Merge branch 'master' into logs-first-phase

This commit is contained in:
jeltz 2021-03-13 05:02:30 +01:00
commit f45cd77510
33 changed files with 1408 additions and 932 deletions

7
bdd.yml Normal file
View file

@ -0,0 +1,7 @@
#!/usr/bin/env ansible-playbook
---
# Install and configure bdd servers at Saclay and at OVH
- hosts: bdd
roles:
- postgresql_server
...

View file

@ -2,6 +2,6 @@ FROM python:3.9-alpine
LABEL description="Aurore's docker image for ansible-lint" LABEL description="Aurore's docker image for ansible-lint"
RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
RUN pip install "yamllint>=1.26.0,<2.0" RUN pip install --no-cache-dir "yamllint>=1.26.0,<2.0"
RUN pip install "ansible-lint==5.0.0" RUN pip install --no-cache-dir "ansible-lint==5.0.0"
RUN pip install "ansible>=2.10,<2.11" RUN pip install --no-cache-dir "ansible>=2.10,<2.11"

View file

@ -17,9 +17,17 @@ ldap_admin_password: "{{ vault_ldap_admin_password }}"
ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}" ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}"
# Databases # Databases
postgresql_services_url: 'services-bdd.adm.auro.re' postgresql_services_url: 'bdd-ovh.adm.auro.re'
postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}" postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}"
postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}" postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}"
postgresql_etherpad_passwd: "{{ vault_postgresql_etherpad_passwd }}"
postgresql_kanboard_passwd: "{{ vault_postgresql_kanboard_passwd }}"
postgresql_grafana_passwd: "{{ vault_postgresql_grafana_passwd }}"
postgresql_cas_passwd: "{{ vault_postgresql_cas_passwd }}"
postgresql_drone_passwd: "{{ vault_postgresql_drone_passwd }}"
postgresql_wikijs_passwd: "{{ vault_postgresql_wikijs_passwd }}"
postgresql_nextcloud_passwd: "{{ vault_postgresql_nextcloud_passwd }}"
postgresql_gitea_passwd: "{{ vault_postgresql_gitea_passwd }}"
# Scripts will tell users to go there to manage their account # Scripts will tell users to go there to manage their account
intranet_url: 'https://re2o.auro.re/' intranet_url: 'https://re2o.auro.re/'

View file

@ -1,179 +1,210 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
32313562646230353138303964366135656361616532343933353732313961323339653964353130 64396638346335393963396239326463353436373937386664393164373338376461636666326432
3938346666633565356134343835633964626261363365370a663664663938383731343733386136 3839376164613031613166313535346136396465383365660a376666373138363930393761376166
33356531323762313463326339333963336636353933326537333665313334616563626632336663 35663763316466336162316335623362633131636264663239316264666234393637333931616139
6537363033663935660a613366613962626563643035663330343061353836646561623031323236 3434636563363237300a663032636362343739343363356363643035363431373963316161303666
65313633383063373064613930623530656365396335663363643330636239643937373163623932 30343866336465623738613739333030323537376663383265306237346537313839656137353565
61373136303737333739316565323934376433316362353935363637373264616238373831666438 61303237643462626564346539343933313334663330323565396438663633316239333064376664
35343135383233653963333237393232353631636566373766366664656666313436323535393736 31356233363431313161643131303234616162613164643539643563613339313432333235383863
62323731343261373331393062633030356235313834373861323138663930613332643432386436 61376431316661626465383562386235616166353839616235356366386534393334373064616636
38383038616536316465343561643639353434396631643033633537393265646532613161343732 32623832643533663536626130333234366366366635393038393437313139383061633030653235
32363265643963386538326639353233363438643833306637336431303533396562613863633537 63666366333732626166653831613731363865313461636262346635666363373938316266383738
30303334643137313136633039393463346562306236353566333563633238313865313534326137 33306632353536663138663961623964636436373564376431623165623031353737366539313966
33623036376439653532313833633135326631643361333463633162303065623633636331666661 36373533653139373866666435343730613530646665343333643764666263626433363262313337
62303636653233666164383463356530633464306564383236373832616263653165373937303030 65396332666632323531333364666330366430356437383338303665646233383931306166326435
31323865656436366265303537306438303434613135396166313635656566373539303463393830 35653538643332353536626336323034353630353564633264333334613531363839653362663730
65383636363064333730623161316162373734626433346564333835393030616437636665316566 36326562383934363034363830313139393361363638623139663538653138393533626238303836
37353937626465383439633534316336313931663561336335653761396230393031393839336264 38326561366536353036356163656130633430306635393763663664643936306136346163383237
37623037663032646631656637386366333131356562376665333964393264643133626532653564 37653465656335306565333432643863623762366134313137326138613336323664323333313166
32353235633434656334663233303664613865343039613330663833396162646430623735653434 66363438636161613362346633346434663364396536613932616461613963383339336262313731
66633466306338373061326636366330643639383632353564353865623637303832306332653131 36636432366332356435643266353362333437333131343961336639343234363636353535636464
37343566393965326635613135613134316264616336303233616162313839626235386137343435 39353330643136613463343435623939653964346334616131393566623330386131333262666539
33633336636434343531633362633834376135303337363637303039323038313937646236366265 35656662323332373330353231393462646564393431646238653438386563633365333162656263
34303434373566313730623664653263653466366133363562333736393836393363326665353434 62623536316165316662653832393364316439303865326631636337373365333035336339666666
30333263323366326436623238353335323936346637646130623265366535653737343665373165 31323864303136616365643735306332326237666136306435626534363739373332656332336639
63336166633831623464343862353065653162613934646539396364353162633063303332313266 38343566643062616434656338646235343234333031343038346630306639633732623733313039
65656163396463363737663931353765376337643065646131303264363961366336343432653537 33393965653839396166326565653963303137316666663135373338613265613239643661336537
65306437623535393132343962333666366665316362366536663431646435633166333731303232 62306634326266323662623733346164383039653936326162663165316439653332313730313535
63313337353334623330623862386661306333366638306433373437623835636631376231373636 66613335653463396662626230653232383664363137323462353037303633633666626433306630
66666539363561313166396438343730656230663532633031353336636565343964366136663466 39623933343736616630333539393365396636366331393136343866323766656435613262383938
38316364663936303231633633613832313163646262313238346666336661613236343966353130 65383663663237386631333236363061306131643133336432313035396264346631656264356530
62656237663865306632333130653933633332623061633062363964643130383430613864663935 30663636653434323531343233633431313838636434666537373439333364666635363731316464
63663765356434626661346165653163626565336437613539653536306432376332616430393737 61623666653561623233623131666464396530316439626135653933343531303938313965393438
34366139336363383761366338623236383135373634613239616665343061396633383231663230 30346636363136386264643161666231396533323765343434346633303162383762663763616537
63653331336366666234626662356461663263626465663036326162343239373734346661626665 38656436353661326165393934613235376565316663643930656338333932633664643562633235
61666231613565356633343030343935393135653261376239303037373634386138393463363239 61656232613164643735626439393731626430343437303732393163616432616336323436643737
30356365663133646634333863616230646235656135336330393836353462323630376537366334 63626564363464396561356366616466363035663864306561616164373639376431633264633532
31306330363232326661616666623131383837353139643838326430653561346565393762323936 37316565313636363536666566313663653637333665343036363261373765306233386535326463
31623136656361383039653763613162356530653933376539336130376237396661663664393733 34316461346364323837326462386363313338666563623135376163656330393830663031326536
36396433303339613965316230613237303331646331383239356638333366653961303138343663 35373935636538656566646336633435643830346136663262386463366563613665613032336533
33393664303637333863313364356666383836633063643539333262633565623534323866316537 36373837616132666630393634656232303362613038353764353362303830323536373639306666
38623630363139643837396330353463303932383231663831363763656537386531383531303165 66306230336430666435663061616264343137303564303764356130396434666138373132323066
37366338343063346230656461393832383736636662656666636434363731623437303862636366 33623465663535643736383032396236613632643537633064346631383539366330363436666633
33613333393139613637623963373262323637653531336265333033333135613330313166633738 34323133626638613936636264346662373739616136663165626339326333623365336161653230
36353935383931363535656539333130653164613431616438613432313532373063353738656162 65626131643832306664666364333961633535313164376533343334613666303331333036643431
36616563383133623336396633343762376537663432356238653766666636323232623065313537 65626566613937633137343538323563373737623265353436336234316439316434613962313030
39636632326166323130646633626431323831373963313837613465356436326430616433303662 36366634383633363437373862323764366263623063653932383534353538363866643437303637
65343834663937306539663330366538643265626665613631323036616463313266303237613938 32346533643438323632653830626163666463343366346531383830353833346164313537326332
30613565306636306561643238326138623366343365303934306561623234313332636462383363 62623462316161663731653832653064313436633931393565323631306134613962396338353039
30623432326336396364636164366463326533613665333830656564626663383331323661663934 39323037366235336239646539643265303061623935636263336435653831373463313131343866
35353135323930656138373830623932396138626335343265623738383532333861306561323430 61666265616335356530376633343762343734373539613865333065343066343963383634653436
66333532333961636463656535636132323535313730333762633139306235373031363831363266 34363431356264373166663632643232646261323332636263383065356564383663363439373732
33646635316137616663653461393566303432386330623936633330373461333762356532663062 31636238346661616563646262353962393266613137363536346534313764376666313737306530
39666437363931313861356331653932303132353364623664656364316430653933653935616230 63666263346231353765623130396530623362383165373863383537633464636136313130373566
38376631316463646663626562366233626334323235633235653364623936643131356130343261 33396137366538656430653065373230376236626439316232396630326537653936356461623534
36396535393335366532313930623363663032386635396262363430303466373737633739626435 65623562306131613633373632356264366439373137356132333062343839383132643834323463
30636136396562336561393936353763383732653166353266376165663233626266353638363131 31353034306339663365343234396466396463663634613433663262623038363331363161623831
65323462633039323334613566373434343363633532656534663635363763396265663137636331 33366137643963633066323837363563326137383834346430316262353834353238336264373235
38613736353635613437663133616431396666316230393066343431336535626335373437393039 63353330656166333132306665623835316439623239333539626364313535616230626430313663
63666135353937313765316134326338376161353862373161653039333631306264343464353035 32323335653433303233343336663935653861393961626636623264333030383365623838653862
65353639313134346239646362663836643734373465353866373238613162303336306438376237 37663336346537336530656161613539666431366239666461343139343461613033336535306263
35363934333536376136666561333636653136316435316530366461306636333063313739626630 66326365663132333165666239306532386338323237653832363763386464333634383731393033
37633333333766613663636466373364663132613266343136376138663461383832356631303132 31666431366432303036313765616432353061616462393236383131373938353238613966383232
30363434336161393962363636313364663839383734373533356663343733333731613535646433 35376635326534386533653834353966633765303165633036343133393836316637313531636333
64396361643736653931336365313338313633383038306131333863306437386362633263646364 32376532383865323731306237633565663032666631616463636237313938663034396363373632
36656566326333333136636566613066623362363263373435356162396431396334386237383231 62613030666166343262333865636363346131393664373633313064656463366533336335316435
30326465646334613235666435613462633230353434653666336364646466613066346366376262 31653531366436646365636139663236393464636366666334336433396365663634336263323835
66633863333461626631383961663930383663666538613162643730323565653732386330613538 64653634326638393133346335343665343265333133363236343566366561653831313561326239
38666164353130386530376332643637333931313661633634303636643639613561643338373331 66393663336632333931383766633966333763333632393633353537333834643465373237386435
63333932306634313933366533623837613934366334396637396361623439383964333665383435 33366638643861386431313030623465633938313932326264396136353336653163373636633762
62316265356537616137643537366666336634393935613034393737313930333364323031653234 35313463313066373236623466356333616238343034616436333437363033343436353265613932
37366561356332666439623462396266623961653039626562393065393336643962373064343563 36646538663734346434313861363664316538663766383462633434343666343230306261663231
36346665666338623931343739386531343833386135356164303532643463346565316163656633 33643031313432333330363664396438663933636465303731373065386539363762353530323063
32616365623065626139383362613466633332666133313263393062373338653834363830333039 34383434393062623037356637323264663961383166373736376136336237613662363038343931
62626230343362393533633061663432363836616539643065643839623065633363393134643534 39393766323163333431373466303739363566623464646532666330653132376466346136303735
63343935376537393739333063333333386239663763383435633234376434366362616433363162 30303537353863623164373362306334333134616364323366326636323463346461326366303034
34363539633661633333306133363433313761303138363864373266333461303139613362663937 33646230333263366137313234646265653339326533666361363632653166326364336639333131
39626332356139396330393361613364643363366164376234316266316164393035386334366362 66346234366334316539343734633164656132343130303939613030346263616632616434653362
36373065626530333237636139336163623766623561656234333239646263626164323134633434 66316165626236343464373631623034396634313637303737643165303939333130313333393732
63326635393665333533383562633438303036616262366435373739386430353964333265393732 34663134373864626466376332373731393039336336383937646535666362386666663765623132
66643838303566626131323834646564613830333937616264383864316666343333396636303836 66313363313162323663356230383231376539363732396630623061663361373866316432623066
38633335656536653334626530303835623531666665326533303535313164323836373365636265 36643739363361373833616237353664313666613036666161623935343233346266626165393134
65393061363933373931396134623264643065633534313566346336343862346537343437363765 32346361323462393830366161646630303836376431316566613631343938316362383663343233
62663264376266326538616330376633353832353234653661613964373231666562326466663934 64376265353166303032373664336632616337353339643061623661663066363433616239356561
38393931643736626332623461613737383463663935656263656233306437653331343838343865 34633339323161396466663435396565383636653830373865346363333531396637633332653866
64343239636166343134336261656162393938396633376663366466653634373566336165323237 38633535333035343630323633363564613030653834333538616461653566636638646137396266
34386137313961653739393231616532346664366138356631353030623236343535363435636462 66613235306361653463643532313435383366326430383031306665373764643632653962623535
32323564306339396437633763613535393230386631616166656539373861386633363464653439 61363438336136383635386336363533613863346264353530303565353761626466636136306335
34323134626334356631623764356232366337646236313031336138333636633834353463363961 31383035326163393563383038383037353037666661363531633836376638393935336639333761
32316664383038633330383765356563353062303133333133336365346561643234386161383461 62333030326639623034326331643033326431396337376630333937623063313634353032326530
39323964303061313461386333613961396533646161663230666466616231386239386666306233 66393261663331313139643232313661356664653536326665363065646163626236306637666163
39343239323739323738373263313662336237346663663432343861343034633463386163303366 33373837343331306632623865316461336466656131303638303035366564336330613234616535
38333537626232663438383230623032623765336164653438653434396362633063333437366338 35356361623634646163646436623364353539623131333966383632383566313363613032393363
34373431323539306531323536363238333037643337626131336631356537626237656630393964 65313136383834366564643234643039386664376362353435613433373266616261633263386334
38393736633433306632323334613232303162313962616334376130353931336337303462363266 34616633653735373361656461363462636666656661326637363262363539613164336464336631
39643137643034396564303531346361336134353461653535336165323032323238663631653935 31326535626635333662346433656262633031643134623862653831643333396633363062356361
38366339366436376166333335663230306663633634336434323532316664666134313365323834 37343530643633663261323037333830393737366134303035333232343232333835653731623332
31363964346561373262393632366637396633323332393162666166326631383164643265353135 62333739346563353737386664663864343561306164333432306231626233646131333264656666
34303664353434373131653530346634386333663732373966613761616261323032336266646163 30356138376336373436333732383835303230323039326165633834336634626162326439613961
32663966656464633565356337653534623962663939333033613933633965666339653764663134 39613435326330383662373732373537633535633032366131633062386332343264363135383038
38363965393730633638653561393432303835303164396462366435353030643966316665333061 63643661653838636565616239353566636137656139323265326534386434306333343631353762
39643634646137626338323537393031356532616637666634333139396630663930636235333735 32616466323663653564363832613265323534336664353965363138623762376539346338316135
66336465666439356636623037653564393161393432346534656132346631396462356463336566 65303334313362303532653438313837336334333831343331396563626131633937386437333133
30303833386638333866396462633330306439613139636331636331333663386438623461343133 36663834303337666461313564366561353265363263316438303235393465646434663961646137
30643164366434353765633738356536643861303232393362343131353730376364623463326361 37646332306539393162633339643434396531663534633763616433326363383332373233636437
37363061623333653466636438666465616133396233616430393265626362663736613031383764 61643037396361623938386466313736313235323165343964346463346339626632383535323630
63353065306166646461623763643062383738376266353765643134376538393233383663346237 33396135303434666233353631616436653262646136623035376232316264343930626435303634
37643639663063383266373536323533343936633134386263616163343637613636303134343037 32646133303963343239383931653631653036353535333665373536366464366466646330656466
34626232303335393532643134646132323463396333386664333731646331343937363661323539 66623136333437346637343534396430313838636665663933376263623362363134396330356566
65663936366464643162633432666537393439313664643638343237653566613235353165663336 37616361326463323164663036386439373539663164393038663636643166383131616164643765
32373037346239356337633036306138343366666463363538373836616530313565613562383433 63303339653835353161663637323138376233613265373461316430353331633938336662656464
64616263626165343938363230613039356137643665653734366533393033316363663036363738 66613464666634363931303232326461653239396234303863386533333832663530346261353135
66323663663366666162623734363465663939383830396533383665393139633530616263663136 63656636306539353139353763663461336630373463353162623566383230366366653665326166
64333132633031623835373831636366643831626235303831313761653734666365386462393534 31393333376434313039396234393839643863346363383535653465323261666432633935336135
66303332656561653162636636313439663633396638353638363465663138353866376636326634 63363864386135313438373532353266353334616635653433613765393265363465656439356139
63613865613466326230323564323439393061653664393261373531306235333663373434636262 30643864343166353263633262663036613766396633343564363633303165373631633965373730
62353132653333313635653633346461323165373862343839316539653038633664353830643234 64636561663438646562363765623435313866303534623038383731396638306536323732626231
36633763653738323732386263643461333761306532303534663763323735636563366266653464 63343538616631363736336164316531653137646537303436343336653434646133336534356539
66636236393033613736656562663661346162316164616663306465623431613133633130383136 64306139643537393361666161623261353763646631386361666637656137633266343238656632
35313434346164653163396137383064656538353766653237646237663639663039663665666236 32333866666233636164313131363666376261663930653330393436666464653731333164643836
62346139633234343735303762653030326333333764356562656435623330663066353333326239 63386163363463343737386338653636323230653336393765386538393563356435646439626565
39646465393362323537343766366432323765363139643361643037373739643636623437386636 38623439623364326634616639303734383330613133393665643963313932316365656563383039
32353233303337623136343062623633306361383737303431613663633163643832343434656335 61643739333434366162663438613966343534393438373135643064623465386236353632646562
39633434393466646366376534333865633361333861653366316238626637363537303335363662 64346137393231313461393436626335626461343661653430396536373437306336666630313934
61353830303733623665643864333134623062356334616331363565333235666261653732633264 38616638336638303530346164663033613332366133656435656131356262343635386136636361
62663238663461343738303764303636366638393830623264613730303635623635626364646464 39623161383636373664396535366531396231643162353938663230373762626633663638343937
35623239356235316136343532616638663930313565383264663936633733386663326161623830 66326533386564353336366561316361646333393130316530366434383931666661646636373835
62626634313963323866653432343561303233343035353433613731353538356438613033346638 64323135356630656134366231646130626162356237613337386232636333383261376535653032
33613466656633626261326465336437613630376335663933303061393731313065636131393762 36366338636565616537313337323964613030393035393839626134373135646663636263633964
65613037653363636235613838613535316635613066393436356537633662313539323163613361 66623036633266623566646566386234356562396164366166656230663738633665333531653730
36356632323634363335366665376663346565393439313031636331633235333664663830636135 61383263656235313463666439666563656432363332616633646139363135316638613464383239
64653266616262336437623731383161383437613461323837653066656233643230663064616432 32633732653837326332326363326265336130633065623963636338323662383234623438623333
65383337323333633465316533623465303735396430326334643634626436303263396534356335 64653038323566326366336634313637363132343030633966313363646665313835343833376632
34373134653232303866386433643864363536643138353965323130616338353731633434326361 39616364616236396265643232336365356235333064323432326561633730386533633064393832
66303133353264343664323435653133383431626263373237613631616235666465616333343937 33313838373236386463366162386437356365346631633639613436356635396238646361376434
37323333653565363665376236396232393132336137346461613831623063326631636335333365 34626238333366343831393364653064656166396535343133343131316537653263646239323061
65376538396265313732323932383061633464393630393563386163393230623238633938396535 65393761326462656265393235663037323638333831623733323430623238626234303031303866
34333330386131353336646361313634353862663762653234373235366565343232306432653731 64336130333164306530333062343161653532383031336464363237656264363665373739626630
61383863306632626463653831383735636233623966353130626634366638626236383864316531 64353861383364386632613335646562623535353031303831653436633330663337613338666331
37353062336539626531356133313132663330663135393930356565323364353761393439373533 37396466633231303032656334313033633865636231613564303733633462366162383835623563
61366465313462313033306631333432646163653832363564313838643362316263353562373262 32616439333064663234663037623832633933303664383732646238376465353763646637623137
33343664666230303065373836306663643135303439356362336634346637353438633364306365 66623664333364653039326431333439373934383735316231373164376365646231353935623664
30623332363436353865633738663464636132306134386465306164363333386338323433643163 64653839613332626638623039366165356630383539333736383738326561313838383131633236
37626235303062393933393363656339636139323464373439363765316266646536316336666163 30306537383865326533623337346138376533376137336536343163326534396564656130326361
34306262326238343937623432643262646263666266623933623565363535326235623637396237 61623063636138323965643737313262616532346533333137346232396561373735376130356132
64623961663037653033383933333062393932613933303962326538333739303731363137623365 37646639383430336637646134353732323262333732323434353265376262353039633963313061
30363030353433646133666166383938356232396331656165343531343232613934663834633464 63363663353532633437333335306662313133306565623537666232353665333631653263663463
36353331373233393861636131393238363031383135613633373665613364373466356663376431 63656264333064333662343836366131333534386662303933336665353361663938346430653264
66303331383837663261313838363266656164633836623661326331356566653938306266376632 66383539643537313436373434363536376137333636363833626361376131633537643334383864
63613238356135373938663030343634393566653963306237303138626461613931356565663835 34626264666437323930396562626134653063396533323139616264313063343535623636626238
64386433613937643730396130663333646334386336613864333533626661626166346232333964 38366437626534376364623535613432313636366332353830616238666534363561646438343235
66316664346231376639393132613936323261383131633737386331343966363961633237666334 62613664313631643137643765626437363962636137343765343562613761396266626461393236
38353363383761333439373437623937393534626435386262383732363833346166656233666332 63613134303065623031396231366130373432633738393139393331323764623963346565373839
62636130323536663432633434646666303664393130626437636132316264613535306463623964 64356439663964333032366363343461353130326136363731386535313661663135303237386638
30633030613665343631373366363737313130666337326230633631646461356362363963306361 39336531333064613731323066376461373732323437386462353432613464663666363832653866
64393639353339303436346438313833333432356666666339613666623132636235383866343838 62666461313734643562346335393434653933313661336236383933363738323066636562363230
36666263343538633537303665616366656363373736306235333264336466313939356131303561 34666136626566376264623734393837353466616461666132623333656135346534646462633739
33363030653966316232313933323665663330303338366333656536623861623537313266383565 36363331383337343561326536303263303739656562653536363234636130633563663161353631
65633866663665393635646531353539623362646663356664333866623432333465333335333333 66613338323461623534613935396638343230643330636562353936343333383834303466643939
31616262356537646261373166343665633238633235373335343134393366663462393465643135 36346532663237616132633166323630623434353338366534373366326234366566383931343837
35326336613835663132343233386564373462353561333066323631313664373865323233653336 34613134646563383662656533666163653265326433643832626435663361336361376362633938
65333731336565633664636562326365343263373263373162653239633964396138616335616230 38326235383664653366353162393034323866653339383139306630663835306537663563366231
63376562383064663330363562306338346465666563306365306639353632396633323830353337 35306362663930326133363835643262393439346437653935343030653161303361303939323235
65666233376239333436633566623535383065646235353832363030303565623531333539613864 34363438313763623934613534613334333464366361323164323337316531303332663433376363
63393339656238323466343564333134636164383062613138656138373936636531636166393062 39326239653731653766303135343437333431636362666231393938316634663631353539386463
32613431636233316533353937326234663336343231313630393037313663383034383238346562 66623730356336633536336634313264336236633664303864373735663837316563363666363037
36383264626366383835623261643562323037303661383832323939363939623038626664393530 39303330623765316334666132326134376636303633393736343030323837383666333832613937
65353061313266633764353331313532383766613735333131373365366336306139343265306634 31383033663638373666626336636539636665386465666237323232643466383236313262383235
66313435313965633362356563313763653634643362616138633832633136333362343731346166 63303866366162393434633631323539633565363036326264376339666637316133376537633163
34613431653134363732353833643962636431623036393935666237663833373934373438666434 66353264353337653733353034643030333932313463393132396632353030656134313064326466
36633538306632383439323465636665303863646532653165666638316137633738363736386633 65636330346433643732313033643032393261313736343533636535643439336530663261353961
33303234306531356136316463353232303737323661333430333137636633306131316434376665 63326231643131613665306563646331323536396232633366313036623136623636376336383438
64323633383735313536373534626331356631316464643530363866633730353239346633396364 31363764323335666464623330333265386236643038353164303863356261653634316536303734
36323437306165363465613365383666353037313333653230316234626439623964343336343762 33356630346666393539393931393661656666386635663965346537353365396330613061663939
66343831343133343330336536613134303836626434663731343636613835623364633236653962 37386638653737383434393438366661303337636263666665373935316439386363663936646639
63356635363239663533336265306261393337313136313937356662616231636461373230376232 65333532636161353538363161363138356364303661396166643435386234336132393733663562
64313738333966633265626166653266313932666134356235373238376530303437646464333364 64383030656332343736626161653034333539343562303530336165373961356532663234366237
31613631386335356561363938323831313061373566323638663864393266656361366463353736 38666632616439343437333366623362626339363535623162303437306334643731633662343162
63386361373737383837336435633562626566656666373737313464323466313364626466633537 32623537383966623866613361383266353936643462613964646139653532633864643931376631
6661656232313066363235616364646663623039386561636332 62633433613435356561316536663364656639373733646539316566373334636133383936303166
64366139616164636336303930306138316161306563623366633130386662306163386361353464
30393231666266383064343234636430356564323534353339396637636632303962633665363661
63303733333137393261316436373864333734613136373633343564373537653935366333363464
63346430643030323039343539356364313635653863373465303134353361653664333333356132
37623062333663323135613133373662626663353838623233386166623739656535613732636564
63333937613233643035353136386463376661346131616562393236623338636661636661373166
62663962666237613431396436343434353031303165363130663163616633336134353430326634
66383463363266346630646339643563633235623065666265643066313134383534666530356561
62373737313834373239396262663463613835643737383439653837376135303733366436333733
36363436386233663135646134386462306434303339656632313562623037633664346562323034
33303833373733383338306333323561656333313430323136326234343032323034646663333436
30316661636237333266656430376535366135353534633932356135383333646261663935363734
30666263643265306434333535346330313231386339363865643862366639663832366431663161
37646632376633323862303764363437613332643131623138393330353633323634303337616431
66336366646138653737333137396338646138613339336466356537626461346330646434613933
61633835653235333637623635353565376331623464636137393861633064353739323262653166
66393533656435306530653034313034356231616563393438333162393630306462313530353535
31656537626163316535376234393236336631366262666539613337633461396134396563326532
30386538383136356632653962643538613261356462323637316335323864613133316364663933
37633661306635323361336639633561663738396133623362316437303733313838313332303264
36363932633136373762363762303933306637646230303564313965383335386333646161353261
31663836366639326438626463326631343162616537653266366334343538643634663831343736
61626666616463303034323730653966383365613637633539646263396238656630333766633134
37326438366434333066666334323137343635396464366430633931366335353231643630383161
64353034313338346162653237666266333466313630313363636135393433653761326134353464
62306233663930383166313033373561366231313865303662316662663236343638383731633132
62663061613837633833613737666633343063333963626265303236366365303736636361336337
35666536383738636239626139633031376262306165386362386462346330386334333331376338
30386235333963333732343930613562316464323632663638323536613232666230303631336436
37643131353437393661663934306332343037323866656665613436393237333236636661333064
62303063393239373065346461326464396232356531393932623739643835356637

View file

@ -0,0 +1,70 @@
---
postgresql:
version: 13
postgresql_hosts:
- database: etherpad
user: etherpad
net: 10.128.0.150/32
method: md5
- database: codimd
user: codimd
net: 10.128.0.150/32
method: md5
- database: synapse
user: synapse
net: 10.128.0.56/32
method: md5
- database: kanboard
user: kanboard
net: 10.128.0.150/32
method: md5
- database: grafana
user: grafana
net: 10.128.0.150/32
method: md5
- database: cas
user: cas
net: 10.128.0.150/32
method: md5
postgresql_databases:
- synapse
- codimd
- etherpad
- kanboard
- grafana
- cas
postgresql_users:
- name: synapse
database: synapse
password: "{{ postgresql_synapse_passwd }}"
privs:
- ALL
- name: codimd
database: codimd
password: "{{ postgresql_codimd_passwd }}"
privs:
- ALL
- name: etherpad
database: etherpad
password: "{{ postgresql_etherpad_passwd }}"
privs:
- ALL
- name: kanboard
database: kanboard
password: "{{ postgresql_kanboard_passwd }}"
privs:
- ALL
- name: grafana
database: grafana
password: "{{ postgresql_grafana_passwd }}"
privs:
- ALL
- name: cas
database: cas
password: "{{ postgresql_cas_passwd }}"
privs:
- ALL
...

View file

@ -0,0 +1,50 @@
---
postgresql:
version: 13
postgresql_hosts:
- database: nextcloud
user: nextcloud
net: 10.128.0.58/32
method: md5
- database: gitea
user: gitea
net: 10.128.0.60/32
method: md5
- database: wikijs
user: wikijs
net: 10.128.0.66/32
method: md5
- database: drone
user: drone
net: 10.128.0.64/32
method: md5
postgresql_databases:
- nextcloud
- gitea
- wikijs
- drone
postgresql_users:
- name: nextcloud
database: nextcloud
password: "{{ postgresql_nextcloud_passwd }}"
privs:
- ALL
- name: gitea
database: gitea
password: "{{ postgresql_gitea_passwd }}"
privs:
- ALL
- name: wikijs
database: wikijs
password: "{{ postgresql_wikijs_passwd }}"
privs:
- ALL
- name: drone
database: drone
password: "{{ postgresql_drone_passwd }}"
privs:
- ALL
...

11
hosts
View file

@ -29,15 +29,16 @@ stream.adm.auro.re
re2o-server.adm.auro.re re2o-server.adm.auro.re
re2o-ldap.adm.auro.re re2o-ldap.adm.auro.re
re2o-db.adm.auro.re re2o-db.adm.auro.re
services-bdd-local.adm.auro.re #services-bdd-local.adm.auro.re
backup.adm.auro.re backup.adm.auro.re
services-web.adm.auro.re
mail.adm.auro.re mail.adm.auro.re
wikijs.adm.auro.re wikijs.adm.auro.re
prometheus-aurore.adm.auro.re prometheus-aurore.adm.auro.re
portail.adm.auro.re portail.adm.auro.re
jitsi-aurore.adm.auro.re jitsi-aurore.adm.auro.re
log.adm.auro.re log.adm.auro.re
bdd.adm.auro.re
bdd-ovh.adm.auro.re
[aurore_testing_vm] [aurore_testing_vm]
pendragon.adm.auro.re pendragon.adm.auro.re
@ -50,7 +51,7 @@ horus.adm.auro.re
[ovh_container] [ovh_container]
synapse.adm.auro.re synapse.adm.auro.re
services-bdd.adm.auro.re #services-bdd.adm.auro.re
phabricator.adm.auro.re phabricator.adm.auro.re
wiki.adm.auro.re wiki.adm.auro.re
www.adm.auro.re www.adm.auro.re
@ -509,3 +510,7 @@ reverseproxy
[reverseproxy] [reverseproxy]
proxy-ovh.adm.auro.re proxy-ovh.adm.auro.re
proxy.adm.auro.re proxy.adm.auro.re
[bdd]
bdd.adm.auro.re
bdd-ovh.adm.auro.re

View file

@ -4,6 +4,7 @@
vars: vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093 prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}" snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json # Prometheus targets.json
prometheus_targets: prometheus_targets:
@ -18,6 +19,7 @@
vars: vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093 prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}" snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json # Prometheus targets.json
prometheus_targets: prometheus_targets:
@ -27,6 +29,7 @@
- targets: "{{ groups['pacaterie_unifi'] | list | sort }}" - targets: "{{ groups['pacaterie_unifi'] | list | sort }}"
prometheus_ups_snmp_targets: prometheus_ups_snmp_targets:
- ups-pn-1.ups.auro.re - ups-pn-1.ups.auro.re
- ups-ps-1.ups.auro.re
roles: roles:
- prometheus - prometheus
@ -34,10 +37,12 @@
vars: vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093 prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}" snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json # Prometheus targets.json
prometheus_ups_snmp_targets: prometheus_ups_snmp_targets:
- ups-ec-1.ups.auro.re - ups-ec-1.ups.auro.re
- ups-ec-2.ups.auro.re
prometheus_targets: prometheus_targets:
- targets: | - targets: |
@ -51,6 +56,7 @@
vars: vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093 prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}" snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json # Prometheus targets.json
prometheus_targets: prometheus_targets:
@ -67,6 +73,7 @@
vars: vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093 prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}" snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json # Prometheus targets.json
prometheus_ups_snmp_targets: prometheus_ups_snmp_targets:
@ -84,11 +91,15 @@
vars: vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093 prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}" snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json # Prometheus targets.json
prometheus_targets: prometheus_targets:
- targets: | - targets: |
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }} {{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
prometheus_switch_snmp_targets:
- targets:
- yggdrasil.switch.auro.re
roles: roles:
- prometheus - prometheus
@ -96,6 +107,7 @@
vars: vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093 prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}" snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json # Prometheus targets.json
prometheus_targets: prometheus_targets:
@ -121,7 +133,6 @@
- prometheus-rives.adm.auro.re - prometheus-rives.adm.auro.re
- prometheus-aurore.adm.auro.re - prometheus-aurore.adm.auro.re
- prometheus-ovh.adm.auro.re - prometheus-ovh.adm.auro.re
- prometheus-federate.adm.auro.re
roles: roles:
- prometheus_federate - prometheus_federate

View file

@ -1,3 +0,0 @@
#!/bin/sh
# {{ ansible_managed }}
uname -snrvm

View file

@ -9,8 +9,6 @@
- aptitude # nice to have for Ansible - aptitude # nice to have for Ansible
- bash-completion # because bash - bash-completion # because bash
- curl # better than wget - curl # better than wget
- emacs-nox # for maman
- fish # to motivate @edpibu
- git # code versioning - git # code versioning
- htop # better than top - htop # better than top
- iotop # monitor i/o - iotop # monitor i/o
@ -18,29 +16,21 @@
- lsb-release - lsb-release
- molly-guard # prevent reboot - molly-guard # prevent reboot
- nano # for vulcain - nano # for vulcain
- net-tools
- ntp # network time sync - ntp # network time sync
- oidentd # postgresql identification
- screen # Vulcain asked for this - screen # Vulcain asked for this
- sudo - sudo
- tmux # For shirenn - tmux # For shirenn
- tree # create a graphical tree of files - tree # create a graphical tree of files
- vim # better than nano - vim # better than nano
- zsh # to be able to ssh @erdnaxe - zsh # to be able to ssh @erdnaxe
- dnsutils # dig
update_cache: true update_cache: true
register: apt_result register: apt_result
retries: 3 retries: 3
until: apt_result is succeeded until: apt_result is succeeded
# Pimp my server - include_role:
- name: Customize motd name: update_motd
copy:
src: "update-motd.d/{{ item }}"
dest: "/etc/update-motd.d/{{ item }}"
mode: 0755
loop:
- 00-logo
- 10-uname
- name: Remove Debian warranty motd - name: Remove Debian warranty motd
file: file:

View file

@ -21,4 +21,4 @@
user: root user: root
key: "{{ ssh_pub_keys }}" key: "{{ ssh_pub_keys }}"
state: present state: present
# exclusive: True exclusive: true

View file

@ -0,0 +1,5 @@
---
postgresql_hosts: []
postgresql_databases: []
postgresql_users: []
...

View file

@ -0,0 +1,6 @@
---
- name: restart postgresql
service:
name: postgresql
state: restarted
enabled: true

View file

@ -0,0 +1,74 @@
---
- name: Install postgresql and psycopg2
apt:
update_cache: true
pkg:
- postgresql
- python3-psycopg2
state: present
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Ensure main postgresql directory exists
file:
path: /etc/postgresql/{{ postgresql.version }}/main/
state: directory
owner: postgres
group: postgres
mode: 0755
- name: Ensure configuration directory exists
file:
path: /etc/postgresql/{{ postgresql.version }}/main/conf.d
state: directory
owner: postgres
group: postgres
mode: 0755
- name: Configuration of postgresql {{ postgresql.version }}
template:
src: postgresql/{{ item }}.j2
dest: /etc/postgresql/{{ postgresql.version }}/main/{{ item }}
mode: 0640
owner: postgres
group: postgres
loop:
- pg_hba.conf
- postgresql.conf
notify:
- restart postgresql
- name: Create databases
become: true
become_user: postgres
postgresql_db:
name: "{{ item }}"
encoding: UTF-8
lc_collate: en_US.UTF-8
lc_ctype: en_US.UTF-8
template: template0
loop: "{{ postgresql_databases }}"
- name: Create users
become: true
become_user: postgres
postgresql_user:
db: "{{ item.database }}"
name: "{{ item.name }}"
password: "{{ item.password }}"
no_log: true
loop: "{{ postgresql_users }}"
- name: Grant privileges to users
become: true
become_user: postgres
postgresql_privs:
db: postgres
type: database
role: "{{ item.name }}"
privs: "{{ item.privs | join(',') }}"
obj: "{{ item.database }}"
no_log: true
loop: "{{ postgresql_users }}"
...

View file

@ -0,0 +1,20 @@
{{ ansible_managed | comment }}
# TYPE DATABASE USER ADDRESS METHOD
# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local all postgres peer
# "local" is for Unix domain socket connections only
local all all peer
{% for host in postgresql_hosts %}
host "{{ host.database }}" "{{ host.user }}" {{ host.net }} {{ host.method }}
{% endfor %}

View file

@ -0,0 +1,695 @@
{{ ansible_managed | comment }}
# -----------------------------
# PostgreSQL configuration file
# -----------------------------
#
# This file consists of lines of the form:
#
# name = value
#
# (The "=" is optional.) Whitespace may be used. Comments are introduced with
# "#" anywhere on a line. The complete list of parameter names and allowed
# values can be found in the PostgreSQL documentation.
#
# The commented-out settings shown in this file represent the default values.
# Re-commenting a setting is NOT sufficient to revert it to the default value;
# you need to reload the server.
#
# This file is read on server startup and when the server receives a SIGHUP
# signal. If you edit the file on a running system, you have to SIGHUP the
# server for the changes to take effect, run "pg_ctl reload", or execute
# "SELECT pg_reload_conf()". Some parameters, which are marked below,
# require a server shutdown and restart to take effect.
#
# Any parameter can also be given as a command-line option to the server, e.g.,
# "postgres -c log_connections=on". Some parameters can be changed at run time
# with the "SET" SQL command.
#
# Memory units: kB = kilobytes Time units: ms = milliseconds
# MB = megabytes s = seconds
# GB = gigabytes min = minutes
# TB = terabytes h = hours
# d = days
#------------------------------------------------------------------------------
# FILE LOCATIONS
#------------------------------------------------------------------------------
# The default values of these variables are driven from the -D command-line
# option or PGDATA environment variable, represented here as ConfigDir.
# All changes to this section REQUIRES restart
# use data in another directory
data_directory = '/var/lib/postgresql/{{ postgresql.version }}/main'
# host-based authentication file
hba_file = '/etc/postgresql/{{ postgresql.version }}/main/pg_hba.conf'
# If external_pid_file is not explicitly set, no extra PID file is written.
external_pid_file = '/run/postgresql/{{ postgresql.version }}-main.pid'
# write an extra PID file
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
listen_addresses = '0.0.0.0, ::'
# listen_addresses = * # listen to all
#listen_addresses = 'localhost' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
#superuser_reserved_connections = 3 # (change requires restart)
unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories
# (change requires restart)
#unix_socket_group = '' # (change requires restart)
#unix_socket_permissions = 0777 # begin with 0 to use octal notation
# (change requires restart)
#bonjour = off # advertise server via Bonjour
# (change requires restart)
#bonjour_name = '' # defaults to the computer name
# (change requires restart)
# - TCP Keepalives -
# see "man 7 tcp" for details
#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds;
# 0 selects the system default
#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds;
# 0 selects the system default
#tcp_keepalives_count = 0 # TCP_KEEPCNT;
# 0 selects the system default
# - Authentication -
#authentication_timeout = 1min # 1s-600s
#password_encryption = md5 # md5 or scram-sha-256
#db_user_namespace = off
# GSSAPI using Kerberos
#krb_server_keyfile = ''
#krb_caseins_users = off
# - SSL -
ssl = on
#ssl_ca_file = ''
ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
#ssl_crl_file = ''
ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
#ssl_prefer_server_ciphers = on
#ssl_ecdh_curve = 'prime256v1'
#ssl_dh_params_file = ''
#ssl_passphrase_command = ''
#ssl_passphrase_command_supports_reload = off
#------------------------------------------------------------------------------
# RESOURCE USAGE (except WAL)
#------------------------------------------------------------------------------
# - Memory -
shared_buffers = 128MB # min 128kB
# (change requires restart)
#huge_pages = try # on, off, or try
# (change requires restart)
#temp_buffers = 8MB # min 800kB
#max_prepared_transactions = 0 # zero disables the feature
# (change requires restart)
# Caution: it is not advisable to set max_prepared_transactions nonzero unless
# you actively intend to use prepared transactions.
#work_mem = 4MB # min 64kB
#maintenance_work_mem = 64MB # min 1MB
#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem
#max_stack_depth = 2MB # min 100kB
dynamic_shared_memory_type = posix # the default is the first option
# supported by the operating system:
# posix
# sysv
# windows
# mmap
# (change requires restart)
# - Disk -
#temp_file_limit = -1 # limits per-process temp file space
# in kB, or -1 for no limit
# - Kernel Resources -
#max_files_per_process = 1000 # min 25
# (change requires restart)
# - Cost-Based Vacuum Delay -
#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables)
#vacuum_cost_page_hit = 1 # 0-10000 credits
#vacuum_cost_page_miss = 10 # 0-10000 credits
#vacuum_cost_page_dirty = 20 # 0-10000 credits
#vacuum_cost_limit = 200 # 1-10000 credits
# - Background Writer -
#bgwriter_delay = 200ms # 10-10000ms between rounds
#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables
#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round
#bgwriter_flush_after = 512kB # measured in pages, 0 disables
# - Asynchronous Behavior -
#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching
#max_worker_processes = 8 # (change requires restart)
#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers
#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers
#parallel_leader_participation = on
#max_parallel_workers = 8 # maximum number of max_worker_processes that
# can be used in parallel operations
#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate
# (change requires restart)
#backend_flush_after = 0 # measured in pages, 0 disables
#------------------------------------------------------------------------------
# WRITE-AHEAD LOG
#------------------------------------------------------------------------------
# - Settings -
#wal_level = replica # minimal, replica, or logical
# (change requires restart)
#fsync = on # flush data to disk for crash safety
# (turning this off can cause
# unrecoverable data corruption)
#synchronous_commit = on # synchronization level;
# off, local, remote_write, remote_apply, or on
#wal_sync_method = fsync # the default is the first option
# supported by the operating system:
# open_datasync
# fdatasync (default on Linux)
# fsync
# fsync_writethrough
# open_sync
#full_page_writes = on # recover from partial page writes
#wal_compression = off # enable compression of full-page writes
#wal_log_hints = off # also do full page writes of non-critical updates
# (change requires restart)
#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers
# (change requires restart)
#wal_writer_delay = 200ms # 1-10000 milliseconds
#wal_writer_flush_after = 1MB # measured in pages, 0 disables
#commit_delay = 0 # range 0-100000, in microseconds
#commit_siblings = 5 # range 1-1000
# - Checkpoints -
#checkpoint_timeout = 5min # range 30s-1d
max_wal_size = 1GB
min_wal_size = 80MB
#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0
#checkpoint_flush_after = 256kB # measured in pages, 0 disables
#checkpoint_warning = 30s # 0 disables
# - Archiving -
#archive_mode = off # enables archiving; off, on, or always
# (change requires restart)
#archive_command = '' # command to use to archive a logfile segment
# placeholders: %p = path of file to archive
# %f = file name only
# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
#archive_timeout = 0 # force a logfile segment switch after this
# number of seconds; 0 disables
#------------------------------------------------------------------------------
# REPLICATION
#------------------------------------------------------------------------------
# - Sending Servers -
# Set these on the master and on any standby that will send replication data.
#max_wal_senders = 10 # max number of walsender processes
# (change requires restart)
#wal_keep_segments = 0 # in logfile segments; 0 disables
#wal_sender_timeout = 60s # in milliseconds; 0 disables
#max_replication_slots = 10 # max number of replication slots
# (change requires restart)
#track_commit_timestamp = off # collect timestamp of transaction commit
# (change requires restart)
# - Master Server -
# These settings are ignored on a standby server.
#synchronous_standby_names = '' # standby servers that provide sync rep
# method to choose sync standbys, number of sync standbys,
# and comma-separated list of application_name
# from standby(s); '*' = all
#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
# - Standby Servers -
# These settings are ignored on a master server.
#hot_standby = on # "off" disallows queries during recovery
# (change requires restart)
#max_standby_archive_delay = 30s # max delay before canceling queries
# when reading WAL from archive;
# -1 allows indefinite delay
#max_standby_streaming_delay = 30s # max delay before canceling queries
# when reading streaming WAL;
# -1 allows indefinite delay
#wal_receiver_status_interval = 10s # send replies at least this often
# 0 disables
#hot_standby_feedback = off # send info from standby to prevent
# query conflicts
#wal_receiver_timeout = 60s # time that receiver waits for
# communication from master
# in milliseconds; 0 disables
#wal_retrieve_retry_interval = 5s # time to wait before retrying to
# retrieve WAL after a failed attempt
# - Subscribers -
# These settings are ignored on a publisher.
#max_logical_replication_workers = 4 # taken from max_worker_processes
# (change requires restart)
#max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers
#------------------------------------------------------------------------------
# QUERY TUNING
#------------------------------------------------------------------------------
# - Planner Method Configuration -
#enable_bitmapscan = on
#enable_hashagg = on
#enable_hashjoin = on
#enable_indexscan = on
#enable_indexonlyscan = on
#enable_material = on
#enable_mergejoin = on
#enable_nestloop = on
#enable_parallel_append = on
#enable_seqscan = on
#enable_sort = on
#enable_tidscan = on
#enable_partitionwise_join = off
#enable_partitionwise_aggregate = off
#enable_parallel_hash = on
#enable_partition_pruning = on
# - Planner Cost Constants -
#seq_page_cost = 1.0 # measured on an arbitrary scale
#random_page_cost = 4.0 # same scale as above
#cpu_tuple_cost = 0.01 # same scale as above
#cpu_index_tuple_cost = 0.005 # same scale as above
#cpu_operator_cost = 0.0025 # same scale as above
#parallel_tuple_cost = 0.1 # same scale as above
#parallel_setup_cost = 1000.0 # same scale as above
#jit_above_cost = 100000 # perform JIT compilation if available
# and query more expensive than this;
# -1 disables
#jit_inline_above_cost = 500000 # inline small functions if query is
# more expensive than this; -1 disables
#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if
# query is more expensive than this;
# -1 disables
#min_parallel_table_scan_size = 8MB
#min_parallel_index_scan_size = 512kB
#effective_cache_size = 4GB
# - Genetic Query Optimizer -
#geqo = on
#geqo_threshold = 12
#geqo_effort = 5 # range 1-10
#geqo_pool_size = 0 # selects default based on effort
#geqo_generations = 0 # selects default based on effort
#geqo_selection_bias = 2.0 # range 1.5-2.0
#geqo_seed = 0.0 # range 0.0-1.0
# - Other Planner Options -
#default_statistics_target = 100 # range 1-10000
#constraint_exclusion = partition # on, off, or partition
#cursor_tuple_fraction = 0.1 # range 0.0-1.0
#from_collapse_limit = 8
#join_collapse_limit = 8 # 1 disables collapsing of explicit
# JOIN clauses
#force_parallel_mode = off
#jit = on # allow JIT compilation
#plan_cache_mode = auto # auto, force_generic_plan or
# force_custom_plan
#------------------------------------------------------------------------------
# REPORTING AND LOGGING
#------------------------------------------------------------------------------
# - Where to Log -
#log_destination = 'stderr' # Valid values are combinations of
# stderr, csvlog, syslog, and eventlog,
# depending on platform. csvlog
# requires logging_collector to be on.
# This is used when logging to stderr:
#logging_collector = off # Enable capturing of stderr and csvlog
# into log files. Required to be on for
# csvlogs.
# (change requires restart)
# These are only used if logging_collector is on:
#log_directory = 'log' # directory where log files are written,
# can be absolute or relative to PGDATA
#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
# can include strftime() escapes
#log_file_mode = 0600 # creation mode for log files,
# begin with 0 to use octal notation
#log_truncate_on_rotation = off # If on, an existing log file with the
# same name as the new log file will be
# truncated rather than appended to.
# But such truncation only occurs on
# time-driven rotation, not on restarts
# or size-driven rotation. Default is
# off, meaning append to existing files
# in all cases.
#log_rotation_age = 1d # Automatic rotation of logfiles will
# happen after that time. 0 disables.
#log_rotation_size = 10MB # Automatic rotation of logfiles will
# happen after that much log output.
# 0 disables.
# These are relevant when logging to syslog:
#syslog_facility = 'LOCAL0'
#syslog_ident = 'postgres'
#syslog_sequence_numbers = on
#syslog_split_messages = on
# This is only relevant when logging to eventlog (win32):
# (change requires restart)
#event_source = 'PostgreSQL'
# - When to Log -
#log_min_messages = warning # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# info
# notice
# warning
# error
# log
# fatal
# panic
#log_min_error_statement = error # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# info
# notice
# warning
# error
# log
# fatal
# panic (effectively off)
#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements
# and their durations, > 0 logs only
# statements running at least this number
# of milliseconds
# - What to Log -
#debug_print_parse = off
#debug_print_rewritten = off
#debug_print_plan = off
#debug_pretty_print = on
#log_checkpoints = off
#log_connections = off
#log_disconnections = off
#log_duration = off
#log_error_verbosity = default # terse, default, or verbose messages
#log_hostname = off
log_line_prefix = '%m [%p] %q%u@%d ' # special values:
# %a = application name
# %u = user name
# %d = database name
# %r = remote host and port
# %h = remote host
# %p = process ID
# %t = timestamp without milliseconds
# %m = timestamp with milliseconds
# %n = timestamp with milliseconds (as a Unix epoch)
# %i = command tag
# %e = SQL state
# %c = session ID
# %l = session line number
# %s = session start timestamp
# %v = virtual transaction ID
# %x = transaction ID (0 if none)
# %q = stop here in non-session
# processes
# %% = '%'
# e.g. '<%u%%%d> '
#log_lock_waits = off # log lock waits >= deadlock_timeout
#log_statement = 'none' # none, ddl, mod, all
#log_replication_commands = off
#log_temp_files = -1 # log temporary files equal or larger
# than the specified size in kilobytes;
# -1 disables, 0 logs all temp files
log_timezone = 'Europe/Paris'
#------------------------------------------------------------------------------
# PROCESS TITLE
#------------------------------------------------------------------------------
cluster_name = '{{ postgresql.version }}/main' # added to process titles if nonempty
# (change requires restart)
#update_process_title = on
#------------------------------------------------------------------------------
# STATISTICS
#------------------------------------------------------------------------------
# - Query and Index Statistics Collector -
#track_activities = on
#track_counts = on
#track_io_timing = off
#track_functions = none # none, pl, all
#track_activity_query_size = 1024 # (change requires restart)
stats_temp_directory = '/var/run/postgresql/{{ postgresql.version }}-main.pg_stat_tmp'
# - Monitoring -
#log_parser_stats = off
#log_planner_stats = off
#log_executor_stats = off
#log_statement_stats = off
#------------------------------------------------------------------------------
# AUTOVACUUM
#------------------------------------------------------------------------------
#autovacuum = on # Enable autovacuum subprocess? 'on'
# requires track_counts to also be on.
#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and
# their durations, > 0 logs only
# actions running at least this number
# of milliseconds.
#autovacuum_max_workers = 3 # max number of autovacuum subprocesses
# (change requires restart)
#autovacuum_naptime = 1min # time between autovacuum runs
#autovacuum_vacuum_threshold = 50 # min number of row updates before
# vacuum
#autovacuum_analyze_threshold = 50 # min number of row updates before
# analyze
#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum
#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze
#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum
# (change requires restart)
#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age
# before forced vacuum
# (change requires restart)
#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for
# autovacuum, in milliseconds;
# -1 means use vacuum_cost_delay
#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for
# autovacuum, -1 means use
# vacuum_cost_limit
#------------------------------------------------------------------------------
# CLIENT CONNECTION DEFAULTS
#------------------------------------------------------------------------------
# - Statement Behavior -
#client_min_messages = notice # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# log
# notice
# warning
# error
#search_path = '"$user", public' # schema names
#row_security = on
#default_tablespace = '' # a tablespace name, '' uses the default
#temp_tablespaces = '' # a list of tablespace names, '' uses
# only default tablespace
#check_function_bodies = on
#default_transaction_isolation = 'read committed'
#default_transaction_read_only = off
#default_transaction_deferrable = off
#session_replication_role = 'origin'
#statement_timeout = 0 # in milliseconds, 0 is disabled
#lock_timeout = 0 # in milliseconds, 0 is disabled
#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled
#vacuum_freeze_min_age = 50000000
#vacuum_freeze_table_age = 150000000
#vacuum_multixact_freeze_min_age = 5000000
#vacuum_multixact_freeze_table_age = 150000000
#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples
# before index cleanup, 0 always performs
# index cleanup
#bytea_output = 'hex' # hex, escape
#xmlbinary = 'base64'
#xmloption = 'content'
#gin_fuzzy_search_limit = 0
#gin_pending_list_limit = 4MB
# - Locale and Formatting -
datestyle = 'iso, dmy'
#intervalstyle = 'postgres'
timezone = 'Europe/Paris'
#timezone_abbreviations = 'Default' # Select the set of available time zone
# abbreviations. Currently, there are
# Default
# Australia (historical usage)
# India
# You can create your own file in
# share/timezonesets/.
#extra_float_digits = 1 # min -15, max 3; any value >0 actually
# selects precise output mode
#client_encoding = sql_ascii # actually, defaults to database
# encoding
# These settings are initialized by initdb, but they can be changed.
lc_messages = 'en_US.UTF-8'
lc_monetary = 'en_US.UTF-8'
lc_numeric = 'en_US.UTF-8'
lc_time = 'en_US.UTF-8'
# default configuration for text search
default_text_search_config = 'pg_catalog.french'
# - Shared Library Preloading -
#shared_preload_libraries = '' # (change requires restart)
#local_preload_libraries = ''
#session_preload_libraries = ''
#jit_provider = 'llvmjit' # JIT library to use
# - Other Defaults -
#dynamic_library_path = '$libdir'
#------------------------------------------------------------------------------
# LOCK MANAGEMENT
#------------------------------------------------------------------------------
#deadlock_timeout = 1s
#max_locks_per_transaction = 64 # min 10
# (change requires restart)
#max_pred_locks_per_transaction = 64 # min 10
# (change requires restart)
#max_pred_locks_per_relation = -2 # negative values mean
# (max_pred_locks_per_transaction
# / -max_pred_locks_per_relation) - 1
#max_pred_locks_per_page = 2 # min 0
#------------------------------------------------------------------------------
# VERSION AND PLATFORM COMPATIBILITY
#------------------------------------------------------------------------------
# - Previous PostgreSQL Versions -
#array_nulls = on
#backslash_quote = safe_encoding # on, off, or safe_encoding
#default_with_oids = off
#escape_string_warning = on
#lo_compat_privileges = off
#operator_precedence_warning = off
#quote_all_identifiers = off
#standard_conforming_strings = on
#synchronize_seqscans = on
# - Other Platforms and Clients -
#transform_null_equals = off
#------------------------------------------------------------------------------
# ERROR HANDLING
#------------------------------------------------------------------------------
#exit_on_error = off # terminate session on any error?
#restart_after_crash = on # reinitialize after backend crash?
#data_sync_retry = off # retry or panic on failure to fsync
# data?
# (change requires restart)
#------------------------------------------------------------------------------
# CONFIG FILE INCLUDES
#------------------------------------------------------------------------------
# These options allow settings to be loaded from files other than the
# default postgresql.conf. Note that these are directives, not variable
# assignments, so they can usefully be given more than once.
include_dir = 'conf.d' # include files ending in '.conf' from
# a directory, e.g., 'conf.d'
#include_if_exists = '...' # include file only if it exists
#include = '...' # include file
#------------------------------------------------------------------------------
# CUSTOMIZED OPTIONS
#------------------------------------------------------------------------------
# Add settings for extensions here

View file

@ -57,6 +57,13 @@
mode: 0644 mode: 0644
when: prometheus_unifi_snmp_targets is defined when: prometheus_unifi_snmp_targets is defined
- name: Configure Prometheus Switchs
copy:
content: "{{ prometheus_switch_snmp_targets | to_nice_json }}"
dest: /etc/prometheus/targets_switch_snmp.json
mode: 0644
when: prometheus_switch_snmp_targets is defined
- name: Configure Prometheus UPS SNMP devices - name: Configure Prometheus UPS SNMP devices
copy: copy:
content: "{{ [{'targets': prometheus_ups_snmp_targets }] | to_nice_json }}\n" content: "{{ [{'targets': prometheus_ups_snmp_targets }] | to_nice_json }}\n"
@ -77,8 +84,11 @@
enabled: true enabled: true
state: started state: started
- name: Indicate role in motd - include_role:
template: name: update_motd
src: update-motd.d/05-service.j2 vars:
dest: /etc/update-motd.d/05-prometheus motd_messages:
mode: 0755 - key: 05-prometheus
message: >-
Prometheus est déployé sur cette machine (voir /etc/prometheus)
...

View file

@ -119,7 +119,7 @@ groups:
summary: "La tension de sortie de {{ $labels.instance }} est de {{ $value }}V." summary: "La tension de sortie de {{ $labels.instance }} est de {{ $value }}V."
- alert: UpsTimeRemainingWarning - alert: UpsTimeRemainingWarning
expr: upsEstimatedMinutesRemaining < 15 expr: upsEstimatedMinutesRemaining < 8
for: 1m for: 1m
labels: labels:
severity: warning severity: warning

View file

@ -8,7 +8,7 @@ global:
# Attach these labels to any time series or alerts when communicating with # Attach these labels to any time series or alerts when communicating with
# external systems (federation, remote storage, Alertmanager). # external systems (federation, remote storage, Alertmanager).
external_labels: external_labels:
monitor: 'example' federated_instance: '{{ inventory_hostname }}'
# Alertmanager configuration # Alertmanager configuration
# Use prometheus alertmanager installed on the same machine # Use prometheus alertmanager installed on the same machine
@ -81,6 +81,21 @@ scrape_configs:
- target_label: __address__ - target_label: __address__
replacement: 127.0.0.1:9116 replacement: 127.0.0.1:9116
- job_name: switch_snmp
file_sd_configs:
- files:
- "/etc/prometheus/targets_switch_snmp.json"
metrics_path: /snmp
params:
module: [procurve_switch]
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9116
- job_name: docker - job_name: docker
file_sd_configs: file_sd_configs:
- files: - files:

View file

@ -1,4 +1,6 @@
# {{ ansible_managed }} ---
{{ ansible_managed | comment }}
# TODOlist : # TODOlist :
# - Faire fonctionner le monitoring des switchs défini ici # - Faire fonctionner le monitoring des switchs défini ici
# * Configurer tous les switchs avec un compte SNMPv3 # * Configurer tous les switchs avec un compte SNMPv3
@ -12,6 +14,7 @@ eatonups:
- 1.3.6.1.2.1.33.1.3 - 1.3.6.1.2.1.33.1.3
- 1.3.6.1.2.1.33.1.4 - 1.3.6.1.2.1.33.1.4
- 1.3.6.1.4.1.534.1.6 - 1.3.6.1.4.1.534.1.6
- 1.3.6.1.4.1.318.1.1.10.2.3.2.1.4
get: get:
- 1.3.6.1.2.1.1.3.0 - 1.3.6.1.2.1.1.3.0
metrics: metrics:
@ -66,9 +69,10 @@ eatonups:
- labelname: upsOutputLineIndex - labelname: upsOutputLineIndex
type: gauge type: gauge
- name: xupsEnvRemoteTemp - name: xupsEnvRemoteTemp
oid: 1.3.6.1.4.1.534.1.6.5 # oid: 1.3.6.1.4.1.534.1.6.5
oid: 1.3.6.1.4.1.318.1.1.10.2.3.2.1.4
type: gauge type: gauge
help: The reading of an EMP's temperature sensor. - 1.3.6.1.4.1.534.1.6.5 help: The reading of an EMP's temperature sensor. - 1.3.6.1.4.1.318.1.1.10.2.3.2.1.4
- name: xupsEnvRemoteHumidity - name: xupsEnvRemoteHumidity
oid: 1.3.6.1.4.1.534.1.6.6 oid: 1.3.6.1.4.1.534.1.6.6
type: gauge type: gauge
@ -77,11 +81,12 @@ eatonups:
auth: auth:
community: public community: public
procurve_switch: procurve_switch:
walk: walk:
- 1.3.6.1.2.1.31.1.1.1.10 - 1.3.6.1.2.1.31.1.1.1.10
- 1.3.6.1.2.1.31.1.1.1.6 - 1.3.6.1.2.1.31.1.1.1
- 1.3.6.1.2.1.2.2.1.2
- 1.3.6.1.2.1.31.1.1.1.18
get: get:
- 1.3.6.1.2.1.1.3.0 - 1.3.6.1.2.1.1.3.0
- 1.3.6.1.2.1.1.5.0 - 1.3.6.1.2.1.1.5.0
@ -90,36 +95,59 @@ procurve_switch:
- name: sysUpTime - name: sysUpTime
oid: 1.3.6.1.2.1.1.3 oid: 1.3.6.1.2.1.1.3
type: gauge type: gauge
help: The time (in hundredths of a second) since the network management portion help: The time (in hundredths of a second) since the network management
of the system was last re-initialized. - 1.3.6.1.2.1.1.3 portion of the system was last re-initialized. - 1.3.6.1.2.1.1.3
- name: sysName - name: sysName
oid: 1.3.6.1.2.1.1.5 oid: 1.3.6.1.2.1.1.5
type: DisplayString type: DisplayString
help: An administratively-assigned name for this managed node - 1.3.6.1.2.1.1.5 help: An administratively-assigned name for this managed node
- 1.3.6.1.2.1.1.5
- name: sysLocation - name: sysLocation
oid: 1.3.6.1.2.1.1.6 oid: 1.3.6.1.2.1.1.6
type: DisplayString type: DisplayString
help: The physical location of this node (e.g., 'telephone closet, 3rd floor') help: The physical location of this node (e.g., 'telephone closet, 3rd
- 1.3.6.1.2.1.1.6 floor') - 1.3.6.1.2.1.1.6
- name: ifHCOutOctets - name: ifHCOutOctets
oid: 1.3.6.1.2.1.31.1.1.1.10 oid: 1.3.6.1.2.1.31.1.1.1.10
type: counter type: counter
help: The total number of octets transmitted out of the interface, including framing help: The total number of octets transmitted out of the interface,
characters - 1.3.6.1.2.1.31.1.1.1.10 including framing characters - 1.3.6.1.2.1.31.1.1.1.10
indexes: indexes:
- labelname: ifIndex - labelname: ifIndex
type: gauge type: gauge
lookups:
- labels:
- ifIndex
labelname: ifDescr
oid: 1.3.6.1.2.1.2.2.1.2
type: DisplayString
- labels:
- ifIndex
labelname: ifName
oid: 1.3.6.1.2.1.31.1.1.1.1
type: DisplayString
- name: ifHCInOctets - name: ifHCInOctets
oid: 1.3.6.1.2.1.31.1.1.1.6 oid: 1.3.6.1.2.1.31.1.1.1.6
type: counter type: counter
help: The total number of octets received on the interface, including framing help: The total number of octets received on the interface, including
characters - 1.3.6.1.2.1.31.1.1.1.6 framing characters - 1.3.6.1.2.1.31.1.1.1.6
indexes: indexes:
- labelname: ifIndex - labelname: ifIndex
type: gauge type: gauge
version: 3 lookups:
- labels:
- ifIndex
labelname: ifDescr
oid: 1.3.6.1.2.1.2.2.1.2
type: DisplayString
- labels:
- ifIndex
labelname: ifName
oid: 1.3.6.1.2.1.31.1.1.1.1
type: DisplayString
version: 2
auth: auth:
username: prometheus community: "{{ snmp_switch_community }}"
ubiquiti_unifi: ubiquiti_unifi:
walk: walk:
@ -385,3 +413,4 @@ ubiquiti_unifi:
auth_protocol: SHA auth_protocol: SHA
priv_protocol: AES priv_protocol: AES
priv_password: {{ snmp_unifi_password }} priv_password: {{ snmp_unifi_password }}
...

View file

@ -1,4 +0,0 @@
#!/bin/sh
# {{ ansible_managed }}
echo "> prometheus a été déployé sur cette machine."
echo " Voir /etc/prometheus/"

View file

@ -23,7 +23,6 @@
notify: Restart Prometheus notify: Restart Prometheus
loop: loop:
- alert.rules.yml - alert.rules.yml
- django.rules.yml
# We don't need to restart Prometheus when updating nodes # We don't need to restart Prometheus when updating nodes
- name: Configure Prometheus Federate devices - name: Configure Prometheus Federate devices
@ -39,8 +38,12 @@
enabled: true enabled: true
state: started state: started
- name: Indicate role in motd - include_role:
template: name: update_motd
src: update-motd.d/05-service.j2 vars:
dest: /etc/update-motd.d/05-prometheus motd_messages:
mode: 0755 - key: 05-prometheus-federate
message: >-
Prometheus (en configuration fédération) est déployé sur cette
machine (voir /etc/prometheus)
...

View file

@ -1,138 +1,16 @@
# {{ ansible_managed }} ---
{# As this is also Jinja2 it will conflict without a raw block #} {{ ansible_managed | comment }}
{# Depending of Prometheus Node exporter version, rules can change depending of version #}
{% raw %}
groups: groups:
- name: alert.rules - name: alert.rules
rules: rules:
- alert: FederateInstanceDown
# Alert for any instance that is unreachable for >3 minutes. expr: up{job="federate"} == 0
- alert: InstanceDown
expr: up == 0
for: 3m for: 3m
labels: labels:
severity: critical severity: critical
annotations: annotations:
summary: "Federate : {{ $labels.exported_instance }} est invisible depuis plus de 3 minutes !" summary: >-
Federate : {{ "{{" }} $labels.instance {{ "}}" }} est invisible
# Alert for out of memory depuis plus de 3 minutes !
- alert: OutOfMemory ...
expr: (node_memory_MemFree_bytes + node_memory_Cached_bytes + node_memory_Buffers_bytes) / node_memory_MemTotal_bytes * 100 < 10
for: 5m
labels:
severity: warning
annotations:
summary: "Federate : Mémoire libre de {{ $labels.exported_instance }} à {{ humanize $value }}%."
# Alert for out of disk space
- alert: OutOfDiskSpace
expr: node_filesystem_free_bytes{fstype="ext4"} / node_filesystem_size_bytes{fstype="ext4"} * 100 < 10
for: 5m
labels:
severity: warning
annotations:
summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.exported_instance }} à {{ humanize $value }}%."
# Alert for out of inode space on disk
- alert: OutOfInodes
expr: node_filesystem_files_free{fstype="ext4"} / node_filesystem_files{fstype="ext4"} * 100 < 10
for: 5m
labels:
severity: warning
annotations:
summary: "Federate : Presque plus d'inodes disponibles ({{ $value }}% restant) dans {{ $labels.mountpoint }} sur {{ $labels.exported_instance }}."
# Alert for high CPU usage
- alert: CpuUsage
expr: (100 - avg by (instance) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 75
for: 10m
labels:
severity: warning
annotations:
summary: "Federate : CPU sur {{ $labels.exported_instance }} à {{ humanize $value }}%."
# Check systemd unit (> buster)
- alert: SystemdServiceFailed
expr: node_systemd_unit_state{state="failed"} == 1
for: 10m
labels:
severity: warning
annotations:
summary: "Federate : {{ $labels.name }} a échoué sur {{ $labels.exported_instance }}"
# Check load of instance
- alert: LoadUsage
expr: node_load1 > 5
for: 2m
labels:
severity: warning
annotations:
summary: "Federate : la charge de {{ $labels.exported_instance }} est à {{ $value }} !"
# Check UPS
- alert: UpsOutputSourceChanged
expr: upsOutputSource != 3
for: 1m
labels:
severity: warning
annotations:
summary: "Federate : La source d'alimentation de {{ $labels.exported_instance }} a changé !"
- alert: UpsBatteryStatusWarning
expr: upsBatteryStatus == 3
for: 2m
labels:
severity: warning
annotations:
summary: "Federate : L'état de la batterie de {{ $labels.exported_instance }} est faible !"
- alert: UpsBatteryStatusCritical
expr: upsBatteryStatus == 4
for: 10m
labels:
severity: warning
annotations:
summary: "L'état de la batterie de {{ $labels.exported_instance }} est affaibli !"
- alert: UpsHighLoad
expr: upsOutputPercentLoad > 70
for: 5m
labels:
severity: critical
annotations:
summary: "Federate : La charge de {{ $labels.exported_instance }} est de {{ $value }}% !"
- alert: UpsWrongInputVoltage
expr: (upsInputVoltage < 210) or (upsInputVoltage > 250)
for: 10m
labels:
severity: warning
annotations:
summary: "Federate : La tension d'entrée de {{ $labels.exported_instance }} est de {{ $value }}V."
- alert: UpsWrongOutputVoltage
expr: (upsOutputVoltage < 220) or (upsOutputVoltage > 240)
for: 10m
labels:
severity: warning
annotations:
summary: "Federate : La tension de sortie de {{ $labels.exported_instance }} est de {{ $value }}V."
- alert: UpsTimeRemainingWarning
expr: upsEstimatedMinutesRemaining < 15
for: 1m
labels:
severity: warning
annotations:
summary: "Federate : L'autonomie restante sur {{ $labels.exported_instance }} est de {{ $value }} min."
- alert: UpsTimeRemainingCritical
expr: upsEstimatedMinutesRemaining < 5
for: 1m
labels:
severity: critical
annotations:
summary: "Federate : L'autonomie restante sur {{ $labels.exported_instance }} est de {{ $value }} min."
{% endraw %}

View file

@ -1,106 +0,0 @@
# {{ ansible_managed }}
{# As this is also Jinja2 it will conflict without a raw block #}
{% raw %}
groups:
- name: django.rules
rules:
- record: job:django_http_requests_before_middlewares_total:sum_rate30s
expr: sum(rate(django_http_requests_before_middlewares_total[30s])) BY (job)
- record: job:django_http_requests_unknown_latency_total:sum_rate30s
expr: sum(rate(django_http_requests_unknown_latency_total[30s])) BY (job)
- record: job:django_http_ajax_requests_total:sum_rate30s
expr: sum(rate(django_http_ajax_requests_total[30s])) BY (job)
- record: job:django_http_responses_before_middlewares_total:sum_rate30s
expr: sum(rate(django_http_responses_before_middlewares_total[30s])) BY (job)
- record: job:django_http_requests_unknown_latency_including_middlewares_total:sum_rate30s
expr: sum(rate(django_http_requests_unknown_latency_including_middlewares_total[30s]))
BY (job)
- record: job:django_http_requests_body_total_bytes:sum_rate30s
expr: sum(rate(django_http_requests_body_total_bytes[30s])) BY (job)
- record: job:django_http_responses_streaming_total:sum_rate30s
expr: sum(rate(django_http_responses_streaming_total[30s])) BY (job)
- record: job:django_http_responses_body_total_bytes:sum_rate30s
expr: sum(rate(django_http_responses_body_total_bytes[30s])) BY (job)
- record: job:django_http_requests_total:sum_rate30s
expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job)
- record: job:django_http_requests_total_by_method:sum_rate30s
expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job, method)
- record: job:django_http_requests_total_by_transport:sum_rate30s
expr: sum(rate(django_http_requests_total_by_transport[30s])) BY (job, transport)
- record: job:django_http_requests_total_by_view:sum_rate30s
expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job,
view)
- record: job:django_http_requests_total_by_view_transport_method:sum_rate30s
expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job,
view, transport, method)
- record: job:django_http_responses_total_by_templatename:sum_rate30s
expr: sum(rate(django_http_responses_total_by_templatename[30s])) BY (job, templatename)
- record: job:django_http_responses_total_by_status:sum_rate30s
expr: sum(rate(django_http_responses_total_by_status[30s])) BY (job, status)
- record: job:django_http_responses_total_by_charset:sum_rate30s
expr: sum(rate(django_http_responses_total_by_charset[30s])) BY (job, charset)
- record: job:django_http_exceptions_total_by_type:sum_rate30s
expr: sum(rate(django_http_exceptions_total_by_type[30s])) BY (job, type)
- record: job:django_http_exceptions_total_by_view:sum_rate30s
expr: sum(rate(django_http_exceptions_total_by_view[30s])) BY (job, view)
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "50"
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "95"
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "99"
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "99.9"
- record: job:django_http_requests_latency_seconds:quantile_rate30s
expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "50"
- record: job:django_http_requests_latency_seconds:quantile_rate30s
expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "95"
- record: job:django_http_requests_latency_seconds:quantile_rate30s
expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "99"
- record: job:django_http_requests_latency_seconds:quantile_rate30s
expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "99.9"
- record: job:django_model_inserts_total:sum_rate1m
expr: sum(rate(django_model_inserts_total[1m])) BY (job, model)
- record: job:django_model_updates_total:sum_rate1m
expr: sum(rate(django_model_updates_total[1m])) BY (job, model)
- record: job:django_model_deletes_total:sum_rate1m
expr: sum(rate(django_model_deletes_total[1m])) BY (job, model)
- record: job:django_db_new_connections_total:sum_rate30s
expr: sum(rate(django_db_new_connections_total[30s])) BY (alias, vendor)
- record: job:django_db_new_connection_errors_total:sum_rate30s
expr: sum(rate(django_db_new_connection_errors_total[30s])) BY (alias, vendor)
- record: job:django_db_execute_total:sum_rate30s
expr: sum(rate(django_db_execute_total[30s])) BY (alias, vendor)
- record: job:django_db_execute_many_total:sum_rate30s
expr: sum(rate(django_db_execute_many_total[30s])) BY (alias, vendor)
- record: job:django_db_errors_total:sum_rate30s
expr: sum(rate(django_db_errors_total[30s])) BY (alias, vendor, type)
- record: job:django_migrations_applied_total:max
expr: max(django_migrations_applied_total) BY (job, connection)
- record: job:django_migrations_unapplied_total:max
expr: max(django_migrations_unapplied_total) BY (job, connection)
{% endraw %}

View file

@ -1,50 +1,35 @@
# {{ ansible_managed }} ---
{{ ansible_managed | comment }}
global: global:
# scrape_interval is set to the global default (60s)
# evaluation_interval is set to the global default (60s)
# scrape_timeout is set to the global default (10s).
# Attach these labels to any time series or alerts when communicating with
# external systems (federation, remote storage, Alertmanager).
external_labels: external_labels:
monitor: 'example' monitor: '{{ ansible_fqdn }}'
# Alertmanager configuration
# Use prometheus alertmanager installed on the same machine
alerting: alerting:
alertmanagers: alertmanagers:
- static_configs: - static_configs:
- targets: ['{{ prometheus_alertmanager }}'] - targets: ['{{ prometheus_alertmanager }}']
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files: rule_files:
- "alert.rules.yml" # Monitoring alerts, this is the file you may be searching! - 'alert.rules.yml'
- "django.rules.yml" # Custom rules specific for Django project monitoring
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs: scrape_configs:
# The .json in file_sd_configs is dynamically reloaded
- job_name: federate - job_name: federate
scrape_interval: 15s scrape_interval: 30s
metrics_path: '/federate' metrics_path: '/federate'
honor_labels: true
honor_timestamps: true
file_sd_configs: file_sd_configs:
- files: - files:
- '/etc/prometheus/targets.json' - '/etc/prometheus/targets.json'
relabel_configs: relabel_configs:
# Do not put :9100 in instance name, rather here
- source_labels: [__address__] - source_labels: [__address__]
target_label: __param_target target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- source_labels: [__param_target] - source_labels: [__param_target]
target_label: __address__ target_label: __address__
replacement: '$1:9090' replacement: '$1:9090'
params: params:
'match[]': match[]:
- '{job="servers"}' - '{job="servers"}'
- '{job="prometheus"}' - '{job="prometheus"}'
- '{job="unifi_snmp"}' - '{job="unifi_snmp"}'
@ -52,5 +37,5 @@ scrape_configs:
- '{job="ups_snmp"}' - '{job="ups_snmp"}'
- '{job="django"}' - '{job="django"}'
- '{job="docker"}' - '{job="docker"}'
- '{job="switch"}' - '{job="switch_snmp"}'
...

View file

@ -1,387 +0,0 @@
# {{ ansible_managed }}
# TODOlist :
# - Faire fonctionner le monitoring des switchs défini ici
# * Configurer tous les switchs avec un compte SNMPv3
# * Mettre l'inventaire des switchs dans Ansible
# - Optimiser les règles pour les bornes Unifi,
# on pourrait indexer avec les SSID
eatonups:
walk:
- 1.3.6.1.2.1.33.1.2
- 1.3.6.1.2.1.33.1.3
- 1.3.6.1.2.1.33.1.4
- 1.3.6.1.4.1.534.1.6
get:
- 1.3.6.1.2.1.1.3.0
metrics:
- name: sysUpTime
oid: 1.3.6.1.2.1.1.3
type: gauge
help: The time (in hundredths of a second) since the network management portion
of the system was last re-initialized. - 1.3.6.1.2.1.1.3
- name: upsBatteryStatus
oid: 1.3.6.1.2.1.33.1.2.1
type: gauge
help: The indication of the capacity remaining in the UPS system's batteries -
1.3.6.1.2.1.33.1.2.1
- name: upsEstimatedMinutesRemaining
oid: 1.3.6.1.2.1.33.1.2.3
type: gauge
help: An estimate of the time to battery charge depletion under the present load
conditions if the utility power is off and remains off, or if it were to be
lost and remain off. - 1.3.6.1.2.1.33.1.2.3
- name: upsInputVoltage
oid: 1.3.6.1.2.1.33.1.3.3.1.3
type: gauge
help: The magnitude of the present input voltage. - 1.3.6.1.2.1.33.1.3.3.1.3
indexes:
- labelname: upsInputLineIndex
type: gauge
- name: upsOutputSource
oid: 1.3.6.1.2.1.33.1.4.1
type: gauge
help: The present source of output power - 1.3.6.1.2.1.33.1.4.1
- name: upsOutputVoltage
oid: 1.3.6.1.2.1.33.1.4.4.1.2
type: gauge
help: The present output voltage. - 1.3.6.1.2.1.33.1.4.4.1.2
indexes:
- labelname: upsOutputLineIndex
type: gauge
- name: upsOutputPower
oid: 1.3.6.1.2.1.33.1.4.4.1.4
type: gauge
help: The present output true power. - 1.3.6.1.2.1.33.1.4.4.1.4
indexes:
- labelname: upsOutputLineIndex
type: gauge
- name: upsOutputPercentLoad
oid: 1.3.6.1.2.1.33.1.4.4.1.5
type: gauge
help: The percentage of the UPS power capacity presently being used on this output
line, i.e., the greater of the percent load of true power capacity and the percent
load of VA. - 1.3.6.1.2.1.33.1.4.4.1.5
indexes:
- labelname: upsOutputLineIndex
type: gauge
- name: xupsEnvRemoteTemp
oid: 1.3.6.1.4.1.534.1.6.5
type: gauge
help: The reading of an EMP's temperature sensor. - 1.3.6.1.4.1.534.1.6.5
- name: xupsEnvRemoteHumidity
oid: 1.3.6.1.4.1.534.1.6.6
type: gauge
help: The reading of an EMP's humidity sensor. - 1.3.6.1.4.1.534.1.6.6
version: 1
auth:
community: public
procurve_switch:
walk:
- 1.3.6.1.2.1.31.1.1.1.10
- 1.3.6.1.2.1.31.1.1.1.6
get:
- 1.3.6.1.2.1.1.3.0
- 1.3.6.1.2.1.1.5.0
- 1.3.6.1.2.1.1.6.0
metrics:
- name: sysUpTime
oid: 1.3.6.1.2.1.1.3
type: gauge
help: The time (in hundredths of a second) since the network management portion
of the system was last re-initialized. - 1.3.6.1.2.1.1.3
- name: sysName
oid: 1.3.6.1.2.1.1.5
type: DisplayString
help: An administratively-assigned name for this managed node - 1.3.6.1.2.1.1.5
- name: sysLocation
oid: 1.3.6.1.2.1.1.6
type: DisplayString
help: The physical location of this node (e.g., 'telephone closet, 3rd floor')
- 1.3.6.1.2.1.1.6
- name: ifHCOutOctets
oid: 1.3.6.1.2.1.31.1.1.1.10
type: counter
help: The total number of octets transmitted out of the interface, including framing
characters - 1.3.6.1.2.1.31.1.1.1.10
indexes:
- labelname: ifIndex
type: gauge
- name: ifHCInOctets
oid: 1.3.6.1.2.1.31.1.1.1.6
type: counter
help: The total number of octets received on the interface, including framing
characters - 1.3.6.1.2.1.31.1.1.1.6
indexes:
- labelname: ifIndex
type: gauge
version: 3
auth:
username: prometheus
ubiquiti_unifi:
walk:
- 1.3.6.1.4.1.41112.1.6
get:
- 1.3.6.1.2.1.1.5.0
- 1.3.6.1.2.1.1.6.0
metrics:
# Pour faire une WifiMap un jour, on peut entrer la location dans la conf des bornes
# - name: sysLocation
# oid: 1.3.6.1.2.1.1.6
# type: DisplayString
# help: The physical location of this node (e.g., 'telephone closet, 3rd floor')
# - 1.3.6.1.2.1.1.6
- name: unifiVapIndex
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.1
type: gauge
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.1'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapChannel
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.4
type: gauge
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.4'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapEssId
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6
type: DisplayString
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.6'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapName
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.7
type: DisplayString
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.7'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifi_vap_num_stations
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8
type: gauge
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8'
indexes:
- labelname: unifi_vap_index
type: gauge
lookups:
- labels: [unifi_vap_index]
labelname: unifi_vap_essid
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6
type: DisplayString
- labels: [unifi_vap_index]
labelname: unifi_vap_radio
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9
type: DisplayString
- labels: []
labelname: unifi_vap_index
# - name: unifiVapNumStations
# oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8
# type: gauge
# help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8'
# indexes:
# - labelname: unifiVapIndex
# type: gauge
- name: unifiVapRadio
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9
type: DisplayString
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.9'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapRxBytes
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.10
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.10'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapRxCrypts
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.11
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.11'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapRxDropped
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.12
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.12'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapRxErrors
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.13
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.13'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapRxFrags
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.14
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.14'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapRxPackets
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.15
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.15'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapTxBytes
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.16
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.16'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapTxDropped
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.17
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.17'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapTxErrors
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.18
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.18'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapTxPackets
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.19
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.19'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapTxRetries
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.20
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.20'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapTxPower
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.21
type: gauge
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.21'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapUp
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.22
type: gauge
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.22'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapUsage
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.23
type: DisplayString
help: guest or regular user - 1.3.6.1.4.1.41112.1.6.1.2.1.23
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiIfIndex
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.1
type: gauge
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.1'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfName
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.5
type: DisplayString
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.5'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfRxBytes
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.6
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.6'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfRxDropped
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.7
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.7'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfRxError
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.8
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.8'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfRxMulticast
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.9
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.9'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfRxPackets
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.10
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.10'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfTxBytes
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.12
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.12'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfTxDropped
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.13
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.13'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfTxError
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.14
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.14'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfTxPackets
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.15
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.15'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiApSystemModel
oid: 1.3.6.1.4.1.41112.1.6.3.3
type: DisplayString
help: ' - 1.3.6.1.4.1.41112.1.6.3.3'
- name: unifiApSystemUptime
oid: 1.3.6.1.4.1.41112.1.6.3.5
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.3.5'
version: 3
auth:
security_level: authPriv
username: snmp_prometheus
password: {{ snmp_unifi_password }}
auth_protocol: SHA
priv_protocol: AES
priv_password: {{ snmp_unifi_password }}

View file

@ -1,4 +0,0 @@
#!/bin/sh
# {{ ansible_managed }}
echo "> prometheus a été déployé sur cette machine."
echo " Voir /etc/prometheus/"

View file

@ -0,0 +1,10 @@
---
- name: Remove cached motd
become: true
file:
path: "{{ item }}"
state: absent
loop:
- /var/run/motd.dynamic
- /var/run/motd.dynamic.new
...

View file

@ -0,0 +1,53 @@
---
- name: Ensure update-motd.d exists
become: true
file:
path: /etc/update-motd.d
state: directory
mode: u=rwx,g=rx,o=rx
owner: root
group: root
- name: Customize motd
become: true
template:
src: "{{ item }}"
dest: "/etc/update-motd.d/{{ item }}"
mode: u=rwx,g=rx,o=rx
owner: root
group: root
loop:
- 00-logo
- 10-messages
- 20-uname
notify: Remove cached motd
- name: Remove Debian warranty motd
become: true
file:
path: /etc/motd
state: absent
notify: Remove cached motd
- name: Ensure motd-messages exists
become: true
file:
path: /etc/motd-messages
state: directory
mode: u=rwx,g=rx,o=rx
owner: root
group: root
notify: Remove cached motd
- name: Install additional motd messages
become: true
copy:
content: "✨ {{ item.message }}\n"
dest: "/etc/motd-messages/{{ item.key }}"
mode: u=rwx,g=rx,o=rx
owner: root
group: root
loop: "{{ motd_messages }}"
notify: Remove cached motd
when: motd_messages is defined
...

View file

@ -1,20 +1,20 @@
#!/bin/sh #!/bin/sh
# {{ ansible_managed }} {{ ansible_managed | comment }}
# Pretty uptime # Pretty uptime
upSeconds="$(/usr/bin/cut -d. -f1 /proc/uptime)" upSeconds="$(/usr/bin/cut -d. -f1 /proc/uptime)"
mins=$((${upSeconds}/60%60)) mins="$((upSeconds / 60 % 60))"
hours=$((${upSeconds}/3600%24)) hours="$((upSeconds / 3600 % 24))"
days=$((${upSeconds}/86400)) days="$((upSeconds / 86400))"
UPTIME=`printf "%d jours, %02dh%02dm" "$days" "$hours" "$mins"` UPTIME="$(printf "%d jours, %02dh%02dm" "$days" "$hours" "$mins")"
# RAM # RAM
RAM=`free -m | awk 'NR==2{printf "%s/%sMB (%.2f%%)\n", $3,$2,$3*100/$2 }'` RAM="$(free -m | awk 'NR==2{printf "%s/%sMB (%.2f%%)\n", $3,$2,$3*100/$2}')"
DISK=`df -h | awk '$NF=="/"{printf "%d/%dGB (%s)\n", $3,$2,$5}'` DISK="$(df -h | awk '$NF=="/"{printf "%d/%dGB (%s)\n", $3,$2,$5}')"
# Text font # Text font
bold=$(tput bold) bold="$(tput bold)"
normal=$(tput sgr0) normal="$(tput sgr0)"
# Logo # Logo
cat <<EOF cat <<EOF

View file

@ -0,0 +1,4 @@
#!/bin/sh
set -euf
find /etc/motd-messages -type f -exec cat -- {} +

View file

@ -0,0 +1,4 @@
#!/bin/sh
{{ ansible_managed | comment }}
uname -snrvm

17
sudo_upgrade.yml Executable file
View file

@ -0,0 +1,17 @@
#!/usr/bin/env ansible-playbook
---
# This is a special playbook to upgrade sudo everywhere after the
# CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
# Please always use with --limit myserver.adm.auro.re
# And list updates with --check
- hosts: all
tasks:
- name: Upgrade sudo
apt:
name: sudo
state: latest
update_cache: true
cache_valid_time: 3600 # one hour
register: apt_result
retries: 3
until: apt_result is succeeded