aurore/ansible
aurore/ansible
11
2
Fork 0
Code Issues 1 Pull requests 13 Releases Wiki Activity

Merge branch 'master' into logs-first-phase

Browse source
This commit is contained in:
jeltz 2021-03-13 05:02:30 +01:00
commit f45cd77510
33 changed files with 1408 additions and 932 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
bdd.yml Normal file
View file

@ -0,0 +1,7 @@
#!/usr/bin/env ansible-playbook
---
# Install and configure bdd servers at Saclay and at OVH
- hosts: bdd
roles:
- postgresql_server
...

6
docker-ansible-lint/Dockerfile
View file

@ -2,6 +2,6 @@ FROM python:3.9-alpine
LABEL description="Aurore's docker image for ansible-lint"
RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
RUN pip install "yamllint>=1.26.0,<2.0"
RUN pip install "ansible-lint==5.0.0"
RUN pip install "ansible>=2.10,<2.11"
RUN pip install --no-cache-dir "yamllint>=1.26.0,<2.0"
RUN pip install --no-cache-dir "ansible-lint==5.0.0"
RUN pip install --no-cache-dir "ansible>=2.10,<2.11"

10
group_vars/all/vars.yml
View file

@ -17,9 +17,17 @@ ldap_admin_password: "{{ vault_ldap_admin_password }}"
ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}"
# Databases
postgresql_services_url: 'services-bdd.adm.auro.re'
postgresql_services_url: 'bdd-ovh.adm.auro.re'
postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}"
postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}"
postgresql_etherpad_passwd: "{{ vault_postgresql_etherpad_passwd }}"
postgresql_kanboard_passwd: "{{ vault_postgresql_kanboard_passwd }}"
postgresql_grafana_passwd: "{{ vault_postgresql_grafana_passwd }}"
postgresql_cas_passwd: "{{ vault_postgresql_cas_passwd }}"
postgresql_drone_passwd: "{{ vault_postgresql_drone_passwd }}"
postgresql_wikijs_passwd: "{{ vault_postgresql_wikijs_passwd }}"
postgresql_nextcloud_passwd: "{{ vault_postgresql_nextcloud_passwd }}"
postgresql_gitea_passwd: "{{ vault_postgresql_gitea_passwd }}"
# Scripts will tell users to go there to manage their account
intranet_url: 'https://re2o.auro.re/'

387
group_vars/all/vault.yml
View file

@ -1,179 +1,210 @@
$ANSIBLE_VAULT;1.1;AES256
32313562646230353138303964366135656361616532343933353732313961323339653964353130
3938346666633565356134343835633964626261363365370a663664663938383731343733386136
33356531323762313463326339333963336636353933326537333665313334616563626632336663
6537363033663935660a613366613962626563643035663330343061353836646561623031323236
65313633383063373064613930623530656365396335663363643330636239643937373163623932
61373136303737333739316565323934376433316362353935363637373264616238373831666438
35343135383233653963333237393232353631636566373766366664656666313436323535393736
62323731343261373331393062633030356235313834373861323138663930613332643432386436
38383038616536316465343561643639353434396631643033633537393265646532613161343732
32363265643963386538326639353233363438643833306637336431303533396562613863633537
30303334643137313136633039393463346562306236353566333563633238313865313534326137
33623036376439653532313833633135326631643361333463633162303065623633636331666661
62303636653233666164383463356530633464306564383236373832616263653165373937303030
31323865656436366265303537306438303434613135396166313635656566373539303463393830
65383636363064333730623161316162373734626433346564333835393030616437636665316566
37353937626465383439633534316336313931663561336335653761396230393031393839336264
37623037663032646631656637386366333131356562376665333964393264643133626532653564
32353235633434656334663233303664613865343039613330663833396162646430623735653434
66633466306338373061326636366330643639383632353564353865623637303832306332653131
37343566393965326635613135613134316264616336303233616162313839626235386137343435
33633336636434343531633362633834376135303337363637303039323038313937646236366265
34303434373566313730623664653263653466366133363562333736393836393363326665353434
30333263323366326436623238353335323936346637646130623265366535653737343665373165
63336166633831623464343862353065653162613934646539396364353162633063303332313266
65656163396463363737663931353765376337643065646131303264363961366336343432653537
65306437623535393132343962333666366665316362366536663431646435633166333731303232
63313337353334623330623862386661306333366638306433373437623835636631376231373636
66666539363561313166396438343730656230663532633031353336636565343964366136663466
38316364663936303231633633613832313163646262313238346666336661613236343966353130
62656237663865306632333130653933633332623061633062363964643130383430613864663935
63663765356434626661346165653163626565336437613539653536306432376332616430393737
34366139336363383761366338623236383135373634613239616665343061396633383231663230
63653331336366666234626662356461663263626465663036326162343239373734346661626665
61666231613565356633343030343935393135653261376239303037373634386138393463363239
30356365663133646634333863616230646235656135336330393836353462323630376537366334
31306330363232326661616666623131383837353139643838326430653561346565393762323936
31623136656361383039653763613162356530653933376539336130376237396661663664393733
36396433303339613965316230613237303331646331383239356638333366653961303138343663
33393664303637333863313364356666383836633063643539333262633565623534323866316537
38623630363139643837396330353463303932383231663831363763656537386531383531303165
37366338343063346230656461393832383736636662656666636434363731623437303862636366
33613333393139613637623963373262323637653531336265333033333135613330313166633738
36353935383931363535656539333130653164613431616438613432313532373063353738656162
36616563383133623336396633343762376537663432356238653766666636323232623065313537
39636632326166323130646633626431323831373963313837613465356436326430616433303662
65343834663937306539663330366538643265626665613631323036616463313266303237613938
30613565306636306561643238326138623366343365303934306561623234313332636462383363
30623432326336396364636164366463326533613665333830656564626663383331323661663934
35353135323930656138373830623932396138626335343265623738383532333861306561323430
66333532333961636463656535636132323535313730333762633139306235373031363831363266
33646635316137616663653461393566303432386330623936633330373461333762356532663062
39666437363931313861356331653932303132353364623664656364316430653933653935616230
38376631316463646663626562366233626334323235633235653364623936643131356130343261
36396535393335366532313930623363663032386635396262363430303466373737633739626435
30636136396562336561393936353763383732653166353266376165663233626266353638363131
65323462633039323334613566373434343363633532656534663635363763396265663137636331
38613736353635613437663133616431396666316230393066343431336535626335373437393039
63666135353937313765316134326338376161353862373161653039333631306264343464353035
65353639313134346239646362663836643734373465353866373238613162303336306438376237
35363934333536376136666561333636653136316435316530366461306636333063313739626630
37633333333766613663636466373364663132613266343136376138663461383832356631303132
30363434336161393962363636313364663839383734373533356663343733333731613535646433
64396361643736653931336365313338313633383038306131333863306437386362633263646364
36656566326333333136636566613066623362363263373435356162396431396334386237383231
30326465646334613235666435613462633230353434653666336364646466613066346366376262
66633863333461626631383961663930383663666538613162643730323565653732386330613538
38666164353130386530376332643637333931313661633634303636643639613561643338373331
63333932306634313933366533623837613934366334396637396361623439383964333665383435
62316265356537616137643537366666336634393935613034393737313930333364323031653234
37366561356332666439623462396266623961653039626562393065393336643962373064343563
36346665666338623931343739386531343833386135356164303532643463346565316163656633
32616365623065626139383362613466633332666133313263393062373338653834363830333039
62626230343362393533633061663432363836616539643065643839623065633363393134643534
63343935376537393739333063333333386239663763383435633234376434366362616433363162
34363539633661633333306133363433313761303138363864373266333461303139613362663937
39626332356139396330393361613364643363366164376234316266316164393035386334366362
36373065626530333237636139336163623766623561656234333239646263626164323134633434
63326635393665333533383562633438303036616262366435373739386430353964333265393732
66643838303566626131323834646564613830333937616264383864316666343333396636303836
38633335656536653334626530303835623531666665326533303535313164323836373365636265
65393061363933373931396134623264643065633534313566346336343862346537343437363765
62663264376266326538616330376633353832353234653661613964373231666562326466663934
38393931643736626332623461613737383463663935656263656233306437653331343838343865
64343239636166343134336261656162393938396633376663366466653634373566336165323237
34386137313961653739393231616532346664366138356631353030623236343535363435636462
32323564306339396437633763613535393230386631616166656539373861386633363464653439
34323134626334356631623764356232366337646236313031336138333636633834353463363961
32316664383038633330383765356563353062303133333133336365346561643234386161383461
39323964303061313461386333613961396533646161663230666466616231386239386666306233
39343239323739323738373263313662336237346663663432343861343034633463386163303366
38333537626232663438383230623032623765336164653438653434396362633063333437366338
34373431323539306531323536363238333037643337626131336631356537626237656630393964
38393736633433306632323334613232303162313962616334376130353931336337303462363266
39643137643034396564303531346361336134353461653535336165323032323238663631653935
38366339366436376166333335663230306663633634336434323532316664666134313365323834
31363964346561373262393632366637396633323332393162666166326631383164643265353135
34303664353434373131653530346634386333663732373966613761616261323032336266646163
32663966656464633565356337653534623962663939333033613933633965666339653764663134
38363965393730633638653561393432303835303164396462366435353030643966316665333061
39643634646137626338323537393031356532616637666634333139396630663930636235333735
66336465666439356636623037653564393161393432346534656132346631396462356463336566
30303833386638333866396462633330306439613139636331636331333663386438623461343133
30643164366434353765633738356536643861303232393362343131353730376364623463326361
37363061623333653466636438666465616133396233616430393265626362663736613031383764
63353065306166646461623763643062383738376266353765643134376538393233383663346237
37643639663063383266373536323533343936633134386263616163343637613636303134343037
34626232303335393532643134646132323463396333386664333731646331343937363661323539
65663936366464643162633432666537393439313664643638343237653566613235353165663336
32373037346239356337633036306138343366666463363538373836616530313565613562383433
64616263626165343938363230613039356137643665653734366533393033316363663036363738
66323663663366666162623734363465663939383830396533383665393139633530616263663136
64333132633031623835373831636366643831626235303831313761653734666365386462393534
66303332656561653162636636313439663633396638353638363465663138353866376636326634
63613865613466326230323564323439393061653664393261373531306235333663373434636262
62353132653333313635653633346461323165373862343839316539653038633664353830643234
36633763653738323732386263643461333761306532303534663763323735636563366266653464
66636236393033613736656562663661346162316164616663306465623431613133633130383136
35313434346164653163396137383064656538353766653237646237663639663039663665666236
62346139633234343735303762653030326333333764356562656435623330663066353333326239
39646465393362323537343766366432323765363139643361643037373739643636623437386636
32353233303337623136343062623633306361383737303431613663633163643832343434656335
39633434393466646366376534333865633361333861653366316238626637363537303335363662
61353830303733623665643864333134623062356334616331363565333235666261653732633264
62663238663461343738303764303636366638393830623264613730303635623635626364646464
35623239356235316136343532616638663930313565383264663936633733386663326161623830
62626634313963323866653432343561303233343035353433613731353538356438613033346638
33613466656633626261326465336437613630376335663933303061393731313065636131393762
65613037653363636235613838613535316635613066393436356537633662313539323163613361
36356632323634363335366665376663346565393439313031636331633235333664663830636135
64653266616262336437623731383161383437613461323837653066656233643230663064616432
65383337323333633465316533623465303735396430326334643634626436303263396534356335
34373134653232303866386433643864363536643138353965323130616338353731633434326361
66303133353264343664323435653133383431626263373237613631616235666465616333343937
37323333653565363665376236396232393132336137346461613831623063326631636335333365
65376538396265313732323932383061633464393630393563386163393230623238633938396535
34333330386131353336646361313634353862663762653234373235366565343232306432653731
61383863306632626463653831383735636233623966353130626634366638626236383864316531
37353062336539626531356133313132663330663135393930356565323364353761393439373533
61366465313462313033306631333432646163653832363564313838643362316263353562373262
33343664666230303065373836306663643135303439356362336634346637353438633364306365
30623332363436353865633738663464636132306134386465306164363333386338323433643163
37626235303062393933393363656339636139323464373439363765316266646536316336666163
34306262326238343937623432643262646263666266623933623565363535326235623637396237
64623961663037653033383933333062393932613933303962326538333739303731363137623365
30363030353433646133666166383938356232396331656165343531343232613934663834633464
36353331373233393861636131393238363031383135613633373665613364373466356663376431
66303331383837663261313838363266656164633836623661326331356566653938306266376632
63613238356135373938663030343634393566653963306237303138626461613931356565663835
64386433613937643730396130663333646334386336613864333533626661626166346232333964
66316664346231376639393132613936323261383131633737386331343966363961633237666334
38353363383761333439373437623937393534626435386262383732363833346166656233666332
62636130323536663432633434646666303664393130626437636132316264613535306463623964
30633030613665343631373366363737313130666337326230633631646461356362363963306361
64393639353339303436346438313833333432356666666339613666623132636235383866343838
36666263343538633537303665616366656363373736306235333264336466313939356131303561
33363030653966316232313933323665663330303338366333656536623861623537313266383565
65633866663665393635646531353539623362646663356664333866623432333465333335333333
31616262356537646261373166343665633238633235373335343134393366663462393465643135
35326336613835663132343233386564373462353561333066323631313664373865323233653336
65333731336565633664636562326365343263373263373162653239633964396138616335616230
63376562383064663330363562306338346465666563306365306639353632396633323830353337
65666233376239333436633566623535383065646235353832363030303565623531333539613864
63393339656238323466343564333134636164383062613138656138373936636531636166393062
32613431636233316533353937326234663336343231313630393037313663383034383238346562
36383264626366383835623261643562323037303661383832323939363939623038626664393530
65353061313266633764353331313532383766613735333131373365366336306139343265306634
66313435313965633362356563313763653634643362616138633832633136333362343731346166
34613431653134363732353833643962636431623036393935666237663833373934373438666434
36633538306632383439323465636665303863646532653165666638316137633738363736386633
33303234306531356136316463353232303737323661333430333137636633306131316434376665
64323633383735313536373534626331356631316464643530363866633730353239346633396364
36323437306165363465613365383666353037313333653230316234626439623964343336343762
66343831343133343330336536613134303836626434663731343636613835623364633236653962
63356635363239663533336265306261393337313136313937356662616231636461373230376232
64313738333966633265626166653266313932666134356235373238376530303437646464333364
31613631386335356561363938323831313061373566323638663864393266656361366463353736
63386361373737383837336435633562626566656666373737313464323466313364626466633537
6661656232313066363235616364646663623039386561636332
64396638346335393963396239326463353436373937386664393164373338376461636666326432
3839376164613031613166313535346136396465383365660a376666373138363930393761376166
35663763316466336162316335623362633131636264663239316264666234393637333931616139
3434636563363237300a663032636362343739343363356363643035363431373963316161303666
30343866336465623738613739333030323537376663383265306237346537313839656137353565
61303237643462626564346539343933313334663330323565396438663633316239333064376664
31356233363431313161643131303234616162613164643539643563613339313432333235383863
61376431316661626465383562386235616166353839616235356366386534393334373064616636
32623832643533663536626130333234366366366635393038393437313139383061633030653235
63666366333732626166653831613731363865313461636262346635666363373938316266383738
33306632353536663138663961623964636436373564376431623165623031353737366539313966
36373533653139373866666435343730613530646665343333643764666263626433363262313337
65396332666632323531333364666330366430356437383338303665646233383931306166326435
35653538643332353536626336323034353630353564633264333334613531363839653362663730
36326562383934363034363830313139393361363638623139663538653138393533626238303836
38326561366536353036356163656130633430306635393763663664643936306136346163383237
37653465656335306565333432643863623762366134313137326138613336323664323333313166
66363438636161613362346633346434663364396536613932616461613963383339336262313731
36636432366332356435643266353362333437333131343961336639343234363636353535636464
39353330643136613463343435623939653964346334616131393566623330386131333262666539
35656662323332373330353231393462646564393431646238653438386563633365333162656263
62623536316165316662653832393364316439303865326631636337373365333035336339666666
31323864303136616365643735306332326237666136306435626534363739373332656332336639
38343566643062616434656338646235343234333031343038346630306639633732623733313039
33393965653839396166326565653963303137316666663135373338613265613239643661336537
62306634326266323662623733346164383039653936326162663165316439653332313730313535
66613335653463396662626230653232383664363137323462353037303633633666626433306630
39623933343736616630333539393365396636366331393136343866323766656435613262383938
65383663663237386631333236363061306131643133336432313035396264346631656264356530
30663636653434323531343233633431313838636434666537373439333364666635363731316464
61623666653561623233623131666464396530316439626135653933343531303938313965393438
30346636363136386264643161666231396533323765343434346633303162383762663763616537
38656436353661326165393934613235376565316663643930656338333932633664643562633235
61656232613164643735626439393731626430343437303732393163616432616336323436643737
63626564363464396561356366616466363035663864306561616164373639376431633264633532
37316565313636363536666566313663653637333665343036363261373765306233386535326463
34316461346364323837326462386363313338666563623135376163656330393830663031326536
35373935636538656566646336633435643830346136663262386463366563613665613032336533
36373837616132666630393634656232303362613038353764353362303830323536373639306666
66306230336430666435663061616264343137303564303764356130396434666138373132323066
33623465663535643736383032396236613632643537633064346631383539366330363436666633
34323133626638613936636264346662373739616136663165626339326333623365336161653230
65626131643832306664666364333961633535313164376533343334613666303331333036643431
65626566613937633137343538323563373737623265353436336234316439316434613962313030
36366634383633363437373862323764366263623063653932383534353538363866643437303637
32346533643438323632653830626163666463343366346531383830353833346164313537326332
62623462316161663731653832653064313436633931393565323631306134613962396338353039
39323037366235336239646539643265303061623935636263336435653831373463313131343866
61666265616335356530376633343762343734373539613865333065343066343963383634653436
34363431356264373166663632643232646261323332636263383065356564383663363439373732
31636238346661616563646262353962393266613137363536346534313764376666313737306530
63666263346231353765623130396530623362383165373863383537633464636136313130373566
33396137366538656430653065373230376236626439316232396630326537653936356461623534
65623562306131613633373632356264366439373137356132333062343839383132643834323463
31353034306339663365343234396466396463663634613433663262623038363331363161623831
33366137643963633066323837363563326137383834346430316262353834353238336264373235
63353330656166333132306665623835316439623239333539626364313535616230626430313663
32323335653433303233343336663935653861393961626636623264333030383365623838653862
37663336346537336530656161613539666431366239666461343139343461613033336535306263
66326365663132333165666239306532386338323237653832363763386464333634383731393033
31666431366432303036313765616432353061616462393236383131373938353238613966383232
35376635326534386533653834353966633765303165633036343133393836316637313531636333
32376532383865323731306237633565663032666631616463636237313938663034396363373632
62613030666166343262333865636363346131393664373633313064656463366533336335316435
31653531366436646365636139663236393464636366666334336433396365663634336263323835
64653634326638393133346335343665343265333133363236343566366561653831313561326239
66393663336632333931383766633966333763333632393633353537333834643465373237386435
33366638643861386431313030623465633938313932326264396136353336653163373636633762
35313463313066373236623466356333616238343034616436333437363033343436353265613932
36646538663734346434313861363664316538663766383462633434343666343230306261663231
33643031313432333330363664396438663933636465303731373065386539363762353530323063
34383434393062623037356637323264663961383166373736376136336237613662363038343931
39393766323163333431373466303739363566623464646532666330653132376466346136303735
30303537353863623164373362306334333134616364323366326636323463346461326366303034
33646230333263366137313234646265653339326533666361363632653166326364336639333131
66346234366334316539343734633164656132343130303939613030346263616632616434653362
66316165626236343464373631623034396634313637303737643165303939333130313333393732
34663134373864626466376332373731393039336336383937646535666362386666663765623132
66313363313162323663356230383231376539363732396630623061663361373866316432623066
36643739363361373833616237353664313666613036666161623935343233346266626165393134
32346361323462393830366161646630303836376431316566613631343938316362383663343233
64376265353166303032373664336632616337353339643061623661663066363433616239356561
34633339323161396466663435396565383636653830373865346363333531396637633332653866
38633535333035343630323633363564613030653834333538616461653566636638646137396266
66613235306361653463643532313435383366326430383031306665373764643632653962623535
61363438336136383635386336363533613863346264353530303565353761626466636136306335
31383035326163393563383038383037353037666661363531633836376638393935336639333761
62333030326639623034326331643033326431396337376630333937623063313634353032326530
66393261663331313139643232313661356664653536326665363065646163626236306637666163
33373837343331306632623865316461336466656131303638303035366564336330613234616535
35356361623634646163646436623364353539623131333966383632383566313363613032393363
65313136383834366564643234643039386664376362353435613433373266616261633263386334
34616633653735373361656461363462636666656661326637363262363539613164336464336631
31326535626635333662346433656262633031643134623862653831643333396633363062356361
37343530643633663261323037333830393737366134303035333232343232333835653731623332
62333739346563353737386664663864343561306164333432306231626233646131333264656666
30356138376336373436333732383835303230323039326165633834336634626162326439613961
39613435326330383662373732373537633535633032366131633062386332343264363135383038
63643661653838636565616239353566636137656139323265326534386434306333343631353762
32616466323663653564363832613265323534336664353965363138623762376539346338316135
65303334313362303532653438313837336334333831343331396563626131633937386437333133
36663834303337666461313564366561353265363263316438303235393465646434663961646137
37646332306539393162633339643434396531663534633763616433326363383332373233636437
61643037396361623938386466313736313235323165343964346463346339626632383535323630
33396135303434666233353631616436653262646136623035376232316264343930626435303634
32646133303963343239383931653631653036353535333665373536366464366466646330656466
66623136333437346637343534396430313838636665663933376263623362363134396330356566
37616361326463323164663036386439373539663164393038663636643166383131616164643765
63303339653835353161663637323138376233613265373461316430353331633938336662656464
66613464666634363931303232326461653239396234303863386533333832663530346261353135
63656636306539353139353763663461336630373463353162623566383230366366653665326166
31393333376434313039396234393839643863346363383535653465323261666432633935336135
63363864386135313438373532353266353334616635653433613765393265363465656439356139
30643864343166353263633262663036613766396633343564363633303165373631633965373730
64636561663438646562363765623435313866303534623038383731396638306536323732626231
63343538616631363736336164316531653137646537303436343336653434646133336534356539
64306139643537393361666161623261353763646631386361666637656137633266343238656632
32333866666233636164313131363666376261663930653330393436666464653731333164643836
63386163363463343737386338653636323230653336393765386538393563356435646439626565
38623439623364326634616639303734383330613133393665643963313932316365656563383039
61643739333434366162663438613966343534393438373135643064623465386236353632646562
64346137393231313461393436626335626461343661653430396536373437306336666630313934
38616638336638303530346164663033613332366133656435656131356262343635386136636361
39623161383636373664396535366531396231643162353938663230373762626633663638343937
66326533386564353336366561316361646333393130316530366434383931666661646636373835
64323135356630656134366231646130626162356237613337386232636333383261376535653032
36366338636565616537313337323964613030393035393839626134373135646663636263633964
66623036633266623566646566386234356562396164366166656230663738633665333531653730
61383263656235313463666439666563656432363332616633646139363135316638613464383239
32633732653837326332326363326265336130633065623963636338323662383234623438623333
64653038323566326366336634313637363132343030633966313363646665313835343833376632
39616364616236396265643232336365356235333064323432326561633730386533633064393832
33313838373236386463366162386437356365346631633639613436356635396238646361376434
34626238333366343831393364653064656166396535343133343131316537653263646239323061
65393761326462656265393235663037323638333831623733323430623238626234303031303866
64336130333164306530333062343161653532383031336464363237656264363665373739626630
64353861383364386632613335646562623535353031303831653436633330663337613338666331
37396466633231303032656334313033633865636231613564303733633462366162383835623563
32616439333064663234663037623832633933303664383732646238376465353763646637623137
66623664333364653039326431333439373934383735316231373164376365646231353935623664
64653839613332626638623039366165356630383539333736383738326561313838383131633236
30306537383865326533623337346138376533376137336536343163326534396564656130326361
61623063636138323965643737313262616532346533333137346232396561373735376130356132
37646639383430336637646134353732323262333732323434353265376262353039633963313061
63363663353532633437333335306662313133306565623537666232353665333631653263663463
63656264333064333662343836366131333534386662303933336665353361663938346430653264
66383539643537313436373434363536376137333636363833626361376131633537643334383864
34626264666437323930396562626134653063396533323139616264313063343535623636626238
38366437626534376364623535613432313636366332353830616238666534363561646438343235
62613664313631643137643765626437363962636137343765343562613761396266626461393236
63613134303065623031396231366130373432633738393139393331323764623963346565373839
64356439663964333032366363343461353130326136363731386535313661663135303237386638
39336531333064613731323066376461373732323437386462353432613464663666363832653866
62666461313734643562346335393434653933313661336236383933363738323066636562363230
34666136626566376264623734393837353466616461666132623333656135346534646462633739
36363331383337343561326536303263303739656562653536363234636130633563663161353631
66613338323461623534613935396638343230643330636562353936343333383834303466643939
36346532663237616132633166323630623434353338366534373366326234366566383931343837
34613134646563383662656533666163653265326433643832626435663361336361376362633938
38326235383664653366353162393034323866653339383139306630663835306537663563366231
35306362663930326133363835643262393439346437653935343030653161303361303939323235
34363438313763623934613534613334333464366361323164323337316531303332663433376363
39326239653731653766303135343437333431636362666231393938316634663631353539386463
66623730356336633536336634313264336236633664303864373735663837316563363666363037
39303330623765316334666132326134376636303633393736343030323837383666333832613937
31383033663638373666626336636539636665386465666237323232643466383236313262383235
63303866366162393434633631323539633565363036326264376339666637316133376537633163
66353264353337653733353034643030333932313463393132396632353030656134313064326466
65636330346433643732313033643032393261313736343533636535643439336530663261353961
63326231643131613665306563646331323536396232633366313036623136623636376336383438
31363764323335666464623330333265386236643038353164303863356261653634316536303734
33356630346666393539393931393661656666386635663965346537353365396330613061663939
37386638653737383434393438366661303337636263666665373935316439386363663936646639
65333532636161353538363161363138356364303661396166643435386234336132393733663562
64383030656332343736626161653034333539343562303530336165373961356532663234366237
38666632616439343437333366623362626339363535623162303437306334643731633662343162
32623537383966623866613361383266353936643462613964646139653532633864643931376631
62633433613435356561316536663364656639373733646539316566373334636133383936303166
64366139616164636336303930306138316161306563623366633130386662306163386361353464
30393231666266383064343234636430356564323534353339396637636632303962633665363661
63303733333137393261316436373864333734613136373633343564373537653935366333363464
63346430643030323039343539356364313635653863373465303134353361653664333333356132
37623062333663323135613133373662626663353838623233386166623739656535613732636564
63333937613233643035353136386463376661346131616562393236623338636661636661373166
62663962666237613431396436343434353031303165363130663163616633336134353430326634
66383463363266346630646339643563633235623065666265643066313134383534666530356561
62373737313834373239396262663463613835643737383439653837376135303733366436333733
36363436386233663135646134386462306434303339656632313562623037633664346562323034
33303833373733383338306333323561656333313430323136326234343032323034646663333436
30316661636237333266656430376535366135353534633932356135383333646261663935363734
30666263643265306434333535346330313231386339363865643862366639663832366431663161
37646632376633323862303764363437613332643131623138393330353633323634303337616431
66336366646138653737333137396338646138613339336466356537626461346330646434613933
61633835653235333637623635353565376331623464636137393861633064353739323262653166
66393533656435306530653034313034356231616563393438333162393630306462313530353535
31656537626163316535376234393236336631366262666539613337633461396134396563326532
30386538383136356632653962643538613261356462323637316335323864613133316364663933
37633661306635323361336639633561663738396133623362316437303733313838313332303264
36363932633136373762363762303933306637646230303564313965383335386333646161353261
31663836366639326438626463326631343162616537653266366334343538643634663831343736
61626666616463303034323730653966383365613637633539646263396238656630333766633134
37326438366434333066666334323137343635396464366430633931366335353231643630383161
64353034313338346162653237666266333466313630313363636135393433653761326134353464
62306233663930383166313033373561366231313865303662316662663236343638383731633132
62663061613837633833613737666633343063333963626265303236366365303736636361336337
35666536383738636239626139633031376262306165386362386462346330386334333331376338
30386235333963333732343930613562316464323632663638323536613232666230303631336436
37643131353437393661663934306332343037323866656665613436393237333236636661333064
62303063393239373065346461326464396232356531393932623739643835356637

70
host_vars/bdd-ovh.adm.auro.re.yml Normal file
View file

@ -0,0 +1,70 @@
---
postgresql:
version: 13
postgresql_hosts:
- database: etherpad
user: etherpad
net: 10.128.0.150/32
method: md5
- database: codimd
user: codimd
net: 10.128.0.150/32
method: md5
- database: synapse
user: synapse
net: 10.128.0.56/32
method: md5
- database: kanboard
user: kanboard
net: 10.128.0.150/32
method: md5
- database: grafana
user: grafana
net: 10.128.0.150/32
method: md5
- database: cas
user: cas
net: 10.128.0.150/32
method: md5
postgresql_databases:
- synapse
- codimd
- etherpad
- kanboard
- grafana
- cas
postgresql_users:
- name: synapse
database: synapse
password: "{{ postgresql_synapse_passwd }}"
privs:
- ALL
- name: codimd
database: codimd
password: "{{ postgresql_codimd_passwd }}"
privs:
- ALL
- name: etherpad
database: etherpad
password: "{{ postgresql_etherpad_passwd }}"
privs:
- ALL
- name: kanboard
database: kanboard
password: "{{ postgresql_kanboard_passwd }}"
privs:
- ALL
- name: grafana
database: grafana
password: "{{ postgresql_grafana_passwd }}"
privs:
- ALL
- name: cas
database: cas
password: "{{ postgresql_cas_passwd }}"
privs:
- ALL
...

50
host_vars/bdd.adm.auro.re.yml Normal file
View file

@ -0,0 +1,50 @@
---
postgresql:
version: 13
postgresql_hosts:
- database: nextcloud
user: nextcloud
net: 10.128.0.58/32
method: md5
- database: gitea
user: gitea
net: 10.128.0.60/32
method: md5
- database: wikijs
user: wikijs
net: 10.128.0.66/32
method: md5
- database: drone
user: drone
net: 10.128.0.64/32
method: md5
postgresql_databases:
- nextcloud
- gitea
- wikijs
- drone
postgresql_users:
- name: nextcloud
database: nextcloud
password: "{{ postgresql_nextcloud_passwd }}"
privs:
- ALL
- name: gitea
database: gitea
password: "{{ postgresql_gitea_passwd }}"
privs:
- ALL
- name: wikijs
database: wikijs
password: "{{ postgresql_wikijs_passwd }}"
privs:
- ALL
- name: drone
database: drone
password: "{{ postgresql_drone_passwd }}"
privs:
- ALL
...

11
hosts
View file

@ -29,15 +29,16 @@ stream.adm.auro.re
re2o-server.adm.auro.re
re2o-ldap.adm.auro.re
re2o-db.adm.auro.re
services-bdd-local.adm.auro.re
#services-bdd-local.adm.auro.re
backup.adm.auro.re
services-web.adm.auro.re
mail.adm.auro.re
wikijs.adm.auro.re
prometheus-aurore.adm.auro.re
portail.adm.auro.re
jitsi-aurore.adm.auro.re
log.adm.auro.re
bdd.adm.auro.re
bdd-ovh.adm.auro.re
[aurore_testing_vm]
pendragon.adm.auro.re
@ -50,7 +51,7 @@ horus.adm.auro.re
[ovh_container]
synapse.adm.auro.re
services-bdd.adm.auro.re
#services-bdd.adm.auro.re
phabricator.adm.auro.re
wiki.adm.auro.re
www.adm.auro.re
@ -509,3 +510,7 @@ reverseproxy
[reverseproxy]
proxy-ovh.adm.auro.re
proxy.adm.auro.re
[bdd]
bdd.adm.auro.re
bdd-ovh.adm.auro.re

13
monitoring.yml
View file

@ -4,6 +4,7 @@
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json
prometheus_targets:
@ -18,6 +19,7 @@
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json
prometheus_targets:
@ -27,6 +29,7 @@
- targets: "{{ groups['pacaterie_unifi'] | list | sort }}"
prometheus_ups_snmp_targets:
- ups-pn-1.ups.auro.re
- ups-ps-1.ups.auro.re
roles:
- prometheus
@ -34,10 +37,12 @@
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json
prometheus_ups_snmp_targets:
- ups-ec-1.ups.auro.re
- ups-ec-2.ups.auro.re
prometheus_targets:
- targets: |
@ -51,6 +56,7 @@
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json
prometheus_targets:
@ -67,6 +73,7 @@
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json
prometheus_ups_snmp_targets:
@ -84,11 +91,15 @@
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json
prometheus_targets:
- targets: |
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
prometheus_switch_snmp_targets:
- targets:
- yggdrasil.switch.auro.re
roles:
- prometheus
@ -96,6 +107,7 @@
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json
prometheus_targets:
@ -121,7 +133,6 @@
- prometheus-rives.adm.auro.re
- prometheus-aurore.adm.auro.re
- prometheus-ovh.adm.auro.re
- prometheus-federate.adm.auro.re
roles:
- prometheus_federate

3
roles/baseconfig/files/update-motd.d/10-uname
View file

@ -1,3 +0,0 @@
#!/bin/sh
# {{ ansible_managed }}
uname -snrvm

16
roles/baseconfig/tasks/main.yml
View file

@ -9,8 +9,6 @@
- aptitude # nice to have for Ansible
- bash-completion # because bash
- curl # better than wget
- emacs-nox # for maman
- fish # to motivate @edpibu
- git # code versioning
- htop # better than top
- iotop # monitor i/o
@ -18,29 +16,21 @@
- lsb-release
- molly-guard # prevent reboot
- nano # for vulcain
- net-tools
- ntp # network time sync
- oidentd # postgresql identification
- screen # Vulcain asked for this
- sudo
- tmux # For shirenn
- tree # create a graphical tree of files
- vim # better than nano
- zsh # to be able to ssh @erdnaxe
- dnsutils # dig
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
# Pimp my server
- name: Customize motd
copy:
src: "update-motd.d/{{ item }}"
dest: "/etc/update-motd.d/{{ item }}"
mode: 0755
loop:
- 00-logo
- 10-uname
- include_role:
name: update_motd
- name: Remove Debian warranty motd
file:

2
roles/ldap_client/tasks/main.yml
View file

@ -21,4 +21,4 @@
user: root
key: "{{ ssh_pub_keys }}"
state: present
# exclusive: True
exclusive: true

5
roles/postgresql_server/defaults/main.yml Normal file
View file

@ -0,0 +1,5 @@
---
postgresql_hosts: []
postgresql_databases: []
postgresql_users: []
...

6
roles/postgresql_server/handlers/main.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: restart postgresql
service:
name: postgresql
state: restarted
enabled: true

74
roles/postgresql_server/tasks/main.yml Normal file
View file

@ -0,0 +1,74 @@
---
- name: Install postgresql and psycopg2
apt:
update_cache: true
pkg:
- postgresql
- python3-psycopg2
state: present
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Ensure main postgresql directory exists
file:
path: /etc/postgresql/{{ postgresql.version }}/main/
state: directory
owner: postgres
group: postgres
mode: 0755
- name: Ensure configuration directory exists
file:
path: /etc/postgresql/{{ postgresql.version }}/main/conf.d
state: directory
owner: postgres
group: postgres
mode: 0755
- name: Configuration of postgresql {{ postgresql.version }}
template:
src: postgresql/{{ item }}.j2
dest: /etc/postgresql/{{ postgresql.version }}/main/{{ item }}
mode: 0640
owner: postgres
group: postgres
loop:
- pg_hba.conf
- postgresql.conf
notify:
- restart postgresql
- name: Create databases
become: true
become_user: postgres
postgresql_db:
name: "{{ item }}"
encoding: UTF-8
lc_collate: en_US.UTF-8
lc_ctype: en_US.UTF-8
template: template0
loop: "{{ postgresql_databases }}"
- name: Create users
become: true
become_user: postgres
postgresql_user:
db: "{{ item.database }}"
name: "{{ item.name }}"
password: "{{ item.password }}"
no_log: true
loop: "{{ postgresql_users }}"
- name: Grant privileges to users
become: true
become_user: postgres
postgresql_privs:
db: postgres
type: database
role: "{{ item.name }}"
privs: "{{ item.privs | join(',') }}"
obj: "{{ item.database }}"
no_log: true
loop: "{{ postgresql_users }}"
...

20
roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 Normal file
View file

@ -0,0 +1,20 @@
{{ ansible_managed | comment }}
# TYPE DATABASE USER ADDRESS METHOD
# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local all postgres peer
# "local" is for Unix domain socket connections only
local all all peer
{% for host in postgresql_hosts %}
host "{{ host.database }}" "{{ host.user }}" {{ host.net }} {{ host.method }}
{% endfor %}

695
roles/postgresql_server/templates/postgresql/postgresql.conf.j2 Normal file
View file

@ -0,0 +1,695 @@
{{ ansible_managed | comment }}
# -----------------------------
# PostgreSQL configuration file
# -----------------------------
#
# This file consists of lines of the form:
#
# name = value
#
# (The "=" is optional.) Whitespace may be used. Comments are introduced with
# "#" anywhere on a line. The complete list of parameter names and allowed
# values can be found in the PostgreSQL documentation.
#
# The commented-out settings shown in this file represent the default values.
# Re-commenting a setting is NOT sufficient to revert it to the default value;
# you need to reload the server.
#
# This file is read on server startup and when the server receives a SIGHUP
# signal. If you edit the file on a running system, you have to SIGHUP the
# server for the changes to take effect, run "pg_ctl reload", or execute
# "SELECT pg_reload_conf()". Some parameters, which are marked below,
# require a server shutdown and restart to take effect.
#
# Any parameter can also be given as a command-line option to the server, e.g.,
# "postgres -c log_connections=on". Some parameters can be changed at run time
# with the "SET" SQL command.
#
# Memory units: kB = kilobytes Time units: ms = milliseconds
# MB = megabytes s = seconds
# GB = gigabytes min = minutes
# TB = terabytes h = hours
# d = days
#------------------------------------------------------------------------------
# FILE LOCATIONS
#------------------------------------------------------------------------------
# The default values of these variables are driven from the -D command-line
# option or PGDATA environment variable, represented here as ConfigDir.
# All changes to this section REQUIRES restart
# use data in another directory
data_directory = '/var/lib/postgresql/{{ postgresql.version }}/main'
# host-based authentication file
hba_file = '/etc/postgresql/{{ postgresql.version }}/main/pg_hba.conf'
# If external_pid_file is not explicitly set, no extra PID file is written.
external_pid_file = '/run/postgresql/{{ postgresql.version }}-main.pid'
# write an extra PID file
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
listen_addresses = '0.0.0.0, ::'
# listen_addresses = * # listen to all
#listen_addresses = 'localhost' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
#superuser_reserved_connections = 3 # (change requires restart)
unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories
# (change requires restart)
#unix_socket_group = '' # (change requires restart)
#unix_socket_permissions = 0777 # begin with 0 to use octal notation
# (change requires restart)
#bonjour = off # advertise server via Bonjour
# (change requires restart)
#bonjour_name = '' # defaults to the computer name
# (change requires restart)
# - TCP Keepalives -
# see "man 7 tcp" for details
#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds;
# 0 selects the system default
#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds;
# 0 selects the system default
#tcp_keepalives_count = 0 # TCP_KEEPCNT;
# 0 selects the system default
# - Authentication -
#authentication_timeout = 1min # 1s-600s
#password_encryption = md5 # md5 or scram-sha-256
#db_user_namespace = off
# GSSAPI using Kerberos
#krb_server_keyfile = ''
#krb_caseins_users = off
# - SSL -
ssl = on
#ssl_ca_file = ''
ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
#ssl_crl_file = ''
ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
#ssl_prefer_server_ciphers = on
#ssl_ecdh_curve = 'prime256v1'
#ssl_dh_params_file = ''
#ssl_passphrase_command = ''
#ssl_passphrase_command_supports_reload = off
#------------------------------------------------------------------------------
# RESOURCE USAGE (except WAL)
#------------------------------------------------------------------------------
# - Memory -
shared_buffers = 128MB # min 128kB
# (change requires restart)
#huge_pages = try # on, off, or try
# (change requires restart)
#temp_buffers = 8MB # min 800kB
#max_prepared_transactions = 0 # zero disables the feature
# (change requires restart)
# Caution: it is not advisable to set max_prepared_transactions nonzero unless
# you actively intend to use prepared transactions.
#work_mem = 4MB # min 64kB
#maintenance_work_mem = 64MB # min 1MB
#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem
#max_stack_depth = 2MB # min 100kB
dynamic_shared_memory_type = posix # the default is the first option
# supported by the operating system:
# posix
# sysv
# windows
# mmap
# (change requires restart)
# - Disk -
#temp_file_limit = -1 # limits per-process temp file space
# in kB, or -1 for no limit
# - Kernel Resources -
#max_files_per_process = 1000 # min 25
# (change requires restart)
# - Cost-Based Vacuum Delay -
#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables)
#vacuum_cost_page_hit = 1 # 0-10000 credits
#vacuum_cost_page_miss = 10 # 0-10000 credits
#vacuum_cost_page_dirty = 20 # 0-10000 credits
#vacuum_cost_limit = 200 # 1-10000 credits
# - Background Writer -
#bgwriter_delay = 200ms # 10-10000ms between rounds
#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables
#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round
#bgwriter_flush_after = 512kB # measured in pages, 0 disables
# - Asynchronous Behavior -
#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching
#max_worker_processes = 8 # (change requires restart)
#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers
#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers
#parallel_leader_participation = on
#max_parallel_workers = 8 # maximum number of max_worker_processes that
# can be used in parallel operations
#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate
# (change requires restart)
#backend_flush_after = 0 # measured in pages, 0 disables
#------------------------------------------------------------------------------
# WRITE-AHEAD LOG
#------------------------------------------------------------------------------
# - Settings -
#wal_level = replica # minimal, replica, or logical
# (change requires restart)
#fsync = on # flush data to disk for crash safety
# (turning this off can cause
# unrecoverable data corruption)
#synchronous_commit = on # synchronization level;
# off, local, remote_write, remote_apply, or on
#wal_sync_method = fsync # the default is the first option
# supported by the operating system:
# open_datasync
# fdatasync (default on Linux)
# fsync
# fsync_writethrough
# open_sync
#full_page_writes = on # recover from partial page writes
#wal_compression = off # enable compression of full-page writes
#wal_log_hints = off # also do full page writes of non-critical updates
# (change requires restart)
#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers
# (change requires restart)
#wal_writer_delay = 200ms # 1-10000 milliseconds
#wal_writer_flush_after = 1MB # measured in pages, 0 disables
#commit_delay = 0 # range 0-100000, in microseconds
#commit_siblings = 5 # range 1-1000
# - Checkpoints -
#checkpoint_timeout = 5min # range 30s-1d
max_wal_size = 1GB
min_wal_size = 80MB
#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0
#checkpoint_flush_after = 256kB # measured in pages, 0 disables
#checkpoint_warning = 30s # 0 disables
# - Archiving -
#archive_mode = off # enables archiving; off, on, or always
# (change requires restart)
#archive_command = '' # command to use to archive a logfile segment
# placeholders: %p = path of file to archive
# %f = file name only
# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
#archive_timeout = 0 # force a logfile segment switch after this
# number of seconds; 0 disables
#------------------------------------------------------------------------------
# REPLICATION
#------------------------------------------------------------------------------
# - Sending Servers -
# Set these on the master and on any standby that will send replication data.
#max_wal_senders = 10 # max number of walsender processes
# (change requires restart)
#wal_keep_segments = 0 # in logfile segments; 0 disables
#wal_sender_timeout = 60s # in milliseconds; 0 disables
#max_replication_slots = 10 # max number of replication slots
# (change requires restart)
#track_commit_timestamp = off # collect timestamp of transaction commit
# (change requires restart)
# - Master Server -
# These settings are ignored on a standby server.
#synchronous_standby_names = '' # standby servers that provide sync rep
# method to choose sync standbys, number of sync standbys,
# and comma-separated list of application_name
# from standby(s); '*' = all
#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
# - Standby Servers -
# These settings are ignored on a master server.
#hot_standby = on # "off" disallows queries during recovery
# (change requires restart)
#max_standby_archive_delay = 30s # max delay before canceling queries
# when reading WAL from archive;
# -1 allows indefinite delay
#max_standby_streaming_delay = 30s # max delay before canceling queries
# when reading streaming WAL;
# -1 allows indefinite delay
#wal_receiver_status_interval = 10s # send replies at least this often
# 0 disables
#hot_standby_feedback = off # send info from standby to prevent
# query conflicts
#wal_receiver_timeout = 60s # time that receiver waits for
# communication from master
# in milliseconds; 0 disables
#wal_retrieve_retry_interval = 5s # time to wait before retrying to
# retrieve WAL after a failed attempt
# - Subscribers -
# These settings are ignored on a publisher.
#max_logical_replication_workers = 4 # taken from max_worker_processes
# (change requires restart)
#max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers
#------------------------------------------------------------------------------
# QUERY TUNING
#------------------------------------------------------------------------------
# - Planner Method Configuration -
#enable_bitmapscan = on
#enable_hashagg = on
#enable_hashjoin = on
#enable_indexscan = on
#enable_indexonlyscan = on
#enable_material = on
#enable_mergejoin = on
#enable_nestloop = on
#enable_parallel_append = on
#enable_seqscan = on
#enable_sort = on
#enable_tidscan = on
#enable_partitionwise_join = off
#enable_partitionwise_aggregate = off
#enable_parallel_hash = on
#enable_partition_pruning = on
# - Planner Cost Constants -
#seq_page_cost = 1.0 # measured on an arbitrary scale
#random_page_cost = 4.0 # same scale as above
#cpu_tuple_cost = 0.01 # same scale as above
#cpu_index_tuple_cost = 0.005 # same scale as above
#cpu_operator_cost = 0.0025 # same scale as above
#parallel_tuple_cost = 0.1 # same scale as above
#parallel_setup_cost = 1000.0 # same scale as above
#jit_above_cost = 100000 # perform JIT compilation if available
# and query more expensive than this;
# -1 disables
#jit_inline_above_cost = 500000 # inline small functions if query is
# more expensive than this; -1 disables
#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if
# query is more expensive than this;
# -1 disables
#min_parallel_table_scan_size = 8MB
#min_parallel_index_scan_size = 512kB
#effective_cache_size = 4GB
# - Genetic Query Optimizer -
#geqo = on
#geqo_threshold = 12
#geqo_effort = 5 # range 1-10
#geqo_pool_size = 0 # selects default based on effort
#geqo_generations = 0 # selects default based on effort
#geqo_selection_bias = 2.0 # range 1.5-2.0
#geqo_seed = 0.0 # range 0.0-1.0
# - Other Planner Options -
#default_statistics_target = 100 # range 1-10000
#constraint_exclusion = partition # on, off, or partition
#cursor_tuple_fraction = 0.1 # range 0.0-1.0
#from_collapse_limit = 8
#join_collapse_limit = 8 # 1 disables collapsing of explicit
# JOIN clauses
#force_parallel_mode = off
#jit = on # allow JIT compilation
#plan_cache_mode = auto # auto, force_generic_plan or
# force_custom_plan
#------------------------------------------------------------------------------
# REPORTING AND LOGGING
#------------------------------------------------------------------------------
# - Where to Log -
#log_destination = 'stderr' # Valid values are combinations of
# stderr, csvlog, syslog, and eventlog,
# depending on platform. csvlog
# requires logging_collector to be on.
# This is used when logging to stderr:
#logging_collector = off # Enable capturing of stderr and csvlog
# into log files. Required to be on for
# csvlogs.
# (change requires restart)
# These are only used if logging_collector is on:
#log_directory = 'log' # directory where log files are written,
# can be absolute or relative to PGDATA
#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
# can include strftime() escapes
#log_file_mode = 0600 # creation mode for log files,
# begin with 0 to use octal notation
#log_truncate_on_rotation = off # If on, an existing log file with the
# same name as the new log file will be
# truncated rather than appended to.
# But such truncation only occurs on
# time-driven rotation, not on restarts
# or size-driven rotation. Default is
# off, meaning append to existing files
# in all cases.
#log_rotation_age = 1d # Automatic rotation of logfiles will
# happen after that time. 0 disables.
#log_rotation_size = 10MB # Automatic rotation of logfiles will
# happen after that much log output.
# 0 disables.
# These are relevant when logging to syslog:
#syslog_facility = 'LOCAL0'
#syslog_ident = 'postgres'
#syslog_sequence_numbers = on
#syslog_split_messages = on
# This is only relevant when logging to eventlog (win32):
# (change requires restart)
#event_source = 'PostgreSQL'
# - When to Log -
#log_min_messages = warning # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# info
# notice
# warning
# error
# log
# fatal
# panic
#log_min_error_statement = error # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# info
# notice
# warning
# error
# log
# fatal
# panic (effectively off)
#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements
# and their durations, > 0 logs only
# statements running at least this number
# of milliseconds
# - What to Log -
#debug_print_parse = off
#debug_print_rewritten = off
#debug_print_plan = off
#debug_pretty_print = on
#log_checkpoints = off
#log_connections = off
#log_disconnections = off
#log_duration = off
#log_error_verbosity = default # terse, default, or verbose messages
#log_hostname = off
log_line_prefix = '%m [%p] %q%u@%d ' # special values:
# %a = application name
# %u = user name
# %d = database name
# %r = remote host and port
# %h = remote host
# %p = process ID
# %t = timestamp without milliseconds
# %m = timestamp with milliseconds
# %n = timestamp with milliseconds (as a Unix epoch)
# %i = command tag
# %e = SQL state
# %c = session ID
# %l = session line number
# %s = session start timestamp
# %v = virtual transaction ID
# %x = transaction ID (0 if none)
# %q = stop here in non-session
# processes
# %% = '%'
# e.g. '<%u%%%d> '
#log_lock_waits = off # log lock waits >= deadlock_timeout
#log_statement = 'none' # none, ddl, mod, all
#log_replication_commands = off
#log_temp_files = -1 # log temporary files equal or larger
# than the specified size in kilobytes;
# -1 disables, 0 logs all temp files
log_timezone = 'Europe/Paris'
#------------------------------------------------------------------------------
# PROCESS TITLE
#------------------------------------------------------------------------------
cluster_name = '{{ postgresql.version }}/main' # added to process titles if nonempty
# (change requires restart)
#update_process_title = on
#------------------------------------------------------------------------------
# STATISTICS
#------------------------------------------------------------------------------
# - Query and Index Statistics Collector -
#track_activities = on
#track_counts = on
#track_io_timing = off
#track_functions = none # none, pl, all
#track_activity_query_size = 1024 # (change requires restart)
stats_temp_directory = '/var/run/postgresql/{{ postgresql.version }}-main.pg_stat_tmp'
# - Monitoring -
#log_parser_stats = off
#log_planner_stats = off
#log_executor_stats = off
#log_statement_stats = off
#------------------------------------------------------------------------------
# AUTOVACUUM
#------------------------------------------------------------------------------
#autovacuum = on # Enable autovacuum subprocess? 'on'
# requires track_counts to also be on.
#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and
# their durations, > 0 logs only
# actions running at least this number
# of milliseconds.
#autovacuum_max_workers = 3 # max number of autovacuum subprocesses
# (change requires restart)
#autovacuum_naptime = 1min # time between autovacuum runs
#autovacuum_vacuum_threshold = 50 # min number of row updates before
# vacuum
#autovacuum_analyze_threshold = 50 # min number of row updates before
# analyze
#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum
#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze
#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum
# (change requires restart)
#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age
# before forced vacuum
# (change requires restart)
#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for
# autovacuum, in milliseconds;
# -1 means use vacuum_cost_delay
#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for
# autovacuum, -1 means use
# vacuum_cost_limit
#------------------------------------------------------------------------------
# CLIENT CONNECTION DEFAULTS
#------------------------------------------------------------------------------
# - Statement Behavior -
#client_min_messages = notice # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# log
# notice
# warning
# error
#search_path = '"$user", public' # schema names
#row_security = on
#default_tablespace = '' # a tablespace name, '' uses the default
#temp_tablespaces = '' # a list of tablespace names, '' uses
# only default tablespace
#check_function_bodies = on
#default_transaction_isolation = 'read committed'
#default_transaction_read_only = off
#default_transaction_deferrable = off
#session_replication_role = 'origin'
#statement_timeout = 0 # in milliseconds, 0 is disabled
#lock_timeout = 0 # in milliseconds, 0 is disabled
#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled
#vacuum_freeze_min_age = 50000000
#vacuum_freeze_table_age = 150000000
#vacuum_multixact_freeze_min_age = 5000000
#vacuum_multixact_freeze_table_age = 150000000
#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples
# before index cleanup, 0 always performs
# index cleanup
#bytea_output = 'hex' # hex, escape
#xmlbinary = 'base64'
#xmloption = 'content'
#gin_fuzzy_search_limit = 0
#gin_pending_list_limit = 4MB
# - Locale and Formatting -
datestyle = 'iso, dmy'
#intervalstyle = 'postgres'
timezone = 'Europe/Paris'
#timezone_abbreviations = 'Default' # Select the set of available time zone
# abbreviations. Currently, there are
# Default
# Australia (historical usage)
# India
# You can create your own file in
# share/timezonesets/.
#extra_float_digits = 1 # min -15, max 3; any value >0 actually
# selects precise output mode
#client_encoding = sql_ascii # actually, defaults to database
# encoding
# These settings are initialized by initdb, but they can be changed.
lc_messages = 'en_US.UTF-8'
lc_monetary = 'en_US.UTF-8'
lc_numeric = 'en_US.UTF-8'
lc_time = 'en_US.UTF-8'
# default configuration for text search
default_text_search_config = 'pg_catalog.french'
# - Shared Library Preloading -
#shared_preload_libraries = '' # (change requires restart)
#local_preload_libraries = ''
#session_preload_libraries = ''
#jit_provider = 'llvmjit' # JIT library to use
# - Other Defaults -
#dynamic_library_path = '$libdir'
#------------------------------------------------------------------------------
# LOCK MANAGEMENT
#------------------------------------------------------------------------------
#deadlock_timeout = 1s
#max_locks_per_transaction = 64 # min 10
# (change requires restart)
#max_pred_locks_per_transaction = 64 # min 10
# (change requires restart)
#max_pred_locks_per_relation = -2 # negative values mean
# (max_pred_locks_per_transaction
# / -max_pred_locks_per_relation) - 1
#max_pred_locks_per_page = 2 # min 0
#------------------------------------------------------------------------------
# VERSION AND PLATFORM COMPATIBILITY
#------------------------------------------------------------------------------
# - Previous PostgreSQL Versions -
#array_nulls = on
#backslash_quote = safe_encoding # on, off, or safe_encoding
#default_with_oids = off
#escape_string_warning = on
#lo_compat_privileges = off
#operator_precedence_warning = off
#quote_all_identifiers = off
#standard_conforming_strings = on
#synchronize_seqscans = on
# - Other Platforms and Clients -
#transform_null_equals = off
#------------------------------------------------------------------------------
# ERROR HANDLING
#------------------------------------------------------------------------------
#exit_on_error = off # terminate session on any error?
#restart_after_crash = on # reinitialize after backend crash?
#data_sync_retry = off # retry or panic on failure to fsync
# data?
# (change requires restart)
#------------------------------------------------------------------------------
# CONFIG FILE INCLUDES
#------------------------------------------------------------------------------
# These options allow settings to be loaded from files other than the
# default postgresql.conf. Note that these are directives, not variable
# assignments, so they can usefully be given more than once.
include_dir = 'conf.d' # include files ending in '.conf' from
# a directory, e.g., 'conf.d'
#include_if_exists = '...' # include file only if it exists
#include = '...' # include file
#------------------------------------------------------------------------------
# CUSTOMIZED OPTIONS
#------------------------------------------------------------------------------
# Add settings for extensions here

20
roles/prometheus/tasks/main.yml
View file

@ -57,6 +57,13 @@
mode: 0644
when: prometheus_unifi_snmp_targets is defined
- name: Configure Prometheus Switchs
copy:
content: "{{ prometheus_switch_snmp_targets | to_nice_json }}"
dest: /etc/prometheus/targets_switch_snmp.json
mode: 0644
when: prometheus_switch_snmp_targets is defined
- name: Configure Prometheus UPS SNMP devices
copy:
content: "{{ [{'targets': prometheus_ups_snmp_targets }] | to_nice_json }}\n"
@ -77,8 +84,11 @@
enabled: true
state: started
- name: Indicate role in motd
template:
src: update-motd.d/05-service.j2
dest: /etc/update-motd.d/05-prometheus
mode: 0755
- include_role:
name: update_motd
vars:
motd_messages:
- key: 05-prometheus
message: >-
Prometheus est déployé sur cette machine (voir /etc/prometheus)
...

2
roles/prometheus/templates/prometheus/alert.rules.yml.j2
View file

@ -119,7 +119,7 @@ groups:
summary: "La tension de sortie de {{ $labels.instance }} est de {{ $value }}V."
- alert: UpsTimeRemainingWarning
expr: upsEstimatedMinutesRemaining < 15
expr: upsEstimatedMinutesRemaining < 8
for: 1m
labels:
severity: warning

17
roles/prometheus/templates/prometheus/prometheus.yml.j2
View file

@ -8,7 +8,7 @@ global:
# Attach these labels to any time series or alerts when communicating with
# external systems (federation, remote storage, Alertmanager).
external_labels:
monitor: 'example'
federated_instance: '{{ inventory_hostname }}'
# Alertmanager configuration
# Use prometheus alertmanager installed on the same machine
@ -81,6 +81,21 @@ scrape_configs:
- target_label: __address__
replacement: 127.0.0.1:9116
- job_name: switch_snmp
file_sd_configs:
- files:
- "/etc/prometheus/targets_switch_snmp.json"
metrics_path: /snmp
params:
module: [procurve_switch]
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9116
- job_name: docker
file_sd_configs:
- files:

109
roles/prometheus/templates/prometheus/snmp.yml.j2
View file

@ -1,4 +1,6 @@
# {{ ansible_managed }}
---
{{ ansible_managed | comment }}
# TODOlist :
# - Faire fonctionner le monitoring des switchs défini ici
# * Configurer tous les switchs avec un compte SNMPv3
@ -12,6 +14,7 @@ eatonups:
- 1.3.6.1.2.1.33.1.3
- 1.3.6.1.2.1.33.1.4
- 1.3.6.1.4.1.534.1.6
- 1.3.6.1.4.1.318.1.1.10.2.3.2.1.4
get:
- 1.3.6.1.2.1.1.3.0
metrics:
@ -66,9 +69,10 @@ eatonups:
- labelname: upsOutputLineIndex
type: gauge
- name: xupsEnvRemoteTemp
oid: 1.3.6.1.4.1.534.1.6.5
# oid: 1.3.6.1.4.1.534.1.6.5
oid: 1.3.6.1.4.1.318.1.1.10.2.3.2.1.4
type: gauge
help: The reading of an EMP's temperature sensor. - 1.3.6.1.4.1.534.1.6.5
help: The reading of an EMP's temperature sensor. - 1.3.6.1.4.1.318.1.1.10.2.3.2.1.4
- name: xupsEnvRemoteHumidity
oid: 1.3.6.1.4.1.534.1.6.6
type: gauge
@ -77,49 +81,73 @@ eatonups:
auth:
community: public
procurve_switch:
walk:
- 1.3.6.1.2.1.31.1.1.1.10
- 1.3.6.1.2.1.31.1.1.1.6
- 1.3.6.1.2.1.31.1.1.1.10
- 1.3.6.1.2.1.31.1.1.1
- 1.3.6.1.2.1.2.2.1.2
- 1.3.6.1.2.1.31.1.1.1.18
get:
- 1.3.6.1.2.1.1.3.0
- 1.3.6.1.2.1.1.5.0
- 1.3.6.1.2.1.1.6.0
- 1.3.6.1.2.1.1.3.0
- 1.3.6.1.2.1.1.5.0
- 1.3.6.1.2.1.1.6.0
metrics:
- name: sysUpTime
oid: 1.3.6.1.2.1.1.3
type: gauge
help: The time (in hundredths of a second) since the network management portion
of the system was last re-initialized. - 1.3.6.1.2.1.1.3
- name: sysName
oid: 1.3.6.1.2.1.1.5
type: DisplayString
help: An administratively-assigned name for this managed node - 1.3.6.1.2.1.1.5
- name: sysLocation
oid: 1.3.6.1.2.1.1.6
type: DisplayString
help: The physical location of this node (e.g., 'telephone closet, 3rd floor')
- 1.3.6.1.2.1.1.6
- name: ifHCOutOctets
oid: 1.3.6.1.2.1.31.1.1.1.10
type: counter
help: The total number of octets transmitted out of the interface, including framing
characters - 1.3.6.1.2.1.31.1.1.1.10
indexes:
- labelname: ifIndex
- name: sysUpTime
oid: 1.3.6.1.2.1.1.3
type: gauge
- name: ifHCInOctets
oid: 1.3.6.1.2.1.31.1.1.1.6
type: counter
help: The total number of octets received on the interface, including framing
characters - 1.3.6.1.2.1.31.1.1.1.6
indexes:
- labelname: ifIndex
type: gauge
version: 3
help: The time (in hundredths of a second) since the network management
portion of the system was last re-initialized. - 1.3.6.1.2.1.1.3
- name: sysName
oid: 1.3.6.1.2.1.1.5
type: DisplayString
help: An administratively-assigned name for this managed node
- 1.3.6.1.2.1.1.5
- name: sysLocation
oid: 1.3.6.1.2.1.1.6
type: DisplayString
help: The physical location of this node (e.g., 'telephone closet, 3rd
floor') - 1.3.6.1.2.1.1.6
- name: ifHCOutOctets
oid: 1.3.6.1.2.1.31.1.1.1.10
type: counter
help: The total number of octets transmitted out of the interface,
including framing characters - 1.3.6.1.2.1.31.1.1.1.10
indexes:
- labelname: ifIndex
type: gauge
lookups:
- labels:
- ifIndex
labelname: ifDescr
oid: 1.3.6.1.2.1.2.2.1.2
type: DisplayString
- labels:
- ifIndex
labelname: ifName
oid: 1.3.6.1.2.1.31.1.1.1.1
type: DisplayString
- name: ifHCInOctets
oid: 1.3.6.1.2.1.31.1.1.1.6
type: counter
help: The total number of octets received on the interface, including
framing characters - 1.3.6.1.2.1.31.1.1.1.6
indexes:
- labelname: ifIndex
type: gauge
lookups:
- labels:
- ifIndex
labelname: ifDescr
oid: 1.3.6.1.2.1.2.2.1.2
type: DisplayString
- labels:
- ifIndex
labelname: ifName
oid: 1.3.6.1.2.1.31.1.1.1.1
type: DisplayString
version: 2
auth:
username: prometheus
community: "{{ snmp_switch_community }}"
ubiquiti_unifi:
walk:
@ -385,3 +413,4 @@ ubiquiti_unifi:
auth_protocol: SHA
priv_protocol: AES
priv_password: {{ snmp_unifi_password }}
...

4
roles/prometheus/templates/update-motd.d/05-service.j2
View file

@ -1,4 +0,0 @@
#!/bin/sh
# {{ ansible_managed }}
echo "> prometheus a été déployé sur cette machine."
echo " Voir /etc/prometheus/"

17
roles/prometheus_federate/tasks/main.yml
View file

@ -23,12 +23,11 @@
notify: Restart Prometheus
loop:
- alert.rules.yml
- django.rules.yml
# We don't need to restart Prometheus when updating nodes
- name: Configure Prometheus Federate devices
copy:
content: "{{ [{'targets': prometheus_targets }] | to_nice_json }}"
content: "{{ [{'targets': prometheus_targets }] | to_nice_json }}"
dest: /etc/prometheus/targets.json
mode: 0644
when: prometheus_targets is defined
@ -39,8 +38,12 @@
enabled: true
state: started
- name: Indicate role in motd
template:
src: update-motd.d/05-service.j2
dest: /etc/update-motd.d/05-prometheus
mode: 0755
- include_role:
name: update_motd
vars:
motd_messages:
- key: 05-prometheus-federate
message: >-
Prometheus (en configuration fédération) est déployé sur cette
machine (voir /etc/prometheus)
...

152
roles/prometheus_federate/templates/prometheus/alert.rules.yml.j2
View file

@ -1,138 +1,16 @@
# {{ ansible_managed }}
{# As this is also Jinja2 it will conflict without a raw block #}
{# Depending of Prometheus Node exporter version, rules can change depending of version #}
{% raw %}
---
{{ ansible_managed | comment }}
groups:
- name: alert.rules
rules:
# Alert for any instance that is unreachable for >3 minutes.
- alert: InstanceDown
expr: up == 0
for: 3m
labels:
severity: critical
annotations:
summary: "Federate : {{ $labels.exported_instance }} est invisible depuis plus de 3 minutes !"
# Alert for out of memory
- alert: OutOfMemory
expr: (node_memory_MemFree_bytes + node_memory_Cached_bytes + node_memory_Buffers_bytes) / node_memory_MemTotal_bytes * 100 < 10
for: 5m
labels:
severity: warning
annotations:
summary: "Federate : Mémoire libre de {{ $labels.exported_instance }} à {{ humanize $value }}%."
# Alert for out of disk space
- alert: OutOfDiskSpace
expr: node_filesystem_free_bytes{fstype="ext4"} / node_filesystem_size_bytes{fstype="ext4"} * 100 < 10
for: 5m
labels:
severity: warning
annotations:
summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.exported_instance }} à {{ humanize $value }}%."
# Alert for out of inode space on disk
- alert: OutOfInodes
expr: node_filesystem_files_free{fstype="ext4"} / node_filesystem_files{fstype="ext4"} * 100 < 10
for: 5m
labels:
severity: warning
annotations:
summary: "Federate : Presque plus d'inodes disponibles ({{ $value }}% restant) dans {{ $labels.mountpoint }} sur {{ $labels.exported_instance }}."
# Alert for high CPU usage
- alert: CpuUsage
expr: (100 - avg by (instance) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 75
for: 10m
labels:
severity: warning
annotations:
summary: "Federate : CPU sur {{ $labels.exported_instance }} à {{ humanize $value }}%."
# Check systemd unit (> buster)
- alert: SystemdServiceFailed
expr: node_systemd_unit_state{state="failed"} == 1
for: 10m
labels:
severity: warning
annotations:
summary: "Federate : {{ $labels.name }} a échoué sur {{ $labels.exported_instance }}"
# Check load of instance
- alert: LoadUsage
expr: node_load1 > 5
for: 2m
labels:
severity: warning
annotations:
summary: "Federate : la charge de {{ $labels.exported_instance }} est à {{ $value }} !"
# Check UPS
- alert: UpsOutputSourceChanged
expr: upsOutputSource != 3
for: 1m
labels:
severity: warning
annotations:
summary: "Federate : La source d'alimentation de {{ $labels.exported_instance }} a changé !"
- alert: UpsBatteryStatusWarning
expr: upsBatteryStatus == 3
for: 2m
labels:
severity: warning
annotations:
summary: "Federate : L'état de la batterie de {{ $labels.exported_instance }} est faible !"
- alert: UpsBatteryStatusCritical
expr: upsBatteryStatus == 4
for: 10m
labels:
severity: warning
annotations:
summary: "L'état de la batterie de {{ $labels.exported_instance }} est affaibli !"
- alert: UpsHighLoad
expr: upsOutputPercentLoad > 70
for: 5m
labels:
severity: critical
annotations:
summary: "Federate : La charge de {{ $labels.exported_instance }} est de {{ $value }}% !"
- alert: UpsWrongInputVoltage
expr: (upsInputVoltage < 210) or (upsInputVoltage > 250)
for: 10m
labels:
severity: warning
annotations:
summary: "Federate : La tension d'entrée de {{ $labels.exported_instance }} est de {{ $value }}V."
- alert: UpsWrongOutputVoltage
expr: (upsOutputVoltage < 220) or (upsOutputVoltage > 240)
for: 10m
labels:
severity: warning
annotations:
summary: "Federate : La tension de sortie de {{ $labels.exported_instance }} est de {{ $value }}V."
- alert: UpsTimeRemainingWarning
expr: upsEstimatedMinutesRemaining < 15
for: 1m
labels:
severity: warning
annotations:
summary: "Federate : L'autonomie restante sur {{ $labels.exported_instance }} est de {{ $value }} min."
- alert: UpsTimeRemainingCritical
expr: upsEstimatedMinutesRemaining < 5
for: 1m
labels:
severity: critical
annotations:
summary: "Federate : L'autonomie restante sur {{ $labels.exported_instance }} est de {{ $value }} min."
{% endraw %}
- name: alert.rules
rules:
- alert: FederateInstanceDown
expr: up{job="federate"} == 0
for: 3m
labels:
severity: critical
annotations:
summary: >-
Federate : {{ "{{" }} $labels.instance {{ "}}" }} est invisible
depuis plus de 3 minutes !
...

106
roles/prometheus_federate/templates/prometheus/django.rules.yml.j2
View file

@ -1,106 +0,0 @@
# {{ ansible_managed }}
{# As this is also Jinja2 it will conflict without a raw block #}
{% raw %}
groups:
- name: django.rules
rules:
- record: job:django_http_requests_before_middlewares_total:sum_rate30s
expr: sum(rate(django_http_requests_before_middlewares_total[30s])) BY (job)
- record: job:django_http_requests_unknown_latency_total:sum_rate30s
expr: sum(rate(django_http_requests_unknown_latency_total[30s])) BY (job)
- record: job:django_http_ajax_requests_total:sum_rate30s
expr: sum(rate(django_http_ajax_requests_total[30s])) BY (job)
- record: job:django_http_responses_before_middlewares_total:sum_rate30s
expr: sum(rate(django_http_responses_before_middlewares_total[30s])) BY (job)
- record: job:django_http_requests_unknown_latency_including_middlewares_total:sum_rate30s
expr: sum(rate(django_http_requests_unknown_latency_including_middlewares_total[30s]))
BY (job)
- record: job:django_http_requests_body_total_bytes:sum_rate30s
expr: sum(rate(django_http_requests_body_total_bytes[30s])) BY (job)
- record: job:django_http_responses_streaming_total:sum_rate30s
expr: sum(rate(django_http_responses_streaming_total[30s])) BY (job)
- record: job:django_http_responses_body_total_bytes:sum_rate30s
expr: sum(rate(django_http_responses_body_total_bytes[30s])) BY (job)
- record: job:django_http_requests_total:sum_rate30s
expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job)
- record: job:django_http_requests_total_by_method:sum_rate30s
expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job, method)
- record: job:django_http_requests_total_by_transport:sum_rate30s
expr: sum(rate(django_http_requests_total_by_transport[30s])) BY (job, transport)
- record: job:django_http_requests_total_by_view:sum_rate30s
expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job,
view)
- record: job:django_http_requests_total_by_view_transport_method:sum_rate30s
expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job,
view, transport, method)
- record: job:django_http_responses_total_by_templatename:sum_rate30s
expr: sum(rate(django_http_responses_total_by_templatename[30s])) BY (job, templatename)
- record: job:django_http_responses_total_by_status:sum_rate30s
expr: sum(rate(django_http_responses_total_by_status[30s])) BY (job, status)
- record: job:django_http_responses_total_by_charset:sum_rate30s
expr: sum(rate(django_http_responses_total_by_charset[30s])) BY (job, charset)
- record: job:django_http_exceptions_total_by_type:sum_rate30s
expr: sum(rate(django_http_exceptions_total_by_type[30s])) BY (job, type)
- record: job:django_http_exceptions_total_by_view:sum_rate30s
expr: sum(rate(django_http_exceptions_total_by_view[30s])) BY (job, view)
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "50"
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "95"
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "99"
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "99.9"
- record: job:django_http_requests_latency_seconds:quantile_rate30s
expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "50"
- record: job:django_http_requests_latency_seconds:quantile_rate30s
expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "95"
- record: job:django_http_requests_latency_seconds:quantile_rate30s
expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "99"
- record: job:django_http_requests_latency_seconds:quantile_rate30s
expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "99.9"
- record: job:django_model_inserts_total:sum_rate1m
expr: sum(rate(django_model_inserts_total[1m])) BY (job, model)
- record: job:django_model_updates_total:sum_rate1m
expr: sum(rate(django_model_updates_total[1m])) BY (job, model)
- record: job:django_model_deletes_total:sum_rate1m
expr: sum(rate(django_model_deletes_total[1m])) BY (job, model)
- record: job:django_db_new_connections_total:sum_rate30s
expr: sum(rate(django_db_new_connections_total[30s])) BY (alias, vendor)
- record: job:django_db_new_connection_errors_total:sum_rate30s
expr: sum(rate(django_db_new_connection_errors_total[30s])) BY (alias, vendor)
- record: job:django_db_execute_total:sum_rate30s
expr: sum(rate(django_db_execute_total[30s])) BY (alias, vendor)
- record: job:django_db_execute_many_total:sum_rate30s
expr: sum(rate(django_db_execute_many_total[30s])) BY (alias, vendor)
- record: job:django_db_errors_total:sum_rate30s
expr: sum(rate(django_db_errors_total[30s])) BY (alias, vendor, type)
- record: job:django_migrations_applied_total:max
expr: max(django_migrations_applied_total) BY (job, connection)
- record: job:django_migrations_unapplied_total:max
expr: max(django_migrations_unapplied_total) BY (job, connection)
{% endraw %}

39
roles/prometheus_federate/templates/prometheus/prometheus.yml.j2
View file

@ -1,50 +1,35 @@
# {{ ansible_managed }}
---
{{ ansible_managed | comment }}
global:
# scrape_interval is set to the global default (60s)
# evaluation_interval is set to the global default (60s)
# scrape_timeout is set to the global default (10s).
# Attach these labels to any time series or alerts when communicating with
# external systems (federation, remote storage, Alertmanager).
external_labels:
monitor: 'example'
monitor: '{{ ansible_fqdn }}'
# Alertmanager configuration
# Use prometheus alertmanager installed on the same machine
alerting:
alertmanagers:
- static_configs:
- targets: ['{{ prometheus_alertmanager }}']
- static_configs:
- targets: ['{{ prometheus_alertmanager }}']
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
- "alert.rules.yml" # Monitoring alerts, this is the file you may be searching!
- "django.rules.yml" # Custom rules specific for Django project monitoring
- 'alert.rules.yml'
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
# The .json in file_sd_configs is dynamically reloaded
- job_name: federate
scrape_interval: 15s
scrape_interval: 30s
metrics_path: '/federate'
honor_labels: true
honor_timestamps: true
file_sd_configs:
- files:
- '/etc/prometheus/targets.json'
relabel_configs:
# Do not put :9100 in instance name, rather here
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- source_labels: [__param_target]
target_label: __address__
replacement: '$1:9090'
params:
'match[]':
match[]:
- '{job="servers"}'
- '{job="prometheus"}'
- '{job="unifi_snmp"}'
@ -52,5 +37,5 @@ scrape_configs:
- '{job="ups_snmp"}'
- '{job="django"}'
- '{job="docker"}'
- '{job="switch"}'
- '{job="switch_snmp"}'
...

387
roles/prometheus_federate/templates/prometheus/snmp.yml.j2
View file

@ -1,387 +0,0 @@
# {{ ansible_managed }}
# TODOlist :
# - Faire fonctionner le monitoring des switchs défini ici
# * Configurer tous les switchs avec un compte SNMPv3
# * Mettre l'inventaire des switchs dans Ansible
# - Optimiser les règles pour les bornes Unifi,
# on pourrait indexer avec les SSID
eatonups:
walk:
- 1.3.6.1.2.1.33.1.2
- 1.3.6.1.2.1.33.1.3
- 1.3.6.1.2.1.33.1.4
- 1.3.6.1.4.1.534.1.6
get:
- 1.3.6.1.2.1.1.3.0
metrics:
- name: sysUpTime
oid: 1.3.6.1.2.1.1.3
type: gauge
help: The time (in hundredths of a second) since the network management portion
of the system was last re-initialized. - 1.3.6.1.2.1.1.3
- name: upsBatteryStatus
oid: 1.3.6.1.2.1.33.1.2.1
type: gauge
help: The indication of the capacity remaining in the UPS system's batteries -
1.3.6.1.2.1.33.1.2.1
- name: upsEstimatedMinutesRemaining
oid: 1.3.6.1.2.1.33.1.2.3
type: gauge
help: An estimate of the time to battery charge depletion under the present load
conditions if the utility power is off and remains off, or if it were to be
lost and remain off. - 1.3.6.1.2.1.33.1.2.3
- name: upsInputVoltage
oid: 1.3.6.1.2.1.33.1.3.3.1.3
type: gauge
help: The magnitude of the present input voltage. - 1.3.6.1.2.1.33.1.3.3.1.3
indexes:
- labelname: upsInputLineIndex
type: gauge
- name: upsOutputSource
oid: 1.3.6.1.2.1.33.1.4.1
type: gauge
help: The present source of output power - 1.3.6.1.2.1.33.1.4.1
- name: upsOutputVoltage
oid: 1.3.6.1.2.1.33.1.4.4.1.2
type: gauge
help: The present output voltage. - 1.3.6.1.2.1.33.1.4.4.1.2
indexes:
- labelname: upsOutputLineIndex
type: gauge
- name: upsOutputPower
oid: 1.3.6.1.2.1.33.1.4.4.1.4
type: gauge
help: The present output true power. - 1.3.6.1.2.1.33.1.4.4.1.4
indexes:
- labelname: upsOutputLineIndex
type: gauge
- name: upsOutputPercentLoad
oid: 1.3.6.1.2.1.33.1.4.4.1.5
type: gauge
help: The percentage of the UPS power capacity presently being used on this output
line, i.e., the greater of the percent load of true power capacity and the percent
load of VA. - 1.3.6.1.2.1.33.1.4.4.1.5
indexes:
- labelname: upsOutputLineIndex
type: gauge
- name: xupsEnvRemoteTemp
oid: 1.3.6.1.4.1.534.1.6.5
type: gauge
help: The reading of an EMP's temperature sensor. - 1.3.6.1.4.1.534.1.6.5
- name: xupsEnvRemoteHumidity
oid: 1.3.6.1.4.1.534.1.6.6
type: gauge
help: The reading of an EMP's humidity sensor. - 1.3.6.1.4.1.534.1.6.6
version: 1
auth:
community: public
procurve_switch:
walk:
- 1.3.6.1.2.1.31.1.1.1.10
- 1.3.6.1.2.1.31.1.1.1.6
get:
- 1.3.6.1.2.1.1.3.0
- 1.3.6.1.2.1.1.5.0
- 1.3.6.1.2.1.1.6.0
metrics:
- name: sysUpTime
oid: 1.3.6.1.2.1.1.3
type: gauge
help: The time (in hundredths of a second) since the network management portion
of the system was last re-initialized. - 1.3.6.1.2.1.1.3
- name: sysName
oid: 1.3.6.1.2.1.1.5
type: DisplayString
help: An administratively-assigned name for this managed node - 1.3.6.1.2.1.1.5
- name: sysLocation
oid: 1.3.6.1.2.1.1.6
type: DisplayString
help: The physical location of this node (e.g., 'telephone closet, 3rd floor')
- 1.3.6.1.2.1.1.6
- name: ifHCOutOctets
oid: 1.3.6.1.2.1.31.1.1.1.10
type: counter
help: The total number of octets transmitted out of the interface, including framing
characters - 1.3.6.1.2.1.31.1.1.1.10
indexes:
- labelname: ifIndex
type: gauge
- name: ifHCInOctets
oid: 1.3.6.1.2.1.31.1.1.1.6
type: counter
help: The total number of octets received on the interface, including framing
characters - 1.3.6.1.2.1.31.1.1.1.6
indexes:
- labelname: ifIndex
type: gauge
version: 3
auth:
username: prometheus
ubiquiti_unifi:
walk:
- 1.3.6.1.4.1.41112.1.6
get:
- 1.3.6.1.2.1.1.5.0
- 1.3.6.1.2.1.1.6.0
metrics:
# Pour faire une WifiMap un jour, on peut entrer la location dans la conf des bornes
# - name: sysLocation
# oid: 1.3.6.1.2.1.1.6
# type: DisplayString
# help: The physical location of this node (e.g., 'telephone closet, 3rd floor')
# - 1.3.6.1.2.1.1.6
- name: unifiVapIndex
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.1
type: gauge
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.1'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapChannel
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.4
type: gauge
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.4'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapEssId
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6
type: DisplayString
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.6'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapName
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.7
type: DisplayString
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.7'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifi_vap_num_stations
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8
type: gauge
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8'
indexes:
- labelname: unifi_vap_index
type: gauge
lookups:
- labels: [unifi_vap_index]
labelname: unifi_vap_essid
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6
type: DisplayString
- labels: [unifi_vap_index]
labelname: unifi_vap_radio
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9
type: DisplayString
- labels: []
labelname: unifi_vap_index
# - name: unifiVapNumStations
# oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8
# type: gauge
# help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8'
# indexes:
# - labelname: unifiVapIndex
# type: gauge
- name: unifiVapRadio
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9
type: DisplayString
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.9'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapRxBytes
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.10
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.10'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapRxCrypts
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.11
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.11'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapRxDropped
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.12
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.12'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapRxErrors
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.13
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.13'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapRxFrags
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.14
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.14'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapRxPackets
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.15
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.15'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapTxBytes
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.16
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.16'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapTxDropped
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.17
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.17'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapTxErrors
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.18
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.18'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapTxPackets
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.19
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.19'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapTxRetries
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.20
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.20'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapTxPower
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.21
type: gauge
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.21'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapUp
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.22
type: gauge
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.22'
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiVapUsage
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.23
type: DisplayString
help: guest or regular user - 1.3.6.1.4.1.41112.1.6.1.2.1.23
indexes:
- labelname: unifiVapIndex
type: gauge
- name: unifiIfIndex
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.1
type: gauge
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.1'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfName
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.5
type: DisplayString
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.5'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfRxBytes
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.6
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.6'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfRxDropped
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.7
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.7'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfRxError
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.8
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.8'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfRxMulticast
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.9
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.9'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfRxPackets
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.10
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.10'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfTxBytes
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.12
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.12'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfTxDropped
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.13
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.13'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfTxError
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.14
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.14'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiIfTxPackets
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.15
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.15'
indexes:
- labelname: unifiIfIndex
type: gauge
- name: unifiApSystemModel
oid: 1.3.6.1.4.1.41112.1.6.3.3
type: DisplayString
help: ' - 1.3.6.1.4.1.41112.1.6.3.3'
- name: unifiApSystemUptime
oid: 1.3.6.1.4.1.41112.1.6.3.5
type: counter
help: ' - 1.3.6.1.4.1.41112.1.6.3.5'
version: 3
auth:
security_level: authPriv
username: snmp_prometheus
password: {{ snmp_unifi_password }}
auth_protocol: SHA
priv_protocol: AES
priv_password: {{ snmp_unifi_password }}

4
roles/prometheus_federate/templates/update-motd.d/05-service.j2
View file

@ -1,4 +0,0 @@
#!/bin/sh
# {{ ansible_managed }}
echo "> prometheus a été déployé sur cette machine."
echo " Voir /etc/prometheus/"

10
roles/update_motd/handlers/main.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: Remove cached motd
become: true
file:
path: "{{ item }}"
state: absent
loop:
- /var/run/motd.dynamic
- /var/run/motd.dynamic.new
...

53
roles/update_motd/tasks/main.yml Normal file
View file

@ -0,0 +1,53 @@
---
- name: Ensure update-motd.d exists
become: true
file:
path: /etc/update-motd.d
state: directory
mode: u=rwx,g=rx,o=rx
owner: root
group: root
- name: Customize motd
become: true
template:
src: "{{ item }}"
dest: "/etc/update-motd.d/{{ item }}"
mode: u=rwx,g=rx,o=rx
owner: root
group: root
loop:
- 00-logo
- 10-messages
- 20-uname
notify: Remove cached motd
- name: Remove Debian warranty motd
become: true
file:
path: /etc/motd
state: absent
notify: Remove cached motd
- name: Ensure motd-messages exists
become: true
file:
path: /etc/motd-messages
state: directory
mode: u=rwx,g=rx,o=rx
owner: root
group: root
notify: Remove cached motd
- name: Install additional motd messages
become: true
copy:
content: "✨ {{ item.message }}\n"
dest: "/etc/motd-messages/{{ item.key }}"
mode: u=rwx,g=rx,o=rx
owner: root
group: root
loop: "{{ motd_messages }}"
notify: Remove cached motd
when: motd_messages is defined
...

20
roles/baseconfig/files/update-motd.d/00-logo → roles/update_motd/templates/00-logo Executable file → Normal file
View file

@ -1,23 +1,23 @@
#!/bin/sh
# {{ ansible_managed }}
{{ ansible_managed | comment }}
# Pretty uptime
upSeconds="$(/usr/bin/cut -d. -f1 /proc/uptime)"
mins=$((${upSeconds}/60%60))
hours=$((${upSeconds}/3600%24))
days=$((${upSeconds}/86400))
UPTIME=`printf "%d jours, %02dh%02dm" "$days" "$hours" "$mins"`
mins="$((upSeconds / 60 % 60))"
hours="$((upSeconds / 3600 % 24))"
days="$((upSeconds / 86400))"
UPTIME="$(printf "%d jours, %02dh%02dm" "$days" "$hours" "$mins")"
# RAM
RAM=`free -m | awk 'NR==2{printf "%s/%sMB (%.2f%%)\n", $3,$2,$3*100/$2 }'`
DISK=`df -h | awk '$NF=="/"{printf "%d/%dGB (%s)\n", $3,$2,$5}'`
RAM="$(free -m | awk 'NR==2{printf "%s/%sMB (%.2f%%)\n", $3,$2,$3*100/$2}')"
DISK="$(df -h | awk '$NF=="/"{printf "%d/%dGB (%s)\n", $3,$2,$5}')"
# Text font
bold=$(tput bold)
normal=$(tput sgr0)
bold="$(tput bold)"
normal="$(tput sgr0)"
# Logo
cat << EOF
cat <<EOF

      ${bold}Uptime${normal} : ${UPTIME}
    ${bold}Mémoire${normal} : ${RAM}

4
roles/update_motd/templates/10-messages Normal file
View file

@ -0,0 +1,4 @@
#!/bin/sh
set -euf
find /etc/motd-messages -type f -exec cat -- {} +

4
roles/update_motd/templates/20-uname Normal file
View file

@ -0,0 +1,4 @@
#!/bin/sh
{{ ansible_managed | comment }}
uname -snrvm

17
sudo_upgrade.yml Executable file
View file

@ -0,0 +1,17 @@
#!/usr/bin/env ansible-playbook
---
# This is a special playbook to upgrade sudo everywhere after the
# CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
# Please always use with --limit myserver.adm.auro.re
# And list updates with --check
- hosts: all
tasks:
- name: Upgrade sudo
apt:
name: sudo
state: latest
update_cache: true
cache_valid_time: 3600 # one hour
register: apt_result
retries: 3
until: apt_result is succeeded