files changed, 67 insertions(+) create mode 100644 utils/README.md rename logrotate.yml => utils/logrotate.yml (100%) rename nuke_radius_dbs.yml => utils/nuke_radius_dbs.yml (100%) create mode 100755 utils/re2o_mail_server.yml create mode 100755 utils/reboot_needed_check.yml rename upgrade.yml => utils/upgrade.yml (100%) create mode 100755 utils/version_check.yml diff --git a/utils/README.md b/utils/README.md new file mode 100644 index 0000000..651404b --- /dev/null +++ b/utils/README.md @@ -0,0 +1,4 @@ +# Utils + +A repository of Ansible Playbooks that are useful, as little script or various +utilities, but not used in production. diff --git a/logrotate.yml b/utils/logrotate.yml similarity index 100% rename from logrotate.yml rename to utils/logrotate.yml diff --git a/nuke_radius_dbs.yml b/utils/nuke_radius_dbs.yml similarity index 100% rename from nuke_radius_dbs.yml rename to utils/nuke_radius_dbs.yml diff --git a/utils/re2o_mail_server.yml b/utils/re2o_mail_server.yml new file mode 100755 index 0000000..79fd7ff --- /dev/null +++ b/utils/re2o_mail_server.yml @@ -0,0 +1,13 @@ +--- +# Deploy Re2o mail service +- hosts: mail.auro.re + vars: + service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git + service_name: mail-server + service_version: aurore + service_config: + hostname: re2o-test.adm.auro.re # use test instance for now, should be changed for prod! + username: service-user + password: "{{ vault_serviceuser_passwd }}" + roles: + - re2o-service diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml new file mode 100755 index 0000000..5759c53 --- /dev/null +++ b/utils/reboot_needed_check.yml @@ -0,0 +1,31 @@ +#!/usr/bin/env ansible-playbook +--- +# Check if a reboot is required by the installation of some packages (ie kernel) +- hosts: localhost + tasks: + - name: Make sure local file exist but is empty # weird hack, I know + copy: + dest: /tmp/ansible_dump_reboot_needed.txt + content: "" + force: true + +- hosts: all,!unifi,!escalope.adm.auro.re,!loki.adm.auro.re,!viviane.adm.auro.re,!vpn-ovh.adm.auro.re + tasks: + # Register the output of the file /var/run/reboot-required.pkgs + - name: Register if boot is required + shell: if [ -e /var/run/reboot-required.pkgs ]; then cat /var/run/reboot-required.pkgs; fi + register: result + + - name: DEBUG + debug: + msg: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" + when: result.stdout != "" + + # Add info line by line + - name: Dump all info into the local file + delegate_to: localhost + lineinfile: + path: /tmp/ansible_dump_reboot_needed.txt + line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" + when: result.stdout != "" + diff --git a/upgrade.yml b/utils/upgrade.yml similarity index 100% rename from upgrade.yml rename to utils/upgrade.yml diff --git a/utils/version_check.yml b/utils/version_check.yml new file mode 100755 index 0000000..e608e43 --- /dev/null +++ b/utils/version_check.yml @@ -0,0 +1,19 @@ +#!/usr/bin/env ansible-playbook +--- +# Check for the distribution +- hosts: localhost + tasks: + - name: Delete local tmp file + file: + path: /tmp/ansible_dump_dist_version.txt + state: absent + +- hosts: all,!unifi + tasks: + # Add info line by line + - name: Dump all info into the local file + delegate_to: localhost + lineinfile: + path: /tmp/ansible_dump_dist_version.txt + line: "[{{ ansible_facts['nodename'] }}] {{ansible_fqdn}} : {{ + ansible_distribution }} {{ ansible_distribution_version }}" From 2f0d6be4e9ca9f69b79e1e8a6e0c6d61173fe401 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Wed, 10 Feb 2021 11:04:06 +0100 Subject: [PATCH 053/146] fix if file is not already present --- utils/version_check.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/utils/version_check.yml b/utils/version_check.yml index e608e43..b543053 100755 --- a/utils/version_check.yml +++ b/utils/version_check.yml @@ -3,10 +3,11 @@ # Check for the distribution - hosts: localhost tasks: - - name: Delete local tmp file - file: - path: /tmp/ansible_dump_dist_version.txt - state: absent + - name: Make sure local file exist but is empty # weird hack, I know + copy: + dest: /tmp/ansible_dump_reboot_needed.txt + content: "" + force: true - hosts: all,!unifi tasks: From 02b28f45a2c93f54d037f534925a6ed388bd4749 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Wed, 10 Feb 2021 11:07:36 +0100 Subject: [PATCH 054/146] Fix yaml lint --- utils/reboot_needed_check.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml index 5759c53..4f48a3d 100755 --- a/utils/reboot_needed_check.yml +++ b/utils/reboot_needed_check.yml @@ -28,4 +28,3 @@ path: /tmp/ansible_dump_reboot_needed.txt line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" when: result.stdout != "" - From e151c1c3fdcca2dd316caa4878ec7049dd644496 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 01:52:28 +0100 Subject: [PATCH 055/146] add postfix non mailhost playbook --- deploy_postfix_non_mailhost.yml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 deploy_postfix_non_mailhost.yml diff --git a/deploy_postfix_non_mailhost.yml b/deploy_postfix_non_mailhost.yml new file mode 100644 index 0000000..207e37d --- /dev/null +++ b/deploy_postfix_non_mailhost.yml @@ -0,0 +1,9 @@ +--- +# Deploy a correclty configured postfix on non mailhost servers +- hosts: all,!unifi + vars: + local_network: 10.128.0.0/16 + relay_host: proxy.adm.auro.re + myorigin: auro.re + roles: + - postfix-non-mailhost From a9b03aed82f5e9623d2708fa45b79c5c1f1df505 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:02:15 +0100 Subject: [PATCH 056/146] Add postfix non mailhost handlers --- roles/postfix-non-mailhost/handlers/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 roles/postfix-non-mailhost/handlers/main.yml diff --git a/roles/postfix-non-mailhost/handlers/main.yml b/roles/postfix-non-mailhost/handlers/main.yml new file mode 100644 index 0000000..9538e6d --- /dev/null +++ b/roles/postfix-non-mailhost/handlers/main.yml @@ -0,0 +1,10 @@ +--- +- name: Restart postfix + service: + name: postfix + state: restarted + +- name: Reload postfix + service: + name: postfix + state: reloaded From f08b11445dafde6f8a22bd099c5f7a417baf6668 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:15:52 +0100 Subject: [PATCH 057/146] Add postfix non mailhost task --- roles/postfix-non-mailhost/tasks/main.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 roles/postfix-non-mailhost/tasks/main.yml diff --git a/roles/postfix-non-mailhost/tasks/main.yml b/roles/postfix-non-mailhost/tasks/main.yml new file mode 100644 index 0000000..12a3805 --- /dev/null +++ b/roles/postfix-non-mailhost/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: Install postfix + apt: + name: postfix + update_cache: true + register: result + retries: 3 + until: result is succeeded + +- name: Configure postfix + template: + src: main.cf.j2 + dest: /etc/postfix/main.cf + notify: restart postfix From 1ca75ccfb0c53fa91038852b01acb0cb4cc4efa0 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:22:41 +0100 Subject: [PATCH 058/146] Add postfix non mailhost conf --- .../postfix-non-mailhost/templates/main.cf.j2 | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 roles/postfix-non-mailhost/templates/main.cf.j2 diff --git a/roles/postfix-non-mailhost/templates/main.cf.j2 b/roles/postfix-non-mailhost/templates/main.cf.j2 new file mode 100644 index 0000000..57d106e --- /dev/null +++ b/roles/postfix-non-mailhost/templates/main.cf.j2 @@ -0,0 +1,30 @@ +# {{ ansible_managed }} +# See /usr/share/postfix/main.cf.dist for a commented, more complete version +# Template based on /usr/share/postfix/main.cf.debian + +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +biff = no + +# appending .domain is the MUA's job. +append_dot_mydomain = no + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = no + +# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on +# fresh installs. +compatibility_level = 2 + +# Send mail as user@{{ ansible_fqdn }} +myorigin = {{ ansible_fqdn }} + +# Specify the trusted networks +mynetworks = 127.0.0.0/8 {{ local_network }} + +# This host does not relay mail from untrusted networks +relay_domains = + +# This is needed if no direct Internet access is available +relayhost = {{ relay_host }} From ab3659adc231deab0c3bd83b14080ec109a924bd Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:32:46 +0100 Subject: [PATCH 059/146] Also config hostname just in case --- roles/postfix-non-mailhost/templates/main.cf.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/postfix-non-mailhost/templates/main.cf.j2 b/roles/postfix-non-mailhost/templates/main.cf.j2 index 57d106e..b99d905 100644 --- a/roles/postfix-non-mailhost/templates/main.cf.j2 +++ b/roles/postfix-non-mailhost/templates/main.cf.j2 @@ -18,7 +18,8 @@ readme_directory = no compatibility_level = 2 # Send mail as user@{{ ansible_fqdn }} -myorigin = {{ ansible_fqdn }} +myhostname = {{ ansible_fqdn }} +myorigin = $myhostname # default configuration # Specify the trusted networks mynetworks = 127.0.0.0/8 {{ local_network }} From 69d732e612d95b1dcf710925c119174e92f0c489 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:42:08 +0100 Subject: [PATCH 060/146] Fix case --- roles/postfix-non-mailhost/handlers/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/postfix-non-mailhost/handlers/main.yml b/roles/postfix-non-mailhost/handlers/main.yml index 9538e6d..bc28f6e 100644 --- a/roles/postfix-non-mailhost/handlers/main.yml +++ b/roles/postfix-non-mailhost/handlers/main.yml @@ -1,10 +1,10 @@ --- -- name: Restart postfix +- name: restart postfix service: name: postfix state: restarted -- name: Reload postfix +- name: reload postfix service: name: postfix state: reloaded From 456e025ca4dda57c48e43c09cedab9f57df99e55 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:42:31 +0100 Subject: [PATCH 061/146] use ansible facts instead of hardcoded vars --- deploy_postfix_non_mailhost.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy_postfix_non_mailhost.yml b/deploy_postfix_non_mailhost.yml index 207e37d..0407d0f 100644 --- a/deploy_postfix_non_mailhost.yml +++ b/deploy_postfix_non_mailhost.yml @@ -4,6 +4,5 @@ vars: local_network: 10.128.0.0/16 relay_host: proxy.adm.auro.re - myorigin: auro.re roles: - postfix-non-mailhost From 3925e321880800b2132859a3efcc5b9aa1eba1c9 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:45:13 +0100 Subject: [PATCH 062/146] Repect ansible-lint [106] for role names --- deploy_postfix_non_mailhost.yml | 2 +- .../handlers/main.yml | 0 .../tasks/main.yml | 0 .../templates/main.cf.j2 | 0 4 files changed, 1 insertion(+), 1 deletion(-) rename roles/{postfix-non-mailhost => postfix_non_mailhost}/handlers/main.yml (100%) rename roles/{postfix-non-mailhost => postfix_non_mailhost}/tasks/main.yml (100%) rename roles/{postfix-non-mailhost => postfix_non_mailhost}/templates/main.cf.j2 (100%) diff --git a/deploy_postfix_non_mailhost.yml b/deploy_postfix_non_mailhost.yml index 0407d0f..e335928 100644 --- a/deploy_postfix_non_mailhost.yml +++ b/deploy_postfix_non_mailhost.yml @@ -5,4 +5,4 @@ local_network: 10.128.0.0/16 relay_host: proxy.adm.auro.re roles: - - postfix-non-mailhost + - postfix_non_mailhost diff --git a/roles/postfix-non-mailhost/handlers/main.yml b/roles/postfix_non_mailhost/handlers/main.yml similarity index 100% rename from roles/postfix-non-mailhost/handlers/main.yml rename to roles/postfix_non_mailhost/handlers/main.yml diff --git a/roles/postfix-non-mailhost/tasks/main.yml b/roles/postfix_non_mailhost/tasks/main.yml similarity index 100% rename from roles/postfix-non-mailhost/tasks/main.yml rename to roles/postfix_non_mailhost/tasks/main.yml diff --git a/roles/postfix-non-mailhost/templates/main.cf.j2 b/roles/postfix_non_mailhost/templates/main.cf.j2 similarity index 100% rename from roles/postfix-non-mailhost/templates/main.cf.j2 rename to roles/postfix_non_mailhost/templates/main.cf.j2 From 3fceeff74fbb49a05dd45ab3a5b6c9d6ed6267d7 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:47:04 +0100 Subject: [PATCH 063/146] Fix ansible lint for rule [208] always specify mode and owner for template --- roles/postfix_non_mailhost/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/postfix_non_mailhost/tasks/main.yml b/roles/postfix_non_mailhost/tasks/main.yml index 12a3805..42f3482 100644 --- a/roles/postfix_non_mailhost/tasks/main.yml +++ b/roles/postfix_non_mailhost/tasks/main.yml @@ -11,4 +11,7 @@ template: src: main.cf.j2 dest: /etc/postfix/main.cf + mode: 0644 + owner: root + group: root notify: restart postfix From 37124b20cb5b9d94a70510b73db7188b2f94d191 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 03:27:27 +0100 Subject: [PATCH 064/146] Gitlab CI is not needed anymore --- .gitlab-ci.yml | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index c62f35b..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -image: python:3.9-alpine - -stages: - - lint - -yamllint: - stage: lint - script: - - pip install yamllint==1.25.0 - - yamllint -c .yamllint.yml . - -ansible-lint: - stage: lint - script: - - apk add gcc libc-dev libffi-dev openssl-dev - - pip install ansible-lint==4.3.7 - - ansible-lint *.yml -... From abcdf59824e34b746c3c8edf75d9625a41a0d47a Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 03:31:26 +0100 Subject: [PATCH 065/146] :construction_worker: yaml-lint 1.25.0 -> 1.26.0 --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 58679a2..3f34393 100644 --- a/.drone.yml +++ b/.drone.yml @@ -7,7 +7,7 @@ steps: - name: yamllint image: python:3.9-alpine commands: - - pip install yamllint==1.25.0 + - pip install yamllint==1.26.0 - yamllint -c .yamllint.yml . - name: ansible-lint From 5503a54be432fae928e7ba4383d21b37c167ed86 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 03:32:33 +0100 Subject: [PATCH 066/146] :construction_worker: ansible-lint 4.7.3 -> 5.0.0 and fix dependencies --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 3f34393..24cbaa7 100644 --- a/.drone.yml +++ b/.drone.yml @@ -13,7 +13,7 @@ steps: - name: ansible-lint image: python:3.9-alpine commands: - - apk add --no-cache gcc libc-dev libffi-dev openssl-dev - - pip install ansible-lint==4.3.7 + - apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo + - pip install ansible-lint==5.0.0 ansible - ansible-lint ... From f4fc3567ee3042ccda6aac8effd7654b2cd49a45 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 03:43:38 +0100 Subject: [PATCH 067/146] :construction_worker: fix ansible and yaml version according to ansible-lint 5.0 upgrade guidelines. Use ansible-base for slim version. See #1150 on ansible-lint for more info. --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 24cbaa7..dbc0b53 100644 --- a/.drone.yml +++ b/.drone.yml @@ -7,13 +7,13 @@ steps: - name: yamllint image: python:3.9-alpine commands: - - pip install yamllint==1.26.0 + - pip install yamllint>=1.26.0,<2.0 - yamllint -c .yamllint.yml . - name: ansible-lint image: python:3.9-alpine commands: - apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo - - pip install ansible-lint==5.0.0 ansible + - pip install ansible-lint==5.0.0 ansible-base>=2.10,<2.11 - ansible-lint ... From bd541691d9354b353e0b0e16038166c9283d98fc Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 03:47:39 +0100 Subject: [PATCH 068/146] :construction_worker: fix syntax --- .drone.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index dbc0b53..e9d60bb 100644 --- a/.drone.yml +++ b/.drone.yml @@ -7,13 +7,14 @@ steps: - name: yamllint image: python:3.9-alpine commands: - - pip install yamllint>=1.26.0,<2.0 + - pip install "yamllint>=1.26.0,<2.0" - yamllint -c .yamllint.yml . - name: ansible-lint image: python:3.9-alpine commands: - apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo - - pip install ansible-lint==5.0.0 ansible-base>=2.10,<2.11 + - pip install "ansible-lint==5.0.0" + - pip install "ansible-base>=2.10,<2.11" - ansible-lint ... From 6f80cf0fd937cf25124fcf47e1a42ebd603ebff1 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 03:50:14 +0100 Subject: [PATCH 069/146] :green_heart: fix yamllint CI on CI itself, CIception --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index e9d60bb..8c23c77 100644 --- a/.drone.yml +++ b/.drone.yml @@ -14,7 +14,7 @@ steps: image: python:3.9-alpine commands: - apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo - - pip install "ansible-lint==5.0.0" + - pip install "ansible-lint==5.0.0" - pip install "ansible-base>=2.10,<2.11" - ansible-lint ... From e9f0b884ec43e0565226c2866568256c83631de3 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 03:57:30 +0100 Subject: [PATCH 070/146] :construction_worker: update ansible-lint notation that were depreciated --- .ansible-lint | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ansible-lint b/.ansible-lint index 3f851df..3ec97ed 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,5 +1,5 @@ skip_list: - - '301' + - 'no-changed-when' warn_list: - experimental # all rules tagged as experimental From ab69d1540450ef24f03dddd867c568fd49e0ef78 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 03:59:03 +0100 Subject: [PATCH 071/146] :construction_worker: we need full ansible, slim version wont work for our use case --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 8c23c77..ab5b271 100644 --- a/.drone.yml +++ b/.drone.yml @@ -15,6 +15,6 @@ steps: commands: - apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo - pip install "ansible-lint==5.0.0" - - pip install "ansible-base>=2.10,<2.11" + - pip install "ansible>=2.10,<2.11" - ansible-lint ... From f607a76ec8d8798e902cd0a5306f26ee2492b5f6 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 13:13:26 +0100 Subject: [PATCH 072/146] :bug: Fix a small bug. Postfix does not accept trailing comments --- roles/postfix_non_mailhost/templates/main.cf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postfix_non_mailhost/templates/main.cf.j2 b/roles/postfix_non_mailhost/templates/main.cf.j2 index b99d905..5b90030 100644 --- a/roles/postfix_non_mailhost/templates/main.cf.j2 +++ b/roles/postfix_non_mailhost/templates/main.cf.j2 @@ -19,7 +19,7 @@ compatibility_level = 2 # Send mail as user@{{ ansible_fqdn }} myhostname = {{ ansible_fqdn }} -myorigin = $myhostname # default configuration +myorigin = $myhostname # Specify the trusted networks mynetworks = 127.0.0.0/8 {{ local_network }} From f1ce3290c9e26b08a8252f9ec7784f51bf424fad Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 14:45:45 +0100 Subject: [PATCH 073/146] :construction_worker: do not ansible-lint the vault and fix useless rules --- .ansible-lint | 7 ++++++- .yamllint.yml | 3 +-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 3ec97ed..d98efd4 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,5 +1,10 @@ skip_list: - - 'no-changed-when' + - no-changed-when + - load-failure + - document-start warn_list: - experimental # all rules tagged as experimental + +exclude_paths: +- group_vars/all/vault.yml diff --git a/.yamllint.yml b/.yamllint.yml index c8666c8..af15be3 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -6,6 +6,5 @@ rules: max: 120 level: warning document-start: - ignore: | - /groups_var/all/vault.yml + ignore: group_vars/all/vault.yml ... From a02afd20b7367132a07b53f2d7cd8786e2272bc0 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 15:40:58 +0100 Subject: [PATCH 074/146] :rotating_light: fix risky-file-permission --- utils/reboot_needed_check.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml index 4f48a3d..cf7868f 100755 --- a/utils/reboot_needed_check.yml +++ b/utils/reboot_needed_check.yml @@ -8,6 +8,7 @@ dest: /tmp/ansible_dump_reboot_needed.txt content: "" force: true + mode: 0644 - hosts: all,!unifi,!escalope.adm.auro.re,!loki.adm.auro.re,!viviane.adm.auro.re,!vpn-ovh.adm.auro.re tasks: From da1fa70e55168336b0368b8a6d21e0b7d9f5977c Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 15:42:10 +0100 Subject: [PATCH 075/146] :rotating_light: fix empty-string-compare --- utils/reboot_needed_check.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml index cf7868f..631d496 100755 --- a/utils/reboot_needed_check.yml +++ b/utils/reboot_needed_check.yml @@ -20,7 +20,7 @@ - name: DEBUG debug: msg: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" - when: result.stdout != "" + when: result.stdout is defined # Add info line by line - name: Dump all info into the local file @@ -28,4 +28,4 @@ lineinfile: path: /tmp/ansible_dump_reboot_needed.txt line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" - when: result.stdout != "" + when: result.stdout is defined From 3840fdd44e6b72bcba9dee74237f744524e77af1 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 15:42:54 +0100 Subject: [PATCH 076/146] :rotating_light: fix risky-file-permission --- utils/version_check.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/utils/version_check.yml b/utils/version_check.yml index b543053..e0c9ad7 100755 --- a/utils/version_check.yml +++ b/utils/version_check.yml @@ -8,6 +8,7 @@ dest: /tmp/ansible_dump_reboot_needed.txt content: "" force: true + mode: 0644 - hosts: all,!unifi tasks: From 15ae83566c796012651f29219addfd8491f8f343 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 15:43:52 +0100 Subject: [PATCH 077/146] :rotating_light: fix var-spacing --- utils/version_check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/version_check.yml b/utils/version_check.yml index e0c9ad7..1a8a7c5 100755 --- a/utils/version_check.yml +++ b/utils/version_check.yml @@ -17,5 +17,5 @@ delegate_to: localhost lineinfile: path: /tmp/ansible_dump_dist_version.txt - line: "[{{ ansible_facts['nodename'] }}] {{ansible_fqdn}} : {{ + line: "[{{ ansible_facts['nodename'] }}] {{ ansible_fqdn }} : {{ ansible_distribution }} {{ ansible_distribution_version }}" From 58068e9cd80b5b1874bf14cd0e69eaee370a0b29 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 16:39:27 +0100 Subject: [PATCH 078/146] Docker image to be built for the CI --- docker-ansible-lint/Dockefile | 6 ++++++ docker-ansible-lint/README.md | 18 ++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 docker-ansible-lint/Dockefile create mode 100644 docker-ansible-lint/README.md diff --git a/docker-ansible-lint/Dockefile b/docker-ansible-lint/Dockefile new file mode 100644 index 0000000..c34f38a --- /dev/null +++ b/docker-ansible-lint/Dockefile @@ -0,0 +1,6 @@ +FROM python:3.9-alpine + +RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo +RUN pip install "yamllint>=1.26.0,<2.0" +RUN pip install "ansible-lint==5.0.0" +RUN pip install "ansible>=2.10,<2.11" diff --git a/docker-ansible-lint/README.md b/docker-ansible-lint/README.md new file mode 100644 index 0000000..c2fb0f7 --- /dev/null +++ b/docker-ansible-lint/README.md @@ -0,0 +1,18 @@ +# Ansible-lint image + +In order to build this image when a new version comes out, you need to +1. ssh into the drone.adm.auro.re server +2. git pull this repo to the lastest version +3. optionnally make the changes if it has not been done yet +4. `sudo docker build -t aurore-ansible-lint-image docker-ansible-lint/` +5. ??? +6. enjoy + +You can verify that the image was correclty built by running +``` +# list the images present +sudo docker image + +# run your image with an interactive shell +sudo docker run -it --rm aurore-ansible-lint-image +``` From 42074b31c50842dc66a87578be37d7905a7d2590 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 16:40:27 +0100 Subject: [PATCH 079/146] simplify the drone config wiht the newly built image --- .drone.yml | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/.drone.yml b/.drone.yml index ab5b271..680b5c6 100644 --- a/.drone.yml +++ b/.drone.yml @@ -5,16 +5,7 @@ name: check steps: - name: yamllint - image: python:3.9-alpine + image: aurore-ansible-lint-image commands: - - pip install "yamllint>=1.26.0,<2.0" - - yamllint -c .yamllint.yml . - - - name: ansible-lint - image: python:3.9-alpine - commands: - - apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo - - pip install "ansible-lint==5.0.0" - - pip install "ansible>=2.10,<2.11" - ansible-lint ... From 414e80a7c4bdc5e621753cea06122de22552a9f5 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 16:42:10 +0100 Subject: [PATCH 080/146] never try to pull this image --- .drone.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.drone.yml b/.drone.yml index 680b5c6..96588b3 100644 --- a/.drone.yml +++ b/.drone.yml @@ -5,6 +5,7 @@ name: check steps: - name: yamllint + pull: never image: aurore-ansible-lint-image commands: - ansible-lint From d650e77b23f854e1d871b41b939e33942e0a9ae5 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 16:43:11 +0100 Subject: [PATCH 081/146] rename ci task --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 96588b3..eb6ce40 100644 --- a/.drone.yml +++ b/.drone.yml @@ -4,7 +4,7 @@ type: docker name: check steps: - - name: yamllint + - name: ansible and yaml linting pull: never image: aurore-ansible-lint-image commands: From 5b2580056dd60e920364985c46ba8effd10d34d0 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 18:10:39 +0100 Subject: [PATCH 082/146] :bug: Final fix, should stop sending ill-formed mail from now on --- roles/postfix_non_mailhost/templates/main.cf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/postfix_non_mailhost/templates/main.cf.j2 b/roles/postfix_non_mailhost/templates/main.cf.j2 index 5b90030..d5f5166 100644 --- a/roles/postfix_non_mailhost/templates/main.cf.j2 +++ b/roles/postfix_non_mailhost/templates/main.cf.j2 @@ -20,6 +20,7 @@ compatibility_level = 2 # Send mail as user@{{ ansible_fqdn }} myhostname = {{ ansible_fqdn }} myorigin = $myhostname +mydomain = $myhostname # Specify the trusted networks mynetworks = 127.0.0.0/8 {{ local_network }} From def64380e67a6a29d8fae3b38fff2a226ce3eefe Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 14:45:45 +0100 Subject: [PATCH 083/146] :construction_worker: do not ansible-lint the vault and fix useless rules --- .ansible-lint | 7 ++++++- .yamllint.yml | 3 +-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 3ec97ed..d98efd4 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,5 +1,10 @@ skip_list: - - 'no-changed-when' + - no-changed-when + - load-failure + - document-start warn_list: - experimental # all rules tagged as experimental + +exclude_paths: +- group_vars/all/vault.yml diff --git a/.yamllint.yml b/.yamllint.yml index c8666c8..af15be3 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -6,6 +6,5 @@ rules: max: 120 level: warning document-start: - ignore: | - /groups_var/all/vault.yml + ignore: group_vars/all/vault.yml ... From 008fb803d975ca93bdd838566a4bacc85174f4d7 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 15:40:58 +0100 Subject: [PATCH 084/146] :rotating_light: fix risky-file-permission --- utils/reboot_needed_check.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml index 4f48a3d..cf7868f 100755 --- a/utils/reboot_needed_check.yml +++ b/utils/reboot_needed_check.yml @@ -8,6 +8,7 @@ dest: /tmp/ansible_dump_reboot_needed.txt content: "" force: true + mode: 0644 - hosts: all,!unifi,!escalope.adm.auro.re,!loki.adm.auro.re,!viviane.adm.auro.re,!vpn-ovh.adm.auro.re tasks: From 1fe440aabe2735cb2318ccc5f2f9e8d764944d5b Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 15:42:10 +0100 Subject: [PATCH 085/146] :rotating_light: fix empty-string-compare --- utils/reboot_needed_check.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml index cf7868f..631d496 100755 --- a/utils/reboot_needed_check.yml +++ b/utils/reboot_needed_check.yml @@ -20,7 +20,7 @@ - name: DEBUG debug: msg: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" - when: result.stdout != "" + when: result.stdout is defined # Add info line by line - name: Dump all info into the local file @@ -28,4 +28,4 @@ lineinfile: path: /tmp/ansible_dump_reboot_needed.txt line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" - when: result.stdout != "" + when: result.stdout is defined From 902d219de3e8fbaf1a8a22c7e2bae4da7d8e8248 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 15:42:54 +0100 Subject: [PATCH 086/146] :rotating_light: fix risky-file-permission --- utils/version_check.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/utils/version_check.yml b/utils/version_check.yml index b543053..e0c9ad7 100755 --- a/utils/version_check.yml +++ b/utils/version_check.yml @@ -8,6 +8,7 @@ dest: /tmp/ansible_dump_reboot_needed.txt content: "" force: true + mode: 0644 - hosts: all,!unifi tasks: From 54aec3638f795a902fb25ec0a12f5ebbe591878e Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 15:43:52 +0100 Subject: [PATCH 087/146] :rotating_light: fix var-spacing --- utils/version_check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/version_check.yml b/utils/version_check.yml index e0c9ad7..1a8a7c5 100755 --- a/utils/version_check.yml +++ b/utils/version_check.yml @@ -17,5 +17,5 @@ delegate_to: localhost lineinfile: path: /tmp/ansible_dump_dist_version.txt - line: "[{{ ansible_facts['nodename'] }}] {{ansible_fqdn}} : {{ + line: "[{{ ansible_facts['nodename'] }}] {{ ansible_fqdn }} : {{ ansible_distribution }} {{ ansible_distribution_version }}" From f39ade227a2597b09be5a58d173f6d4c4bc0815a Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 18:22:19 +0100 Subject: [PATCH 088/146] :memo: add CI badge --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 00897a4..cb8683f 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +[![Linter Status](https://drone.auro.re/api/badges/Aurore/ansible/status.svg)](https://drone.auro.re/Aurore/ansible) + # Recettes Ansible d'Aurore Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore. From 06d0bd56ae0e31526e39288ce78fa98db4d52b94 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 18:34:57 +0100 Subject: [PATCH 089/146] :memo: Update the docker image doc for ansible-lint --- docker-ansible-lint/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-ansible-lint/README.md b/docker-ansible-lint/README.md index c2fb0f7..6e1723c 100644 --- a/docker-ansible-lint/README.md +++ b/docker-ansible-lint/README.md @@ -1,9 +1,9 @@ # Ansible-lint image In order to build this image when a new version comes out, you need to -1. ssh into the drone.adm.auro.re server +1. ssh into the `drone.adm.auro.re` server 2. git pull this repo to the lastest version -3. optionnally make the changes if it has not been done yet +3. optionally make the changes if it has not been done yet 4. `sudo docker build -t aurore-ansible-lint-image docker-ansible-lint/` 5. ??? 6. enjoy @@ -14,5 +14,5 @@ You can verify that the image was correclty built by running sudo docker image # run your image with an interactive shell -sudo docker run -it --rm aurore-ansible-lint-image +sudo docker run -it --rm aurore-ansible-lint-image /bin/sh ``` From 4dd75d1180cfa32685d2e8b7a570d49635dd6a39 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 18:40:48 +0100 Subject: [PATCH 090/146] :memo: Update the docker image doc for ansible-lint --- docker-ansible-lint/Dockefile | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-ansible-lint/Dockefile b/docker-ansible-lint/Dockefile index c34f38a..5d60549 100644 --- a/docker-ansible-lint/Dockefile +++ b/docker-ansible-lint/Dockefile @@ -1,4 +1,5 @@ FROM python:3.9-alpine +LABEL description="Aurore's docker image for ansible-lint" RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo RUN pip install "yamllint>=1.26.0,<2.0" From 83fd1b03e7e9d2f02b149aa57c098510cf913e08 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 18:44:18 +0100 Subject: [PATCH 091/146] :truck: correctly name Dockerfile --- docker-ansible-lint/{Dockefile => Dockerfile} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docker-ansible-lint/{Dockefile => Dockerfile} (100%) diff --git a/docker-ansible-lint/Dockefile b/docker-ansible-lint/Dockerfile similarity index 100% rename from docker-ansible-lint/Dockefile rename to docker-ansible-lint/Dockerfile From c45d12cd6a1cb7a0dc306e64ed70aeb55735ce9a Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 19:00:25 +0100 Subject: [PATCH 092/146] :memo: use the full command --- docker-ansible-lint/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-ansible-lint/README.md b/docker-ansible-lint/README.md index 6e1723c..adabac3 100644 --- a/docker-ansible-lint/README.md +++ b/docker-ansible-lint/README.md @@ -11,7 +11,7 @@ In order to build this image when a new version comes out, you need to You can verify that the image was correclty built by running ``` # list the images present -sudo docker image +sudo docker image ls # run your image with an interactive shell sudo docker run -it --rm aurore-ansible-lint-image /bin/sh From a5b4deaceeb63d2713073fe2765f21a58d47662d Mon Sep 17 00:00:00 2001 From: pz2891 Date: Wed, 17 Feb 2021 17:42:24 +0100 Subject: [PATCH 093/146] Rename federate role; update of alerts of federate prometheus; update of configuration of federate prometheus --- monitoring.yml | 3 +- roles/prometheus/tasks/main.yml.save | 84 +++++++++++++++++++ .../handlers/main.yml | 0 .../tasks/main.yml | 0 .../templates/prometheus/alert.rules.yml.j2 | 30 +++---- .../templates/prometheus/django.rules.yml.j2 | 0 .../templates/prometheus/prometheus.yml.j2 | 1 + .../templates/prometheus/snmp.yml.j2 | 0 .../templates/update-motd.d/05-service.j2 | 0 9 files changed, 102 insertions(+), 16 deletions(-) create mode 100644 roles/prometheus/tasks/main.yml.save rename roles/{prometheus-federate => prometheus_federate}/handlers/main.yml (100%) rename roles/{prometheus-federate => prometheus_federate}/tasks/main.yml (100%) rename roles/{prometheus-federate => prometheus_federate}/templates/prometheus/alert.rules.yml.j2 (65%) rename roles/{prometheus-federate => prometheus_federate}/templates/prometheus/django.rules.yml.j2 (100%) rename roles/{prometheus-federate => prometheus_federate}/templates/prometheus/prometheus.yml.j2 (98%) rename roles/{prometheus-federate => prometheus_federate}/templates/prometheus/snmp.yml.j2 (100%) rename roles/{prometheus-federate => prometheus_federate}/templates/update-motd.d/05-service.j2 (100%) diff --git a/monitoring.yml b/monitoring.yml index bcf4ef2..c81934c 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -121,8 +121,9 @@ - prometheus-rives.adm.auro.re - prometheus-aurore.adm.auro.re - prometheus-ovh.adm.auro.re + - prometheus-federate.adm.auro.re roles: - - prometheus-federate + - prometheus_federate # Monitor all hosts diff --git a/roles/prometheus/tasks/main.yml.save b/roles/prometheus/tasks/main.yml.save new file mode 100644 index 0000000..57945ce --- /dev/null +++ b/roles/prometheus/tasks/main.yml.save @@ -0,0 +1,84 @@ +--- +- name: Install Prometheus + apt: + update_cache: true + name: + - prometheus + - prometheus-snmp-exporter + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Configure Prometheus + template: + src: prometheus/prometheus.yml.j2 + dest: /etc/prometheus/prometheus.yml + mode: 0644 + notify: Restart Prometheus + +- name: Configure Prometheus alert rules + template: + src: "prometheus/{{ item }}.j2" + dest: "/etc/prometheus/{{ item }}" + mode: 0644 + notify: Restart Prometheus + loop: + - alert.rules.yml + - django.rules.yml + +- name: Make Prometheus snmp-exporter listen on localhost only + lineinfile: + path: /etc/default/prometheus-snmp-exporter + regexp: '^ARGS=' + line: "ARGS=\"--web.listen-address=127.0.0.1:9116\"" + notify: Restart prometheus-snmp-exporter + +# This file store SNMP OIDs +- name: Configure Prometheus snmp-exporter + template: + src: "prometheus/snmp.yml.j2" + dest: "/etc/prometheus/snmp.yml" + mode: 0600 + owner: prometheus + notify: Restart prometheus-snmp-exporter + +# We don't need to restart Prometheus when updating nodes +- name: Configure Prometheus nodes + copy: + content: "{{ prometheus_targets | to_nice_json }}" + dest: /etc/prometheus/targets.json + mode: 0644 + +# We don't need to restart Prometheus when updating nodes +- name: Configure Prometheus Ubiquity Unifi SNMP devices + copy: + content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}" + dest: /etc/prometheus/targets_unifi_snmp.json + mode: 0644 + when: prometheus_unifi_snmp_targets is defined + +- name: Configure Prometheus UPS SNMP devices + copy: + content: "{{ [{'targets': prometheus_ups_snmp_targets }]7yk[:Cp_g$#dT'yv!. | to_nice_json }}\n" + dest: /etc/prometheus/targets_ups_snmp.json + mode: 0644 + when: prometheus_ups_snmp_targets is defined + +- name: Configure Prometheus docker monitoring + copy: + content: "{{ [{'targets': prometheus_docker_targets }] | to_nice_json }}\n" + dest: /etc/prometheus/targets_docker.json + mode: 0644 + when: prometheus_docker_targets is defined + +- name: Activate prometheus service + systemd: + name: prometheus + enabled: true + state: started + +- name: Indicate role in motd + template: + src: update-motd.d/05-service.j2 + dest: /etc/update-motd.d/05-prometheus + mode: 0755 diff --git a/roles/prometheus-federate/handlers/main.yml b/roles/prometheus_federate/handlers/main.yml similarity index 100% rename from roles/prometheus-federate/handlers/main.yml rename to roles/prometheus_federate/handlers/main.yml diff --git a/roles/prometheus-federate/tasks/main.yml b/roles/prometheus_federate/tasks/main.yml similarity index 100% rename from roles/prometheus-federate/tasks/main.yml rename to roles/prometheus_federate/tasks/main.yml diff --git a/roles/prometheus-federate/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 similarity index 65% rename from roles/prometheus-federate/templates/prometheus/alert.rules.yml.j2 rename to roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 index e2cb42c..0fd14f5 100644 --- a/roles/prometheus-federate/templates/prometheus/alert.rules.yml.j2 +++ b/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 @@ -13,7 +13,7 @@ groups: labels: severity: critical annotations: - summary: "{{ $labels.instance }} est invisible depuis plus de 3 minutes !" + summary: "Federate : {{ $labels.exported_instance }} est invisible depuis plus de 3 minutes !" # Alert for out of memory - alert: OutOfMemory @@ -22,7 +22,7 @@ groups: labels: severity: warning annotations: - summary: "Mémoire libre de {{ $labels.instance }} à {{ humanize $value }}%." + summary: "Federate : Mémoire libre de {{ $labels.exported_instance }} à {{ humanize $value }}%." # Alert for out of disk space - alert: OutOfDiskSpace @@ -31,7 +31,7 @@ groups: labels: severity: warning annotations: - summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.instance }} à {{ humanize $value }}%." + summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.exported_instance }} à {{ humanize $value }}%." # Alert for out of inode space on disk - alert: OutOfInodes @@ -40,7 +40,7 @@ groups: labels: severity: warning annotations: - summary: "Presque plus d'inodes disponibles ({{ $value }}% restant) dans {{ $labels.mountpoint }} sur {{ $labels.instance }}." + summary: "Federate : Presque plus d'inodes disponibles ({{ $value }}% restant) dans {{ $labels.mountpoint }} sur {{ $labels.exported_instance }}." # Alert for high CPU usage - alert: CpuUsage @@ -49,7 +49,7 @@ groups: labels: severity: warning annotations: - summary: "CPU sur {{ $labels.instance }} à {{ humanize $value }}%." + summary: "Federate : CPU sur {{ $labels.exported_instance }} à {{ humanize $value }}%." # Check systemd unit (> buster) - alert: SystemdServiceFailed @@ -58,8 +58,8 @@ groups: labels: severity: warning annotations: - summary: "{{ $labels.name }} a échoué sur {{ $labels.instance }}" - + summary: "Federate : {{ $labels.name }} a échoué sur {{ $labels.exported_instance }}" + # Check UPS - alert: UpsOutputSourceChanged expr: upsOutputSource != 3 @@ -67,7 +67,7 @@ groups: labels: severity: warning annotations: - summary: "La source d'alimentation de {{ $labels.instance }} a changé !" + summary: "Federate : La source d'alimentation de {{ $labels.exported_instance }} a changé !" - alert: UpsBatteryStatusWarning expr: upsBatteryStatus == 3 @@ -75,7 +75,7 @@ groups: labels: severity: warning annotations: - summary: "L'état de la batterie de {{ $labels.instance }} est faible !" + summary: "Federate : L'état de la batterie de {{ $labels.exported_instance }} est faible !" - alert: UpsBatteryStatusCritical expr: upsBatteryStatus == 4 @@ -83,7 +83,7 @@ groups: labels: severity: warning annotations: - summary: "L'état de la batterie de {{ $labels.instance }} est affaibli !" + summary: "L'état de la batterie de {{ $labels.exported_instance }} est affaibli !" - alert: UpsHighLoad expr: upsOutputPercentLoad > 70 @@ -91,7 +91,7 @@ groups: labels: severity: critical annotations: - summary: "La charge de {{ $labels.instance }} est de {{ $value }}% !" + summary: "Federate : La charge de {{ $labels.exported_instance }} est de {{ $value }}% !" - alert: UpsWrongInputVoltage expr: (upsInputVoltage < 210) or (upsInputVoltage > 250) @@ -99,7 +99,7 @@ groups: labels: severity: warning annotations: - summary: "La tension d'entrée de {{ $labels.instance }} est de {{ $value }}V." + summary: "Federate : La tension d'entrée de {{ $labels.exported_instance }} est de {{ $value }}V." - alert: UpsWrongOutputVoltage expr: (upsOutputVoltage < 220) or (upsOutputVoltage > 240) @@ -107,7 +107,7 @@ groups: labels: severity: warning annotations: - summary: "La tension de sortie de {{ $labels.instance }} est de {{ $value }}V." + summary: "Federate : La tension de sortie de {{ $labels.exported_instance }} est de {{ $value }}V." - alert: UpsTimeRemainingWarning expr: upsEstimatedMinutesRemaining < 15 @@ -115,7 +115,7 @@ groups: labels: severity: warning annotations: - summary: "L'autonomie restante sur {{ $labels.instance }} est de {{ $value }} min." + summary: "Federate : L'autonomie restante sur {{ $labels.exported_instance }} est de {{ $value }} min." - alert: UpsTimeRemainingCritical expr: upsEstimatedMinutesRemaining < 5 @@ -123,7 +123,7 @@ groups: labels: severity: critical annotations: - summary: "L'autonomie restante sur {{ $labels.instance }} est de {{ $value }} min." + summary: "Federate : L'autonomie restante sur {{ $labels.exported_instance }} est de {{ $value }} min." {% endraw %} diff --git a/roles/prometheus-federate/templates/prometheus/django.rules.yml.j2 b/roles/prometheus_federate/templates/prometheus/django.rules.yml.j2 similarity index 100% rename from roles/prometheus-federate/templates/prometheus/django.rules.yml.j2 rename to roles/prometheus_federate/templates/prometheus/django.rules.yml.j2 diff --git a/roles/prometheus-federate/templates/prometheus/prometheus.yml.j2 b/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2 similarity index 98% rename from roles/prometheus-federate/templates/prometheus/prometheus.yml.j2 rename to roles/prometheus_federate/templates/prometheus/prometheus.yml.j2 index 0d4c601..52e5a92 100644 --- a/roles/prometheus-federate/templates/prometheus/prometheus.yml.j2 +++ b/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2 @@ -52,4 +52,5 @@ scrape_configs: - '{job="ups_snmp"}' - '{job="django"}' - '{job="docker"}' + - '{job="switch"}' diff --git a/roles/prometheus-federate/templates/prometheus/snmp.yml.j2 b/roles/prometheus_federate/templates/prometheus/snmp.yml.j2 similarity index 100% rename from roles/prometheus-federate/templates/prometheus/snmp.yml.j2 rename to roles/prometheus_federate/templates/prometheus/snmp.yml.j2 diff --git a/roles/prometheus-federate/templates/update-motd.d/05-service.j2 b/roles/prometheus_federate/templates/update-motd.d/05-service.j2 similarity index 100% rename from roles/prometheus-federate/templates/update-motd.d/05-service.j2 rename to roles/prometheus_federate/templates/update-motd.d/05-service.j2 From 61001e09f52ba9bd34e094ff26981464a129d1b5 Mon Sep 17 00:00:00 2001 From: pz2891 Date: Wed, 17 Feb 2021 18:08:39 +0100 Subject: [PATCH 094/146] Add alert for load usage --- roles/prometheus/templates/prometheus/alert.rules.yml.j2 | 9 +++++++++ .../templates/prometheus/alert.rules.yml.j2 | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 index e2cb42c..d4eec79 100644 --- a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 +++ b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 @@ -59,6 +59,15 @@ groups: severity: warning annotations: summary: "{{ $labels.name }} a échoué sur {{ $labels.instance }}" + + # Check load of instance + - alert: LoadUsage + expr: node_load1 > 5 + for: 2m + labels: + severity: warning + annotations: + summary: "La charge de {{ $labels.instance }} est à {{ $value }} % !" # Check UPS - alert: UpsOutputSourceChanged diff --git a/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 index 0fd14f5..d05b451 100644 --- a/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 +++ b/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 @@ -60,6 +60,15 @@ groups: annotations: summary: "Federate : {{ $labels.name }} a échoué sur {{ $labels.exported_instance }}" + # Check load of instance + - alert: LoadUsage + expr: node_load1 > 5 + for: 2m + labels: + severity: warning + annotations: + summary: "Federate : la charge de {{ $labels.exported_instance }} est à {{ $value }} % !" + # Check UPS - alert: UpsOutputSourceChanged expr: upsOutputSource != 3 From 0b90c9944b56698185a8e7fe9198efb1fcf0f9be Mon Sep 17 00:00:00 2001 From: pz2891 Date: Wed, 17 Feb 2021 18:15:31 +0100 Subject: [PATCH 095/146] Fix CI warning from last commit --- roles/prometheus_federate/handlers/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/prometheus_federate/handlers/main.yml b/roles/prometheus_federate/handlers/main.yml index d648db2..4214def 100644 --- a/roles/prometheus_federate/handlers/main.yml +++ b/roles/prometheus_federate/handlers/main.yml @@ -3,4 +3,3 @@ service: name: prometheus state: restarted - From b278b02bc2f3d5f5119aba709aca93fcd6dc679c Mon Sep 17 00:00:00 2001 From: pz2891 Date: Wed, 17 Feb 2021 19:37:33 +0100 Subject: [PATCH 096/146] Remove percentage sign for load alert --- roles/prometheus/templates/prometheus/alert.rules.yml.j2 | 2 +- .../prometheus_federate/templates/prometheus/alert.rules.yml.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 index d4eec79..028d5d0 100644 --- a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 +++ b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 @@ -67,7 +67,7 @@ groups: labels: severity: warning annotations: - summary: "La charge de {{ $labels.instance }} est à {{ $value }} % !" + summary: "La charge de {{ $labels.instance }} est à {{ $value }} !" # Check UPS - alert: UpsOutputSourceChanged diff --git a/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 index d05b451..f78df48 100644 --- a/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 +++ b/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 @@ -67,7 +67,7 @@ groups: labels: severity: warning annotations: - summary: "Federate : la charge de {{ $labels.exported_instance }} est à {{ $value }} % !" + summary: "Federate : la charge de {{ $labels.exported_instance }} est à {{ $value }} !" # Check UPS - alert: UpsOutputSourceChanged From d7d0676f5e82349907b3230e41dc290275705159 Mon Sep 17 00:00:00 2001 From: pz2891 Date: Thu, 18 Feb 2021 17:53:15 +0100 Subject: [PATCH 097/146] Remove .save file; remove fo fleming prometheus --- monitoring.yml | 2 +- roles/prometheus/tasks/main.yml.save | 84 ---------------------------- 2 files changed, 1 insertion(+), 85 deletions(-) delete mode 100644 roles/prometheus/tasks/main.yml.save diff --git a/monitoring.yml b/monitoring.yml index c81934c..53bdae7 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -1,6 +1,6 @@ #!/usr/bin/env ansible-playbook --- -- hosts: prometheus-fleming.adm.auro.re,prometheus-fleming-fo.adm.auro.re +- hosts: prometheus-fleming.adm.auro.re vars: prometheus_alertmanager: docker-ovh.adm.auro.re:9093 snmp_unifi_password: "{{ vault_snmp_unifi_password }}" diff --git a/roles/prometheus/tasks/main.yml.save b/roles/prometheus/tasks/main.yml.save deleted file mode 100644 index 57945ce..0000000 --- a/roles/prometheus/tasks/main.yml.save +++ /dev/null @@ -1,84 +0,0 @@ ---- -- name: Install Prometheus - apt: - update_cache: true - name: - - prometheus - - prometheus-snmp-exporter - register: apt_result - retries: 3 - until: apt_result is succeeded - -- name: Configure Prometheus - template: - src: prometheus/prometheus.yml.j2 - dest: /etc/prometheus/prometheus.yml - mode: 0644 - notify: Restart Prometheus - -- name: Configure Prometheus alert rules - template: - src: "prometheus/{{ item }}.j2" - dest: "/etc/prometheus/{{ item }}" - mode: 0644 - notify: Restart Prometheus - loop: - - alert.rules.yml - - django.rules.yml - -- name: Make Prometheus snmp-exporter listen on localhost only - lineinfile: - path: /etc/default/prometheus-snmp-exporter - regexp: '^ARGS=' - line: "ARGS=\"--web.listen-address=127.0.0.1:9116\"" - notify: Restart prometheus-snmp-exporter - -# This file store SNMP OIDs -- name: Configure Prometheus snmp-exporter - template: - src: "prometheus/snmp.yml.j2" - dest: "/etc/prometheus/snmp.yml" - mode: 0600 - owner: prometheus - notify: Restart prometheus-snmp-exporter - -# We don't need to restart Prometheus when updating nodes -- name: Configure Prometheus nodes - copy: - content: "{{ prometheus_targets | to_nice_json }}" - dest: /etc/prometheus/targets.json - mode: 0644 - -# We don't need to restart Prometheus when updating nodes -- name: Configure Prometheus Ubiquity Unifi SNMP devices - copy: - content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}" - dest: /etc/prometheus/targets_unifi_snmp.json - mode: 0644 - when: prometheus_unifi_snmp_targets is defined - -- name: Configure Prometheus UPS SNMP devices - copy: - content: "{{ [{'targets': prometheus_ups_snmp_targets }]7yk[:Cp_g$#dT'yv!. | to_nice_json }}\n" - dest: /etc/prometheus/targets_ups_snmp.json - mode: 0644 - when: prometheus_ups_snmp_targets is defined - -- name: Configure Prometheus docker monitoring - copy: - content: "{{ [{'targets': prometheus_docker_targets }] | to_nice_json }}\n" - dest: /etc/prometheus/targets_docker.json - mode: 0644 - when: prometheus_docker_targets is defined - -- name: Activate prometheus service - systemd: - name: prometheus - enabled: true - state: started - -- name: Indicate role in motd - template: - src: update-motd.d/05-service.j2 - dest: /etc/update-motd.d/05-prometheus - mode: 0755 From ae151321db589e30c1e1b5be3435b3a0afd9d787 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 24 Feb 2021 11:41:57 +0100 Subject: [PATCH 098/146] [nginx/certbot] Clone roles from Crans Signed-off-by: Yohann D'ANELLO --- group_vars/all/vault.yml | 350 +++++++++--------- group_vars/certbot.yml | 12 +- group_vars/nginx.yml | 16 +- group_vars/reverseproxy.yml | 11 + host_vars/portail.adm.auro.re.yml | 31 +- host_vars/proxy-ovh.adm.auro.re.yml | 36 +- host_vars/proxy.adm.auro.re.yml | 51 +-- hosts | 10 + roles/certbot/handlers/main.yml | 8 - roles/certbot/tasks/main.yml | 53 ++- .../letsencrypt/conf.d/certname.ini.j2 | 14 +- .../templates/letsencrypt/dhparam.j2 | 0 .../templates/letsencrypt/rfc2136.ini.j2 | 6 +- roles/nginx/tasks/main.yml | 59 ++- .../modules-available/60-forward.conf.j2 | 5 +- roles/nginx/templates/nginx/passwd.j2 | 4 +- .../nginx/sites-available/redirect.j2 | 32 +- .../nginx/sites-available/reverseproxy.j2 | 16 +- .../reverseproxy_redirect_dname.j2 | 20 +- .../nginx/sites-available/service.j2 | 68 ++-- .../templates/nginx/snippets/fastcgi.conf.j2 | 2 +- .../nginx/snippets/options-proxypass.conf.j2 | 2 +- .../nginx/snippets/options-ssl.conf.j2 | 8 +- .../templates/update-motd.d/05-service.j2 | 2 +- roles/nginx/templates/www/html/robots.txt.j2 | 2 - roles/nginx_reverseproxy/handlers/main.yml | 5 - roles/nginx_reverseproxy/tasks/main.yml | 73 ---- .../nginx/sites-available/redirect.j2 | 67 ---- .../nginx/sites-available/reverseproxy.j2 | 62 ---- .../reverseproxy_redirect_dname.j2 | 37 -- .../nginx/snippets/options-proxypass.conf.j2 | 19 - .../nginx/snippets/options-ssl.conf.j2 | 17 - .../templates/update-motd.d/05-service.j2 | 3 - .../templates/www/html/50x.html.j2 | 63 ---- services_web.yml | 13 +- 35 files changed, 455 insertions(+), 722 deletions(-) create mode 100644 group_vars/reverseproxy.yml delete mode 100644 roles/certbot/handlers/main.yml rename roles/{nginx_reverseproxy => certbot}/templates/letsencrypt/dhparam.j2 (100%) rename roles/{nginx_reverseproxy => nginx}/templates/nginx/modules-available/60-forward.conf.j2 (72%) delete mode 100644 roles/nginx_reverseproxy/handlers/main.yml delete mode 100644 roles/nginx_reverseproxy/tasks/main.yml delete mode 100644 roles/nginx_reverseproxy/templates/nginx/sites-available/redirect.j2 delete mode 100644 roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy.j2 delete mode 100644 roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 delete mode 100644 roles/nginx_reverseproxy/templates/nginx/snippets/options-proxypass.conf.j2 delete mode 100644 roles/nginx_reverseproxy/templates/nginx/snippets/options-ssl.conf.j2 delete mode 100755 roles/nginx_reverseproxy/templates/update-motd.d/05-service.j2 delete mode 100644 roles/nginx_reverseproxy/templates/www/html/50x.html.j2 diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 8698d49..3666f5b 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,173 +1,179 @@ $ANSIBLE_VAULT;1.1;AES256 -37356434643231623932626166316532633039323736303737363933373263623433653031356331 -3431376135666263353431396663363539333164643462340a383832373965653835633937373432 -31393936666535633137333739346135316463636166343063666363633966626639663265373935 -3865353439646331640a326137373039666263366330626537363566613135346263663761663732 -65363064356530373430633562623132373565326364656631313639376131313563316136623966 -35386236313238396436303765366365346335353166376164353936313536393665326439653861 -35623832623365386232353163656339333031323937383862656532636436386334643362653532 -66636365316161316536636131613438356464636163386233333333313531353935346264366231 -36346561303163663735386533333835313231333965633737376537396531323935383134643563 -32643566323564363762306438376431383237313633376437333339623936376664346137333561 -65656336303964623964616230306332636535343833336535303832666137663865336564623233 -33653361646533613462373163363736386634663038666232313432653037643330653639666663 -61643533363938366634616632626131663164393338623539636430363166323935396439373337 -34343930336631326634366331353836323465613934383231313364383061636631346633383634 -36646439336530353761613831343236373936666632333965323964643862616633303732333230 -36313132323965323831336265306565346461343235383864613762343536653434333163616663 -34303731666632666630313763323239633435386330363339363631646432633762383464303837 -39336630343833646666383237376238316264393262336136393662363261643961666332623138 -65633661343265643731396663376262613566613135663161393833373766396632303734336261 -30326436363237653431396563326264646335643536616530343863623130643666653733323331 -30616363306636396439376661633035326430313363656433636465623737636565333436653031 -33326662336239633930303665373965393037303238393630343338383362363439386634613838 -61356533383032656663613966383131623333613639633062343639393865376433316464653738 -64346465633263383662313934343732363536343662653532393837383062333565636662626634 -30393364336566343264373538386230623136316632666237646431333233376562356439626536 -61613835346636346139316665623463363339623863373961386661656361363232396533636233 -61326236643162623331633066333138326533323835366534336361396263353432373532326437 -30666234666235343739343834316234346630373661666634616461383639363664656534663636 -33376237313333393632313839373436616631336130393930373136623335666235386162376464 -31646437393336313433643534363138636461373837336634646464356437306265353731663362 -64316530326536333235386531613931303238363062383639626238346337356539323938663464 -62613432376563616238303938663933363564613532333633346132373361346231643130653833 -62313631313563343437373032626339366538313764333666353633363637333965633533373633 -33353134373730636638633432313932363264623531303135636566653038396131633230343839 -35303337613935666231303638663832663339626463353862616139346664356261656433313930 -65383336393934633036663261636434636461363161646239363135643536633836353965353462 -62636264373332643333356636616230376135363539393139383666363534626131663736393139 -36653862303066633365383435363637316262646338663437313435643334383835393238613763 -33656136646465373938653263376162633032336536613535356431393135396432636637356632 -31306132353632333833643434663930613936646233623935323761353461363139353238396633 -63363731613336643635333961336664343430353133373937396565343366363634653330663336 -62393866643665393232636232373964616335646363613466373666666661346139373938616463 -37613931613033323538323662356432306639626636666338666565343336323363633966316137 -32346538303935616265313461383731356462336435303936663931376133616365626466346435 -63313333643361363665653862663338376630613666356538616336643139666636663461323163 -35613365363032343831653639373866393635633363393961613339313234366232346662646132 -36636362356431366631373635613936653162323736303434353130343834323530393330613633 -66393130323637346561616435623562313037393161666236323834323836326161613963626236 -38343362343335343437656434303130626165646661393638336435343933326462343366323964 -39346433663533346262316461623732363963396161353139613663393264623335623832653436 -62306337653062666137373930303334643630623432303932303039343764633361613063643965 -34646133353132663662303665373836643238323932336663333730363137323532663164633862 -39383963336236646161653136626662313764373530623161663437373330666332316362623031 -66653832653035353662353638336239313336663765373966383030316137316135303134616439 -30386332366639653835663530643931326635373836663166313165633137623738636438663261 -34613135643363343232313061616337333562373764663733666666376233313534396132303536 -63643030623962626432653938336633313561303236363762353536613464353331373436666238 -65623961383736633934326165336637323630613032326163303436646530363063316334366665 -35303237613130326339306436343262313733663031333539343163323530653035356431386236 -63373564383233653165623034616262393966343262646461303562363763613261656235623533 -39643963646266623663343537663364633036373838313139313966663031376162666661363161 -36626332313535616638623837666565343734643037343761346238366665646461343532643434 -31356339613066646338306262323336373161326531326137353937343139386562383063666433 -61343861396465316663373963333237633736313735653138646366323334653963323831383864 -61636565333739663633623334336463643362343335663237393161383963373364303864393361 -61333935353634336637343961363237346565313633313366376336366139613563333336316565 -31653066323537646163666539356663633438386437386432313239356466356635303837326434 -66373934303932323732616563353566663766626335356662383732363266346636666231333864 -33663634313364353162666462383735653162383438393939306530393064626666366431633432 -63363139663632336333333562656339366133646630343533386535393234383638346532326132 -65326538373439373839656634613830656138643166616163663430323266366535646463303564 -38383537613964643761623330313563633939616432643134333266653038306136613962303162 -65393932353131323739333463363764346638633664383539616562353831653033633135656131 -35663136613835383538303134646631386331393032653539336632373439326238376233346238 -66623164643361646262373766353066633562343739393637653664623339333035323231663633 -66373134346231313239616534613065656563653662376434366161303163346533643866376266 -39383631396631633932653163343237313166633134346161653463393930613765373239303061 -33373466376563373739646130613566666132636666343266306135376636333730613034356430 -66373764376234363438613439643931323365636663376236666162643731646366623430373334 -32653962343839316534383034353535303839336361366666343961383930383237373164333065 -39643965386336393666633666376434303463633035373064383266646434343163396636343237 -66366561383237666566643035633635373966306464313765316665363532623638343030633733 -34663061663565303730613339623465653934363337396164383164363134373034356339643665 -38333662313862393631336533383631306130353963313337663031363061323762613966346333 -31356462336431336239353061653165376138326561346266353235636262613932633135303430 -64326536643334313262383132616434633131356537393263613761316535356631336461393930 -64386564306533656436653161383230313238396336656162656464663637336230663466323530 -34353730623033623866393266346134666230623139636132653739313738633037303563396162 -35366564376561306530353361616337386361326436366532656662376336373662636135663532 -38616631343733646564616264636239623136313037386561646632663463383430343632643935 -38663135346664626133373732306461383935366637303235316337376432626464396135343433 -31623230653464656538333263353061343761656638386537313163386132326635666531373334 -61313364646262346637623165643263313336626561376166326333333636303631353231373365 -31656664646330663063383135626534306338303161313438313162313866343035363234333432 -65613937373763623163653464636366316131653337346339626565643639663239313631336164 -39626263303361653864636433653038613938663037373735343637383733386230353663653865 -33663235613338636434303735386432383534663263656634353839663632343738376161393736 -35393062656533376261336130663235333766373832306563366538393763646339333334373063 -63396332303536336435323665316138613830306531356366383666343334323338616165306338 -61626364613062643131656239336466386664316661636664336466303931643236613761323130 -63656638633736383734313439366135613038326133646665303035646137393133636163393261 -66633864636362393630323436646233303664326634613235633438343930346538633466623064 -64643136326363356631343136366333613266336439326335323163306566313537646336383963 -35373936356137396366656237343432656236343339376538363339366334646130333030383464 -66333961643236653235663865353366313862633138376265366136636438633065653535663931 -35393166326337633337313465306565396161393534393563353166343935646362303465333833 -32326661633838333563663565643134616139353831343663313134306639656163653138383530 -63336462363862353935646563393766316665653561643765326161396439393866643565313161 -66343466313465343563316361643732313830633439336534316136303463366633653662643565 -33653533626531393536343033333433393032363862343661313836346561376565316361653032 -36613738663233333766613236613239336663323931653230313761643765666632363362643034 -39646130623161613332636330393936336532653861393935366266396536616465356362396635 -62643438643665326163366239386364633434383838613735396231383762316565373665363531 -32666131653961656566376631303239323262623330383438386164363162303662306535313162 -34343539636463626430386630653934306665333266336234313362343366633366373131383861 -31616535346236666264316535646236633363623533656332353037646231653236613664356362 -65656333303461646131366365323266656661343864633536396238333962393066336537353234 -31353337646131373533346161643432656361366464613437643230366261613662356435303339 -33623665373231656539326533353035383038633731386531633064623339653831306430333265 -35386538323561663433323939393564336539636432633738663337353937633837323062616266 -36363766373661356261643966623937633334303539343665343266386630363663663037396263 -61346330313665373533326437623838366634303335383433626137383434333166623138383931 -31643333366662333930393039333232613363313065633734303339323265323861633831646663 -33663934353664306665346631653561613463643265336431643532333533323764323937653934 -32356630383633666538386461653334343363656539383838613239626336366634383266323462 -38393534656635313739653461343835336134333166653463316464393063613831653837346663 -39626133643239353530303263663635326561306665363034393565326463343061313563366431 -39303333396166346138376530646532376333646636613664326536663133623532663462316439 -61343239623166616466316465653532646137336135656164386532623266386633326164336566 -65623436343531623133353366623763333137303132396435653632623534623061393036656161 -36373564306564363432373633326535383038623933343834386634653839353933343965366137 -34343334626661656265393461393339346139633136373936653630383732393461386463313263 -63366263333637363339323534636234386237393663316435323130663438343930336333643838 -34353264373261306439393732343530393765346161653562383939623234356562626664373263 -33343234366639663666346564383866623231356164396435363035373063643566326665373864 -32616131383530663033633866613236366264636564343462326265373762396364323232393131 -39636432356334353439333938643331366263353237633234643233373364393133366537653738 -63383531643334656537316663393235646331613365393330633064663939353633383035643866 -61376632636430646135363761393131626664326235316639646332366564396561633037363866 -65353563643632323364313134613339356563333431353931653738323162316666346466663266 -62653433666136613734623361363066336230326562663730643230616463613936633738643135 -66373935653939613537306265623532616133353365303433303562353831663534343165316362 -39613937326561383264323361666439613865316138386266393261616135346433323466333234 -33356138623132383063356633613066356161616662623961313562636636386463346266366137 -63396535353236623765626634663132633261643036333762323836636138643737373031653266 -37333836383937386238326162626166656134313165336437323834326635623036616130313539 -34356337666536666230333231326463343938396366353238313639656531663363636164626438 -30656439626361386633343236373733656334353061316239303764363236353639626637376534 -36313630613336633533613437663563656436356130336333346432616638343463316636326236 -30323737623330393565616532363835373766626432356137376561336261353864333266313033 -31663665626439336362363836613032393934613438333663373565393662663066353337343233 -31356261396664653865326532326136356134626631333530306633666538376630396163643761 -65636630346134353431646137613766326365613463373130666665663166356639333532326238 -32303238346632303831316631303733346433366665643234646439363737363462336539343534 -62623363353135303732613939613430363338313539616336656433356664343365663835626366 -62663232386638323265643133343433303133616437666139616337363036316135356333366533 -35666466303365623835663266373765393031643637333663663030366465333764653466373366 -38303863373864656431666434353064343166613132656266393939393163326631363931616637 -66396161633133646164646339396634623766643065306666373464323562363963333431636638 -66616166643762656433646661643931663639353237623461616561363164333634613338636336 -30626234333237366563663163366633666165343933316636646630653031393139393534376334 -64346166623061303930313432316665646266613834633139306662343537653736393134623032 -62643537393239643265663433653737386464353130303130323538626164306637323665623736 -39626238333038366263336630373139343064303833646634313331653033396364646462356639 -62333331336561373839636631363934653363386365363132646464653363313866616435633138 -34623638666534663131616631306566303365623339386137623666633833393134393735623264 -35323330366134613635656438323566346263306231343536306539633366653062316638396532 -62306133386530386436633661356331323261353738623865333531363036633535643537393362 -62396565636566343932373361373163356639313236306161366237356264336330366130333530 -63613363313930386438343330376463626438343439313866653039363036316566613932313230 -63323330373866613032343235623334336635343062623461366263623033353335623137356439 -39393834343230363362 +32313562646230353138303964366135656361616532343933353732313961323339653964353130 +3938346666633565356134343835633964626261363365370a663664663938383731343733386136 +33356531323762313463326339333963336636353933326537333665313334616563626632336663 +6537363033663935660a613366613962626563643035663330343061353836646561623031323236 +65313633383063373064613930623530656365396335663363643330636239643937373163623932 +61373136303737333739316565323934376433316362353935363637373264616238373831666438 +35343135383233653963333237393232353631636566373766366664656666313436323535393736 +62323731343261373331393062633030356235313834373861323138663930613332643432386436 +38383038616536316465343561643639353434396631643033633537393265646532613161343732 +32363265643963386538326639353233363438643833306637336431303533396562613863633537 +30303334643137313136633039393463346562306236353566333563633238313865313534326137 +33623036376439653532313833633135326631643361333463633162303065623633636331666661 +62303636653233666164383463356530633464306564383236373832616263653165373937303030 +31323865656436366265303537306438303434613135396166313635656566373539303463393830 +65383636363064333730623161316162373734626433346564333835393030616437636665316566 +37353937626465383439633534316336313931663561336335653761396230393031393839336264 +37623037663032646631656637386366333131356562376665333964393264643133626532653564 +32353235633434656334663233303664613865343039613330663833396162646430623735653434 +66633466306338373061326636366330643639383632353564353865623637303832306332653131 +37343566393965326635613135613134316264616336303233616162313839626235386137343435 +33633336636434343531633362633834376135303337363637303039323038313937646236366265 +34303434373566313730623664653263653466366133363562333736393836393363326665353434 +30333263323366326436623238353335323936346637646130623265366535653737343665373165 +63336166633831623464343862353065653162613934646539396364353162633063303332313266 +65656163396463363737663931353765376337643065646131303264363961366336343432653537 +65306437623535393132343962333666366665316362366536663431646435633166333731303232 +63313337353334623330623862386661306333366638306433373437623835636631376231373636 +66666539363561313166396438343730656230663532633031353336636565343964366136663466 +38316364663936303231633633613832313163646262313238346666336661613236343966353130 +62656237663865306632333130653933633332623061633062363964643130383430613864663935 +63663765356434626661346165653163626565336437613539653536306432376332616430393737 +34366139336363383761366338623236383135373634613239616665343061396633383231663230 +63653331336366666234626662356461663263626465663036326162343239373734346661626665 +61666231613565356633343030343935393135653261376239303037373634386138393463363239 +30356365663133646634333863616230646235656135336330393836353462323630376537366334 +31306330363232326661616666623131383837353139643838326430653561346565393762323936 +31623136656361383039653763613162356530653933376539336130376237396661663664393733 +36396433303339613965316230613237303331646331383239356638333366653961303138343663 +33393664303637333863313364356666383836633063643539333262633565623534323866316537 +38623630363139643837396330353463303932383231663831363763656537386531383531303165 +37366338343063346230656461393832383736636662656666636434363731623437303862636366 +33613333393139613637623963373262323637653531336265333033333135613330313166633738 +36353935383931363535656539333130653164613431616438613432313532373063353738656162 +36616563383133623336396633343762376537663432356238653766666636323232623065313537 +39636632326166323130646633626431323831373963313837613465356436326430616433303662 +65343834663937306539663330366538643265626665613631323036616463313266303237613938 +30613565306636306561643238326138623366343365303934306561623234313332636462383363 +30623432326336396364636164366463326533613665333830656564626663383331323661663934 +35353135323930656138373830623932396138626335343265623738383532333861306561323430 +66333532333961636463656535636132323535313730333762633139306235373031363831363266 +33646635316137616663653461393566303432386330623936633330373461333762356532663062 +39666437363931313861356331653932303132353364623664656364316430653933653935616230 +38376631316463646663626562366233626334323235633235653364623936643131356130343261 +36396535393335366532313930623363663032386635396262363430303466373737633739626435 +30636136396562336561393936353763383732653166353266376165663233626266353638363131 +65323462633039323334613566373434343363633532656534663635363763396265663137636331 +38613736353635613437663133616431396666316230393066343431336535626335373437393039 +63666135353937313765316134326338376161353862373161653039333631306264343464353035 +65353639313134346239646362663836643734373465353866373238613162303336306438376237 +35363934333536376136666561333636653136316435316530366461306636333063313739626630 +37633333333766613663636466373364663132613266343136376138663461383832356631303132 +30363434336161393962363636313364663839383734373533356663343733333731613535646433 +64396361643736653931336365313338313633383038306131333863306437386362633263646364 +36656566326333333136636566613066623362363263373435356162396431396334386237383231 +30326465646334613235666435613462633230353434653666336364646466613066346366376262 +66633863333461626631383961663930383663666538613162643730323565653732386330613538 +38666164353130386530376332643637333931313661633634303636643639613561643338373331 +63333932306634313933366533623837613934366334396637396361623439383964333665383435 +62316265356537616137643537366666336634393935613034393737313930333364323031653234 +37366561356332666439623462396266623961653039626562393065393336643962373064343563 +36346665666338623931343739386531343833386135356164303532643463346565316163656633 +32616365623065626139383362613466633332666133313263393062373338653834363830333039 +62626230343362393533633061663432363836616539643065643839623065633363393134643534 +63343935376537393739333063333333386239663763383435633234376434366362616433363162 +34363539633661633333306133363433313761303138363864373266333461303139613362663937 +39626332356139396330393361613364643363366164376234316266316164393035386334366362 +36373065626530333237636139336163623766623561656234333239646263626164323134633434 +63326635393665333533383562633438303036616262366435373739386430353964333265393732 +66643838303566626131323834646564613830333937616264383864316666343333396636303836 +38633335656536653334626530303835623531666665326533303535313164323836373365636265 +65393061363933373931396134623264643065633534313566346336343862346537343437363765 +62663264376266326538616330376633353832353234653661613964373231666562326466663934 +38393931643736626332623461613737383463663935656263656233306437653331343838343865 +64343239636166343134336261656162393938396633376663366466653634373566336165323237 +34386137313961653739393231616532346664366138356631353030623236343535363435636462 +32323564306339396437633763613535393230386631616166656539373861386633363464653439 +34323134626334356631623764356232366337646236313031336138333636633834353463363961 +32316664383038633330383765356563353062303133333133336365346561643234386161383461 +39323964303061313461386333613961396533646161663230666466616231386239386666306233 +39343239323739323738373263313662336237346663663432343861343034633463386163303366 +38333537626232663438383230623032623765336164653438653434396362633063333437366338 +34373431323539306531323536363238333037643337626131336631356537626237656630393964 +38393736633433306632323334613232303162313962616334376130353931336337303462363266 +39643137643034396564303531346361336134353461653535336165323032323238663631653935 +38366339366436376166333335663230306663633634336434323532316664666134313365323834 +31363964346561373262393632366637396633323332393162666166326631383164643265353135 +34303664353434373131653530346634386333663732373966613761616261323032336266646163 +32663966656464633565356337653534623962663939333033613933633965666339653764663134 +38363965393730633638653561393432303835303164396462366435353030643966316665333061 +39643634646137626338323537393031356532616637666634333139396630663930636235333735 +66336465666439356636623037653564393161393432346534656132346631396462356463336566 +30303833386638333866396462633330306439613139636331636331333663386438623461343133 +30643164366434353765633738356536643861303232393362343131353730376364623463326361 +37363061623333653466636438666465616133396233616430393265626362663736613031383764 +63353065306166646461623763643062383738376266353765643134376538393233383663346237 +37643639663063383266373536323533343936633134386263616163343637613636303134343037 +34626232303335393532643134646132323463396333386664333731646331343937363661323539 +65663936366464643162633432666537393439313664643638343237653566613235353165663336 +32373037346239356337633036306138343366666463363538373836616530313565613562383433 +64616263626165343938363230613039356137643665653734366533393033316363663036363738 +66323663663366666162623734363465663939383830396533383665393139633530616263663136 +64333132633031623835373831636366643831626235303831313761653734666365386462393534 +66303332656561653162636636313439663633396638353638363465663138353866376636326634 +63613865613466326230323564323439393061653664393261373531306235333663373434636262 +62353132653333313635653633346461323165373862343839316539653038633664353830643234 +36633763653738323732386263643461333761306532303534663763323735636563366266653464 +66636236393033613736656562663661346162316164616663306465623431613133633130383136 +35313434346164653163396137383064656538353766653237646237663639663039663665666236 +62346139633234343735303762653030326333333764356562656435623330663066353333326239 +39646465393362323537343766366432323765363139643361643037373739643636623437386636 +32353233303337623136343062623633306361383737303431613663633163643832343434656335 +39633434393466646366376534333865633361333861653366316238626637363537303335363662 +61353830303733623665643864333134623062356334616331363565333235666261653732633264 +62663238663461343738303764303636366638393830623264613730303635623635626364646464 +35623239356235316136343532616638663930313565383264663936633733386663326161623830 +62626634313963323866653432343561303233343035353433613731353538356438613033346638 +33613466656633626261326465336437613630376335663933303061393731313065636131393762 +65613037653363636235613838613535316635613066393436356537633662313539323163613361 +36356632323634363335366665376663346565393439313031636331633235333664663830636135 +64653266616262336437623731383161383437613461323837653066656233643230663064616432 +65383337323333633465316533623465303735396430326334643634626436303263396534356335 +34373134653232303866386433643864363536643138353965323130616338353731633434326361 +66303133353264343664323435653133383431626263373237613631616235666465616333343937 +37323333653565363665376236396232393132336137346461613831623063326631636335333365 +65376538396265313732323932383061633464393630393563386163393230623238633938396535 +34333330386131353336646361313634353862663762653234373235366565343232306432653731 +61383863306632626463653831383735636233623966353130626634366638626236383864316531 +37353062336539626531356133313132663330663135393930356565323364353761393439373533 +61366465313462313033306631333432646163653832363564313838643362316263353562373262 +33343664666230303065373836306663643135303439356362336634346637353438633364306365 +30623332363436353865633738663464636132306134386465306164363333386338323433643163 +37626235303062393933393363656339636139323464373439363765316266646536316336666163 +34306262326238343937623432643262646263666266623933623565363535326235623637396237 +64623961663037653033383933333062393932613933303962326538333739303731363137623365 +30363030353433646133666166383938356232396331656165343531343232613934663834633464 +36353331373233393861636131393238363031383135613633373665613364373466356663376431 +66303331383837663261313838363266656164633836623661326331356566653938306266376632 +63613238356135373938663030343634393566653963306237303138626461613931356565663835 +64386433613937643730396130663333646334386336613864333533626661626166346232333964 +66316664346231376639393132613936323261383131633737386331343966363961633237666334 +38353363383761333439373437623937393534626435386262383732363833346166656233666332 +62636130323536663432633434646666303664393130626437636132316264613535306463623964 +30633030613665343631373366363737313130666337326230633631646461356362363963306361 +64393639353339303436346438313833333432356666666339613666623132636235383866343838 +36666263343538633537303665616366656363373736306235333264336466313939356131303561 +33363030653966316232313933323665663330303338366333656536623861623537313266383565 +65633866663665393635646531353539623362646663356664333866623432333465333335333333 +31616262356537646261373166343665633238633235373335343134393366663462393465643135 +35326336613835663132343233386564373462353561333066323631313664373865323233653336 +65333731336565633664636562326365343263373263373162653239633964396138616335616230 +63376562383064663330363562306338346465666563306365306639353632396633323830353337 +65666233376239333436633566623535383065646235353832363030303565623531333539613864 +63393339656238323466343564333134636164383062613138656138373936636531636166393062 +32613431636233316533353937326234663336343231313630393037313663383034383238346562 +36383264626366383835623261643562323037303661383832323939363939623038626664393530 +65353061313266633764353331313532383766613735333131373365366336306139343265306634 +66313435313965633362356563313763653634643362616138633832633136333362343731346166 +34613431653134363732353833643962636431623036393935666237663833373934373438666434 +36633538306632383439323465636665303863646532653165666638316137633738363736386633 +33303234306531356136316463353232303737323661333430333137636633306131316434376665 +64323633383735313536373534626331356631316464643530363866633730353239346633396364 +36323437306165363465613365383666353037313333653230316234626439623964343336343762 +66343831343133343330336536613134303836626434663731343636613835623364633236653962 +63356635363239663533336265306261393337313136313937356662616231636461373230376232 +64313738333966633265626166653266313932666134356235373238376530303437646464333364 +31613631386335356561363938323831313061373566323638663864393266656361366463353736 +63386361373737383837336435633562626566656666373737313464323466313364626466633537 +6661656232313066363235616364646663623039386561636332 diff --git a/group_vars/certbot.yml b/group_vars/certbot.yml index 011aa68..053e637 100644 --- a/group_vars/certbot.yml +++ b/group_vars/certbot.yml @@ -1,8 +1,8 @@ --- glob_certbot: - dns_rfc2136_server: '10.128.0.30' - dns_rfc2136_name: certbot_challenge. - dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}" - mail: tech.aurore@lists.crans.org - certname: auro.re - domains: "auro.re" + - dns_rfc2136_server: '10.128.0.30' + dns_rfc2136_name: certbot_challenge. + dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}" + mail: tech.aurore@lists.crans.org + certname: auro.re + domains: "*.auro.re" diff --git a/group_vars/nginx.yml b/group_vars/nginx.yml index eef80da..31adf3a 100644 --- a/group_vars/nginx.yml +++ b/group_vars/nginx.yml @@ -4,11 +4,14 @@ glob_nginx: who: "L'équipe technique d'Aurore" service_name: service ssl: - cert: /etc/letsencrypt/live/auro.re/fullchain.pem - cert_key: /etc/letsencrypt/live/auro.re/privkey.pem - trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem + # Add adm.auro.re if necessary + - name: auro.re + cert: /etc/letsencrypt/live/auro.re/fullchain.pem + cert_key: /etc/letsencrypt/live/auro.re/privkey.pem + trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem servers: - - ssl: false + - ssl: false # Replace by auro.re or adm.auro.re + default: true server_name: - "default" - "_" @@ -16,9 +19,14 @@ glob_nginx: locations: - filter: "/" params: [] + additional_params: [] upstreams: [] auth_passwd: [] default_server: default_ssl_server: + default_ssl_domain: auro.re + real_ip_from: + - "10.128.0.0/16" + - "2a09:6840:128::/64" deploy_robots_file: false diff --git a/group_vars/reverseproxy.yml b/group_vars/reverseproxy.yml new file mode 100644 index 0000000..fdb4685 --- /dev/null +++ b/group_vars/reverseproxy.yml @@ -0,0 +1,11 @@ +loc_nginx: + servers: [] + +glob_reverseproxy: + redirect_dnames: + - aurores.net + - fede-aurore.net + + reverseproxy_sites: [] + + redirect_sites: [] diff --git a/host_vars/portail.adm.auro.re.yml b/host_vars/portail.adm.auro.re.yml index e13a06d..d4845b7 100644 --- a/host_vars/portail.adm.auro.re.yml +++ b/host_vars/portail.adm.auro.re.yml @@ -1,29 +1,18 @@ --- -loc_certbot: - domains: - - portail-fleming.auro.re - - portail-pacaterie.auro.re - - portail-rives.auro.re - - portail-edc.auro.re - - portail-gs.auro.re - mail: tech.aurore@lists.crans.org - certname: auro.re - loc_nginx: service_name: captive_portal default_server: '$server_addr' default_ssl_server: '$server_addr' servers: - - ssl: false - server_name: + - server_name: - "10.13.0.247" locations: - filter: "/" params: - "return 302 https://portail-fleming.auro.re/portail/" - - ssl: true + - ssl: auro.re server_name: - portail-fleming.auro.re locations: @@ -35,7 +24,7 @@ loc_nginx: params: - "return 302 https://portail-fleming.auro.re/portail/" - - ssl: false + - ssl: auro.re server_name: - 10.23.0.247 locations: @@ -43,7 +32,7 @@ loc_nginx: params: - "return 302 https://portail-pacaterie.auro.re/portail/" - - ssl: true + - ssl: auro.re server_name: - portail-pacaterie.auro.re locations: @@ -55,7 +44,7 @@ loc_nginx: params: - "return 302 https://portail-pacaterie.auro.re/portail/" - - ssl: false + - ssl: auro.re server_name: - "10.33.0.247" locations: @@ -63,7 +52,7 @@ loc_nginx: params: - "return 302 https://portail-rives.auro.re/portail/" - - ssl: true + - ssl: auro.re server_name: - portail-rives.auro.re locations: @@ -75,7 +64,7 @@ loc_nginx: params: - "return 302 https://portail-rives.auro.re/portail/" - - ssl: false + - ssl: auro.re server_name: - "10.43.0.247" locations: @@ -83,7 +72,7 @@ loc_nginx: params: - "return 302 https://portail-edc.auro.re/portail/" - - ssl: true + - ssl: auro.re server_name: - portail-edc.auro.re locations: @@ -95,7 +84,7 @@ loc_nginx: params: - "return 302 https://portail-edc.auro.re/portail/" - - ssl: false + - ssl: auro.re server_name: - "10.53.0.247" locations: @@ -103,7 +92,7 @@ loc_nginx: params: - "return 302 https://portail-gs.auro.re/portail/" - - ssl: true + - ssl: auro.re server_name: - portail-gs.auro.re locations: diff --git a/host_vars/proxy-ovh.adm.auro.re.yml b/host_vars/proxy-ovh.adm.auro.re.yml index d68a483..1c4cba6 100644 --- a/host_vars/proxy-ovh.adm.auro.re.yml +++ b/host_vars/proxy-ovh.adm.auro.re.yml @@ -1,39 +1,5 @@ --- -certbot: - domains: - - auro.re - - chat.auro.re # cname to riot.auro.re - - codimd.auro.re - - element.auro.re # cname to riot.auro.re - - ehterpad.auro.re # cname to pad.auro.re - - grafana.auro.re - - hedgedoc.auro.re # cname to codimd.auro.re - - pad.auro.re - - passbolt.auro.re - - paste.auro.re # cname to privatebin.auro.re - - phabricator.auro.re - - privatebin.auro.re - - riot.auro.re - - sharelatex.auro.re - - status.auro.re - - wiki.auro.re - - www.auro.re - - zero.auro.re # cname to privatebin.auro.re - mail: tech.aurore@lists.crans.org - certname: auro.re - -nginx: - ssl: - cert: /etc/letsencrypt/live/auro.re/fullchain.pem - cert_key: /etc/letsencrypt/live/auro.re/privkey.pem - trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem - - redirect_dnames: - - aurores.net - - fede-aurore.net - - redirect_tcp: {} - +loc_reverseproxy: redirect_sites: - from: www.auro.re to: auro.re diff --git a/host_vars/proxy.adm.auro.re.yml b/host_vars/proxy.adm.auro.re.yml index 04184fc..6eb74f2 100644 --- a/host_vars/proxy.adm.auro.re.yml +++ b/host_vars/proxy.adm.auro.re.yml @@ -1,31 +1,31 @@ --- -certbot: - domains: - - bbb.auro.re - - drone.auro.re - - gitea.auro.re - - intranet.auro.re - - litl.auro.re - - nextcloud.auro.re - - re2o.auro.re - - vote.auro.re - - re2o-server.auro.re - - re2o-test.auro.re - - wikijs.auro.re +loc_certbot: + - dns_rfc2136_server: '10.128.0.30' + dns_rfc2136_name: certbot_adm_challenge. + dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}" + mail: tech.aurore@lists.crans.org + certname: adm.auro.re + domains: "*.adm.auro.re" + - dns_rfc2136_server: '10.128.0.30' + dns_rfc2136_name: certbot_challenge. + dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}" + mail: tech.aurore@lists.crans.org + certname: auro.re + domains: "*.auro.re" - mail: tech.aurore@lists.crans.org - certname: auro.re - -nginx: +loc_nginx: + servers: [] ssl: - cert: /etc/letsencrypt/live/auro.re/fullchain.pem - cert_key: /etc/letsencrypt/live/auro.re/privkey.pem - trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem - - redirect_dnames: - - aurores.net - - fede-aurore.net + - name: adm.auro.re + cert: /etc/letsencrypt/live/adm.auro.re/fullchain.pem + cert_key: /etc/letsencrypt/live/adm.auro.re/privkey.pem + trusted_cert: /etc/letsencrypt/live/adm.auro.re/chain.pem + - name: auro.re + cert: /etc/letsencrypt/live/auro.re/fullchain.pem + cert_key: /etc/letsencrypt/live/auro.re/privkey.pem + trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem +loc_reverseproxy: redirect_tcp: - name: Gitea port: 2222 @@ -49,6 +49,9 @@ nginx: - from: gitea.auro.re to: "10.128.0.60:3000" + - from: git.adm.auro.re + to: "10.128.0.60:3000" + ssl: adm.auro.re - from: drone.auro.re to: "10.128.0.64:8000" diff --git a/hosts b/hosts index 4e9b264..7cf9128 100644 --- a/hosts +++ b/hosts @@ -496,5 +496,15 @@ ldap-replica-rives.adm.auro.re [certbot] portail.adm.auro.re +[certbot:children] +reverseproxy + [nginx] portail.adm.auro.re + +[nginx:children] +reverseproxy + +[reverseproxy] +proxy-ovh.adm.auro.re +proxy.adm.auro.re diff --git a/roles/certbot/handlers/main.yml b/roles/certbot/handlers/main.yml deleted file mode 100644 index 82d2202..0000000 --- a/roles/certbot/handlers/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Reload nginx - service: - name: nginx - state: reloaded - -- name: Generate certificates - command: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml index 549e7a2..c14ccb5 100644 --- a/roles/certbot/tasks/main.yml +++ b/roles/certbot/tasks/main.yml @@ -5,34 +5,47 @@ name: - certbot - python3-certbot-dns-rfc2136 - register: pkg_result + state: present + register: apt_result retries: 3 - until: pkg_result is succeeded + until: apt_result is succeeded + +- name: Add DNS credentials + template: + src: letsencrypt/rfc2136.ini.j2 + dest: "/etc/letsencrypt/rfc2136.{{ item.certname }}.ini" + mode: 0600 + owner: root + loop: "{{ certbot }}" + +- name: Add dhparam + template: + src: "letsencrypt/dhparam.j2" + dest: "/etc/letsencrypt/dhparam" + mode: 0600 - name: Create /etc/letsencrypt/conf.d file: path: /etc/letsencrypt/conf.d state: directory - mode: 0755 - -- name: Lookup DNS masters IPv4 - set_fact: - dns_masters_ipv4: - - "10.128.0.30" - cacheable: true - -- name: Add DNS credentials - template: - src: letsencrypt/rfc2136.ini.j2 - dest: /etc/letsencrypt/rfc2136.ini - mode: 0600 - owner: root + mode: 0644 - name: Add Certbot configuration template: src: "letsencrypt/conf.d/certname.ini.j2" - dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" + dest: "/etc/letsencrypt/conf.d/{{ item.certname }}.ini" mode: 0644 - notify: - - Generate certificates - - Reload nginx + loop: "{{ certbot }}" + +- name: Run certbot + command: certbot --non-interactive --config /etc/letsencrypt/conf.d/{{ item.certname }}.ini certonly + loop: "{{ certbot }}" + +- name: Clean old files + file: + path: "{{ item }}" + state: absent + loop: + - "/etc/letsencrypt/options-ssl-nginx.conf" + - "/etc/letsencrypt/ssl-dhparams.pem" + - "/etc/letsencrypt/rfc2136.ini" diff --git a/roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2 b/roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2 index 88512d2..b695166 100644 --- a/roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2 +++ b/roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2 @@ -1,7 +1,7 @@ -# {{ ansible_managed }} +{{ ansible_managed | comment(decoration='# ') }} -# Pour appliquer cette conf et générer la conf de renewal : -# certbot --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini certonly +# To generate the certificate, please use the following command +# certbot --config /etc/letsencrypt/conf.d/{{ item.certname }}.ini certonly # Use a 4096 bit RSA key instead of 2048 rsa-key-size = 4096 @@ -10,7 +10,7 @@ rsa-key-size = 4096 # server = https://acme-staging.api.letsencrypt.org/directory # Uncomment and update to register with the specified e-mail address -email = {{ certbot.mail }} +email = {{ item.mail }} # Uncomment to use a text interface instead of ncurses text = True @@ -20,9 +20,9 @@ agree-tos = True # Use DNS-01 challenge authenticator = dns-rfc2136 -dns-rfc2136-credentials = /etc/letsencrypt/rfc2136.ini +dns-rfc2136-credentials = /etc/letsencrypt/rfc2136.{{ item.certname }}.ini dns-rfc2136-propagation-seconds = 30 # Wildcard the domain -cert-name = {{ certbot.certname }} -domains = {{ ", ".join(certbot.domains) }} +cert-name = {{ item.certname }} +domains = {{ item.domains }} diff --git a/roles/nginx_reverseproxy/templates/letsencrypt/dhparam.j2 b/roles/certbot/templates/letsencrypt/dhparam.j2 similarity index 100% rename from roles/nginx_reverseproxy/templates/letsencrypt/dhparam.j2 rename to roles/certbot/templates/letsencrypt/dhparam.j2 diff --git a/roles/certbot/templates/letsencrypt/rfc2136.ini.j2 b/roles/certbot/templates/letsencrypt/rfc2136.ini.j2 index 948f6a1..e864958 100644 --- a/roles/certbot/templates/letsencrypt/rfc2136.ini.j2 +++ b/roles/certbot/templates/letsencrypt/rfc2136.ini.j2 @@ -1,7 +1,7 @@ {{ ansible_managed | comment(decoration='# ') }} -dns_rfc2136_server = {{ certbot.dns_rfc2136_server }} +dns_rfc2136_server = {{ item.dns_rfc2136_server }} dns_rfc2136_port = 53 -dns_rfc2136_name = {{ certbot.dns_rfc2136_name }} -dns_rfc2136_secret = {{ certbot.dns_rfc2136_secret }} +dns_rfc2136_name = {{ item.dns_rfc2136_name }} +dns_rfc2136_secret = {{ item.dns_rfc2136_secret }} dns_rfc2136_algorithm = HMAC-SHA512 diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 4d4179c..210c7f0 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -7,24 +7,22 @@ retries: 3 until: apt_result is succeeded -- name: Copy snippets +- name: Copy proxypass snippets template: - src: "nginx/snippets/{{ item }}.j2" - dest: "/etc/nginx/snippets/{{ item }}" + src: "nginx/snippets/options-proxypass.conf.j2" + dest: "/etc/nginx/snippets/options-proxypass.conf" owner: root group: root mode: 0644 - loop: - - options-ssl.conf - - options-proxypass.conf -- name: Copy dhparam +- name: Copy SSL snippets template: - src: letsencrypt/dhparam.j2 - dest: /etc/letsencrypt/dhparam + src: "nginx/snippets/options-ssl.conf.j2" + dest: "/etc/nginx/snippets/options-ssl.{{ item.name }}.conf" owner: root group: root mode: 0644 + loop: "{{ nginx.ssl }}" - name: Disable default site file: @@ -32,7 +30,7 @@ state: absent - name: Copy reverse proxy sites - when: nginx.reverseproxy_sites is defined or nginx.redirect_sites is defined + when: reverseproxy is defined template: src: "nginx/sites-available/{{ item }}.j2" dest: "/etc/nginx/sites-available/{{ item }}" @@ -46,7 +44,7 @@ notify: Reload nginx - name: Activate reverse proxy sites - when: nginx.reverseproxy_sites is defined or nginx.redirect_sites is defined + when: reverseproxy is defined file: src: "/etc/nginx/sites-available/{{ item }}" dest: "/etc/nginx/sites-enabled/{{ item }}" @@ -60,6 +58,24 @@ notify: Reload nginx ignore_errors: "{{ ansible_check_mode }}" +- name: Copy forward modules + when: reverseproxy.redirect_tcp is defined and reverseproxy.redirect_tcp|length > 0 + template: + src: "nginx/modules-available/60-forward.conf.j2" + dest: "/etc/nginx/modules-available/60-forward.conf" + mode: 0644 + notify: Reload nginx + +- name: Activate modules + when: reverseproxy.redirect_tcp is defined and reverseproxy.redirect_tcp|length > 0 + file: + src: "/etc/nginx/modules-available/60-forward.conf" + dest: "/etc/nginx/modules-enabled/60-forward.conf" + state: link + mode: 0644 + notify: Reload nginx + ignore_errors: "{{ ansible_check_mode }}" + - name: Copy service nginx configuration when: nginx.servers is defined and nginx.servers|length > 0 template: @@ -98,12 +114,6 @@ group: www-data mode: 0644 -- name: Indicate role in motd - template: - src: update-motd.d/05-service.j2 - dest: /etc/update-motd.d/05-nginx - mode: 0755 - - name: Install passwords when: nginx.auth_passwd|length > 0 template: @@ -119,3 +129,18 @@ owner: www-data group: www-data mode: 0644 + +- name: Indicate role in motd + template: + src: update-motd.d/05-service.j2 + dest: /etc/update-motd.d/05-nginx + mode: 0755 + +- name: Clean old files + file: + path: "{{ item }}" + state: absent + loop: + - "/etc/nginx/snippets/options-ssl.conf" + - "/var/www/custom_401.html" + - "/var/www/robots.txt" diff --git a/roles/nginx_reverseproxy/templates/nginx/modules-available/60-forward.conf.j2 b/roles/nginx/templates/nginx/modules-available/60-forward.conf.j2 similarity index 72% rename from roles/nginx_reverseproxy/templates/nginx/modules-available/60-forward.conf.j2 rename to roles/nginx/templates/nginx/modules-available/60-forward.conf.j2 index 9a86a5d..f05b00d 100644 --- a/roles/nginx_reverseproxy/templates/nginx/modules-available/60-forward.conf.j2 +++ b/roles/nginx/templates/nginx/modules-available/60-forward.conf.j2 @@ -1,6 +1,6 @@ -# {{ ansible_managed }} +{{ ansible_managed | comment }} -{% for site in nginx.redirect_tcp %} +{% for site in reverseproxy.redirect_tcp %} # Forward port {{ site.port }} to {{ site.name }} stream { server { @@ -12,3 +12,4 @@ stream { } {% endfor %} + diff --git a/roles/nginx/templates/nginx/passwd.j2 b/roles/nginx/templates/nginx/passwd.j2 index 6e61ce2..ed45d93 100644 --- a/roles/nginx/templates/nginx/passwd.j2 +++ b/roles/nginx/templates/nginx/passwd.j2 @@ -1,4 +1,4 @@ -# {{ ansible_managed }} +{{ ansible_managed | comment }} {% for user, hash in nginx.auth_passwd.items() -%} -{{ user }}: {{ hash }} +{{ user }}:{{ hash }} {% endfor -%} diff --git a/roles/nginx/templates/nginx/sites-available/redirect.j2 b/roles/nginx/templates/nginx/sites-available/redirect.j2 index 28e9b7d..2543400 100644 --- a/roles/nginx/templates/nginx/sites-available/redirect.j2 +++ b/roles/nginx/templates/nginx/sites-available/redirect.j2 @@ -1,6 +1,6 @@ -# {{ ansible_managed }} +{{ ansible_managed | comment }} -{% for site in nginx.redirect_sites %} +{% for site in reverseproxy.redirect_sites %} # Redirect http://{{ site.from }} to http://{{ site.to }} server { listen 80; @@ -8,6 +8,11 @@ server { server_name {{ site.from }}; +{% for realip in nginx.real_ip_from %} + set_real_ip_from {{ realip }}; +{% endfor %} + real_ip_header P-Real-Ip; + location / { return 302 http://{{ site.to }}$request_uri; } @@ -21,7 +26,12 @@ server { server_name {{ site.from }}; # SSL common conf - include "/etc/nginx/snippets/options-ssl.conf"; + include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf"; + +{% for realip in nginx.real_ip_from %} + set_real_ip_from {{ realip }}; +{% endfor %} + real_ip_header P-Real-Ip; location / { return 302 https://{{ site.to }}$request_uri; @@ -31,8 +41,8 @@ server { {% endfor %} {# Also redirect for DNAMEs #} -{% for dname in nginx.redirect_dnames %} -{% for site in nginx.redirect_sites %} +{% for dname in reverseproxy.redirect_dnames %} +{% for site in reverseproxy.redirect_sites %} {% set from = site.from | regex_replace('crans.org', dname) %} {% if from != site.from %} # Redirect http://{{ from }} to http://{{ site.to }} @@ -42,6 +52,11 @@ server { server_name {{ from }}; +{% for realip in nginx.real_ip_from %} + set_real_ip_from {{ realip }}; +{% endfor %} + real_ip_header P-Real-Ip; + location / { return 302 http://{{ site.to }}$request_uri; } @@ -55,7 +70,12 @@ server { server_name {{ from }}; # SSL common conf - include "/etc/nginx/snippets/options-ssl.conf"; + include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf"; + +{% for realip in nginx.real_ip_from %} + set_real_ip_from {{ realip }}; +{% endfor %} + real_ip_header P-Real-Ip; location / { return 302 https://{{ site.to }}$request_uri; diff --git a/roles/nginx/templates/nginx/sites-available/reverseproxy.j2 b/roles/nginx/templates/nginx/sites-available/reverseproxy.j2 index d29d13c..ae2d7a6 100644 --- a/roles/nginx/templates/nginx/sites-available/reverseproxy.j2 +++ b/roles/nginx/templates/nginx/sites-available/reverseproxy.j2 @@ -1,4 +1,4 @@ -# {{ ansible_managed }} +{{ ansible_managed | comment }} # Automatic Connection header for WebSocket support # See http://nginx.org/en/docs/http/websocket.html @@ -7,7 +7,7 @@ map $http_upgrade $connection_upgrade { '' close; } -{% for site in nginx.reverseproxy_sites %} +{% for site in reverseproxy.reverseproxy_sites %} # Redirect http://{{ site.from }} to https://{{ site.from }} server { listen 80; @@ -15,6 +15,11 @@ server { server_name {{ site.from }}; +{% for realip in nginx.real_ip_from %} + set_real_ip_from {{ realip }}; +{% endfor %} + real_ip_header P-Real-Ip; + location / { return 302 https://$host$request_uri; } @@ -28,7 +33,7 @@ server { server_name {{ site.from }}; # SSL common conf - include "/etc/nginx/snippets/options-ssl.conf"; + include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf"; # Log into separate log files access_log /var/log/nginx/{{ site.from }}.log; @@ -43,8 +48,9 @@ server { root /var/www/html; } - set_real_ip_from 10.231.136.0/24; - set_real_ip_from 2a0c:700:0:2::/64; +{% for realip in nginx.real_ip_from %} + set_real_ip_from {{ realip }}; +{% endfor %} real_ip_header P-Real-Ip; location / { diff --git a/roles/nginx/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 b/roles/nginx/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 index 4edda25..819fd7a 100644 --- a/roles/nginx/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 +++ b/roles/nginx/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 @@ -1,8 +1,8 @@ -# {{ ansible_managed }} +{{ ansible_managed | comment }} -{% for dname in nginx.redirect_dnames %} -{% for site in nginx.reverseproxy_sites %} -{% set from = site.from | regex_replace('crans.org', dname) %} +{% for dname in reverseproxy.redirect_dnames %} +{% for site in reverseproxy.reverseproxy_sites %} +{% set from = site.from | regex_replace('auro.re', dname) %} {% set to = site.from %} {% if from != site.from %} # Redirect http://{{ from }} to http://{{ to }} @@ -12,6 +12,11 @@ server { server_name {{ from }}; +{% for realip in nginx.real_ip_from %} + set_real_ip_from {{ realip }}; +{% endfor %} + real_ip_header P-Real-Ip; + location / { return 302 http://{{ to }}$request_uri; } @@ -25,7 +30,12 @@ server { server_name {{ from }}; # SSL common conf - include "/etc/nginx/snippets/options-ssl.conf"; + include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf"; + +{% for realip in nginx.real_ip_from %} + set_real_ip_from {{ realip }}; +{% endfor %} + real_ip_header P-Real-Ip; location / { return 302 https://{{ to }}$request_uri; diff --git a/roles/nginx/templates/nginx/sites-available/service.j2 b/roles/nginx/templates/nginx/sites-available/service.j2 index 3d9db5d..39f25eb 100644 --- a/roles/nginx/templates/nginx/sites-available/service.j2 +++ b/roles/nginx/templates/nginx/sites-available/service.j2 @@ -1,4 +1,4 @@ -# {{ ansible_managed }} +{{ ansible_managed | comment }} # Automatic Connection header for WebSocket support # See http://nginx.org/en/docs/http/websocket.html @@ -19,7 +19,7 @@ upstream {{ upstream.name }} { server { listen 443 default_server ssl; listen [::]:443 default_server ssl; - include "/etc/nginx/snippets/options-ssl.conf"; + include "/etc/nginx/snippets/options-ssl.{{ nginx.default_ssl_domain }}.conf"; server_name _; charset utf-8; @@ -27,6 +27,11 @@ server { # Hide Nginx version server_tokens off; +{% for realip in nginx.real_ip_from %} + set_real_ip_from {{ realip }}; +{% endfor %} + real_ip_header P-Real-Ip; + location / { return 302 https://{{ nginx.default_ssl_server }}$request_uri; } @@ -45,6 +50,11 @@ server { # Hide Nginx version server_tokens off; +{% for realip in nginx.real_ip_from %} + set_real_ip_from {{ realip }}; +{% endfor %} + real_ip_header P-Real-Ip; + location / { return 302 http://{{ nginx.default_server }}$request_uri; } @@ -55,8 +65,8 @@ server { {% if server.ssl is defined and server.ssl -%} # Redirect HTTP to HTTPS server { - listen 80; - listen [::]:80; + listen 80{% if server.default is defined and server.default %} default_server{% endif %}; + listen [::]:80{% if server.default is defined and server.default %} default_server{% endif %}; server_name {{ server.server_name|join(" ") }}; charset utf-8; @@ -64,6 +74,11 @@ server { # Hide Nginx version server_tokens off; +{% for realip in nginx.real_ip_from %} + set_real_ip_from {{ realip }}; +{% endfor %} + real_ip_header P-Real-Ip; + location / { return 302 https://$host$request_uri; } @@ -72,9 +87,9 @@ server { server { {% if server.ssl is defined and server.ssl -%} - listen 443 ssl; - listen [::]:443 ssl; - include "/etc/nginx/snippets/options-ssl.conf"; + listen 443{% if server.default is defined and server.default %} default_server{% endif %} ssl; + listen [::]:443{% if server.default is defined and server.default %} default_server{% endif %} ssl; + include "/etc/nginx/snippets/options-ssl.{{ server.ssl }}.conf"; {% else -%} listen 80; listen [::]:80; @@ -86,29 +101,32 @@ server { # Hide Nginx version server_tokens off; - {% if server.root is defined -%} - root {{ server.root }}; - {% endif -%} - {% if server.index is defined -%} - index {{ server.index|join(" ") }}; - {% endif -%} +{% for realip in nginx.real_ip_from %} + set_real_ip_from {{ realip }}; +{% endfor %} + real_ip_header P-Real-Ip; - {% if server.access_log is defined -%} - access_log {{ server.access_log }}; - {% endif -%} - {% if server.error_log is defined -%} - error_log {{ server.error_log }}; - {% endif -%} + {% if server.root is defined %}root {{ server.root }};{% endif %} + {% if server.index is defined %}index {{ server.index|join(" ") }};{% endif %} - {% if server.locations is defined -%} + {% if server.access_log is defined %}access_log {{ server.access_log }};{% endif %} + {% if server.error_log is defined %}error_log {{ server.error_log }};{% endif %} - {% for location in server.locations -%} +{% if server.additional_params is defined %} +{% for param in server.additional_params %} + {{ param }}; +{% endfor %} +{% endif %} + +{% if server.locations is defined %} +{% for location in server.locations %} location {{ location.filter }} { - {% for param in location.params -%} +{% for param in location.params %} {{ param }}; - {% endfor -%} +{% endfor %} } - {% endfor -%} -{% endif -%} + +{% endfor %} +{% endif %} } {% endfor %} diff --git a/roles/nginx/templates/nginx/snippets/fastcgi.conf.j2 b/roles/nginx/templates/nginx/snippets/fastcgi.conf.j2 index 0b21030..a173dea 100644 --- a/roles/nginx/templates/nginx/snippets/fastcgi.conf.j2 +++ b/roles/nginx/templates/nginx/snippets/fastcgi.conf.j2 @@ -1,4 +1,4 @@ -# {{ ansible_managed }} +{{ ansible_managed | comment }} # regex to split $uri to $fastcgi_script_name and $fastcgi_path fastcgi_split_path_info (^/[^/]*)(.*)$; diff --git a/roles/nginx/templates/nginx/snippets/options-proxypass.conf.j2 b/roles/nginx/templates/nginx/snippets/options-proxypass.conf.j2 index 9515d81..7f8d4b8 100644 --- a/roles/nginx/templates/nginx/snippets/options-proxypass.conf.j2 +++ b/roles/nginx/templates/nginx/snippets/options-proxypass.conf.j2 @@ -1,4 +1,4 @@ -# {{ ansible_managed }} +{{ ansible_managed | comment }} proxy_redirect off; proxy_set_header Host $host; diff --git a/roles/nginx/templates/nginx/snippets/options-ssl.conf.j2 b/roles/nginx/templates/nginx/snippets/options-ssl.conf.j2 index fee51c6..d665eaf 100644 --- a/roles/nginx/templates/nginx/snippets/options-ssl.conf.j2 +++ b/roles/nginx/templates/nginx/snippets/options-ssl.conf.j2 @@ -1,7 +1,7 @@ -# {{ ansible_managed }} +{{ ansible_managed | comment }} -ssl_certificate {{ nginx.ssl.cert }}; -ssl_certificate_key {{ nginx.ssl.cert_key }}; +ssl_certificate {{ item.cert }}; +ssl_certificate_key {{ item.cert_key }}; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; ssl_session_tickets off; @@ -13,5 +13,5 @@ ssl_prefer_server_ciphers off; # Enable OCSP Stapling, point to certificate chain ssl_stapling on; ssl_stapling_verify on; -ssl_trusted_certificate {{ nginx.ssl.trusted_cert }}; +ssl_trusted_certificate {{ item.trusted_cert }}; diff --git a/roles/nginx/templates/update-motd.d/05-service.j2 b/roles/nginx/templates/update-motd.d/05-service.j2 index fdff0b8..c52c655 100755 --- a/roles/nginx/templates/update-motd.d/05-service.j2 +++ b/roles/nginx/templates/update-motd.d/05-service.j2 @@ -1,3 +1,3 @@ #!/usr/bin/tail +14 -# {{ ansible_managed }} +{{ ansible_managed | comment }} > NGINX a été déployé sur cette machine. Voir /etc/nginx/. diff --git a/roles/nginx/templates/www/html/robots.txt.j2 b/roles/nginx/templates/www/html/robots.txt.j2 index 3fbaed7..1f53798 100644 --- a/roles/nginx/templates/www/html/robots.txt.j2 +++ b/roles/nginx/templates/www/html/robots.txt.j2 @@ -1,4 +1,2 @@ -{{ ansible_header | comment }} - User-agent: * Disallow: / diff --git a/roles/nginx_reverseproxy/handlers/main.yml b/roles/nginx_reverseproxy/handlers/main.yml deleted file mode 100644 index 6dfcdd7..0000000 --- a/roles/nginx_reverseproxy/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Reload nginx - systemd: - name: nginx - state: reloaded diff --git a/roles/nginx_reverseproxy/tasks/main.yml b/roles/nginx_reverseproxy/tasks/main.yml deleted file mode 100644 index 497048d..0000000 --- a/roles/nginx_reverseproxy/tasks/main.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- -- name: Install NGINX - apt: - update_cache: true - name: nginx - register: apt_result - retries: 3 - until: apt_result is succeeded - -- name: Copy snippets - template: - src: "nginx/snippets/{{ item }}.j2" - dest: "/etc/nginx/snippets/{{ item }}" - mode: 0644 - loop: - - options-ssl.conf - - options-proxypass.conf - -- name: Copy dhparam - template: - src: letsencrypt/dhparam.j2 - dest: /etc/letsencrypt/dhparam - mode: 0644 - -- name: Copy reverse proxy sites - template: - src: "nginx/sites-available/{{ item }}.j2" - dest: "/etc/nginx/sites-available/{{ item }}" - mode: 0644 - loop: - - reverseproxy - - reverseproxy_redirect_dname - - redirect - notify: Reload nginx - -- name: Activate sites - file: - src: "/etc/nginx/sites-available/{{ item }}" - dest: "/etc/nginx/sites-enabled/{{ item }}" - state: link - mode: 0644 - loop: - - reverseproxy - - reverseproxy_redirect_dname - - redirect - notify: Reload nginx - -- name: Copy forward modules - template: - src: "nginx/modules-available/60-forward.conf.j2" - dest: "/etc/nginx/modules-available/60-forward.conf" - mode: 0644 - notify: Reload nginx - -- name: Activate modules - file: - src: "/etc/nginx/modules-available/60-forward.conf" - dest: "/etc/nginx/modules-enabled/60-forward.conf" - state: link - mode: 0644 - notify: Reload nginx - -- name: Copy 50x error page - template: - src: www/html/50x.html.j2 - dest: /var/www/html/50x.html - mode: 0644 - -- name: Indicate role in motd - template: - src: update-motd.d/05-service.j2 - dest: /etc/update-motd.d/05-nginx - mode: 0755 diff --git a/roles/nginx_reverseproxy/templates/nginx/sites-available/redirect.j2 b/roles/nginx_reverseproxy/templates/nginx/sites-available/redirect.j2 deleted file mode 100644 index 9b0e8ca..0000000 --- a/roles/nginx_reverseproxy/templates/nginx/sites-available/redirect.j2 +++ /dev/null @@ -1,67 +0,0 @@ -# {{ ansible_managed }} - -{% for site in nginx.redirect_sites %} -# Redirect http://{{ site.from }} to http://{{ site.to }} -server { - listen 80; - listen [::]:80; - - server_name {{ site.from }}; - - location / { - return 302 http://{{ site.to }}{% if site.norequesturi is not defined %}$request_uri{% endif %}; - } -} - -# Redirect https://{{ site.from }} to https://{{ site.to }} -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name {{ site.from }}; - - # SSL common conf - include "/etc/nginx/snippets/options-ssl.conf"; - - location / { - return 302 https://{{ site.to }}{% if site.norequesturi is not defined %}$request_uri{% endif %}; - } -} - -{% endfor %} - -{# Also redirect for DNAMEs #} -{% for dname in nginx.redirect_dnames %} -{% for site in nginx.redirect_sites %} -{% set from = site.from | regex_replace('crans.org', dname) %} -{% if from != site.from %} -# Redirect http://{{ from }} to http://{{ site.to }} -server { - listen 80; - listen [::]:80; - - server_name {{ from }}; - - location / { - return 302 http://{{ site.to }}{% if site.norequesturi is not defined %}$request_uri{% endif %}; - } -} - -# Redirect https://{{ from }} to https://{{ site.to }} -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name {{ from }}; - - # SSL common conf - include "/etc/nginx/snippets/options-ssl.conf"; - - location / { - return 302 https://{{ site.to }}{% if site.norequesturi is not defined %}$request_uri{% endif %}; - } -} - -{% endif %} -{% endfor %} -{% endfor %} diff --git a/roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy.j2 b/roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy.j2 deleted file mode 100644 index 9c8c152..0000000 --- a/roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy.j2 +++ /dev/null @@ -1,62 +0,0 @@ -# {{ ansible_managed }} - -# Automatic Connection header for WebSocket support -# See http://nginx.org/en/docs/http/websocket.html -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} - -{% for site in nginx.reverseproxy_sites %} -# Redirect http://{{ site.from }} to https://{{ site.from }} -server { - listen 80; - listen [::]:80; - - server_name {{ site.from }}; - - location / { - return 302 https://$host$request_uri; - } -} - -# Reverse proxify https://{{ site.from }} to http://{{ site.to }} -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name {{ site.from }}; - - # SSL common conf - include "/etc/nginx/snippets/options-ssl.conf"; - - # Log into separate log files - access_log /var/log/nginx/{{ site.from }}.log; - error_log /var/log/nginx/{{ site.from }}_error.log; - - # Keep the TCP connection open a bit for faster browsing - keepalive_timeout 70; - - # Custom error page - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /var/www/html; - } - - set_real_ip_from 10.231.136.0/24; - set_real_ip_from 2a0c:700:0:2::/64; - real_ip_header P-Real-Ip; - -{% if site.custom_args is defined -%} -{% for arg in site.custom_args %} - {{ arg }}; -{% endfor %} -{% endif %} - - location / { - proxy_pass http://{{ site.to }}; - include "/etc/nginx/snippets/options-proxypass.conf"; - } -} - -{% endfor %} diff --git a/roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 b/roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 deleted file mode 100644 index bac615d..0000000 --- a/roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 +++ /dev/null @@ -1,37 +0,0 @@ -# {{ ansible_managed }} - -{% for dname in nginx.redirect_dnames %} -{% for site in nginx.reverseproxy_sites %} -{% set from = site.from | regex_replace('auro.re', dname) %} -{% set to = site.from %} -{% if from != site.from %} -# Redirect http://{{ from }} to http://{{ to }} -server { - listen 80; - listen [::]:80; - - server_name {{ from }}; - - location / { - return 302 http://{{ to }}$request_uri; - } -} - -# Redirect https://{{ from }} to https://{{ to }} -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name {{ from }}; - - # SSL common conf - include "/etc/nginx/snippets/options-ssl.conf"; - - location / { - return 302 https://{{ to }}$request_uri; - } -} - -{% endif %} -{% endfor %} -{% endfor %} diff --git a/roles/nginx_reverseproxy/templates/nginx/snippets/options-proxypass.conf.j2 b/roles/nginx_reverseproxy/templates/nginx/snippets/options-proxypass.conf.j2 deleted file mode 100644 index 9515d81..0000000 --- a/roles/nginx_reverseproxy/templates/nginx/snippets/options-proxypass.conf.j2 +++ /dev/null @@ -1,19 +0,0 @@ -# {{ ansible_managed }} - -proxy_redirect off; -proxy_set_header Host $host; - -# Pass the real client IP -proxy_set_header X-Real-IP $remote_addr; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - -# Tell proxified server that we are HTTPS, fix Wordpress -proxy_set_header X-Forwarded-Proto https; - -# WebSocket support -proxy_http_version 1.1; -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection $connection_upgrade; - -# For Owncloud WebDav -client_max_body_size 10G; diff --git a/roles/nginx_reverseproxy/templates/nginx/snippets/options-ssl.conf.j2 b/roles/nginx_reverseproxy/templates/nginx/snippets/options-ssl.conf.j2 deleted file mode 100644 index fee51c6..0000000 --- a/roles/nginx_reverseproxy/templates/nginx/snippets/options-ssl.conf.j2 +++ /dev/null @@ -1,17 +0,0 @@ -# {{ ansible_managed }} - -ssl_certificate {{ nginx.ssl.cert }}; -ssl_certificate_key {{ nginx.ssl.cert_key }}; -ssl_session_timeout 1d; -ssl_session_cache shared:MozSSL:10m; -ssl_session_tickets off; -ssl_dhparam /etc/letsencrypt/dhparam; -ssl_protocols TLSv1.2 TLSv1.3; -ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; -ssl_prefer_server_ciphers off; - -# Enable OCSP Stapling, point to certificate chain -ssl_stapling on; -ssl_stapling_verify on; -ssl_trusted_certificate {{ nginx.ssl.trusted_cert }}; - diff --git a/roles/nginx_reverseproxy/templates/update-motd.d/05-service.j2 b/roles/nginx_reverseproxy/templates/update-motd.d/05-service.j2 deleted file mode 100755 index fdff0b8..0000000 --- a/roles/nginx_reverseproxy/templates/update-motd.d/05-service.j2 +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/tail +14 -# {{ ansible_managed }} -> NGINX a été déployé sur cette machine. Voir /etc/nginx/. diff --git a/roles/nginx_reverseproxy/templates/www/html/50x.html.j2 b/roles/nginx_reverseproxy/templates/www/html/50x.html.j2 deleted file mode 100644 index e5c8733..0000000 --- a/roles/nginx_reverseproxy/templates/www/html/50x.html.j2 +++ /dev/null @@ -1,63 +0,0 @@ - - - - - 502 - - - - -

502

-

Whoops, le service prend trop de temps à répondre…

-

Essayez de rafraîchir la page. Si le problème persiste, pensez - à contacter l'équipe technique d'Aurore.

- - - diff --git a/services_web.yml b/services_web.yml index 62b7044..00d5b7b 100755 --- a/services_web.yml +++ b/services_web.yml @@ -10,15 +10,18 @@ roles: - passbolt -# Deploy reverse proxy -- hosts: proxy*.adm.auro.re +- hosts: reverseproxy + vars: + certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}' + nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}' + reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}' roles: - certbot - - nginx_reverseproxy + - nginx -- hosts: portail.adm.auro.re +- hosts: nginx,!reverseproxy vars: - certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}' + certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}' nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}' roles: - certbot From ba6da939ab4af0d49e27483654ba0df0a0c85631 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 24 Feb 2021 13:57:59 +0100 Subject: [PATCH 099/146] [certbot] Fix certificates for auro.re Signed-off-by: Yohann D'ANELLO --- host_vars/proxy-ovh.adm.auro.re.yml | 8 ++++++++ roles/certbot/tasks/main.yml | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/host_vars/proxy-ovh.adm.auro.re.yml b/host_vars/proxy-ovh.adm.auro.re.yml index 1c4cba6..13f0a1d 100644 --- a/host_vars/proxy-ovh.adm.auro.re.yml +++ b/host_vars/proxy-ovh.adm.auro.re.yml @@ -1,4 +1,12 @@ --- +loc_certbot: + - dns_rfc2136_server: '10.128.0.30' + dns_rfc2136_name: certbot_challenge. + dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}" + mail: tech.aurore@lists.crans.org + certname: auro.re + domains: "auro.re, *.auro.re" + loc_reverseproxy: redirect_sites: - from: www.auro.re diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml index c14ccb5..8404b4d 100644 --- a/roles/certbot/tasks/main.yml +++ b/roles/certbot/tasks/main.yml @@ -28,7 +28,7 @@ file: path: /etc/letsencrypt/conf.d state: directory - mode: 0644 + mode: 0755 - name: Add Certbot configuration template: From c3d24c1cd0bb24c069243d463a8c3bbfce58df66 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sun, 28 Feb 2021 21:47:42 +0100 Subject: [PATCH 100/146] Add SSH key for Jeltz --- group_vars/all/vault.yml | 375 ++++++++++++++++++++------------------- 1 file changed, 197 insertions(+), 178 deletions(-) diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 3666f5b..89937f5 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,179 +1,198 @@ $ANSIBLE_VAULT;1.1;AES256 -32313562646230353138303964366135656361616532343933353732313961323339653964353130 -3938346666633565356134343835633964626261363365370a663664663938383731343733386136 -33356531323762313463326339333963336636353933326537333665313334616563626632336663 -6537363033663935660a613366613962626563643035663330343061353836646561623031323236 -65313633383063373064613930623530656365396335663363643330636239643937373163623932 -61373136303737333739316565323934376433316362353935363637373264616238373831666438 -35343135383233653963333237393232353631636566373766366664656666313436323535393736 -62323731343261373331393062633030356235313834373861323138663930613332643432386436 -38383038616536316465343561643639353434396631643033633537393265646532613161343732 -32363265643963386538326639353233363438643833306637336431303533396562613863633537 -30303334643137313136633039393463346562306236353566333563633238313865313534326137 -33623036376439653532313833633135326631643361333463633162303065623633636331666661 -62303636653233666164383463356530633464306564383236373832616263653165373937303030 -31323865656436366265303537306438303434613135396166313635656566373539303463393830 -65383636363064333730623161316162373734626433346564333835393030616437636665316566 -37353937626465383439633534316336313931663561336335653761396230393031393839336264 -37623037663032646631656637386366333131356562376665333964393264643133626532653564 -32353235633434656334663233303664613865343039613330663833396162646430623735653434 -66633466306338373061326636366330643639383632353564353865623637303832306332653131 -37343566393965326635613135613134316264616336303233616162313839626235386137343435 -33633336636434343531633362633834376135303337363637303039323038313937646236366265 -34303434373566313730623664653263653466366133363562333736393836393363326665353434 -30333263323366326436623238353335323936346637646130623265366535653737343665373165 -63336166633831623464343862353065653162613934646539396364353162633063303332313266 -65656163396463363737663931353765376337643065646131303264363961366336343432653537 -65306437623535393132343962333666366665316362366536663431646435633166333731303232 -63313337353334623330623862386661306333366638306433373437623835636631376231373636 -66666539363561313166396438343730656230663532633031353336636565343964366136663466 -38316364663936303231633633613832313163646262313238346666336661613236343966353130 -62656237663865306632333130653933633332623061633062363964643130383430613864663935 -63663765356434626661346165653163626565336437613539653536306432376332616430393737 -34366139336363383761366338623236383135373634613239616665343061396633383231663230 -63653331336366666234626662356461663263626465663036326162343239373734346661626665 -61666231613565356633343030343935393135653261376239303037373634386138393463363239 -30356365663133646634333863616230646235656135336330393836353462323630376537366334 -31306330363232326661616666623131383837353139643838326430653561346565393762323936 -31623136656361383039653763613162356530653933376539336130376237396661663664393733 -36396433303339613965316230613237303331646331383239356638333366653961303138343663 -33393664303637333863313364356666383836633063643539333262633565623534323866316537 -38623630363139643837396330353463303932383231663831363763656537386531383531303165 -37366338343063346230656461393832383736636662656666636434363731623437303862636366 -33613333393139613637623963373262323637653531336265333033333135613330313166633738 -36353935383931363535656539333130653164613431616438613432313532373063353738656162 -36616563383133623336396633343762376537663432356238653766666636323232623065313537 -39636632326166323130646633626431323831373963313837613465356436326430616433303662 -65343834663937306539663330366538643265626665613631323036616463313266303237613938 -30613565306636306561643238326138623366343365303934306561623234313332636462383363 -30623432326336396364636164366463326533613665333830656564626663383331323661663934 -35353135323930656138373830623932396138626335343265623738383532333861306561323430 -66333532333961636463656535636132323535313730333762633139306235373031363831363266 -33646635316137616663653461393566303432386330623936633330373461333762356532663062 -39666437363931313861356331653932303132353364623664656364316430653933653935616230 -38376631316463646663626562366233626334323235633235653364623936643131356130343261 -36396535393335366532313930623363663032386635396262363430303466373737633739626435 -30636136396562336561393936353763383732653166353266376165663233626266353638363131 -65323462633039323334613566373434343363633532656534663635363763396265663137636331 -38613736353635613437663133616431396666316230393066343431336535626335373437393039 -63666135353937313765316134326338376161353862373161653039333631306264343464353035 -65353639313134346239646362663836643734373465353866373238613162303336306438376237 -35363934333536376136666561333636653136316435316530366461306636333063313739626630 -37633333333766613663636466373364663132613266343136376138663461383832356631303132 -30363434336161393962363636313364663839383734373533356663343733333731613535646433 -64396361643736653931336365313338313633383038306131333863306437386362633263646364 -36656566326333333136636566613066623362363263373435356162396431396334386237383231 -30326465646334613235666435613462633230353434653666336364646466613066346366376262 -66633863333461626631383961663930383663666538613162643730323565653732386330613538 -38666164353130386530376332643637333931313661633634303636643639613561643338373331 -63333932306634313933366533623837613934366334396637396361623439383964333665383435 -62316265356537616137643537366666336634393935613034393737313930333364323031653234 -37366561356332666439623462396266623961653039626562393065393336643962373064343563 -36346665666338623931343739386531343833386135356164303532643463346565316163656633 -32616365623065626139383362613466633332666133313263393062373338653834363830333039 -62626230343362393533633061663432363836616539643065643839623065633363393134643534 -63343935376537393739333063333333386239663763383435633234376434366362616433363162 -34363539633661633333306133363433313761303138363864373266333461303139613362663937 -39626332356139396330393361613364643363366164376234316266316164393035386334366362 -36373065626530333237636139336163623766623561656234333239646263626164323134633434 -63326635393665333533383562633438303036616262366435373739386430353964333265393732 -66643838303566626131323834646564613830333937616264383864316666343333396636303836 -38633335656536653334626530303835623531666665326533303535313164323836373365636265 -65393061363933373931396134623264643065633534313566346336343862346537343437363765 -62663264376266326538616330376633353832353234653661613964373231666562326466663934 -38393931643736626332623461613737383463663935656263656233306437653331343838343865 -64343239636166343134336261656162393938396633376663366466653634373566336165323237 -34386137313961653739393231616532346664366138356631353030623236343535363435636462 -32323564306339396437633763613535393230386631616166656539373861386633363464653439 -34323134626334356631623764356232366337646236313031336138333636633834353463363961 -32316664383038633330383765356563353062303133333133336365346561643234386161383461 -39323964303061313461386333613961396533646161663230666466616231386239386666306233 -39343239323739323738373263313662336237346663663432343861343034633463386163303366 -38333537626232663438383230623032623765336164653438653434396362633063333437366338 -34373431323539306531323536363238333037643337626131336631356537626237656630393964 -38393736633433306632323334613232303162313962616334376130353931336337303462363266 -39643137643034396564303531346361336134353461653535336165323032323238663631653935 -38366339366436376166333335663230306663633634336434323532316664666134313365323834 -31363964346561373262393632366637396633323332393162666166326631383164643265353135 -34303664353434373131653530346634386333663732373966613761616261323032336266646163 -32663966656464633565356337653534623962663939333033613933633965666339653764663134 -38363965393730633638653561393432303835303164396462366435353030643966316665333061 -39643634646137626338323537393031356532616637666634333139396630663930636235333735 -66336465666439356636623037653564393161393432346534656132346631396462356463336566 -30303833386638333866396462633330306439613139636331636331333663386438623461343133 -30643164366434353765633738356536643861303232393362343131353730376364623463326361 -37363061623333653466636438666465616133396233616430393265626362663736613031383764 -63353065306166646461623763643062383738376266353765643134376538393233383663346237 -37643639663063383266373536323533343936633134386263616163343637613636303134343037 -34626232303335393532643134646132323463396333386664333731646331343937363661323539 -65663936366464643162633432666537393439313664643638343237653566613235353165663336 -32373037346239356337633036306138343366666463363538373836616530313565613562383433 -64616263626165343938363230613039356137643665653734366533393033316363663036363738 -66323663663366666162623734363465663939383830396533383665393139633530616263663136 -64333132633031623835373831636366643831626235303831313761653734666365386462393534 -66303332656561653162636636313439663633396638353638363465663138353866376636326634 -63613865613466326230323564323439393061653664393261373531306235333663373434636262 -62353132653333313635653633346461323165373862343839316539653038633664353830643234 -36633763653738323732386263643461333761306532303534663763323735636563366266653464 -66636236393033613736656562663661346162316164616663306465623431613133633130383136 -35313434346164653163396137383064656538353766653237646237663639663039663665666236 -62346139633234343735303762653030326333333764356562656435623330663066353333326239 -39646465393362323537343766366432323765363139643361643037373739643636623437386636 -32353233303337623136343062623633306361383737303431613663633163643832343434656335 -39633434393466646366376534333865633361333861653366316238626637363537303335363662 -61353830303733623665643864333134623062356334616331363565333235666261653732633264 -62663238663461343738303764303636366638393830623264613730303635623635626364646464 -35623239356235316136343532616638663930313565383264663936633733386663326161623830 -62626634313963323866653432343561303233343035353433613731353538356438613033346638 -33613466656633626261326465336437613630376335663933303061393731313065636131393762 -65613037653363636235613838613535316635613066393436356537633662313539323163613361 -36356632323634363335366665376663346565393439313031636331633235333664663830636135 -64653266616262336437623731383161383437613461323837653066656233643230663064616432 -65383337323333633465316533623465303735396430326334643634626436303263396534356335 -34373134653232303866386433643864363536643138353965323130616338353731633434326361 -66303133353264343664323435653133383431626263373237613631616235666465616333343937 -37323333653565363665376236396232393132336137346461613831623063326631636335333365 -65376538396265313732323932383061633464393630393563386163393230623238633938396535 -34333330386131353336646361313634353862663762653234373235366565343232306432653731 -61383863306632626463653831383735636233623966353130626634366638626236383864316531 -37353062336539626531356133313132663330663135393930356565323364353761393439373533 -61366465313462313033306631333432646163653832363564313838643362316263353562373262 -33343664666230303065373836306663643135303439356362336634346637353438633364306365 -30623332363436353865633738663464636132306134386465306164363333386338323433643163 -37626235303062393933393363656339636139323464373439363765316266646536316336666163 -34306262326238343937623432643262646263666266623933623565363535326235623637396237 -64623961663037653033383933333062393932613933303962326538333739303731363137623365 -30363030353433646133666166383938356232396331656165343531343232613934663834633464 -36353331373233393861636131393238363031383135613633373665613364373466356663376431 -66303331383837663261313838363266656164633836623661326331356566653938306266376632 -63613238356135373938663030343634393566653963306237303138626461613931356565663835 -64386433613937643730396130663333646334386336613864333533626661626166346232333964 -66316664346231376639393132613936323261383131633737386331343966363961633237666334 -38353363383761333439373437623937393534626435386262383732363833346166656233666332 -62636130323536663432633434646666303664393130626437636132316264613535306463623964 -30633030613665343631373366363737313130666337326230633631646461356362363963306361 -64393639353339303436346438313833333432356666666339613666623132636235383866343838 -36666263343538633537303665616366656363373736306235333264336466313939356131303561 -33363030653966316232313933323665663330303338366333656536623861623537313266383565 -65633866663665393635646531353539623362646663356664333866623432333465333335333333 -31616262356537646261373166343665633238633235373335343134393366663462393465643135 -35326336613835663132343233386564373462353561333066323631313664373865323233653336 -65333731336565633664636562326365343263373263373162653239633964396138616335616230 -63376562383064663330363562306338346465666563306365306639353632396633323830353337 -65666233376239333436633566623535383065646235353832363030303565623531333539613864 -63393339656238323466343564333134636164383062613138656138373936636531636166393062 -32613431636233316533353937326234663336343231313630393037313663383034383238346562 -36383264626366383835623261643562323037303661383832323939363939623038626664393530 -65353061313266633764353331313532383766613735333131373365366336306139343265306634 -66313435313965633362356563313763653634643362616138633832633136333362343731346166 -34613431653134363732353833643962636431623036393935666237663833373934373438666434 -36633538306632383439323465636665303863646532653165666638316137633738363736386633 -33303234306531356136316463353232303737323661333430333137636633306131316434376665 -64323633383735313536373534626331356631316464643530363866633730353239346633396364 -36323437306165363465613365383666353037313333653230316234626439623964343336343762 -66343831343133343330336536613134303836626434663731343636613835623364633236653962 -63356635363239663533336265306261393337313136313937356662616231636461373230376232 -64313738333966633265626166653266313932666134356235373238376530303437646464333364 -31613631386335356561363938323831313061373566323638663864393266656361366463353736 -63386361373737383837336435633562626566656666373737313464323466313364626466633537 -6661656232313066363235616364646663623039386561636332 +63333334623934376334363635643536623263663238333835323935306266306234633538336333 +3735636661313837393933303266396363626634623437320a633936323238353736336132393834 +62396432396233343735643163636237386632623062363566313839396437393237316430653832 +3635653362346565360a626636323538313632363838626235386133393338613966646462663837 +63333337346431316638633036313533636334313432313266363232333465626331633839393832 +31343537393365373932396463643761343431623934306231323534306132643963393033346264 +38306531353632363336303931623665393833656461663032383663386663616130323430316561 +64373361393237653033313836616237643936666333363464633665313239336662393533343866 +30353537333065393566346538643334363231316539386161363366626234643261616531643336 +31613535383739313831656561623864386334326663346138386534363330353930663630363835 +35653937386136366539316330313564653932613963313630326663386132393437643137333536 +36633339336235366338303665616538656662656534376161646333653733643832343633346361 +39626233666230636136353331613233393962313664303466333738303437643331663434313966 +61613364366533316165656263626232373334303264366531643739383735613462376138653535 +63626363386335393134346562633362343532643961363335656633303364356563333330613438 +32393733336231386433626338336333636230306563663739343436333861363733653462613835 +39633064633665333238643033663866376139303762356530653333393834386439323131653031 +63386137353238623337396135323934383465653435336531316432663464343331666666633165 +35303466626537363363376663383534386462363439363937383530633436343861626466313035 +30633438663636646464666436623362643430633462643063646434306361323964623134663935 +35393533633537626138643564623532306530613661363262363037623037633561363337613866 +32363762353830633137386134393866303330626135326639336364303037653438356135323261 +62303835653331313831363963333930626632623765343630376636396363383361396265653034 +36333364646530636138313133646230336235643630643933663634613133316439363735323361 +64383962383764383362363737356364353965653763663661623335363639336636326337353835 +62623838633065666635333965633032323934316438623136376637646433616533313933303830 +62366264313334666263326339393435343930333530396334313931393563353339653037326639 +64643932386137666530626532623237363266663164333764383964653334346366336462666366 +30333036393065363631306630626161633235323932316665343632633335646135393062313036 +37313838363061626664363863623137303765313836396432336235313238623635653630316466 +65646237636463323563653736636139626630646134303833376663366239303538353033346431 +61306261373739316636393464373030636634343230626366643166356463643265646331343062 +39333031633231373031633230363261366432656263656636383962613961343636643564366235 +39323338393136383864363337356165373530313662306331316562356361396134663039643237 +35306662613037373739626236343135633833323966386433356136656563626138633366313837 +30383064336362626231653661346638323638636438303934643864623837376163656437633762 +30323362313735636336363763346431383566646339306130663664616439316132396535633664 +37663337356466343661353735356263303131303237303637653566653533633534663963663430 +31626632353637373033363835306362396533636632636332616236356337623134626164366139 +35343830613337313865636336376439316437333335333337656337333361633031303636376162 +30663330333332366633343466313665633034643364333736653930633539343733363866633133 +35616332363663383732383364363763356165656433376266343239313237613464616330393739 +66666338393262333936376633353366366539656339373163373137363836616462633763376535 +35663938626531393532376165336235393361633135663966366433343931616163633063636432 +63633834366333376431313966613737623832313130643336323238626164373436656562616235 +66343230376131326366316335353339353164313861643731353331306130646330313066303131 +39363265613131303632353436633461653634636530626164303164386463643861353062646337 +66396263333239396339623537623734336536653638353033393564343139643837363937616130 +65663730646364303336363331623537316433323035393538393132333462643938343936666435 +35666563646631333738623039306466636433316231316137356335623562633166323533653033 +34366165336262386336393034633836346534306166616535343464386631393735393066386233 +66633664376632633163396264623938623834346533616463333637396561623261313536323635 +35643865623434393338666139326431393663383432633465626236363533356161366239313737 +65346536363532356231643463646236383561393965626564313830386531353463363836613437 +30303138383736363361316361363265646232393865623836613465306539346461653965653662 +38623133333037626366666262613861633832326632326235313565653162353438333864656636 +61663131616339623564383063316132633562323366666136393363323335396237313431666436 +30646561326164626266636238386333346136656438663334356335626161383862363832653730 +31626536393464303539326466346230386661316261363138636665386266363734663038663261 +36623861376538393437663962343339646365626431303934316634383464333638636666303232 +36303331333561616535333031616235316335663234636466633366326465333264353062666133 +61636264386366396165343866633036323438393164616333336564613363316666333433633464 +30323262316166323264316639373737326433303334636533656539626261323763336135316166 +34643032653662616465353437343563663961623530313133666531303438643935616237663133 +35613135383736643561366334366230663237656631356235646335313039326231636634343061 +36346436333737343362663266633761376433653764353635646363643666383238623761626338 +34623639643037363634373566346432363830613936653563346265306437623966346466616330 +63373465633564653666373465653436343961633434313863626563316234303132623537636336 +64383532343863636562613835323930623232353236383235386530303565646535356562356561 +38653535336238353566646261613433666437653636663830396634363338643835316263623662 +34323331356539333261626532636135313862663938636438656234653261376633313731643862 +30663666303134396161326363323465303038333139313933616265373238626163343061643533 +34396536643465386439643430393566633662316164356463303066333334303532393233396630 +30323432346464656561616139333161613936643465353136663266313736313437623538613038 +30313136316364653839663538633532333962363365393831376661313562393436613630666331 +33303739613466366164376337396335663133646164616430636633366161643634663930663939 +66373534333039303433653733336131656630333661393139633634336638353965333037383062 +31336663366365326134663862353938386237313731363634653937336133633133643566656466 +35313235623137633861316633326232383437613039373962336137643934313066366138326234 +32306464363334323563376166313437323435306564336634656162393966646134343736323538 +34616564353839343935333838326261353239333361343037366136333662366664386166363764 +34393064326539366364366234303066326635613765636232323737636133626431316632316537 +32666131393331623061396666376236333664303032623434346661356236383962616565366434 +36393838343838623533623466373365663862303337366262363163313336616465363865356233 +35633562646436656636333461353535636430393064656564343339633734353436346533316434 +65643265323363343938303862353730636137633038633861393262626463623537626635666534 +33303637653863333532353930353331643366306432623863646664363862343665343233663461 +35343731386232633639393136633731356462633237666630616561363532653163616265333330 +39326533353466303235623036313334373034646161653761666131663830376333313330336165 +62306365323565356661323961353733336631333430343038393430303738383961616463653864 +63316433323039643132393934373830626130313364626566623834613363663665323063323936 +66643338643463393031366437643063616462663565323936313235373564363833333734633162 +37373030326533653831633866346662626639343631633135373630646231666536376466623462 +66303332333438333563353835653330616530623533313537666236663234316661643531346562 +30393030666232643163613932653231633266326438346635353562633732653032633631646662 +63643465333538376232313166333138386139326533643766393938613964613234616363366534 +64626137386638373934643730373963656337663462643466363563313238386563373539323538 +32393239656630613330376639313561313164313065613366383135333738653239373630326330 +34613862663638336366663764386635653339306230396338656263643362376161646238316661 +37646236343364626132373136653437346266636165313761623938393830613562313531363032 +32623531323131383365373964613630353130616432303530323031303534643639636664386133 +30313433613536343838343735396137313764653539623730333338376662373335613862346136 +33636264636564343761346234393830313965336164393835613331613162613564393565346437 +37633132343931636261343434366331663834303335633536393463633966623337386230383039 +35646434383632313865636637373461386335613731616637636364626332393461303264623732 +32666565633231623133656266306130303432633533366362383537326338636336666362386234 +62623162336134333264336161313834623733353762316238383932303837343866613332333439 +30663261653335373335313661303730326331666232666161643631363266333632326431343165 +37653936326333343364373132346162373461363935333662343432353365666433306364366666 +63653433356432373230346333643335303939613437306433376332616331326339393232613465 +35306235393465396235633761363764663333303864306639373666626535303635646439396333 +35313038663335393237386665313561616466393038336464383433393762333363356161323864 +61613466623936653530373765313731383963393831613964323562303566313239386132346131 +36666463373730633666303737343337656433336363383765363139363166303565323465376363 +37623439376330363936353830653633343366653335333938326364366230373665616264333865 +65323438393933616161653138313434653838303038373566373039383963346439653065663261 +62343161356532323861663962363565623934613733643062383732396264643562386433363163 +35663432656461373337643435363030393933336239623861366161346264613066653839333338 +33633261663236336366303261626134306265656137343765623539626563376337653761633631 +36616639653532376566346330616438306632393736613638613439363164336338336662616632 +38333365636130643434666634383434386331383461633761653236386630353663623836373766 +63626365306636373034386661643537313934656661373237306536376531613766633638616533 +61323538363931643238396531656436383762346130383030323162656630376530656661633134 +32323437633863323937393562383265336265333765373438353562306339663736613039343031 +30616563363137616231336538666638363431643134323866306361386339323437643737666130 +30623835646633333364646639393134383663633031633936356238653663303730353433363536 +39666132633036373635333963343935363235323861383637326637386530373238653131646437 +38623030353232626461616564623630333533613733303932303936653036663339316361303432 +64346331666535336539323463393733396462663762396232336239656638383666623032366436 +65313463366534343265333265626434616135376264353636656565613932653539646336393032 +33386631633839343564653134636538646230626263326633323663356436366232363664353936 +61393231616364383062613133373062353039613938626236656463616232386630353239613131 +31653431333239346230633731636537353662333130656364666134306461336239363938363565 +61333665373438313461663134613162393532623363623761346561313330656130316262386261 +62373333613861356133633964656332313866633165313562306636366465366462313865313735 +61333932633562383134383630393836303866383266376165616462616338366330333135643465 +37356561343861623564343961353235306338333836643565646636323465613430373062356263 +30346364323237343837643336653934653834306537396632326538653132363930646366346530 +64393963656166616239393530373532343739333466643666643835346233643566383536336463 +38343635613536366161633631393366623066613533333337626665303665323363626132613537 +66656332323936353464393933353562373430373065373965316264316335326664353637663236 +64353765643932346639626362306237353864343830636565643636653633303065353131616634 +61373631343932353265636634616665346430373666613337326264313932316433656437303037 +62616130356233643362356162663662653236643861333530363061376239343961316162313235 +36656336343565323263386266663930373639346238343566636563376431386138353030393631 +61636632646236383566333862376363626636613239343935653066653835323639323837663664 +33626333623734346363343533643931656330656533666662666362363431313561636231616237 +34633833336264396633306437313230326130353234303435396132333161343961383033303939 +35373230393061656134343832613463613465623064316135626131393738323832303462386564 +65373366326261363263666362323030643263343633306362633663613033303638623761356537 +61633664386533356463363036363039653465656633373462383337393965633536353762313539 +34633632313430333166313737336633646535616230306466623834653935336537646539616664 +39646663633162643637393964353531333831376363313661353665376134316537353434633831 +33376436663862313663316566383665383537396337626133313132373733336531643464336263 +62643031373239633939323935373961363963613161346637653434356261646662383465666134 +32373866383065613037366334303931393161343435643030636565383335626630643366653965 +31613935343431633833643932356565313937636438633566343533363736353037393064333163 +66373338323765643861383531363665636339353836613364376133356434356661656563306662 +31623637613130616361646463663431376130616266353166303030393134333934373766623936 +39623736666437303464323363333836353733363939346636646566336137303536656263653662 +63393965353062326131653838376531306634663231646365323465386263363330363237303733 +34663864356139363765623030373639376533363037626464383137343534343464623937636336 +35376636303063333636656634316330363065353364636136383637623964616237336330643437 +39356162356634316130316166373133643063323461623731653535336230303439653836653161 +62306336646231626632306161336233366636623535346565333137356561616635376437333033 +37373430613665306365626431353262633931373630383535313464306331633538646665646362 +62616566316130623834376364383665306130306539646133353238373861376562633031666661 +66633034366264326335643632363236666235353030343836666233656563633139376638643763 +63323932363634613230343932376436356434343164646263343464366531366361656666333765 +39363166343233353361373239636332626462613162326162373333643134393664313666323035 +34306139623734393039373661396463343465613462373130396263643830363334333037363637 +35633761633130383730663134613763333630356563306539323234353532353364363938626331 +31376234653930666631303564643065633030613266393064346163376534343963306537306336 +36303033313766346462653131333735633338623064323964333961366164356134346636363365 +33653265643663393362363033323632633862623934613638616161353039303433323830343233 +63343733313765373562666164333538613963363963383431616632643636663763636362663034 +61363762653233343362663732653762333761646265383932373036323566633534386661623936 +63383336653562336466323063373037646566653332366639623835653165386632303065653735 +62636634643764386365306163633661356130653032663333396166363039623033646139346537 +38333561313934323962366262316162343165363364356664663330636631363965383730636637 +61383766353762316230653837643564643161613161633561366563343365316337343633356339 +32323839663731616261353764383364396661323230303539313035656437623964383138376264 +61636534353639373665656131323835353832343666646263303461613764303633636339373366 +37306266306163313065313164393930386338343635393865613562386461613763303937396335 +61353361353738353033326561326465623833316538336538336333633564653761653036323561 +36616637343465323062326564646133353530633064303539313739303134353736396633616332 +38383735376464383934393032633466633036393464346561626631363534396537373962373764 +36343761386365323337613030323330396130396163633835613063313261343066306262656661 +38306333353363633238623737646332646464306238383637666236326635346131653331636364 +34643039633163396137653564643134633039356465346562323262623063316661353638336233 +65366265366438386633333362326435643161346664663736326437623530303135373132313364 +39396561383064666436623265356632366539303863333531333266336464313637303337323663 +61636138626162313465393161346265393465363164353861643830333963303261363231396433 +35366137626638303035626230633565663931656165613165343537346561326531303766616266 +66393061306136623661656139386565356637326338313838653031633736376131306238646132 +62343734663233343935653964633764323432346565343838323462353435653637353565336364 +30343633303862353332373964343732666533653232633863383962626634613064 From 1fe8d1d28bfab531fc714f038283ab4030a085cb Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 13:28:49 +0100 Subject: [PATCH 101/146] Remove "Root Aurore" SSH key + add histausse key --- group_vars/all/vault.yml | 362 ++++++++++++++++++--------------------- 1 file changed, 165 insertions(+), 197 deletions(-) diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 89937f5..3db555c 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,198 +1,166 @@ $ANSIBLE_VAULT;1.1;AES256 -63333334623934376334363635643536623263663238333835323935306266306234633538336333 -3735636661313837393933303266396363626634623437320a633936323238353736336132393834 -62396432396233343735643163636237386632623062363566313839396437393237316430653832 -3635653362346565360a626636323538313632363838626235386133393338613966646462663837 -63333337346431316638633036313533636334313432313266363232333465626331633839393832 -31343537393365373932396463643761343431623934306231323534306132643963393033346264 -38306531353632363336303931623665393833656461663032383663386663616130323430316561 -64373361393237653033313836616237643936666333363464633665313239336662393533343866 -30353537333065393566346538643334363231316539386161363366626234643261616531643336 -31613535383739313831656561623864386334326663346138386534363330353930663630363835 -35653937386136366539316330313564653932613963313630326663386132393437643137333536 -36633339336235366338303665616538656662656534376161646333653733643832343633346361 -39626233666230636136353331613233393962313664303466333738303437643331663434313966 -61613364366533316165656263626232373334303264366531643739383735613462376138653535 -63626363386335393134346562633362343532643961363335656633303364356563333330613438 -32393733336231386433626338336333636230306563663739343436333861363733653462613835 -39633064633665333238643033663866376139303762356530653333393834386439323131653031 -63386137353238623337396135323934383465653435336531316432663464343331666666633165 -35303466626537363363376663383534386462363439363937383530633436343861626466313035 -30633438663636646464666436623362643430633462643063646434306361323964623134663935 -35393533633537626138643564623532306530613661363262363037623037633561363337613866 -32363762353830633137386134393866303330626135326639336364303037653438356135323261 -62303835653331313831363963333930626632623765343630376636396363383361396265653034 -36333364646530636138313133646230336235643630643933663634613133316439363735323361 -64383962383764383362363737356364353965653763663661623335363639336636326337353835 -62623838633065666635333965633032323934316438623136376637646433616533313933303830 -62366264313334666263326339393435343930333530396334313931393563353339653037326639 -64643932386137666530626532623237363266663164333764383964653334346366336462666366 -30333036393065363631306630626161633235323932316665343632633335646135393062313036 -37313838363061626664363863623137303765313836396432336235313238623635653630316466 -65646237636463323563653736636139626630646134303833376663366239303538353033346431 -61306261373739316636393464373030636634343230626366643166356463643265646331343062 -39333031633231373031633230363261366432656263656636383962613961343636643564366235 -39323338393136383864363337356165373530313662306331316562356361396134663039643237 -35306662613037373739626236343135633833323966386433356136656563626138633366313837 -30383064336362626231653661346638323638636438303934643864623837376163656437633762 -30323362313735636336363763346431383566646339306130663664616439316132396535633664 -37663337356466343661353735356263303131303237303637653566653533633534663963663430 -31626632353637373033363835306362396533636632636332616236356337623134626164366139 -35343830613337313865636336376439316437333335333337656337333361633031303636376162 -30663330333332366633343466313665633034643364333736653930633539343733363866633133 -35616332363663383732383364363763356165656433376266343239313237613464616330393739 -66666338393262333936376633353366366539656339373163373137363836616462633763376535 -35663938626531393532376165336235393361633135663966366433343931616163633063636432 -63633834366333376431313966613737623832313130643336323238626164373436656562616235 -66343230376131326366316335353339353164313861643731353331306130646330313066303131 -39363265613131303632353436633461653634636530626164303164386463643861353062646337 -66396263333239396339623537623734336536653638353033393564343139643837363937616130 -65663730646364303336363331623537316433323035393538393132333462643938343936666435 -35666563646631333738623039306466636433316231316137356335623562633166323533653033 -34366165336262386336393034633836346534306166616535343464386631393735393066386233 -66633664376632633163396264623938623834346533616463333637396561623261313536323635 -35643865623434393338666139326431393663383432633465626236363533356161366239313737 -65346536363532356231643463646236383561393965626564313830386531353463363836613437 -30303138383736363361316361363265646232393865623836613465306539346461653965653662 -38623133333037626366666262613861633832326632326235313565653162353438333864656636 -61663131616339623564383063316132633562323366666136393363323335396237313431666436 -30646561326164626266636238386333346136656438663334356335626161383862363832653730 -31626536393464303539326466346230386661316261363138636665386266363734663038663261 -36623861376538393437663962343339646365626431303934316634383464333638636666303232 -36303331333561616535333031616235316335663234636466633366326465333264353062666133 -61636264386366396165343866633036323438393164616333336564613363316666333433633464 -30323262316166323264316639373737326433303334636533656539626261323763336135316166 -34643032653662616465353437343563663961623530313133666531303438643935616237663133 -35613135383736643561366334366230663237656631356235646335313039326231636634343061 -36346436333737343362663266633761376433653764353635646363643666383238623761626338 -34623639643037363634373566346432363830613936653563346265306437623966346466616330 -63373465633564653666373465653436343961633434313863626563316234303132623537636336 -64383532343863636562613835323930623232353236383235386530303565646535356562356561 -38653535336238353566646261613433666437653636663830396634363338643835316263623662 -34323331356539333261626532636135313862663938636438656234653261376633313731643862 -30663666303134396161326363323465303038333139313933616265373238626163343061643533 -34396536643465386439643430393566633662316164356463303066333334303532393233396630 -30323432346464656561616139333161613936643465353136663266313736313437623538613038 -30313136316364653839663538633532333962363365393831376661313562393436613630666331 -33303739613466366164376337396335663133646164616430636633366161643634663930663939 -66373534333039303433653733336131656630333661393139633634336638353965333037383062 -31336663366365326134663862353938386237313731363634653937336133633133643566656466 -35313235623137633861316633326232383437613039373962336137643934313066366138326234 -32306464363334323563376166313437323435306564336634656162393966646134343736323538 -34616564353839343935333838326261353239333361343037366136333662366664386166363764 -34393064326539366364366234303066326635613765636232323737636133626431316632316537 -32666131393331623061396666376236333664303032623434346661356236383962616565366434 -36393838343838623533623466373365663862303337366262363163313336616465363865356233 -35633562646436656636333461353535636430393064656564343339633734353436346533316434 -65643265323363343938303862353730636137633038633861393262626463623537626635666534 -33303637653863333532353930353331643366306432623863646664363862343665343233663461 -35343731386232633639393136633731356462633237666630616561363532653163616265333330 -39326533353466303235623036313334373034646161653761666131663830376333313330336165 -62306365323565356661323961353733336631333430343038393430303738383961616463653864 -63316433323039643132393934373830626130313364626566623834613363663665323063323936 -66643338643463393031366437643063616462663565323936313235373564363833333734633162 -37373030326533653831633866346662626639343631633135373630646231666536376466623462 -66303332333438333563353835653330616530623533313537666236663234316661643531346562 -30393030666232643163613932653231633266326438346635353562633732653032633631646662 -63643465333538376232313166333138386139326533643766393938613964613234616363366534 -64626137386638373934643730373963656337663462643466363563313238386563373539323538 -32393239656630613330376639313561313164313065613366383135333738653239373630326330 -34613862663638336366663764386635653339306230396338656263643362376161646238316661 -37646236343364626132373136653437346266636165313761623938393830613562313531363032 -32623531323131383365373964613630353130616432303530323031303534643639636664386133 -30313433613536343838343735396137313764653539623730333338376662373335613862346136 -33636264636564343761346234393830313965336164393835613331613162613564393565346437 -37633132343931636261343434366331663834303335633536393463633966623337386230383039 -35646434383632313865636637373461386335613731616637636364626332393461303264623732 -32666565633231623133656266306130303432633533366362383537326338636336666362386234 -62623162336134333264336161313834623733353762316238383932303837343866613332333439 -30663261653335373335313661303730326331666232666161643631363266333632326431343165 -37653936326333343364373132346162373461363935333662343432353365666433306364366666 -63653433356432373230346333643335303939613437306433376332616331326339393232613465 -35306235393465396235633761363764663333303864306639373666626535303635646439396333 -35313038663335393237386665313561616466393038336464383433393762333363356161323864 -61613466623936653530373765313731383963393831613964323562303566313239386132346131 -36666463373730633666303737343337656433336363383765363139363166303565323465376363 -37623439376330363936353830653633343366653335333938326364366230373665616264333865 -65323438393933616161653138313434653838303038373566373039383963346439653065663261 -62343161356532323861663962363565623934613733643062383732396264643562386433363163 -35663432656461373337643435363030393933336239623861366161346264613066653839333338 -33633261663236336366303261626134306265656137343765623539626563376337653761633631 -36616639653532376566346330616438306632393736613638613439363164336338336662616632 -38333365636130643434666634383434386331383461633761653236386630353663623836373766 -63626365306636373034386661643537313934656661373237306536376531613766633638616533 -61323538363931643238396531656436383762346130383030323162656630376530656661633134 -32323437633863323937393562383265336265333765373438353562306339663736613039343031 -30616563363137616231336538666638363431643134323866306361386339323437643737666130 -30623835646633333364646639393134383663633031633936356238653663303730353433363536 -39666132633036373635333963343935363235323861383637326637386530373238653131646437 -38623030353232626461616564623630333533613733303932303936653036663339316361303432 -64346331666535336539323463393733396462663762396232336239656638383666623032366436 -65313463366534343265333265626434616135376264353636656565613932653539646336393032 -33386631633839343564653134636538646230626263326633323663356436366232363664353936 -61393231616364383062613133373062353039613938626236656463616232386630353239613131 -31653431333239346230633731636537353662333130656364666134306461336239363938363565 -61333665373438313461663134613162393532623363623761346561313330656130316262386261 -62373333613861356133633964656332313866633165313562306636366465366462313865313735 -61333932633562383134383630393836303866383266376165616462616338366330333135643465 -37356561343861623564343961353235306338333836643565646636323465613430373062356263 -30346364323237343837643336653934653834306537396632326538653132363930646366346530 -64393963656166616239393530373532343739333466643666643835346233643566383536336463 -38343635613536366161633631393366623066613533333337626665303665323363626132613537 -66656332323936353464393933353562373430373065373965316264316335326664353637663236 -64353765643932346639626362306237353864343830636565643636653633303065353131616634 -61373631343932353265636634616665346430373666613337326264313932316433656437303037 -62616130356233643362356162663662653236643861333530363061376239343961316162313235 -36656336343565323263386266663930373639346238343566636563376431386138353030393631 -61636632646236383566333862376363626636613239343935653066653835323639323837663664 -33626333623734346363343533643931656330656533666662666362363431313561636231616237 -34633833336264396633306437313230326130353234303435396132333161343961383033303939 -35373230393061656134343832613463613465623064316135626131393738323832303462386564 -65373366326261363263666362323030643263343633306362633663613033303638623761356537 -61633664386533356463363036363039653465656633373462383337393965633536353762313539 -34633632313430333166313737336633646535616230306466623834653935336537646539616664 -39646663633162643637393964353531333831376363313661353665376134316537353434633831 -33376436663862313663316566383665383537396337626133313132373733336531643464336263 -62643031373239633939323935373961363963613161346637653434356261646662383465666134 -32373866383065613037366334303931393161343435643030636565383335626630643366653965 -31613935343431633833643932356565313937636438633566343533363736353037393064333163 -66373338323765643861383531363665636339353836613364376133356434356661656563306662 -31623637613130616361646463663431376130616266353166303030393134333934373766623936 -39623736666437303464323363333836353733363939346636646566336137303536656263653662 -63393965353062326131653838376531306634663231646365323465386263363330363237303733 -34663864356139363765623030373639376533363037626464383137343534343464623937636336 -35376636303063333636656634316330363065353364636136383637623964616237336330643437 -39356162356634316130316166373133643063323461623731653535336230303439653836653161 -62306336646231626632306161336233366636623535346565333137356561616635376437333033 -37373430613665306365626431353262633931373630383535313464306331633538646665646362 -62616566316130623834376364383665306130306539646133353238373861376562633031666661 -66633034366264326335643632363236666235353030343836666233656563633139376638643763 -63323932363634613230343932376436356434343164646263343464366531366361656666333765 -39363166343233353361373239636332626462613162326162373333643134393664313666323035 -34306139623734393039373661396463343465613462373130396263643830363334333037363637 -35633761633130383730663134613763333630356563306539323234353532353364363938626331 -31376234653930666631303564643065633030613266393064346163376534343963306537306336 -36303033313766346462653131333735633338623064323964333961366164356134346636363365 -33653265643663393362363033323632633862623934613638616161353039303433323830343233 -63343733313765373562666164333538613963363963383431616632643636663763636362663034 -61363762653233343362663732653762333761646265383932373036323566633534386661623936 -63383336653562336466323063373037646566653332366639623835653165386632303065653735 -62636634643764386365306163633661356130653032663333396166363039623033646139346537 -38333561313934323962366262316162343165363364356664663330636631363965383730636637 -61383766353762316230653837643564643161613161633561366563343365316337343633356339 -32323839663731616261353764383364396661323230303539313035656437623964383138376264 -61636534353639373665656131323835353832343666646263303461613764303633636339373366 -37306266306163313065313164393930386338343635393865613562386461613763303937396335 -61353361353738353033326561326465623833316538336538336333633564653761653036323561 -36616637343465323062326564646133353530633064303539313739303134353736396633616332 -38383735376464383934393032633466633036393464346561626631363534396537373962373764 -36343761386365323337613030323330396130396163633835613063313261343066306262656661 -38306333353363633238623737646332646464306238383637666236326635346131653331636364 -34643039633163396137653564643134633039356465346562323262623063316661353638336233 -65366265366438386633333362326435643161346664663736326437623530303135373132313364 -39396561383064666436623265356632366539303863333531333266336464313637303337323663 -61636138626162313465393161346265393465363164353861643830333963303261363231396433 -35366137626638303035626230633565663931656165613165343537346561326531303766616266 -66393061306136623661656139386565356637326338313838653031633736376131306238646132 -62343734663233343935653964633764323432346565343838323462353435653637353565336364 -30343633303862353332373964343732666533653232633863383962626634613064 +62653338373865656231663838616362303131383034663431663139646433653762323437656463 +6665366431376666636431366365643534636438663433320a613931383431323661656339663235 +31656464373634386430663838373566306663633631663066373930353534316136383738633736 +3137646638376231360a333330313261383936353630613234373035366162643663336437383966 +63616635633938346635313861333339303534626164613333376462393561656635613733313833 +66386639646634376132376338636565303333616532373932386230653566353838633337313463 +64363265303736383566373033653763366630613431373165653539326231316530386366643762 +38656161376363653165386166623331396239393238323362316334393933383737353565313937 +65656564643030356265346533613961636230316333613539303462336334366139343366323461 +61666563346464323066316536363339653135633537323165663633643664636333643235336430 +37303863376536396566313339626365376130633635623838363338383964613639383466353139 +62393837323239306230363661396533656333303163656561626538643061653565323635323530 +39303664613539643734373330613136343336393266613033353432666636373466333330316234 +39333032303835373563373939313733613262366161373630366534316431303430636336343934 +31653366666461666337633265653236383630656164623761333031643939616561303330336261 +36396361653839353230383165393162386563373231336437383664656230373832646364383461 +32313938643738366336373061386133356637306435636633343533653838386332616130333436 +62333330366431363161303131353861383336383139373034326363653134633265633030346433 +62346666633836323135663735363133626265616432653665333564363662333734646530333838 +32356663653839336561633564333261663262633835623563653961303461623938386131623335 +33633235623132653338623131336564363232633339633732313835343135373666643466313130 +30353736336333303361646362363163396633663737386334303538616161383337336637336664 +32653930383831363531353137316435643363303330333435346364336235633536633831663466 +37306462643335303335663837363964306530336365643738376565373035376638626338613636 +65376462633931623063663538383133323264316465336261353961323665386464656165323462 +64303032373635316263636235383863356532363239376663323361393331623830393764336132 +61306564383039383931396364353461663539383636373830383539663161396632383631353665 +36363437326538656438663734633539353066333833386434343931613935356662363266623434 +30613766363161643733356463323535383434313436643132363363356532306638333635653063 +30633633366235323363363562316461656236623062396138656262326566363233623564653265 +66383534313538353165303739363835363837353065396433363739386135306364653738306638 +32613462393561643037633431363438643833346539386435373166646232333830373964373535 +63636230373263336534613134303634636131623362316462393161636264346131343465623233 +39303736373231666165643762663335623939376634373939373437663865653865333235303739 +36353636313266343931623032333031323165666437393334333463646636363931653038313637 +62656632333838613333336631333832386531643362316635666463303734636462613763303137 +32363834336536373166666235333634623833663030666136356232643464643537323361396434 +34366362346137353035393438663766306537663939643465636563643831656535343762323232 +62626532353965356461336161376531623063616638633732363430363361646539636435623365 +32633639343635313231323937633030336164646332323631343831633936613961356438666638 +65643430646331613433313934626661326236366335393637356364636661346361653339346565 +62646664303562373033306365633565393337636539336133643564623133353033303266343231 +38306539313531653764653665376464316562333235623232306331323264333264326535343734 +36366139303730313131626133623034623132343337373033356436353564343064376636633230 +34616635633138303630373035363764313732383766313732363766316534356265376666343336 +39376339303839336237656565633362306631343066333766363137346634623462323436663438 +31653366393335343933323036633365623761353830663234613862373232616431623134666166 +32396139313834366230626635393637356562653865633431343564646264613663356666336535 +30323261383330376366363730623661626163373463363233366533316636383533366331653831 +35646138623336653230373964356437383337613535353235343864653630383938356333646365 +38636538613566353830613066306665633035663734333763336631623531336634336434356563 +63393939616561633962663532356636366561333736336638653539373366646566353035656137 +38653939646139663631396237376166663162643662623538333233626565393139393736303135 +38343738363232633938666536373734386437346164346131623736363861313665653738396463 +38383830653166336335373431353561373434373065626234396661616530323733373961623939 +62356235306561346537333963306232333731626436396332373564613532313466373932646132 +36306330336630386638343931386165653537613835646436646533343438663434653066306561 +39653432616464393038626634396535326435346165623232396434366462356530343235313935 +31306237326631336531313931663930663032663264323639366630653663303164383462363064 +64373165306235373734303763643430343434326231383939623032356335616430653863313462 +61643035646132386461393839326365353964316434386533353661333937663832313865353237 +63343537373164313963636561386665336434633037376433663739363239666634636530373430 +38373564666362653633666138366665613033363731346566373462323462333362333333643135 +31656561613030336634363133663532333366636234626630613836313937653363303836383434 +37313064313939616639626137663163383766336232383333633830623531626435623035346661 +39626235666532616366643063373636316430643437393564393535363564396239656131626430 +33323262376439363333346661356335303233373161356162336634663934323937663232626366 +63386530316139396662633539646633346638663233623639356661633732653964613939653834 +37613236363163623336326239326437666336643134643536636664313132336662353933393366 +66313661373838656331333839663164663733393736363866366338613434633836656162353232 +61306136623931626333363936306130336461303738343364653333303962616331336164366164 +34346662666137303463363334343964623936653533306436633739346163313739356265343234 +33316363373439336661656264356662653662353064363930643839643063383762373439626164 +65323536313764353638386334363461373935326239366233353639353933313335303231383833 +39666236383834623266653835393036663538633933303038643935383932303264383330663466 +37306561346638623066356630366533343962643762633463323233323963653635623564333031 +34326331336539616533356630616633363434353562383866363364666664613839326237373466 +63346237323934303866653965323361643837633834616433323061633961303238343538323131 +62666364636138303733313939303536316536353139623066366534383661356266323036316661 +36646339303463613565333261656637353231643463356133633630633035626239343230346361 +32336434303530313661373464353961363731613862346639643138343737343962653237383835 +65326662633835643264336437343666353330666262326132386136633230363433626435653337 +33613535626637303565636566363264613836646663373432643466666566663534626130393335 +30666531393336613035336666306334313730633466643264656337666539333362383663616263 +62333235613534366130346365336535363337333139366562313337623535383461366265383239 +35656463633261306239633233333664396465613162356164336131656430373062356131323065 +65636566626163656534396639306539303830376163633261616439316232373437636564636462 +38653633383962623135653839316232333066366461313434653630303633633236623931663233 +30653531643863326435373237366533336165366637333636666636353764396638313735346462 +38633132303664666161393161626439666230376536303530623032356561373663633235386335 +30646164613135373331383461313039313837373831653264643635376232646361336635396231 +32646538336236363937336639333137663135633038613133363538393864653831313132663965 +66383631323761376537643662313237336262616363343231343138613762316564363962356437 +30336431373364356231653332613836353731303366383338386462663033633639363862353838 +64633264376330336165373363313063346234376164373263366261643534386139396362613039 +35306534643135643437626566633864623631363133666362656334623463306163313938643564 +36383965613037313739646439396138393636373261653466653866313165313934303633653430 +31303064363161636330343866346239396639646137623764306433313538656331663137373966 +36323832643731313966393331333437313163373434373833383937396261306331353330326261 +66616161363662383535623362303165363466303265613231336237626462383233373037356230 +63373031653139326364636166323566626639383265353834633932643861643936613730313531 +34626233396631613031653565393839326131396239653339353366393861616363313938396666 +30616261373131303935343063333134323937313666616166623465373339346230383437356539 +37623131346461323734616438373163643334666637666434313837393162386331356639343264 +63376432353438653434313632333531353837353364343138333130613336343630326561386665 +33616532636461643838613835633364633863363730663333393466333866373132313439386535 +39373639376538373733353830366432323038633664343630373163616338663664623638626134 +39653335333462616339633834353062313662303462313761386636346262353565626531663331 +32653635643337363234366533346530386332663066393365656663336335376235396166303634 +30616366613261613034366262623661623635663265303433366366373730343265323439643434 +30623937313863356665383066303334396637353436636135346338346134343866356631393433 +63393064633731333833316230343266313361316632383436646138386130333266643933333435 +34666161643630373735656238666338613034333032306564316461616362623861626364643832 +39646538623131396165346333303061346630386264633737613065653030356164623531316566 +36366431636338616365306138333931643464336662303236643966633865393666356263636630 +33643634336164383463646434653331666233616166666234363730343234363962363931326130 +39393130656339383938376230353665346464333964653766386233626530323333623237623366 +61393263393863396237343033393033666539343136663161623861313734633739613038303539 +30613232653765616263346162326130663139633235333934316431383932653064313739633838 +61396165306330616666626237663931653137373331633566303430323435313766613963366337 +33356437343938393134656138323965653361663563373362306264383834356436383464366538 +65623538306137393262306336333561383033323731643664376130633736343662393166643865 +61616264386464626566326466336366656338626265373564643934663834393963323330633062 +64393439633530343961623935373539393461333833346162373732393966633166393939323866 +33393030373331666532333732626435646335333033343461333633656231323537633362646130 +35316139666137656238396537366133386365636139636463663135663430383339636336373565 +64316635336333666639393035393135313366353066353837613833653065303131353163396366 +33363764383434373663336632646139663666643334373733393637363361353865363934306461 +30616663653563366438386632306230626362623361306339313664386663663736663939633162 +30353434396463363266636437316261653063313962666335386630356165616133613036396635 +38626239303638663366353632366137323637336433623833386362313432323561353634363933 +64636339366632306237336262633236346333373063653362306237346562306333636634336435 +30393566376536366362316638323261316462636334356266333561326632643338383162366439 +39633862666665366661336162373136306537393832613535343663366332326666343064356139 +31633232666332656639383434373536653130616437363931643836373034656462396135393531 +30613334343462316661623663336532333635303834643738323734316436336238643132343731 +64303232363636633839326539366636613663346166643563663662616537333365316466396665 +37326265633764303465373936333130306366373531323237656136366431633439333231623961 +39303561333836363263363066303739313530623032386533366132653866623535333363663463 +65656539366461303538353632326136386331663230613235653865666564633339353337383965 +36613436323037346239613165613035666137356565383731383765626534313038326462343166 +32653462363134623731636638326466393363356664373239313263633933383138336338393135 +31633637626436323238653133366130613830333531633333313538343266636166623037333961 +36623834313733653738613136366230626630666637363231383963613862666530663465356137 +37386466306332383032626366383664366536376364393865396339316533636263653336343361 +62343361363639613063626336353333323737626636623033333731383133346537333765666161 +37313234383238353934626136343766353963376562646366623735356463626264666566383366 +38363339623631313933663563303465643532386437383731353839393461623437663130323932 +33313364336430336362613562396137643836643666333065643836653935636538353635363339 +62373131623232653530356437393233353731366435653235306534363730373166336137373737 +63353731623862323361316539396137373137393961633337313531363436303637366631656535 +39353065666132636566663165333739306465616238613432373136313432363535333363313434 +34343534323361323934626166653433623836386639313538363933373262666633316438356430 +34623634613761646339346462356365346139656263643230316264643838643431353933613563 +62363634306661376663323634393736383063643132643735353863646537356334656438646163 +64623235363938346231663636373137353532343264366130353866626531313664623565633235 +62323939386264333433663863363865613262373061666130663166383235333336336630663136 +35323236326231383933323632646662666364643430613562643339393134613634326337343932 +32336463336463333239373231393530393238343633323164316539623237306162663035393431 +33333065373464363036633831346434386336383164336365343961393039616435666533396366 +35623837633162643765643966353266336533623165633966656336613830316130333962313865 +66373262643135346565303164326462633934613362643735616235316239366432393936376438 +61666661323230363265643433623361633137663234323330373630353437656537653462303536 +32646165376661336330313939313235343335343137626566343164346432363230646366373864 +63656162643632333931373934393133316261323665343764386662346535346466 From 9eeb8ccd733fa8519906110ba180254b2c049393 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 16:08:08 +0100 Subject: [PATCH 102/146] Remove non-Ansible SSH root keys --- roles/ldap_client/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/ldap_client/tasks/main.yml b/roles/ldap_client/tasks/main.yml index 8599950..94ed070 100644 --- a/roles/ldap_client/tasks/main.yml +++ b/roles/ldap_client/tasks/main.yml @@ -21,4 +21,4 @@ user: root key: "{{ ssh_pub_keys }}" state: present -# exclusive: True + exclusive: True From 958eaa1bcb9eb66c3e06cfd8e585571921dc1a36 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Fri, 5 Mar 2021 00:54:44 +0100 Subject: [PATCH 103/146] Use label federated_instance instead of instance --- .../prometheus_federate/templates/prometheus/prometheus.yml.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2 b/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2 index 52e5a92..ee7f4a6 100644 --- a/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2 +++ b/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2 @@ -31,6 +31,7 @@ scrape_configs: - job_name: federate scrape_interval: 15s metrics_path: '/federate' + honor_labels: true file_sd_configs: - files: - '/etc/prometheus/targets.json' @@ -39,7 +40,7 @@ scrape_configs: - source_labels: [__address__] target_label: __param_target - source_labels: [__param_target] - target_label: instance + target_label: federated_instance - source_labels: [__param_target] target_label: __address__ replacement: '$1:9090' From 802bfcc69828e702b092e23fbee7dc6263748d14 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 00:38:36 +0100 Subject: [PATCH 104/146] 'prometheus-federate' must not retrieve its own federated metrics --- monitoring.yml | 1 - .../templates/prometheus/django.rules.yml.j2 | 106 ----- .../templates/prometheus/snmp.yml.j2 | 387 ------------------ 3 files changed, 494 deletions(-) delete mode 100644 roles/prometheus_federate/templates/prometheus/django.rules.yml.j2 delete mode 100644 roles/prometheus_federate/templates/prometheus/snmp.yml.j2 diff --git a/monitoring.yml b/monitoring.yml index 53bdae7..f83c2e0 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -121,7 +121,6 @@ - prometheus-rives.adm.auro.re - prometheus-aurore.adm.auro.re - prometheus-ovh.adm.auro.re - - prometheus-federate.adm.auro.re roles: - prometheus_federate diff --git a/roles/prometheus_federate/templates/prometheus/django.rules.yml.j2 b/roles/prometheus_federate/templates/prometheus/django.rules.yml.j2 deleted file mode 100644 index fddd398..0000000 --- a/roles/prometheus_federate/templates/prometheus/django.rules.yml.j2 +++ /dev/null @@ -1,106 +0,0 @@ -# {{ ansible_managed }} -{# As this is also Jinja2 it will conflict without a raw block #} -{% raw %} -groups: -- name: django.rules - rules: - - record: job:django_http_requests_before_middlewares_total:sum_rate30s - expr: sum(rate(django_http_requests_before_middlewares_total[30s])) BY (job) - - record: job:django_http_requests_unknown_latency_total:sum_rate30s - expr: sum(rate(django_http_requests_unknown_latency_total[30s])) BY (job) - - record: job:django_http_ajax_requests_total:sum_rate30s - expr: sum(rate(django_http_ajax_requests_total[30s])) BY (job) - - record: job:django_http_responses_before_middlewares_total:sum_rate30s - expr: sum(rate(django_http_responses_before_middlewares_total[30s])) BY (job) - - record: job:django_http_requests_unknown_latency_including_middlewares_total:sum_rate30s - expr: sum(rate(django_http_requests_unknown_latency_including_middlewares_total[30s])) - BY (job) - - record: job:django_http_requests_body_total_bytes:sum_rate30s - expr: sum(rate(django_http_requests_body_total_bytes[30s])) BY (job) - - record: job:django_http_responses_streaming_total:sum_rate30s - expr: sum(rate(django_http_responses_streaming_total[30s])) BY (job) - - record: job:django_http_responses_body_total_bytes:sum_rate30s - expr: sum(rate(django_http_responses_body_total_bytes[30s])) BY (job) - - record: job:django_http_requests_total:sum_rate30s - expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job) - - record: job:django_http_requests_total_by_method:sum_rate30s - expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job, method) - - record: job:django_http_requests_total_by_transport:sum_rate30s - expr: sum(rate(django_http_requests_total_by_transport[30s])) BY (job, transport) - - record: job:django_http_requests_total_by_view:sum_rate30s - expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job, - view) - - record: job:django_http_requests_total_by_view_transport_method:sum_rate30s - expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job, - view, transport, method) - - record: job:django_http_responses_total_by_templatename:sum_rate30s - expr: sum(rate(django_http_responses_total_by_templatename[30s])) BY (job, templatename) - - record: job:django_http_responses_total_by_status:sum_rate30s - expr: sum(rate(django_http_responses_total_by_status[30s])) BY (job, status) - - record: job:django_http_responses_total_by_charset:sum_rate30s - expr: sum(rate(django_http_responses_total_by_charset[30s])) BY (job, charset) - - record: job:django_http_exceptions_total_by_type:sum_rate30s - expr: sum(rate(django_http_exceptions_total_by_type[30s])) BY (job, type) - - record: job:django_http_exceptions_total_by_view:sum_rate30s - expr: sum(rate(django_http_exceptions_total_by_view[30s])) BY (job, view) - - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s - expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) - BY (job, le)) - labels: - quantile: "50" - - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s - expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) - BY (job, le)) - labels: - quantile: "95" - - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s - expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) - BY (job, le)) - labels: - quantile: "99" - - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s - expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) - BY (job, le)) - labels: - quantile: "99.9" - - record: job:django_http_requests_latency_seconds:quantile_rate30s - expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_seconds_bucket[30s])) - BY (job, le)) - labels: - quantile: "50" - - record: job:django_http_requests_latency_seconds:quantile_rate30s - expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_seconds_bucket[30s])) - BY (job, le)) - labels: - quantile: "95" - - record: job:django_http_requests_latency_seconds:quantile_rate30s - expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_seconds_bucket[30s])) - BY (job, le)) - labels: - quantile: "99" - - record: job:django_http_requests_latency_seconds:quantile_rate30s - expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_seconds_bucket[30s])) - BY (job, le)) - labels: - quantile: "99.9" - - record: job:django_model_inserts_total:sum_rate1m - expr: sum(rate(django_model_inserts_total[1m])) BY (job, model) - - record: job:django_model_updates_total:sum_rate1m - expr: sum(rate(django_model_updates_total[1m])) BY (job, model) - - record: job:django_model_deletes_total:sum_rate1m - expr: sum(rate(django_model_deletes_total[1m])) BY (job, model) - - record: job:django_db_new_connections_total:sum_rate30s - expr: sum(rate(django_db_new_connections_total[30s])) BY (alias, vendor) - - record: job:django_db_new_connection_errors_total:sum_rate30s - expr: sum(rate(django_db_new_connection_errors_total[30s])) BY (alias, vendor) - - record: job:django_db_execute_total:sum_rate30s - expr: sum(rate(django_db_execute_total[30s])) BY (alias, vendor) - - record: job:django_db_execute_many_total:sum_rate30s - expr: sum(rate(django_db_execute_many_total[30s])) BY (alias, vendor) - - record: job:django_db_errors_total:sum_rate30s - expr: sum(rate(django_db_errors_total[30s])) BY (alias, vendor, type) - - record: job:django_migrations_applied_total:max - expr: max(django_migrations_applied_total) BY (job, connection) - - record: job:django_migrations_unapplied_total:max - expr: max(django_migrations_unapplied_total) BY (job, connection) -{% endraw %} diff --git a/roles/prometheus_federate/templates/prometheus/snmp.yml.j2 b/roles/prometheus_federate/templates/prometheus/snmp.yml.j2 deleted file mode 100644 index d4dc51c..0000000 --- a/roles/prometheus_federate/templates/prometheus/snmp.yml.j2 +++ /dev/null @@ -1,387 +0,0 @@ -# {{ ansible_managed }} -# TODOlist : -# - Faire fonctionner le monitoring des switchs défini ici -# * Configurer tous les switchs avec un compte SNMPv3 -# * Mettre l'inventaire des switchs dans Ansible -# - Optimiser les règles pour les bornes Unifi, -# on pourrait indexer avec les SSID - -eatonups: - walk: - - 1.3.6.1.2.1.33.1.2 - - 1.3.6.1.2.1.33.1.3 - - 1.3.6.1.2.1.33.1.4 - - 1.3.6.1.4.1.534.1.6 - get: - - 1.3.6.1.2.1.1.3.0 - metrics: - - name: sysUpTime - oid: 1.3.6.1.2.1.1.3 - type: gauge - help: The time (in hundredths of a second) since the network management portion - of the system was last re-initialized. - 1.3.6.1.2.1.1.3 - - name: upsBatteryStatus - oid: 1.3.6.1.2.1.33.1.2.1 - type: gauge - help: The indication of the capacity remaining in the UPS system's batteries - - 1.3.6.1.2.1.33.1.2.1 - - name: upsEstimatedMinutesRemaining - oid: 1.3.6.1.2.1.33.1.2.3 - type: gauge - help: An estimate of the time to battery charge depletion under the present load - conditions if the utility power is off and remains off, or if it were to be - lost and remain off. - 1.3.6.1.2.1.33.1.2.3 - - name: upsInputVoltage - oid: 1.3.6.1.2.1.33.1.3.3.1.3 - type: gauge - help: The magnitude of the present input voltage. - 1.3.6.1.2.1.33.1.3.3.1.3 - indexes: - - labelname: upsInputLineIndex - type: gauge - - name: upsOutputSource - oid: 1.3.6.1.2.1.33.1.4.1 - type: gauge - help: The present source of output power - 1.3.6.1.2.1.33.1.4.1 - - name: upsOutputVoltage - oid: 1.3.6.1.2.1.33.1.4.4.1.2 - type: gauge - help: The present output voltage. - 1.3.6.1.2.1.33.1.4.4.1.2 - indexes: - - labelname: upsOutputLineIndex - type: gauge - - name: upsOutputPower - oid: 1.3.6.1.2.1.33.1.4.4.1.4 - type: gauge - help: The present output true power. - 1.3.6.1.2.1.33.1.4.4.1.4 - indexes: - - labelname: upsOutputLineIndex - type: gauge - - name: upsOutputPercentLoad - oid: 1.3.6.1.2.1.33.1.4.4.1.5 - type: gauge - help: The percentage of the UPS power capacity presently being used on this output - line, i.e., the greater of the percent load of true power capacity and the percent - load of VA. - 1.3.6.1.2.1.33.1.4.4.1.5 - indexes: - - labelname: upsOutputLineIndex - type: gauge - - name: xupsEnvRemoteTemp - oid: 1.3.6.1.4.1.534.1.6.5 - type: gauge - help: The reading of an EMP's temperature sensor. - 1.3.6.1.4.1.534.1.6.5 - - name: xupsEnvRemoteHumidity - oid: 1.3.6.1.4.1.534.1.6.6 - type: gauge - help: The reading of an EMP's humidity sensor. - 1.3.6.1.4.1.534.1.6.6 - version: 1 - auth: - community: public - - -procurve_switch: - walk: - - 1.3.6.1.2.1.31.1.1.1.10 - - 1.3.6.1.2.1.31.1.1.1.6 - get: - - 1.3.6.1.2.1.1.3.0 - - 1.3.6.1.2.1.1.5.0 - - 1.3.6.1.2.1.1.6.0 - metrics: - - name: sysUpTime - oid: 1.3.6.1.2.1.1.3 - type: gauge - help: The time (in hundredths of a second) since the network management portion - of the system was last re-initialized. - 1.3.6.1.2.1.1.3 - - name: sysName - oid: 1.3.6.1.2.1.1.5 - type: DisplayString - help: An administratively-assigned name for this managed node - 1.3.6.1.2.1.1.5 - - name: sysLocation - oid: 1.3.6.1.2.1.1.6 - type: DisplayString - help: The physical location of this node (e.g., 'telephone closet, 3rd floor') - - 1.3.6.1.2.1.1.6 - - name: ifHCOutOctets - oid: 1.3.6.1.2.1.31.1.1.1.10 - type: counter - help: The total number of octets transmitted out of the interface, including framing - characters - 1.3.6.1.2.1.31.1.1.1.10 - indexes: - - labelname: ifIndex - type: gauge - - name: ifHCInOctets - oid: 1.3.6.1.2.1.31.1.1.1.6 - type: counter - help: The total number of octets received on the interface, including framing - characters - 1.3.6.1.2.1.31.1.1.1.6 - indexes: - - labelname: ifIndex - type: gauge - version: 3 - auth: - username: prometheus - -ubiquiti_unifi: - walk: - - 1.3.6.1.4.1.41112.1.6 - get: - - 1.3.6.1.2.1.1.5.0 - - 1.3.6.1.2.1.1.6.0 - metrics: -# Pour faire une WifiMap un jour, on peut entrer la location dans la conf des bornes -# - name: sysLocation -# oid: 1.3.6.1.2.1.1.6 -# type: DisplayString -# help: The physical location of this node (e.g., 'telephone closet, 3rd floor') -# - 1.3.6.1.2.1.1.6 - - name: unifiVapIndex - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.1 - type: gauge - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.1' - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifiVapChannel - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.4 - type: gauge - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.4' - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifiVapEssId - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6 - type: DisplayString - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.6' - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifiVapName - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.7 - type: DisplayString - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.7' - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifi_vap_num_stations - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8 - type: gauge - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8' - indexes: - - labelname: unifi_vap_index - type: gauge - lookups: - - labels: [unifi_vap_index] - labelname: unifi_vap_essid - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6 - type: DisplayString - - labels: [unifi_vap_index] - labelname: unifi_vap_radio - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9 - type: DisplayString - - labels: [] - labelname: unifi_vap_index -# - name: unifiVapNumStations -# oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8 -# type: gauge -# help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8' -# indexes: -# - labelname: unifiVapIndex -# type: gauge - - name: unifiVapRadio - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9 - type: DisplayString - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.9' - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifiVapRxBytes - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.10 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.10' - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifiVapRxCrypts - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.11 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.11' - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifiVapRxDropped - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.12 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.12' - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifiVapRxErrors - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.13 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.13' - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifiVapRxFrags - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.14 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.14' - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifiVapRxPackets - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.15 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.15' - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifiVapTxBytes - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.16 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.16' - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifiVapTxDropped - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.17 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.17' - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifiVapTxErrors - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.18 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.18' - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifiVapTxPackets - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.19 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.19' - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifiVapTxRetries - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.20 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.20' - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifiVapTxPower - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.21 - type: gauge - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.21' - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifiVapUp - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.22 - type: gauge - help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.22' - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifiVapUsage - oid: 1.3.6.1.4.1.41112.1.6.1.2.1.23 - type: DisplayString - help: guest or regular user - 1.3.6.1.4.1.41112.1.6.1.2.1.23 - indexes: - - labelname: unifiVapIndex - type: gauge - - name: unifiIfIndex - oid: 1.3.6.1.4.1.41112.1.6.2.1.1.1 - type: gauge - help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.1' - indexes: - - labelname: unifiIfIndex - type: gauge - - name: unifiIfName - oid: 1.3.6.1.4.1.41112.1.6.2.1.1.5 - type: DisplayString - help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.5' - indexes: - - labelname: unifiIfIndex - type: gauge - - name: unifiIfRxBytes - oid: 1.3.6.1.4.1.41112.1.6.2.1.1.6 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.6' - indexes: - - labelname: unifiIfIndex - type: gauge - - name: unifiIfRxDropped - oid: 1.3.6.1.4.1.41112.1.6.2.1.1.7 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.7' - indexes: - - labelname: unifiIfIndex - type: gauge - - name: unifiIfRxError - oid: 1.3.6.1.4.1.41112.1.6.2.1.1.8 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.8' - indexes: - - labelname: unifiIfIndex - type: gauge - - name: unifiIfRxMulticast - oid: 1.3.6.1.4.1.41112.1.6.2.1.1.9 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.9' - indexes: - - labelname: unifiIfIndex - type: gauge - - name: unifiIfRxPackets - oid: 1.3.6.1.4.1.41112.1.6.2.1.1.10 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.10' - indexes: - - labelname: unifiIfIndex - type: gauge - - name: unifiIfTxBytes - oid: 1.3.6.1.4.1.41112.1.6.2.1.1.12 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.12' - indexes: - - labelname: unifiIfIndex - type: gauge - - name: unifiIfTxDropped - oid: 1.3.6.1.4.1.41112.1.6.2.1.1.13 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.13' - indexes: - - labelname: unifiIfIndex - type: gauge - - name: unifiIfTxError - oid: 1.3.6.1.4.1.41112.1.6.2.1.1.14 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.14' - indexes: - - labelname: unifiIfIndex - type: gauge - - name: unifiIfTxPackets - oid: 1.3.6.1.4.1.41112.1.6.2.1.1.15 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.15' - indexes: - - labelname: unifiIfIndex - type: gauge - - name: unifiApSystemModel - oid: 1.3.6.1.4.1.41112.1.6.3.3 - type: DisplayString - help: ' - 1.3.6.1.4.1.41112.1.6.3.3' - - name: unifiApSystemUptime - oid: 1.3.6.1.4.1.41112.1.6.3.5 - type: counter - help: ' - 1.3.6.1.4.1.41112.1.6.3.5' - version: 3 - auth: - security_level: authPriv - username: snmp_prometheus - password: {{ snmp_unifi_password }} - auth_protocol: SHA - priv_protocol: AES - priv_password: {{ snmp_unifi_password }} From 4ca7ebd1448979147511045e30d11ebce15f8ca3 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 00:40:44 +0100 Subject: [PATCH 105/146] Add a unique exported label (useful for federation) --- roles/prometheus/templates/prometheus/prometheus.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/prometheus/templates/prometheus/prometheus.yml.j2 b/roles/prometheus/templates/prometheus/prometheus.yml.j2 index 75c8be9..937f64f 100644 --- a/roles/prometheus/templates/prometheus/prometheus.yml.j2 +++ b/roles/prometheus/templates/prometheus/prometheus.yml.j2 @@ -8,7 +8,7 @@ global: # Attach these labels to any time series or alerts when communicating with # external systems (federation, remote storage, Alertmanager). external_labels: - monitor: 'example' + federated_instance: '{{ inventory_hostname }}' # Alertmanager configuration # Use prometheus alertmanager installed on the same machine From 32669e1fb1b6a8a6dee6430a8d8cbc6922392c16 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 00:44:22 +0100 Subject: [PATCH 106/146] Don't load Django rules prometheus-federate --- roles/prometheus_federate/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/prometheus_federate/tasks/main.yml b/roles/prometheus_federate/tasks/main.yml index 33feb90..f168f1f 100644 --- a/roles/prometheus_federate/tasks/main.yml +++ b/roles/prometheus_federate/tasks/main.yml @@ -23,12 +23,11 @@ notify: Restart Prometheus loop: - alert.rules.yml - - django.rules.yml # We don't need to restart Prometheus when updating nodes - name: Configure Prometheus Federate devices copy: - content: "{{ [{'targets': prometheus_targets }] | to_nice_json }}" + content: "{{ [{'targets': prometheus_targets }] | to_nice_json }}" dest: /etc/prometheus/targets.json mode: 0644 when: prometheus_targets is defined @@ -44,3 +43,4 @@ src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-prometheus mode: 0755 +... From 7d527be1c0db243d81c97d255e6c4c465531a994 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 00:45:43 +0100 Subject: [PATCH 107/146] Remove duplicate alerts from 'prometheus-federate' --- .../templates/prometheus/alert.rules.yml.j2 | 152 ++---------------- 1 file changed, 15 insertions(+), 137 deletions(-) diff --git a/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 index f78df48..d30511f 100644 --- a/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 +++ b/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 @@ -1,138 +1,16 @@ -# {{ ansible_managed }} -{# As this is also Jinja2 it will conflict without a raw block #} -{# Depending of Prometheus Node exporter version, rules can change depending of version #} -{% raw %} +--- +{{ ansible_managed | comment }} + groups: -- name: alert.rules - rules: - - # Alert for any instance that is unreachable for >3 minutes. - - alert: InstanceDown - expr: up == 0 - for: 3m - labels: - severity: critical - annotations: - summary: "Federate : {{ $labels.exported_instance }} est invisible depuis plus de 3 minutes !" - - # Alert for out of memory - - alert: OutOfMemory - expr: (node_memory_MemFree_bytes + node_memory_Cached_bytes + node_memory_Buffers_bytes) / node_memory_MemTotal_bytes * 100 < 10 - for: 5m - labels: - severity: warning - annotations: - summary: "Federate : Mémoire libre de {{ $labels.exported_instance }} à {{ humanize $value }}%." - - # Alert for out of disk space - - alert: OutOfDiskSpace - expr: node_filesystem_free_bytes{fstype="ext4"} / node_filesystem_size_bytes{fstype="ext4"} * 100 < 10 - for: 5m - labels: - severity: warning - annotations: - summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.exported_instance }} à {{ humanize $value }}%." - - # Alert for out of inode space on disk - - alert: OutOfInodes - expr: node_filesystem_files_free{fstype="ext4"} / node_filesystem_files{fstype="ext4"} * 100 < 10 - for: 5m - labels: - severity: warning - annotations: - summary: "Federate : Presque plus d'inodes disponibles ({{ $value }}% restant) dans {{ $labels.mountpoint }} sur {{ $labels.exported_instance }}." - - # Alert for high CPU usage - - alert: CpuUsage - expr: (100 - avg by (instance) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 75 - for: 10m - labels: - severity: warning - annotations: - summary: "Federate : CPU sur {{ $labels.exported_instance }} à {{ humanize $value }}%." - - # Check systemd unit (> buster) - - alert: SystemdServiceFailed - expr: node_systemd_unit_state{state="failed"} == 1 - for: 10m - labels: - severity: warning - annotations: - summary: "Federate : {{ $labels.name }} a échoué sur {{ $labels.exported_instance }}" - - # Check load of instance - - alert: LoadUsage - expr: node_load1 > 5 - for: 2m - labels: - severity: warning - annotations: - summary: "Federate : la charge de {{ $labels.exported_instance }} est à {{ $value }} !" - - # Check UPS - - alert: UpsOutputSourceChanged - expr: upsOutputSource != 3 - for: 1m - labels: - severity: warning - annotations: - summary: "Federate : La source d'alimentation de {{ $labels.exported_instance }} a changé !" - - - alert: UpsBatteryStatusWarning - expr: upsBatteryStatus == 3 - for: 2m - labels: - severity: warning - annotations: - summary: "Federate : L'état de la batterie de {{ $labels.exported_instance }} est faible !" - - - alert: UpsBatteryStatusCritical - expr: upsBatteryStatus == 4 - for: 10m - labels: - severity: warning - annotations: - summary: "L'état de la batterie de {{ $labels.exported_instance }} est affaibli !" - - - alert: UpsHighLoad - expr: upsOutputPercentLoad > 70 - for: 5m - labels: - severity: critical - annotations: - summary: "Federate : La charge de {{ $labels.exported_instance }} est de {{ $value }}% !" - - - alert: UpsWrongInputVoltage - expr: (upsInputVoltage < 210) or (upsInputVoltage > 250) - for: 10m - labels: - severity: warning - annotations: - summary: "Federate : La tension d'entrée de {{ $labels.exported_instance }} est de {{ $value }}V." - - - alert: UpsWrongOutputVoltage - expr: (upsOutputVoltage < 220) or (upsOutputVoltage > 240) - for: 10m - labels: - severity: warning - annotations: - summary: "Federate : La tension de sortie de {{ $labels.exported_instance }} est de {{ $value }}V." - - - alert: UpsTimeRemainingWarning - expr: upsEstimatedMinutesRemaining < 15 - for: 1m - labels: - severity: warning - annotations: - summary: "Federate : L'autonomie restante sur {{ $labels.exported_instance }} est de {{ $value }} min." - - - alert: UpsTimeRemainingCritical - expr: upsEstimatedMinutesRemaining < 5 - for: 1m - labels: - severity: critical - annotations: - summary: "Federate : L'autonomie restante sur {{ $labels.exported_instance }} est de {{ $value }} min." - - -{% endraw %} + - name: alert.rules + rules: + - alert: FederateInstanceDown + expr: up{job="federate"} == 0 + for: 3m + labels: + severity: critical + annotations: + summary: >- + Federate : {{ "{{" }} $labels.instance {{ "}}" }} est invisible + depuis plus de 3 minutes ! +... From 52124d2cad39bde043aab51051c5375540e3e6c6 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 00:46:13 +0100 Subject: [PATCH 108/146] Cleanup prometheus_federate's prometheus.yml.j2 --- .../templates/prometheus/prometheus.yml.j2 | 36 ++++++------------- 1 file changed, 10 insertions(+), 26 deletions(-) diff --git a/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2 b/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2 index ee7f4a6..5d9a31a 100644 --- a/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2 +++ b/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2 @@ -1,51 +1,35 @@ -# {{ ansible_managed }} +--- +{{ ansible_managed | comment }} global: - # scrape_interval is set to the global default (60s) - # evaluation_interval is set to the global default (60s) - # scrape_timeout is set to the global default (10s). - - # Attach these labels to any time series or alerts when communicating with - # external systems (federation, remote storage, Alertmanager). external_labels: - monitor: 'example' + monitor: '{{ ansible_fqdn }}' -# Alertmanager configuration -# Use prometheus alertmanager installed on the same machine alerting: alertmanagers: - - static_configs: - - targets: ['{{ prometheus_alertmanager }}'] + - static_configs: + - targets: ['{{ prometheus_alertmanager }}'] -# Load rules once and periodically evaluate them according to the global 'evaluation_interval'. rule_files: - - "alert.rules.yml" # Monitoring alerts, this is the file you may be searching! - - "django.rules.yml" # Custom rules specific for Django project monitoring + - 'alert.rules.yml' -# A scrape configuration containing exactly one endpoint to scrape: -# Here it's Prometheus itself. scrape_configs: - # The .json in file_sd_configs is dynamically reloaded - - - job_name: federate - scrape_interval: 15s + scrape_interval: 30s metrics_path: '/federate' honor_labels: true + honor_timestamps: true file_sd_configs: - files: - '/etc/prometheus/targets.json' relabel_configs: - # Do not put :9100 in instance name, rather here - source_labels: [__address__] target_label: __param_target - - source_labels: [__param_target] - target_label: federated_instance - source_labels: [__param_target] target_label: __address__ replacement: '$1:9090' params: - 'match[]': + match[]: - '{job="servers"}' - '{job="prometheus"}' - '{job="unifi_snmp"}' @@ -54,4 +38,4 @@ scrape_configs: - '{job="django"}' - '{job="docker"}' - '{job="switch"}' - +... From 21fed6ae3f0efaaf1decf0f2fcbff424389cab76 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 00:55:27 +0100 Subject: [PATCH 109/146] Add useful lookups for switchs interfaces --- .../templates/prometheus/snmp.yml.j2 | 105 +++++++++++------- 1 file changed, 66 insertions(+), 39 deletions(-) diff --git a/roles/prometheus/templates/prometheus/snmp.yml.j2 b/roles/prometheus/templates/prometheus/snmp.yml.j2 index d4dc51c..dc2addf 100644 --- a/roles/prometheus/templates/prometheus/snmp.yml.j2 +++ b/roles/prometheus/templates/prometheus/snmp.yml.j2 @@ -1,4 +1,6 @@ -# {{ ansible_managed }} +--- +{{ ansible_managed | comment }} + # TODOlist : # - Faire fonctionner le monitoring des switchs défini ici # * Configurer tous les switchs avec un compte SNMPv3 @@ -77,49 +79,73 @@ eatonups: auth: community: public - procurve_switch: walk: - - 1.3.6.1.2.1.31.1.1.1.10 - - 1.3.6.1.2.1.31.1.1.1.6 + - 1.3.6.1.2.1.31.1.1.1.10 + - 1.3.6.1.2.1.31.1.1.1 + - 1.3.6.1.2.1.2.2.1.2 + - 1.3.6.1.2.1.31.1.1.1.18 get: - - 1.3.6.1.2.1.1.3.0 - - 1.3.6.1.2.1.1.5.0 - - 1.3.6.1.2.1.1.6.0 + - 1.3.6.1.2.1.1.3.0 + - 1.3.6.1.2.1.1.5.0 + - 1.3.6.1.2.1.1.6.0 metrics: - - name: sysUpTime - oid: 1.3.6.1.2.1.1.3 - type: gauge - help: The time (in hundredths of a second) since the network management portion - of the system was last re-initialized. - 1.3.6.1.2.1.1.3 - - name: sysName - oid: 1.3.6.1.2.1.1.5 - type: DisplayString - help: An administratively-assigned name for this managed node - 1.3.6.1.2.1.1.5 - - name: sysLocation - oid: 1.3.6.1.2.1.1.6 - type: DisplayString - help: The physical location of this node (e.g., 'telephone closet, 3rd floor') - - 1.3.6.1.2.1.1.6 - - name: ifHCOutOctets - oid: 1.3.6.1.2.1.31.1.1.1.10 - type: counter - help: The total number of octets transmitted out of the interface, including framing - characters - 1.3.6.1.2.1.31.1.1.1.10 - indexes: - - labelname: ifIndex + - name: sysUpTime + oid: 1.3.6.1.2.1.1.3 type: gauge - - name: ifHCInOctets - oid: 1.3.6.1.2.1.31.1.1.1.6 - type: counter - help: The total number of octets received on the interface, including framing - characters - 1.3.6.1.2.1.31.1.1.1.6 - indexes: - - labelname: ifIndex - type: gauge - version: 3 - auth: - username: prometheus + help: The time (in hundredths of a second) since the network management + portion of the system was last re-initialized. - 1.3.6.1.2.1.1.3 + - name: sysName + oid: 1.3.6.1.2.1.1.5 + type: DisplayString + help: An administratively-assigned name for this managed node + - 1.3.6.1.2.1.1.5 + - name: sysLocation + oid: 1.3.6.1.2.1.1.6 + type: DisplayString + help: The physical location of this node (e.g., 'telephone closet, 3rd + floor') - 1.3.6.1.2.1.1.6 + - name: ifHCOutOctets + oid: 1.3.6.1.2.1.31.1.1.1.10 + type: counter + help: The total number of octets transmitted out of the interface, + including framing characters - 1.3.6.1.2.1.31.1.1.1.10 + indexes: + - labelname: ifIndex + type: gauge + lookups: + - labels: + - ifIndex + labelname: ifDescr + oid: 1.3.6.1.2.1.2.2.1.2 + type: DisplayString + - labels: + - ifIndex + labelname: ifName + oid: 1.3.6.1.2.1.31.1.1.1.1 + type: DisplayString + - name: ifHCInOctets + oid: 1.3.6.1.2.1.31.1.1.1.6 + type: counter + help: The total number of octets received on the interface, including + framing characters - 1.3.6.1.2.1.31.1.1.1.6 + indexes: + - labelname: ifIndex + type: gauge + lookups: + - labels: + - ifIndex + labelname: ifDescr + oid: 1.3.6.1.2.1.2.2.1.2 + type: DisplayString + - labels: + - ifIndex + labelname: ifName + oid: 1.3.6.1.2.1.31.1.1.1.1 + type: DisplayString + version: 2 + auth: + community: "{{ snmp_switch_community }}" ubiquiti_unifi: walk: @@ -385,3 +411,4 @@ ubiquiti_unifi: auth_protocol: SHA priv_protocol: AES priv_password: {{ snmp_unifi_password }} +... From 8ae94fa8f8d6b3c371865a9bef7340ce8d1f5fe1 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 01:08:51 +0100 Subject: [PATCH 110/146] Rename vault_snmp_switch{s,}_community --- group_vars/all/vault.yml | 358 ++++++++++++++++++++------------------- 1 file changed, 180 insertions(+), 178 deletions(-) diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 3666f5b..1a6af68 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,179 +1,181 @@ $ANSIBLE_VAULT;1.1;AES256 -32313562646230353138303964366135656361616532343933353732313961323339653964353130 -3938346666633565356134343835633964626261363365370a663664663938383731343733386136 -33356531323762313463326339333963336636353933326537333665313334616563626632336663 -6537363033663935660a613366613962626563643035663330343061353836646561623031323236 -65313633383063373064613930623530656365396335663363643330636239643937373163623932 -61373136303737333739316565323934376433316362353935363637373264616238373831666438 -35343135383233653963333237393232353631636566373766366664656666313436323535393736 -62323731343261373331393062633030356235313834373861323138663930613332643432386436 -38383038616536316465343561643639353434396631643033633537393265646532613161343732 -32363265643963386538326639353233363438643833306637336431303533396562613863633537 -30303334643137313136633039393463346562306236353566333563633238313865313534326137 -33623036376439653532313833633135326631643361333463633162303065623633636331666661 -62303636653233666164383463356530633464306564383236373832616263653165373937303030 -31323865656436366265303537306438303434613135396166313635656566373539303463393830 -65383636363064333730623161316162373734626433346564333835393030616437636665316566 -37353937626465383439633534316336313931663561336335653761396230393031393839336264 -37623037663032646631656637386366333131356562376665333964393264643133626532653564 -32353235633434656334663233303664613865343039613330663833396162646430623735653434 -66633466306338373061326636366330643639383632353564353865623637303832306332653131 -37343566393965326635613135613134316264616336303233616162313839626235386137343435 -33633336636434343531633362633834376135303337363637303039323038313937646236366265 -34303434373566313730623664653263653466366133363562333736393836393363326665353434 -30333263323366326436623238353335323936346637646130623265366535653737343665373165 -63336166633831623464343862353065653162613934646539396364353162633063303332313266 -65656163396463363737663931353765376337643065646131303264363961366336343432653537 -65306437623535393132343962333666366665316362366536663431646435633166333731303232 -63313337353334623330623862386661306333366638306433373437623835636631376231373636 -66666539363561313166396438343730656230663532633031353336636565343964366136663466 -38316364663936303231633633613832313163646262313238346666336661613236343966353130 -62656237663865306632333130653933633332623061633062363964643130383430613864663935 -63663765356434626661346165653163626565336437613539653536306432376332616430393737 -34366139336363383761366338623236383135373634613239616665343061396633383231663230 -63653331336366666234626662356461663263626465663036326162343239373734346661626665 -61666231613565356633343030343935393135653261376239303037373634386138393463363239 -30356365663133646634333863616230646235656135336330393836353462323630376537366334 -31306330363232326661616666623131383837353139643838326430653561346565393762323936 -31623136656361383039653763613162356530653933376539336130376237396661663664393733 -36396433303339613965316230613237303331646331383239356638333366653961303138343663 -33393664303637333863313364356666383836633063643539333262633565623534323866316537 -38623630363139643837396330353463303932383231663831363763656537386531383531303165 -37366338343063346230656461393832383736636662656666636434363731623437303862636366 -33613333393139613637623963373262323637653531336265333033333135613330313166633738 -36353935383931363535656539333130653164613431616438613432313532373063353738656162 -36616563383133623336396633343762376537663432356238653766666636323232623065313537 -39636632326166323130646633626431323831373963313837613465356436326430616433303662 -65343834663937306539663330366538643265626665613631323036616463313266303237613938 -30613565306636306561643238326138623366343365303934306561623234313332636462383363 -30623432326336396364636164366463326533613665333830656564626663383331323661663934 -35353135323930656138373830623932396138626335343265623738383532333861306561323430 -66333532333961636463656535636132323535313730333762633139306235373031363831363266 -33646635316137616663653461393566303432386330623936633330373461333762356532663062 -39666437363931313861356331653932303132353364623664656364316430653933653935616230 -38376631316463646663626562366233626334323235633235653364623936643131356130343261 -36396535393335366532313930623363663032386635396262363430303466373737633739626435 -30636136396562336561393936353763383732653166353266376165663233626266353638363131 -65323462633039323334613566373434343363633532656534663635363763396265663137636331 -38613736353635613437663133616431396666316230393066343431336535626335373437393039 -63666135353937313765316134326338376161353862373161653039333631306264343464353035 -65353639313134346239646362663836643734373465353866373238613162303336306438376237 -35363934333536376136666561333636653136316435316530366461306636333063313739626630 -37633333333766613663636466373364663132613266343136376138663461383832356631303132 -30363434336161393962363636313364663839383734373533356663343733333731613535646433 -64396361643736653931336365313338313633383038306131333863306437386362633263646364 -36656566326333333136636566613066623362363263373435356162396431396334386237383231 -30326465646334613235666435613462633230353434653666336364646466613066346366376262 -66633863333461626631383961663930383663666538613162643730323565653732386330613538 -38666164353130386530376332643637333931313661633634303636643639613561643338373331 -63333932306634313933366533623837613934366334396637396361623439383964333665383435 -62316265356537616137643537366666336634393935613034393737313930333364323031653234 -37366561356332666439623462396266623961653039626562393065393336643962373064343563 -36346665666338623931343739386531343833386135356164303532643463346565316163656633 -32616365623065626139383362613466633332666133313263393062373338653834363830333039 -62626230343362393533633061663432363836616539643065643839623065633363393134643534 -63343935376537393739333063333333386239663763383435633234376434366362616433363162 -34363539633661633333306133363433313761303138363864373266333461303139613362663937 -39626332356139396330393361613364643363366164376234316266316164393035386334366362 -36373065626530333237636139336163623766623561656234333239646263626164323134633434 -63326635393665333533383562633438303036616262366435373739386430353964333265393732 -66643838303566626131323834646564613830333937616264383864316666343333396636303836 -38633335656536653334626530303835623531666665326533303535313164323836373365636265 -65393061363933373931396134623264643065633534313566346336343862346537343437363765 -62663264376266326538616330376633353832353234653661613964373231666562326466663934 -38393931643736626332623461613737383463663935656263656233306437653331343838343865 -64343239636166343134336261656162393938396633376663366466653634373566336165323237 -34386137313961653739393231616532346664366138356631353030623236343535363435636462 -32323564306339396437633763613535393230386631616166656539373861386633363464653439 -34323134626334356631623764356232366337646236313031336138333636633834353463363961 -32316664383038633330383765356563353062303133333133336365346561643234386161383461 -39323964303061313461386333613961396533646161663230666466616231386239386666306233 -39343239323739323738373263313662336237346663663432343861343034633463386163303366 -38333537626232663438383230623032623765336164653438653434396362633063333437366338 -34373431323539306531323536363238333037643337626131336631356537626237656630393964 -38393736633433306632323334613232303162313962616334376130353931336337303462363266 -39643137643034396564303531346361336134353461653535336165323032323238663631653935 -38366339366436376166333335663230306663633634336434323532316664666134313365323834 -31363964346561373262393632366637396633323332393162666166326631383164643265353135 -34303664353434373131653530346634386333663732373966613761616261323032336266646163 -32663966656464633565356337653534623962663939333033613933633965666339653764663134 -38363965393730633638653561393432303835303164396462366435353030643966316665333061 -39643634646137626338323537393031356532616637666634333139396630663930636235333735 -66336465666439356636623037653564393161393432346534656132346631396462356463336566 -30303833386638333866396462633330306439613139636331636331333663386438623461343133 -30643164366434353765633738356536643861303232393362343131353730376364623463326361 -37363061623333653466636438666465616133396233616430393265626362663736613031383764 -63353065306166646461623763643062383738376266353765643134376538393233383663346237 -37643639663063383266373536323533343936633134386263616163343637613636303134343037 -34626232303335393532643134646132323463396333386664333731646331343937363661323539 -65663936366464643162633432666537393439313664643638343237653566613235353165663336 -32373037346239356337633036306138343366666463363538373836616530313565613562383433 -64616263626165343938363230613039356137643665653734366533393033316363663036363738 -66323663663366666162623734363465663939383830396533383665393139633530616263663136 -64333132633031623835373831636366643831626235303831313761653734666365386462393534 -66303332656561653162636636313439663633396638353638363465663138353866376636326634 -63613865613466326230323564323439393061653664393261373531306235333663373434636262 -62353132653333313635653633346461323165373862343839316539653038633664353830643234 -36633763653738323732386263643461333761306532303534663763323735636563366266653464 -66636236393033613736656562663661346162316164616663306465623431613133633130383136 -35313434346164653163396137383064656538353766653237646237663639663039663665666236 -62346139633234343735303762653030326333333764356562656435623330663066353333326239 -39646465393362323537343766366432323765363139643361643037373739643636623437386636 -32353233303337623136343062623633306361383737303431613663633163643832343434656335 -39633434393466646366376534333865633361333861653366316238626637363537303335363662 -61353830303733623665643864333134623062356334616331363565333235666261653732633264 -62663238663461343738303764303636366638393830623264613730303635623635626364646464 -35623239356235316136343532616638663930313565383264663936633733386663326161623830 -62626634313963323866653432343561303233343035353433613731353538356438613033346638 -33613466656633626261326465336437613630376335663933303061393731313065636131393762 -65613037653363636235613838613535316635613066393436356537633662313539323163613361 -36356632323634363335366665376663346565393439313031636331633235333664663830636135 -64653266616262336437623731383161383437613461323837653066656233643230663064616432 -65383337323333633465316533623465303735396430326334643634626436303263396534356335 -34373134653232303866386433643864363536643138353965323130616338353731633434326361 -66303133353264343664323435653133383431626263373237613631616235666465616333343937 -37323333653565363665376236396232393132336137346461613831623063326631636335333365 -65376538396265313732323932383061633464393630393563386163393230623238633938396535 -34333330386131353336646361313634353862663762653234373235366565343232306432653731 -61383863306632626463653831383735636233623966353130626634366638626236383864316531 -37353062336539626531356133313132663330663135393930356565323364353761393439373533 -61366465313462313033306631333432646163653832363564313838643362316263353562373262 -33343664666230303065373836306663643135303439356362336634346637353438633364306365 -30623332363436353865633738663464636132306134386465306164363333386338323433643163 -37626235303062393933393363656339636139323464373439363765316266646536316336666163 -34306262326238343937623432643262646263666266623933623565363535326235623637396237 -64623961663037653033383933333062393932613933303962326538333739303731363137623365 -30363030353433646133666166383938356232396331656165343531343232613934663834633464 -36353331373233393861636131393238363031383135613633373665613364373466356663376431 -66303331383837663261313838363266656164633836623661326331356566653938306266376632 -63613238356135373938663030343634393566653963306237303138626461613931356565663835 -64386433613937643730396130663333646334386336613864333533626661626166346232333964 -66316664346231376639393132613936323261383131633737386331343966363961633237666334 -38353363383761333439373437623937393534626435386262383732363833346166656233666332 -62636130323536663432633434646666303664393130626437636132316264613535306463623964 -30633030613665343631373366363737313130666337326230633631646461356362363963306361 -64393639353339303436346438313833333432356666666339613666623132636235383866343838 -36666263343538633537303665616366656363373736306235333264336466313939356131303561 -33363030653966316232313933323665663330303338366333656536623861623537313266383565 -65633866663665393635646531353539623362646663356664333866623432333465333335333333 -31616262356537646261373166343665633238633235373335343134393366663462393465643135 -35326336613835663132343233386564373462353561333066323631313664373865323233653336 -65333731336565633664636562326365343263373263373162653239633964396138616335616230 -63376562383064663330363562306338346465666563306365306639353632396633323830353337 -65666233376239333436633566623535383065646235353832363030303565623531333539613864 -63393339656238323466343564333134636164383062613138656138373936636531636166393062 -32613431636233316533353937326234663336343231313630393037313663383034383238346562 -36383264626366383835623261643562323037303661383832323939363939623038626664393530 -65353061313266633764353331313532383766613735333131373365366336306139343265306634 -66313435313965633362356563313763653634643362616138633832633136333362343731346166 -34613431653134363732353833643962636431623036393935666237663833373934373438666434 -36633538306632383439323465636665303863646532653165666638316137633738363736386633 -33303234306531356136316463353232303737323661333430333137636633306131316434376665 -64323633383735313536373534626331356631316464643530363866633730353239346633396364 -36323437306165363465613365383666353037313333653230316234626439623964343336343762 -66343831343133343330336536613134303836626434663731343636613835623364633236653962 -63356635363239663533336265306261393337313136313937356662616231636461373230376232 -64313738333966633265626166653266313932666134356235373238376530303437646464333364 -31613631386335356561363938323831313061373566323638663864393266656361366463353736 -63386361373737383837336435633562626566656666373737313464323466313364626466633537 -6661656232313066363235616364646663623039386561636332 +31333135363439623565336435306566656236316266316330623236643862616666326332633937 +3130356563393965626334373564623336633061303264660a646662636364313031316438396439 +36653532656533626535376662393061666430666536356430623030376335636530313237623038 +6133333636323234320a323433376539333265333837303631316637346561383861656662633536 +32313839336431663466633764363937316439636439373732646163663664363665623065616335 +39376463656566376666303635323830613533363638623436396536626634613137353232656434 +63646233636666363932616432663536386630613466386437643534643136383362633264383232 +38386335376635383465393465343065636330383664386435643762353435623161613235643934 +35393038633163343862616633313836626138663237313062356330343562383964383031663834 +31313338633063343665323438313162643039653136373163623533626630356534636436396237 +65363238613665326437386233613861666638316362343337323462623736383263383231383663 +35393832363231363163646430363263326538306136303864393830373163663036383364666563 +64356561656537353965396631343261643431323034386263313139303932663932306631373932 +65616132666631666266353935363262343733646431333436396438313466366566366231313236 +61346539616131316562343939623432303236386662303036643131323632366231626330333333 +62353533613264313434643834386462386139306362373039663730323263326239386130376162 +33383161666538643535646132306262366535666563366661386132376162336237613164313634 +66316530393164376537666135636632373735336636303634323866333930613362643439373331 +65353736333264333636336238653064376538623135313730393634623939636365383932326338 +30333231376366323033316364326330323065643364613538306661303032303239613335646237 +39333335366163383561336233643830626432623336333864343239643534376339303231323563 +31343539616266383461613666356665353036343533626332376661303565376162313666333338 +37323332303765396362643732343935656664396136396361336533663335353663326233373664 +63396265656538623238363532613532623633386531336236363363383765366335396532653161 +63613736653863336235356336393839336530333930663539663536353963336331646630333334 +30313436313335383365306463316338623033306634316332373732346630646430613630616236 +61373430653238373161626436303264363662313565623862356266313930623162626535363765 +64653136356364326238313136336335396131393637363432383961616636373839303132353932 +30623366626236373861303838396562653131633436303862393166353930336636303765383438 +36663863323337393061333735306663636564313966326561666436393562626562653764336162 +62383235646539323861663438373365373239323731626236333263383037333065646433363464 +66386435363938646538343262636331353064646330623439303166643538306130616236313532 +31663238326465646562306265346132346138346363313532363566373436356630323130306363 +35346463326136303532386433336137656639616165646562373533653663643031343533346565 +65633237333431643038653830383836313538343033386665346431336235636133353637643234 +32666361656137323130656331643562353135643861323438396135376532373437616333336631 +35393366336438383666656165313634336133653238653464343730333739323539386331336461 +32653563353032643730633530303636636439316139653231343738616131626438633561363239 +37383533616565373162373832653730646265663864316335393938303465653035306138633437 +62306433656365333561643333656564666565633638353730353764336561333536666136313235 +35333133396332626637373962376130303838633131656538333634653861613639653165363930 +32313436396161306235323861363265626134656566626132353362313830383638643739333765 +65346636306366343863386238316530623338613038643933353839366434316339333430336230 +63353839356536666165326138376163386534616661323834336163306632343536613034316335 +64386433386637666430303338626635386131373134393530643963613966363965623763393133 +38333337663630656366393338383230396431616535323864383235636337363336313036323139 +32626566353261653734366237363131323431396665333638376637316536656434303434343133 +61316564333536643331613437623764396232636461326435343735383563353236313238643638 +32366463363530343866333334356166393433376563333563353135633336666434643435373766 +33663130383436333961373535626334333931643030303834373330396530643837386364393933 +33623835663833376263303237653063313861386333393262326335333365653164343561643135 +66393962613933653762396566316338333861656361303939393631323163373133653135396237 +34376232383638303861383462366564316537663064373865343037303638363337373435613433 +38653137383561646634306334393766343837666333313135616365373633326230303437306566 +31373161666463313131383434333530363163376637373637353531383463613364613032393638 +31333938626464656465366639353631316337376135393765383562306166633364396536356633 +63346434636636393736386234616534393462306335303135386566666635623431306133366665 +36333762353130303264613232323362383762653837616432353561643030656439616163396664 +66313735366266643364333665343765393264646630653638363563313338316633303639646563 +36306538616237343064366139313533386639333734333131636636343064623237626365313163 +30323438613564633739613733386430633839303331303238303762643664343132346637386465 +31323732313166383562323161316139333532636238613661373639383539366231663436346664 +33363439313964613938666338333135396633396635383964613736306436636364616131656533 +62326263313935393339373837633132653339366133653136653032666563613839643334396131 +38353032316336343765366439326230333535653630313065366632643133393063353438633362 +39346132623530336437623530623662333438393361633861356535356535306137666334373232 +64313465303961616133666335643338316331373164663966333762643964363538323637643338 +66323563653364303538633630316562386230303634323966313935363439666464396262396564 +37633636623835373832396462613665316461396662356664383938333963333566643861306363 +34663461663633386464643961393137636365343566373262376432613264393536326136613763 +66396139663861336432386233333335383165663434356563373031656330386664353635616363 +32363963336463623131383536313233646462643137366365366337303430313131393764396537 +65376438663733626636653564386631396337343236353631353638626330313763343632303963 +38323035333737366562356431383535333639353866613264656336636330323637623033336165 +36326136333232643539336230353165623835356665623736313166613262336136326432323163 +39626337333464376331616664653366333430363631623138383861393366646437353364623838 +34363063653830316339303131306537346137653166316633343764363630646133313062363962 +36336530626162393733303432656133663233633765656239353161303431633164653331346664 +36666465656264643737383031623834643334346637653162343436376631366534623863626431 +38313766396366646634613533623231393632366562323263326461653239663037656539366333 +38303562653839313266616266383666346438343963633231326266653562663462633534383063 +62663665383237623632376461363834396637626537613834626132643165323735646139386232 +32353034313330383835366464663838306133613430316237303831343935653238353565666666 +37666364323939303164323463313636613861623963333534323033326662313662336132333565 +63643935353432643332323932333735643564313231313563366464666132646333336230653066 +37393564643734323634383266616632336430396530633732306566376564656434313762323863 +35346439393330616234666638653036363034643064366436363638383664626530653463636536 +39356135633836613430346532323732396538363735343232653666323963366433643238346134 +39363637353939356464373064373063663730386334366433386134656265613731353231393333 +31333830303966636130303463336566386266326338333663656635356139373039666435316137 +34353934646136383263353336363134383331656333366463646630646264343533653735303161 +65613666353339663565623230656162653135323163656435633132663265386233363930386165 +31663861373162303338313265613536393533313738626464336238303830366636303131623863 +37656330616336633437383937383235616439376532343166643966623437303137306262653036 +61636237656332613232356130333237346239616639616234656534303837343832316330333266 +30353235626666646136326666373030303963326533336365366466313637626466376261386132 +39303164396236303232346234303265333531353031633937633236626664346130336535646133 +36333833386362393935303663353062653836356564346338613938313532313637306230326465 +33393464366231643033363230356566383938353434613737346233376530336537306562353034 +31313938613732383330383239323564643531363733633666326664353330386137383263623330 +61623534646463663231333561333431643563633065663864613562326464386330633839363065 +32396266356462613562373533306432663866636165326330396634653332323165313565353635 +32343533306564306631626331303634633036613730326636643961663064353138633362356630 +33373235656561303738303263663436396162643532303264333137626138353938643261353564 +36363465386339326634663563616662633634363337333462653166333233343038633062663334 +32356435663738643531333539663936316535333836323934663831623039323264356562663463 +63323165663836616364393932333137363037323034323632323165396664353766343138306431 +65393165373561373064396530633230383963333562636661653062616437333037316462663335 +34613661653663376663613531383764646438396666623661363461653133303939626665366430 +37613331666333356566356432313831663737386362363436636239306431373534366164346631 +32306361336363376337376333303035333763306138333238303030346434363662653766323635 +36653336663635323939623430316330643837376332326136643136653039613366336438383437 +66623530363333313339646233373430646163306165353430363663353331613762623031623935 +33633062343562646235333130393263373936633731663362346631653731363765646361353436 +63663532313130653634316530663361323536373031373031316561656238653333333331376436 +31646636393062656166316161343438326564373333356465626463346139633836366634316238 +34313166613666356535306534646163363664363066393331666564613230303362613666313938 +37383065633064303661663666386566613664616163343034383766376638623364396136373839 +37303035383733336662643932393636393037643861613633333265643333333332386366626164 +63633436396264383035666334633336633065326339303062366334633865336134623134316238 +64396266323139396238616137623166373362323364313936396266366532613261353735336133 +64303935323231656237653134396134316130376262323633333863333238363137646131386634 +31616133306531643338356235613837356135303938626539323139326633633939613330653434 +37333263633739326230666339646463633933343163323365363761353166353066373430646432 +31386535633661643862356663353166396236633266333635353864303532363362643561313334 +38303364396661316266626335396265363234373532353130353639646331626230303932393136 +38613463306561653765666562656136353531313433643162313137633535313263373035616233 +62363339313662373833333630376466396265336638373361646434666636396333383063636462 +33396236653130363862336630313362643565613962396439326531336339373466383138303861 +64306135386337323437386331346436653466653863353836623339663037666235653962373832 +36393036353533313437333033366266653964613766663331393363626532343866616538633264 +63336461623838376234343265663933613965646666633132346433353463383839383263613530 +36396361346534353834633835346362336164343932386363383637326433326439623532623634 +38613335343734613335373761663935626539373534383335613966373334353763323135643666 +32353530613163303866343832323131363363306638613336366132343633623861626630613866 +31393261316637323764656535643837333265616562336634383464393561363932313237613162 +32616562336335613864363063336564393536373734373930353436653563643935346636333631 +33633766666635393232636464313063646463303564656663613666303234363138613533376138 +30613935663362626432303266356435653566363439663763306233663261633465323933326437 +32663962663932326263666461613365623264346539343033663566366137313732383839343633 +39616363656434623666316639616136333431613136386439373739363862663466383234393962 +35373966386235343535663362343464333531623136326565333633386561633132623762306466 +32626166333430303161366638346336386534303838653737393731333238346435383134396561 +32376435663363373037613332653333656166353530393635636466666438306531633535346630 +63623831303435643761313836316435656465366331363930343637663439613738653363366438 +35316337626234393932306432363631656364356237316233306638396438326339373866613063 +64346338336239636535386130396465323333313337366263623362353838653938663161333539 +64303063323838303030303635653038353432313333346632626330313539613266613362333837 +63643735613363313163346233353535333434316337643961353635353465363238616432366434 +35383736343765643166633033643462396634306163346235306438323264383438653635346433 +38326431666336623635633531366562343830646434343964303837393864303836313434626230 +35613437383034303761333763303432666630356135653637373936363331643032376437646630 +64663561666238386536616630343763333661643762396462616239396536386634353431376266 +34316433623037366330346633656365356136626363343461353137646632343533323361636336 +62323939323732346232626264373964303134626532323937666537356361393461366133633731 +62383037326563386266656464313331383733303837343465393234343730646138636263396636 +38353262323064313131623738633835316338666530383335363565306432376132656634313264 +33663237316437396432386130646664623065353361346263623637383630323136643262343865 +62616230623631333864643831393438373964383037616265316337623335313265323135353935 +33396530333935646437613931383137646233346664636363623561393336623062623039306362 +62653966623636363562393336646164663631366334346361663039313161663765326634656238 +35613239653536663639666137393963613231323134343639343061663935626162316664316539 +32313639363335613063303664646163663264333565323934323264656438343831643964393635 +62333061323861373433363638336363653265613331653665396563386362326336313430646438 +30343936393166323033666131653734366439623937616665656133646639333739323538343764 +62373335363038616239626638643933336433663631353263346365616366343061306430333031 +39623466373633363565626331303463363964313638356632626663633533373764626664626434 +34366336626466356332393335626433636438623866383232663937653465313439316635643334 +30663861383261363830303863373961653135393764613435363939356266363836363066333835 +30626263376438353765376235663339366336653337333638343666373235646339313139333966 +66373262306164643536376539653432633265623437306634636132303934313036623736613337 +64353638373262346564653563653966636137383633366264306630326337396132633231343831 +31663439643737636661343834663364313734326437373430306430303134613933326633383838 +38356630386566313830363464313262653038353064363466323064656433636663633637656631 +62663233623766353962666332663064653266393937346162643731633139326362316134353438 +38383765343631396132636663363465633533636532393835383730393066306633326364646337 +32363238363365366331303665313634653635303032356137663364343161326132613039343162 +35386633366464383138646630653365636133313964333435373533313163343235643036343531 +63356139353739633565363165356464396332663564646466383637643837623565613837376431 +61643538326230623763 From eaa0d2e0fc1e67191c5c7d1e0da0a3f548574b0f Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 01:56:18 +0100 Subject: [PATCH 111/146] Fix bad indent in snmp.yml.j2 --- roles/prometheus/templates/prometheus/snmp.yml.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/prometheus/templates/prometheus/snmp.yml.j2 b/roles/prometheus/templates/prometheus/snmp.yml.j2 index dc2addf..8757d79 100644 --- a/roles/prometheus/templates/prometheus/snmp.yml.j2 +++ b/roles/prometheus/templates/prometheus/snmp.yml.j2 @@ -143,9 +143,9 @@ procurve_switch: labelname: ifName oid: 1.3.6.1.2.1.31.1.1.1.1 type: DisplayString - version: 2 - auth: - community: "{{ snmp_switch_community }}" + version: 2 + auth: + community: "{{ snmp_switch_community }}" ubiquiti_unifi: walk: From 763cc2eb514ed7e926ac1beabc2b973d40545000 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 01:57:08 +0100 Subject: [PATCH 112/146] Generate targets_switch_snmp.json --- roles/prometheus/tasks/main.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index f215930..a820190 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -57,6 +57,13 @@ mode: 0644 when: prometheus_unifi_snmp_targets is defined +- name: Configure Prometheus Switchs + copy: + content: "{{ prometheus_switch_snmp_targets | to_nice_json }}" + dest: /etc/prometheus/targets_switch_snmp.json + mode: 0644 + when: prometheus_switch_snmp_targets is defined + - name: Configure Prometheus UPS SNMP devices copy: content: "{{ [{'targets': prometheus_ups_snmp_targets }] | to_nice_json }}\n" From 8abca7916fc134c8f6bcb4476cde697d8aac7f01 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 01:57:32 +0100 Subject: [PATCH 113/146] Add switch_snmp job for prometheus --- .../templates/prometheus/prometheus.yml.j2 | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/roles/prometheus/templates/prometheus/prometheus.yml.j2 b/roles/prometheus/templates/prometheus/prometheus.yml.j2 index 937f64f..7399f48 100644 --- a/roles/prometheus/templates/prometheus/prometheus.yml.j2 +++ b/roles/prometheus/templates/prometheus/prometheus.yml.j2 @@ -81,6 +81,21 @@ scrape_configs: - target_label: __address__ replacement: 127.0.0.1:9116 + - job_name: switch_snmp + file_sd_configs: + - files: + - "/etc/prometheus/targets_switch_snmp.json" + metrics_path: /snmp + params: + module: [procurve_switch] + relabel_configs: + - source_labels: [__address__] + target_label: __param_target + - source_labels: [__param_target] + target_label: instance + - target_label: __address__ + replacement: 127.0.0.1:9116 + - job_name: docker file_sd_configs: - files: From e5be09656bd55611b60ee3ca4a79e0465725487c Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 01:58:02 +0100 Subject: [PATCH 114/146] Monitor yggdrasil from prometheus-aurore --- monitoring.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/monitoring.yml b/monitoring.yml index f83c2e0..c7c9927 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -84,11 +84,15 @@ vars: prometheus_alertmanager: docker-ovh.adm.auro.re:9093 snmp_unifi_password: "{{ vault_snmp_unifi_password }}" + snmp_switch_community: "{{ vault_snmp_switch_community }}" # Prometheus targets.json prometheus_targets: - targets: | {{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }} + prometheus_switch_snmp_targets: + - targets: + - yggdrasil.switch.auro.re roles: - prometheus From b9269f3967a08fb3ac50bd004a0af6319c42d1f8 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 02:00:56 +0100 Subject: [PATCH 115/146] Fix monitoring.yml indentation (yamllint warning) --- monitoring.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monitoring.yml b/monitoring.yml index c7c9927..76282b9 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -92,7 +92,7 @@ {{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }} prometheus_switch_snmp_targets: - targets: - - yggdrasil.switch.auro.re + - yggdrasil.switch.auro.re roles: - prometheus From cf07de4ec4f1c701ca6c7b04ae7b768f2fedd204 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 02:41:58 +0100 Subject: [PATCH 116/146] Fetch switch_snmp jobs --- .../prometheus_federate/templates/prometheus/prometheus.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2 b/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2 index 5d9a31a..23e649b 100644 --- a/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2 +++ b/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2 @@ -37,5 +37,5 @@ scrape_configs: - '{job="ups_snmp"}' - '{job="django"}' - '{job="docker"}' - - '{job="switch"}' + - '{job="switch_snmp"}' ... From 2e912fc47ae72ac73585d43df9d8aced93c4d608 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sun, 7 Mar 2021 21:22:51 +0100 Subject: [PATCH 117/146] Add recovery SSH keys for ynerant and otthorn --- group_vars/all/vault.yml | 342 ++++++++++++++++++++------------------- 1 file changed, 177 insertions(+), 165 deletions(-) diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 3db555c..2191326 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,166 +1,178 @@ $ANSIBLE_VAULT;1.1;AES256 -62653338373865656231663838616362303131383034663431663139646433653762323437656463 -6665366431376666636431366365643534636438663433320a613931383431323661656339663235 -31656464373634386430663838373566306663633631663066373930353534316136383738633736 -3137646638376231360a333330313261383936353630613234373035366162643663336437383966 -63616635633938346635313861333339303534626164613333376462393561656635613733313833 -66386639646634376132376338636565303333616532373932386230653566353838633337313463 -64363265303736383566373033653763366630613431373165653539326231316530386366643762 -38656161376363653165386166623331396239393238323362316334393933383737353565313937 -65656564643030356265346533613961636230316333613539303462336334366139343366323461 -61666563346464323066316536363339653135633537323165663633643664636333643235336430 -37303863376536396566313339626365376130633635623838363338383964613639383466353139 -62393837323239306230363661396533656333303163656561626538643061653565323635323530 -39303664613539643734373330613136343336393266613033353432666636373466333330316234 -39333032303835373563373939313733613262366161373630366534316431303430636336343934 -31653366666461666337633265653236383630656164623761333031643939616561303330336261 -36396361653839353230383165393162386563373231336437383664656230373832646364383461 -32313938643738366336373061386133356637306435636633343533653838386332616130333436 -62333330366431363161303131353861383336383139373034326363653134633265633030346433 -62346666633836323135663735363133626265616432653665333564363662333734646530333838 -32356663653839336561633564333261663262633835623563653961303461623938386131623335 -33633235623132653338623131336564363232633339633732313835343135373666643466313130 -30353736336333303361646362363163396633663737386334303538616161383337336637336664 -32653930383831363531353137316435643363303330333435346364336235633536633831663466 -37306462643335303335663837363964306530336365643738376565373035376638626338613636 -65376462633931623063663538383133323264316465336261353961323665386464656165323462 -64303032373635316263636235383863356532363239376663323361393331623830393764336132 -61306564383039383931396364353461663539383636373830383539663161396632383631353665 -36363437326538656438663734633539353066333833386434343931613935356662363266623434 -30613766363161643733356463323535383434313436643132363363356532306638333635653063 -30633633366235323363363562316461656236623062396138656262326566363233623564653265 -66383534313538353165303739363835363837353065396433363739386135306364653738306638 -32613462393561643037633431363438643833346539386435373166646232333830373964373535 -63636230373263336534613134303634636131623362316462393161636264346131343465623233 -39303736373231666165643762663335623939376634373939373437663865653865333235303739 -36353636313266343931623032333031323165666437393334333463646636363931653038313637 -62656632333838613333336631333832386531643362316635666463303734636462613763303137 -32363834336536373166666235333634623833663030666136356232643464643537323361396434 -34366362346137353035393438663766306537663939643465636563643831656535343762323232 -62626532353965356461336161376531623063616638633732363430363361646539636435623365 -32633639343635313231323937633030336164646332323631343831633936613961356438666638 -65643430646331613433313934626661326236366335393637356364636661346361653339346565 -62646664303562373033306365633565393337636539336133643564623133353033303266343231 -38306539313531653764653665376464316562333235623232306331323264333264326535343734 -36366139303730313131626133623034623132343337373033356436353564343064376636633230 -34616635633138303630373035363764313732383766313732363766316534356265376666343336 -39376339303839336237656565633362306631343066333766363137346634623462323436663438 -31653366393335343933323036633365623761353830663234613862373232616431623134666166 -32396139313834366230626635393637356562653865633431343564646264613663356666336535 -30323261383330376366363730623661626163373463363233366533316636383533366331653831 -35646138623336653230373964356437383337613535353235343864653630383938356333646365 -38636538613566353830613066306665633035663734333763336631623531336634336434356563 -63393939616561633962663532356636366561333736336638653539373366646566353035656137 -38653939646139663631396237376166663162643662623538333233626565393139393736303135 -38343738363232633938666536373734386437346164346131623736363861313665653738396463 -38383830653166336335373431353561373434373065626234396661616530323733373961623939 -62356235306561346537333963306232333731626436396332373564613532313466373932646132 -36306330336630386638343931386165653537613835646436646533343438663434653066306561 -39653432616464393038626634396535326435346165623232396434366462356530343235313935 -31306237326631336531313931663930663032663264323639366630653663303164383462363064 -64373165306235373734303763643430343434326231383939623032356335616430653863313462 -61643035646132386461393839326365353964316434386533353661333937663832313865353237 -63343537373164313963636561386665336434633037376433663739363239666634636530373430 -38373564666362653633666138366665613033363731346566373462323462333362333333643135 -31656561613030336634363133663532333366636234626630613836313937653363303836383434 -37313064313939616639626137663163383766336232383333633830623531626435623035346661 -39626235666532616366643063373636316430643437393564393535363564396239656131626430 -33323262376439363333346661356335303233373161356162336634663934323937663232626366 -63386530316139396662633539646633346638663233623639356661633732653964613939653834 -37613236363163623336326239326437666336643134643536636664313132336662353933393366 -66313661373838656331333839663164663733393736363866366338613434633836656162353232 -61306136623931626333363936306130336461303738343364653333303962616331336164366164 -34346662666137303463363334343964623936653533306436633739346163313739356265343234 -33316363373439336661656264356662653662353064363930643839643063383762373439626164 -65323536313764353638386334363461373935326239366233353639353933313335303231383833 -39666236383834623266653835393036663538633933303038643935383932303264383330663466 -37306561346638623066356630366533343962643762633463323233323963653635623564333031 -34326331336539616533356630616633363434353562383866363364666664613839326237373466 -63346237323934303866653965323361643837633834616433323061633961303238343538323131 -62666364636138303733313939303536316536353139623066366534383661356266323036316661 -36646339303463613565333261656637353231643463356133633630633035626239343230346361 -32336434303530313661373464353961363731613862346639643138343737343962653237383835 -65326662633835643264336437343666353330666262326132386136633230363433626435653337 -33613535626637303565636566363264613836646663373432643466666566663534626130393335 -30666531393336613035336666306334313730633466643264656337666539333362383663616263 -62333235613534366130346365336535363337333139366562313337623535383461366265383239 -35656463633261306239633233333664396465613162356164336131656430373062356131323065 -65636566626163656534396639306539303830376163633261616439316232373437636564636462 -38653633383962623135653839316232333066366461313434653630303633633236623931663233 -30653531643863326435373237366533336165366637333636666636353764396638313735346462 -38633132303664666161393161626439666230376536303530623032356561373663633235386335 -30646164613135373331383461313039313837373831653264643635376232646361336635396231 -32646538336236363937336639333137663135633038613133363538393864653831313132663965 -66383631323761376537643662313237336262616363343231343138613762316564363962356437 -30336431373364356231653332613836353731303366383338386462663033633639363862353838 -64633264376330336165373363313063346234376164373263366261643534386139396362613039 -35306534643135643437626566633864623631363133666362656334623463306163313938643564 -36383965613037313739646439396138393636373261653466653866313165313934303633653430 -31303064363161636330343866346239396639646137623764306433313538656331663137373966 -36323832643731313966393331333437313163373434373833383937396261306331353330326261 -66616161363662383535623362303165363466303265613231336237626462383233373037356230 -63373031653139326364636166323566626639383265353834633932643861643936613730313531 -34626233396631613031653565393839326131396239653339353366393861616363313938396666 -30616261373131303935343063333134323937313666616166623465373339346230383437356539 -37623131346461323734616438373163643334666637666434313837393162386331356639343264 -63376432353438653434313632333531353837353364343138333130613336343630326561386665 -33616532636461643838613835633364633863363730663333393466333866373132313439386535 -39373639376538373733353830366432323038633664343630373163616338663664623638626134 -39653335333462616339633834353062313662303462313761386636346262353565626531663331 -32653635643337363234366533346530386332663066393365656663336335376235396166303634 -30616366613261613034366262623661623635663265303433366366373730343265323439643434 -30623937313863356665383066303334396637353436636135346338346134343866356631393433 -63393064633731333833316230343266313361316632383436646138386130333266643933333435 -34666161643630373735656238666338613034333032306564316461616362623861626364643832 -39646538623131396165346333303061346630386264633737613065653030356164623531316566 -36366431636338616365306138333931643464336662303236643966633865393666356263636630 -33643634336164383463646434653331666233616166666234363730343234363962363931326130 -39393130656339383938376230353665346464333964653766386233626530323333623237623366 -61393263393863396237343033393033666539343136663161623861313734633739613038303539 -30613232653765616263346162326130663139633235333934316431383932653064313739633838 -61396165306330616666626237663931653137373331633566303430323435313766613963366337 -33356437343938393134656138323965653361663563373362306264383834356436383464366538 -65623538306137393262306336333561383033323731643664376130633736343662393166643865 -61616264386464626566326466336366656338626265373564643934663834393963323330633062 -64393439633530343961623935373539393461333833346162373732393966633166393939323866 -33393030373331666532333732626435646335333033343461333633656231323537633362646130 -35316139666137656238396537366133386365636139636463663135663430383339636336373565 -64316635336333666639393035393135313366353066353837613833653065303131353163396366 -33363764383434373663336632646139663666643334373733393637363361353865363934306461 -30616663653563366438386632306230626362623361306339313664386663663736663939633162 -30353434396463363266636437316261653063313962666335386630356165616133613036396635 -38626239303638663366353632366137323637336433623833386362313432323561353634363933 -64636339366632306237336262633236346333373063653362306237346562306333636634336435 -30393566376536366362316638323261316462636334356266333561326632643338383162366439 -39633862666665366661336162373136306537393832613535343663366332326666343064356139 -31633232666332656639383434373536653130616437363931643836373034656462396135393531 -30613334343462316661623663336532333635303834643738323734316436336238643132343731 -64303232363636633839326539366636613663346166643563663662616537333365316466396665 -37326265633764303465373936333130306366373531323237656136366431633439333231623961 -39303561333836363263363066303739313530623032386533366132653866623535333363663463 -65656539366461303538353632326136386331663230613235653865666564633339353337383965 -36613436323037346239613165613035666137356565383731383765626534313038326462343166 -32653462363134623731636638326466393363356664373239313263633933383138336338393135 -31633637626436323238653133366130613830333531633333313538343266636166623037333961 -36623834313733653738613136366230626630666637363231383963613862666530663465356137 -37386466306332383032626366383664366536376364393865396339316533636263653336343361 -62343361363639613063626336353333323737626636623033333731383133346537333765666161 -37313234383238353934626136343766353963376562646366623735356463626264666566383366 -38363339623631313933663563303465643532386437383731353839393461623437663130323932 -33313364336430336362613562396137643836643666333065643836653935636538353635363339 -62373131623232653530356437393233353731366435653235306534363730373166336137373737 -63353731623862323361316539396137373137393961633337313531363436303637366631656535 -39353065666132636566663165333739306465616238613432373136313432363535333363313434 -34343534323361323934626166653433623836386639313538363933373262666633316438356430 -34623634613761646339346462356365346139656263643230316264643838643431353933613563 -62363634306661376663323634393736383063643132643735353863646537356334656438646163 -64623235363938346231663636373137353532343264366130353866626531313664623565633235 -62323939386264333433663863363865613262373061666130663166383235333336336630663136 -35323236326231383933323632646662666364643430613562643339393134613634326337343932 -32336463336463333239373231393530393238343633323164316539623237306162663035393431 -33333065373464363036633831346434386336383164336365343961393039616435666533396366 -35623837633162643765643966353266336533623165633966656336613830316130333962313865 -66373262643135346565303164326462633934613362643735616235316239366432393936376438 -61666661323230363265643433623361633137663234323330373630353437656537653462303536 -32646165376661336330313939313235343335343137626566343164346432363230646366373864 -63656162643632333931373934393133316261323665343764386662346535346466 +37623034653164356337646538613665336362663764363537393937666637663864636365303266 +6636363032363834633231633262306633663064616537610a643361343233303438343266363633 +62646234633831656537616162303162653430373137633831316366363931306332373161303165 +3938323535386163660a396465653966313230613037653364646633346633353561313539383536 +61663061343130363363356163626264613636383364346534323331666632643235343231316166 +37313039633230376265313264383331613933303239623664646338396632363430336131646364 +38663736373732666466356162386338316366623061316362393266633831356661333137653361 +62626361653862633234336330623738373436363365643866323131653763636637336131343639 +62383061373138316535346239323465306632353334663633383361313365303466643333303430 +62313534623839303236613564663863653132623163376432303633333038386161346530363534 +63653135396262633230376464383530326634646466376534333633336363323462363234613834 +35313936343862613166616433366664356334626539616562353639363936613431636263316238 +33373334316539653130303563363130326564306538383565653065333034636436326362633735 +64626335333465396536373838626266613365613234643038383138653038313033316331326662 +66316536363562343330613437303434633134643162613365613966643562393731613065373937 +34353639646539396536303864373832313637316430323534613835313632653733316337383738 +30373737353039393831393334363738656364663266393330383039346634373537613335363138 +36303963663138393866326433376231323261616338643666323930393932663237313731313833 +32363132393234393165393363396163643961363635663030393235313436643037633032393935 +32633632633461383965363230383531316239313637313365613531663365336163343363643365 +63346366666433333736623533653264663538323562636565623134633634353234363163646639 +35633662336636326237336134663334353435323333656235383231326431633035623664326538 +39393961303031643831363634353730663836353464333536393838353133633765633238626630 +31323564323938373833303965626165303462363139366262636462333631313835653332383637 +63343263323861643863313237303864363630666464653834323736323563633162396232643439 +38303338323538653263616335386338336133653733333137343532353066363039633961323036 +32666439353734313738386535353966373963313534323666323633316338666139386130383262 +62303466616666343862396435633239636533613135343836333838626663316433343661636561 +61656361313165393932333932653539663464303564643931313736323864623233376339666266 +63656638633363343766376336356339623235623838326530663031383739333936633938663661 +65383334373736313134313961623732616339636466396130343233396630633464336631336364 +35326433306663343764656437343065323033356666316161383262623236626237383531623165 +36386434316230323239613266363862333134656331316166353631613464336164326365353738 +35346563653364373334343061346639363538616433396131646362393162663033643532313932 +65336536366132643861613065346530643061343939393533346331653235356530626431336364 +63396235383764343933316639363934366161323765346632346331313831386266303664363066 +36393235393861313333303734656634663634303133353131613630633231333935356262383161 +62313661323734386233396133353261663434353662353064386538663531613466616532646237 +31306362663139616266313765303562383163323333313435366536396633626261626632663135 +65646366636461626535616662363735396263323563356239373963353434373061386331353664 +31323662633433383738346532626463386535646363623961373466376132316265653833333766 +31336464343439343632393438326537373539663463636261333066313134656664363031663137 +62633336396162373736343737636565623038303362323261656365396130316132346436303637 +30313131366631666534356132353933336663396130393038623266356531373531303766333830 +37303765336435333161346339643065363165646538613165363634616362306466303063393566 +64626562383065653562646536386662663762653665353339316232363534643837656535326633 +30396134346432306135396337383765613361616331356433323766343139646631303861386263 +38333262383239336662633463356134613239393563356662313463646432306130383433363137 +35623231366238353062656333353565653366363735373433313337656364353232613832326433 +34313238666233623462336665383964623662363662326331383131313161376233633234616236 +36373831613132343236346263623732313233623533356264656439353465663866643161663461 +38356261333430373631656238336337343664663563356461663839393864396662623530623932 +35303038613261393132366262333463653935616362396262343530356637663630323431643762 +33623364363163366262643133633065383063343162383232323832316462326661396232303937 +39616133323561653435373666363264303737376430313966323362383933643433656236363039 +32316361303835316465633862653431623431346465666166316136326363303538383236386364 +63666666643065346635366131313037633233316363336161313761643163376163646561373936 +39313964343866666332333034333233616134656331306236386339643130623530626466626339 +31663435323633643231366265323766316438366130653434633530643231653864626639623334 +37613931363264363132383764346364393038333130303364313334316333306235616237653563 +30393962333332326137613963343734366230326163343132653830653733346435386639323363 +62363066396563393861623764623330343332633535633737393364646137653361303032333436 +35643936393734643533613137386430353337353536653333373535623630366333356633643034 +30373565666430323235373939613839333034363532343738326536303334396565613765333639 +66363064643264656163633430636563336430613634326265613934643433366134623339393437 +62303666323933646166363465623437396630643662656364303666336133396663613438376139 +66613965646639643337343137346537656465386337643864613637393664306436333063363830 +64396361666261666339653230386635633139616330666132333232303064383738353336346632 +63663064633631336231366266663737386137396636633039616165653339373831333338303736 +63653566383161373131343233303132306237656133333136656161653736336433363164393833 +35373363386232653036313635303862323838636433636565373135306466336562316232366537 +35303137386433326364366232643837386364376463666531633664333932653536373931396333 +37383931353465386636623637313063333933333062623361343835303634313439333862306436 +62643863343730353334333863633534313232333332376562626366343131636132393566356563 +30346666386539613864303537346636333534333534376439313164656634366465383131353335 +64343730666230636462656666373061643338376633386338623238636531333636313631333036 +37376337643739393934343362343865636362383638663630313831353963636364613138393136 +31366361376533363861393537323433663533316465383334656133623637343530323561303631 +30373534653437633765636664316364386139613565616464323735643333633962623665323831 +38343661373632313936616632353635623232343630346565346262313365336366393262336631 +36646430366531306665366465383530366432623737373662393263343336633837646630393139 +32633566653335636130386338633035636135316461396366313532363834653966653239636533 +32313039623433663861393832323564366337646161626632613563376131353265373938306430 +35323762393434303966623536356466383933333139336561666335663133356130386166653064 +65306137663938663162396265653439666562333766373132396434383365386338333635653166 +36366139643335303135626337363363633334633464326234666361333234383262363035346362 +31393538303961386465623437343766376565333564346338666365333865323537353731363262 +63386632383766303261666563323133616136306563623761653831663466326433306631643365 +61313862343235643963626331353465313734613930393163363236373438613939656164633137 +38343061633164623361353430373830616365646362383565353865663930343134393736643730 +36383439333032623233656565336666663539396531633865326166303837333736373333393836 +37616139303039343439303338653133393563316537626239613961363164303538636566663931 +30656236356230623734383662643735326264666362626239356565653361333266373132383365 +30373763333938613636383364643862343832633631336131626162326330653465353661313639 +35303434643534323731393665663930363163653965373832323966306335343562643334616333 +63643637303038623039396331313439663332646566326132306235653234633262336539656463 +64643336373535656462313462366337653862623131393230326532633035333864383936366332 +31333962336430663061356537323638656137343638643033316461353761303435363263323337 +34393235303630643265636338343430366232613831666662653162633333353262623331656339 +39303064393533323132653433316665366436316235663332646362666539656262353037313538 +35333239323736306434323435323236343634336337323364653862323932643130313737306339 +64333763316134383033353762353264393764653638616533623366313361363766666436633164 +34623266373130303437383635623763646165363538653666383966343063636435336462326233 +64633332613961333532666235303935646139626135323964346666353732653531356238393338 +39656231363935306533313632626134353439633131653537353466323565633532383031666364 +31356338313334383263616134643834373064316361313362366562656464656566633961336532 +31393931313633366630303931336137383732383533616163353361616336613863616462636230 +35656561313735313864353133663735376462666639323930663039373630613138343735643061 +35326665316465663834383766373366653464643263383662636134366161343532666265316632 +35313233346236356166306464306139306263376339336266303861386632623030666239373734 +34386330616335326339633761623366613931386366333138643236363338386435613036393732 +38306137353930383737663063393734306539613633316337386334326562643731356536393036 +64326363643162333561336364643034313735303761313233653865303638363766333066343862 +64393063336439323233656263343432336365333630303238376133336235613266306338653664 +36303761393036393964653962353164326432343731353861353432333738643365303032356534 +61623339623664343164666338383361633863336432613762386238323331633264653666313532 +38333165373738383539316663366437333733646561613232366130646565313063306631653331 +61396236333663393937303639643061383133346563343339346136636237383663623364303535 +30373562353531313630626533336431626539306137353331653430653737613462353739353936 +62333562636137363964303735623434333537396330386338386661346437353936633533353961 +34663532376636353233396362616361643164396539326339376237313737656161353032383566 +37363234393334616363323465343332373436613636643431326436316135383230633136353633 +37373564653033323034643661333733313431323133616639366230343433633366636261623039 +66663866326465666132333863666431653433616565343964613338636339643466613634363162 +66636464656135383231373135666661303761363964383538643738346136366339613264663663 +39316437393962333239333732326432616239656538663030613763326533646131653663326166 +32326365323630613339343263323133656361663131336230386664616561623033646535613736 +34393130376233333134323662646132616430353233396364653437353335313962363865666536 +66343239643131343730366562303061343061326139306165343931326166326435343236323064 +37306534373831356364306339333233633866633931383666363639336563363763336163336131 +39616464373630386164383033333530353866666531363361633430383335616161643139333964 +64633365616532396461373736616462313966326432363562353437383762326362323531623637 +64306638306633316533343766623136636331363439633031316366663063643262386566396633 +30306231633730643961303266343337343531386634363037303535643239376236343737393066 +31373765623732333736366434363865396366333165366362386132373536383730633766326564 +34356635333135616666303161656233373038353338376433336466346633663935626564396533 +62353432333637643665633766356534653735326662346466353737303131323934313433666335 +35653930356564336138626365383730313131346534616139313965313831393237353930613231 +63303034326463633335353064363438323839623533313637383236386535303663373930663234 +37343833323838343431626438366630663465653534373339306539656462643237396661346632 +35623261346463393037666266333835623664313938396239386461663230656239623534346537 +30336432393433346438316533646132636336613661623935303434646334626434636466636634 +37653532383538326666363864633165626266633331626239333536643663623335326262346232 +33393864646261643639663635343731336330366638633266373136346537373236336539356233 +33366536386463636462373865623861643466306331653938383934323232366463663935353830 +32633266613833666266646462393062336263633937396666653732306233613666376339353362 +62353236386337626663653064396564623933613535346264643630343766656462366164363864 +33386637373030336530363838346534636361373965613664386635313938343663653434323438 +65336433326661643864303738636362386239636239373265643139356563356166373161663064 +62633061393861316236653833353634616338333062393564373431636666613264646262663762 +30376334613639633233336536653631663866393535643039616333623636323764383862633235 +65636438316430383162663832353038313037623366386135393636323161303732646466373833 +31386463363265363161396330643539336566313763666136636265383531346638363964303762 +34633666323665666430333465396266626533353761373932666165393634313236396366326464 +32623963373638383133613535316461646632653831333862623536393531663536333161306664 +37366537646261333166633961656136386466643864623463643331396234386233316263303539 +30646234316437316633633761343361633234363661663465303164663662366562393539663666 +64373065313161333632313931386538306231303639393036316138613332376131663434366362 +37386262643366313465386332313335313434393134336134626265396164326430366466376331 +66616665313761366631366364346538323933373664643663616335363631346630626338343137 +63313833643262316664306261323839336666636361343032323938316232336136356139383061 +38373637386434653265636261616633636365303134653866643763333434643138373337383065 +62613335653332366566356537626266633334613766643666303261353239363034666639656463 +39363939653634646632373239616363316263386333326566383061323337363335643037353833 +61376364346164376333336131353638333032353034306361363536316134623535336363633531 +37343935643933666564663861306331663833656165666134646262373134643834373432326634 +66336431643164393336656161306333386437336133393062303231636130343464663434393332 +37373066646138353636656531363532366465626538333461353131613731363939303933616232 +35636261613433336232663532383065376137626266326161316530616666613437306361656134 +39363636633834303634333135643037626538383930383030633764316434303062346263646436 +33613662323735616563373330303965373033376166363136653761663864303761626665343063 +64343234363839623633363562633764656136383063346633386338626337616531656334646337 +36393331633938396439643032333136643766366437383934363333383466383738656333663633 +31656437386237666438373664623561333336383866613366616166313062366365303765646362 +33333930613961373036326639626364353133363933653739643935383966356130373437636564 +62313933623061336631323163653263393866363231623438623430303338656236353462333237 +65323334316136383236393234346261323638373536613165656233383535333062 From 2c0727a419eafbbec1fc3df27612df68728da3f7 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sun, 7 Mar 2021 21:41:42 +0100 Subject: [PATCH 118/146] Update the list of packages installed via baseconfig --- roles/baseconfig/tasks/main.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/roles/baseconfig/tasks/main.yml b/roles/baseconfig/tasks/main.yml index 0c13978..9210b5c 100644 --- a/roles/baseconfig/tasks/main.yml +++ b/roles/baseconfig/tasks/main.yml @@ -9,8 +9,6 @@ - aptitude # nice to have for Ansible - bash-completion # because bash - curl # better than wget - - emacs-nox # for maman - - fish # to motivate @edpibu - git # code versioning - htop # better than top - iotop # monitor i/o @@ -18,15 +16,14 @@ - lsb-release - molly-guard # prevent reboot - nano # for vulcain - - net-tools - ntp # network time sync - - oidentd # postgresql identification - screen # Vulcain asked for this - sudo - tmux # For shirenn - tree # create a graphical tree of files - vim # better than nano - zsh # to be able to ssh @erdnaxe + - dnsutils # dig update_cache: true register: apt_result retries: 3 From 64ae2a8521e2e87d2288a1ebf3786a7721f8c41f Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:01:16 +0100 Subject: [PATCH 119/146] configure postgres for services-bdd-ovh --- host_vars/services-bdd-ovh.adm.auro.re | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 host_vars/services-bdd-ovh.adm.auro.re diff --git a/host_vars/services-bdd-ovh.adm.auro.re b/host_vars/services-bdd-ovh.adm.auro.re new file mode 100644 index 0000000..18d6a15 --- /dev/null +++ b/host_vars/services-bdd-ovh.adm.auro.re @@ -0,0 +1,5 @@ +postgresql: + version: 11 + hosts: # dbname, username, CIDR ip addr, auth method + - [ "etherpad", "etherpad", "10.128.0.150", "md5" ] + - [ "codimd", "codimd", "10.128.0.150", "md5" ] From a625a58ddd3b94b7e79782fa189d215b47a90112 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:01:32 +0100 Subject: [PATCH 120/146] create role postgresql_server --- roles/postgresql_server/handlers/main.yml | 6 + roles/postgresql_server/tasks/main.yml | 41 ++ .../templates/postgresql/pg_hba.conf.j2 | 103 +++ .../templates/postgresql/postgresql.conf.j2 | 694 ++++++++++++++++++ 4 files changed, 844 insertions(+) create mode 100644 roles/postgresql_server/handlers/main.yml create mode 100644 roles/postgresql_server/tasks/main.yml create mode 100644 roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 create mode 100644 roles/postgresql_server/templates/postgresql/postgresql.conf.j2 diff --git a/roles/postgresql_server/handlers/main.yml b/roles/postgresql_server/handlers/main.yml new file mode 100644 index 0000000..731acb9 --- /dev/null +++ b/roles/postgresql_server/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart postgresql + service: + name: postgresql + state: restarted + enabled: true diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml new file mode 100644 index 0000000..696be41 --- /dev/null +++ b/roles/postgresql_server/tasks/main.yml @@ -0,0 +1,41 @@ +--- +- name: Install postgresql + apt: + update_cache: true + name: postgresql + state: present + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Ensure main postgresql directory exists + file: + path: /etc/postgresql/{{ postgresql.version }}/main/ + state: directory + owner: postgres + group: postgres + mode: 0755 + recurse: yes + +- name: Ensure configuration directory exists + file: + path: /etc/postgresql/{{ postgresql.version }}/main/conf.d + state: directory + owner: postgres + group: postgres + mode: 0755 + +- name: Configuration of postgresql {{ postgresql.version }} + template: + src: postgresql/{{ item }}.j2 + dest: /etc/postgresql/{{ postgresql.version }}/main/{{ item }} + mode: 0640 + owner: postgres + group: postgres + loop: + - pg_hba.conf + - postgresql.conf + notify: + - restart postgresql + + diff --git a/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 b/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 new file mode 100644 index 0000000..c9321ec --- /dev/null +++ b/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 @@ -0,0 +1,103 @@ +# {{ ansible_managed }} + +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the "Client Authentication" section in the PostgreSQL +# documentation for a complete description of this file. A short +# synopsis follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which PostgreSQL user names they can use, which +# databases they can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTIONS] +# host DATABASE USER ADDRESS METHOD [OPTIONS] +# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] +# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain +# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, +# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a +# plain TCP/IP socket. +# +# DATABASE can be "all", "sameuser", "samerole", "replication", a +# database name, or a comma-separated list thereof. The "all" +# keyword does not match "replication". Access to replication +# must be enabled in a separate record (see example below). +# +# USER can be "all", a user name, a group name prefixed with "+", or a +# comma-separated list thereof. In both the DATABASE and USER fields +# you can also write a file name prefixed with "@" to include names +# from a separate file. +# +# ADDRESS specifies the set of hosts the record matches. It can be a +# host name, or it is made up of an IP address and a CIDR mask that is +# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that +# specifies the number of significant bits in the mask. A host name +# that starts with a dot (.) matches a suffix of the actual host name. +# Alternatively, you can write an IP address and netmask in separate +# columns to specify the set of hosts. Instead of a CIDR-address, you +# can write "samehost" to match any of the server's own IP addresses, +# or "samenet" to match any address in any subnet that the server is +# directly connected to. +# +# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", +# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". +# Note that "password" sends passwords in clear text; "md5" or +# "scram-sha-256" are preferred since they send encrypted passwords. +# +# OPTIONS are a set of options for the authentication in the format +# NAME=VALUE. The available options depend on the different +# authentication methods -- refer to the "Client Authentication" +# section in the documentation for a list of which options are +# available for which authentication methods. +# +# Database and user names containing spaces, commas, quotes and other +# special characters must be quoted. Quoting one of the keywords +# "all", "sameuser", "samerole" or "replication" makes the name lose +# its special character, and just match a database or username with +# that name. +# +# This file is read on server startup and when the server receives a +# SIGHUP signal. If you edit the file on a running system, you have to +# SIGHUP the server for the changes to take effect, run "pg_ctl reload", +# or execute "SELECT pg_reload_conf()". +# +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make PostgreSQL +# listen on a non-local interface via the listen_addresses +# configuration parameter, or via the -i or -h command line switches. + + + + +# DO NOT DISABLE! +# If you change this first entry you will need to make sure that the +# database superuser can access the database using some other method. +# Noninteractive access to all databases is required during automatic +# maintenance (custom daily cronjobs, replication, and similar tasks). +# +# Database administrative login by Unix domain socket +local all postgres peer + +# TYPE DATABASE USER ADDRESS METHOD + +# "local" is for Unix domain socket connections only +local all all peer + +{% for host in postgresql.hosts %} +host {{ host[0] }} {{ host[1] }} {{ host[2] }} {{ host[3] }} +{% endfor %} + + +# Allow replication connections from localhost, by a user with the +# replication privilege. +local replication all peer +host replication all 127.0.0.1/32 md5 +host replication all ::1/128 md5 diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 new file mode 100644 index 0000000..768d3f0 --- /dev/null +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -0,0 +1,694 @@ +{{ ansible_header | comment }} + +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. +# All changes to this section REQUIRES restart + +# use data in another directory +data_directory = '/var/lib/postgresql/{{ postgresql.version }}/main' +# host-based authentication file +hba_file = '/etc/postgresql/{{ postgresql.version }}/main/pg_hba.conf' + +# If external_pid_file is not explicitly set, no extra PID file is written. +external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid' +# write an extra PID file + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +#listen_addresses = 'localhost' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +# - Authentication - + +#authentication_timeout = 1min # 1s-600s +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - SSL - + +ssl = on +#ssl_ca_file = '' +ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' +#ssl_crl_file = '' +ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key' +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_dh_params_file = '' +#ssl_passphrase_command = '' +#ssl_passphrase_command_supports_reload = off + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 128MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resources - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#parallel_leader_participation = on +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel operations +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE-AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +#wal_level = replica # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +max_wal_size = 1GB +min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Servers - + +# Set these on the master and on any standby that will send replication data. + +#max_wal_senders = 10 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +#max_replication_slots = 10 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt +# - Subscribers - + +# These settings are ignored on a publisher. + +#max_logical_replication_workers = 4 # taken from max_worker_processes + # (change requires restart) +#max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_parallel_append = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on +#enable_partitionwise_join = off +#enable_partitionwise_aggregate = off +#enable_parallel_hash = on +#enable_partition_pruning = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above + +#jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables +#jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables +#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off +#jit = on # allow JIT compilation +#plan_cache_mode = auto # auto, force_generic_plan or + # force_custom_plan + + +#------------------------------------------------------------------------------ +# REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Paris' + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +cluster_name = '{{ postgresql.version }}/main' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# STATISTICS +#------------------------------------------------------------------------------ + +# - Query and Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +stats_temp_directory = '/var/run/postgresql/{{ postgresql.version }}-main.pg_stat_tmp' + + +# - Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error +#search_path = '"$user", public' # schema names +#row_security = on +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, dmy' +#intervalstyle = 'postgres' +timezone = 'Europe/Paris' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'fr_FR.UTF-8' # locale for system error message + # strings +lc_monetary = 'fr_FR.UTF-8' # locale for monetary formatting +lc_numeric = 'fr_FR.UTF-8' # locale for number formatting +lc_time = 'fr_FR.UTF-8' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.french' + +# - Shared Library Preloading - + +#shared_preload_libraries = '' # (change requires restart) +#local_preload_libraries = '' +#session_preload_libraries = '' +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION AND PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. + +include_dir = 'conf.d' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here From d14306a86c225d5676b691b1f212d15b4086d38e Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:08:05 +0100 Subject: [PATCH 121/146] fix syntax for CI --- roles/postgresql_server/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 696be41..9ccbd54 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -5,8 +5,8 @@ name: postgresql state: present register: apt_result - retries: 3 - until: apt_result is succeeded + retries: 3 + until: apt_result is succeeded - name: Ensure main postgresql directory exists file: From a4c393d3fb2d711eb1c31c539581cad0aa6ba1ae Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:10:06 +0100 Subject: [PATCH 122/146] fix yaml ci truthy value --- roles/ldap_client/tasks/main.yml | 2 +- roles/postgresql_server/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/ldap_client/tasks/main.yml b/roles/ldap_client/tasks/main.yml index 94ed070..968b42f 100644 --- a/roles/ldap_client/tasks/main.yml +++ b/roles/ldap_client/tasks/main.yml @@ -21,4 +21,4 @@ user: root key: "{{ ssh_pub_keys }}" state: present - exclusive: True + exclusive: true diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 9ccbd54..9a42e8a 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -15,7 +15,7 @@ owner: postgres group: postgres mode: 0755 - recurse: yes + recurse: true - name: Ensure configuration directory exists file: From dbbaf0d26d4f1b457c504ccd53a525acc9897fd0 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:11:02 +0100 Subject: [PATCH 123/146] remove tailling whitespaces --- roles/postgresql_server/tasks/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 9a42e8a..7f119dd 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -24,7 +24,7 @@ owner: postgres group: postgres mode: 0755 - + - name: Configuration of postgresql {{ postgresql.version }} template: src: postgresql/{{ item }}.j2 @@ -37,5 +37,3 @@ - postgresql.conf notify: - restart postgresql - - From 8b9bef865e3719a93f5a969261c0fbbfa106aa1f Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:26:18 +0100 Subject: [PATCH 124/146] postgresql listen on pseudo-address --- roles/postgresql_server/templates/postgresql/postgresql.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 index 768d3f0..f2d1b3e 100644 --- a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -57,6 +57,8 @@ external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid' # - Connection Settings - +listen_addresses = 0.0.0.0, [::] +# listen_addresses = * # listen to all #listen_addresses = 'localhost' # what IP address(es) to listen on; # comma-separated list of addresses; # defaults to 'localhost'; use '*' for all From 1105ea88c189b11da1609ad556096072b8c25a19 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:40:17 +0100 Subject: [PATCH 125/146] rename VM to a simpler name (services-bdd-ovh -> bdd-ovh) --- host_vars/{services-bdd-ovh.adm.auro.re => bdd-ovh.adm.auro.re} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename host_vars/{services-bdd-ovh.adm.auro.re => bdd-ovh.adm.auro.re} (100%) diff --git a/host_vars/services-bdd-ovh.adm.auro.re b/host_vars/bdd-ovh.adm.auro.re similarity index 100% rename from host_vars/services-bdd-ovh.adm.auro.re rename to host_vars/bdd-ovh.adm.auro.re From 6951e017b7a5378175d76990741d4b331b9b2a35 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:43:08 +0100 Subject: [PATCH 126/146] bdd config for synapse --- host_vars/bdd-ovh.adm.auro.re | 1 + 1 file changed, 1 insertion(+) diff --git a/host_vars/bdd-ovh.adm.auro.re b/host_vars/bdd-ovh.adm.auro.re index 18d6a15..df77200 100644 --- a/host_vars/bdd-ovh.adm.auro.re +++ b/host_vars/bdd-ovh.adm.auro.re @@ -3,3 +3,4 @@ postgresql: hosts: # dbname, username, CIDR ip addr, auth method - [ "etherpad", "etherpad", "10.128.0.150", "md5" ] - [ "codimd", "codimd", "10.128.0.150", "md5" ] + - [ "synapse", "synapse", "10.128.0.56", "md5" ] From 0656dacbe84d13a9b5946ac07ff906ae6242022b Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:47:04 +0100 Subject: [PATCH 127/146] Add config for bdd local --- host_vars/bdd.adm.auro.re | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 host_vars/bdd.adm.auro.re diff --git a/host_vars/bdd.adm.auro.re b/host_vars/bdd.adm.auro.re new file mode 100644 index 0000000..d1e9353 --- /dev/null +++ b/host_vars/bdd.adm.auro.re @@ -0,0 +1,8 @@ +postgresql: + version: 11 + hosts: # dbname, username, CIDR ip addr, auth method + - [ "nextcloud", "nextcloud", "10.128.0.58", "md5" ] + - [ "gitea", "gitea", "10.128.0.60", "md5" ] + - [ "drone", "drone", "10.128.0.64", "md5" ] + - [ "wikijs", "wikijs", "10.128.0.66", "md5" ] + - [ "vote", "vote", "10.128.0.81", "md5" ] From 69c6d5b55d9f1967a7c82cd8cc7b1477919494f8 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:51:07 +0100 Subject: [PATCH 128/146] add and clean bdd hosts --- hosts | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/hosts b/hosts index 7cf9128..68488a0 100644 --- a/hosts +++ b/hosts @@ -29,7 +29,7 @@ stream.adm.auro.re re2o-server.adm.auro.re re2o-ldap.adm.auro.re re2o-db.adm.auro.re -services-bdd-local.adm.auro.re +#services-bdd-local.adm.auro.re backup.adm.auro.re services-web.adm.auro.re mail.adm.auro.re @@ -37,6 +37,8 @@ wikijs.adm.auro.re prometheus-aurore.adm.auro.re portail.adm.auro.re jitsi-aurore.adm.auro.re +bdd.adm.auro.re +bdd-ovh.adm.auro.re [aurore_testing_vm] pendragon.adm.auro.re @@ -49,7 +51,7 @@ horus.adm.auro.re [ovh_container] synapse.adm.auro.re -services-bdd.adm.auro.re +#services-bdd.adm.auro.re phabricator.adm.auro.re wiki.adm.auro.re www.adm.auro.re @@ -508,3 +510,7 @@ reverseproxy [reverseproxy] proxy-ovh.adm.auro.re proxy.adm.auro.re + +[bdd] +bdd.adm.auro.re +bdd-ovh.adm.auro.re From 76361de3f13ad14200e04311946b8307e66cb640 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:52:15 +0100 Subject: [PATCH 129/146] Add playbook for DBs --- bdd.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 bdd.yml diff --git a/bdd.yml b/bdd.yml new file mode 100644 index 0000000..485d0b4 --- /dev/null +++ b/bdd.yml @@ -0,0 +1,5 @@ +#!/usr/bin/env ansible-playbook +--- +# Install and configure bdd servers at Saclay and at OVH +- hosts: bdd + roles: postgresql_server From 879e0338574e61a9d14267929f6b5efb77cb5fab Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:21:19 +0100 Subject: [PATCH 130/146] Fix malformed role definition --- bdd.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bdd.yml b/bdd.yml index 485d0b4..7a0bf6c 100644 --- a/bdd.yml +++ b/bdd.yml @@ -2,4 +2,6 @@ --- # Install and configure bdd servers at Saclay and at OVH - hosts: bdd - roles: postgresql_server + roles: + - postgresql_server +... From 9ef6202fdf7da5f4c4fe4c378970bf504a35794f Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:23:52 +0100 Subject: [PATCH 131/146] Add configuration for users and databases --- roles/postgresql_server/defaults/main.yml | 4 ++++ roles/postgresql_server/tasks/main.yml | 14 ++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 roles/postgresql_server/defaults/main.yml diff --git a/roles/postgresql_server/defaults/main.yml b/roles/postgresql_server/defaults/main.yml new file mode 100644 index 0000000..643fc0a --- /dev/null +++ b/roles/postgresql_server/defaults/main.yml @@ -0,0 +1,4 @@ +--- +postgresql_db: [] +postgresql_users: [] +... diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 7f119dd..6748c04 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -37,3 +37,17 @@ - postgresql.conf notify: - restart postgresql + +- name: Create databases + postgresql_db: + name: "{{ item.name }}" + loop: "{{ postgresql_databases }}" + +- name: Create users + postgresql_user: + db: "{{ item.database }}" + name: "{{ item.name }}" + password: "{{ item.password }}" + priv: "{{ item.priv }}" + loop: "{{ postgresql_users }}" +... From f919ec689a57f4d7576f86cfa5f1493d60d78c38 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:25:36 +0100 Subject: [PATCH 132/146] =?UTF-8?q?Fix=20'ansible=5Fheader'=20=E2=86=92=20?= =?UTF-8?q?'ansible=5Fmanaged'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/postgresql_server/templates/postgresql/postgresql.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 index f2d1b3e..d2e1d29 100644 --- a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -1,4 +1,4 @@ -{{ ansible_header | comment }} +{{ ansible_managed | comment }} # ----------------------------- # PostgreSQL configuration file From 36b04239fd2c00947cc2cb97f1910004befbb049 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:34:58 +0100 Subject: [PATCH 133/146] Rename 'postgresql_db' to 'postgresql_databases' --- roles/postgresql_server/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql_server/defaults/main.yml b/roles/postgresql_server/defaults/main.yml index 643fc0a..89733f0 100644 --- a/roles/postgresql_server/defaults/main.yml +++ b/roles/postgresql_server/defaults/main.yml @@ -1,4 +1,4 @@ --- -postgresql_db: [] +postgresql_databases: [] postgresql_users: [] ... From 7a071552375f727678db742666fa06bfbf28db92 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:35:18 +0100 Subject: [PATCH 134/146] Install python3-psycopg2 (required by Ansible) --- roles/postgresql_server/tasks/main.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 6748c04..f4f3909 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -1,8 +1,10 @@ --- -- name: Install postgresql +- name: Install postgresql and psycopg2 apt: update_cache: true - name: postgresql + pkg: + - postgresql + - python3-psycopg2 state: present register: apt_result retries: 3 @@ -39,11 +41,15 @@ - restart postgresql - name: Create databases + become: true + become_user: postgres postgresql_db: - name: "{{ item.name }}" + name: "{{ item }}" loop: "{{ postgresql_databases }}" - name: Create users + become: true + become_user: postgres postgresql_user: db: "{{ item.database }}" name: "{{ item.name }}" From 8e855d7009f6ac7424874b9b2d2ea56c0deb5b70 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:36:10 +0100 Subject: [PATCH 135/146] Listen addresses must be quoted --- roles/postgresql_server/templates/postgresql/postgresql.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 index d2e1d29..0df0512 100644 --- a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -57,7 +57,7 @@ external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid' # - Connection Settings - -listen_addresses = 0.0.0.0, [::] +listen_addresses = '0.0.0.0, [::]' # listen_addresses = * # listen to all #listen_addresses = 'localhost' # what IP address(es) to listen on; # comma-separated list of addresses; From 40eadf802c691772e141fbd998e74e4de5682dd1 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:58:40 +0100 Subject: [PATCH 136/146] Add template and no_log for postgresql_user --- host_vars/{bdd-ovh.adm.auro.re => bdd-ovh.adm.auro.re.yml} | 0 roles/postgresql_server/tasks/main.yml | 6 +++++- 2 files changed, 5 insertions(+), 1 deletion(-) rename host_vars/{bdd-ovh.adm.auro.re => bdd-ovh.adm.auro.re.yml} (100%) diff --git a/host_vars/bdd-ovh.adm.auro.re b/host_vars/bdd-ovh.adm.auro.re.yml similarity index 100% rename from host_vars/bdd-ovh.adm.auro.re rename to host_vars/bdd-ovh.adm.auro.re.yml diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index f4f3909..6be936f 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -17,7 +17,6 @@ owner: postgres group: postgres mode: 0755 - recurse: true - name: Ensure configuration directory exists file: @@ -45,6 +44,10 @@ become_user: postgres postgresql_db: name: "{{ item }}" + encoding: UTF-8 + lc_collate: en_US.UTF-8 + lc_ctype: en_US.UTF-8 + template: template0 loop: "{{ postgresql_databases }}" - name: Create users @@ -55,5 +58,6 @@ name: "{{ item.name }}" password: "{{ item.password }}" priv: "{{ item.priv }}" + no_log: true loop: "{{ postgresql_users }}" ... From 06b54d5f8987840fac19526925c9f3cbd64c9083 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 14:27:14 +0100 Subject: [PATCH 137/146] Use postgresql_privs --- roles/postgresql_server/tasks/main.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 6be936f..0dc5c1c 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -57,7 +57,17 @@ db: "{{ item.database }}" name: "{{ item.name }}" password: "{{ item.password }}" - priv: "{{ item.priv }}" no_log: true loop: "{{ postgresql_users }}" + +- name: Grant privileges to users + become: true + become_user: postgres + postgresql_privs: + db: postgres + type: database + role: "{{ item.name }}" + privs: "{{ item.privs | join(',') }}" + obj: "{{ item.database }}" + loop: "{{ postgresql_users }}" ... From bd05b702bb4d37755adad0f2fd7e46474d82b1b6 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 15:19:39 +0100 Subject: [PATCH 138/146] Use '::' in place of '[::]' --- roles/postgresql_server/templates/postgresql/postgresql.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 index 0df0512..bcab09c 100644 --- a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -57,7 +57,7 @@ external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid' # - Connection Settings - -listen_addresses = '0.0.0.0, [::]' +listen_addresses = '0.0.0.0, ::' # listen_addresses = * # listen to all #listen_addresses = 'localhost' # what IP address(es) to listen on; # comma-separated list of addresses; From 628e11488d55675913b060a466f05a0f7e115038 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 15:22:01 +0100 Subject: [PATCH 139/146] Switch postgresql to english --- .../templates/postgresql/postgresql.conf.j2 | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 index bcab09c..1085939 100644 --- a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -607,11 +607,10 @@ timezone = 'Europe/Paris' # encoding # These settings are initialized by initdb, but they can be changed. -lc_messages = 'fr_FR.UTF-8' # locale for system error message - # strings -lc_monetary = 'fr_FR.UTF-8' # locale for monetary formatting -lc_numeric = 'fr_FR.UTF-8' # locale for number formatting -lc_time = 'fr_FR.UTF-8' # locale for time formatting +lc_messages = 'en_US.UTF-8' +lc_monetary = 'en_US.UTF-8' +lc_numeric = 'en_US.UTF-8' +lc_time = 'en_US.UTF-8' # default configuration for text search default_text_search_config = 'pg_catalog.french' From 4f6eda832985edc2a721d0503c49119599916456 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 15:57:19 +0100 Subject: [PATCH 140/146] Use /run instead of /var/run to please systemd --- roles/postgresql_server/templates/postgresql/postgresql.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 index 1085939..f28c61e 100644 --- a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -47,7 +47,7 @@ data_directory = '/var/lib/postgresql/{{ postgresql.version }}/main' hba_file = '/etc/postgresql/{{ postgresql.version }}/main/pg_hba.conf' # If external_pid_file is not explicitly set, no extra PID file is written. -external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid' +external_pid_file = '/run/postgresql/{{ postgresql.version }}-main.pid' # write an extra PID file From d16f4441301a15e34f238e45335ad5ed98b3de68 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 15:59:21 +0100 Subject: [PATCH 141/146] Use a dict for HBA hosts --- host_vars/bdd-ovh.adm.auro.re.yml | 26 +++++- roles/postgresql_server/defaults/main.yml | 1 + .../templates/postgresql/pg_hba.conf.j2 | 91 +------------------ 3 files changed, 26 insertions(+), 92 deletions(-) diff --git a/host_vars/bdd-ovh.adm.auro.re.yml b/host_vars/bdd-ovh.adm.auro.re.yml index df77200..78aeff4 100644 --- a/host_vars/bdd-ovh.adm.auro.re.yml +++ b/host_vars/bdd-ovh.adm.auro.re.yml @@ -1,6 +1,22 @@ +--- postgresql: - version: 11 - hosts: # dbname, username, CIDR ip addr, auth method - - [ "etherpad", "etherpad", "10.128.0.150", "md5" ] - - [ "codimd", "codimd", "10.128.0.150", "md5" ] - - [ "synapse", "synapse", "10.128.0.56", "md5" ] + version: 13 + +postgresql_hosts: + - database: etherpad + user: etherpad + net: 10.128.0.150/32 + method: md5 + - database: codimd + user: codimd + net: 10.128.0.150/32 + method: md5 + - database: synapse + user: synapse + net: 10.128.0.56/32 + method: md5 + - database: codimd + user: codimd + net: 127.0.0.1/32 + method: md5 +... diff --git a/roles/postgresql_server/defaults/main.yml b/roles/postgresql_server/defaults/main.yml index 89733f0..8eb5639 100644 --- a/roles/postgresql_server/defaults/main.yml +++ b/roles/postgresql_server/defaults/main.yml @@ -1,4 +1,5 @@ --- +postgresql_hosts: [] postgresql_databases: [] postgresql_users: [] ... diff --git a/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 b/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 index c9321ec..3a56905 100644 --- a/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 @@ -1,81 +1,6 @@ -# {{ ansible_managed }} - -# PostgreSQL Client Authentication Configuration File -# =================================================== -# -# Refer to the "Client Authentication" section in the PostgreSQL -# documentation for a complete description of this file. A short -# synopsis follows. -# -# This file controls: which hosts are allowed to connect, how clients -# are authenticated, which PostgreSQL user names they can use, which -# databases they can access. Records take one of these forms: -# -# local DATABASE USER METHOD [OPTIONS] -# host DATABASE USER ADDRESS METHOD [OPTIONS] -# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] -# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] -# -# (The uppercase items must be replaced by actual values.) -# -# The first field is the connection type: "local" is a Unix-domain -# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, -# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a -# plain TCP/IP socket. -# -# DATABASE can be "all", "sameuser", "samerole", "replication", a -# database name, or a comma-separated list thereof. The "all" -# keyword does not match "replication". Access to replication -# must be enabled in a separate record (see example below). -# -# USER can be "all", a user name, a group name prefixed with "+", or a -# comma-separated list thereof. In both the DATABASE and USER fields -# you can also write a file name prefixed with "@" to include names -# from a separate file. -# -# ADDRESS specifies the set of hosts the record matches. It can be a -# host name, or it is made up of an IP address and a CIDR mask that is -# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that -# specifies the number of significant bits in the mask. A host name -# that starts with a dot (.) matches a suffix of the actual host name. -# Alternatively, you can write an IP address and netmask in separate -# columns to specify the set of hosts. Instead of a CIDR-address, you -# can write "samehost" to match any of the server's own IP addresses, -# or "samenet" to match any address in any subnet that the server is -# directly connected to. -# -# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", -# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". -# Note that "password" sends passwords in clear text; "md5" or -# "scram-sha-256" are preferred since they send encrypted passwords. -# -# OPTIONS are a set of options for the authentication in the format -# NAME=VALUE. The available options depend on the different -# authentication methods -- refer to the "Client Authentication" -# section in the documentation for a list of which options are -# available for which authentication methods. -# -# Database and user names containing spaces, commas, quotes and other -# special characters must be quoted. Quoting one of the keywords -# "all", "sameuser", "samerole" or "replication" makes the name lose -# its special character, and just match a database or username with -# that name. -# -# This file is read on server startup and when the server receives a -# SIGHUP signal. If you edit the file on a running system, you have to -# SIGHUP the server for the changes to take effect, run "pg_ctl reload", -# or execute "SELECT pg_reload_conf()". -# -# Put your actual configuration here -# ---------------------------------- -# -# If you want to allow non-local connections, you need to add more -# "host" records. In that case you will also need to make PostgreSQL -# listen on a non-local interface via the listen_addresses -# configuration parameter, or via the -i or -h command line switches. - - +{{ ansible_managed | comment }} +# TYPE DATABASE USER ADDRESS METHOD # DO NOT DISABLE! # If you change this first entry you will need to make sure that the @@ -86,18 +11,10 @@ # Database administrative login by Unix domain socket local all postgres peer -# TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all peer -{% for host in postgresql.hosts %} -host {{ host[0] }} {{ host[1] }} {{ host[2] }} {{ host[3] }} +{% for host in postgresql_hosts %} +host "{{ host.database }}" "{{ host.user }}" {{ host.net }} {{ host.method }} {% endfor %} - - -# Allow replication connections from localhost, by a user with the -# replication privilege. -local replication all peer -host replication all 127.0.0.1/32 md5 -host replication all ::1/128 md5 From 5871e1cfb8012e13359f633571b6589cb486c6dd Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 17:13:13 +0100 Subject: [PATCH 142/146] Add/Update password for postgres db codimd, etherpad and synapse --- group_vars/all/vault.yml | 361 ++++++++++++++++++++------------------- 1 file changed, 182 insertions(+), 179 deletions(-) diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 1823262..f961428 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,180 +1,183 @@ $ANSIBLE_VAULT;1.1;AES256 -36323837313536343438346161633830326364666265343833323539626361653065363734393533 -3062363534346566626433663561313034323930623565640a363866396538623763393232383462 -61623430366665323931393339373665376536633631306639356435323939653434616163343365 -3463393937653666620a363639643662373365343261613831313165653837336461623135633062 -33313632363236633838303430656334383539323937333036396135313433306566353132386634 -35626431623730336635336136356437343639656331363462313064373038636439393631653264 -35666565626132653665336163363965326265356339623838326238303865643632663233313464 -64633434346635363033396265646661643766313339386337333030353561326165306663613834 -62393565343036366534666166323238653939616433343866326338313332623062366439346436 -38363930646639353263663666333332383632656261633038363030613334663239373134343138 -62386233653264623437656535316532306432626531623239323439666437643364643537666139 -36323262643662313261326434663931633031643061323438643335616534356464613837343632 -33643761306538623430633031626266363531353432373930343435613934626231363234336266 -33353962396435623836666664346666323564393135613865373966316266313336613538303263 -36646564623039366138306332383663363765653063313436366432333438386534616439326132 -36623234653633653931363939386265306439383030366539393836303164353232653939613231 -66383761373965663939613262323262373938663964373961633762356332663965363364623033 -31303236373864393039363366333732666438313061666534656434303634616235393336346532 -62613565396163313833383435656431663662626166666532396138636635643833303462623863 -62343634326536613030643663646134653131643232343033633234303234356239393264666435 -62323961346236366463613466376434333639373537376265356334623430633865353866616132 -33363437633365633062383939616134316165343939383730366231376338613638393633616634 -33313064346434343435313238333538363165333237653339653635643339623732656237343138 -33376231383832303561313633336533396139303666363365373765633836366434343466653736 -38653764353861333431633837646538303332613234633632363134313563663861326234663964 -39306364333031656634643737316562653738623436386366663034653230626632353162353565 -64613133356364366138636434333165666663633231626234326562636333666134626136656533 -33363830616637373831666230323432643863663166613061613839303538633133633466623161 -34373761313135616638336638353433393362633738313965333964376664616631333138383366 -66636463303637613263353038386436376331633539336639313264636261393037613536363233 -63363030323466316161623162626338353530326362653334326338366234316530336439356161 -61616161393966646235343064643934663830343738323231643165316338393233663432383235 -30393734643131326333626566303263313361653833363032373462386266616664636539303462 -37656566386236626564633065376666396261393132653639343931323637376333343966646666 -36643737396233653639356461666637346639663365396137336637343462616138643261636561 -66386433363734323363633135613636316537663139353838326139353966646431616135393730 -66353534313131646662323239353035636433306438326232633738343662643738373564653434 -39643636343530353664646565376161303139636264653431656630623761643234366538313135 -36633761623832306666316230313731306262333661313339623930636261663466636539643431 -66383464623433366462383363636239616635646533326531356635653664613737623636656164 -37363136323035333434646437366361356366313030353333666530366563343166636264323937 -63313033393264376138383437646235393938636466396333333561646330643438353931383033 -34383133616364666533333732613362646439373339616536353333656635666266356333373730 -38663036646530346635326337616630633031383766643832303565353162303364646365633831 -31623461323838366663643534323963643964363439356661373165643836383133663566623336 -61633431636635333239386662396663306130363864313362623832363065653265653332383537 -36353935656364396138336338383138393563363963393633616137613165333336656334633737 -33653739643438663665396165653430353535353866653563343336396461343036346534623531 -64303932643336393062343765346634663166663230343039366362326133393832313564316562 -36333733376664323531623031376138326663383037316435383938386561393030393061633738 -66386363383064353533306461393831646436396335313664303038316135373064646434336336 -66656135396662336461643266626537623533303761636166383761356339353533303631366461 -38396466323865616564656632623834376164623464323466613830313663633366376163656562 -64663662376264383330343863313134626637316133633531336534333261646631343532346436 -32616332653832613937393864316537363964373437393162653264643730326533623637353639 -66646265363463303562623935626166636463353966663233656335323338323466306334623464 -61626532356438393732646135373933636166326666316564336636313963336136373331636137 -63343964613663303665656237366463363264316134363063326263393233323263386230343761 -32656335353935313362323734613466633238386664346538356137343632623032366433393633 -65313435353334313730636264646237343230336262366163633232326639393330306637373534 -62343562343464326566326165653235353931326535626230656334353038623139643837346332 -35623133386336646535343435306538623962633030353136373831323063653261333930653166 -39326661323163636534633433663037363866646535353931336166653738306634386332646236 -39366139373933326538626166613634326333653330653636343230626138386466396466656532 -37383565366133626364393432313634303630316265373832656666623932363363613061316434 -62356239356531363236643039366437653762616364366332313833396661653863303138373262 -64323665656537333433346437613766613237356537646262353731653834373439343362356565 -61373530656134656134343763393263306165393635646538616635643136363636313030356562 -61326635373737376636383934366136396566623634653539346631333832343066373235613463 -64316536393433366336656563333733336461373033636466323936633138623465333239616538 -38383836303530356164333733333265396536333231313664633464313436653738616532363639 -33666133306562336637396133366230356162666639356238393265626164636631376539363738 -36383837636262373339313865663435643565343638313631666166636232613031306663653632 -37383430323366373163353235613138336666353430626262353830326362396265396639653635 -63383761623133383266653764613330646533396439646465343536313664666631633538626135 -32323437386531636435386161633437666133303565613139383839623530636137306531643765 -31326130376664613935613431356235656363306136643831663935383161313161303430386434 -31656364393534393666623935333237393264333839626136626531386364303431366432363037 -31663962633465353131663035656337636362313337303532396163316538613565626431623161 -66346533626135303937633364393533663134326139303661303239663332333637363866366631 -39663837393836303432383436643938613833653633663633373636623435663139303736666234 -66316365376266623235326265666438333735356638643332343438623436326561653634396638 -35393736393130373234316461336634323763396564613638393564366262376535666238353634 -66303964346537363161356238666135653666383534393338323331323364363439373839393335 -34363037306636363163626566366633336666396364646664346636613661346139326234636232 -37633033356438633833326231313733316531653137623263353765633432343637353931666437 -34336561316661393232613237353937366331643466363234383031303664386565303332663637 -64666364656166353938336665306232336338383161326331636363336634666436323532333361 -39313531633831633230656131306637356337346230343930663861383136303031666637636337 -36326439346566366461646561313665386163303634376361323033343538396138386166633166 -64393735313137653764323963323039306531656639306638663437353034363838393466353436 -34616335633235366634323233373537396130333938343133343265643665316438626635613136 -38383763646463356463326235313539356333633636303535333865393331623936633231616561 -64353337663665646333383830623966353134646563663832343839333039313130326634366162 -37363337303033393039313630333535616665643033616334646336366265373033626266383061 -39326366316663333530323632613462316538653966386463613439363137323139633232393565 -64373466333632613933356364333166303535643464393135366536326565333136656633313366 -61656361643866363931383231636636383434393637363965373836386433316564306430616233 -37653864363832363231643461343461323534616635663835386262383963376166666464313433 -65323231396162333937373261383336306665363936326237643537623235613337393738323037 -61653563333532626161343336643136663161663733346462343035373534363962616631333833 -63313633646166326538343366663865653737626162363463313862643661326231613437633964 -30643366346136653135626236663932303736643331323231366439306435643163633438353035 -32386434396638306465346165363938626135303134326335343739376563386566323964323661 -64636134306233383437656165626232643731313037316634633566646331383864343138386335 -61613562386138656339346665303962656330306261363330633161623063663433376537653037 -31633965633835366464373938343164396366393439626432336237353066376333623136333161 -34386537663964306434346364303637623264303063633531643361386437373766313336326330 -39326163633231663138393632343064306430396166663362316137616236306566663432373331 -65356661353133666138376137386363623133383338393561333365663337366637626132333735 -62383636383333323432363730353136333836636662656163323830643638623932353133313962 -33316563323865336239613466343034663730313633326364363432326433316233326166386132 -35393534343962353461303536386139373338336533653530383664303734656236646632353937 -31313563343439663461636336623364643130666330383932313839373161653433366564626530 -33303565333438323136343531313133653136633636346666316138356361326162393635376531 -36336463663863613661353664303135313233373561363866393832306333363361316462643165 -35666637663739613830386562646266643263633235623230336133653135376662643333363661 -30386531306335613538373635376664613434303833323835343235306230633038363339383432 -62623462313530393361323465353134623638363962383833373530346561303439363933646361 -39623037623835383366633635363636616330646164313664303037633665373463653233616432 -61303133663731646531616165376330333764313038353137666264346135353737613433363161 -32376365343265326239373764336466366131326661613730353536616639376364663139643138 -64353663643161653539336638336431393261343366343338396162666461356465303830363435 -30363330666563343732396262343034656264353237393238636436663661333431393332616561 -65653564353864646665306662393937623439353531613930643365313765313130336166363531 -35316537373237613364393263653764333736313563363362343436333162303464356637393261 -31376336373739626363613237633236356533646430653531656535333064313437613063383035 -63623333643461613364633538663462396138346537306538333132323231333864663632303364 -38343239613633666265303364353035313861323430666362333566363530626631333032633332 -33626364653239343436636234363934653730333839656333343161303633326530633432326231 -65303766633465396232306230343861363432393537306139663339316635643662306432373661 -37383361626261366561303632366663656135623730366462623964396332613764613636373736 -65386263353934653764636636316464303164363835313732383062356436366633616435616133 -62653361653965316332623266376636663131643464376362333061393964346265323034373962 -62333366643264656337366530303137656630666230376165633437653132303938616162346463 -31356235303039323937666134363133366632363937366662383561623764363132666634303030 -38616366666563613763623738393334363932393630303661626234626463633331643139366334 -65636661303730373264626132313835623436316561313064313062333137643737653130663835 -65323464383366393139646262626439656235306136663139323465363362633030363634636462 -32353536636538636637653834616566363833363639376666343864356231633737326130646433 -36613237323137356162386266373664653365653930623635393031386362633835383062613332 -34313166376362643338346630393132626364646539666530356637643864646136303164393130 -66616265653465626136333130653835636265383363666161316330396132356135396264323833 -31656434613535333138653733343432383331313766613966313834616665343732356430333135 -37336536363137373539303161346161343464613166663138373630646539316430633265643866 -33363335626232353736396531653065663735353039666434326465613139316266613239303263 -38646130356363643063653865656463643863396237656162303739343665333038383437663339 -39343161343666663731653265373531373465346438376463656535666136346334336431356536 -65656262383061386137373639356435323964613065613932386661386362363961656364633431 -31323037666465623466306430653133343836303330343337653131303630633231613161376636 -63386363373938396664633562313132643336353465303236313666653064626162323431303563 -62316366653735353038616537633036336430396365336433396138636465333061343164313464 -31306166396264303063366239333538366530333235646663656263613964613435326431303933 -65396137626634323432306439346364323039336366326562376531343938396632363330646538 -32386137333636323334666265383931653064303734316430393762333462396462396262343432 -39656437316564303833373132343162376238613531316465663634343934343564313336613330 -66633761353536313237363038336363376363623634373065383161666639323165383662373766 -39323361623930653764613566316462653730613632663130613039363330383533393865633233 -32613533306166633030313761376264646335356236616161666461363731313934346231376564 -31653065373237616562643739623432623132313965303161616162356439323064616331323136 -35666263373333336136336362626565363037643836346564336536633566636138396232333037 -63613134313130616432373838633964616634346132353061663337333662396339373665643030 -31323431366361643335386534393739656632386539356133613062653266643739313465653465 -63663438306362656436383634396461383233323766356632373133626139363165663734643835 -66613565353837373134373161656434396266316261643432323633393961633861313032623030 -32323830633038306166656164373465386334666266306361396266313764366136656139336562 -36326138636130383032663066363532303464386562643535383439363630643031386630373439 -31656636333034303131313433343236313661353961396533383839383734336461366164373539 -62386335623036646462306162326333666366366133633661353163386633663235646566333332 -65616533303636653066643339333765626139393561373663653663323536656433303561383738 -61636266643663363961636439303534316635383362616530656435643764383433323433613639 -36373864643164373364316536303962633533393866393965346261316632363338373065616436 -30653433386536386131643230333761363639326532333837623638643831383663333766616137 -34656665653239313936386337653435656435316261366137373138643663313630613863326261 -38336433633538393864356137616465343831626539323336626665663036653335616665323763 -32663661383966613362646431316333383466393531653364636462343634626564343438653332 -65656266626466323130363763346436333763343162373361326166636430333563373233313332 -37373032326665646265376135633765643466636533643965306161383962626533663333336536 -353133313336393639373965653035323366 +30333937303238376536303166643966383131366566613435346433313461333366656366333637 +3365373234323063303538386635323230616665663038390a636533363233303666333936613136 +35303931383338383035636639623238613338646264623939343539633037323264613036383266 +3339316238306263320a323761623938396364396638623461636136393361636237343936393336 +31376535623265313132366435306562626432326462396461643663636238653830373336373137 +35663261343964376137666361383662323964613737393431666635326132363930336236323731 +38666263656535643661646233363466363861653862663633353562373835356135653665376663 +32323161663736646263363863623061303339366339653931643632396566613537373230383535 +64643862313961623564336665356462393531313939613563323330343265366237643131633936 +36623434366366666431396337393766656537323465313531646561313465613838343839323532 +61386264363061303137363165356365643836646233333861326535343865303333616166643630 +35643665646437353762303331613032653130323930336263336334636661396262646138616231 +37363532366666323434343735643332386335383664363761373038373934653765653939353039 +32323663376431373664366236366439396234376139303164383935643431646330663134396365 +35363930336261316463353932376337323235333661633164373166343038376332626564626534 +35353637363939613131386336633261393531303235643933633264353935636366623433336366 +63396131313664626364393663343764663663373436623930343633333136353438653237626232 +37336235393037393330613433383564626263353939656265616166643733646661326135343563 +38646362373135386163333362643165373334633036346132373634616330313664346238646462 +32643634646464623535393864363565636139393562353364313264303264316431393938656338 +66636131646339343237393234316365323266356265626430376236363763303961376166313432 +62343833373565653965313463656530363432376130656630633336653766633433626134343463 +65633135353235666562306463383536373733303831383230353165623964356639376337386232 +36343639633539373538323465356436313266336364626131656462303238303338613131656465 +35636136643263313938613039306339643763343238336332663737373538653839313736616662 +39333437323563633136383737613063333931303736376235316636633030303637383939303235 +35323932336262343061666639646662353563383361313835343433343338373730303430646635 +64363833323264666533653466366665313438366635643333666432343832373162313364303863 +66393231353130323232656134633938626433303238386634383766386334653362333162616366 +38643730303835316161643766353436633862623264333731663632343161616634333239643133 +65346164386666356566636532616530363766653662306561343863383262316233356338633234 +35393064373538306633356538386261646232383064343565613966336436356637333932336564 +39336563306364316364646464663234386335623235656335306162633261393032386331636361 +39613263653838316238623230636637313061353037383534663836666637376132633738383032 +34643561366134663932376261306239326366323935313739633034343765343761396233646234 +37646363313463316538626539316365343839613039326261653839386630663863313964326665 +37306534636664333964653932653534346564323531316535633736373965643535396437656433 +33306536366634336166306235333735663933616635633561666331303530303630653537613063 +30633731383937346335393465656538623233346437323137373038633733386563313338393364 +36636666306238633166303032353163396365373231326232356366396263363464636436656262 +61363233663363613035663836646635303665626630643138663731656538383664306461616662 +37313630663130346637393366393930316336383838363431613339353434646164323338643564 +61333732333661323364336531343237643632353364336533633766316235363763353033656664 +65656532383266353264356465303135636561613038653435306633396461633038373035376164 +37366338646165333564613639633539353363653862393034313763333363396236633462396133 +35623932636164353739666433393465393031303337663239383538656537393365323164356232 +35326131326333303731623933363262356466663864333665633565623336346437613439316338 +64343466396331343035303532633632356532626133646136393061613431363762343339333238 +34616535633133666162316132366333663738656538353439313961323464666535333839383837 +34303331626539653163643539363763363538306238356332623661646436663635623364383730 +64623564386538666237303066383936666461616363343836366635313634653664656530326439 +36323764303130353731336333366438633737313535633361316330363436333032363630646337 +66626466363231393938386537633234623230323662346263643839333837346531323636623133 +62333438666562636230326530393535306465396334623464343330393336393934303336633237 +39653831333839316338346335336339646238343430356464663039396133343532363364346235 +30663739373466616434393230383832633137313936373331353637653866616532323239353237 +39663030373639613164313766623532383566373430383139666538373536643463303331346166 +38623762336630313439343263383833303762373030383035336538626162626164376133303633 +64373236653462393932633862363866386661356139663835336231316366656637303062323233 +32383131343561333361663466373964656364303235353531346661653431303234616464353236 +63653535363137333033633534616365363261353733336136333564303566393766643037316237 +37653732363230313031633433343230313839393135653137353734653435626431356539343364 +38383364353262303463323639373766323965336263363035623330303039613735343362353865 +34613332636366353333643533326164633637663061363965646464303162616132343330356131 +30613230636339653263343631643962623364356564333066306339626230306239653466306231 +61366437323639353563663666303933393535616136343736383133396238383466303663623132 +63616466643235623265343837386266333330633662613366616163666334643731656335323862 +61346432343366396664616531626530353139343763316530633766303139356536333439383663 +34306466353839653261633233353637353863666637313030383939336233353131313236343561 +31353166323062303238386439323834626537333862343733616536363165663133343531333630 +36383438656137336330353263356133333233303736366536316339656264346435323464643364 +33633262343666623761356131393464623433646437313161393965363132303537373537336166 +36383239386330313864323166386133313162383533643435356265316630386535663764326137 +37306365613463303539323837333539303262306331353332323931393161303663393765636339 +38363532333761323038346661346338323632343239336466643664356132393138386161353161 +35666435663231373065623337356630666132353165333962396635666336633739616562303638 +36313161363265643561656134363932616333306362303965306362343837333366363339323336 +61326239346330373833323465633961366335336530623834636232383638373761346461376234 +38613862386637306232386239353864306230666637333664386135393437653835343232666138 +63306263396337626565633736343865313237326336626333626639393233393864303662633766 +39643435313463326364633336613735323936356261656662396538326234613331356163383334 +63653562386636323834363962623335303636336138616137303230663336343130613537366231 +35366235346261646132396231616136363437636565383235656462366265353765326163373832 +33346265303964316336393837313161356366616134353733376130646234616137663162396530 +32633038313535313232336532356538393835303039343563363833373839663263363531356134 +66633761343066313333366663313961666536383865373766326563326634656335323232336231 +39663932666461623331343730623965396136616337643161353363316664623538316361303466 +34316636663138663033643964356161323730616333336333336239653237323235386531643235 +31363161396230656265616562346261656230366362303735326136613939633339393563316664 +65303065626463633862663837353636643030366463353638366563363631666264633564336261 +34333231323665666665613536336434653864366165613063653839643064383662613665663138 +31326134366164663639386261656430333966386432663666316333353165626463396264616462 +37643132633961323532353237383433326633383337313131643934663363633364393536343134 +30623137323038666239326535646534353734653234666566313334653462393338303962636564 +66303736333336336638386132343166613834386138633633343635613262613537346464313062 +36336533373035313135653234313832316337333738303836663039343139316633636331343862 +63373036363237393562363861333933303636623435353562363666643136353665303431613465 +64616230333230313632353364396565653337643333653933303733613761383138306433386363 +62343636316166376131363231623766383038663738666462316238626531383137336662656234 +65643265643631303364356232333535633931613236613137613435343061336362313332306138 +61663230316564323335383132363133333139353233636566663332356138303139363638336461 +63363063616136356333363465633137646234343036316463636130633566316364303662656461 +64333366363061623535346434613664343464666135316136363062333131363030326333316338 +64316133633735663234373030333836313130613663636234653033323030623263333839313139 +36626438386666333233356161643432613139313231316336396434663165643565336235323565 +62303735323966363235393334636232343966336535303863346362386365353166393965643335 +31363036623433313137336665313263663761383436396263396631316535363665633136373239 +33393739623438383466633830363135646536323935363963653536356334656438366338376264 +37326334656239666239376533366236306237306664666234343332646366393662343735356466 +32626364373362323136616663333136363561626337323962386439616237373861346662626165 +30383032663337633735613866663665623633356166623862303965313466623761646231633930 +63313432666435316662396534383632626333376162643132323766613832656635353161626637 +32343935363330666332613633363465643732333030356331363263333035323863633362653031 +63376539373865636366343862333861663137643666613732636538356637313966353461336462 +32626166643534333934666133376239363966393337356134633366306563303065316539663233 +36333337363337613764383162373536396234616336386233306630343762386132373135383131 +64663834656162306636356561303736353961373134323138376564363966336135323366333730 +31653965623962323439353234653439333563346636623762313565343961316666396161616330 +32306137353636323330373564653038343036356635346635343131326635643364306633356465 +34373965313561393966363363386261656638646237363233613863643839653731616330663666 +33653238366630323033353736323861376138313630376163343362643633643934663161373733 +33633164313562306237393363383262613038346535623166633533336438636362373033336231 +64303033303531306631323337306130393538356265313066396637633061333561313566326163 +34393530643532373666396130313231363765343739623239656235643637303062333838653661 +33316463656238316533343462366338336134326232333561383732353561306632616635343337 +30393131616132663065643366313937653138346637626665663739303866343939623564363761 +35373961326135336531356633356637646161613265633765313132613238373562363330386162 +66623230353564366635343332343564386161663438376431356232636237366437623864653530 +37666438633731366562666136323239623462376435346535313933633866343564626633366164 +34333431633939616238373561393830393130653366366361613465663538383639636230613566 +65626234386632353262303933363637303835646438613139373334366364313166613466663564 +34306564666463323432663234633561306164323036636339333963363036326432633538646362 +36643662616564316236323334613365333666613233383165326638336134393934646464303062 +65616537616538343866313763636164393236373334316234666564353639636330333332393833 +63353962623336653666613361326265353762636263346331396639373731323832396130386662 +62633030636537633265306239383466346636393436366135383434366439333434373532336530 +30616334613232653734656330633130373865303639656436346439316334383437626466313431 +37313664373561346130656337303161623635363434613732336531623366623265383130386430 +62323066663564626336343032313932373561646638616531343034306665383137633932646162 +38633131366331323836643164613430313565626332366637356262653936616664363036303939 +62383031373566643334353735616632663166663163343233326561633833363839303036623836 +61343039626566333238653235313238383239316535323965663465663634383039613436333735 +30633037663637663562666437376336613963356531333436363863313364383733306438326162 +33303763303063333264643434383164613863653939393531336361326264393332666163653464 +31376365633535326462323763626162313336396266353236646462643233613232666438383766 +31646331373331616262383666316561373061393966633935623464663565323062386462303738 +64393836666439346236323932336637646231363166363438373866633461633534383165383430 +30373437316530383565393439323335653438303561353463363261663135653361343166353533 +39623135386662663534613461643863343035663839616333343462643265636235316630633737 +31663233383332336235386133373236633866373865303231323637353933353336316538616431 +31613833356538333237306266303866373935343862663433303466376461393336636630343539 +66653965326165613862626135656163396330643535303339346263373235383262666330376333 +35633861316332646336303462303135646432353439343230333765666261633834353030383531 +64636335326166353730643764636262653730383235363765366234373738653062313039393530 +35373763313865366562386265666264326265666533613630623237626238383531363965333264 +65666233613061653763313964653632363539376133656362313533343033326135633734366561 +33643635313161376533653861303731373539323738643462643032306138346365613064323231 +39313161393362363263353064363536636532383435633638613239363463653862303333663065 +38303863323233623966363237376133663630356235333033643661633664346264643865353166 +66633937616236656135636265373334623461306362353032633765623930653331386534613631 +62623463306635383266666534303261326236343231306334373434316634666165353165396233 +61383038363134646633656163643732323764323462636464383139613531303333336137396464 +32363433633965393039343861663562376561313630646338363338333333663635663937633061 +66386164636166346634623832633333333261633864336535623732396434386531353232303534 +32303433663433383564323234396534633335623534306631353766613339366536393061363233 +34613061313238323136343638386139326130353863343131356565376632376466323666306639 +35333839313033326237643361393439336162663930333731313834623034336130383432653865 +30633461356439316530633063663732656234373436663463646566303861653039656139626165 +31356636363231393936633739393830616631666366396231613561656337363136386130366164 +38616338613737326137353765626433343336643237383239656362653035623065633333303535 +38613436646430333933613633653534643632623365353132343432336461383036646630313565 +35326633356539323433346434616137343833383739653562333265313833663537613235313130 +32613061333030353065373135346636373130326166356163396338396166356137613835333437 +33366162386662303839613938353962346634313730323635316231383431663233616232356565 +31313638353038636266613834663666636134353864333666623536346561336433373966303538 +31353037643737656334396233313131353166383633313531323939663237353563656565356665 +64336632396165376361376534623366393032626232346137663637393966336365373435646462 +39383939383663663562626564386432323837616438653531643737656636623234396530376433 +62323131356235616461383532363065633864396230313764326138363565373263616538303261 +37393139616236353239613130386637633231383235653439356139633033373635316364353731 +62656561366636393938656162666462653539313665353939336537666633663430363333653466 +6333613030663163343838306631313935323133303134646565 From b3fa8a455dbc47c32c09acbe9665a6e659951ac1 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 17:13:56 +0100 Subject: [PATCH 143/146] Add/Update password for postgres db codimd, etherpad and synapse --- group_vars/all/vars.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 599e834..4d85954 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -20,6 +20,7 @@ ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}" postgresql_services_url: 'services-bdd.adm.auro.re' postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}" postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}" +postgresql_etherpad_passwd: "{{ vault_postgresql_etherpad_passwd }}" # Scripts will tell users to go there to manage their account intranet_url: 'https://re2o.auro.re/' From 630377edad07492ec340429901286d095b193f58 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 17:21:58 +0100 Subject: [PATCH 144/146] Create users and databases on bdd-ovh --- host_vars/bdd-ovh.adm.auro.re.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/host_vars/bdd-ovh.adm.auro.re.yml b/host_vars/bdd-ovh.adm.auro.re.yml index 78aeff4..959dd82 100644 --- a/host_vars/bdd-ovh.adm.auro.re.yml +++ b/host_vars/bdd-ovh.adm.auro.re.yml @@ -19,4 +19,26 @@ postgresql_hosts: user: codimd net: 127.0.0.1/32 method: md5 + +postgresql_databases: + - synapse + - codimd + - etherpad + +postgresql_users: + - name: synapse + database: synapse + password: "{{ postgresql_synapse_passwd }}" + privs: + - ALL + - name: codimd + database: codimd + password: "{{ postgresql_codimd_passwd }}" + privs: + - ALL + - name: etherpad + database: etherpad + password: "{{ postgresql_etherpad_passwd }}" + privs: + - ALL ... From 6095d9cef99a8374b3b2a9a5a8518e9f8cebf321 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 18:18:08 +0100 Subject: [PATCH 145/146] Add 'no_log' for postgres passwords --- roles/postgresql_server/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 0dc5c1c..ed45e1a 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -69,5 +69,6 @@ role: "{{ item.name }}" privs: "{{ item.privs | join(',') }}" obj: "{{ item.database }}" + no_log: true loop: "{{ postgresql_users }}" ... From df4bee29808a3cd242675b662968d7ecfe57ab5c Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 20:14:02 +0100 Subject: [PATCH 146/146] Add kanboard database to bdd-ovh --- group_vars/all/vars.yml | 1 + group_vars/all/vault.yml | 367 +++++++++++++++--------------- host_vars/bdd-ovh.adm.auro.re.yml | 12 +- 3 files changed, 195 insertions(+), 185 deletions(-) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 4d85954..282dfd5 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -21,6 +21,7 @@ postgresql_services_url: 'services-bdd.adm.auro.re' postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}" postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}" postgresql_etherpad_passwd: "{{ vault_postgresql_etherpad_passwd }}" +postgresql_kanboard_passwd: "{{ vault_postgresql_kanboard_passwd }}" # Scripts will tell users to go there to manage their account intranet_url: 'https://re2o.auro.re/' diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index f961428..db7cad5 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,183 +1,186 @@ $ANSIBLE_VAULT;1.1;AES256 -30333937303238376536303166643966383131366566613435346433313461333366656366333637 -3365373234323063303538386635323230616665663038390a636533363233303666333936613136 -35303931383338383035636639623238613338646264623939343539633037323264613036383266 -3339316238306263320a323761623938396364396638623461636136393361636237343936393336 -31376535623265313132366435306562626432326462396461643663636238653830373336373137 -35663261343964376137666361383662323964613737393431666635326132363930336236323731 -38666263656535643661646233363466363861653862663633353562373835356135653665376663 -32323161663736646263363863623061303339366339653931643632396566613537373230383535 -64643862313961623564336665356462393531313939613563323330343265366237643131633936 -36623434366366666431396337393766656537323465313531646561313465613838343839323532 -61386264363061303137363165356365643836646233333861326535343865303333616166643630 -35643665646437353762303331613032653130323930336263336334636661396262646138616231 -37363532366666323434343735643332386335383664363761373038373934653765653939353039 -32323663376431373664366236366439396234376139303164383935643431646330663134396365 -35363930336261316463353932376337323235333661633164373166343038376332626564626534 -35353637363939613131386336633261393531303235643933633264353935636366623433336366 -63396131313664626364393663343764663663373436623930343633333136353438653237626232 -37336235393037393330613433383564626263353939656265616166643733646661326135343563 -38646362373135386163333362643165373334633036346132373634616330313664346238646462 -32643634646464623535393864363565636139393562353364313264303264316431393938656338 -66636131646339343237393234316365323266356265626430376236363763303961376166313432 -62343833373565653965313463656530363432376130656630633336653766633433626134343463 -65633135353235666562306463383536373733303831383230353165623964356639376337386232 -36343639633539373538323465356436313266336364626131656462303238303338613131656465 -35636136643263313938613039306339643763343238336332663737373538653839313736616662 -39333437323563633136383737613063333931303736376235316636633030303637383939303235 -35323932336262343061666639646662353563383361313835343433343338373730303430646635 -64363833323264666533653466366665313438366635643333666432343832373162313364303863 -66393231353130323232656134633938626433303238386634383766386334653362333162616366 -38643730303835316161643766353436633862623264333731663632343161616634333239643133 -65346164386666356566636532616530363766653662306561343863383262316233356338633234 -35393064373538306633356538386261646232383064343565613966336436356637333932336564 -39336563306364316364646464663234386335623235656335306162633261393032386331636361 -39613263653838316238623230636637313061353037383534663836666637376132633738383032 -34643561366134663932376261306239326366323935313739633034343765343761396233646234 -37646363313463316538626539316365343839613039326261653839386630663863313964326665 -37306534636664333964653932653534346564323531316535633736373965643535396437656433 -33306536366634336166306235333735663933616635633561666331303530303630653537613063 -30633731383937346335393465656538623233346437323137373038633733386563313338393364 -36636666306238633166303032353163396365373231326232356366396263363464636436656262 -61363233663363613035663836646635303665626630643138663731656538383664306461616662 -37313630663130346637393366393930316336383838363431613339353434646164323338643564 -61333732333661323364336531343237643632353364336533633766316235363763353033656664 -65656532383266353264356465303135636561613038653435306633396461633038373035376164 -37366338646165333564613639633539353363653862393034313763333363396236633462396133 -35623932636164353739666433393465393031303337663239383538656537393365323164356232 -35326131326333303731623933363262356466663864333665633565623336346437613439316338 -64343466396331343035303532633632356532626133646136393061613431363762343339333238 -34616535633133666162316132366333663738656538353439313961323464666535333839383837 -34303331626539653163643539363763363538306238356332623661646436663635623364383730 -64623564386538666237303066383936666461616363343836366635313634653664656530326439 -36323764303130353731336333366438633737313535633361316330363436333032363630646337 -66626466363231393938386537633234623230323662346263643839333837346531323636623133 -62333438666562636230326530393535306465396334623464343330393336393934303336633237 -39653831333839316338346335336339646238343430356464663039396133343532363364346235 -30663739373466616434393230383832633137313936373331353637653866616532323239353237 -39663030373639613164313766623532383566373430383139666538373536643463303331346166 -38623762336630313439343263383833303762373030383035336538626162626164376133303633 -64373236653462393932633862363866386661356139663835336231316366656637303062323233 -32383131343561333361663466373964656364303235353531346661653431303234616464353236 -63653535363137333033633534616365363261353733336136333564303566393766643037316237 -37653732363230313031633433343230313839393135653137353734653435626431356539343364 -38383364353262303463323639373766323965336263363035623330303039613735343362353865 -34613332636366353333643533326164633637663061363965646464303162616132343330356131 -30613230636339653263343631643962623364356564333066306339626230306239653466306231 -61366437323639353563663666303933393535616136343736383133396238383466303663623132 -63616466643235623265343837386266333330633662613366616163666334643731656335323862 -61346432343366396664616531626530353139343763316530633766303139356536333439383663 -34306466353839653261633233353637353863666637313030383939336233353131313236343561 -31353166323062303238386439323834626537333862343733616536363165663133343531333630 -36383438656137336330353263356133333233303736366536316339656264346435323464643364 -33633262343666623761356131393464623433646437313161393965363132303537373537336166 -36383239386330313864323166386133313162383533643435356265316630386535663764326137 -37306365613463303539323837333539303262306331353332323931393161303663393765636339 -38363532333761323038346661346338323632343239336466643664356132393138386161353161 -35666435663231373065623337356630666132353165333962396635666336633739616562303638 -36313161363265643561656134363932616333306362303965306362343837333366363339323336 -61326239346330373833323465633961366335336530623834636232383638373761346461376234 -38613862386637306232386239353864306230666637333664386135393437653835343232666138 -63306263396337626565633736343865313237326336626333626639393233393864303662633766 -39643435313463326364633336613735323936356261656662396538326234613331356163383334 -63653562386636323834363962623335303636336138616137303230663336343130613537366231 -35366235346261646132396231616136363437636565383235656462366265353765326163373832 -33346265303964316336393837313161356366616134353733376130646234616137663162396530 -32633038313535313232336532356538393835303039343563363833373839663263363531356134 -66633761343066313333366663313961666536383865373766326563326634656335323232336231 -39663932666461623331343730623965396136616337643161353363316664623538316361303466 -34316636663138663033643964356161323730616333336333336239653237323235386531643235 -31363161396230656265616562346261656230366362303735326136613939633339393563316664 -65303065626463633862663837353636643030366463353638366563363631666264633564336261 -34333231323665666665613536336434653864366165613063653839643064383662613665663138 -31326134366164663639386261656430333966386432663666316333353165626463396264616462 -37643132633961323532353237383433326633383337313131643934663363633364393536343134 -30623137323038666239326535646534353734653234666566313334653462393338303962636564 -66303736333336336638386132343166613834386138633633343635613262613537346464313062 -36336533373035313135653234313832316337333738303836663039343139316633636331343862 -63373036363237393562363861333933303636623435353562363666643136353665303431613465 -64616230333230313632353364396565653337643333653933303733613761383138306433386363 -62343636316166376131363231623766383038663738666462316238626531383137336662656234 -65643265643631303364356232333535633931613236613137613435343061336362313332306138 -61663230316564323335383132363133333139353233636566663332356138303139363638336461 -63363063616136356333363465633137646234343036316463636130633566316364303662656461 -64333366363061623535346434613664343464666135316136363062333131363030326333316338 -64316133633735663234373030333836313130613663636234653033323030623263333839313139 -36626438386666333233356161643432613139313231316336396434663165643565336235323565 -62303735323966363235393334636232343966336535303863346362386365353166393965643335 -31363036623433313137336665313263663761383436396263396631316535363665633136373239 -33393739623438383466633830363135646536323935363963653536356334656438366338376264 -37326334656239666239376533366236306237306664666234343332646366393662343735356466 -32626364373362323136616663333136363561626337323962386439616237373861346662626165 -30383032663337633735613866663665623633356166623862303965313466623761646231633930 -63313432666435316662396534383632626333376162643132323766613832656635353161626637 -32343935363330666332613633363465643732333030356331363263333035323863633362653031 -63376539373865636366343862333861663137643666613732636538356637313966353461336462 -32626166643534333934666133376239363966393337356134633366306563303065316539663233 -36333337363337613764383162373536396234616336386233306630343762386132373135383131 -64663834656162306636356561303736353961373134323138376564363966336135323366333730 -31653965623962323439353234653439333563346636623762313565343961316666396161616330 -32306137353636323330373564653038343036356635346635343131326635643364306633356465 -34373965313561393966363363386261656638646237363233613863643839653731616330663666 -33653238366630323033353736323861376138313630376163343362643633643934663161373733 -33633164313562306237393363383262613038346535623166633533336438636362373033336231 -64303033303531306631323337306130393538356265313066396637633061333561313566326163 -34393530643532373666396130313231363765343739623239656235643637303062333838653661 -33316463656238316533343462366338336134326232333561383732353561306632616635343337 -30393131616132663065643366313937653138346637626665663739303866343939623564363761 -35373961326135336531356633356637646161613265633765313132613238373562363330386162 -66623230353564366635343332343564386161663438376431356232636237366437623864653530 -37666438633731366562666136323239623462376435346535313933633866343564626633366164 -34333431633939616238373561393830393130653366366361613465663538383639636230613566 -65626234386632353262303933363637303835646438613139373334366364313166613466663564 -34306564666463323432663234633561306164323036636339333963363036326432633538646362 -36643662616564316236323334613365333666613233383165326638336134393934646464303062 -65616537616538343866313763636164393236373334316234666564353639636330333332393833 -63353962623336653666613361326265353762636263346331396639373731323832396130386662 -62633030636537633265306239383466346636393436366135383434366439333434373532336530 -30616334613232653734656330633130373865303639656436346439316334383437626466313431 -37313664373561346130656337303161623635363434613732336531623366623265383130386430 -62323066663564626336343032313932373561646638616531343034306665383137633932646162 -38633131366331323836643164613430313565626332366637356262653936616664363036303939 -62383031373566643334353735616632663166663163343233326561633833363839303036623836 -61343039626566333238653235313238383239316535323965663465663634383039613436333735 -30633037663637663562666437376336613963356531333436363863313364383733306438326162 -33303763303063333264643434383164613863653939393531336361326264393332666163653464 -31376365633535326462323763626162313336396266353236646462643233613232666438383766 -31646331373331616262383666316561373061393966633935623464663565323062386462303738 -64393836666439346236323932336637646231363166363438373866633461633534383165383430 -30373437316530383565393439323335653438303561353463363261663135653361343166353533 -39623135386662663534613461643863343035663839616333343462643265636235316630633737 -31663233383332336235386133373236633866373865303231323637353933353336316538616431 -31613833356538333237306266303866373935343862663433303466376461393336636630343539 -66653965326165613862626135656163396330643535303339346263373235383262666330376333 -35633861316332646336303462303135646432353439343230333765666261633834353030383531 -64636335326166353730643764636262653730383235363765366234373738653062313039393530 -35373763313865366562386265666264326265666533613630623237626238383531363965333264 -65666233613061653763313964653632363539376133656362313533343033326135633734366561 -33643635313161376533653861303731373539323738643462643032306138346365613064323231 -39313161393362363263353064363536636532383435633638613239363463653862303333663065 -38303863323233623966363237376133663630356235333033643661633664346264643865353166 -66633937616236656135636265373334623461306362353032633765623930653331386534613631 -62623463306635383266666534303261326236343231306334373434316634666165353165396233 -61383038363134646633656163643732323764323462636464383139613531303333336137396464 -32363433633965393039343861663562376561313630646338363338333333663635663937633061 -66386164636166346634623832633333333261633864336535623732396434386531353232303534 -32303433663433383564323234396534633335623534306631353766613339366536393061363233 -34613061313238323136343638386139326130353863343131356565376632376466323666306639 -35333839313033326237643361393439336162663930333731313834623034336130383432653865 -30633461356439316530633063663732656234373436663463646566303861653039656139626165 -31356636363231393936633739393830616631666366396231613561656337363136386130366164 -38616338613737326137353765626433343336643237383239656362653035623065633333303535 -38613436646430333933613633653534643632623365353132343432336461383036646630313565 -35326633356539323433346434616137343833383739653562333265313833663537613235313130 -32613061333030353065373135346636373130326166356163396338396166356137613835333437 -33366162386662303839613938353962346634313730323635316231383431663233616232356565 -31313638353038636266613834663666636134353864333666623536346561336433373966303538 -31353037643737656334396233313131353166383633313531323939663237353563656565356665 -64336632396165376361376534623366393032626232346137663637393966336365373435646462 -39383939383663663562626564386432323837616438653531643737656636623234396530376433 -62323131356235616461383532363065633864396230313764326138363565373263616538303261 -37393139616236353239613130386637633231383235653439356139633033373635316364353731 -62656561366636393938656162666462653539313665353939336537666633663430363333653466 -6333613030663163343838306631313935323133303134646565 +65623030336636323834313162306633623333666663633162356162313233393137646365363161 +3334363038323835666431626538383433626162373330360a656162303733653437633637663535 +62626630663332373761656137633165666531303137303565313236663564623061643631373333 +3164306333653734350a333333653630616462386637613432623039303931393661393563306137 +37326564333837306230326637626131666232646564383130623137613939633163313532653836 +62393766623065376135343062346362623466336234633239343530366432313336653863346534 +34346563666638643136316236626561396534316332623730633936646631623866383631633763 +32306236316334626632393736643135306333363135333566353062653866313161653763646336 +34636465663639396335353562343936333263616363653535303934646361656135383938626134 +34376335303564623436643735363262346334316465366435373435343338373666383635393666 +36643032613636643138373432393739626230326437386366386132636535313137313765616464 +31623461373166613237356362663939323633653565623830303334353834363561373832623163 +35316137633630633736383265333666636436326433653134313038626132633537316162376539 +37323338333235333836326161396236666661636464373163333934376662636639356432366565 +63363266633266643332663934356564323466646666656530336662353336346333366639613130 +33633039343666633536616237386265313863323537353466363432303632323265656265323166 +33313135333932363934386432663863383836333862333162333935313562626430353663636335 +34653231343964376531306366313264363930613432343864396130653666636332366239636236 +33343431353737323534396235613931666262626430303637626236393134386136366164306138 +64396238363030616465303634366339353731363461383432353434373735336363656266316336 +66313064653233653965646630313632336536643530363562613039313439366437353663363265 +30386238363562326263303164366436653334316164646633356666366631653636303835303738 +39366163613434623861376138363134616662343231306536396531366433313963383234373764 +64326664343736663264626432643664326563383633353364383963353733343864373766666534 +34393638613864333265313732333632373565303537316463623337326363383539336566646664 +66363764323261323330346338336133346136623431616333373235313565643164613432613861 +61346137356133343063636562336633646537373666323763626430633439323632326635383562 +36373461623931613162663466333065336237656265366437663035663831616363383066623731 +62326462313238373631386362393737323731643865623763333833316637323533656562663536 +30326465323164356436326463386137336439326231623534326164323530303239363161643762 +61313261333265366631656631326366313464336264626163653363333565353137313863646631 +62636534346534336136643164383766323631353837326561616436633139653531356533303432 +32616434653237376664353134363464613231366136323330646439623132306464623138393162 +34613931633736633532346634303535366430323164313764653832336464303337626634313861 +37333863316666353935363663613531643039613534393539343762363732383362333639356435 +61303663363438383733636663346362373033383130636431386636616366666537393937396633 +33653836343865326433316233306661653831613239376561393834653032633462306238373730 +61336266333364616533633433383663363564373334313934633132626238303036326339313932 +37323435663537376563343336666262343065316436346663623432333064326136316630633763 +65343538313163346539346336643237663431623861653433616639333130643162366539633238 +61306335346366363935373438353765333238323037343033626132323730326437656163353765 +39343863363366343764613533346537363661353234646364663037623030306334653264386630 +36653030316134656236373336616435363337643637623539633865333963363137363433383338 +62636330626631393438326365396331656361646263343863326635393666383638636337343339 +64313462623564326462636131313163353036393938393634376436306163663863653462663431 +66363334353039303266333430316239646533653337383164303837396130333366353465643965 +35383939633336386537626662316263383331336565643237396334643737313232306464363638 +34393131656232323865333739666639346335646336376666643065353538653530323338356639 +64623965326161386430323337326433343334363435316237626666363161353362383361326438 +35336431653033333261396632393966653463366637636539663165356532616331633837343435 +66356536313037623139613966356139363737656437356238636433366635313137623639366230 +36373837383462623966343535383434633932656133326565353063343530363066343365323462 +32333666373263353063346535343639623230613733363832323636313830636234326436613438 +30363765356637626134353763663938376134653539336436336336303834633533616664376535 +32613061363262303839313062666261363032363364366662333364653532373163653434366261 +39336233313232393331303732333735346434656436353466313932656239306631383237626565 +63313166326538663732363438393263643533636536333665663038383739383334366136646564 +33383936393463323235623038393138386164656164623439393734656336343835313135393165 +37616232633036383237643730313061323563643163633662393334353133343730656630643762 +39333937303931666161613037313837343836643330356538343264633761343432373161393061 +63393933383238356235613663343362656466353330383333393636386438306161623434343836 +35313030383235663461306539663666393234306332306536653862616138656135393131343462 +61633735303134326639663061643935373533336430306538363365623063663536376234356363 +65653432636430333330303131633263386265386662656131353833393138643732356336376335 +31393438393734336465396633306565343139626135386432343061623232363337326664366632 +36613434616662373431613238326464396437363935646437306665313936323732396165633266 +33343166333665373937656338333930343338373061633639393463316538373630626561333761 +63323336643133323962613435303134613230343033666336646132303462323037383139656166 +31323038653738666463323164366662363138663833393637313437633861353462663935616632 +65653939353435653337353966373135333036653061333438353136616434643563393465323735 +65373230373036353466356338343835363035653031363864316232613232323365353932313061 +62626432303334646365616330626261633066306661303537353264653235643632386466336236 +30316261666461616337363562323865636234356638653661336261373761383365386639303638 +38663763313931323266373162303136323433656466393330646462643438336236613530363636 +35353763373463376531323536613563643865346334646164326561663962393034643438326437 +30306437343331346233383036656663613038623137363962626462613762653262633035623539 +31613932313237343263373333313434386562623465663365306433333635366339616333393430 +63626466333934336130313038626136626466323563323630373965303435626664633138333838 +37643538353138303332653435343139383265363933646134636236656131643932353932303135 +65353438656431613335653838656462333731316665303063623464316462633961656464313933 +36366161623661393865346162383966323531396432646432383663326231373162373462633539 +31303138626662326637376536303532393636326530366362336437633639306436366531313636 +31613332656466343832316632313161336135663661333739646136313137386634633066316535 +66613334303139353463613866323431613037333239353839623165356233653361613063646335 +33386263616164303631653162633330633136666635376635623437656263306466623462366563 +61636334616134376230343265623336373863303463623833663761333039333335626665613661 +62626133316338303333613863373663623166323438656566653936616532343065383232323437 +38353731643561663461336561313637656563333230353963366632396637333033303365626562 +65373463653735313732353165643530336232396562653030623037303463326565643465363764 +38316663356535373432656563336538633765393031663339666638366138346564366162303436 +66363164633432326632306561643662663265666465373537383335303432616138613939366133 +39396430386437353163323935366265306339326563343530366161333330376535313737396537 +39353330323938326662303863323738626535643465656438376339643437653639666133633663 +39303464326237653933616238663839313730343731383132613062613736376232646366346365 +37653136393335396338346536393865316134343365623338623761303661343637336332316535 +31633133356263336534643230383034383164396630343131396533313864333963316433366130 +38653461303736343861333161343832363934386230393662616463386534336264626363386562 +62633832316664323032353835663266653534393733343166303763333434323633616233656131 +37333266356337656532386336373563353634656265313061363063356637353366636236653333 +31643535373762353663613035316464323033303438623635336637636265363363393961396435 +33646438366139323230623235666630663863633961393036376463386538313633626163323365 +36633266646330623463336434363934376438326465303938316432643035373236626437663766 +36303737386132383261663764386333343532626334633961373666376232633739663164323132 +61323230316266333837363537316165376261363738363762373231356533666332376333663239 +30646161666434363236633432616163323530643766363533653733346436303461643235343038 +65663738633032643334303737666565666137616437613662363062636664326235663737613863 +37653164653437356136623563653238366236613964663337336132326232653762643363623664 +66656166346230643930653232323234653266393730323735636164303230623766393630393262 +63333661396231323430343462656339653466363562303830643233636164303162376631383733 +38346231623835333762656135663366616566313963323732663037323338326231613465343462 +65616432626432333538396336353965353636636339336239653536613865643265353939656333 +66663933343664366163323730336337356634656436326661336636313363663165336161396333 +31626163303863653332613733663666383234303164346564646531366261323262636263353036 +64666135336264343636396466396564303665623965346163373337376331396233396561613765 +32636331376665396132313839653232306535613737653936366438323962333235336530396338 +63633737633630646164376361363631623862643363363066376364653965313837373462393832 +66336138366132626536323766393832386261396436336537316661383633613065393032636530 +63323866643266666637363633616535613032653930663734636663363865336565663864356234 +34626262663363376436346463393164646534386135303065623462623861353133656437323861 +33623938366635343930633264303530323164396661393338303163386539353938373237633436 +35663762353762313935313832383338663430363865343537663530613761303239356563363533 +37306162663831663464316464303136396539343030303631613964313165396531303665653761 +61383061653364383962663138356366373039366139613536633936633739343133376337613038 +62393730636433613037383665303430663666363663646564343935313063386135323963623965 +35643734656336623961363432363362393132613432303239393761353136636265613334373634 +34396335663037383661663832373937653639633531653064303732656332643962643866306337 +34303232623963623562613162623562366539393464663966366464643639343432663338616331 +30323461396138663334396265313134646263613033353833656465633537356261366261393261 +39303764633636376438656435633737366464343630653735313630386539623462653133396161 +36353235343635386636646361623465323135323239613161346563343263646235326232353863 +62646434333866653830316166656439643464393337306132376433633439376131366664383464 +36393635343265333530653166306263383236656136313136376436393531653334323564663236 +30653235343233636334626330363031373433396565663439333033623062313261643632306164 +66616338633261356136313334313365356234316262313439623563383330356233363438313833 +63313131316461333438363939626636346463366665393433653036663931643537613162393561 +34626662303462343239313265653838313634323230656130373163313863313162383736363835 +39663337353638613836636263373136623266373732373665353164376534623732313532306366 +31353930343062653532386237616433373437663239636230386133393766376238353064656366 +61666637646433333366313661353438313337643861333932313662636462346463643664356165 +62373338313237353936636138666539643166626631646163653262343365326637626133353361 +33663961373334376137393036383833356361383539653362343866386438633366353439323832 +38663461313431636562613435303237363163323936323530393966663361326365623564633865 +66356433626637376238653865303236646433316164666366303131336331616562323865643566 +36643664363363323566353730303339666262663434393863376234656136643865653135383861 +61396366383939656130616661396263396331666137666662323932303032623162396633346335 +65326362353933663437356235656530343833313136313662643236626661653332613539393638 +62656232326238313333623263333366366533313335336330643666383033333038336164316135 +61346335633139303163326433353633616562363866396234636138386638356235343035363436 +35633737336262383264383065343234373534663564316133643738306638393539353136356630 +63613238663066666336626262343933346433393438356565646565613566386566336138386661 +30373162333837656131653238393533646663323730626538316437363865626335626635666437 +34366663636366303438373032343235333634666637666336313061663239316663613861646133 +30383639666362346634303437383035306661623735643139643062653836366631336261643137 +36393135633338646238653763613935366566363032343730313666656539353866643564336661 +61643261393134303362303666393465643933363962653734646664643033386263346566316332 +36633166356665666161616530356439653832323064633662656138356435386434336431396664 +34373737643936316133343364353165653130376434646639633866336536373534396235633035 +33333734343835323565323863316364613132656665356639623364376538613539626137353564 +66343833653435383465376332363533326661373333303435303562396366616231306463396562 +65353966613832386235646539643033653335376131333333646237393431363163643630353135 +35666264626564623732346565613662303938643034326130646332663530383136333865386266 +31313633613739633865363736646138353937306438646532363033383539613534666437663961 +61313632613433353437306233626463373335366564653661643038373338303937316366316332 +64386132326633306336653134333038316639363538653735383266366239663861333830656438 +34393734363665656337626461376234306632623937353863333531313231616365316431303732 +32323436663736396439396361663965653632333066373764353561303030666134383836393537 +65323038373363316537323533646566396431326634336564306562636232316563613734366339 +37326465623137303436346430333263373437656632373039303338626130333834663564633535 +39353865376134383637633866356536393766376132396666656235396363656635633630656165 +38303439626438623166326331373036386263393331366266356539333533323864613932643335 +36303537636131386231613062383163346664643261323263393264343862386562313931616261 +34666533613831343764663630623139616634636531393861306337636239346131323437396337 +61633064663938613135666334396330363463636166653966653333326235343563633834666634 +38353937646265363964626661343565306331646363303038666264613833653962663237353538 +64393465363061653837343131373566336139643632323461323635343535313164383766343233 +61393136636536366433333766303263663839383064323430366666646163663663316138663532 +66363061626363396561353435386266653832313430633337346234333430393338353632383335 +64323765636634303632663135306533366232333665383333383936653033373332333331656261 +37326164666235323538633963616562633938626131346266366531333133333832393966326637 +62376661383562633834353631393933626237316431366237613634356666343031623566666330 +61623137336433383139633233356263643237393966613366326632303865353866643332316662 +35343239643933313031656534336165666161393566636435663039653438643832636232386566 +34326266353631333731636433333639316638643162653234346365353762353333316138303861 +36353932656264336165363532313366636536386661663934363761653362623362346431336530 +63663064656539343361383963663366626566306431353238633832353335383535 diff --git a/host_vars/bdd-ovh.adm.auro.re.yml b/host_vars/bdd-ovh.adm.auro.re.yml index 959dd82..68faa14 100644 --- a/host_vars/bdd-ovh.adm.auro.re.yml +++ b/host_vars/bdd-ovh.adm.auro.re.yml @@ -15,15 +15,16 @@ postgresql_hosts: user: synapse net: 10.128.0.56/32 method: md5 - - database: codimd - user: codimd - net: 127.0.0.1/32 + - database: kanboard + user: kanboard + net: 10.128.0.150/32 method: md5 postgresql_databases: - synapse - codimd - etherpad + - kanboard postgresql_users: - name: synapse @@ -41,4 +42,9 @@ postgresql_users: password: "{{ postgresql_etherpad_passwd }}" privs: - ALL + - name: kanboard + database: kanboard + password: "{{ postgresql_kanboard_passwd }}" + privs: + - ALL ...