diff --git a/.ansible-lint b/.ansible-lint index a85e701..d98efd4 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,7 +1,10 @@ skip_list: - - '301' + - no-changed-when + - load-failure + - document-start warn_list: - - '305' # Use shell only when shell functionality is required - - '503' # Tasks that run when changed should likely be handlers - experimental # all rules tagged as experimental + +exclude_paths: +- group_vars/all/vault.yml diff --git a/.drone.yml b/.drone.yml index 416e400..eb6ce40 100644 --- a/.drone.yml +++ b/.drone.yml @@ -4,16 +4,9 @@ type: docker name: check steps: - - name: yamllint - image: python:3.9-alpine + - name: ansible and yaml linting + pull: never + image: aurore-ansible-lint-image commands: - - pip install yamllint==1.25.0 - - yamllint -c .yamllint.yml . - - - name: ansible-lint - image: python:3.9-alpine - commands: - - apk add --no-cache gcc libc-dev libffi-dev openssl-dev - - pip install ansible-lint==4.3.7 - - ansible-lint *.yml + - ansible-lint ... diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index c62f35b..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -image: python:3.9-alpine - -stages: - - lint - -yamllint: - stage: lint - script: - - pip install yamllint==1.25.0 - - yamllint -c .yamllint.yml . - -ansible-lint: - stage: lint - script: - - apk add gcc libc-dev libffi-dev openssl-dev - - pip install ansible-lint==4.3.7 - - ansible-lint *.yml -... diff --git a/.yamllint.yml b/.yamllint.yml index c8666c8..af15be3 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -6,6 +6,5 @@ rules: max: 120 level: warning document-start: - ignore: | - /groups_var/all/vault.yml + ignore: group_vars/all/vault.yml ... diff --git a/README.md b/README.md index 00897a4..cb8683f 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +[![Linter Status](https://drone.auro.re/api/badges/Aurore/ansible/status.svg)](https://drone.auro.re/Aurore/ansible) + # Recettes Ansible d'Aurore Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore. diff --git a/deploy_postfix_non_mailhost.yml b/deploy_postfix_non_mailhost.yml new file mode 100644 index 0000000..e335928 --- /dev/null +++ b/deploy_postfix_non_mailhost.yml @@ -0,0 +1,8 @@ +--- +# Deploy a correclty configured postfix on non mailhost servers +- hosts: all,!unifi + vars: + local_network: 10.128.0.0/16 + relay_host: proxy.adm.auro.re + roles: + - postfix_non_mailhost diff --git a/docker-ansible-lint/Dockerfile b/docker-ansible-lint/Dockerfile new file mode 100644 index 0000000..5d60549 --- /dev/null +++ b/docker-ansible-lint/Dockerfile @@ -0,0 +1,7 @@ +FROM python:3.9-alpine +LABEL description="Aurore's docker image for ansible-lint" + +RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo +RUN pip install "yamllint>=1.26.0,<2.0" +RUN pip install "ansible-lint==5.0.0" +RUN pip install "ansible>=2.10,<2.11" diff --git a/docker-ansible-lint/README.md b/docker-ansible-lint/README.md new file mode 100644 index 0000000..adabac3 --- /dev/null +++ b/docker-ansible-lint/README.md @@ -0,0 +1,18 @@ +# Ansible-lint image + +In order to build this image when a new version comes out, you need to +1. ssh into the `drone.adm.auro.re` server +2. git pull this repo to the lastest version +3. optionally make the changes if it has not been done yet +4. `sudo docker build -t aurore-ansible-lint-image docker-ansible-lint/` +5. ??? +6. enjoy + +You can verify that the image was correclty built by running +``` +# list the images present +sudo docker image ls + +# run your image with an interactive shell +sudo docker run -it --rm aurore-ansible-lint-image /bin/sh +``` diff --git a/hosts b/hosts index 4263845..fae000e 100644 --- a/hosts +++ b/hosts @@ -36,6 +36,7 @@ mail.auro.re wikijs.adm.auro.re prometheus-aurore.adm.auro.re portail.adm.auro.re +jitsi-aurore.adm.auro.re [aurore_testing_vm] pendragon.adm.auro.re @@ -62,6 +63,8 @@ vpn-ovh.adm.auro.re docker-ovh.adm.auro.re switchs-manager.adm.auro.re ldap-replica-ovh.adm.auro.re +prometheus-ovh.adm.auro.re +prometheus-federate.adm.auro.re [ovh_testing_vm] #re2o-test.adm.auro.re @@ -266,6 +269,7 @@ ep-1-3.borne.auro.re ep-1-2.borne.auro.re ep-0-1.borne.auro.re eo-2-1.borne.auro.re +ee-2-1.borne.auro.re ############################################################################### # George Sand diff --git a/monitoring.yml b/monitoring.yml index c31fe86..53bdae7 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -1,6 +1,6 @@ #!/usr/bin/env ansible-playbook --- -- hosts: prometheus-fleming.adm.auro.re,prometheus-fleming-fo.adm.auro.re +- hosts: prometheus-fleming.adm.auro.re vars: prometheus_alertmanager: docker-ovh.adm.auro.re:9093 snmp_unifi_password: "{{ vault_snmp_unifi_password }}" @@ -88,10 +88,43 @@ # Prometheus targets.json prometheus_targets: - targets: | - {{ groups['aurore_pve'] + groups['aurore_vm'] + groups['ovh_pve'] + groups['ovh_vm'] | list | sort }} + {{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }} roles: - prometheus +- hosts: prometheus-ovh.adm.auro.re + vars: + prometheus_alertmanager: docker-ovh.adm.auro.re:9093 + snmp_unifi_password: "{{ vault_snmp_unifi_password }}" + + # Prometheus targets.json + prometheus_targets: + - targets: | + {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }} + prometheus_docker_targets: + - docker-ovh.adm.auro.re:8087 + roles: + - prometheus + + +- hosts: prometheus-federate.adm.auro.re + vars: + prometheus_alertmanager: docker-ovh.adm.auro.re:9093 + snmp_unifi_password: "{{ vault_snmp_unifi_password }}" + + # Prometheus targets.json + prometheus_targets: + - prometheus-edc.adm.auro.re + - prometheus-gs.adm.auro.re + - prometheus-fleming.adm.auro.re + - prometheus-pacaterie.adm.auro.re + - prometheus-rives.adm.auro.re + - prometheus-aurore.adm.auro.re + - prometheus-ovh.adm.auro.re + - prometheus-federate.adm.auro.re + roles: + - prometheus_federate + # Monitor all hosts - hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container diff --git a/network.yml b/network.yml index e64d8ff..50fde19 100755 --- a/network.yml +++ b/network.yml @@ -43,7 +43,7 @@ # username: service-user # password: "{{ vault_serviceuser_passwd }}" # roles: -# - re2o-service +# - re2o_service # Deploy Unifi Controller @@ -62,4 +62,4 @@ # username: service-user # password: "{{ vault_serviceuser_passwd }}" # roles: -# - re2o-service +# - re2o_service diff --git a/roles/debian-backports/tasks/main.yml b/roles/debian_backports/tasks/main.yml similarity index 100% rename from roles/debian-backports/tasks/main.yml rename to roles/debian_backports/tasks/main.yml diff --git a/roles/debian-backports/templates/backports.list.j2 b/roles/debian_backports/templates/backports.list.j2 similarity index 100% rename from roles/debian-backports/templates/backports.list.j2 rename to roles/debian_backports/templates/backports.list.j2 diff --git a/roles/isc_dhcp_server/handlers/main.yml b/roles/isc_dhcp_server/handlers/main.yml index 05b48c6..fd4dd48 100644 --- a/roles/isc_dhcp_server/handlers/main.yml +++ b/roles/isc_dhcp_server/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: force run dhcp re2o-service - shell: /var/local/re2o-services/dhcp/main.py --force + command: /var/local/re2o-services/dhcp/main.py --force become_user: re2o-services - name: restart dhcpd diff --git a/roles/isc_dhcp_server/tasks/main.yml b/roles/isc_dhcp_server/tasks/main.yml index 57d2d25..9d69d63 100644 --- a/roles/isc_dhcp_server/tasks/main.yml +++ b/roles/isc_dhcp_server/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Install dhcp (re2o-service) import_role: - name: re2o-service + name: re2o_service vars: service_repo: https://gitlab.federez.net/re2o/dhcp.git service_name: dhcp @@ -18,7 +18,7 @@ owner: re2o-services group: nogroup recurse: true - mode: 755 + mode: 0755 - name: Install isc-dhcp-server apt: diff --git a/roles/postfix_non_mailhost/handlers/main.yml b/roles/postfix_non_mailhost/handlers/main.yml new file mode 100644 index 0000000..bc28f6e --- /dev/null +++ b/roles/postfix_non_mailhost/handlers/main.yml @@ -0,0 +1,10 @@ +--- +- name: restart postfix + service: + name: postfix + state: restarted + +- name: reload postfix + service: + name: postfix + state: reloaded diff --git a/roles/postfix_non_mailhost/tasks/main.yml b/roles/postfix_non_mailhost/tasks/main.yml new file mode 100644 index 0000000..42f3482 --- /dev/null +++ b/roles/postfix_non_mailhost/tasks/main.yml @@ -0,0 +1,17 @@ +--- +- name: Install postfix + apt: + name: postfix + update_cache: true + register: result + retries: 3 + until: result is succeeded + +- name: Configure postfix + template: + src: main.cf.j2 + dest: /etc/postfix/main.cf + mode: 0644 + owner: root + group: root + notify: restart postfix diff --git a/roles/postfix_non_mailhost/templates/main.cf.j2 b/roles/postfix_non_mailhost/templates/main.cf.j2 new file mode 100644 index 0000000..d5f5166 --- /dev/null +++ b/roles/postfix_non_mailhost/templates/main.cf.j2 @@ -0,0 +1,32 @@ +# {{ ansible_managed }} +# See /usr/share/postfix/main.cf.dist for a commented, more complete version +# Template based on /usr/share/postfix/main.cf.debian + +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +biff = no + +# appending .domain is the MUA's job. +append_dot_mydomain = no + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = no + +# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on +# fresh installs. +compatibility_level = 2 + +# Send mail as user@{{ ansible_fqdn }} +myhostname = {{ ansible_fqdn }} +myorigin = $myhostname +mydomain = $myhostname + +# Specify the trusted networks +mynetworks = 127.0.0.0/8 {{ local_network }} + +# This host does not relay mail from untrusted networks +relay_domains = + +# This is needed if no direct Internet access is available +relayhost = {{ relay_host }} diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 8697ef9..f215930 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -64,6 +64,13 @@ mode: 0644 when: prometheus_ups_snmp_targets is defined +- name: Configure Prometheus docker monitoring + copy: + content: "{{ [{'targets': prometheus_docker_targets }] | to_nice_json }}\n" + dest: /etc/prometheus/targets_docker.json + mode: 0644 + when: prometheus_docker_targets is defined + - name: Activate prometheus service systemd: name: prometheus diff --git a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 index 5c8cf56..028d5d0 100644 --- a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 +++ b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 @@ -22,7 +22,7 @@ groups: labels: severity: warning annotations: - summary: "Mémoire libre de {{ $labels.instance }} à {{ $value | printf "%.2f" }}%." + summary: "Mémoire libre de {{ $labels.instance }} à {{ humanize $value }}%." # Alert for out of disk space - alert: OutOfDiskSpace @@ -31,7 +31,7 @@ groups: labels: severity: warning annotations: - summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.instance }} à {{ $value | printf "%.2f" }}%." + summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.instance }} à {{ humanize $value }}%." # Alert for out of inode space on disk - alert: OutOfInodes @@ -49,7 +49,7 @@ groups: labels: severity: warning annotations: - summary: "CPU sur {{ $labels.instance }} à {{ $value | printf "%.2f" }}%." + summary: "CPU sur {{ $labels.instance }} à {{ humanize $value }}%." # Check systemd unit (> buster) - alert: SystemdServiceFailed @@ -59,11 +59,20 @@ groups: severity: warning annotations: summary: "{{ $labels.name }} a échoué sur {{ $labels.instance }}" + + # Check load of instance + - alert: LoadUsage + expr: node_load1 > 5 + for: 2m + labels: + severity: warning + annotations: + summary: "La charge de {{ $labels.instance }} est à {{ $value }} !" # Check UPS - alert: UpsOutputSourceChanged expr: upsOutputSource != 3 - for: 5m + for: 1m labels: severity: warning annotations: @@ -71,7 +80,7 @@ groups: - alert: UpsBatteryStatusWarning expr: upsBatteryStatus == 3 - for: 5m + for: 2m labels: severity: warning annotations: @@ -79,7 +88,7 @@ groups: - alert: UpsBatteryStatusCritical expr: upsBatteryStatus == 4 - for: 5m + for: 10m labels: severity: warning annotations: @@ -95,7 +104,7 @@ groups: - alert: UpsWrongInputVoltage expr: (upsInputVoltage < 210) or (upsInputVoltage > 250) - for: 5m + for: 10m labels: severity: warning annotations: @@ -103,7 +112,7 @@ groups: - alert: UpsWrongOutputVoltage expr: (upsOutputVoltage < 220) or (upsOutputVoltage > 240) - for: 5m + for: 10m labels: severity: warning annotations: @@ -111,7 +120,7 @@ groups: - alert: UpsTimeRemainingWarning expr: upsEstimatedMinutesRemaining < 15 - for: 5m + for: 1m labels: severity: warning annotations: @@ -119,7 +128,7 @@ groups: - alert: UpsTimeRemainingCritical expr: upsEstimatedMinutesRemaining < 5 - for: 5m + for: 1m labels: severity: critical annotations: diff --git a/roles/prometheus/templates/prometheus/prometheus.yml.j2 b/roles/prometheus/templates/prometheus/prometheus.yml.j2 index e35a0cf..75c8be9 100644 --- a/roles/prometheus/templates/prometheus/prometheus.yml.j2 +++ b/roles/prometheus/templates/prometheus/prometheus.yml.j2 @@ -81,3 +81,7 @@ scrape_configs: - target_label: __address__ replacement: 127.0.0.1:9116 + - job_name: docker + file_sd_configs: + - files: + - '/etc/prometheus/targets_docker.json' diff --git a/roles/prometheus/templates/prometheus/snmp.yml.j2 b/roles/prometheus/templates/prometheus/snmp.yml.j2 index 5968095..d4dc51c 100644 --- a/roles/prometheus/templates/prometheus/snmp.yml.j2 +++ b/roles/prometheus/templates/prometheus/snmp.yml.j2 @@ -162,13 +162,31 @@ ubiquiti_unifi: indexes: - labelname: unifiVapIndex type: gauge - - name: unifiVapNumStations + - name: unifi_vap_num_stations oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8 type: gauge help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8' indexes: - - labelname: unifiVapIndex - type: gauge + - labelname: unifi_vap_index + type: gauge + lookups: + - labels: [unifi_vap_index] + labelname: unifi_vap_essid + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6 + type: DisplayString + - labels: [unifi_vap_index] + labelname: unifi_vap_radio + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9 + type: DisplayString + - labels: [] + labelname: unifi_vap_index +# - name: unifiVapNumStations +# oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8 +# type: gauge +# help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8' +# indexes: +# - labelname: unifiVapIndex +# type: gauge - name: unifiVapRadio oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9 type: DisplayString diff --git a/roles/prometheus_federate/handlers/main.yml b/roles/prometheus_federate/handlers/main.yml new file mode 100644 index 0000000..4214def --- /dev/null +++ b/roles/prometheus_federate/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Restart Prometheus + service: + name: prometheus + state: restarted diff --git a/roles/prometheus_federate/tasks/main.yml b/roles/prometheus_federate/tasks/main.yml new file mode 100644 index 0000000..33feb90 --- /dev/null +++ b/roles/prometheus_federate/tasks/main.yml @@ -0,0 +1,46 @@ +--- +- name: Install Prometheus + apt: + update_cache: true + name: + - prometheus + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Configure Prometheus + template: + src: prometheus/prometheus.yml.j2 + dest: /etc/prometheus/prometheus.yml + mode: 0644 + notify: Restart Prometheus + +- name: Configure Prometheus alert rules + template: + src: "prometheus/{{ item }}.j2" + dest: "/etc/prometheus/{{ item }}" + mode: 0644 + notify: Restart Prometheus + loop: + - alert.rules.yml + - django.rules.yml + +# We don't need to restart Prometheus when updating nodes +- name: Configure Prometheus Federate devices + copy: + content: "{{ [{'targets': prometheus_targets }] | to_nice_json }}" + dest: /etc/prometheus/targets.json + mode: 0644 + when: prometheus_targets is defined + +- name: Activate prometheus service + systemd: + name: prometheus + enabled: true + state: started + +- name: Indicate role in motd + template: + src: update-motd.d/05-service.j2 + dest: /etc/update-motd.d/05-prometheus + mode: 0755 diff --git a/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 new file mode 100644 index 0000000..f78df48 --- /dev/null +++ b/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 @@ -0,0 +1,138 @@ +# {{ ansible_managed }} +{# As this is also Jinja2 it will conflict without a raw block #} +{# Depending of Prometheus Node exporter version, rules can change depending of version #} +{% raw %} +groups: +- name: alert.rules + rules: + + # Alert for any instance that is unreachable for >3 minutes. + - alert: InstanceDown + expr: up == 0 + for: 3m + labels: + severity: critical + annotations: + summary: "Federate : {{ $labels.exported_instance }} est invisible depuis plus de 3 minutes !" + + # Alert for out of memory + - alert: OutOfMemory + expr: (node_memory_MemFree_bytes + node_memory_Cached_bytes + node_memory_Buffers_bytes) / node_memory_MemTotal_bytes * 100 < 10 + for: 5m + labels: + severity: warning + annotations: + summary: "Federate : Mémoire libre de {{ $labels.exported_instance }} à {{ humanize $value }}%." + + # Alert for out of disk space + - alert: OutOfDiskSpace + expr: node_filesystem_free_bytes{fstype="ext4"} / node_filesystem_size_bytes{fstype="ext4"} * 100 < 10 + for: 5m + labels: + severity: warning + annotations: + summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.exported_instance }} à {{ humanize $value }}%." + + # Alert for out of inode space on disk + - alert: OutOfInodes + expr: node_filesystem_files_free{fstype="ext4"} / node_filesystem_files{fstype="ext4"} * 100 < 10 + for: 5m + labels: + severity: warning + annotations: + summary: "Federate : Presque plus d'inodes disponibles ({{ $value }}% restant) dans {{ $labels.mountpoint }} sur {{ $labels.exported_instance }}." + + # Alert for high CPU usage + - alert: CpuUsage + expr: (100 - avg by (instance) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 75 + for: 10m + labels: + severity: warning + annotations: + summary: "Federate : CPU sur {{ $labels.exported_instance }} à {{ humanize $value }}%." + + # Check systemd unit (> buster) + - alert: SystemdServiceFailed + expr: node_systemd_unit_state{state="failed"} == 1 + for: 10m + labels: + severity: warning + annotations: + summary: "Federate : {{ $labels.name }} a échoué sur {{ $labels.exported_instance }}" + + # Check load of instance + - alert: LoadUsage + expr: node_load1 > 5 + for: 2m + labels: + severity: warning + annotations: + summary: "Federate : la charge de {{ $labels.exported_instance }} est à {{ $value }} !" + + # Check UPS + - alert: UpsOutputSourceChanged + expr: upsOutputSource != 3 + for: 1m + labels: + severity: warning + annotations: + summary: "Federate : La source d'alimentation de {{ $labels.exported_instance }} a changé !" + + - alert: UpsBatteryStatusWarning + expr: upsBatteryStatus == 3 + for: 2m + labels: + severity: warning + annotations: + summary: "Federate : L'état de la batterie de {{ $labels.exported_instance }} est faible !" + + - alert: UpsBatteryStatusCritical + expr: upsBatteryStatus == 4 + for: 10m + labels: + severity: warning + annotations: + summary: "L'état de la batterie de {{ $labels.exported_instance }} est affaibli !" + + - alert: UpsHighLoad + expr: upsOutputPercentLoad > 70 + for: 5m + labels: + severity: critical + annotations: + summary: "Federate : La charge de {{ $labels.exported_instance }} est de {{ $value }}% !" + + - alert: UpsWrongInputVoltage + expr: (upsInputVoltage < 210) or (upsInputVoltage > 250) + for: 10m + labels: + severity: warning + annotations: + summary: "Federate : La tension d'entrée de {{ $labels.exported_instance }} est de {{ $value }}V." + + - alert: UpsWrongOutputVoltage + expr: (upsOutputVoltage < 220) or (upsOutputVoltage > 240) + for: 10m + labels: + severity: warning + annotations: + summary: "Federate : La tension de sortie de {{ $labels.exported_instance }} est de {{ $value }}V." + + - alert: UpsTimeRemainingWarning + expr: upsEstimatedMinutesRemaining < 15 + for: 1m + labels: + severity: warning + annotations: + summary: "Federate : L'autonomie restante sur {{ $labels.exported_instance }} est de {{ $value }} min." + + - alert: UpsTimeRemainingCritical + expr: upsEstimatedMinutesRemaining < 5 + for: 1m + labels: + severity: critical + annotations: + summary: "Federate : L'autonomie restante sur {{ $labels.exported_instance }} est de {{ $value }} min." + + +{% endraw %} diff --git a/roles/prometheus_federate/templates/prometheus/django.rules.yml.j2 b/roles/prometheus_federate/templates/prometheus/django.rules.yml.j2 new file mode 100644 index 0000000..fddd398 --- /dev/null +++ b/roles/prometheus_federate/templates/prometheus/django.rules.yml.j2 @@ -0,0 +1,106 @@ +# {{ ansible_managed }} +{# As this is also Jinja2 it will conflict without a raw block #} +{% raw %} +groups: +- name: django.rules + rules: + - record: job:django_http_requests_before_middlewares_total:sum_rate30s + expr: sum(rate(django_http_requests_before_middlewares_total[30s])) BY (job) + - record: job:django_http_requests_unknown_latency_total:sum_rate30s + expr: sum(rate(django_http_requests_unknown_latency_total[30s])) BY (job) + - record: job:django_http_ajax_requests_total:sum_rate30s + expr: sum(rate(django_http_ajax_requests_total[30s])) BY (job) + - record: job:django_http_responses_before_middlewares_total:sum_rate30s + expr: sum(rate(django_http_responses_before_middlewares_total[30s])) BY (job) + - record: job:django_http_requests_unknown_latency_including_middlewares_total:sum_rate30s + expr: sum(rate(django_http_requests_unknown_latency_including_middlewares_total[30s])) + BY (job) + - record: job:django_http_requests_body_total_bytes:sum_rate30s + expr: sum(rate(django_http_requests_body_total_bytes[30s])) BY (job) + - record: job:django_http_responses_streaming_total:sum_rate30s + expr: sum(rate(django_http_responses_streaming_total[30s])) BY (job) + - record: job:django_http_responses_body_total_bytes:sum_rate30s + expr: sum(rate(django_http_responses_body_total_bytes[30s])) BY (job) + - record: job:django_http_requests_total:sum_rate30s + expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job) + - record: job:django_http_requests_total_by_method:sum_rate30s + expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job, method) + - record: job:django_http_requests_total_by_transport:sum_rate30s + expr: sum(rate(django_http_requests_total_by_transport[30s])) BY (job, transport) + - record: job:django_http_requests_total_by_view:sum_rate30s + expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job, + view) + - record: job:django_http_requests_total_by_view_transport_method:sum_rate30s + expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job, + view, transport, method) + - record: job:django_http_responses_total_by_templatename:sum_rate30s + expr: sum(rate(django_http_responses_total_by_templatename[30s])) BY (job, templatename) + - record: job:django_http_responses_total_by_status:sum_rate30s + expr: sum(rate(django_http_responses_total_by_status[30s])) BY (job, status) + - record: job:django_http_responses_total_by_charset:sum_rate30s + expr: sum(rate(django_http_responses_total_by_charset[30s])) BY (job, charset) + - record: job:django_http_exceptions_total_by_type:sum_rate30s + expr: sum(rate(django_http_exceptions_total_by_type[30s])) BY (job, type) + - record: job:django_http_exceptions_total_by_view:sum_rate30s + expr: sum(rate(django_http_exceptions_total_by_view[30s])) BY (job, view) + - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s + expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) + BY (job, le)) + labels: + quantile: "50" + - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s + expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) + BY (job, le)) + labels: + quantile: "95" + - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s + expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) + BY (job, le)) + labels: + quantile: "99" + - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s + expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) + BY (job, le)) + labels: + quantile: "99.9" + - record: job:django_http_requests_latency_seconds:quantile_rate30s + expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_seconds_bucket[30s])) + BY (job, le)) + labels: + quantile: "50" + - record: job:django_http_requests_latency_seconds:quantile_rate30s + expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_seconds_bucket[30s])) + BY (job, le)) + labels: + quantile: "95" + - record: job:django_http_requests_latency_seconds:quantile_rate30s + expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_seconds_bucket[30s])) + BY (job, le)) + labels: + quantile: "99" + - record: job:django_http_requests_latency_seconds:quantile_rate30s + expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_seconds_bucket[30s])) + BY (job, le)) + labels: + quantile: "99.9" + - record: job:django_model_inserts_total:sum_rate1m + expr: sum(rate(django_model_inserts_total[1m])) BY (job, model) + - record: job:django_model_updates_total:sum_rate1m + expr: sum(rate(django_model_updates_total[1m])) BY (job, model) + - record: job:django_model_deletes_total:sum_rate1m + expr: sum(rate(django_model_deletes_total[1m])) BY (job, model) + - record: job:django_db_new_connections_total:sum_rate30s + expr: sum(rate(django_db_new_connections_total[30s])) BY (alias, vendor) + - record: job:django_db_new_connection_errors_total:sum_rate30s + expr: sum(rate(django_db_new_connection_errors_total[30s])) BY (alias, vendor) + - record: job:django_db_execute_total:sum_rate30s + expr: sum(rate(django_db_execute_total[30s])) BY (alias, vendor) + - record: job:django_db_execute_many_total:sum_rate30s + expr: sum(rate(django_db_execute_many_total[30s])) BY (alias, vendor) + - record: job:django_db_errors_total:sum_rate30s + expr: sum(rate(django_db_errors_total[30s])) BY (alias, vendor, type) + - record: job:django_migrations_applied_total:max + expr: max(django_migrations_applied_total) BY (job, connection) + - record: job:django_migrations_unapplied_total:max + expr: max(django_migrations_unapplied_total) BY (job, connection) +{% endraw %} diff --git a/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2 b/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2 new file mode 100644 index 0000000..52e5a92 --- /dev/null +++ b/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2 @@ -0,0 +1,56 @@ +# {{ ansible_managed }} + +global: + # scrape_interval is set to the global default (60s) + # evaluation_interval is set to the global default (60s) + # scrape_timeout is set to the global default (10s). + + # Attach these labels to any time series or alerts when communicating with + # external systems (federation, remote storage, Alertmanager). + external_labels: + monitor: 'example' + +# Alertmanager configuration +# Use prometheus alertmanager installed on the same machine +alerting: + alertmanagers: + - static_configs: + - targets: ['{{ prometheus_alertmanager }}'] + +# Load rules once and periodically evaluate them according to the global 'evaluation_interval'. +rule_files: + - "alert.rules.yml" # Monitoring alerts, this is the file you may be searching! + - "django.rules.yml" # Custom rules specific for Django project monitoring + +# A scrape configuration containing exactly one endpoint to scrape: +# Here it's Prometheus itself. +scrape_configs: + # The .json in file_sd_configs is dynamically reloaded + + + - job_name: federate + scrape_interval: 15s + metrics_path: '/federate' + file_sd_configs: + - files: + - '/etc/prometheus/targets.json' + relabel_configs: + # Do not put :9100 in instance name, rather here + - source_labels: [__address__] + target_label: __param_target + - source_labels: [__param_target] + target_label: instance + - source_labels: [__param_target] + target_label: __address__ + replacement: '$1:9090' + params: + 'match[]': + - '{job="servers"}' + - '{job="prometheus"}' + - '{job="unifi_snmp"}' + - '{job="django"}' + - '{job="ups_snmp"}' + - '{job="django"}' + - '{job="docker"}' + - '{job="switch"}' + diff --git a/roles/prometheus_federate/templates/prometheus/snmp.yml.j2 b/roles/prometheus_federate/templates/prometheus/snmp.yml.j2 new file mode 100644 index 0000000..d4dc51c --- /dev/null +++ b/roles/prometheus_federate/templates/prometheus/snmp.yml.j2 @@ -0,0 +1,387 @@ +# {{ ansible_managed }} +# TODOlist : +# - Faire fonctionner le monitoring des switchs défini ici +# * Configurer tous les switchs avec un compte SNMPv3 +# * Mettre l'inventaire des switchs dans Ansible +# - Optimiser les règles pour les bornes Unifi, +# on pourrait indexer avec les SSID + +eatonups: + walk: + - 1.3.6.1.2.1.33.1.2 + - 1.3.6.1.2.1.33.1.3 + - 1.3.6.1.2.1.33.1.4 + - 1.3.6.1.4.1.534.1.6 + get: + - 1.3.6.1.2.1.1.3.0 + metrics: + - name: sysUpTime + oid: 1.3.6.1.2.1.1.3 + type: gauge + help: The time (in hundredths of a second) since the network management portion + of the system was last re-initialized. - 1.3.6.1.2.1.1.3 + - name: upsBatteryStatus + oid: 1.3.6.1.2.1.33.1.2.1 + type: gauge + help: The indication of the capacity remaining in the UPS system's batteries - + 1.3.6.1.2.1.33.1.2.1 + - name: upsEstimatedMinutesRemaining + oid: 1.3.6.1.2.1.33.1.2.3 + type: gauge + help: An estimate of the time to battery charge depletion under the present load + conditions if the utility power is off and remains off, or if it were to be + lost and remain off. - 1.3.6.1.2.1.33.1.2.3 + - name: upsInputVoltage + oid: 1.3.6.1.2.1.33.1.3.3.1.3 + type: gauge + help: The magnitude of the present input voltage. - 1.3.6.1.2.1.33.1.3.3.1.3 + indexes: + - labelname: upsInputLineIndex + type: gauge + - name: upsOutputSource + oid: 1.3.6.1.2.1.33.1.4.1 + type: gauge + help: The present source of output power - 1.3.6.1.2.1.33.1.4.1 + - name: upsOutputVoltage + oid: 1.3.6.1.2.1.33.1.4.4.1.2 + type: gauge + help: The present output voltage. - 1.3.6.1.2.1.33.1.4.4.1.2 + indexes: + - labelname: upsOutputLineIndex + type: gauge + - name: upsOutputPower + oid: 1.3.6.1.2.1.33.1.4.4.1.4 + type: gauge + help: The present output true power. - 1.3.6.1.2.1.33.1.4.4.1.4 + indexes: + - labelname: upsOutputLineIndex + type: gauge + - name: upsOutputPercentLoad + oid: 1.3.6.1.2.1.33.1.4.4.1.5 + type: gauge + help: The percentage of the UPS power capacity presently being used on this output + line, i.e., the greater of the percent load of true power capacity and the percent + load of VA. - 1.3.6.1.2.1.33.1.4.4.1.5 + indexes: + - labelname: upsOutputLineIndex + type: gauge + - name: xupsEnvRemoteTemp + oid: 1.3.6.1.4.1.534.1.6.5 + type: gauge + help: The reading of an EMP's temperature sensor. - 1.3.6.1.4.1.534.1.6.5 + - name: xupsEnvRemoteHumidity + oid: 1.3.6.1.4.1.534.1.6.6 + type: gauge + help: The reading of an EMP's humidity sensor. - 1.3.6.1.4.1.534.1.6.6 + version: 1 + auth: + community: public + + +procurve_switch: + walk: + - 1.3.6.1.2.1.31.1.1.1.10 + - 1.3.6.1.2.1.31.1.1.1.6 + get: + - 1.3.6.1.2.1.1.3.0 + - 1.3.6.1.2.1.1.5.0 + - 1.3.6.1.2.1.1.6.0 + metrics: + - name: sysUpTime + oid: 1.3.6.1.2.1.1.3 + type: gauge + help: The time (in hundredths of a second) since the network management portion + of the system was last re-initialized. - 1.3.6.1.2.1.1.3 + - name: sysName + oid: 1.3.6.1.2.1.1.5 + type: DisplayString + help: An administratively-assigned name for this managed node - 1.3.6.1.2.1.1.5 + - name: sysLocation + oid: 1.3.6.1.2.1.1.6 + type: DisplayString + help: The physical location of this node (e.g., 'telephone closet, 3rd floor') + - 1.3.6.1.2.1.1.6 + - name: ifHCOutOctets + oid: 1.3.6.1.2.1.31.1.1.1.10 + type: counter + help: The total number of octets transmitted out of the interface, including framing + characters - 1.3.6.1.2.1.31.1.1.1.10 + indexes: + - labelname: ifIndex + type: gauge + - name: ifHCInOctets + oid: 1.3.6.1.2.1.31.1.1.1.6 + type: counter + help: The total number of octets received on the interface, including framing + characters - 1.3.6.1.2.1.31.1.1.1.6 + indexes: + - labelname: ifIndex + type: gauge + version: 3 + auth: + username: prometheus + +ubiquiti_unifi: + walk: + - 1.3.6.1.4.1.41112.1.6 + get: + - 1.3.6.1.2.1.1.5.0 + - 1.3.6.1.2.1.1.6.0 + metrics: +# Pour faire une WifiMap un jour, on peut entrer la location dans la conf des bornes +# - name: sysLocation +# oid: 1.3.6.1.2.1.1.6 +# type: DisplayString +# help: The physical location of this node (e.g., 'telephone closet, 3rd floor') +# - 1.3.6.1.2.1.1.6 + - name: unifiVapIndex + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.1 + type: gauge + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.1' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapChannel + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.4 + type: gauge + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.4' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapEssId + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6 + type: DisplayString + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.6' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapName + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.7 + type: DisplayString + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.7' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifi_vap_num_stations + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8 + type: gauge + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8' + indexes: + - labelname: unifi_vap_index + type: gauge + lookups: + - labels: [unifi_vap_index] + labelname: unifi_vap_essid + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6 + type: DisplayString + - labels: [unifi_vap_index] + labelname: unifi_vap_radio + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9 + type: DisplayString + - labels: [] + labelname: unifi_vap_index +# - name: unifiVapNumStations +# oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8 +# type: gauge +# help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8' +# indexes: +# - labelname: unifiVapIndex +# type: gauge + - name: unifiVapRadio + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9 + type: DisplayString + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.9' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRxBytes + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.10 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.10' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRxCrypts + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.11 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.11' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRxDropped + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.12 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.12' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRxErrors + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.13 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.13' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRxFrags + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.14 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.14' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapRxPackets + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.15 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.15' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapTxBytes + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.16 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.16' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapTxDropped + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.17 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.17' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapTxErrors + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.18 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.18' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapTxPackets + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.19 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.19' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapTxRetries + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.20 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.20' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapTxPower + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.21 + type: gauge + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.21' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapUp + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.22 + type: gauge + help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.22' + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiVapUsage + oid: 1.3.6.1.4.1.41112.1.6.1.2.1.23 + type: DisplayString + help: guest or regular user - 1.3.6.1.4.1.41112.1.6.1.2.1.23 + indexes: + - labelname: unifiVapIndex + type: gauge + - name: unifiIfIndex + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.1 + type: gauge + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.1' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfName + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.5 + type: DisplayString + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.5' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfRxBytes + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.6 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.6' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfRxDropped + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.7 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.7' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfRxError + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.8 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.8' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfRxMulticast + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.9 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.9' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfRxPackets + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.10 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.10' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfTxBytes + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.12 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.12' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfTxDropped + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.13 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.13' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfTxError + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.14 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.14' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiIfTxPackets + oid: 1.3.6.1.4.1.41112.1.6.2.1.1.15 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.15' + indexes: + - labelname: unifiIfIndex + type: gauge + - name: unifiApSystemModel + oid: 1.3.6.1.4.1.41112.1.6.3.3 + type: DisplayString + help: ' - 1.3.6.1.4.1.41112.1.6.3.3' + - name: unifiApSystemUptime + oid: 1.3.6.1.4.1.41112.1.6.3.5 + type: counter + help: ' - 1.3.6.1.4.1.41112.1.6.3.5' + version: 3 + auth: + security_level: authPriv + username: snmp_prometheus + password: {{ snmp_unifi_password }} + auth_protocol: SHA + priv_protocol: AES + priv_password: {{ snmp_unifi_password }} diff --git a/roles/prometheus_federate/templates/update-motd.d/05-service.j2 b/roles/prometheus_federate/templates/update-motd.d/05-service.j2 new file mode 100755 index 0000000..f027dc4 --- /dev/null +++ b/roles/prometheus_federate/templates/update-motd.d/05-service.j2 @@ -0,0 +1,4 @@ +#!/bin/sh +# {{ ansible_managed }} +echo "> prometheus a été déployé sur cette machine." +echo " Voir /etc/prometheus/" diff --git a/roles/radius/tasks/main.yml b/roles/radius/tasks/main.yml index 941f7c9..303a86f 100644 --- a/roles/radius/tasks/main.yml +++ b/roles/radius/tasks/main.yml @@ -106,12 +106,11 @@ - name: Install radius requirements (except freeradius-python3) shell: - cmd: "{{ item }}" + cmd: "cat apt_requirements_radius.txt | grep -v freeradius-python3 | xargs apt-get -y install" chdir: /var/www/re2o/ - loop: - - "cat apt_requirements_radius.txt | grep -v freeradius-python3 | xargs apt-get -y install" - - "pip3 install -r pip_requirements.txt" +- name: Install PyPi requirements for radius + command: "pip3 install -r /var/www/re2o/pip_requirements.txt" # End of hideousness (hopefully). diff --git a/roles/re2o-service/defaults/main.yml b/roles/re2o_service/defaults/main.yml similarity index 100% rename from roles/re2o-service/defaults/main.yml rename to roles/re2o_service/defaults/main.yml diff --git a/roles/re2o-service/tasks/main.yml b/roles/re2o_service/tasks/main.yml similarity index 100% rename from roles/re2o-service/tasks/main.yml rename to roles/re2o_service/tasks/main.yml diff --git a/roles/re2o-service/tasks/service_user.yml b/roles/re2o_service/tasks/service_user.yml similarity index 100% rename from roles/re2o-service/tasks/service_user.yml rename to roles/re2o_service/tasks/service_user.yml diff --git a/roles/re2o-service/templates/update-motd.d/05-service.j2 b/roles/re2o_service/templates/update-motd.d/05-service.j2 similarity index 100% rename from roles/re2o-service/templates/update-motd.d/05-service.j2 rename to roles/re2o_service/templates/update-motd.d/05-service.j2 diff --git a/roles/router/tasks/main.yml b/roles/router/tasks/main.yml index cfbf28e..87b0086 100644 --- a/roles/router/tasks/main.yml +++ b/roles/router/tasks/main.yml @@ -40,7 +40,7 @@ - name: Install aurore-firewall (re2o-service) import_role: - name: re2o-service + name: re2o_service vars: service_repo: https://gitea.auro.re/Aurore/aurore-firewall.git service_name: aurore-firewall diff --git a/utils/README.md b/utils/README.md new file mode 100644 index 0000000..651404b --- /dev/null +++ b/utils/README.md @@ -0,0 +1,4 @@ +# Utils + +A repository of Ansible Playbooks that are useful, as little script or various +utilities, but not used in production. diff --git a/logrotate.yml b/utils/logrotate.yml similarity index 100% rename from logrotate.yml rename to utils/logrotate.yml diff --git a/nuke_radius_dbs.yml b/utils/nuke_radius_dbs.yml similarity index 100% rename from nuke_radius_dbs.yml rename to utils/nuke_radius_dbs.yml diff --git a/utils/re2o_mail_server.yml b/utils/re2o_mail_server.yml new file mode 100755 index 0000000..79fd7ff --- /dev/null +++ b/utils/re2o_mail_server.yml @@ -0,0 +1,13 @@ +--- +# Deploy Re2o mail service +- hosts: mail.auro.re + vars: + service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git + service_name: mail-server + service_version: aurore + service_config: + hostname: re2o-test.adm.auro.re # use test instance for now, should be changed for prod! + username: service-user + password: "{{ vault_serviceuser_passwd }}" + roles: + - re2o-service diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml new file mode 100755 index 0000000..631d496 --- /dev/null +++ b/utils/reboot_needed_check.yml @@ -0,0 +1,31 @@ +#!/usr/bin/env ansible-playbook +--- +# Check if a reboot is required by the installation of some packages (ie kernel) +- hosts: localhost + tasks: + - name: Make sure local file exist but is empty # weird hack, I know + copy: + dest: /tmp/ansible_dump_reboot_needed.txt + content: "" + force: true + mode: 0644 + +- hosts: all,!unifi,!escalope.adm.auro.re,!loki.adm.auro.re,!viviane.adm.auro.re,!vpn-ovh.adm.auro.re + tasks: + # Register the output of the file /var/run/reboot-required.pkgs + - name: Register if boot is required + shell: if [ -e /var/run/reboot-required.pkgs ]; then cat /var/run/reboot-required.pkgs; fi + register: result + + - name: DEBUG + debug: + msg: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" + when: result.stdout is defined + + # Add info line by line + - name: Dump all info into the local file + delegate_to: localhost + lineinfile: + path: /tmp/ansible_dump_reboot_needed.txt + line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" + when: result.stdout is defined diff --git a/upgrade.yml b/utils/upgrade.yml similarity index 100% rename from upgrade.yml rename to utils/upgrade.yml diff --git a/utils/version_check.yml b/utils/version_check.yml new file mode 100755 index 0000000..1a8a7c5 --- /dev/null +++ b/utils/version_check.yml @@ -0,0 +1,21 @@ +#!/usr/bin/env ansible-playbook +--- +# Check for the distribution +- hosts: localhost + tasks: + - name: Make sure local file exist but is empty # weird hack, I know + copy: + dest: /tmp/ansible_dump_reboot_needed.txt + content: "" + force: true + mode: 0644 + +- hosts: all,!unifi + tasks: + # Add info line by line + - name: Dump all info into the local file + delegate_to: localhost + lineinfile: + path: /tmp/ansible_dump_dist_version.txt + line: "[{{ ansible_facts['nodename'] }}] {{ ansible_fqdn }} : {{ + ansible_distribution }} {{ ansible_distribution_version }}"