From 5b3ac2a21ad960d68556bbc8b0f3f3d38c2dafc6 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Fri, 1 Nov 2019 14:16:32 +0100 Subject: [PATCH 1/8] Merge crans version --- .gitignore | 1 + README.md | 8 +- hosts | 100 +++--- monitoring.yml | 14 +- roles/ldap-client/tasks/install_ldap.yml | 2 +- .../templates/prometheus/alertmanager.yml.j2 | 27 +- roles/prometheus-node/tasks/main.yml | 23 +- roles/prometheus/tasks/main.yml | 15 + .../templates/prometheus/alert.rules.yml.j2 | 8 +- .../templates/prometheus/prometheus.yml.j2 | 45 ++- .../templates/prometheus/snmp.yml.j2 | 297 ++++++++++++++++++ 11 files changed, 461 insertions(+), 79 deletions(-) create mode 100644 roles/prometheus/templates/prometheus/snmp.yml.j2 diff --git a/.gitignore b/.gitignore index a8b42eb..fa7c034 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ *.retry +__pycache__ diff --git a/README.md b/README.md index a1abc50..4f5f92a 100644 --- a/README.md +++ b/README.md @@ -86,16 +86,12 @@ On va utiliser plutôt `ProxyJump`. Dans la configuration SSH : ``` -# Use a key to log on all Crans servers -# and use a proxy server +# Use a proxy jump server to log on all Aurore inventory Host 10.128.0.* *.adm.auro.re IdentityFile ~/.ssh/id_rsa ProxyJump auro.re ``` -Il faut savoir que depuis Ansible 2.5, des connexions persistantes sont créées -vers les serveurs puis détruites à la fin de l'exécution. - Il faut sa clé SSH configurée sur le serveur que l'on déploit. ```bash ssh-copy-id proxy.adm.auro.re @@ -103,6 +99,8 @@ ssh-copy-id proxy.adm.auro.re ### Lancer Ansible +Il faut `python3-netaddr` sur sa machine. + Pour tester le playbook `base.yml` : ```bash ansible-playbook --ask-vault-pass base.yml --check diff --git a/hosts b/hosts index 3c93b45..7d039c7 100644 --- a/hosts +++ b/hosts @@ -2,10 +2,9 @@ # How to name your server ? # > We name servers according to location, then type. -# > So all containers at OVH are in ovh-container. # > Then we regroup everything in global geographic and type groups. -[ovh_pve] +[ovh_physical] horus.adm.auro.re [ovh_container] @@ -27,49 +26,52 @@ vpn-ovh.adm.auro.re docker-ovh.adm.auro.re switchs-manager.adm.auro.re -[ovh_testing_vm] -re2o-test.adm.auro.re - -[fleming_pve] +[fleming_physical] freya.adm.auro.re -#odin.adm.auro.re +marki.adm.auro.re [fleming_vm] -ldap-replica-fleming1.adm.auro.re +#ldap-replica-fleming1.adm.auro.re #ldap-replica-fleming2.adm.auro.re -dhcp-fleming.adm.auro.re -dns-fleming.adm.auro.re -prometheus-fleming.adm.auro.re -radius-fleming.adm.auro.re -unifi-fleming.adm.auro.re +#dhcp-fleming.adm.auro.re +#dns-fleming.adm.auro.re +#prometheus-fleming.adm.auro.re +#radius-fleming.adm.auro.re +#unifi-fleming.adm.auro.re -[pacaterie_pve] +[pacaterie_physical] mordred.adm.auro.re +titan.adm.auro.re [pacaterie_vm] -ldap-replica-pacaterie.adm.auro.re -dhcp-pacaterie.adm.auro.re -dns-pacaterie.adm.auro.re -prometheus-pacaterie.adm.auro.re -radius-pacaterie.adm.auro.re -unifi-pacaterie.adm.auro.re +#ldap-replica-pacaterie.adm.auro.re +#dhcp-pacaterie.adm.auro.re +#dns-pacaterie.adm.auro.re +#prometheus-pacaterie.adm.auro.re +#radius-pacaterie.adm.auro.re +#unifi-pacaterie.adm.auro.re + +[edc_physical] +chapalux.adm.auro.re + +[edc_vm] + +[georgesand_physical] +perceval.adm.auro.re + +[georgesand_vm] -[edc_pve] -leodagan.adm.auro.re -[georgesand_pve] -merlin.adm.auro.re +##################### +# Geographic groups # +##################### # everything at ovh [ovh:children] -ovh_pve +ovh_physical ovh_container ovh_vm -# everything at ovh_testing -[ovh_testing:children] -ovh_testing_vm - # everything at fleming [fleming:children] fleming_pve @@ -77,16 +79,22 @@ fleming_vm # everything at pacaterie [pacaterie:children] -pacaterie_pve +pacaterie_physical pacaterie_vm # everything at edc [edc:children] -edc_pve +edc_physical +edc_vm # everything at georgesand [georgesand:children] -georgesand_pve +georgesand_physical +georgesand_vm + +##################### +# Type groups # +##################### # every LXC container [container:children] @@ -97,11 +105,23 @@ ovh_container ovh_vm fleming_vm pacaterie_vm - -# every PVE -[pve:children] -ovh_pve -fleming_pve -pacaterie_pve -edc_pve -georgesand_pve +edc_vm +georgesand_vm + +# every physical +[physical:children] +ovh_physical +fleming_physical +pacaterie_physical +edc_physical +georgesand_physical + +# every server (except access points) +[server:children] +container +physical +vm + +[all:vars] +# Force remote to use Python 3 +ansible_python_interpreter=/usr/bin/python3 diff --git a/monitoring.yml b/monitoring.yml index d962547..1e3a57c 100644 --- a/monitoring.yml +++ b/monitoring.yml @@ -4,10 +4,9 @@ vars: # Prometheus targets.json prometheus_targets: - - labels: {job: node} - targets: "{{ groups['fleming'] | map('replace', '.re', '.re:9100') | list | sort }}" - - labels: {job: prometheus} - targets: ['localhost:9090'] + - targets: "{{ groups['server'] | list | sort }}" + prometheus_unifi_snmp_targets: + - targets: [] roles: - prometheus - prometheus-alertmanager @@ -16,10 +15,9 @@ vars: # Prometheus targets.json prometheus_targets: - - labels: {job: node} - targets: "{{ groups['pacaterie'] | map('replace', '.re', '.re:9100') | list | sort }}" - - labels: {job: prometheus} - targets: ['localhost:9090'] + - targets: "{{ groups['server'] | list | sort }}" + prometheus_unifi_snmp_targets: + - targets: [] roles: - prometheus - prometheus-alertmanager diff --git a/roles/ldap-client/tasks/install_ldap.yml b/roles/ldap-client/tasks/install_ldap.yml index 5e8dae3..2f81e11 100644 --- a/roles/ldap-client/tasks/install_ldap.yml +++ b/roles/ldap-client/tasks/install_ldap.yml @@ -26,7 +26,7 @@ lineinfile: dest: /etc/nsswitch.conf regexp: "^{{ item }}:" - line: "{{ item }}: files ldap" + line: "{{ item }}: files ldap" loop: - passwd - group diff --git a/roles/prometheus-alertmanager/templates/prometheus/alertmanager.yml.j2 b/roles/prometheus-alertmanager/templates/prometheus/alertmanager.yml.j2 index 85a31c0..d25fbd6 100644 --- a/roles/prometheus-alertmanager/templates/prometheus/alertmanager.yml.j2 +++ b/roles/prometheus-alertmanager/templates/prometheus/alertmanager.yml.j2 @@ -1,12 +1,16 @@ # {{ ansible_managed }} +# See https://prometheus.io/docs/alerting/configuration/ for documentation. global: # The smarthost and SMTP sender used for mail notifications. - smtp_smarthost: 'proxy.auro.re:25' - smtp_from: 'prometheus@auro.re' + smtp_smarthost: 'localhost:25' + smtp_from: 'alertmanager@example.org' #smtp_auth_username: 'alertmanager' #smtp_auth_password: 'password' - smtp_require_tls: false + # The auth token for Hipchat. + hipchat_auth_token: '1234556789' + # Alternative host for Hipchat. + hipchat_api_url: 'https://hipchat.foobar.org/' # The directory from which notification templates are read. templates: @@ -17,26 +21,25 @@ route: # The labels by which incoming alerts are grouped together. For example, # multiple alerts coming in for cluster=A and alertname=LatencyHigh would # be batched into a single group. - #group_by: ['alertname', 'cluster', 'service'] - group_by: [] # do not group for text chat + group_by: ['instance'] # group per instance # When a new group of alerts is created by an incoming alert, wait at # least 'group_wait' to send the initial notification. # This way ensures that you get multiple alerts for the same group that start # firing shortly after another are batched together on the first # notification. - group_wait: 1m + group_wait: 30s # When the first notification was sent, wait 'group_interval' to send a batch # of new alerts that started firing for that group. - group_interval: 1m + group_interval: 5m # If an alert has successfully been sent, wait 'repeat_interval' to # resend them. repeat_interval: 12h # A default receiver - receiver: team-monitoring-mails + receiver: webhook # Inhibition rules allow to mute a set of alerts given that another alert is @@ -53,7 +56,7 @@ inhibit_rules: receivers: -- name: 'team-monitoring-mails' - email_configs: - - to: 'monitoring.aurore@lists.crans.org' - +- name: 'webhook' + webhook_configs: + - url: 'http://URL A METTRE ICI VERS WEBHOOK DISCORD TODO/' + send_resolved: true diff --git a/roles/prometheus-node/tasks/main.yml b/roles/prometheus-node/tasks/main.yml index 5d6f56f..7ca6350 100644 --- a/roles/prometheus-node/tasks/main.yml +++ b/roles/prometheus-node/tasks/main.yml @@ -3,9 +3,25 @@ apt: update_cache: true name: prometheus-node-exporter + install_recommends: false # Do not install smartmontools register: apt_result retries: 3 until: apt_result is succeeded + when: + - ansible_lsb.codename == 'buster' + +# Prometheus 2 node is in stretch-backports +- name: Install Prometheus node-exporter (stretch-backports) + apt: + update_cache: true + name: prometheus-node-exporter + install_recommends: false + default_release: stretch-backports + register: apt_result + retries: 3 + until: apt_result is succeeded + when: + - ansible_lsb.codename == 'stretch' - name: Activate prometheus-node-exporter service systemd: @@ -13,12 +29,11 @@ enabled: true state: started -# Doesn't work on Debian Stretch +# Doesn't work on Debian Stretch with the old prometheus package - name: Make Prometheus node-exporter listen on adm only - when: - - ansible_lsb.codename == 'buster' lineinfile: path: /etc/default/prometheus-node-exporter regexp: '^ARGS=' - line: "ARGS=\"--web.listen-address={{ ansible_hostname }}.adm.auro.re:9100\"" + line: | + ARGS="--web.listen-address={{ ansible_hostname }}.adm.auro.re:9100" notify: Restart prometheus-node-exporter diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 6e730af..62dde31 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -31,12 +31,27 @@ line: "ARGS=\"--web.listen-address=127.0.0.1:9116\"" notify: Restart prometheus-snmp-exporter +# This file store SNMP OIDs +- name: Configure Prometheus snmp-exporter + template: + src: "prometheus/snmp.yml.j2" + dest: "/etc/prometheus/snmp.yml" + mode: 0600 + owner: prometheus + notify: Restart prometheus-snmp-exporter + # We don't need to restart Prometheus when updating nodes - name: Configure Prometheus nodes copy: content: "{{ prometheus_targets | to_nice_json }}" dest: /etc/prometheus/targets.json +# We don't need to restart Prometheus when updating nodes +- name: Configure Prometheus Ubiquity Unifi SNMP devices + copy: + content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}" + dest: /etc/prometheus/targets_unifi_snmp.json + - name: Activate prometheus service systemd: name: prometheus diff --git a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 index 0729cc7..2a10358 100644 --- a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 +++ b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 @@ -17,7 +17,7 @@ groups: # Alert for out of memory - alert: OutOfMemory - expr: ((node_memory_MemFree_bytes or node_memory_MemFree) + (node_memory_Cached_bytes or node_memory_Cached) + (node_memory_Buffers_bytes or node_memory_Buffers)) / (node_memory_MemTotal_bytes or node_memory_MemTotal) * 100 < 10 + expr: (node_memory_MemFree_bytes + node_memory_Cached_bytes + node_memory_Buffers_bytes) / node_memory_MemTotal_bytes * 100 < 10 for: 5m labels: severity: warning @@ -26,7 +26,7 @@ groups: # Alert for out of disk space - alert: OutOfDiskSpace - expr: (node_filesystem_free_bytes{fstype="ext4"} or node_filesystem_free{fstype="ext4"}) / (node_filesystem_size_bytes{fstype="ext4"} or node_filesystem_size{fstype="ext4"}) * 100 < 10 + expr: node_filesystem_free_bytes{fstype="ext4"} / node_filesystem_size_bytes{fstype="ext4"} * 100 < 10 for: 5m labels: severity: warning @@ -44,8 +44,8 @@ groups: # Alert for high CPU usage - alert: CpuUsage - expr: ((100 - avg by (instance) (irate(node_cpu{mode="idle"}[5m])) * 100) or (100 - avg by (instance) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100)) > 75 - for: 5m + expr: (100 - avg by (instance) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 75 + for: 10m labels: severity: warning annotations: diff --git a/roles/prometheus/templates/prometheus/prometheus.yml.j2 b/roles/prometheus/templates/prometheus/prometheus.yml.j2 index 8b8fecb..19c64ef 100644 --- a/roles/prometheus/templates/prometheus/prometheus.yml.j2 +++ b/roles/prometheus/templates/prometheus/prometheus.yml.j2 @@ -11,6 +11,7 @@ global: monitor: 'example' # Alertmanager configuration +# Use prometheus alertmanager installed on the same machine alerting: alertmanagers: - static_configs: @@ -18,15 +19,49 @@ alerting: # Load rules once and periodically evaluate them according to the global 'evaluation_interval'. rule_files: - - "alert.rules.yml" - - "django.rules.yml" + - "alert.rules.yml" # Monitoring alerts, this is the file you may be searching! + - "django.rules.yml" # Custom rules specific for Django project monitoring # A scrape configuration containing exactly one endpoint to scrape: # Here it's Prometheus itself. scrape_configs: - - job_name: dummy - # This reload dynamically the list of targets - # You don't need to restart Prometheus when updating targets.json + # The .json in file_sd_configs is dynamically reloaded + + - job_name: prometheus + static_configs: + - targets: + - localhost:9090 + + - job_name: servers file_sd_configs: - files: - '/etc/prometheus/targets.json' + relabel_configs: + # Do not put :9100 in instance name, rather here + - source_labels: [__address__] + target_label: __param_target + - source_labels: [__param_target] + target_label: instance + - source_labels: [__param_target] + target_label: __address__ + replacement: '$1:9100' + + - job_name: unifi_snmp + file_sd_configs: + - files: + - '/etc/prometheus/targets_unifi_snmp.json' + metrics_path: /snmp + params: + module: [ubiquiti_unifi] + relabel_configs: + - source_labels: [__address__] + target_label: __param_target + - source_labels: [__param_target] + target_label: instance + - target_label: __address__ + replacement: 127.0.0.1:9116 + + - job_name: django + scheme: https + static_configs: + - targets: [] diff --git a/roles/prometheus/templates/prometheus/snmp.yml.j2 b/roles/prometheus/templates/prometheus/snmp.yml.j2 new file mode 100644 index 0000000..84dcb65 --- /dev/null +++ b/roles/prometheus/templates/prometheus/snmp.yml.j2 @@ -0,0 +1,297 @@ +# {{ ansible_managed }} +# TODOlist : +# - Faire fonctionner le monitoring des switchs défini ici +# * Configurer tous les switchs avec un compte SNMPv3 +# * Mettre l'inventaire des switchs dans Ansible +# - Optimiser les règles pour les bornes Unifi, +# on pourrait indexer avec les SSID + +procurve_switch: + walk: + - 1.3.6.1.2.1.31.1.1.1.10 + - 1.3.6.1.2.1.31.1.1.1.6 + get: + - 1.3.6.1.2.1.1.3.0 + - 1.3.6.1.2.1.1.5.0 + - 1.3.6.1.2.1.1.6.0 + metrics: + - name: sysUpTime + oid: 1.3.6.1.2.1.1.3 + type: gauge + help: The time (in hundredths of a second) since the network management portion + of the system was last re-initialized. - 1.3.6.1.2.1.1.3 + - name: sysName + oid: 1.3.6.1.2.1.1.5 + type: DisplayString + help: An administratively-assigned name for this managed node - 1.3.6.1.2.1.1.5 + - name: sysLocation + oid: 1.3.6.1.2.1.1.6 + type: DisplayString + help: The physical location of this node (e.g., 'telephone closet, 3rd floor') + - 1.3.6.1.2.1.1.6 + - name: ifHCOutOctets + oid: 1.3.6.1.2.1.31.1.1.1.10 + type: counter + help: The total number of octets transmitted out of the interface, including framing + characters - 1.3.6.1.2.1.31.1.1.1.10 + indexes: + - labelname: ifIndex + type: gauge + - name: ifHCInOctets + oid: 1.3.6.1.2.1.31.1.1.1.6 + type: counter + help: The total number of octets received on the interface, including framing + characters - 1.3.6.1.2.1.31.1.1.1.6 + indexes: + - labelname: ifIndex + type: gauge + version: 3 + auth: + username: prometheus + +ubiquiti_unifi: + walk: + - 1.3.6.1.4.1.41112.1.6 + get: + - 1.3.6.1.2.1.1.5.0 + - 1.3.6.1.2.1.1.6.0 + metrics: +# Pour faire une WifiMap un jour, on peut entrer la location dans la conf des bornes +# - name: sysLocation +# oid: 1.3.6.1.2.1.1.6 +# type: DisplayString +# help: The physical location of this node (e.g., 'telephone closet, 3rd floor') +# - 1.3.6.1.2.1.1.6 + - name: unifiVapIndex + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.1 + type: gauge + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.1' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapChannel + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.4 + type: gauge + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.4' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapEssId + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6 + type: DisplayString + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.6' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapName + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.7 + type: DisplayString + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.7' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapNumStations + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8 + type: gauge + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRadio + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9 + type: DisplayString + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.9' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRxBytes + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.10 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.10' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRxCrypts + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.11 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.11' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRxDropped + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.12 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.12' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRxErrors + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.13 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.13' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRxFrags + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.14 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.14' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRxPackets + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.15 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.15' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapTxBytes + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.16 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.16' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapTxDropped + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.17 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.17' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapTxErrors + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.18 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.18' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapTxPackets + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.19 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.19' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapTxRetries + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.20 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.20' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapTxPower + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.21 + type: gauge + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.21' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapUp + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.22 + type: gauge + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.22' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapUsage + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.23 + type: DisplayString + help: guest or regular user - 1.3.6.1.4.1.41112.1.6.1.2.1.23 + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiIfIndex + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.1 + type: gauge + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.1' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfName + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.5 + type: DisplayString + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.5' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfRxBytes + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.6 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.6' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfRxDropped + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.7 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.7' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfRxError + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.8 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.8' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfRxMulticast + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.9 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.9' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfRxPackets + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.10 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.10' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfTxBytes + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.12 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.12' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfTxDropped + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.13 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.13' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfTxError + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.14 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.14' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfTxPackets + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.15 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.15' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiApSystemModel + oid: 1.3.6.1.4.1.41112.1.6.3.3 + type: DisplayString + help: ' - 1.3.6.1.4.1.41112.1.6.3.3' + - name: unifiApSystemUptime + oid: 1.3.6.1.4.1.41112.1.6.3.5 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.3.5' + version: 3 + auth: + security_level: authPriv + username: snmp_prometheus + password: {{ snmp_unifi_password }} + auth_protocol: SHA + priv_protocol: AES + priv_password: {{ snmp_unifi_password }} From 6dec3ed0d1df44f451814b30db938d75375ba9ce Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Fri, 1 Nov 2019 15:17:59 +0100 Subject: [PATCH 2/8] Proxmox playbook and unifi ap --- hosts | 227 +++++++++++++++++++++++--- monitoring.yml | 37 ++++- proxmox.yml | 273 ++++++++++++++++++++++---------- roles/proxmox-vm/tasks/main.yml | 17 -- 4 files changed, 432 insertions(+), 122 deletions(-) delete mode 100644 roles/proxmox-vm/tasks/main.yml diff --git a/hosts b/hosts index 7d039c7..27def90 100644 --- a/hosts +++ b/hosts @@ -31,36 +31,222 @@ freya.adm.auro.re marki.adm.auro.re [fleming_vm] -#ldap-replica-fleming1.adm.auro.re -#ldap-replica-fleming2.adm.auro.re -#dhcp-fleming.adm.auro.re -#dns-fleming.adm.auro.re -#prometheus-fleming.adm.auro.re -#radius-fleming.adm.auro.re -#unifi-fleming.adm.auro.re +ldap-replica-fleming.adm.auro.re +dhcp-fleming.adm.auro.re +dns-fleming.adm.auro.re +prometheus-fleming.adm.auro.re +radius-fleming.adm.auro.re +unifi-fleming.adm.auro.re +routeur-fleming.adm.auro.re + +[fleming_unifi] +fa-0-1.borne.auro.re +fa-1-1.borne.auro.re +fa-2-1.borne.auro.re +fa-2-2.borne.auro.re +fa-3-1.borne.auro.re +fa-4-1.borne.auro.re +fb-0-1.borne.auro.re +fb-1-1.borne.auro.re +fb-1-2.borne.auro.re +fb-2-1.borne.auro.re +fb-2-2.borne.auro.re +fb-3-1.borne.auro.re +fb-3-2.borne.auro.re +fb-4-1.borne.auro.re +fb-4-2.borne.auro.re +fc-0-1.borne.auro.re +fc-1-1.borne.auro.re +fc-2-1.borne.auro.re +fc-3-1.borne.auro.re +fc-4-1.borne.auro.re +fd-0-1.borne.auro.re +fd-1-1.borne.auro.re +fd-2-1.borne.auro.re +fd-3-1.borne.auro.re +fd-4-1.borne.auro.re +fe-0-1.borne.auro.re +fe-1-1.borne.auro.re +fe-1-2.borne.auro.re +fe-2-1.borne.auro.re +fe-2-2.borne.auro.re +fe-3-1.borne.auro.re +fe-3-2.borne.auro.re +fe-4-1.borne.auro.re +fe-4-2.borne.auro.re +ff-0-1.borne.auro.re +ff-0-f.borne.auro.re +ff-1-1.borne.auro.re +ff-1-2.borne.auro.re +ff-2-1.borne.auro.re +ff-2-2.borne.auro.re +ff-3-1.borne.auro.re +ff-3-2.borne.auro.re +ff-4-1.borne.auro.re +ff-4-2.borne.auro.re +fg-0-1.borne.auro.re +fg-1-1.borne.auro.re +fg-1-2.borne.auro.re +fg-2-1.borne.auro.re +fg-2-2.borne.auro.re +fg-3-1.borne.auro.re +fg-3-2.borne.auro.re +fg-4-1.borne.auro.re +fg-4-2.borne.auro.re +fh-0-1.borne.auro.re +fh-1-1.borne.auro.re +fh-1-2.borne.auro.re +fh-2-1.borne.auro.re +fh-2-2.borne.auro.re +fh-3-1.borne.auro.re +fh-3-2.borne.auro.re +fh-4-1.borne.auro.re +fh-4-2.borne.auro.re +fi-0-1.borne.auro.re +fi-1-1.borne.auro.re +fi-1-2.borne.auro.re +fi-2-1.borne.auro.re +fi-2-2.borne.auro.re +fi-3-1.borne.auro.re +fi-3-2.borne.auro.re +fi-4-1.borne.auro.re +fi-4-2.borne.auro.re +fj-0-1.borne.auro.re +fj-1-1.borne.auro.re +fj-1-2.borne.auro.re +fj-2-1.borne.auro.re +fj-2-2.borne.auro.re +fj-3-1.borne.auro.re +fj-3-2.borne.auro.re +fj-4-1.borne.auro.re +fj-4-2.borne.auro.re +fk-0-1.borne.auro.re +fk-1-1.borne.auro.re +fk-1-2.borne.auro.re +fk-2-1.borne.auro.re +fk-2-2.borne.auro.re +fk-3-1.borne.auro.re +fk-3-2.borne.auro.re +fk-4-1.borne.auro.re +fk-4-2.borne.auro.re +fl-0-1.borne.auro.re +fl-1-1.borne.auro.re +fl-1-2.borne.auro.re +fl-2-1.borne.auro.re +fl-2-2.borne.auro.re +fl-3-1.borne.auro.re +fl-3-2.borne.auro.re +fl-4-1.borne.auro.re +fl-4-2.borne.auro.re [pacaterie_physical] mordred.adm.auro.re titan.adm.auro.re [pacaterie_vm] -#ldap-replica-pacaterie.adm.auro.re -#dhcp-pacaterie.adm.auro.re -#dns-pacaterie.adm.auro.re -#prometheus-pacaterie.adm.auro.re -#radius-pacaterie.adm.auro.re -#unifi-pacaterie.adm.auro.re +ldap-replica-pacaterie.adm.auro.re +dhcp-pacaterie.adm.auro.re +dns-pacaterie.adm.auro.re +prometheus-pacaterie.adm.auro.re +radius-pacaterie.adm.auro.re +unifi-pacaterie.adm.auro.re +routeur-pacaterie.adm.auro.re + +[pacaterie_unifi] +pc-1-1.borne.auro.re +pn-0-1.borne.auro.re +pn-0-2.borne.auro.re +pn-0-3.borne.auro.re +pn-1-1.borne.auro.re +pn-1-2.borne.auro.re +pn-1-3.borne.auro.re +pn-2-1.borne.auro.re +pn-2-2.borne.auro.re +pn-2-3.borne.auro.re +pn-3-1.borne.auro.re +pn-3-2.borne.auro.re +pn-3-3.borne.auro.re +pn-4-1.borne.auro.re +pn-4-2.borne.auro.re +pn-4-3.borne.auro.re +ps-0-1.borne.auro.re +ps-0-2.borne.auro.re +ps-0-3.borne.auro.re +ps-1-1.borne.auro.re +ps-1-2.borne.auro.re +ps-1-3.borne.auro.re +ps-2-1.borne.auro.re +ps-2-2.borne.auro.re +ps-2-3.borne.auro.re +ps-3-1.borne.auro.re +ps-3-2.borne.auro.re +ps-4-1.borne.auro.re +ps-4-2.borne.auro.re +ps-4-3.borne.auro.re [edc_physical] chapalux.adm.auro.re [edc_vm] +ldap-replica-edc.adm.auro.re +dhcp-edc.adm.auro.re +dns-edc.adm.auro.re +prometheus-edc.adm.auro.re +radius-edc.adm.auro.re +unifi-edc.adm.auro.re +routeur-edc.adm.auro.re + +[edc_unifi] +ep-0-1.borne.auro.re [georgesand_physical] perceval.adm.auro.re [georgesand_vm] +ldap-replica-georgesand.adm.auro.re +dhcp-georgesand.adm.auro.re +dns-georgesand.adm.auro.re +prometheus-georgesand.adm.auro.re +radius-georgesand.adm.auro.re +unifi-georgesand.adm.auro.re +routeur-georgesand.adm.auro.re +[georgesand_unifi] +ga-0-1.borne.auro.re +ga-1-1.borne.auro.re +ga-2-1.borne.auro.re +ga-3-1.borne.auro.re +ga-4-1.borne.auro.re +ga-5-1.borne.auro.re +ga-5-2.borne.auro.re +gb-1-1.borne.auro.re +gb-2-1.borne.auro.re +gb-3-1.borne.auro.re +gb-4-1.borne.auro.re +gb-5-1.borne.auro.re +gc-1-1.borne.auro.re +gc-2-1.borne.auro.re +gc-3-1.borne.auro.re +gc-4-1.borne.auro.re +gc-5-1.borne.auro.re +gd-1-1.borne.auro.re +gd-2-1.borne.auro.re +gd-3-1.borne.auro.re +gd-4-1.borne.auro.re +gd-5-1.borne.auro.re +gd-garage-1.borne.auro.re +ge-0-1.borne.auro.re +ge-1-1.borne.auro.re +ge-2-1.borne.auro.re +ge-3-1.borne.auro.re +ge-4-1.borne.auro.re +ge-5-1.borne.auro.re +gf-0-1.borne.auro.re +gf-1-1.borne.auro.re +gf-2-1.borne.auro.re +gf-3-1.borne.auro.re +gf-4-1.borne.auro.re +gf-5-1.borne.auro.re ##################### # Geographic groups # @@ -76,21 +262,25 @@ ovh_vm [fleming:children] fleming_pve fleming_vm +fleming_unifi # everything at pacaterie [pacaterie:children] pacaterie_physical pacaterie_vm +pacaterie_unifi # everything at edc [edc:children] edc_physical edc_vm +edc_unifi # everything at georgesand [georgesand:children] georgesand_physical georgesand_vm +georgesand_unifi ##################### # Type groups # @@ -116,11 +306,12 @@ pacaterie_physical edc_physical georgesand_physical -# every server (except access points) -[server:children] -container -physical -vm +# every unifi access point +[unifi:children] +fleming_unifi +pacaterie_unifi +edc_unifi +georgesand_unifi [all:vars] # Force remote to use Python 3 diff --git a/monitoring.yml b/monitoring.yml index 1e3a57c..f58cca1 100644 --- a/monitoring.yml +++ b/monitoring.yml @@ -1,12 +1,12 @@ --- -# Deploy Prometheus - hosts: prometheus-fleming.adm.auro.re vars: # Prometheus targets.json prometheus_targets: - - targets: "{{ groups['server'] | list | sort }}" + - targets: | + {{ groups['fleming_physical'] + groups['fleming_vm'] | list | sort }} prometheus_unifi_snmp_targets: - - targets: [] + - targets: "{{ groups['fleming_unifi'] | list | sort }}" roles: - prometheus - prometheus-alertmanager @@ -15,14 +15,39 @@ vars: # Prometheus targets.json prometheus_targets: - - targets: "{{ groups['server'] | list | sort }}" + - targets: | + {{ groups['pacaterie_physical'] + groups['pacaterie_vm'] | list | sort }} prometheus_unifi_snmp_targets: - - targets: [] + - targets: "{{ groups['pacaterie_unifi'] | list | sort }}" + roles: + - prometheus + - prometheus-alertmanager + +- hosts: prometheus-edc.adm.auro.re + vars: + # Prometheus targets.json + prometheus_targets: + - targets: | + {{ groups['edc_physical'] + groups['edc_vm'] | list | sort }} + prometheus_unifi_snmp_targets: + - targets: "{{ groups['edc_unifi'] | list | sort }}" + roles: + - prometheus + - prometheus-alertmanager + +- hosts: prometheus-georgesand.adm.auro.re + vars: + # Prometheus targets.json + prometheus_targets: + - targets: | + {{ groups['georgesand_physical'] + groups['georgesand_vm'] | list | sort }} + prometheus_unifi_snmp_targets: + - targets: "{{ groups['georgesand_unifi'] | list | sort }}" roles: - prometheus - prometheus-alertmanager # Monitor all hosts -- hosts: fleming,pacaterie +- hosts: all,!unifi,!ovh roles: - prometheus-node diff --git a/proxmox.yml b/proxmox.yml index 15914d4..a0fef88 100644 --- a/proxmox.yml +++ b/proxmox.yml @@ -3,89 +3,200 @@ - hosts: proxy.adm.auro.re # Host with python-proxmoxer and python-requests become: false # We do not need root as we use Proxmox API - vars: - vm_definitions: - - # Réseau Pacaterie - - name: ldap-replica-pacaterie - virtu: mordred - cores: 2 # 2 mimimum, 10 maximum - memory: 1024 # M - disksize: 16 # G - installiso: debian-10.0.0-amd64-netinst.iso - - name: dhcp-pacaterie - virtu: mordred - cores: 2 # 2 mimimum, 10 maximum - memory: 1024 # M - disksize: 16 # G - installiso: debian-10.0.0-amd64-netinst.iso - - name: dns-pacaterie - virtu: mordred - cores: 2 # 2 mimimum, 10 maximum - memory: 1024 # M - disksize: 16 # G - installiso: debian-10.0.0-amd64-netinst.iso - - name: prometheus-pacaterie - virtu: mordred - cores: 2 # 2 mimimum, 10 maximum - memory: 1024 # M - disksize: 16 # G - installiso: debian-10.0.0-amd64-netinst.iso - - name: radius-pacaterie - virtu: mordred - cores: 2 # 2 mimimum, 10 maximum - memory: 1024 # M - disksize: 16 # G - installiso: debian-10.0.0-amd64-netinst.iso - - name: unifi-pacaterie - virtu: mordred - cores: 2 # 2 mimimum, 10 maximum - memory: 1024 # M - disksize: 16 # G - installiso: debian-9.9.0-amd64-netinst.iso - - # Réseau Fleming - - name: ldap-replica-fleming1 - virtu: freya - cores: 2 # 2 mimimum, 10 maximum - memory: 1024 # M - disksize: 16 # G - installiso: debian-10.0.0-amd64-netinst.iso - - name: dhcp-fleming - virtu: freya - cores: 2 # 2 mimimum, 10 maximum - memory: 1024 # M - disksize: 16 # G - installiso: debian-10.0.0-amd64-netinst.iso - - name: dns-fleming - virtu: freya - cores: 2 # 2 mimimum, 10 maximum - memory: 1024 # M - disksize: 16 # G - installiso: debian-10.0.0-amd64-netinst.iso - - name: prometheus-fleming - virtu: freya - cores: 2 # 2 mimimum, 10 maximum - memory: 1024 # M - disksize: 16 # G - installiso: debian-10.0.0-amd64-netinst.iso - - name: radius-fleming - virtu: freya - cores: 2 # 2 mimimum, 10 maximum - memory: 1024 # M - disksize: 16 # G - installiso: debian-10.0.0-amd64-netinst.iso - - name: unifi-fleming - virtu: freya - cores: 2 # 2 mimimum, 10 maximum - memory: 1024 # M - disksize: 16 # G - installiso: debian-9.9.0-amd64-netinst.iso - vars_prompt: - name: "password" prompt: "Enter LDAP password for your user" private: true - roles: - - proxmox-vm + tasks: + - name: Define a virtual machine in Proxmox + proxmox_kvm: + api_user: "{{ ansible_user_id }}@pam" + api_password: "{{ password }}" + api_host: "{{ item.virtu }}.adm.auro.re" + name: "{{ item.name }}" + node: "{{ item.virtu }}" + scsihw: virtio-scsi-pci + scsi: '{"scsi0":"{{ item.virtu }}:{{ item.disksize }},format=raw"}' + sata: '{"sata0":"local:iso/{{ item.installiso }},media=cdrom"}' + net: '{"net0":"virtio,bridge=vmbr2"}' # Adm only by default + cores: "{{ item.cores }}" + memory: "{{ item.memory }}" + balloon: "{{ item.memory // 2 }}" + bios: seabios # Ansible module doesn't support UEFI boot disk + loop: + # Réseau Fleming + - name: ldap-replica-fleming + virtu: freya + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: dhcp-fleming + virtu: freya + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: dns-fleming + virtu: freya + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: prometheus-fleming + virtu: freya + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: radius-fleming + virtu: freya + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: unifi-fleming + virtu: freya + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-9.9.0-amd64-netinst.iso + - name: routeur-fleming + virtu: freya + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + + # Réseau Pacaterie + - name: ldap-replica-pacaterie + virtu: mordred + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: dhcp-pacaterie + virtu: mordred + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: dns-pacaterie + virtu: mordred + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: prometheus-pacaterie + virtu: mordred + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: radius-pacaterie + virtu: mordred + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: unifi-pacaterie + virtu: mordred + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-9.9.0-amd64-netinst.iso + - name: routeur-pacaterie + virtu: mordred + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + + # Réseau EDC + - name: ldap-replica-edc + virtu: chapalux + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: dhcp-edc + virtu: chapalux + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: dns-edc + virtu: chapalux + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: prometheus-edc + virtu: chapalux + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: radius-edc + virtu: chapalux + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: unifi-edc + virtu: chapalux + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-9.9.0-amd64-netinst.iso + - name: routeur-edc + virtu: chapalux + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + + # Réseau George Sand + - name: ldap-replica-georgesand + virtu: perceval + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: dhcp-georgesand + virtu: perceval + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: dns-georgesand + virtu: perceval + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: prometheus-georgesand + virtu: perceval + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: radius-georgesand + virtu: perceval + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: unifi-georgesand + virtu: perceval + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-9.9.0-amd64-netinst.iso + - name: routeur-georgesand + virtu: perceval + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso diff --git a/roles/proxmox-vm/tasks/main.yml b/roles/proxmox-vm/tasks/main.yml deleted file mode 100644 index be94272..0000000 --- a/roles/proxmox-vm/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Define a virtual machine in Proxmox - proxmox_kvm: - api_user: "{{ ansible_user_id }}@pam" - api_password: "{{ password }}" - api_host: "{{ item.virtu }}.adm.auro.re" - name: "{{ item.name }}" - node: "{{ item.virtu }}" - scsihw: virtio-scsi-pci - scsi: '{"scsi0":"{{ item.virtu }}:{{ item.disksize }},format=raw"}' - sata: '{"sata0":"local:iso/{{ item.installiso }},media=cdrom"}' - net: '{"net0":"virtio,bridge=vmbr2"}' # Adm only by default - cores: "{{ item.cores }}" - memory: "{{ item.memory }}" - balloon: "{{ item.memory // 2 }}" - bios: seabios # Ansible module doesn't support UEFI boot disk - loop: "{{ vm_definitions }}" From ccbd7d3770661425f9966dd608f1b125e800a819 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Fri, 1 Nov 2019 15:38:35 +0100 Subject: [PATCH 3/8] Failover VMs --- base.yml | 4 +- hosts | 24 ++++++ monitoring.yml | 20 +++-- proxmox.yml | 74 +++++++++++++++++++ .../prometheus-alertmanager/handlers/main.yml | 5 -- roles/prometheus-alertmanager/tasks/main.yml | 14 ---- .../templates/prometheus/alertmanager.yml.j2 | 62 ---------------- .../templates/prometheus/prometheus.yml.j2 | 2 +- 8 files changed, 113 insertions(+), 92 deletions(-) delete mode 100644 roles/prometheus-alertmanager/handlers/main.yml delete mode 100644 roles/prometheus-alertmanager/tasks/main.yml delete mode 100644 roles/prometheus-alertmanager/templates/prometheus/alertmanager.yml.j2 diff --git a/base.yml b/base.yml index dc3c2dc..cb83112 100644 --- a/base.yml +++ b/base.yml @@ -1,12 +1,12 @@ --- # Put a common configuration on all servers -- hosts: all +- hosts: all,!unifi roles: - baseconfig - basesecurity # Plug LDAP on all servers -- hosts: all +- hosts: all,!unifi roles: - ldap-client diff --git a/hosts b/hosts index 27def90..d65e07f 100644 --- a/hosts +++ b/hosts @@ -32,12 +32,18 @@ marki.adm.auro.re [fleming_vm] ldap-replica-fleming.adm.auro.re +ldap-replica-fleming-fo.adm.auro.re dhcp-fleming.adm.auro.re +dhcp-fleming-fo.adm.auro.re dns-fleming.adm.auro.re +dns-fleming-fo.adm.auro.re prometheus-fleming.adm.auro.re +prometheus-fleming-fo.adm.auro.re radius-fleming.adm.auro.re +radius-fleming-fo.adm.auro.re unifi-fleming.adm.auro.re routeur-fleming.adm.auro.re +routeur-fleming-fo.adm.auro.re [fleming_unifi] fa-0-1.borne.auro.re @@ -145,12 +151,18 @@ titan.adm.auro.re [pacaterie_vm] ldap-replica-pacaterie.adm.auro.re +ldap-replica-pacaterie-fo.adm.auro.re dhcp-pacaterie.adm.auro.re +dhcp-pacaterie-fo.adm.auro.re dns-pacaterie.adm.auro.re +dns-pacaterie-fo.adm.auro.re prometheus-pacaterie.adm.auro.re +prometheus-pacaterie-fo.adm.auro.re radius-pacaterie.adm.auro.re +radius-pacaterie-fo.adm.auro.re unifi-pacaterie.adm.auro.re routeur-pacaterie.adm.auro.re +routeur-pacaterie-fo.adm.auro.re [pacaterie_unifi] pc-1-1.borne.auro.re @@ -189,12 +201,18 @@ chapalux.adm.auro.re [edc_vm] ldap-replica-edc.adm.auro.re +ldap-replica-edc-fo.adm.auro.re dhcp-edc.adm.auro.re +dhcp-edc-fo.adm.auro.re dns-edc.adm.auro.re +dns-edc-fo.adm.auro.re prometheus-edc.adm.auro.re +prometheus-edc-fo.adm.auro.re radius-edc.adm.auro.re +radius-edc-fo.adm.auro.re unifi-edc.adm.auro.re routeur-edc.adm.auro.re +routeur-edc-fo.adm.auro.re [edc_unifi] ep-0-1.borne.auro.re @@ -204,12 +222,18 @@ perceval.adm.auro.re [georgesand_vm] ldap-replica-georgesand.adm.auro.re +ldap-replica-georgesand-fo.adm.auro.re dhcp-georgesand.adm.auro.re +dhcp-georgesand-fo.adm.auro.re dns-georgesand.adm.auro.re +dns-georgesand-fo.adm.auro.re prometheus-georgesand.adm.auro.re +prometheus-georgesand-fo.adm.auro.re radius-georgesand.adm.auro.re +radius-georgesand-fo.adm.auro.re unifi-georgesand.adm.auro.re routeur-georgesand.adm.auro.re +routeur-georgesand-fo.adm.auro.re [georgesand_unifi] ga-0-1.borne.auro.re diff --git a/monitoring.yml b/monitoring.yml index f58cca1..2f26803 100644 --- a/monitoring.yml +++ b/monitoring.yml @@ -1,6 +1,8 @@ --- -- hosts: prometheus-fleming.adm.auro.re +- hosts: prometheus-fleming.adm.auro.re,prometheus-fleming-fo.adm.auro.re vars: + prometheus_alertmanager: docker-ovh.adm.auro.re:9093 + # Prometheus targets.json prometheus_targets: - targets: | @@ -9,10 +11,11 @@ - targets: "{{ groups['fleming_unifi'] | list | sort }}" roles: - prometheus - - prometheus-alertmanager -- hosts: prometheus-pacaterie.adm.auro.re +- hosts: prometheus-pacaterie.adm.auro.re,prometheus-pacaterie-fo.adm.auro.re vars: + prometheus_alertmanager: docker-ovh.adm.auro.re:9093 + # Prometheus targets.json prometheus_targets: - targets: | @@ -21,10 +24,11 @@ - targets: "{{ groups['pacaterie_unifi'] | list | sort }}" roles: - prometheus - - prometheus-alertmanager -- hosts: prometheus-edc.adm.auro.re +- hosts: prometheus-edc.adm.auro.re,prometheus-edc-fo.adm.auro.re vars: + prometheus_alertmanager: docker-ovh.adm.auro.re:9093 + # Prometheus targets.json prometheus_targets: - targets: | @@ -33,10 +37,11 @@ - targets: "{{ groups['edc_unifi'] | list | sort }}" roles: - prometheus - - prometheus-alertmanager -- hosts: prometheus-georgesand.adm.auro.re +- hosts: prometheus-georgesand.adm.auro.re,prometheus-georgesand-fo.adm.auro.re vars: + prometheus_alertmanager: docker-ovh.adm.auro.re:9093 + # Prometheus targets.json prometheus_targets: - targets: | @@ -45,7 +50,6 @@ - targets: "{{ groups['georgesand_unifi'] | list | sort }}" roles: - prometheus - - prometheus-alertmanager # Monitor all hosts - hosts: all,!unifi,!ovh diff --git a/proxmox.yml b/proxmox.yml index a0fef88..8aa56fb 100644 --- a/proxmox.yml +++ b/proxmox.yml @@ -69,6 +69,43 @@ disksize: 16 # G installiso: debian-10.0.0-amd64-netinst.iso + - name: ldap-replica-fleming-fo + virtu: marki + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: dhcp-fleming-fo + virtu: marki + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: dns-fleming-fo + virtu: marki + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: prometheus-fleming-fo + virtu: marki + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: radius-fleming-fo + virtu: marki + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: routeur-fleming-fo + virtu: marki + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + # Réseau Pacaterie - name: ldap-replica-pacaterie virtu: mordred @@ -113,6 +150,43 @@ disksize: 16 # G installiso: debian-10.0.0-amd64-netinst.iso + - name: ldap-replica-pacaterie-fo + virtu: titan + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: dhcp-pacaterie-fo + virtu: titan + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: dns-pacaterie-fo + virtu: titan + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: prometheus-pacaterie-fo + virtu: titan + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: radius-pacaterie-fo + virtu: titan + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + - name: routeur-pacaterie-fo + virtu: titan + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-10.0.0-amd64-netinst.iso + # Réseau EDC - name: ldap-replica-edc virtu: chapalux diff --git a/roles/prometheus-alertmanager/handlers/main.yml b/roles/prometheus-alertmanager/handlers/main.yml deleted file mode 100644 index 3ddbf93..0000000 --- a/roles/prometheus-alertmanager/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Restart Prometheus Alertmanager - service: - name: prometheus-alertmanager - state: restarted diff --git a/roles/prometheus-alertmanager/tasks/main.yml b/roles/prometheus-alertmanager/tasks/main.yml deleted file mode 100644 index b65a295..0000000 --- a/roles/prometheus-alertmanager/tasks/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Install Prometheus Alertmanager - apt: - update_cache: true - name: prometheus-alertmanager - register: apt_result - retries: 3 - until: apt_result is succeeded - -- name: Configure Prometheus Alertmanager - template: - src: prometheus/alertmanager.yml.j2 - dest: /etc/prometheus/alertmanager.yml - notify: Restart Prometheus Alertmanager diff --git a/roles/prometheus-alertmanager/templates/prometheus/alertmanager.yml.j2 b/roles/prometheus-alertmanager/templates/prometheus/alertmanager.yml.j2 deleted file mode 100644 index d25fbd6..0000000 --- a/roles/prometheus-alertmanager/templates/prometheus/alertmanager.yml.j2 +++ /dev/null @@ -1,62 +0,0 @@ -# {{ ansible_managed }} -# See https://prometheus.io/docs/alerting/configuration/ for documentation. - -global: - # The smarthost and SMTP sender used for mail notifications. - smtp_smarthost: 'localhost:25' - smtp_from: 'alertmanager@example.org' - #smtp_auth_username: 'alertmanager' - #smtp_auth_password: 'password' - # The auth token for Hipchat. - hipchat_auth_token: '1234556789' - # Alternative host for Hipchat. - hipchat_api_url: 'https://hipchat.foobar.org/' - -# The directory from which notification templates are read. -templates: -- '/etc/prometheus/alertmanager_templates/*.tmpl' - -# The root route on which each incoming alert enters. -route: - # The labels by which incoming alerts are grouped together. For example, - # multiple alerts coming in for cluster=A and alertname=LatencyHigh would - # be batched into a single group. - group_by: ['instance'] # group per instance - - # When a new group of alerts is created by an incoming alert, wait at - # least 'group_wait' to send the initial notification. - # This way ensures that you get multiple alerts for the same group that start - # firing shortly after another are batched together on the first - # notification. - group_wait: 30s - - # When the first notification was sent, wait 'group_interval' to send a batch - # of new alerts that started firing for that group. - group_interval: 5m - - # If an alert has successfully been sent, wait 'repeat_interval' to - # resend them. - repeat_interval: 12h - - # A default receiver - receiver: webhook - - -# Inhibition rules allow to mute a set of alerts given that another alert is -# firing. -# We use this to mute any warning-level notifications if the same alert is -# already critical. -inhibit_rules: -- source_match: - severity: 'critical' - target_match: - severity: 'warning' - # Apply inhibition if the alertname is the same. - equal: ['alertname', 'cluster', 'service'] - - -receivers: -- name: 'webhook' - webhook_configs: - - url: 'http://URL A METTRE ICI VERS WEBHOOK DISCORD TODO/' - send_resolved: true diff --git a/roles/prometheus/templates/prometheus/prometheus.yml.j2 b/roles/prometheus/templates/prometheus/prometheus.yml.j2 index 19c64ef..31df6bd 100644 --- a/roles/prometheus/templates/prometheus/prometheus.yml.j2 +++ b/roles/prometheus/templates/prometheus/prometheus.yml.j2 @@ -15,7 +15,7 @@ global: alerting: alertmanagers: - static_configs: - - targets: ['localhost:9093'] + - targets: ['{{ prometheus_alertmanager }}'] # Load rules once and periodically evaluate them according to the global 'evaluation_interval'. rule_files: From 07e71659efdcc4157cd30b6fa13d4b05b685002c Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Fri, 1 Nov 2019 19:02:21 +0100 Subject: [PATCH 4/8] Monitor Unifi AP --- group_vars/all/vault.yml | 243 ++++++++++++++++++++------------------- hosts | 42 +++---- monitoring.yml | 4 + 3 files changed, 148 insertions(+), 141 deletions(-) diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 8f0765f..4d728f7 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,121 +1,124 @@ $ANSIBLE_VAULT;1.1;AES256 -63383763633231303965383737313737656433616465303432663764393065613739663934646462 -6433653264666237643634303032653438323363646433370a333663623139343464376432313337 -66633139313363356562393431353961613032616234323834633539396639643035353131373065 -3566623037356638610a323961303461636661323864656564333637353331633139333437373065 -64393764646332306535613863626634383063366132343936336365376237626637643032353031 -34343137366236326535393665386634323164633765613238383166393961623133313738336464 -32613039643531636663636334303636326333316664383636333030386136656331396237363931 -35306563613961393634336165396466373063363362623734386435383663363438336631666461 -65323434373836316363353964666462646139316465656434396537373364326565306231663164 -66666561366135316132386262646165303738356564333736336539623939393238313135643137 -38653234663331646435383361393638616464663530666663643036316665396665663861373039 -65316138396662363664626363383632383562393730623366393165633832626635663661353537 -64653931366135316662303339353434373837666262383836653536326230303336613439353339 -34393638373763663035356236633866396237396139613561626664636430336336396233363730 -64316632633364356337623239383536363163623137653134383761393433656431393264333161 -37633562396133353664613933363134313432653737633166396532343963613937383363663962 -38613964646336333239373562633233366436393833306536636637373362653661393831376437 -36393332386239356634633434613566323232346561333063323763346634656537343665383966 -39363962336266373033356165356466386166653864663632613431333134363437653464636630 -66636261363466393566326433363337323865333131643337336462633033386262663031396164 -33666634643034326537653463346564616462356535393237386432336237393365373131636636 -63633934333863313032623363353763313938376431313532343462303361353139383962336261 -39336266393239353839386530613066643566383136303334353366366561633934653962333133 -63646239336261386239623034383863303839383031666232636339383739626434636332653834 -39663630663331663237373731656530386138666330376664623065653262636665646238646564 -30663631643236306662373336376262663136666637323964343464623563656336333761336537 -38623633393465323761363438353032323138313830613966393038393137336362303861376130 -34316164316537373266316166366332623630363130633366656531386361346235316335313837 -30386430366165343437653239303862306539393062333066326337353037643038333162303931 -64333164323635393139663031306231343437306233636262643433653763366665623966626432 -34326562346139383538656531643966633363336439333130666330623061383234326461646439 -38343838373431326366646436306463643563373836326534343461313265346336316630356534 -66393834633361313330623134616631343035643231373562363863363066373166646566633735 -63343535366634346233306138373936303132333861306534323930386636626366393638376235 -38616238303763366561373337636466616535363837393237396437636435653564353339613137 -61303963313461336633623563653463323462636563663765336230623231613936353435636638 -37333535646436373430633336336238316666623336396663643933633966633639343861306532 -31646537393532353135643833383830333635653531333737383237313331383362386536313534 -63666334306562656332613132353337373263353836363362363861633736616537346539383932 -66303864396366363731353430303566366339313137393934323566633933373938316261313734 -35323835343038653130366133393566656361356333396332313431356530653430393937323237 -35393535633438616433343035353766393162353031343637646230393562613535336234326530 -38636133326537613533653130396536343638663738343438626432653636323562313164363434 -36363066373264626331623161386339616430623366353137656534303935653631643334313264 -66666138653033323333323239333036613433646631636535393061623132626163653736366636 -65666632613334383233353565626631346463393037343866373464613762326663666438313865 -38323733373836376531316138383965393236356463656164373835383032306163336232306236 -36376563323063393931356633323434643265306163393839653866316433656636666632363065 -39393231633834633233373464383634613338333335303239623863646437333133623033306634 -61363764626462313733666239383333383934313530353964333166336564666133326338326634 -33373739323538383761313162346436363261373437306361343431373163366639303263303565 -63363932623638643062643337643634316230613665643634643333643436643061333538383831 -32356636366562373164363339393331336436653434633963636134613664626664346432303638 -66643464613166643032376437333338626531613666366238663631373266373862356236306434 -63363464376165346232356538396538353135303038626630623566646336653531396264316232 -35613734663766303734626436663161393231643365313032373565383338376533656635333462 -64636130306463656436646633346362666138623336356634313863316561636561356635643434 -35316164623533613133393861313865336338626530663131366563616137643961366539636332 -34386431326539636565396432666565373132616130613839386164393963643039303132623036 -33643763383531356438333232643165346336646535356133646161323234353236623734613564 -62623638616438366631656536343334636561643432356234386231313332656234313761613362 -65386538353630623631623731383065623762613661393838666233656437383634313931626536 -37613464383764633763383465643734356530353834656139326366663065363135663266663866 -34326261353164613731626365386562663364613033396564326633346462666566376139313934 -64306135393862626663613332316161623965323364613762336630353561336562323939323039 -38616636306432393032323865663932383362646663666564666337343432333038343736656232 -35663938386665663263646634363833343264656136373237383164656163366261613639343063 -30383632626561313833336432626239353464313834383532373864636130663232313830356261 -37333538646430356536393062386636653862616432663636336634323435383039343661343230 -64353739336665353630376431303061343333343433663662343138326230333561333537363735 -36636136353138383864373335386139643134366364373761623835633763616631396331383738 -32393131643762646532313733353465666339626366323034663637656434313033663633343863 -63363861373434376637623337623732373265656237616364326266363430653035643835323233 -34363461323131346264646234616131396431623734666163363135323834376534343937393838 -38626665373934346638363832626133316238373064653334653236316233353561396238383461 -63396333663736636436663935383932303633323231316534623664633332613166316334326430 -30343561653766636634363764643262363130353331363931666539376134326232646661376633 -34623936346637633530613538626166303362323365343935623466326630646537633034636164 -33326436643137343238656531386464326239643661616465366638346163616663383034333732 -61333365643739333464356233343238326339346334633764373765313832646131313862336237 -62663163393632656637646338316565643165353965366664343339356135666130393835633031 -31363738306639376233356134313637613438653465383131623733643039353361313465343966 -36636430613932386238633165353662616165393332313966623635633365376266346261623562 -66653038633237653061656136643939316562663961626633623361643739343863333464396164 -32633661653337616230366235386131653034363533323836373636346231373335396536623765 -30346430616335363738353035343738353330343930646330653161633330383238623636613765 -61616266663533663665343230353734636464333162313434663263343739303833316630306432 -36386131313431633564633830356266383762313038633237303034646661633536316438316664 -61346462366635613938616333613033356335316333363464663734313436663739323462383263 -62376437656634386432656133363261373765333531646433303936386562616433323261396130 -32333934313733643665613137666237666561376136306632313861613535623032626261396563 -32326566366437363839656564333862316339303262323164653331626563316565353362303135 -65373264656236653266656462353034366466616139333239323039386163616365346562393637 -65646466336337313734386434343561613935343065646464666162643731616362653234326431 -65366437376437666531383263393434303633616666643832323865663962663639643264326364 -35313465303464636632373139313435626464616136353839373135343934653363363564353061 -64363166303761396131336464383532396339623065323736313661646366336438356634383865 -66333263383130363835386662343730346632626335653566353933363366323938346165646464 -36363731643561316231306330373431313431643835346236313765393134313263653637353530 -66613566383635356132343537373838343564393964613537633165323037363734303963626534 -37323430383631396631666162393435663336656235333065353731383031386233646266343636 -38363639633365363231656263376438643331663164613262386265333234613733666166366364 -64626365313731336431633532366265353938363861313731323361313131376562623234666233 -66613761363336303062363466393035613536623263663366336132383062663732376163306333 -36303337616363346565663736353937353735383338363838343561393833393837373836633430 -39366531663335386233333735613363313866636332336538376166353237376138616566323535 -31383336306563303631653162353030613631333662623065636131303565303337633631613639 -38316639363033363364393063376635376431356132386361333138343139383066643436663264 -62383666313236383737393632653764663836303736393838353532633735653730663064313035 -30656265313430303765646536623534646338323539366465653564656562643864386462643965 -63343334613038353734616335663064656433616265346437303338636539346235323964323633 -39376663306464636364306639616136613861363364623236626233336561393065303035653539 -39643661323331346362343861323739303264333237356233323534383534373338613637373832 -30343964626236643538616439643837306432656534623235623731373538616431616335376637 -65663234643132386666376431616337633435663061303734363236363066373230366337393136 -33393734353866313563386537363831646166326134613561663133666430356364613761643337 -31363433303765343731333163313865386265363163303138393262313466666333313236323430 -35643135383464656431316438653638333264633432313133656432636634393035623762343134 -37393036663938613732616435333666643963343566343930323037363862363530373439626464 -30616264363235326665 +62336464303865306137613162653332366434323836343734363565306537666430353664663335 +6135646632336436383038666436313536306236336535620a666366353761356232333366643339 +38323938366431343563666134663533626431366661333864623461663435313636303732366564 +3038343434366662660a323330643133376264616166653963643434666436666638363830376536 +37383065633161666139613930383062346464303030636561656230646537383663623665663339 +64633931303536383033643535366164363661363062313333643939383736663634616436336230 +37313863353731373064643436653535383736396665666565666365636232626639323339636633 +31346130373762343237333335383935393238663265303864343333613865386637316562313534 +65623064393864653635313130646432623964663065373139646461623836333538616238626234 +66373839363636313765366235363231306262636561636163623839643032613839343338613538 +32386236343135376633636436363439653530653330333930316530363132653765623737316138 +31363938636165333639646233323763383162623933316231646638376535643434656338643561 +33336164336365323736373835613335623238373637663936386364313966376163326539633766 +33376638393134643831653066653930643530333861383565346132323739383066656439373262 +64303466393862303535333031386365666164373136356562393137393039306632646262623533 +62656133336230353833623363636663353937616262393337656230623361386637643232306233 +39646439626265653463326164396537666664326364373734303337306263303164343034633331 +34393166386264656133396432356539653166616134636536313062643662656364366135653237 +38326463656637343163373835633732616634653039646633366637346231393063643030396165 +38646463363262656631623438323838396631656362306438313132633866306639626133336337 +61623161636630666532346166383135393336343265323536666535343237323364366137386337 +64636339653663356439633731313966363035656433633463363331323636376337313137643932 +34343438363030653939376566313265393330323561373131663562333138623139353136356166 +39343962356563666663613532363434663037373434613337393635656230633230653031373437 +61653238353438373062363133623065633465363938333438626666393463333965323130393939 +36653930336564306162616537313031616238333830386332386136366534656338333934333664 +31633266386530643431643036353966313866333763633233363737303034393364323961643464 +66386230386435613436316133613134646532616633353830396565373562303230653531363537 +30396135373631343938366439373466656538613562623361623164333235643137656432396234 +65306236653139656138393032363732323239353965326538323365656261373834343434616137 +35656235623566663931303533643331623636643636623461386635623337393933666663663136 +31306537333730336636636632333432363336313766303966326663356635396264663231303839 +39333136653531333466333830313065636564323133393731633064633232656631343461393232 +32636530303730396532336664653532646132386432656463323235626531633163643165333938 +31383938333362323631376535383336366635343032353336303138313433316133663863633061 +30386638386539643262623364626139613035363531393865373237343935633630303538303361 +39643662623438306565653539316364343530303165633262653839363031633632633637313964 +36613934653835353739346637623635666130343166306561396266636335363137366631623263 +33343036653139313734613238333261653762353239366239383535636532346365646565613663 +34663563623362616631323266323237323839633834303264663163313866333761633461333731 +35303434333838323432653064633066613237346339653336643466326338353262396261346131 +34383530643638636332626337346636306232393261633637303965383534616662353435653136 +31383636636436353636333635373631386364656534613666323062373763626232393232303364 +62363439356232303337303165386630336130313235393037353063343236396433333263356437 +61656538613361613761633134626462353561663037313733386634343935316237303939636130 +35613662346332646432613431353062323766663765306236363362343163616238346266363434 +61393566616166663833306431616335353962323835386263623932393733313436376562313463 +34656633393931633131386432313531396266356234623262306661643736393637343237396636 +63353436633435306138613330636637666435333339396230376231616534373662376535366235 +65613366663261386165656134653737363035633130663966663630613235383161613035343636 +62313833623734383366643433363966623465386333343939303732623234383766343839633532 +30326133323564323237316530613964616538376537353434316539393739616437346639643835 +39663532363963393562383764303565306639666632336236616130343239353332633262373138 +35383663613461343138653762383337373739623637306365353362623038313266306631613132 +36366435363165666463343330326466623932653337663735326137323034656534653536636230 +38623631366464393337383261313065373561616463666164626161363863616139666365303431 +32306361666432653231663065383734393035323465353434326563366365363463313436613561 +36383165346664636165643239653131646334393638333365656662346432373033343132373437 +65363930623332336137393539313136663035666335386231666431383839306135303832633835 +65633266346238343935666534626261333635663233626230393361663137666530623466363230 +64613431616164393133396131333131356339343336373066313931646263353563623436383837 +31343961393431653336633037643862303932326637333339393430383961326664643537353436 +65633833653064623034613637656666353939323464303238393638393264343062373538326266 +33356561353261343037306239333938363861643133376538366230343162363762653864366362 +62666334376330303765383465623835663064346164363436326234613733366365393939323831 +61613834346363303136333264306465313565303830663436636661333733376632633864666233 +38633131306664316537346264663966613535393438313136323338333762613035323563616664 +39663334306261363136313132646362383766313561626237646334333935343466636465656132 +30353533666531613062393661303131346235323766643132653039393839616563316165313637 +36646234633465366535663765303830396231636662633634383538306362613666356666333163 +35373533633762653639333439633665333033626362366261663566633864343737363762663962 +34326432626162353639383164636261613031346439623736316261636139353939613030363661 +34346232383464656266383532666661356133623835613431373631396231343430396363343838 +39616365303730393631656233336635653132626161656538393931666239636538393961633035 +62336464633565636564636235626639386232393535343738363965633763393737313732396238 +34626131336463343333326336633163303862366164363132323339393035323132343833303436 +35653566333334343332303731326339633330636437653839366264363566376139316261383731 +39323231346138373032333762396530383139623532336466353833613731393032303664636132 +64306533356438336634643961306164336463643062343137393036396430323464666235343637 +37386338353930663166663234646535663366666132663561383731623937663433383239326231 +37306434303137643431383938353434666632373132656431663563303864376339373430653839 +61333032343666386430386639326632383637366637363961656463353835353664393164613333 +30383061656633376239633838303637316432633637633638643162633861396263646363626632 +65353935626362363332336262313834356461393933636432666532623433346663656666376563 +39666434343836366133316234333039313239306135303935323735336236396365383564386663 +39626239396630363435316138363230336265613162323831323362376362643639363935626237 +39663265666533626430663135303932386365626565636665373030373963373465613964653331 +63333637366464376239363262313338663331306634323732333636653464396165376639613863 +35343133393265363335353263313664613864343765633061383233323839653030313366613237 +66376134396362663332333038303333313064393161333066623739363138316435643439656638 +32366130326133653462623437633439386338333630626334656437653530633565393565643936 +37363233396263633339353331633633356661363961663762306364323765303261343063363130 +62616566623665623435636333333935613734373233376335313139633062353230613739663665 +34333930353164396261303433653966336435333463313837613464643961393737366638326538 +61376233633431346331366532336366626530626666373932383932643235343433353764616161 +30396136363838626136363430383537343439636261636636373236353565353932626364663834 +64363963393739373166343365303036353035336333323665373633623863363861383832633539 +36636136383133353839326362333065613232343235366365663733623838643033393862326236 +33373665313339643737646138663233346365663061386266383336633134306562313664326238 +35306565343039313063663634393762383836393034333639306533333534656165636436666466 +33303235376132393164626532636563653939613635396139366133383337666237646330306264 +32633738653663386235373061356661353236613838366663373233373034363337366339353836 +39353931623039646662313966383061343631373362616264346564383239303865633830323034 +39633564393537346334633637333030356134353464616333323330643731336139653630356137 +33383938383135373138616564366236653536386366636436656563346663663964343664336536 +31386362333762353237663334323464663335633838353038636164656135633562643036343833 +37623435623437393363613639326166386666646464376131666432346164386265303366333165 +34333339323635663430643931616335646532303330646532643339316435643636643262363032 +31363333636631373036383465623138316537343135383763613138393130383733343333363334 +31636461346432346434633431663036343564313837343034633762356236623332656166373634 +35323365363333633837346434653339373531653135643132613062613366613263356536666237 +38313231396239316665666230653035633763633766326364376231366634383434633731393564 +39346436363239633738626631636339613165333439316566646464356632326131383337306430 +35363135376562373064646638373238623335623165316231323531336132346137356166313638 +66656535336666313162666434336130383162393764653931633763626630316532383330393563 +38646236313737303364656230653664623334643033373364616334343534346235666137336136 +32306630373865376631366363633434313135313063626161303635646137383561373634356430 +35626238346263313566653434326236666435396238386533383964633131353534636135326362 +35383464653336306438656430343436366236313466356531326132316263363463353730363930 +63653435343764363939303762353132333366353832303531343637323235313437316530336638 +65343033353363326336633735623538663930663838613533393132303161633033386432643931 +65656361343462663435376337353633336437303736613463633162366131623363626166636134 +353533336133303463356663323736326332 diff --git a/hosts b/hosts index d65e07f..990c862 100644 --- a/hosts +++ b/hosts @@ -32,35 +32,35 @@ marki.adm.auro.re [fleming_vm] ldap-replica-fleming.adm.auro.re -ldap-replica-fleming-fo.adm.auro.re +#ldap-replica-fleming-fo.adm.auro.re dhcp-fleming.adm.auro.re -dhcp-fleming-fo.adm.auro.re +#dhcp-fleming-fo.adm.auro.re dns-fleming.adm.auro.re -dns-fleming-fo.adm.auro.re +#dns-fleming-fo.adm.auro.re prometheus-fleming.adm.auro.re -prometheus-fleming-fo.adm.auro.re +#prometheus-fleming-fo.adm.auro.re radius-fleming.adm.auro.re -radius-fleming-fo.adm.auro.re +#radius-fleming-fo.adm.auro.re unifi-fleming.adm.auro.re routeur-fleming.adm.auro.re -routeur-fleming-fo.adm.auro.re +#routeur-fleming-fo.adm.auro.re [fleming_unifi] fa-0-1.borne.auro.re fa-1-1.borne.auro.re fa-2-1.borne.auro.re -fa-2-2.borne.auro.re +#fa-2-2.borne.auro.re fa-3-1.borne.auro.re fa-4-1.borne.auro.re fb-0-1.borne.auro.re fb-1-1.borne.auro.re -fb-1-2.borne.auro.re +#fb-1-2.borne.auro.re fb-2-1.borne.auro.re -fb-2-2.borne.auro.re +#fb-2-2.borne.auro.re fb-3-1.borne.auro.re -fb-3-2.borne.auro.re +#fb-3-2.borne.auro.re fb-4-1.borne.auro.re -fb-4-2.borne.auro.re +#fb-4-2.borne.auro.re fc-0-1.borne.auro.re fc-1-1.borne.auro.re fc-2-1.borne.auro.re @@ -70,7 +70,7 @@ fd-0-1.borne.auro.re fd-1-1.borne.auro.re fd-2-1.borne.auro.re fd-3-1.borne.auro.re -fd-4-1.borne.auro.re +#fd-4-1.borne.auro.re fe-0-1.borne.auro.re fe-1-1.borne.auro.re fe-1-2.borne.auro.re @@ -92,13 +92,13 @@ ff-4-1.borne.auro.re ff-4-2.borne.auro.re fg-0-1.borne.auro.re fg-1-1.borne.auro.re -fg-1-2.borne.auro.re +#fg-1-2.borne.auro.re fg-2-1.borne.auro.re fg-2-2.borne.auro.re fg-3-1.borne.auro.re fg-3-2.borne.auro.re fg-4-1.borne.auro.re -fg-4-2.borne.auro.re +#fg-4-2.borne.auro.re fh-0-1.borne.auro.re fh-1-1.borne.auro.re fh-1-2.borne.auro.re @@ -151,18 +151,18 @@ titan.adm.auro.re [pacaterie_vm] ldap-replica-pacaterie.adm.auro.re -ldap-replica-pacaterie-fo.adm.auro.re +#ldap-replica-pacaterie-fo.adm.auro.re dhcp-pacaterie.adm.auro.re -dhcp-pacaterie-fo.adm.auro.re +#dhcp-pacaterie-fo.adm.auro.re dns-pacaterie.adm.auro.re -dns-pacaterie-fo.adm.auro.re +#dns-pacaterie-fo.adm.auro.re prometheus-pacaterie.adm.auro.re -prometheus-pacaterie-fo.adm.auro.re +#prometheus-pacaterie-fo.adm.auro.re radius-pacaterie.adm.auro.re -radius-pacaterie-fo.adm.auro.re +#radius-pacaterie-fo.adm.auro.re unifi-pacaterie.adm.auro.re routeur-pacaterie.adm.auro.re -routeur-pacaterie-fo.adm.auro.re +#routeur-pacaterie-fo.adm.auro.re [pacaterie_unifi] pc-1-1.borne.auro.re @@ -284,7 +284,7 @@ ovh_vm # everything at fleming [fleming:children] -fleming_pve +fleming_physical fleming_vm fleming_unifi diff --git a/monitoring.yml b/monitoring.yml index 2f26803..76e063b 100644 --- a/monitoring.yml +++ b/monitoring.yml @@ -2,6 +2,7 @@ - hosts: prometheus-fleming.adm.auro.re,prometheus-fleming-fo.adm.auro.re vars: prometheus_alertmanager: docker-ovh.adm.auro.re:9093 + snmp_unifi_password: "{{ vault_snmp_unifi_password }}" # Prometheus targets.json prometheus_targets: @@ -15,6 +16,7 @@ - hosts: prometheus-pacaterie.adm.auro.re,prometheus-pacaterie-fo.adm.auro.re vars: prometheus_alertmanager: docker-ovh.adm.auro.re:9093 + snmp_unifi_password: "{{ vault_snmp_unifi_password }}" # Prometheus targets.json prometheus_targets: @@ -28,6 +30,7 @@ - hosts: prometheus-edc.adm.auro.re,prometheus-edc-fo.adm.auro.re vars: prometheus_alertmanager: docker-ovh.adm.auro.re:9093 + snmp_unifi_password: "{{ vault_snmp_unifi_password }}" # Prometheus targets.json prometheus_targets: @@ -41,6 +44,7 @@ - hosts: prometheus-georgesand.adm.auro.re,prometheus-georgesand-fo.adm.auro.re vars: prometheus_alertmanager: docker-ovh.adm.auro.re:9093 + snmp_unifi_password: "{{ vault_snmp_unifi_password }}" # Prometheus targets.json prometheus_targets: From 639fbbcd28f77bd86fc19bc781cf31281c59ba3d Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 2 Dec 2019 20:33:29 +0100 Subject: [PATCH 5/8] =?UTF-8?q?test=20s=C3=A9minaire?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/network.yml b/network.yml index cdff053..1a353f5 100644 --- a/network.yml +++ b/network.yml @@ -10,7 +10,7 @@ username: service-user password: "{{ vault_serviceuser_passwd }}" dhcp: - authoritative: true + authoritative: yes roles: - re2o-service - isc-dhcp-server From b60ca7111acd9d9d1bc8c8920f942a9e421ea9cd Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Thu, 5 Dec 2019 14:07:08 +0100 Subject: [PATCH 6/8] Mini useful script --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 4f5f92a..ab2d34c 100644 --- a/README.md +++ b/README.md @@ -111,3 +111,11 @@ Vous pouvez ensuite enlever `--check` si vous voulez appliquer les changements ! Si vous avez des soucis de fingerprint ECDSA, vous pouvez ignorer une première fois (dangereux !) : `ANSIBLE_HOST_KEY_CHECKING=0 ansible-playbook...`. +### Ajouter tous les empruntes de serveur + +```bash +#!/bin/bash +for ip in `cat hosts|grep .adm.auro.re`; do + ssh-copy-id -i ~/.ssh/id_rsa.pub $ip +done +``` From 5061a029e05673e8e846b4a289b90a455f571de7 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Thu, 5 Dec 2019 14:07:48 +0100 Subject: [PATCH 7/8] Do not ask why, it was not there --- roles/baseconfig/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/baseconfig/tasks/main.yml b/roles/baseconfig/tasks/main.yml index 5249244..bf88ae2 100644 --- a/roles/baseconfig/tasks/main.yml +++ b/roles/baseconfig/tasks/main.yml @@ -23,6 +23,7 @@ - git # code versioning - less # i like cats - screen # Vulcain asked for this + - lsb-release update_cache: true register: apt_result retries: 3 From a44c7064d2159d299fb48bebb0bc1fd6db1aa0b7 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Thu, 5 Dec 2019 14:08:08 +0100 Subject: [PATCH 8/8] Add more logic --- hosts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts b/hosts index 990c862..25d42b3 100644 --- a/hosts +++ b/hosts @@ -31,7 +31,7 @@ freya.adm.auro.re marki.adm.auro.re [fleming_vm] -ldap-replica-fleming.adm.auro.re +ldap-replica-fleming1.adm.auro.re #ldap-replica-fleming-fo.adm.auro.re dhcp-fleming.adm.auro.re #dhcp-fleming-fo.adm.auro.re