From 5330718945c4e2bd9d372e97008fa8896a8a3dd6 Mon Sep 17 00:00:00 2001
From: Otthorn <otthorn@crans.org>
Date: Sun, 7 Feb 2021 14:38:32 +0100
Subject: [PATCH 01/65] Add the Jitsi VM

---
 hosts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hosts b/hosts
index 55cf3fc..04893ce 100644
--- a/hosts
+++ b/hosts
@@ -36,6 +36,7 @@ mail.adm.auro.re
 wikijs.adm.auro.re
 prometheus-aurore.adm.auro.re
 portail.adm.auro.re
+jitsi-aurore.adm.auro.re
 
 [aurore_testing_vm]
 pendragon.adm.auro.re

From 1e136e37362a66490e42ee9003e1adb51838018f Mon Sep 17 00:00:00 2001
From: Otthorn <otthorn@crans.org>
Date: Sun, 7 Feb 2021 17:31:21 +0100
Subject: [PATCH 02/65] Remove rules from warn list when it is not needed

---
 .ansible-lint                                                   | 2 --
 roles/{debian-backports => debian_backports}/tasks/main.yml     | 0
 .../templates/backports.list.j2                                 | 0
 3 files changed, 2 deletions(-)
 rename roles/{debian-backports => debian_backports}/tasks/main.yml (100%)
 rename roles/{debian-backports => debian_backports}/templates/backports.list.j2 (100%)

diff --git a/.ansible-lint b/.ansible-lint
index a85e701..3f851df 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -2,6 +2,4 @@ skip_list:
   - '301'
 
 warn_list:
-  - '305'  # Use shell only when shell functionality is required
-  - '503'  # Tasks that run when changed should likely be handlers
   - experimental  # all rules tagged as experimental
diff --git a/roles/debian-backports/tasks/main.yml b/roles/debian_backports/tasks/main.yml
similarity index 100%
rename from roles/debian-backports/tasks/main.yml
rename to roles/debian_backports/tasks/main.yml
diff --git a/roles/debian-backports/templates/backports.list.j2 b/roles/debian_backports/templates/backports.list.j2
similarity index 100%
rename from roles/debian-backports/templates/backports.list.j2
rename to roles/debian_backports/templates/backports.list.j2

From 83cdd60e27f0f39d8e2292b7b0ebac318a06155d Mon Sep 17 00:00:00 2001
From: Otthorn <otthorn@crans.org>
Date: Sun, 7 Feb 2021 17:32:02 +0100
Subject: [PATCH 03/65] Ansible-lint every file, not just playbooks

---
 .drone.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.drone.yml b/.drone.yml
index 416e400..58679a2 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -15,5 +15,5 @@ steps:
     commands:
       - apk add --no-cache gcc libc-dev libffi-dev openssl-dev
       - pip install ansible-lint==4.3.7
-      - ansible-lint *.yml
+      - ansible-lint
 ...

From 679daa633ff33e3cb7c6eb5be5be9032d603d219 Mon Sep 17 00:00:00 2001
From: Otthorn <otthorn@crans.org>
Date: Sun, 7 Feb 2021 17:32:44 +0100
Subject: [PATCH 04/65] Fix ansible lint

---
 roles/isc_dhcp_server/handlers/main.yml | 2 +-
 roles/isc_dhcp_server/tasks/main.yml    | 2 +-
 roles/radius/tasks/main.yml             | 7 +++----
 3 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/roles/isc_dhcp_server/handlers/main.yml b/roles/isc_dhcp_server/handlers/main.yml
index 05b48c6..fd4dd48 100644
--- a/roles/isc_dhcp_server/handlers/main.yml
+++ b/roles/isc_dhcp_server/handlers/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: force run dhcp re2o-service
-  shell: /var/local/re2o-services/dhcp/main.py --force
+  command: /var/local/re2o-services/dhcp/main.py --force
   become_user: re2o-services
 
 - name: restart dhcpd
diff --git a/roles/isc_dhcp_server/tasks/main.yml b/roles/isc_dhcp_server/tasks/main.yml
index 57d2d25..02fdb75 100644
--- a/roles/isc_dhcp_server/tasks/main.yml
+++ b/roles/isc_dhcp_server/tasks/main.yml
@@ -18,7 +18,7 @@
     owner: re2o-services
     group: nogroup
     recurse: true
-    mode: 755
+    mode: 0755
 
 - name: Install isc-dhcp-server
   apt:
diff --git a/roles/radius/tasks/main.yml b/roles/radius/tasks/main.yml
index 941f7c9..303a86f 100644
--- a/roles/radius/tasks/main.yml
+++ b/roles/radius/tasks/main.yml
@@ -106,12 +106,11 @@
 
 - name: Install radius requirements (except freeradius-python3)
   shell:
-    cmd: "{{ item }}"
+    cmd: "cat apt_requirements_radius.txt | grep -v freeradius-python3 | xargs apt-get -y install"
     chdir: /var/www/re2o/
-  loop:
-    - "cat apt_requirements_radius.txt | grep -v freeradius-python3 | xargs apt-get -y install"
-    - "pip3 install -r pip_requirements.txt"
 
+- name: Install PyPi requirements for radius
+  command: "pip3 install -r /var/www/re2o/pip_requirements.txt"
 
 # End of hideousness (hopefully).
 

From e6b853a552051a43c739ed8a0e78d332ba5e79ec Mon Sep 17 00:00:00 2001
From: Otthorn <otthorn@crans.org>
Date: Sun, 7 Feb 2021 17:33:29 +0100
Subject: [PATCH 05/65] fix role name

---
 roles/{re2o-service => re2o_service}/defaults/main.yml            | 0
 roles/{re2o-service => re2o_service}/tasks/main.yml               | 0
 roles/{re2o-service => re2o_service}/tasks/service_user.yml       | 0
 .../templates/update-motd.d/05-service.j2                         | 0
 4 files changed, 0 insertions(+), 0 deletions(-)
 rename roles/{re2o-service => re2o_service}/defaults/main.yml (100%)
 rename roles/{re2o-service => re2o_service}/tasks/main.yml (100%)
 rename roles/{re2o-service => re2o_service}/tasks/service_user.yml (100%)
 rename roles/{re2o-service => re2o_service}/templates/update-motd.d/05-service.j2 (100%)

diff --git a/roles/re2o-service/defaults/main.yml b/roles/re2o_service/defaults/main.yml
similarity index 100%
rename from roles/re2o-service/defaults/main.yml
rename to roles/re2o_service/defaults/main.yml
diff --git a/roles/re2o-service/tasks/main.yml b/roles/re2o_service/tasks/main.yml
similarity index 100%
rename from roles/re2o-service/tasks/main.yml
rename to roles/re2o_service/tasks/main.yml
diff --git a/roles/re2o-service/tasks/service_user.yml b/roles/re2o_service/tasks/service_user.yml
similarity index 100%
rename from roles/re2o-service/tasks/service_user.yml
rename to roles/re2o_service/tasks/service_user.yml
diff --git a/roles/re2o-service/templates/update-motd.d/05-service.j2 b/roles/re2o_service/templates/update-motd.d/05-service.j2
similarity index 100%
rename from roles/re2o-service/templates/update-motd.d/05-service.j2
rename to roles/re2o_service/templates/update-motd.d/05-service.j2

From faf5fc736297b524440457f0fbfa8dff4b59f19e Mon Sep 17 00:00:00 2001
From: Otthorn <otthorn@crans.org>
Date: Sun, 7 Feb 2021 17:39:04 +0100
Subject: [PATCH 06/65] fix re2o-service -> re2o_service role name

---
 network.yml                          | 4 ++--
 roles/isc_dhcp_server/tasks/main.yml | 2 +-
 roles/router/tasks/main.yml          | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/network.yml b/network.yml
index e64d8ff..50fde19 100755
--- a/network.yml
+++ b/network.yml
@@ -43,7 +43,7 @@
 #       username: service-user
 #       password: "{{ vault_serviceuser_passwd }}"
 #   roles:
-#     - re2o-service
+#     - re2o_service
 
 
 # Deploy Unifi Controller
@@ -62,4 +62,4 @@
 #       username: service-user
 #       password: "{{ vault_serviceuser_passwd }}"
 #   roles:
-#     - re2o-service
+#     - re2o_service
diff --git a/roles/isc_dhcp_server/tasks/main.yml b/roles/isc_dhcp_server/tasks/main.yml
index 02fdb75..9d69d63 100644
--- a/roles/isc_dhcp_server/tasks/main.yml
+++ b/roles/isc_dhcp_server/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 - name: Install dhcp (re2o-service)
   import_role:
-    name: re2o-service
+    name: re2o_service
   vars:
     service_repo: https://gitlab.federez.net/re2o/dhcp.git
     service_name: dhcp
diff --git a/roles/router/tasks/main.yml b/roles/router/tasks/main.yml
index cfbf28e..87b0086 100644
--- a/roles/router/tasks/main.yml
+++ b/roles/router/tasks/main.yml
@@ -40,7 +40,7 @@
 
 - name: Install aurore-firewall (re2o-service)
   import_role:
-    name: re2o-service
+    name: re2o_service
   vars:
     service_repo: https://gitea.auro.re/Aurore/aurore-firewall.git
     service_name: aurore-firewall

From 8bfe83f73c9bbb22027c6d6cb2d0d352fc0a2122 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Mon, 8 Feb 2021 13:52:17 +0100
Subject: [PATCH 07/65] Adaptation of UPS alerts

---
 .../templates/prometheus/alert.rules.yml.j2        | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus/templates/prometheus/alert.rules.yml.j2
index 5c8cf56..1dffe4b 100644
--- a/roles/prometheus/templates/prometheus/alert.rules.yml.j2
+++ b/roles/prometheus/templates/prometheus/alert.rules.yml.j2
@@ -63,7 +63,7 @@ groups:
   # Check UPS
   - alert: UpsOutputSourceChanged
     expr: upsOutputSource != 3
-    for: 5m
+    for: 1m
     labels:
       severity: warning
     annotations:
@@ -71,7 +71,7 @@ groups:
 
   - alert: UpsBatteryStatusWarning
     expr: upsBatteryStatus == 3
-    for: 5m
+    for: 2m
     labels:
       severity: warning
     annotations:
@@ -79,7 +79,7 @@ groups:
 
   - alert: UpsBatteryStatusCritical
     expr: upsBatteryStatus == 4
-    for: 5m
+    for: 10m
     labels:
       severity: warning
     annotations:
@@ -95,7 +95,7 @@ groups:
 
   - alert: UpsWrongInputVoltage
     expr: (upsInputVoltage < 210) or (upsInputVoltage > 250)
-    for: 5m
+    for: 10m
     labels:
       severity: warning
     annotations:
@@ -103,7 +103,7 @@ groups:
 
   - alert: UpsWrongOutputVoltage
     expr: (upsOutputVoltage < 220) or (upsOutputVoltage > 240)
-    for: 5m
+    for: 10m
     labels:
       severity: warning
     annotations:
@@ -111,7 +111,7 @@ groups:
 
   - alert: UpsTimeRemainingWarning
     expr: upsEstimatedMinutesRemaining < 15
-    for: 5m
+    for: 1m
     labels:
       severity: warning
     annotations:
@@ -119,7 +119,7 @@ groups:
 
   - alert: UpsTimeRemainingCritical
     expr: upsEstimatedMinutesRemaining < 5
-    for: 5m
+    for: 1m
     labels:
       severity: critical
     annotations:

From 428b6f57336334d717a892accb1db330dd92e314 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Mon, 8 Feb 2021 13:57:32 +0100
Subject: [PATCH 08/65] Correcting grafana stats for wireless

---
 .../templates/prometheus/snmp.yml.j2          | 24 ++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/roles/prometheus/templates/prometheus/snmp.yml.j2 b/roles/prometheus/templates/prometheus/snmp.yml.j2
index 5968095..d4dc51c 100644
--- a/roles/prometheus/templates/prometheus/snmp.yml.j2
+++ b/roles/prometheus/templates/prometheus/snmp.yml.j2
@@ -162,13 +162,31 @@ ubiquiti_unifi:
     indexes:
     - labelname: unifiVapIndex
       type: gauge
-  - name: unifiVapNumStations
+  - name: unifi_vap_num_stations
     oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8
     type: gauge
     help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8'
     indexes:
-    - labelname: unifiVapIndex
-      type: gauge
+    - labelname: unifi_vap_index
+      type: gauge
+    lookups:
+    - labels: [unifi_vap_index]
+      labelname: unifi_vap_essid
+      oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6
+      type: DisplayString
+    - labels: [unifi_vap_index]
+      labelname: unifi_vap_radio
+      oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9
+      type: DisplayString
+    - labels: []
+      labelname: unifi_vap_index
+#  - name: unifiVapNumStations
+#    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8
+#    type: gauge
+#    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8'
+#    indexes:
+#    - labelname: unifiVapIndex
+#      type: gauge
   - name: unifiVapRadio
     oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9
     type: DisplayString

From d7cf61dd943af3a6e2a99e974ca165ab935a886e Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Mon, 8 Feb 2021 13:58:28 +0100
Subject: [PATCH 09/65] Add new EDC Borne

---
 hosts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hosts b/hosts
index 04893ce..3578d95 100644
--- a/hosts
+++ b/hosts
@@ -267,6 +267,7 @@ ep-1-3.borne.auro.re
 ep-1-2.borne.auro.re
 ep-0-1.borne.auro.re
 eo-2-1.borne.auro.re
+ee-2-1.borne.auro.re
 
 ###############################################################################
 # George Sand

From bd5b88c4fc01d886b46d48d0190e3219fad216e4 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Mon, 8 Feb 2021 18:22:08 +0100
Subject: [PATCH 10/65] Correcting format of percentage

---
 roles/prometheus/templates/prometheus/alert.rules.yml.j2 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus/templates/prometheus/alert.rules.yml.j2
index 1dffe4b..e2cb42c 100644
--- a/roles/prometheus/templates/prometheus/alert.rules.yml.j2
+++ b/roles/prometheus/templates/prometheus/alert.rules.yml.j2
@@ -22,7 +22,7 @@ groups:
     labels:
       severity: warning
     annotations:
-      summary: "Mémoire libre de {{ $labels.instance }} à {{ $value | printf "%.2f" }}%."
+      summary: "Mémoire libre de {{ $labels.instance }} à {{ humanize $value }}%."
 
   # Alert for out of disk space
   - alert: OutOfDiskSpace
@@ -31,7 +31,7 @@ groups:
     labels:
       severity: warning
     annotations:
-      summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.instance }} à {{ $value | printf "%.2f" }}%."
+      summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.instance }} à {{ humanize $value }}%."
 
   # Alert for out of inode space on disk
   - alert: OutOfInodes
@@ -49,7 +49,7 @@ groups:
     labels:
       severity: warning
     annotations:
-      summary: "CPU sur {{ $labels.instance }} à {{ $value | printf "%.2f" }}%."
+      summary: "CPU sur {{ $labels.instance }} à {{ humanize $value }}%."
 
   # Check systemd unit (> buster)
   - alert: SystemdServiceFailed

From df8bae6df7a02df7a7c55aae16b1a434f0b31c0a Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Wed, 10 Feb 2021 11:01:42 +0100
Subject: [PATCH 11/65] Add utils

---
 utils/README.md                               |  4 +++
 logrotate.yml => utils/logrotate.yml          |  0
 .../nuke_radius_dbs.yml                       |  0
 utils/re2o_mail_server.yml                    | 13 ++++++++
 utils/reboot_needed_check.yml                 | 31 +++++++++++++++++++
 upgrade.yml => utils/upgrade.yml              |  0
 utils/version_check.yml                       | 19 ++++++++++++
 7 files changed, 67 insertions(+)
 create mode 100644 utils/README.md
 rename logrotate.yml => utils/logrotate.yml (100%)
 rename nuke_radius_dbs.yml => utils/nuke_radius_dbs.yml (100%)
 create mode 100755 utils/re2o_mail_server.yml
 create mode 100755 utils/reboot_needed_check.yml
 rename upgrade.yml => utils/upgrade.yml (100%)
 create mode 100755 utils/version_check.yml

diff --git a/utils/README.md b/utils/README.md
new file mode 100644
index 0000000..651404b
--- /dev/null
+++ b/utils/README.md
@@ -0,0 +1,4 @@
+# Utils
+
+A repository of Ansible Playbooks that are useful, as little script or various
+utilities, but not used in production.
diff --git a/logrotate.yml b/utils/logrotate.yml
similarity index 100%
rename from logrotate.yml
rename to utils/logrotate.yml
diff --git a/nuke_radius_dbs.yml b/utils/nuke_radius_dbs.yml
similarity index 100%
rename from nuke_radius_dbs.yml
rename to utils/nuke_radius_dbs.yml
diff --git a/utils/re2o_mail_server.yml b/utils/re2o_mail_server.yml
new file mode 100755
index 0000000..79fd7ff
--- /dev/null
+++ b/utils/re2o_mail_server.yml
@@ -0,0 +1,13 @@
+---
+# Deploy Re2o mail service
+- hosts: mail.auro.re
+  vars:
+    service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git
+    service_name: mail-server
+    service_version: aurore
+    service_config:
+      hostname: re2o-test.adm.auro.re  # use test instance for now, should be changed for prod!
+      username: service-user
+      password: "{{ vault_serviceuser_passwd }}"
+  roles:
+    - re2o-service
diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml
new file mode 100755
index 0000000..5759c53
--- /dev/null
+++ b/utils/reboot_needed_check.yml
@@ -0,0 +1,31 @@
+#!/usr/bin/env ansible-playbook
+---
+# Check if a reboot is required by the installation of some packages (ie kernel)
+- hosts: localhost
+  tasks:
+    - name: Make sure local file exist but is empty  # weird hack, I know
+      copy:
+        dest: /tmp/ansible_dump_reboot_needed.txt
+        content: ""
+        force: true
+
+- hosts: all,!unifi,!escalope.adm.auro.re,!loki.adm.auro.re,!viviane.adm.auro.re,!vpn-ovh.adm.auro.re
+  tasks:
+    # Register the output of the file /var/run/reboot-required.pkgs
+    - name: Register if boot is required
+      shell: if [ -e /var/run/reboot-required.pkgs ]; then cat /var/run/reboot-required.pkgs; fi
+      register: result
+
+    - name: DEBUG
+      debug:
+        msg: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}"
+      when: result.stdout != ""
+
+    # Add info line by line
+    - name: Dump all info into the local file
+      delegate_to: localhost
+      lineinfile:
+        path: /tmp/ansible_dump_reboot_needed.txt
+        line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}"
+      when: result.stdout != ""
+
diff --git a/upgrade.yml b/utils/upgrade.yml
similarity index 100%
rename from upgrade.yml
rename to utils/upgrade.yml
diff --git a/utils/version_check.yml b/utils/version_check.yml
new file mode 100755
index 0000000..e608e43
--- /dev/null
+++ b/utils/version_check.yml
@@ -0,0 +1,19 @@
+#!/usr/bin/env ansible-playbook
+---
+# Check for the distribution
+- hosts: localhost
+  tasks:
+    - name: Delete local tmp file
+      file:
+        path: /tmp/ansible_dump_dist_version.txt
+        state: absent
+
+- hosts: all,!unifi
+  tasks:
+    # Add info line by line
+    - name: Dump all info into the local file
+      delegate_to: localhost
+      lineinfile:
+        path: /tmp/ansible_dump_dist_version.txt
+        line: "[{{ ansible_facts['nodename'] }}] {{ansible_fqdn}} : {{
+                ansible_distribution }} {{ ansible_distribution_version }}"

From 08891be5a30c67c1332a97496655bc15f0d6ebff Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Wed, 10 Feb 2021 11:04:06 +0100
Subject: [PATCH 12/65] fix if file is not already present

---
 utils/version_check.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/utils/version_check.yml b/utils/version_check.yml
index e608e43..b543053 100755
--- a/utils/version_check.yml
+++ b/utils/version_check.yml
@@ -3,10 +3,11 @@
 # Check for the distribution
 - hosts: localhost
   tasks:
-    - name: Delete local tmp file
-      file:
-        path: /tmp/ansible_dump_dist_version.txt
-        state: absent
+    - name: Make sure local file exist but is empty  # weird hack, I know
+      copy:
+        dest: /tmp/ansible_dump_reboot_needed.txt
+        content: ""
+        force: true
 
 - hosts: all,!unifi
   tasks:

From 63f0ebec7dbe91913a8741a746767dc51fc2ebac Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Wed, 10 Feb 2021 11:07:36 +0100
Subject: [PATCH 13/65] Fix yaml lint

---
 utils/reboot_needed_check.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml
index 5759c53..4f48a3d 100755
--- a/utils/reboot_needed_check.yml
+++ b/utils/reboot_needed_check.yml
@@ -28,4 +28,3 @@
         path: /tmp/ansible_dump_reboot_needed.txt
         line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}"
       when: result.stdout != ""
-

From 5dfadc0b52aed2af961014a471f60c8fa91d775e Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Wed, 10 Feb 2021 18:39:13 +0100
Subject: [PATCH 14/65] Add prometheus federate and ovh in hosts

---
 hosts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hosts b/hosts
index 3578d95..4e9b264 100644
--- a/hosts
+++ b/hosts
@@ -63,6 +63,8 @@ vpn-ovh.adm.auro.re
 docker-ovh.adm.auro.re
 switchs-manager.adm.auro.re
 ldap-replica-ovh.adm.auro.re
+prometheus-ovh.adm.auro.re
+prometheus-federate.adm.auro.re
 
 [ovh_testing_vm]
 #re2o-test.adm.auro.re

From b5dbe2c5c9f7347a7575666a24f9b813428b5396 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Wed, 10 Feb 2021 18:40:28 +0100
Subject: [PATCH 15/65] Prometheus-ovh role

---
 monitoring.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/monitoring.yml b/monitoring.yml
index c31fe86..a47ca0d 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -92,6 +92,18 @@
   roles:
     - prometheus
 
+- hosts: prometheus-ovh.adm.auro.re
+  vars:
+    prometheus_alertmanager: docker-ovh.adm.auro.re:9093
+    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
+
+    # Prometheus targets.json
+    prometheus_targets:
+      - targets: |
+          {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
+  roles:
+    - prometheus
+
 
 # Monitor all hosts
 - hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container

From 4308bedf8f2c4bf8046775d9d17bd10e14f457a4 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Wed, 10 Feb 2021 19:06:28 +0100
Subject: [PATCH 16/65] Monitoring of docker containers

---
 monitoring.yml                                          | 2 ++
 roles/prometheus/tasks/main.yml                         | 7 +++++++
 roles/prometheus/templates/prometheus/prometheus.yml.j2 | 4 ++++
 3 files changed, 13 insertions(+)

diff --git a/monitoring.yml b/monitoring.yml
index a47ca0d..98192b2 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -101,6 +101,8 @@
     prometheus_targets:
       - targets: |
           {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
+    prometheus_docker_targets:
+      - targets: docker-ovh.adm.auro.re:8087
   roles:
     - prometheus
 
diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index 8697ef9..f215930 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -64,6 +64,13 @@
     mode: 0644
   when: prometheus_ups_snmp_targets is defined
 
+- name: Configure Prometheus docker monitoring
+  copy:
+    content: "{{ [{'targets': prometheus_docker_targets }] | to_nice_json }}\n"
+    dest: /etc/prometheus/targets_docker.json
+    mode: 0644
+  when: prometheus_docker_targets is defined
+
 - name: Activate prometheus service
   systemd:
     name: prometheus
diff --git a/roles/prometheus/templates/prometheus/prometheus.yml.j2 b/roles/prometheus/templates/prometheus/prometheus.yml.j2
index e35a0cf..75c8be9 100644
--- a/roles/prometheus/templates/prometheus/prometheus.yml.j2
+++ b/roles/prometheus/templates/prometheus/prometheus.yml.j2
@@ -81,3 +81,7 @@ scrape_configs:
       - target_label: __address__
         replacement: 127.0.0.1:9116
 
+  - job_name: docker
+    file_sd_configs:
+      - files:
+        - '/etc/prometheus/targets_docker.json'

From 45d8ca80a4e382a180eaa520a37fab88ab1532cc Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Wed, 10 Feb 2021 20:12:04 +0100
Subject: [PATCH 17/65] OVH PVE and VM are now monitored by prometheus-ovh

---
 monitoring.yml | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/monitoring.yml b/monitoring.yml
index 98192b2..10895bb 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -88,7 +88,7 @@
     # Prometheus targets.json
     prometheus_targets:
       - targets: |
-          {{ groups['aurore_pve'] + groups['aurore_vm'] + groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
+          {{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
   roles:
     - prometheus
 
@@ -102,11 +102,27 @@
       - targets: |
           {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
     prometheus_docker_targets:
-      - targets: docker-ovh.adm.auro.re:8087
+      - docker-ovh.adm.auro.re:8087
   roles:
     - prometheus
 
 
+- hosts: prometheus-federate.adm.auro.re
+  vars:
+    prometheus_alertmanager: docker-ovh.adm.auro.re:9093
+    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
+
+    # Prometheus targets.json
+    prometheus_targets:
+      - prometheus-edc.adm.auro.re
+      - prometheus-gs.adm.auro.re
+      - prometheus-fleming.adm.auro.re
+      - prometheus-pacaterie.adm.auro.re
+      - prometheus-rives.adm.auro.re
+  roles:
+    - prometheus-federate
+
+
 # Monitor all hosts
 - hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
   roles:

From d8924abe6693eaf6da59491d978922395b46f1be Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Wed, 10 Feb 2021 20:42:37 +0100
Subject: [PATCH 18/65] Add prometheus-federate role

---
 monitoring.yml                                |   2 +
 roles/prometheus-federate/handlers/main.yml   |  10 +
 roles/prometheus-federate/tasks/main.yml      |  46 +++
 .../templates/prometheus/alert.rules.yml.j2   | 129 ++++++
 .../templates/prometheus/django.rules.yml.j2  | 106 +++++
 .../templates/prometheus/prometheus.yml.j2    |  55 +++
 .../templates/prometheus/snmp.yml.j2          | 387 ++++++++++++++++++
 .../templates/update-motd.d/05-service.j2     |   4 +
 8 files changed, 739 insertions(+)
 create mode 100644 roles/prometheus-federate/handlers/main.yml
 create mode 100644 roles/prometheus-federate/tasks/main.yml
 create mode 100644 roles/prometheus-federate/templates/prometheus/alert.rules.yml.j2
 create mode 100644 roles/prometheus-federate/templates/prometheus/django.rules.yml.j2
 create mode 100644 roles/prometheus-federate/templates/prometheus/prometheus.yml.j2
 create mode 100644 roles/prometheus-federate/templates/prometheus/snmp.yml.j2
 create mode 100755 roles/prometheus-federate/templates/update-motd.d/05-service.j2

diff --git a/monitoring.yml b/monitoring.yml
index 10895bb..bcf4ef2 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -119,6 +119,8 @@
       - prometheus-fleming.adm.auro.re
       - prometheus-pacaterie.adm.auro.re
       - prometheus-rives.adm.auro.re
+      - prometheus-aurore.adm.auro.re
+      - prometheus-ovh.adm.auro.re
   roles:
     - prometheus-federate
 
diff --git a/roles/prometheus-federate/handlers/main.yml b/roles/prometheus-federate/handlers/main.yml
new file mode 100644
index 0000000..670847b
--- /dev/null
+++ b/roles/prometheus-federate/handlers/main.yml
@@ -0,0 +1,10 @@
+---
+- name: Restart Prometheus
+  service:
+    name: prometheus
+    state: restarted
+
+- name: Restart prometheus-snmp-exporter
+  service:
+    name: prometheus-snmp-exporter
+    state: restarted
diff --git a/roles/prometheus-federate/tasks/main.yml b/roles/prometheus-federate/tasks/main.yml
new file mode 100644
index 0000000..33feb90
--- /dev/null
+++ b/roles/prometheus-federate/tasks/main.yml
@@ -0,0 +1,46 @@
+---
+- name: Install Prometheus
+  apt:
+    update_cache: true
+    name:
+      - prometheus
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Configure Prometheus
+  template:
+    src: prometheus/prometheus.yml.j2
+    dest: /etc/prometheus/prometheus.yml
+    mode: 0644
+  notify: Restart Prometheus
+
+- name: Configure Prometheus alert rules
+  template:
+    src: "prometheus/{{ item }}.j2"
+    dest: "/etc/prometheus/{{ item }}"
+    mode: 0644
+  notify: Restart Prometheus
+  loop:
+    - alert.rules.yml
+    - django.rules.yml
+
+# We don't need to restart Prometheus when updating nodes
+- name: Configure Prometheus Federate devices
+  copy:
+    content: "{{  [{'targets': prometheus_targets }] | to_nice_json }}"
+    dest: /etc/prometheus/targets.json
+    mode: 0644
+  when: prometheus_targets is defined
+
+- name: Activate prometheus service
+  systemd:
+    name: prometheus
+    enabled: true
+    state: started
+
+- name: Indicate role in motd
+  template:
+    src: update-motd.d/05-service.j2
+    dest: /etc/update-motd.d/05-prometheus
+    mode: 0755
diff --git a/roles/prometheus-federate/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus-federate/templates/prometheus/alert.rules.yml.j2
new file mode 100644
index 0000000..e2cb42c
--- /dev/null
+++ b/roles/prometheus-federate/templates/prometheus/alert.rules.yml.j2
@@ -0,0 +1,129 @@
+# {{ ansible_managed }}
+{# As this is also Jinja2 it will conflict without a raw block #}
+{# Depending of Prometheus Node exporter version, rules can change depending of version #}
+{% raw %}
+groups:
+- name: alert.rules
+  rules:
+
+  # Alert for any instance that is unreachable for >3 minutes.
+  - alert: InstanceDown
+    expr: up == 0
+    for: 3m
+    labels:
+      severity: critical
+    annotations:
+      summary: "{{ $labels.instance }} est invisible depuis plus de 3 minutes !"
+
+  # Alert for out of memory
+  - alert: OutOfMemory
+    expr: (node_memory_MemFree_bytes + node_memory_Cached_bytes + node_memory_Buffers_bytes) / node_memory_MemTotal_bytes * 100 < 10
+    for: 5m
+    labels:
+      severity: warning
+    annotations:
+      summary: "Mémoire libre de {{ $labels.instance }} à {{ humanize $value }}%."
+
+  # Alert for out of disk space
+  - alert: OutOfDiskSpace
+    expr: node_filesystem_free_bytes{fstype="ext4"} / node_filesystem_size_bytes{fstype="ext4"} * 100 < 10
+    for: 5m
+    labels:
+      severity: warning
+    annotations:
+      summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.instance }} à {{ humanize $value }}%."
+
+  # Alert for out of inode space on disk
+  - alert: OutOfInodes
+    expr: node_filesystem_files_free{fstype="ext4"} / node_filesystem_files{fstype="ext4"} * 100 < 10
+    for: 5m
+    labels:
+      severity: warning
+    annotations:
+      summary: "Presque plus d'inodes disponibles ({{ $value }}% restant) dans {{ $labels.mountpoint }} sur {{ $labels.instance }}."
+
+  # Alert for high CPU usage
+  - alert: CpuUsage
+    expr: (100 - avg by (instance) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 75
+    for: 10m
+    labels:
+      severity: warning
+    annotations:
+      summary: "CPU sur {{ $labels.instance }} à {{ humanize $value }}%."
+
+  # Check systemd unit (> buster)
+  - alert: SystemdServiceFailed
+    expr: node_systemd_unit_state{state="failed"} == 1
+    for: 10m
+    labels:
+      severity: warning
+    annotations:
+      summary: "{{ $labels.name }} a échoué sur {{ $labels.instance }}"
+  
+  # Check UPS
+  - alert: UpsOutputSourceChanged
+    expr: upsOutputSource != 3
+    for: 1m
+    labels:
+      severity: warning
+    annotations:
+      summary: "La source d'alimentation de {{ $labels.instance }} a changé !"
+
+  - alert: UpsBatteryStatusWarning
+    expr: upsBatteryStatus == 3
+    for: 2m
+    labels:
+      severity: warning
+    annotations:
+      summary: "L'état de la batterie de {{ $labels.instance }} est faible !"
+
+  - alert: UpsBatteryStatusCritical
+    expr: upsBatteryStatus == 4
+    for: 10m
+    labels:
+      severity: warning
+    annotations:
+      summary: "L'état de la batterie de {{ $labels.instance }} est affaibli !"
+
+  - alert: UpsHighLoad
+    expr: upsOutputPercentLoad > 70
+    for: 5m
+    labels:
+      severity: critical
+    annotations:
+      summary: "La charge de {{ $labels.instance }} est de {{ $value }}% !"    
+
+  - alert: UpsWrongInputVoltage
+    expr: (upsInputVoltage < 210) or (upsInputVoltage > 250)
+    for: 10m
+    labels:
+      severity: warning
+    annotations:
+      summary: "La tension d'entrée de {{ $labels.instance }} est de {{ $value }}V."
+
+  - alert: UpsWrongOutputVoltage
+    expr: (upsOutputVoltage < 220) or (upsOutputVoltage > 240)
+    for: 10m
+    labels:
+      severity: warning
+    annotations:
+      summary: "La tension de sortie de {{ $labels.instance }} est de {{ $value }}V."  
+
+  - alert: UpsTimeRemainingWarning
+    expr: upsEstimatedMinutesRemaining < 15
+    for: 1m
+    labels:
+      severity: warning
+    annotations:
+      summary: "L'autonomie restante sur {{ $labels.instance }} est de {{ $value }} min."
+
+  - alert: UpsTimeRemainingCritical
+    expr: upsEstimatedMinutesRemaining < 5
+    for: 1m
+    labels:
+      severity: critical
+    annotations:
+      summary: "L'autonomie restante sur {{ $labels.instance }} est de {{ $value }} min."
+
+
+{% endraw %}
diff --git a/roles/prometheus-federate/templates/prometheus/django.rules.yml.j2 b/roles/prometheus-federate/templates/prometheus/django.rules.yml.j2
new file mode 100644
index 0000000..fddd398
--- /dev/null
+++ b/roles/prometheus-federate/templates/prometheus/django.rules.yml.j2
@@ -0,0 +1,106 @@
+# {{ ansible_managed }}
+{# As this is also Jinja2 it will conflict without a raw block #}
+{% raw %}
+groups:
+- name: django.rules
+  rules:
+  - record: job:django_http_requests_before_middlewares_total:sum_rate30s
+    expr: sum(rate(django_http_requests_before_middlewares_total[30s])) BY (job)
+  - record: job:django_http_requests_unknown_latency_total:sum_rate30s
+    expr: sum(rate(django_http_requests_unknown_latency_total[30s])) BY (job)
+  - record: job:django_http_ajax_requests_total:sum_rate30s
+    expr: sum(rate(django_http_ajax_requests_total[30s])) BY (job)
+  - record: job:django_http_responses_before_middlewares_total:sum_rate30s
+    expr: sum(rate(django_http_responses_before_middlewares_total[30s])) BY (job)
+  - record: job:django_http_requests_unknown_latency_including_middlewares_total:sum_rate30s
+    expr: sum(rate(django_http_requests_unknown_latency_including_middlewares_total[30s]))
+      BY (job)
+  - record: job:django_http_requests_body_total_bytes:sum_rate30s
+    expr: sum(rate(django_http_requests_body_total_bytes[30s])) BY (job)
+  - record: job:django_http_responses_streaming_total:sum_rate30s
+    expr: sum(rate(django_http_responses_streaming_total[30s])) BY (job)
+  - record: job:django_http_responses_body_total_bytes:sum_rate30s
+    expr: sum(rate(django_http_responses_body_total_bytes[30s])) BY (job)
+  - record: job:django_http_requests_total:sum_rate30s
+    expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job)
+  - record: job:django_http_requests_total_by_method:sum_rate30s
+    expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job, method)
+  - record: job:django_http_requests_total_by_transport:sum_rate30s
+    expr: sum(rate(django_http_requests_total_by_transport[30s])) BY (job, transport)
+  - record: job:django_http_requests_total_by_view:sum_rate30s
+    expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job,
+      view)
+  - record: job:django_http_requests_total_by_view_transport_method:sum_rate30s
+    expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job,
+      view, transport, method)
+  - record: job:django_http_responses_total_by_templatename:sum_rate30s
+    expr: sum(rate(django_http_responses_total_by_templatename[30s])) BY (job, templatename)
+  - record: job:django_http_responses_total_by_status:sum_rate30s
+    expr: sum(rate(django_http_responses_total_by_status[30s])) BY (job, status)
+  - record: job:django_http_responses_total_by_charset:sum_rate30s
+    expr: sum(rate(django_http_responses_total_by_charset[30s])) BY (job, charset)
+  - record: job:django_http_exceptions_total_by_type:sum_rate30s
+    expr: sum(rate(django_http_exceptions_total_by_type[30s])) BY (job, type)
+  - record: job:django_http_exceptions_total_by_view:sum_rate30s
+    expr: sum(rate(django_http_exceptions_total_by_view[30s])) BY (job, view)
+  - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
+    expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
+      BY (job, le))
+    labels:
+      quantile: "50"
+  - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
+    expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
+      BY (job, le))
+    labels:
+      quantile: "95"
+  - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
+    expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
+      BY (job, le))
+    labels:
+      quantile: "99"
+  - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
+    expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
+      BY (job, le))
+    labels:
+      quantile: "99.9"
+  - record: job:django_http_requests_latency_seconds:quantile_rate30s
+    expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
+      BY (job, le))
+    labels:
+      quantile: "50"
+  - record: job:django_http_requests_latency_seconds:quantile_rate30s
+    expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
+      BY (job, le))
+    labels:
+      quantile: "95"
+  - record: job:django_http_requests_latency_seconds:quantile_rate30s
+    expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
+      BY (job, le))
+    labels:
+      quantile: "99"
+  - record: job:django_http_requests_latency_seconds:quantile_rate30s
+    expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
+      BY (job, le))
+    labels:
+      quantile: "99.9"
+  - record: job:django_model_inserts_total:sum_rate1m
+    expr: sum(rate(django_model_inserts_total[1m])) BY (job, model)
+  - record: job:django_model_updates_total:sum_rate1m
+    expr: sum(rate(django_model_updates_total[1m])) BY (job, model)
+  - record: job:django_model_deletes_total:sum_rate1m
+    expr: sum(rate(django_model_deletes_total[1m])) BY (job, model)
+  - record: job:django_db_new_connections_total:sum_rate30s
+    expr: sum(rate(django_db_new_connections_total[30s])) BY (alias, vendor)
+  - record: job:django_db_new_connection_errors_total:sum_rate30s
+    expr: sum(rate(django_db_new_connection_errors_total[30s])) BY (alias, vendor)
+  - record: job:django_db_execute_total:sum_rate30s
+    expr: sum(rate(django_db_execute_total[30s])) BY (alias, vendor)
+  - record: job:django_db_execute_many_total:sum_rate30s
+    expr: sum(rate(django_db_execute_many_total[30s])) BY (alias, vendor)
+  - record: job:django_db_errors_total:sum_rate30s
+    expr: sum(rate(django_db_errors_total[30s])) BY (alias, vendor, type)
+  - record: job:django_migrations_applied_total:max
+    expr: max(django_migrations_applied_total) BY (job, connection)
+  - record: job:django_migrations_unapplied_total:max
+    expr: max(django_migrations_unapplied_total) BY (job, connection)
+{% endraw %}
diff --git a/roles/prometheus-federate/templates/prometheus/prometheus.yml.j2 b/roles/prometheus-federate/templates/prometheus/prometheus.yml.j2
new file mode 100644
index 0000000..0d4c601
--- /dev/null
+++ b/roles/prometheus-federate/templates/prometheus/prometheus.yml.j2
@@ -0,0 +1,55 @@
+# {{ ansible_managed }}
+
+global:
+  # scrape_interval is set to the global default (60s)
+  # evaluation_interval is set to the global default (60s)
+  # scrape_timeout is set to the global default (10s).
+
+  # Attach these labels to any time series or alerts when communicating with
+  # external systems (federation, remote storage, Alertmanager).
+  external_labels:
+      monitor: 'example'
+
+# Alertmanager configuration
+# Use prometheus alertmanager installed on the same machine
+alerting:
+  alertmanagers:
+  - static_configs:
+    - targets: ['{{ prometheus_alertmanager }}']
+
+# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
+rule_files:
+  - "alert.rules.yml"  # Monitoring alerts, this is the file you may be searching!
+  - "django.rules.yml"  # Custom rules specific for Django project monitoring
+
+# A scrape configuration containing exactly one endpoint to scrape:
+# Here it's Prometheus itself.
+scrape_configs:
+  # The .json in file_sd_configs is dynamically reloaded
+
+
+  - job_name: federate
+    scrape_interval: 15s
+    metrics_path: '/federate'
+    file_sd_configs:
+      - files:
+        - '/etc/prometheus/targets.json'
+    relabel_configs:
+      # Do not put :9100 in instance name, rather here
+      - source_labels: [__address__]
+        target_label: __param_target
+      - source_labels: [__param_target]
+        target_label: instance
+      - source_labels: [__param_target]
+        target_label: __address__
+        replacement: '$1:9090'
+    params:
+      'match[]':
+        - '{job="servers"}'
+        - '{job="prometheus"}'
+        - '{job="unifi_snmp"}'
+        - '{job="django"}'
+        - '{job="ups_snmp"}'
+        - '{job="django"}'
+        - '{job="docker"}'
+
diff --git a/roles/prometheus-federate/templates/prometheus/snmp.yml.j2 b/roles/prometheus-federate/templates/prometheus/snmp.yml.j2
new file mode 100644
index 0000000..d4dc51c
--- /dev/null
+++ b/roles/prometheus-federate/templates/prometheus/snmp.yml.j2
@@ -0,0 +1,387 @@
+# {{ ansible_managed }}
+# TODOlist :
+# - Faire fonctionner le monitoring des switchs défini ici
+#   * Configurer tous les switchs avec un compte SNMPv3
+#   * Mettre l'inventaire des switchs dans Ansible
+# - Optimiser les règles pour les bornes Unifi,
+#   on pourrait indexer avec les SSID
+
+eatonups:
+  walk:
+  - 1.3.6.1.2.1.33.1.2
+  - 1.3.6.1.2.1.33.1.3
+  - 1.3.6.1.2.1.33.1.4
+  - 1.3.6.1.4.1.534.1.6
+  get:
+  - 1.3.6.1.2.1.1.3.0
+  metrics:
+  - name: sysUpTime
+    oid: 1.3.6.1.2.1.1.3
+    type: gauge
+    help: The time (in hundredths of a second) since the network management portion
+      of the system was last re-initialized. - 1.3.6.1.2.1.1.3
+  - name: upsBatteryStatus
+    oid: 1.3.6.1.2.1.33.1.2.1
+    type: gauge
+    help: The indication of the capacity remaining in the UPS system's batteries -
+      1.3.6.1.2.1.33.1.2.1
+  - name: upsEstimatedMinutesRemaining
+    oid: 1.3.6.1.2.1.33.1.2.3
+    type: gauge
+    help: An estimate of the time to battery charge depletion under the present load
+      conditions if the utility power is off and remains off, or if it were to be
+      lost and remain off. - 1.3.6.1.2.1.33.1.2.3
+  - name: upsInputVoltage
+    oid: 1.3.6.1.2.1.33.1.3.3.1.3
+    type: gauge
+    help: The magnitude of the present input voltage. - 1.3.6.1.2.1.33.1.3.3.1.3
+    indexes:
+    - labelname: upsInputLineIndex
+      type: gauge
+  - name: upsOutputSource
+    oid: 1.3.6.1.2.1.33.1.4.1
+    type: gauge
+    help: The present source of output power - 1.3.6.1.2.1.33.1.4.1
+  - name: upsOutputVoltage
+    oid: 1.3.6.1.2.1.33.1.4.4.1.2
+    type: gauge
+    help: The present output voltage. - 1.3.6.1.2.1.33.1.4.4.1.2
+    indexes:
+    - labelname: upsOutputLineIndex
+      type: gauge
+  - name: upsOutputPower
+    oid: 1.3.6.1.2.1.33.1.4.4.1.4
+    type: gauge
+    help: The present output true power. - 1.3.6.1.2.1.33.1.4.4.1.4
+    indexes:
+    - labelname: upsOutputLineIndex
+      type: gauge
+  - name: upsOutputPercentLoad
+    oid: 1.3.6.1.2.1.33.1.4.4.1.5
+    type: gauge
+    help: The percentage of the UPS power capacity presently being used on this output
+      line, i.e., the greater of the percent load of true power capacity and the percent
+      load of VA. - 1.3.6.1.2.1.33.1.4.4.1.5
+    indexes:
+    - labelname: upsOutputLineIndex
+      type: gauge
+  - name: xupsEnvRemoteTemp
+    oid: 1.3.6.1.4.1.534.1.6.5
+    type: gauge
+    help: The reading of an EMP's temperature sensor. - 1.3.6.1.4.1.534.1.6.5
+  - name: xupsEnvRemoteHumidity
+    oid: 1.3.6.1.4.1.534.1.6.6
+    type: gauge
+    help: The reading of an EMP's humidity sensor. - 1.3.6.1.4.1.534.1.6.6
+  version: 1
+  auth:
+    community: public
+
+
+procurve_switch:
+  walk:
+  - 1.3.6.1.2.1.31.1.1.1.10
+  - 1.3.6.1.2.1.31.1.1.1.6
+  get:
+  - 1.3.6.1.2.1.1.3.0
+  - 1.3.6.1.2.1.1.5.0
+  - 1.3.6.1.2.1.1.6.0
+  metrics:
+  - name: sysUpTime
+    oid: 1.3.6.1.2.1.1.3
+    type: gauge
+    help: The time (in hundredths of a second) since the network management portion
+      of the system was last re-initialized. - 1.3.6.1.2.1.1.3
+  - name: sysName
+    oid: 1.3.6.1.2.1.1.5
+    type: DisplayString
+    help: An administratively-assigned name for this managed node - 1.3.6.1.2.1.1.5
+  - name: sysLocation
+    oid: 1.3.6.1.2.1.1.6
+    type: DisplayString
+    help: The physical location of this node (e.g., 'telephone closet, 3rd floor')
+      - 1.3.6.1.2.1.1.6
+  - name: ifHCOutOctets
+    oid: 1.3.6.1.2.1.31.1.1.1.10
+    type: counter
+    help: The total number of octets transmitted out of the interface, including framing
+      characters - 1.3.6.1.2.1.31.1.1.1.10
+    indexes:
+    - labelname: ifIndex
+      type: gauge
+  - name: ifHCInOctets
+    oid: 1.3.6.1.2.1.31.1.1.1.6
+    type: counter
+    help: The total number of octets received on the interface, including framing
+      characters - 1.3.6.1.2.1.31.1.1.1.6
+    indexes:
+    - labelname: ifIndex
+      type: gauge
+  version: 3
+  auth:
+    username: prometheus
+
+ubiquiti_unifi:
+  walk:
+  - 1.3.6.1.4.1.41112.1.6
+  get:
+  - 1.3.6.1.2.1.1.5.0
+  - 1.3.6.1.2.1.1.6.0
+  metrics:
+# Pour faire une WifiMap un jour, on peut entrer la location dans la conf des bornes
+#  - name: sysLocation
+#    oid: 1.3.6.1.2.1.1.6
+#    type: DisplayString
+#    help: The physical location of this node (e.g., 'telephone closet, 3rd floor')
+#      - 1.3.6.1.2.1.1.6
+  - name: unifiVapIndex
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.1
+    type: gauge
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.1'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapChannel
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.4
+    type: gauge
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.4'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapEssId
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6
+    type: DisplayString
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.6'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapName
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.7
+    type: DisplayString
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.7'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifi_vap_num_stations
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8
+    type: gauge
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8'
+    indexes:
+    - labelname: unifi_vap_index
+      type: gauge
+    lookups:
+    - labels: [unifi_vap_index]
+      labelname: unifi_vap_essid
+      oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6
+      type: DisplayString
+    - labels: [unifi_vap_index]
+      labelname: unifi_vap_radio
+      oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9
+      type: DisplayString
+    - labels: []
+      labelname: unifi_vap_index
+#  - name: unifiVapNumStations
+#    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8
+#    type: gauge
+#    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8'
+#    indexes:
+#    - labelname: unifiVapIndex
+#      type: gauge
+  - name: unifiVapRadio
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9
+    type: DisplayString
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.9'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapRxBytes
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.10
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.10'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapRxCrypts
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.11
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.11'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapRxDropped
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.12
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.12'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapRxErrors
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.13
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.13'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapRxFrags
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.14
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.14'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapRxPackets
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.15
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.15'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapTxBytes
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.16
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.16'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapTxDropped
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.17
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.17'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapTxErrors
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.18
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.18'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapTxPackets
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.19
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.19'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapTxRetries
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.20
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.20'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapTxPower
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.21
+    type: gauge
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.21'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapUp
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.22
+    type: gauge
+    help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.22'
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiVapUsage
+    oid: 1.3.6.1.4.1.41112.1.6.1.2.1.23
+    type: DisplayString
+    help: guest or regular user - 1.3.6.1.4.1.41112.1.6.1.2.1.23
+    indexes:
+    - labelname: unifiVapIndex
+      type: gauge
+  - name: unifiIfIndex
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.1
+    type: gauge
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.1'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfName
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.5
+    type: DisplayString
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.5'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfRxBytes
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.6
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.6'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfRxDropped
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.7
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.7'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfRxError
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.8
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.8'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfRxMulticast
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.9
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.9'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfRxPackets
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.10
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.10'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfTxBytes
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.12
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.12'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfTxDropped
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.13
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.13'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfTxError
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.14
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.14'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiIfTxPackets
+    oid: 1.3.6.1.4.1.41112.1.6.2.1.1.15
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.15'
+    indexes:
+    - labelname: unifiIfIndex
+      type: gauge
+  - name: unifiApSystemModel
+    oid: 1.3.6.1.4.1.41112.1.6.3.3
+    type: DisplayString
+    help: ' - 1.3.6.1.4.1.41112.1.6.3.3'
+  - name: unifiApSystemUptime
+    oid: 1.3.6.1.4.1.41112.1.6.3.5
+    type: counter
+    help: ' - 1.3.6.1.4.1.41112.1.6.3.5'
+  version: 3
+  auth:
+    security_level: authPriv
+    username: snmp_prometheus
+    password: {{ snmp_unifi_password }}
+    auth_protocol: SHA
+    priv_protocol: AES
+    priv_password: {{ snmp_unifi_password }}
diff --git a/roles/prometheus-federate/templates/update-motd.d/05-service.j2 b/roles/prometheus-federate/templates/update-motd.d/05-service.j2
new file mode 100755
index 0000000..f027dc4
--- /dev/null
+++ b/roles/prometheus-federate/templates/update-motd.d/05-service.j2
@@ -0,0 +1,4 @@
+#!/bin/sh
+# {{ ansible_managed }}
+echo "> prometheus a été déployé sur cette machine."
+echo "  Voir /etc/prometheus/"

From 6ec449c3b33e11fa5b9f9c2e1d7cea51f7700d7f Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Wed, 10 Feb 2021 20:43:43 +0100
Subject: [PATCH 19/65] Fix restarting prometheus snmp (not installed)

---
 roles/prometheus-federate/handlers/main.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/roles/prometheus-federate/handlers/main.yml b/roles/prometheus-federate/handlers/main.yml
index 670847b..d648db2 100644
--- a/roles/prometheus-federate/handlers/main.yml
+++ b/roles/prometheus-federate/handlers/main.yml
@@ -4,7 +4,3 @@
     name: prometheus
     state: restarted
 
-- name: Restart prometheus-snmp-exporter
-  service:
-    name: prometheus-snmp-exporter
-    state: restarted

From 6963d9fc16ffe699d9562c4633d1808d7a9fc458 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Wed, 10 Feb 2021 11:01:42 +0100
Subject: [PATCH 20/65] Add utils

---
 utils/README.md                               |  4 +++
 logrotate.yml => utils/logrotate.yml          |  0
 .../nuke_radius_dbs.yml                       |  0
 utils/re2o_mail_server.yml                    | 13 ++++++++
 utils/reboot_needed_check.yml                 | 31 +++++++++++++++++++
 upgrade.yml => utils/upgrade.yml              |  0
 utils/version_check.yml                       | 19 ++++++++++++
 7 files changed, 67 insertions(+)
 create mode 100644 utils/README.md
 rename logrotate.yml => utils/logrotate.yml (100%)
 rename nuke_radius_dbs.yml => utils/nuke_radius_dbs.yml (100%)
 create mode 100755 utils/re2o_mail_server.yml
 create mode 100755 utils/reboot_needed_check.yml
 rename upgrade.yml => utils/upgrade.yml (100%)
 create mode 100755 utils/version_check.yml

diff --git a/utils/README.md b/utils/README.md
new file mode 100644
index 0000000..651404b
--- /dev/null
+++ b/utils/README.md
@@ -0,0 +1,4 @@
+# Utils
+
+A repository of Ansible Playbooks that are useful, as little script or various
+utilities, but not used in production.
diff --git a/logrotate.yml b/utils/logrotate.yml
similarity index 100%
rename from logrotate.yml
rename to utils/logrotate.yml
diff --git a/nuke_radius_dbs.yml b/utils/nuke_radius_dbs.yml
similarity index 100%
rename from nuke_radius_dbs.yml
rename to utils/nuke_radius_dbs.yml
diff --git a/utils/re2o_mail_server.yml b/utils/re2o_mail_server.yml
new file mode 100755
index 0000000..79fd7ff
--- /dev/null
+++ b/utils/re2o_mail_server.yml
@@ -0,0 +1,13 @@
+---
+# Deploy Re2o mail service
+- hosts: mail.auro.re
+  vars:
+    service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git
+    service_name: mail-server
+    service_version: aurore
+    service_config:
+      hostname: re2o-test.adm.auro.re  # use test instance for now, should be changed for prod!
+      username: service-user
+      password: "{{ vault_serviceuser_passwd }}"
+  roles:
+    - re2o-service
diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml
new file mode 100755
index 0000000..5759c53
--- /dev/null
+++ b/utils/reboot_needed_check.yml
@@ -0,0 +1,31 @@
+#!/usr/bin/env ansible-playbook
+---
+# Check if a reboot is required by the installation of some packages (ie kernel)
+- hosts: localhost
+  tasks:
+    - name: Make sure local file exist but is empty  # weird hack, I know
+      copy:
+        dest: /tmp/ansible_dump_reboot_needed.txt
+        content: ""
+        force: true
+
+- hosts: all,!unifi,!escalope.adm.auro.re,!loki.adm.auro.re,!viviane.adm.auro.re,!vpn-ovh.adm.auro.re
+  tasks:
+    # Register the output of the file /var/run/reboot-required.pkgs
+    - name: Register if boot is required
+      shell: if [ -e /var/run/reboot-required.pkgs ]; then cat /var/run/reboot-required.pkgs; fi
+      register: result
+
+    - name: DEBUG
+      debug:
+        msg: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}"
+      when: result.stdout != ""
+
+    # Add info line by line
+    - name: Dump all info into the local file
+      delegate_to: localhost
+      lineinfile:
+        path: /tmp/ansible_dump_reboot_needed.txt
+        line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}"
+      when: result.stdout != ""
+
diff --git a/upgrade.yml b/utils/upgrade.yml
similarity index 100%
rename from upgrade.yml
rename to utils/upgrade.yml
diff --git a/utils/version_check.yml b/utils/version_check.yml
new file mode 100755
index 0000000..e608e43
--- /dev/null
+++ b/utils/version_check.yml
@@ -0,0 +1,19 @@
+#!/usr/bin/env ansible-playbook
+---
+# Check for the distribution
+- hosts: localhost
+  tasks:
+    - name: Delete local tmp file
+      file:
+        path: /tmp/ansible_dump_dist_version.txt
+        state: absent
+
+- hosts: all,!unifi
+  tasks:
+    # Add info line by line
+    - name: Dump all info into the local file
+      delegate_to: localhost
+      lineinfile:
+        path: /tmp/ansible_dump_dist_version.txt
+        line: "[{{ ansible_facts['nodename'] }}] {{ansible_fqdn}} : {{
+                ansible_distribution }} {{ ansible_distribution_version }}"

From 2f0d6be4e9ca9f69b79e1e8a6e0c6d61173fe401 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Wed, 10 Feb 2021 11:04:06 +0100
Subject: [PATCH 21/65] fix if file is not already present

---
 utils/version_check.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/utils/version_check.yml b/utils/version_check.yml
index e608e43..b543053 100755
--- a/utils/version_check.yml
+++ b/utils/version_check.yml
@@ -3,10 +3,11 @@
 # Check for the distribution
 - hosts: localhost
   tasks:
-    - name: Delete local tmp file
-      file:
-        path: /tmp/ansible_dump_dist_version.txt
-        state: absent
+    - name: Make sure local file exist but is empty  # weird hack, I know
+      copy:
+        dest: /tmp/ansible_dump_reboot_needed.txt
+        content: ""
+        force: true
 
 - hosts: all,!unifi
   tasks:

From 02b28f45a2c93f54d037f534925a6ed388bd4749 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Wed, 10 Feb 2021 11:07:36 +0100
Subject: [PATCH 22/65] Fix yaml lint

---
 utils/reboot_needed_check.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml
index 5759c53..4f48a3d 100755
--- a/utils/reboot_needed_check.yml
+++ b/utils/reboot_needed_check.yml
@@ -28,4 +28,3 @@
         path: /tmp/ansible_dump_reboot_needed.txt
         line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}"
       when: result.stdout != ""
-

From e151c1c3fdcca2dd316caa4878ec7049dd644496 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 01:52:28 +0100
Subject: [PATCH 23/65] add postfix non mailhost playbook

---
 deploy_postfix_non_mailhost.yml | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 deploy_postfix_non_mailhost.yml

diff --git a/deploy_postfix_non_mailhost.yml b/deploy_postfix_non_mailhost.yml
new file mode 100644
index 0000000..207e37d
--- /dev/null
+++ b/deploy_postfix_non_mailhost.yml
@@ -0,0 +1,9 @@
+---
+# Deploy a correclty configured postfix on non mailhost servers
+- hosts: all,!unifi
+  vars:
+    local_network: 10.128.0.0/16
+    relay_host: proxy.adm.auro.re
+    myorigin: auro.re
+  roles:
+    - postfix-non-mailhost

From a9b03aed82f5e9623d2708fa45b79c5c1f1df505 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 02:02:15 +0100
Subject: [PATCH 24/65] Add postfix non mailhost handlers

---
 roles/postfix-non-mailhost/handlers/main.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 roles/postfix-non-mailhost/handlers/main.yml

diff --git a/roles/postfix-non-mailhost/handlers/main.yml b/roles/postfix-non-mailhost/handlers/main.yml
new file mode 100644
index 0000000..9538e6d
--- /dev/null
+++ b/roles/postfix-non-mailhost/handlers/main.yml
@@ -0,0 +1,10 @@
+---
+- name: Restart postfix
+  service:
+    name: postfix
+    state: restarted
+
+- name: Reload postfix
+  service:
+    name: postfix
+    state: reloaded

From f08b11445dafde6f8a22bd099c5f7a417baf6668 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 02:15:52 +0100
Subject: [PATCH 25/65] Add postfix non mailhost task

---
 roles/postfix-non-mailhost/tasks/main.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 roles/postfix-non-mailhost/tasks/main.yml

diff --git a/roles/postfix-non-mailhost/tasks/main.yml b/roles/postfix-non-mailhost/tasks/main.yml
new file mode 100644
index 0000000..12a3805
--- /dev/null
+++ b/roles/postfix-non-mailhost/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+- name: Install postfix
+  apt:
+    name: postfix
+    update_cache: true
+  register: result
+  retries: 3
+  until: result is succeeded
+
+- name: Configure postfix
+  template:
+    src: main.cf.j2
+    dest: /etc/postfix/main.cf
+  notify: restart postfix

From 1ca75ccfb0c53fa91038852b01acb0cb4cc4efa0 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 02:22:41 +0100
Subject: [PATCH 26/65] Add postfix non mailhost conf

---
 .../postfix-non-mailhost/templates/main.cf.j2 | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 roles/postfix-non-mailhost/templates/main.cf.j2

diff --git a/roles/postfix-non-mailhost/templates/main.cf.j2 b/roles/postfix-non-mailhost/templates/main.cf.j2
new file mode 100644
index 0000000..57d106e
--- /dev/null
+++ b/roles/postfix-non-mailhost/templates/main.cf.j2
@@ -0,0 +1,30 @@
+# {{ ansible_managed }}
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+# Template based on /usr/share/postfix/main.cf.debian
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
+# fresh installs.
+compatibility_level = 2
+
+# Send mail as user@{{ ansible_fqdn }}
+myorigin = {{ ansible_fqdn }}
+
+# Specify the trusted networks
+mynetworks = 127.0.0.0/8 {{ local_network }}
+
+# This host does not relay mail from untrusted networks
+relay_domains =
+
+# This is needed if no direct Internet access is available
+relayhost = {{ relay_host }}

From ab3659adc231deab0c3bd83b14080ec109a924bd Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 02:32:46 +0100
Subject: [PATCH 27/65] Also config hostname just in case

---
 roles/postfix-non-mailhost/templates/main.cf.j2 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/postfix-non-mailhost/templates/main.cf.j2 b/roles/postfix-non-mailhost/templates/main.cf.j2
index 57d106e..b99d905 100644
--- a/roles/postfix-non-mailhost/templates/main.cf.j2
+++ b/roles/postfix-non-mailhost/templates/main.cf.j2
@@ -18,7 +18,8 @@ readme_directory = no
 compatibility_level = 2
 
 # Send mail as user@{{ ansible_fqdn }}
-myorigin = {{ ansible_fqdn }}
+myhostname = {{ ansible_fqdn }}
+myorigin = $myhostname # default configuration
 
 # Specify the trusted networks
 mynetworks = 127.0.0.0/8 {{ local_network }}

From 69d732e612d95b1dcf710925c119174e92f0c489 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 02:42:08 +0100
Subject: [PATCH 28/65] Fix case

---
 roles/postfix-non-mailhost/handlers/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/postfix-non-mailhost/handlers/main.yml b/roles/postfix-non-mailhost/handlers/main.yml
index 9538e6d..bc28f6e 100644
--- a/roles/postfix-non-mailhost/handlers/main.yml
+++ b/roles/postfix-non-mailhost/handlers/main.yml
@@ -1,10 +1,10 @@
 ---
-- name: Restart postfix
+- name: restart postfix
   service:
     name: postfix
     state: restarted
 
-- name: Reload postfix
+- name: reload postfix
   service:
     name: postfix
     state: reloaded

From 456e025ca4dda57c48e43c09cedab9f57df99e55 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 02:42:31 +0100
Subject: [PATCH 29/65] use ansible facts instead of hardcoded vars

---
 deploy_postfix_non_mailhost.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/deploy_postfix_non_mailhost.yml b/deploy_postfix_non_mailhost.yml
index 207e37d..0407d0f 100644
--- a/deploy_postfix_non_mailhost.yml
+++ b/deploy_postfix_non_mailhost.yml
@@ -4,6 +4,5 @@
   vars:
     local_network: 10.128.0.0/16
     relay_host: proxy.adm.auro.re
-    myorigin: auro.re
   roles:
     - postfix-non-mailhost

From 3925e321880800b2132859a3efcc5b9aa1eba1c9 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 02:45:13 +0100
Subject: [PATCH 30/65] Repect ansible-lint [106] for role names

---
 deploy_postfix_non_mailhost.yml                                 | 2 +-
 .../handlers/main.yml                                           | 0
 .../tasks/main.yml                                              | 0
 .../templates/main.cf.j2                                        | 0
 4 files changed, 1 insertion(+), 1 deletion(-)
 rename roles/{postfix-non-mailhost => postfix_non_mailhost}/handlers/main.yml (100%)
 rename roles/{postfix-non-mailhost => postfix_non_mailhost}/tasks/main.yml (100%)
 rename roles/{postfix-non-mailhost => postfix_non_mailhost}/templates/main.cf.j2 (100%)

diff --git a/deploy_postfix_non_mailhost.yml b/deploy_postfix_non_mailhost.yml
index 0407d0f..e335928 100644
--- a/deploy_postfix_non_mailhost.yml
+++ b/deploy_postfix_non_mailhost.yml
@@ -5,4 +5,4 @@
     local_network: 10.128.0.0/16
     relay_host: proxy.adm.auro.re
   roles:
-    - postfix-non-mailhost
+    - postfix_non_mailhost
diff --git a/roles/postfix-non-mailhost/handlers/main.yml b/roles/postfix_non_mailhost/handlers/main.yml
similarity index 100%
rename from roles/postfix-non-mailhost/handlers/main.yml
rename to roles/postfix_non_mailhost/handlers/main.yml
diff --git a/roles/postfix-non-mailhost/tasks/main.yml b/roles/postfix_non_mailhost/tasks/main.yml
similarity index 100%
rename from roles/postfix-non-mailhost/tasks/main.yml
rename to roles/postfix_non_mailhost/tasks/main.yml
diff --git a/roles/postfix-non-mailhost/templates/main.cf.j2 b/roles/postfix_non_mailhost/templates/main.cf.j2
similarity index 100%
rename from roles/postfix-non-mailhost/templates/main.cf.j2
rename to roles/postfix_non_mailhost/templates/main.cf.j2

From 3fceeff74fbb49a05dd45ab3a5b6c9d6ed6267d7 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 02:47:04 +0100
Subject: [PATCH 31/65] Fix ansible lint for rule [208] always specify mode and
 owner for template

---
 roles/postfix_non_mailhost/tasks/main.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/postfix_non_mailhost/tasks/main.yml b/roles/postfix_non_mailhost/tasks/main.yml
index 12a3805..42f3482 100644
--- a/roles/postfix_non_mailhost/tasks/main.yml
+++ b/roles/postfix_non_mailhost/tasks/main.yml
@@ -11,4 +11,7 @@
   template:
     src: main.cf.j2
     dest: /etc/postfix/main.cf
+    mode: 0644
+    owner: root
+    group: root
   notify: restart postfix

From 37124b20cb5b9d94a70510b73db7188b2f94d191 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 03:27:27 +0100
Subject: [PATCH 32/65] Gitlab CI is not needed anymore

---
 .gitlab-ci.yml | 19 -------------------
 1 file changed, 19 deletions(-)
 delete mode 100644 .gitlab-ci.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
deleted file mode 100644
index c62f35b..0000000
--- a/.gitlab-ci.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-image: python:3.9-alpine
-
-stages:
-  - lint
-
-yamllint:
-  stage: lint
-  script:
-    - pip install yamllint==1.25.0
-    - yamllint -c .yamllint.yml .
-
-ansible-lint:
-  stage: lint
-  script:
-    - apk add gcc libc-dev libffi-dev openssl-dev
-    - pip install ansible-lint==4.3.7
-    - ansible-lint *.yml
-...

From abcdf59824e34b746c3c8edf75d9625a41a0d47a Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 03:31:26 +0100
Subject: [PATCH 33/65] :construction_worker: yaml-lint 1.25.0 -> 1.26.0

---
 .drone.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.drone.yml b/.drone.yml
index 58679a2..3f34393 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -7,7 +7,7 @@ steps:
   - name: yamllint
     image: python:3.9-alpine
     commands:
-      - pip install yamllint==1.25.0
+      - pip install yamllint==1.26.0
       - yamllint -c .yamllint.yml .
 
   - name: ansible-lint

From 5503a54be432fae928e7ba4383d21b37c167ed86 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 03:32:33 +0100
Subject: [PATCH 34/65] :construction_worker: ansible-lint 4.7.3 -> 5.0.0 and
 fix dependencies

---
 .drone.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 3f34393..24cbaa7 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -13,7 +13,7 @@ steps:
   - name: ansible-lint
     image: python:3.9-alpine
     commands:
-      - apk add --no-cache gcc libc-dev libffi-dev openssl-dev
-      - pip install ansible-lint==4.3.7
+      - apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
+      - pip install ansible-lint==5.0.0 ansible
       - ansible-lint
 ...

From f4fc3567ee3042ccda6aac8effd7654b2cd49a45 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 03:43:38 +0100
Subject: [PATCH 35/65] :construction_worker: fix ansible and yaml version
 according to ansible-lint 5.0 upgrade guidelines. Use ansible-base for slim
 version. See #1150 on ansible-lint for more info.

---
 .drone.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 24cbaa7..dbc0b53 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -7,13 +7,13 @@ steps:
   - name: yamllint
     image: python:3.9-alpine
     commands:
-      - pip install yamllint==1.26.0
+      - pip install yamllint>=1.26.0,<2.0
       - yamllint -c .yamllint.yml .
 
   - name: ansible-lint
     image: python:3.9-alpine
     commands:
       - apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
-      - pip install ansible-lint==5.0.0 ansible
+      - pip install ansible-lint==5.0.0 ansible-base>=2.10,<2.11
       - ansible-lint
 ...

From bd541691d9354b353e0b0e16038166c9283d98fc Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 03:47:39 +0100
Subject: [PATCH 36/65] :construction_worker: fix syntax

---
 .drone.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index dbc0b53..e9d60bb 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -7,13 +7,14 @@ steps:
   - name: yamllint
     image: python:3.9-alpine
     commands:
-      - pip install yamllint>=1.26.0,<2.0
+      - pip install "yamllint>=1.26.0,<2.0"
       - yamllint -c .yamllint.yml .
 
   - name: ansible-lint
     image: python:3.9-alpine
     commands:
       - apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
-      - pip install ansible-lint==5.0.0 ansible-base>=2.10,<2.11
+      - pip install "ansible-lint==5.0.0" 
+      - pip install "ansible-base>=2.10,<2.11"
       - ansible-lint
 ...

From 6f80cf0fd937cf25124fcf47e1a42ebd603ebff1 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 03:50:14 +0100
Subject: [PATCH 37/65] :green_heart: fix yamllint CI on CI itself, CIception

---
 .drone.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.drone.yml b/.drone.yml
index e9d60bb..8c23c77 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -14,7 +14,7 @@ steps:
     image: python:3.9-alpine
     commands:
       - apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
-      - pip install "ansible-lint==5.0.0" 
+      - pip install "ansible-lint==5.0.0"
       - pip install "ansible-base>=2.10,<2.11"
       - ansible-lint
 ...

From e9f0b884ec43e0565226c2866568256c83631de3 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 03:57:30 +0100
Subject: [PATCH 38/65] :construction_worker: update ansible-lint notation that
 were depreciated

---
 .ansible-lint | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.ansible-lint b/.ansible-lint
index 3f851df..3ec97ed 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -1,5 +1,5 @@
 skip_list:
-  - '301'
+  - 'no-changed-when'
 
 warn_list:
   - experimental  # all rules tagged as experimental

From ab69d1540450ef24f03dddd867c568fd49e0ef78 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 03:59:03 +0100
Subject: [PATCH 39/65] :construction_worker: we need full ansible, slim
 version wont work for our use case

---
 .drone.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.drone.yml b/.drone.yml
index 8c23c77..ab5b271 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -15,6 +15,6 @@ steps:
     commands:
       - apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
       - pip install "ansible-lint==5.0.0"
-      - pip install "ansible-base>=2.10,<2.11"
+      - pip install "ansible>=2.10,<2.11"
       - ansible-lint
 ...

From f607a76ec8d8798e902cd0a5306f26ee2492b5f6 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 13:13:26 +0100
Subject: [PATCH 40/65] :bug: Fix a small bug. Postfix does not accept trailing
 comments

---
 roles/postfix_non_mailhost/templates/main.cf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/postfix_non_mailhost/templates/main.cf.j2 b/roles/postfix_non_mailhost/templates/main.cf.j2
index b99d905..5b90030 100644
--- a/roles/postfix_non_mailhost/templates/main.cf.j2
+++ b/roles/postfix_non_mailhost/templates/main.cf.j2
@@ -19,7 +19,7 @@ compatibility_level = 2
 
 # Send mail as user@{{ ansible_fqdn }}
 myhostname = {{ ansible_fqdn }}
-myorigin = $myhostname # default configuration
+myorigin = $myhostname
 
 # Specify the trusted networks
 mynetworks = 127.0.0.0/8 {{ local_network }}

From f1ce3290c9e26b08a8252f9ec7784f51bf424fad Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 14:45:45 +0100
Subject: [PATCH 41/65] :construction_worker: do not ansible-lint the vault and
 fix useless rules

---
 .ansible-lint | 7 ++++++-
 .yamllint.yml | 3 +--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/.ansible-lint b/.ansible-lint
index 3ec97ed..d98efd4 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -1,5 +1,10 @@
 skip_list:
-  - 'no-changed-when'
+  - no-changed-when
+  - load-failure
+  - document-start
 
 warn_list:
   - experimental  # all rules tagged as experimental
+
+exclude_paths:
+- group_vars/all/vault.yml
diff --git a/.yamllint.yml b/.yamllint.yml
index c8666c8..af15be3 100644
--- a/.yamllint.yml
+++ b/.yamllint.yml
@@ -6,6 +6,5 @@ rules:
     max: 120
     level: warning
   document-start:
-    ignore: |
-      /groups_var/all/vault.yml
+    ignore: group_vars/all/vault.yml
 ...

From a02afd20b7367132a07b53f2d7cd8786e2272bc0 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 15:40:58 +0100
Subject: [PATCH 42/65] :rotating_light: fix risky-file-permission

---
 utils/reboot_needed_check.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml
index 4f48a3d..cf7868f 100755
--- a/utils/reboot_needed_check.yml
+++ b/utils/reboot_needed_check.yml
@@ -8,6 +8,7 @@
         dest: /tmp/ansible_dump_reboot_needed.txt
         content: ""
         force: true
+        mode: 0644
 
 - hosts: all,!unifi,!escalope.adm.auro.re,!loki.adm.auro.re,!viviane.adm.auro.re,!vpn-ovh.adm.auro.re
   tasks:

From da1fa70e55168336b0368b8a6d21e0b7d9f5977c Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 15:42:10 +0100
Subject: [PATCH 43/65] :rotating_light: fix empty-string-compare

---
 utils/reboot_needed_check.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml
index cf7868f..631d496 100755
--- a/utils/reboot_needed_check.yml
+++ b/utils/reboot_needed_check.yml
@@ -20,7 +20,7 @@
     - name: DEBUG
       debug:
         msg: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}"
-      when: result.stdout != ""
+      when: result.stdout is defined
 
     # Add info line by line
     - name: Dump all info into the local file
@@ -28,4 +28,4 @@
       lineinfile:
         path: /tmp/ansible_dump_reboot_needed.txt
         line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}"
-      when: result.stdout != ""
+      when: result.stdout is defined

From 3840fdd44e6b72bcba9dee74237f744524e77af1 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 15:42:54 +0100
Subject: [PATCH 44/65] :rotating_light: fix risky-file-permission

---
 utils/version_check.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/utils/version_check.yml b/utils/version_check.yml
index b543053..e0c9ad7 100755
--- a/utils/version_check.yml
+++ b/utils/version_check.yml
@@ -8,6 +8,7 @@
         dest: /tmp/ansible_dump_reboot_needed.txt
         content: ""
         force: true
+        mode: 0644
 
 - hosts: all,!unifi
   tasks:

From 15ae83566c796012651f29219addfd8491f8f343 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 15:43:52 +0100
Subject: [PATCH 45/65] :rotating_light: fix var-spacing

---
 utils/version_check.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/version_check.yml b/utils/version_check.yml
index e0c9ad7..1a8a7c5 100755
--- a/utils/version_check.yml
+++ b/utils/version_check.yml
@@ -17,5 +17,5 @@
       delegate_to: localhost
       lineinfile:
         path: /tmp/ansible_dump_dist_version.txt
-        line: "[{{ ansible_facts['nodename'] }}] {{ansible_fqdn}} : {{
+        line: "[{{ ansible_facts['nodename'] }}] {{ ansible_fqdn }} : {{
                 ansible_distribution }} {{ ansible_distribution_version }}"

From 58068e9cd80b5b1874bf14cd0e69eaee370a0b29 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 16:39:27 +0100
Subject: [PATCH 46/65] Docker image to be built for the CI

---
 docker-ansible-lint/Dockefile |  6 ++++++
 docker-ansible-lint/README.md | 18 ++++++++++++++++++
 2 files changed, 24 insertions(+)
 create mode 100644 docker-ansible-lint/Dockefile
 create mode 100644 docker-ansible-lint/README.md

diff --git a/docker-ansible-lint/Dockefile b/docker-ansible-lint/Dockefile
new file mode 100644
index 0000000..c34f38a
--- /dev/null
+++ b/docker-ansible-lint/Dockefile
@@ -0,0 +1,6 @@
+FROM python:3.9-alpine
+
+RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
+RUN pip install "yamllint>=1.26.0,<2.0"
+RUN pip install "ansible-lint==5.0.0"
+RUN pip install "ansible>=2.10,<2.11"
diff --git a/docker-ansible-lint/README.md b/docker-ansible-lint/README.md
new file mode 100644
index 0000000..c2fb0f7
--- /dev/null
+++ b/docker-ansible-lint/README.md
@@ -0,0 +1,18 @@
+# Ansible-lint image
+
+In order to build this image when a new version comes out, you need to
+1. ssh into the drone.adm.auro.re server
+2. git pull this repo to the lastest version
+3. optionnally make the changes if it has not been done yet
+4. `sudo docker build -t aurore-ansible-lint-image docker-ansible-lint/`
+5. ???
+6. enjoy
+
+You can verify that the image was correclty built by running
+```
+# list the images present
+sudo docker image
+
+# run your image with an interactive shell
+sudo docker run -it --rm aurore-ansible-lint-image
+```

From 42074b31c50842dc66a87578be37d7905a7d2590 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 16:40:27 +0100
Subject: [PATCH 47/65] simplify the drone config wiht the newly built image

---
 .drone.yml | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index ab5b271..680b5c6 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -5,16 +5,7 @@ name: check
 
 steps:
   - name: yamllint
-    image: python:3.9-alpine
+    image: aurore-ansible-lint-image
     commands:
-      - pip install "yamllint>=1.26.0,<2.0"
-      - yamllint -c .yamllint.yml .
-
-  - name: ansible-lint
-    image: python:3.9-alpine
-    commands:
-      - apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
-      - pip install "ansible-lint==5.0.0"
-      - pip install "ansible>=2.10,<2.11"
       - ansible-lint
 ...

From 414e80a7c4bdc5e621753cea06122de22552a9f5 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 16:42:10 +0100
Subject: [PATCH 48/65] never try to pull this image

---
 .drone.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.drone.yml b/.drone.yml
index 680b5c6..96588b3 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -5,6 +5,7 @@ name: check
 
 steps:
   - name: yamllint
+    pull: never
     image: aurore-ansible-lint-image
     commands:
       - ansible-lint

From d650e77b23f854e1d871b41b939e33942e0a9ae5 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 16:43:11 +0100
Subject: [PATCH 49/65] rename ci task

---
 .drone.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.drone.yml b/.drone.yml
index 96588b3..eb6ce40 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -4,7 +4,7 @@ type: docker
 name: check
 
 steps:
-  - name: yamllint
+  - name: ansible and yaml linting
     pull: never
     image: aurore-ansible-lint-image
     commands:

From 5b2580056dd60e920364985c46ba8effd10d34d0 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 18:10:39 +0100
Subject: [PATCH 50/65] :bug: Final fix, should stop sending ill-formed mail
 from now on

---
 roles/postfix_non_mailhost/templates/main.cf.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/postfix_non_mailhost/templates/main.cf.j2 b/roles/postfix_non_mailhost/templates/main.cf.j2
index 5b90030..d5f5166 100644
--- a/roles/postfix_non_mailhost/templates/main.cf.j2
+++ b/roles/postfix_non_mailhost/templates/main.cf.j2
@@ -20,6 +20,7 @@ compatibility_level = 2
 # Send mail as user@{{ ansible_fqdn }}
 myhostname = {{ ansible_fqdn }}
 myorigin = $myhostname
+mydomain = $myhostname
 
 # Specify the trusted networks
 mynetworks = 127.0.0.0/8 {{ local_network }}

From def64380e67a6a29d8fae3b38fff2a226ce3eefe Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 14:45:45 +0100
Subject: [PATCH 51/65] :construction_worker: do not ansible-lint the vault and
 fix useless rules

---
 .ansible-lint | 7 ++++++-
 .yamllint.yml | 3 +--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/.ansible-lint b/.ansible-lint
index 3ec97ed..d98efd4 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -1,5 +1,10 @@
 skip_list:
-  - 'no-changed-when'
+  - no-changed-when
+  - load-failure
+  - document-start
 
 warn_list:
   - experimental  # all rules tagged as experimental
+
+exclude_paths:
+- group_vars/all/vault.yml
diff --git a/.yamllint.yml b/.yamllint.yml
index c8666c8..af15be3 100644
--- a/.yamllint.yml
+++ b/.yamllint.yml
@@ -6,6 +6,5 @@ rules:
     max: 120
     level: warning
   document-start:
-    ignore: |
-      /groups_var/all/vault.yml
+    ignore: group_vars/all/vault.yml
 ...

From 008fb803d975ca93bdd838566a4bacc85174f4d7 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 15:40:58 +0100
Subject: [PATCH 52/65] :rotating_light: fix risky-file-permission

---
 utils/reboot_needed_check.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml
index 4f48a3d..cf7868f 100755
--- a/utils/reboot_needed_check.yml
+++ b/utils/reboot_needed_check.yml
@@ -8,6 +8,7 @@
         dest: /tmp/ansible_dump_reboot_needed.txt
         content: ""
         force: true
+        mode: 0644
 
 - hosts: all,!unifi,!escalope.adm.auro.re,!loki.adm.auro.re,!viviane.adm.auro.re,!vpn-ovh.adm.auro.re
   tasks:

From 1fe440aabe2735cb2318ccc5f2f9e8d764944d5b Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 15:42:10 +0100
Subject: [PATCH 53/65] :rotating_light: fix empty-string-compare

---
 utils/reboot_needed_check.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml
index cf7868f..631d496 100755
--- a/utils/reboot_needed_check.yml
+++ b/utils/reboot_needed_check.yml
@@ -20,7 +20,7 @@
     - name: DEBUG
       debug:
         msg: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}"
-      when: result.stdout != ""
+      when: result.stdout is defined
 
     # Add info line by line
     - name: Dump all info into the local file
@@ -28,4 +28,4 @@
       lineinfile:
         path: /tmp/ansible_dump_reboot_needed.txt
         line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}"
-      when: result.stdout != ""
+      when: result.stdout is defined

From 902d219de3e8fbaf1a8a22c7e2bae4da7d8e8248 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 15:42:54 +0100
Subject: [PATCH 54/65] :rotating_light: fix risky-file-permission

---
 utils/version_check.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/utils/version_check.yml b/utils/version_check.yml
index b543053..e0c9ad7 100755
--- a/utils/version_check.yml
+++ b/utils/version_check.yml
@@ -8,6 +8,7 @@
         dest: /tmp/ansible_dump_reboot_needed.txt
         content: ""
         force: true
+        mode: 0644
 
 - hosts: all,!unifi
   tasks:

From 54aec3638f795a902fb25ec0a12f5ebbe591878e Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 15:43:52 +0100
Subject: [PATCH 55/65] :rotating_light: fix var-spacing

---
 utils/version_check.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/version_check.yml b/utils/version_check.yml
index e0c9ad7..1a8a7c5 100755
--- a/utils/version_check.yml
+++ b/utils/version_check.yml
@@ -17,5 +17,5 @@
       delegate_to: localhost
       lineinfile:
         path: /tmp/ansible_dump_dist_version.txt
-        line: "[{{ ansible_facts['nodename'] }}] {{ansible_fqdn}} : {{
+        line: "[{{ ansible_facts['nodename'] }}] {{ ansible_fqdn }} : {{
                 ansible_distribution }} {{ ansible_distribution_version }}"

From f39ade227a2597b09be5a58d173f6d4c4bc0815a Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 18:22:19 +0100
Subject: [PATCH 56/65] :memo: add CI badge

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 00897a4..cb8683f 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
+[![Linter Status](https://drone.auro.re/api/badges/Aurore/ansible/status.svg)](https://drone.auro.re/Aurore/ansible)
+
 # Recettes Ansible d'Aurore
 
 Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore.

From 06d0bd56ae0e31526e39288ce78fa98db4d52b94 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 18:34:57 +0100
Subject: [PATCH 57/65] :memo: Update the docker image doc for ansible-lint

---
 docker-ansible-lint/README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docker-ansible-lint/README.md b/docker-ansible-lint/README.md
index c2fb0f7..6e1723c 100644
--- a/docker-ansible-lint/README.md
+++ b/docker-ansible-lint/README.md
@@ -1,9 +1,9 @@
 # Ansible-lint image
 
 In order to build this image when a new version comes out, you need to
-1. ssh into the drone.adm.auro.re server
+1. ssh into the `drone.adm.auro.re` server
 2. git pull this repo to the lastest version
-3. optionnally make the changes if it has not been done yet
+3. optionally make the changes if it has not been done yet
 4. `sudo docker build -t aurore-ansible-lint-image docker-ansible-lint/`
 5. ???
 6. enjoy
@@ -14,5 +14,5 @@ You can verify that the image was correclty built by running
 sudo docker image
 
 # run your image with an interactive shell
-sudo docker run -it --rm aurore-ansible-lint-image
+sudo docker run -it --rm aurore-ansible-lint-image /bin/sh
 ```

From 4dd75d1180cfa32685d2e8b7a570d49635dd6a39 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 18:40:48 +0100
Subject: [PATCH 58/65] :memo: Update the docker image doc for ansible-lint

---
 docker-ansible-lint/Dockefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker-ansible-lint/Dockefile b/docker-ansible-lint/Dockefile
index c34f38a..5d60549 100644
--- a/docker-ansible-lint/Dockefile
+++ b/docker-ansible-lint/Dockefile
@@ -1,4 +1,5 @@
 FROM python:3.9-alpine
+LABEL description="Aurore's docker image for ansible-lint"
 
 RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
 RUN pip install "yamllint>=1.26.0,<2.0"

From 83fd1b03e7e9d2f02b149aa57c098510cf913e08 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 18:44:18 +0100
Subject: [PATCH 59/65] :truck: correctly name Dockerfile

---
 docker-ansible-lint/{Dockefile => Dockerfile} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename docker-ansible-lint/{Dockefile => Dockerfile} (100%)

diff --git a/docker-ansible-lint/Dockefile b/docker-ansible-lint/Dockerfile
similarity index 100%
rename from docker-ansible-lint/Dockefile
rename to docker-ansible-lint/Dockerfile

From c45d12cd6a1cb7a0dc306e64ed70aeb55735ce9a Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Tue, 16 Feb 2021 19:00:25 +0100
Subject: [PATCH 60/65] :memo: use the full command

---
 docker-ansible-lint/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-ansible-lint/README.md b/docker-ansible-lint/README.md
index 6e1723c..adabac3 100644
--- a/docker-ansible-lint/README.md
+++ b/docker-ansible-lint/README.md
@@ -11,7 +11,7 @@ In order to build this image when a new version comes out, you need to
 You can verify that the image was correclty built by running
 ```
 # list the images present
-sudo docker image
+sudo docker image ls
 
 # run your image with an interactive shell
 sudo docker run -it --rm aurore-ansible-lint-image /bin/sh

From a5b4deaceeb63d2713073fe2765f21a58d47662d Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Wed, 17 Feb 2021 17:42:24 +0100
Subject: [PATCH 61/65] Rename federate role; update of alerts of federate
 prometheus; update of configuration of federate prometheus

---
 monitoring.yml                                |  3 +-
 roles/prometheus/tasks/main.yml.save          | 84 +++++++++++++++++++
 .../handlers/main.yml                         |  0
 .../tasks/main.yml                            |  0
 .../templates/prometheus/alert.rules.yml.j2   | 30 +++----
 .../templates/prometheus/django.rules.yml.j2  |  0
 .../templates/prometheus/prometheus.yml.j2    |  1 +
 .../templates/prometheus/snmp.yml.j2          |  0
 .../templates/update-motd.d/05-service.j2     |  0
 9 files changed, 102 insertions(+), 16 deletions(-)
 create mode 100644 roles/prometheus/tasks/main.yml.save
 rename roles/{prometheus-federate => prometheus_federate}/handlers/main.yml (100%)
 rename roles/{prometheus-federate => prometheus_federate}/tasks/main.yml (100%)
 rename roles/{prometheus-federate => prometheus_federate}/templates/prometheus/alert.rules.yml.j2 (65%)
 rename roles/{prometheus-federate => prometheus_federate}/templates/prometheus/django.rules.yml.j2 (100%)
 rename roles/{prometheus-federate => prometheus_federate}/templates/prometheus/prometheus.yml.j2 (98%)
 rename roles/{prometheus-federate => prometheus_federate}/templates/prometheus/snmp.yml.j2 (100%)
 rename roles/{prometheus-federate => prometheus_federate}/templates/update-motd.d/05-service.j2 (100%)

diff --git a/monitoring.yml b/monitoring.yml
index bcf4ef2..c81934c 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -121,8 +121,9 @@
       - prometheus-rives.adm.auro.re
       - prometheus-aurore.adm.auro.re
       - prometheus-ovh.adm.auro.re
+      - prometheus-federate.adm.auro.re
   roles:
-    - prometheus-federate
+    - prometheus_federate
 
 
 # Monitor all hosts
diff --git a/roles/prometheus/tasks/main.yml.save b/roles/prometheus/tasks/main.yml.save
new file mode 100644
index 0000000..57945ce
--- /dev/null
+++ b/roles/prometheus/tasks/main.yml.save
@@ -0,0 +1,84 @@
+---
+- name: Install Prometheus
+  apt:
+    update_cache: true
+    name:
+      - prometheus
+      - prometheus-snmp-exporter
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Configure Prometheus
+  template:
+    src: prometheus/prometheus.yml.j2
+    dest: /etc/prometheus/prometheus.yml
+    mode: 0644
+  notify: Restart Prometheus
+
+- name: Configure Prometheus alert rules
+  template:
+    src: "prometheus/{{ item }}.j2"
+    dest: "/etc/prometheus/{{ item }}"
+    mode: 0644
+  notify: Restart Prometheus
+  loop:
+    - alert.rules.yml
+    - django.rules.yml
+
+- name: Make Prometheus snmp-exporter listen on localhost only
+  lineinfile:
+    path: /etc/default/prometheus-snmp-exporter
+    regexp: '^ARGS='
+    line: "ARGS=\"--web.listen-address=127.0.0.1:9116\""
+  notify: Restart prometheus-snmp-exporter
+
+# This file store SNMP OIDs
+- name: Configure Prometheus snmp-exporter
+  template:
+    src: "prometheus/snmp.yml.j2"
+    dest: "/etc/prometheus/snmp.yml"
+    mode: 0600
+    owner: prometheus
+  notify: Restart prometheus-snmp-exporter
+
+# We don't need to restart Prometheus when updating nodes
+- name: Configure Prometheus nodes
+  copy:
+    content: "{{ prometheus_targets | to_nice_json }}"
+    dest: /etc/prometheus/targets.json
+    mode: 0644
+
+# We don't need to restart Prometheus when updating nodes
+- name: Configure Prometheus Ubiquity Unifi SNMP devices
+  copy:
+    content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}"
+    dest: /etc/prometheus/targets_unifi_snmp.json
+    mode: 0644
+  when: prometheus_unifi_snmp_targets is defined
+
+- name: Configure Prometheus UPS SNMP devices
+  copy:
+    content: "{{ [{'targets': prometheus_ups_snmp_targets }]7yk[:Cp_g$#dT'yv!. | to_nice_json }}\n"
+    dest: /etc/prometheus/targets_ups_snmp.json
+    mode: 0644
+  when: prometheus_ups_snmp_targets is defined
+
+- name: Configure Prometheus docker monitoring
+  copy:
+    content: "{{ [{'targets': prometheus_docker_targets }] | to_nice_json }}\n"
+    dest: /etc/prometheus/targets_docker.json
+    mode: 0644
+  when: prometheus_docker_targets is defined
+
+- name: Activate prometheus service
+  systemd:
+    name: prometheus
+    enabled: true
+    state: started
+
+- name: Indicate role in motd
+  template:
+    src: update-motd.d/05-service.j2
+    dest: /etc/update-motd.d/05-prometheus
+    mode: 0755
diff --git a/roles/prometheus-federate/handlers/main.yml b/roles/prometheus_federate/handlers/main.yml
similarity index 100%
rename from roles/prometheus-federate/handlers/main.yml
rename to roles/prometheus_federate/handlers/main.yml
diff --git a/roles/prometheus-federate/tasks/main.yml b/roles/prometheus_federate/tasks/main.yml
similarity index 100%
rename from roles/prometheus-federate/tasks/main.yml
rename to roles/prometheus_federate/tasks/main.yml
diff --git a/roles/prometheus-federate/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2
similarity index 65%
rename from roles/prometheus-federate/templates/prometheus/alert.rules.yml.j2
rename to roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2
index e2cb42c..0fd14f5 100644
--- a/roles/prometheus-federate/templates/prometheus/alert.rules.yml.j2
+++ b/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2
@@ -13,7 +13,7 @@ groups:
     labels:
       severity: critical
     annotations:
-      summary: "{{ $labels.instance }} est invisible depuis plus de 3 minutes !"
+      summary: "Federate : {{ $labels.exported_instance }} est invisible depuis plus de 3 minutes !"
 
   # Alert for out of memory
   - alert: OutOfMemory
@@ -22,7 +22,7 @@ groups:
     labels:
       severity: warning
     annotations:
-      summary: "Mémoire libre de {{ $labels.instance }} à {{ humanize $value }}%."
+      summary: "Federate : Mémoire libre de {{ $labels.exported_instance }} à {{ humanize $value }}%."
 
   # Alert for out of disk space
   - alert: OutOfDiskSpace
@@ -31,7 +31,7 @@ groups:
     labels:
       severity: warning
     annotations:
-      summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.instance }} à {{ humanize $value }}%."
+      summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.exported_instance }} à {{ humanize $value }}%."
 
   # Alert for out of inode space on disk
   - alert: OutOfInodes
@@ -40,7 +40,7 @@ groups:
     labels:
       severity: warning
     annotations:
-      summary: "Presque plus d'inodes disponibles ({{ $value }}% restant) dans {{ $labels.mountpoint }} sur {{ $labels.instance }}."
+      summary: "Federate : Presque plus d'inodes disponibles ({{ $value }}% restant) dans {{ $labels.mountpoint }} sur {{ $labels.exported_instance }}."
 
   # Alert for high CPU usage
   - alert: CpuUsage
@@ -49,7 +49,7 @@ groups:
     labels:
       severity: warning
     annotations:
-      summary: "CPU sur {{ $labels.instance }} à {{ humanize $value }}%."
+      summary: "Federate : CPU sur {{ $labels.exported_instance }} à {{ humanize $value }}%."
 
   # Check systemd unit (> buster)
   - alert: SystemdServiceFailed
@@ -58,8 +58,8 @@ groups:
     labels:
       severity: warning
     annotations:
-      summary: "{{ $labels.name }} a échoué sur {{ $labels.instance }}"
-  
+      summary: "Federate : {{ $labels.name }} a échoué sur {{ $labels.exported_instance }}"
+
   # Check UPS
   - alert: UpsOutputSourceChanged
     expr: upsOutputSource != 3
@@ -67,7 +67,7 @@ groups:
     labels:
       severity: warning
     annotations:
-      summary: "La source d'alimentation de {{ $labels.instance }} a changé !"
+      summary: "Federate : La source d'alimentation de {{ $labels.exported_instance }} a changé !"
 
   - alert: UpsBatteryStatusWarning
     expr: upsBatteryStatus == 3
@@ -75,7 +75,7 @@ groups:
     labels:
       severity: warning
     annotations:
-      summary: "L'état de la batterie de {{ $labels.instance }} est faible !"
+      summary: "Federate : L'état de la batterie de {{ $labels.exported_instance }} est faible !"
 
   - alert: UpsBatteryStatusCritical
     expr: upsBatteryStatus == 4
@@ -83,7 +83,7 @@ groups:
     labels:
       severity: warning
     annotations:
-      summary: "L'état de la batterie de {{ $labels.instance }} est affaibli !"
+      summary: "L'état de la batterie de {{ $labels.exported_instance }} est affaibli !"
 
   - alert: UpsHighLoad
     expr: upsOutputPercentLoad > 70
@@ -91,7 +91,7 @@ groups:
     labels:
       severity: critical
     annotations:
-      summary: "La charge de {{ $labels.instance }} est de {{ $value }}% !"    
+      summary: "Federate : La charge de {{ $labels.exported_instance }} est de {{ $value }}% !"
 
   - alert: UpsWrongInputVoltage
     expr: (upsInputVoltage < 210) or (upsInputVoltage > 250)
@@ -99,7 +99,7 @@ groups:
     labels:
       severity: warning
     annotations:
-      summary: "La tension d'entrée de {{ $labels.instance }} est de {{ $value }}V."
+      summary: "Federate : La tension d'entrée de {{ $labels.exported_instance }} est de {{ $value }}V."
 
   - alert: UpsWrongOutputVoltage
     expr: (upsOutputVoltage < 220) or (upsOutputVoltage > 240)
@@ -107,7 +107,7 @@ groups:
     labels:
       severity: warning
     annotations:
-      summary: "La tension de sortie de {{ $labels.instance }} est de {{ $value }}V."  
+      summary: "Federate : La tension de sortie de {{ $labels.exported_instance }} est de {{ $value }}V."
 
   - alert: UpsTimeRemainingWarning
     expr: upsEstimatedMinutesRemaining < 15
@@ -115,7 +115,7 @@ groups:
     labels:
       severity: warning
     annotations:
-      summary: "L'autonomie restante sur {{ $labels.instance }} est de {{ $value }} min."
+      summary: "Federate : L'autonomie restante sur {{ $labels.exported_instance }} est de {{ $value }} min."
 
   - alert: UpsTimeRemainingCritical
     expr: upsEstimatedMinutesRemaining < 5
@@ -123,7 +123,7 @@ groups:
     labels:
       severity: critical
     annotations:
-      summary: "L'autonomie restante sur {{ $labels.instance }} est de {{ $value }} min."
+      summary: "Federate : L'autonomie restante sur {{ $labels.exported_instance }} est de {{ $value }} min."
 
 
 {% endraw %}
diff --git a/roles/prometheus-federate/templates/prometheus/django.rules.yml.j2 b/roles/prometheus_federate/templates/prometheus/django.rules.yml.j2
similarity index 100%
rename from roles/prometheus-federate/templates/prometheus/django.rules.yml.j2
rename to roles/prometheus_federate/templates/prometheus/django.rules.yml.j2
diff --git a/roles/prometheus-federate/templates/prometheus/prometheus.yml.j2 b/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2
similarity index 98%
rename from roles/prometheus-federate/templates/prometheus/prometheus.yml.j2
rename to roles/prometheus_federate/templates/prometheus/prometheus.yml.j2
index 0d4c601..52e5a92 100644
--- a/roles/prometheus-federate/templates/prometheus/prometheus.yml.j2
+++ b/roles/prometheus_federate/templates/prometheus/prometheus.yml.j2
@@ -52,4 +52,5 @@ scrape_configs:
         - '{job="ups_snmp"}'
         - '{job="django"}'
         - '{job="docker"}'
+        - '{job="switch"}'
 
diff --git a/roles/prometheus-federate/templates/prometheus/snmp.yml.j2 b/roles/prometheus_federate/templates/prometheus/snmp.yml.j2
similarity index 100%
rename from roles/prometheus-federate/templates/prometheus/snmp.yml.j2
rename to roles/prometheus_federate/templates/prometheus/snmp.yml.j2
diff --git a/roles/prometheus-federate/templates/update-motd.d/05-service.j2 b/roles/prometheus_federate/templates/update-motd.d/05-service.j2
similarity index 100%
rename from roles/prometheus-federate/templates/update-motd.d/05-service.j2
rename to roles/prometheus_federate/templates/update-motd.d/05-service.j2

From 61001e09f52ba9bd34e094ff26981464a129d1b5 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Wed, 17 Feb 2021 18:08:39 +0100
Subject: [PATCH 62/65] Add alert for load usage

---
 roles/prometheus/templates/prometheus/alert.rules.yml.j2 | 9 +++++++++
 .../templates/prometheus/alert.rules.yml.j2              | 9 +++++++++
 2 files changed, 18 insertions(+)

diff --git a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus/templates/prometheus/alert.rules.yml.j2
index e2cb42c..d4eec79 100644
--- a/roles/prometheus/templates/prometheus/alert.rules.yml.j2
+++ b/roles/prometheus/templates/prometheus/alert.rules.yml.j2
@@ -59,6 +59,15 @@ groups:
       severity: warning
     annotations:
       summary: "{{ $labels.name }} a échoué sur {{ $labels.instance }}"
+
+  # Check load of instance
+  - alert: LoadUsage
+    expr: node_load1 > 5
+    for: 2m
+    labels:
+      severity: warning
+    annotations:
+      summary: "La charge de {{ $labels.instance }} est à {{ $value }} % !"
   
   # Check UPS
   - alert: UpsOutputSourceChanged
diff --git a/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2
index 0fd14f5..d05b451 100644
--- a/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2
+++ b/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2
@@ -60,6 +60,15 @@ groups:
     annotations:
       summary: "Federate : {{ $labels.name }} a échoué sur {{ $labels.exported_instance }}"
 
+  # Check load of instance
+  - alert: LoadUsage
+    expr: node_load1 > 5
+    for: 2m
+    labels:
+      severity: warning
+    annotations:
+      summary: "Federate : la charge de {{ $labels.exported_instance }} est à {{ $value }} % !"
+
   # Check UPS
   - alert: UpsOutputSourceChanged
     expr: upsOutputSource != 3

From 0b90c9944b56698185a8e7fe9198efb1fcf0f9be Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Wed, 17 Feb 2021 18:15:31 +0100
Subject: [PATCH 63/65] Fix CI warning from last commit

---
 roles/prometheus_federate/handlers/main.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/roles/prometheus_federate/handlers/main.yml b/roles/prometheus_federate/handlers/main.yml
index d648db2..4214def 100644
--- a/roles/prometheus_federate/handlers/main.yml
+++ b/roles/prometheus_federate/handlers/main.yml
@@ -3,4 +3,3 @@
   service:
     name: prometheus
     state: restarted
-

From b278b02bc2f3d5f5119aba709aca93fcd6dc679c Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Wed, 17 Feb 2021 19:37:33 +0100
Subject: [PATCH 64/65] Remove percentage sign for load alert

---
 roles/prometheus/templates/prometheus/alert.rules.yml.j2        | 2 +-
 .../prometheus_federate/templates/prometheus/alert.rules.yml.j2 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus/templates/prometheus/alert.rules.yml.j2
index d4eec79..028d5d0 100644
--- a/roles/prometheus/templates/prometheus/alert.rules.yml.j2
+++ b/roles/prometheus/templates/prometheus/alert.rules.yml.j2
@@ -67,7 +67,7 @@ groups:
     labels:
       severity: warning
     annotations:
-      summary: "La charge de {{ $labels.instance }} est à {{ $value }} % !"
+      summary: "La charge de {{ $labels.instance }} est à {{ $value }} !"
   
   # Check UPS
   - alert: UpsOutputSourceChanged
diff --git a/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2
index d05b451..f78df48 100644
--- a/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2
+++ b/roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2
@@ -67,7 +67,7 @@ groups:
     labels:
       severity: warning
     annotations:
-      summary: "Federate : la charge de {{ $labels.exported_instance }} est à {{ $value }} % !"
+      summary: "Federate : la charge de {{ $labels.exported_instance }} est à {{ $value }} !"
 
   # Check UPS
   - alert: UpsOutputSourceChanged

From d7d0676f5e82349907b3230e41dc290275705159 Mon Sep 17 00:00:00 2001
From: pz2891 <ziolkowski28paul@gmail.com>
Date: Thu, 18 Feb 2021 17:53:15 +0100
Subject: [PATCH 65/65] Remove .save file; remove fo fleming prometheus

---
 monitoring.yml                       |  2 +-
 roles/prometheus/tasks/main.yml.save | 84 ----------------------------
 2 files changed, 1 insertion(+), 85 deletions(-)
 delete mode 100644 roles/prometheus/tasks/main.yml.save

diff --git a/monitoring.yml b/monitoring.yml
index c81934c..53bdae7 100755
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -1,6 +1,6 @@
 #!/usr/bin/env ansible-playbook
 ---
-- hosts: prometheus-fleming.adm.auro.re,prometheus-fleming-fo.adm.auro.re
+- hosts: prometheus-fleming.adm.auro.re
   vars:
     prometheus_alertmanager: docker-ovh.adm.auro.re:9093
     snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
diff --git a/roles/prometheus/tasks/main.yml.save b/roles/prometheus/tasks/main.yml.save
deleted file mode 100644
index 57945ce..0000000
--- a/roles/prometheus/tasks/main.yml.save
+++ /dev/null
@@ -1,84 +0,0 @@
----
-- name: Install Prometheus
-  apt:
-    update_cache: true
-    name:
-      - prometheus
-      - prometheus-snmp-exporter
-  register: apt_result
-  retries: 3
-  until: apt_result is succeeded
-
-- name: Configure Prometheus
-  template:
-    src: prometheus/prometheus.yml.j2
-    dest: /etc/prometheus/prometheus.yml
-    mode: 0644
-  notify: Restart Prometheus
-
-- name: Configure Prometheus alert rules
-  template:
-    src: "prometheus/{{ item }}.j2"
-    dest: "/etc/prometheus/{{ item }}"
-    mode: 0644
-  notify: Restart Prometheus
-  loop:
-    - alert.rules.yml
-    - django.rules.yml
-
-- name: Make Prometheus snmp-exporter listen on localhost only
-  lineinfile:
-    path: /etc/default/prometheus-snmp-exporter
-    regexp: '^ARGS='
-    line: "ARGS=\"--web.listen-address=127.0.0.1:9116\""
-  notify: Restart prometheus-snmp-exporter
-
-# This file store SNMP OIDs
-- name: Configure Prometheus snmp-exporter
-  template:
-    src: "prometheus/snmp.yml.j2"
-    dest: "/etc/prometheus/snmp.yml"
-    mode: 0600
-    owner: prometheus
-  notify: Restart prometheus-snmp-exporter
-
-# We don't need to restart Prometheus when updating nodes
-- name: Configure Prometheus nodes
-  copy:
-    content: "{{ prometheus_targets | to_nice_json }}"
-    dest: /etc/prometheus/targets.json
-    mode: 0644
-
-# We don't need to restart Prometheus when updating nodes
-- name: Configure Prometheus Ubiquity Unifi SNMP devices
-  copy:
-    content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}"
-    dest: /etc/prometheus/targets_unifi_snmp.json
-    mode: 0644
-  when: prometheus_unifi_snmp_targets is defined
-
-- name: Configure Prometheus UPS SNMP devices
-  copy:
-    content: "{{ [{'targets': prometheus_ups_snmp_targets }]7yk[:Cp_g$#dT'yv!. | to_nice_json }}\n"
-    dest: /etc/prometheus/targets_ups_snmp.json
-    mode: 0644
-  when: prometheus_ups_snmp_targets is defined
-
-- name: Configure Prometheus docker monitoring
-  copy:
-    content: "{{ [{'targets': prometheus_docker_targets }] | to_nice_json }}\n"
-    dest: /etc/prometheus/targets_docker.json
-    mode: 0644
-  when: prometheus_docker_targets is defined
-
-- name: Activate prometheus service
-  systemd:
-    name: prometheus
-    enabled: true
-    state: started
-
-- name: Indicate role in motd
-  template:
-    src: update-motd.d/05-service.j2
-    dest: /etc/update-motd.d/05-prometheus
-    mode: 0755