Commit graph

706 commits

Author SHA1 Message Date
0bfc631465 Remove unused files
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-08-20 17:00:19 +02:00
c5e6fbcfdf Configuration for monitoring APC PDU 2021-08-20 16:58:28 +02:00
54b073bd02 Typo in unhealthy disk rule 2021-08-18 18:53:27 +02:00
e6b6790f63 New rule for unhealthy disks 2021-08-13 15:24:12 +02:00
b7ead19d50 Remove mail from re2o bug report
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-05-25 23:11:30 +02:00
bb97bca456 Increase RandomizedDelaySec when hourly = 0
Some checks reported errors
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build encountered an error
2021-05-23 14:09:01 +02:00
9296a2ed91 Add caradoc.adm.auro.re
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-05-23 14:02:20 +02:00
4f2f0ffe64 Increase swap alert threshold 2021-05-19 15:32:33 +02:00
c8a877282f Add 9 & 10 for Debian distribution
Some checks failed
continuous-integration/drone/push Build is failing
2021-05-19 15:29:40 +02:00
c6b768e1bb Don't run borgmatic every hour if not needed
Some checks failed
continuous-integration/drone/push Build is failing
2021-05-10 13:02:45 +02:00
ceaf75f0ad Merge pull request 'Use a disk assisted queue for rsyslog' (#56) from rsyslog_queues into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#56
2021-05-04 00:54:40 +02:00
b29e9c0e45 Configure a disk-assisted queue for output actions 2021-04-30 16:49:00 +02:00
3a600d9061 Give a name to unnamed tasks 2021-04-17 17:43:49 +02:00
11d0b46ef0 Remove port for docker instances. Remove 'remove old files' tasks 2021-04-14 20:00:16 +02:00
013743f910 typo in docker rules
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-14 19:54:37 +02:00
1b0bff4c51 Fix deployment and add prometheus groups for hosts
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-14 19:51:47 +02:00
fde52f2e42 Alerts repository owned by prometheus
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-14 19:29:12 +02:00
e4d2416722 fix typo 2021-04-14 19:27:13 +02:00
226b55b0d1 Update alerts (remove instance, translations) 2021-04-14 19:10:42 +02:00
fd5ad8d5ac Merge branch 'prometheus_postgres_exporter' of https://gitea.auro.re/Aurore/ansible into prometheus_postgres_exporter
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-04-12 11:10:31 +02:00
5d9a6599e8 Fix some typos, in accordance to Solal's comments 2021-04-12 11:10:15 +02:00
3320e3e0c6 Update the labels for the alert (make complete tenses) 2021-04-12 11:01:43 +02:00
676cc716cf Modify label for the alert 2021-04-12 11:00:31 +02:00
954e3e0892 End of yaml file (bad copy/paste) 2021-04-12 10:58:59 +02:00
pz2891
8c666151d6 Merge branch 'master' into prometheus_postgres_exporter
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-04-12 10:10:17 +02:00
1908deee9c fix CI
Some checks failed
continuous-integration/drone/push Build is failing
2021-04-12 10:01:39 +02:00
e2b1f8eae5 Allow root to connect using peer authentication
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-11 22:08:11 +02:00
6c64bb214c fix CI
Some checks failed
continuous-integration/drone/push Build is failing
2021-04-11 22:01:21 +02:00
764f0f106d Install postgres exporter when it is bullseye or buster
Some checks failed
continuous-integration/drone/push Build is failing
2021-04-11 21:38:29 +02:00
c48fe1ae17 7% rollback for the warning 2021-04-11 20:57:53 +02:00
304437da97 Remove .save file 2021-04-11 20:56:40 +02:00
9d18ebb7f1 Fix docker rules
Some checks failed
continuous-integration/drone/push Build is failing
2021-04-11 17:18:32 +02:00
6775d9ecde Add docker rules 2021-04-11 16:43:34 +02:00
9ebdf15bb9 Splite alerts on some files 2021-04-11 15:58:35 +02:00
dd48302585 Configure Prometheus and Prometheus federate to scrape Postgres Exporter
Some checks failed
continuous-integration/drone/push Build is failing
2021-04-10 18:01:55 +02:00
45041be2ab Install postgres exporter 2021-04-10 17:29:50 +02:00
jeltz
6b2bc60589 Merge branch 'master' into add_rives_vm_master
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-06 19:37:57 +02:00
91817b324c Increase the alert threshold for temperatures
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-04-03 08:04:10 +02:00
1c3127dbbe Add more node-exporter alerts
All checks were successful
continuous-integration/drone/push Build is passing
Source: https://awesome-prometheus-alerts.grep.to/rules.html
2021-04-02 22:55:51 +02:00
f80435cb31 Differentiate alerts for servers and Wi-Fi APs
All checks were successful
continuous-integration/drone/push Build is passing
2021-04-02 21:54:38 +02:00
06f101527d Use a dynamic interval for UPS output voltage alerts
All checks were successful
continuous-integration/drone/push Build is passing
2021-04-02 13:57:34 +02:00
83f5b35e59 Fix a filename typo
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-04-01 18:24:21 +02:00
35286a661a Change an alert description 2021-04-01 18:24:03 +02:00
11335a6077 Fix typo in alert description
All checks were successful
continuous-integration/drone/push Build is passing
2021-04-01 18:15:22 +02:00
083fc4da9a Fix permissions on prometheus.yml 2021-04-01 18:15:09 +02:00
a743ce09fb Move templates of the prometheus_federate role
All checks were successful
continuous-integration/drone/push Build is passing
2021-04-01 09:42:54 +02:00
bc35cd8e90 Move templates of the prometheus role 2021-04-01 09:40:22 +02:00
5bcc428895 Remove 'instance' from description and fix typos 2021-04-01 09:36:11 +02:00
eeaf0f8486 Fix syntax errors
All checks were successful
continuous-integration/drone/push Build is passing
2021-04-01 06:02:40 +02:00
e247aa3f70 Uniform labels for alerts 2021-04-01 05:21:08 +02:00
jeltz
424aa80d8f Merge pull request 'Use update_motd everywhere' (#44) from use_update_motd_everywhere into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#44
2021-03-30 10:12:14 +02:00
ac05da7173 Use update_motd everywhere
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-30 10:08:21 +02:00
dff0d9922c Store log.adm.auro.re local logs in /var/log/remote 2021-03-30 10:06:25 +02:00
dd274891a5 resolve conflicts
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-30 09:30:06 +02:00
2952c39f70 Fix issues for installing radius-rives (baq package for postgresql-client) 2021-03-30 09:20:31 +02:00
85e691a0a2 Don't store journald logs to disk
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
As they are already stored on disk by rsyslog.
2021-03-30 07:46:06 +02:00
606df65535 Cleanup logrotate role 2021-03-30 07:45:52 +02:00
3030d3bfab Fix typo: use 'Reload' instead of 'Restart' 2021-03-30 07:42:46 +02:00
f59d9ee6f0 WIP: add logrotate config for rsyslog-managed files 2021-03-30 06:01:43 +02:00
jeltz
6d74f04db4 Merge pull request 'Better distribution of backups over time' (#49) from backups into master
Reviewed-on: Aurore/ansible#49
2021-03-24 02:12:53 +01:00
21eaeb2d42 Better distribution of backups over time 2021-03-24 02:10:11 +01:00
jeltz
789c11c3e3 Merge pull request 'Cleanup borgmatic related roles' (#47) from backups into master
Reviewed-on: Aurore/ansible#47
2021-03-18 22:19:39 +01:00
a1533b7efd Fix issues for installing radius-rives (baq package for postgresql-client) 2021-03-17 20:41:46 +01:00
f662e4bd47 Remove bullseye for radius role. Add the oid for temperature of ups 2021-03-16 21:13:45 +01:00
3000f46c46 Randomize borgmatic timer 2021-03-16 15:05:29 +01:00
8524b9fa99 Fix typo 2021-03-16 14:13:12 +01:00
37582abfe1 Remove useless tasks from borgmatic_client 2021-03-16 13:47:14 +01:00
96a498c6de Break long lines in borgmatic.service unit 2021-03-16 13:46:46 +01:00
1be92bad62 Log source port for NGinx 2021-03-16 09:43:13 +01:00
01bca6597d Run borgmatic every hour 2021-03-16 09:38:51 +01:00
21a3d5af2a Add bullseye support in 'prometheus_node' 2021-03-15 10:50:40 +01:00
jeltz
4305a60639 Merge pull request 'Backups with borg and borgmatic' (#39) from backups into master
Reviewed-on: Aurore/ansible#39
2021-03-15 07:53:33 +01:00
3f3f688da4 Use 'present' instead of 'latest' (ansible-lint) 2021-03-15 07:51:48 +01:00
6713b550b6 Merge branch 'master' into backups 2021-03-15 07:50:11 +01:00
cb3ec07121 Use 'inventory_hostname' instead of 'ansible_fqdn'
While 'ansible_fdqn' can be changed by a compromised host,
'inventory_hostname' can't (hopefully).

It should therefore no longer be possible for the said host to access
the backups of another host.
2021-03-15 07:25:09 +01:00
243ec1fe9d [borgbackup_client] VaRi0u5 f1X3s 2021-03-15 01:04:42 +01:00
f15b222cdc Allow root to log as postgres 2021-03-14 23:45:36 +01:00
7480a7c565 [borgbackup_client] precedence rules and sain defaults for borg config 2021-03-14 22:02:34 +01:00
b14b359027 [borgbackup_client] add exlude path to conf 2021-03-14 19:21:15 +01:00
33a1ec02f3 [borgbackup_client] update config directory to be homogeneous 2021-03-14 19:07:02 +01:00
ebfc4f2a26 [borgbackup_client] do update cache 2021-03-14 19:03:44 +01:00
86f8b31159 Delegate facts for borgbackup_client 2021-03-14 18:44:13 +01:00
d9f1104309 Move id_remote to /etc/borgmatic 2021-03-14 18:42:26 +01:00
c6cae75031 [borgbackup_server] fix /borg permissions 2021-03-14 18:29:33 +01:00
46d10022ea [borgbackup_client] fix rentention date to int and list correctly source directories 2021-03-14 18:24:36 +01:00
ff750c5b63 [borgbackup_client] remove 1 minute sleep and fix verbosity 2021-03-14 18:23:44 +01:00
2651432582 [WIP] various fixes 2021-03-14 18:22:52 +01:00
d928c7f7f0 [borgbackup_client] rename variable correclty 2021-03-14 16:11:40 +01:00
021a5ef1e8 [borgbackup_client] various fixes for ssh keys 2021-03-14 16:11:18 +01:00
c99b611b8f Various fixes 2021-03-14 14:17:36 +01:00
8112788396 [borgbackup_client] Add 'user:' in authorized_key 2021-03-14 13:18:30 +01:00
2f2f71422f [borgbackup_client] Move some handlers to tasks 2021-03-14 13:16:08 +01:00
637b74a2ad Fix some linter issues 2021-03-13 05:05:30 +01:00
f45cd77510 Merge branch 'master' into logs-first-phase 2021-03-13 05:02:30 +01:00
f6e1949c21 Adding master VM for Rives and adapt radius role for bullseye
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-12 12:29:52 +01:00
965bbe62a4 [borgbackup_client] configure encryption passphrase and storage 2021-03-12 01:46:35 +01:00
3f8ffbe164 [borgbackup_client] Add borg username and group defaults 2021-03-12 00:01:11 +01:00
531f7593d2 [borgbackup_client] fix identation
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-11 23:37:55 +01:00
313314a674 [borgbackup_client] fix risky file permission on apt config for pinning version 2021-03-11 23:36:27 +01:00
4642395330 [borgbackup_client] Add initial role defintion
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-11 23:29:57 +01:00
f0f56ecd3f Fix linter-related issues
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-11 20:15:35 +01:00
db8dbb6c7a Add borgbackup_server role 2021-03-11 20:08:41 +01:00
jeltz
2a6c2b30de Merge pull request 'Rôle pour motd' (#38) from update_motd into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#38
2021-03-11 19:34:41 +01:00
6125856c60 Merge branch 'monitoring_ups'
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-11 14:06:38 +01:00
d233fc2759 Update of threesold for warning battery 2021-03-11 13:23:15 +01:00
6095d9cef9 Add 'no_log' for postgres passwords
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 18:18:08 +01:00
d16f444130 Use a dict for HBA hosts
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 15:59:21 +01:00
4f6eda8329 Use /run instead of /var/run to please systemd 2021-03-10 15:57:19 +01:00
628e11488d Switch postgresql to english 2021-03-10 15:22:01 +01:00
bd05b702bb Use '::' in place of '[::]' 2021-03-10 15:19:39 +01:00
06b54d5f89 Use postgresql_privs
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 14:27:14 +01:00
40eadf802c Add template and no_log for postgresql_user
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 13:58:40 +01:00
8e855d7009 Listen addresses must be quoted
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 13:36:10 +01:00
7a07155237 Install python3-psycopg2 (required by Ansible)
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 13:35:18 +01:00
36b04239fd Rename 'postgresql_db' to 'postgresql_databases' 2021-03-10 13:34:58 +01:00
f919ec689a Fix 'ansible_header' → 'ansible_managed'
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 13:25:36 +01:00
9ef6202fdf Add configuration for users and databases
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 13:23:52 +01:00
bbf4ac323c Moniroting of ups environmental temperature 2021-03-10 12:55:11 +01:00
8b9bef865e postgresql listen on pseudo-address
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 12:26:18 +01:00
dbbaf0d26d remove tailling whitespaces
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 12:11:02 +01:00
a4c393d3fb fix yaml ci truthy value
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 12:10:06 +01:00
d14306a86c fix syntax for CI
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 12:08:05 +01:00
a625a58ddd create role postgresql_server
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 12:01:32 +01:00
2c0727a419 Update the list of packages installed via baseconfig
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-07 21:41:42 +01:00
jeltz
41779fb172 Merge pull request 'Add backup root SSH keys' (#27) from add-ssh-keys into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#27
2021-03-07 21:30:38 +01:00
deb4372588 Merge branch 'master' into add-ssh-keys
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-07 21:29:57 +01:00
929baa300f Use 'update_motd' in 'prometheus_federate' (again)
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-06 04:48:39 +01:00
71ee06c9c0 Fix typo
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-06 04:45:00 +01:00
bc2701d8ba Use 'update_motd' in 'prometheus_federate'
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-06 04:43:09 +01:00
2353589da6 Ensures /etc/update-motd.d exists 2021-03-06 04:42:21 +01:00
1d0200a1f0 Use 'update_motd' in 'prometheus' 2021-03-06 04:32:06 +01:00
b81600aef8 Use 'update_motd' in 'baseconfig' 2021-03-06 04:31:20 +01:00
7e92fdfab7 Create an 'update_motd' role 2021-03-06 04:30:32 +01:00
cf07de4ec4 Fetch switch_snmp jobs
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-06 02:41:58 +01:00
8abca7916f Add switch_snmp job for prometheus 2021-03-06 01:57:32 +01:00
763cc2eb51 Generate targets_switch_snmp.json 2021-03-06 01:57:08 +01:00
eaa0d2e0fc Fix bad indent in snmp.yml.j2 2021-03-06 01:56:18 +01:00
21fed6ae3f Add useful lookups for switchs interfaces 2021-03-06 00:58:46 +01:00
52124d2cad Cleanup prometheus_federate's prometheus.yml.j2
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-06 00:46:13 +01:00
7d527be1c0 Remove duplicate alerts from 'prometheus-federate' 2021-03-06 00:45:43 +01:00
32669e1fb1 Don't load Django rules prometheus-federate 2021-03-06 00:44:22 +01:00
4ca7ebd144 Add a unique exported label (useful for federation) 2021-03-06 00:40:44 +01:00
802bfcc698 'prometheus-federate' must not retrieve its own federated metrics 2021-03-06 00:38:36 +01:00
958eaa1bcb Use label federated_instance instead of instance
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-05 00:54:44 +01:00
6525508401 Forward journald logs to rsyslog
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-02 01:24:53 +01:00
77a5fdac6f Remove some duplicate logs from syslog.log 2021-03-02 00:56:28 +01:00
529550f594 Don't use 'imjournal' ('imuxsock' is already used)
I still don't understand why it increased the size of the firewall logs
by a factor of 5 to 10, but we don't really need structured logs from
systemd-journald and the author seems to discourage it's use, so I will
not investigate further.
2021-03-02 00:46:16 +01:00
ee041b9ead Use 'simple' instead of 'oneshot' (rotate service) 2021-03-02 00:14:25 +01:00
1f6bfeee23 Fix broadcast address on routeur-aurore
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 20:04:38 +01:00
0f55b90de9 Remove 10.129.0.1 gateway on routeur-aurore-* 2021-03-01 20:04:02 +01:00
b13b22da05 Add ignored destinations for firewall logs
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 19:39:11 +01:00
8f815a30c5 Remove useless date (already added by journald)
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 17:47:12 +01:00
acd5721a5b Fix typos in rotate-remote-logs.service.j2 2021-03-01 17:45:17 +01:00
9547868c7d Send nginx logs to local syslog
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 17:40:05 +01:00
cdb9f88614 Do not rate limit collection of journald logs
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 16:31:52 +01:00
9eeb8ccd73 Remove non-Ansible SSH root keys
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-01 16:08:08 +01:00
9252249d18 Use 'true' instead of 'yes'
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 04:15:54 +01:00
e4b58c0bf4 Fix typo in 20-collector.conf.j2
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 04:07:17 +01:00
c65b3f090b Compress and delete old remote logs
Some checks failed
continuous-integration/drone/push Build is failing
Logrotate is not used because I didn't found an easy way to configure it
to handle the compression/deletion of log files already rotated by
rsyslog (it is probably possible, but I found the script to be easier).
2021-03-01 03:58:58 +01:00
f7183095c1 Add explicit permissions for directories
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 02:26:22 +01:00
ba8b4e8c29 Fix the ordering of rsyslog.d files
Some checks failed
continuous-integration/drone/push Build is failing
A call to sendLogsToRemote for logs received through RELP/UDP has
been added (to send them to Logstash/Redis/…), so common.conf's prefix
must be lower than collector.conf's.

Note: future "third-party" config files will also call sendLogsToRemote
and thus will also have to use a prefix higher than 10.
2021-03-01 02:15:28 +01:00
7fd1b5ff5d Add rsyslog_collector role 2021-03-01 01:27:56 +01:00
6263c31785 Add rsyslog_common role 2021-03-01 01:27:30 +01:00
ba6da939ab
[certbot] Fix certificates for auro.re
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-24 13:57:59 +01:00
ae151321db
[nginx/certbot] Clone roles from Crans
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-24 11:46:37 +01:00
d7d0676f5e Remove .save file; remove fo fleming prometheus
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-02-18 17:53:15 +01:00
74c30b81df Merge branch 'master' into Global_monitoring
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-02-17 19:41:06 +01:00
b278b02bc2 Remove percentage sign for load alert
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-17 19:37:33 +01:00
0b90c9944b Fix CI warning from last commit
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-17 18:15:31 +01:00
61001e09f5 Add alert for load usage
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-17 18:08:39 +01:00
a5b4deacee Rename federate role; update of alerts of federate prometheus; update of configuration of federate prometheus
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-17 17:42:24 +01:00
5b2580056d 🐛 Final fix, should stop sending ill-formed mail from now on
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-16 18:10:39 +01:00
f607a76ec8 🐛 Fix a small bug. Postfix does not accept trailing comments
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-16 13:13:26 +01:00
3fceeff74f Fix ansible lint for rule [208] always specify mode and owner for template
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-16 02:47:04 +01:00
3925e32188 Repect ansible-lint [106] for role names 2021-02-16 02:45:35 +01:00
69d732e612 Fix case 2021-02-16 02:42:08 +01:00
ab3659adc2 Also config hostname just in case 2021-02-16 02:32:46 +01:00
1ca75ccfb0 Add postfix non mailhost conf 2021-02-16 02:22:41 +01:00
f08b11445d Add postfix non mailhost task 2021-02-16 02:15:52 +01:00
a9b03aed82 Add postfix non mailhost handlers 2021-02-16 02:02:15 +01:00
6ec449c3b3 Fix restarting prometheus snmp (not installed)
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-10 20:43:43 +01:00
d8924abe66 Add prometheus-federate role 2021-02-10 20:42:37 +01:00
4308bedf8f Monitoring of docker containers 2021-02-10 19:06:28 +01:00
bd5b88c4fc Correcting format of percentage
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2021-02-08 18:22:08 +01:00
428b6f5733 Correcting grafana stats for wireless 2021-02-08 13:57:32 +01:00
8bfe83f73c Adaptation of UPS alerts 2021-02-08 13:52:17 +01:00
faf5fc7362 fix re2o-service -> re2o_service role name
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-02-07 17:39:04 +01:00
e6b853a552 fix role name 2021-02-07 17:33:29 +01:00
679daa633f Fix ansible lint 2021-02-07 17:32:44 +01:00
1e136e3736 Remove rules from warn list when it is not needed 2021-02-07 17:31:21 +01:00
ynerant
f9e83e514e Merge pull request 'Captive portal' (#11) from accueil into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#11
2021-02-05 20:39:50 +01:00
0e224df41f
Install ipset on each router
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:26 +01:00
c527ce16b0
Use good output interface for the main router
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
a82edc3e24
Firewall configuration without MASQUERADE
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
bbac76023c
Update masquerade configuration for the captive portal
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
7e4a2d20c0
Clone nginx role from Crans
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
889cb764c1
Clone certbot role from Crans
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
154cbedec2
Deploy firewall config for the captive portal
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
9bd06520fb
Add reverse-proxy for Re2o on the portal VM
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
e02670afb0
Les caches unbound renvoie les addresses en 10/8 2021-02-05 20:38:50 +01:00
a7b073e1cc
Add captive portal firewall configuration
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:38:50 +01:00
89ebbd423e
Use the local firewall repository
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:38:50 +01:00
5a09b77070
Resolve DNS for the accueil vlan
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:38:49 +01:00
5fc2d0a3f9
Ajout d'accueil dans keepalived 2021-02-05 20:38:49 +01:00
7cdef7ee96
Fix: keep the logs for 90 days 2021-02-05 20:38:49 +01:00
3eb48edccd
Tmux everywhere
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-02 23:17:47 +01:00
otthorn
f6c9208a41 Merge pull request 'Limit floats in alerts to 2 decimal places' (#5) from human_readable_altermanager into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#5
2021-01-29 20:48:43 +01:00
otthorn
c9352fb9ab Merge pull request 'Use unattended-upgrades for Debian-Security' (#4) from unattended into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#4
2021-01-29 20:42:24 +01:00
otthorn
a8af3c9c72 Merge branch 'master' into monitoring_pdu
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-29 20:29:28 +01:00
eecf807b53 Delte main.yml.save
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-29 20:15:21 +01:00
a12bcbc97f Correct yamlint
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-29 20:12:14 +01:00
6ec89b88d8 Limit floats in alerts to 2 decimal places
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-29 19:33:38 +01:00
d59cb41d5e Use unattended-upgrades for Debian-Security
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-28 03:42:07 +01:00
e3ae912f44 Add prometheus-aurore to monitor all service VM and physical servers. Modifying monitoring role to exclude wireless access points when running the role on all hosts
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-23 22:10:57 +01:00
bac377f634 Update alert rules of UPS
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-23 19:01:27 +01:00
fff6ec5807 fix typo: restart -> reload
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-23 16:04:09 +01:00
795ee3846f fix indent 2021-01-23 16:02:10 +01:00
e6af0f2bd7 fix typo: groupe -> group
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2021-01-23 15:59:03 +01:00
e1a961273d fix typo: dst -> dest
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2021-01-23 15:42:52 +01:00
73142dbe03 Fix yaml syntax
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-23 14:41:25 +01:00
43274ef2ec Add the ansible_managed var at the begining of the config file 2021-01-23 14:40:29 +01:00
66c2ff6305 full path to logrotate for command 2021-01-23 14:37:18 +01:00
05326c15d3 Enforce logrotate rules 2021-01-23 14:27:09 +01:00
ddd69e04c0 create logrotate role 2021-01-23 14:25:35 +01:00
c7a3495ae5 Alert rules for UPS
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-22 12:16:36 +01:00
40d3c22276 Setup config snmp for Prometheus, to monitore Aurore's PDU
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-21 21:26:40 +01:00
f0e3bd78c9 use command instead of shell when you don't need sh features (pipes, env, etc...)
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-19 23:27:17 +01:00
4a57dad8a6 use handlers
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-19 23:19:25 +01:00
facfe3c169 Attempt to fix ansible lint
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-17 18:21:29 +01:00
ee1726589a Linter should pass now!
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-17 17:06:59 +01:00
0364006062
Install curl and net-tools by default
Some checks failed
continuous-integration/drone/push Build is failing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-01-17 12:13:30 +01:00
02e4e7d48f
Sort APT packages
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-01-17 12:12:53 +01:00
078d141236 Add task to remove smartmontools of the VM
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-08 22:43:18 +01:00
07f9ee1fbb yes -> true to please yaml linter (truthy)
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-07 11:21:53 +01:00
37e3fe2231 Add ldap replica rives
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-09 18:53:47 +01:00
b232d6b40b Renommage re2o_service en re2o-service 2020-11-09 18:10:34 +01:00
chirac
8bf080dbf7 Fix radius permission bug 2020-11-08 18:50:38 +01:00
chirac
5b56f9cfc9 Revert "Use command instead of shell"
This reverts commit 0f9169284f.
2020-11-08 18:13:21 +01:00
Yohann D'ANELLO
24ab53675a Automatically renew certificates if a new domain was added 2020-11-04 23:58:27 +01:00
Yohann D'ANELLO
03d48a2d82 Add possibility to configure port forwarding, like SSH for Gitea 2020-11-04 23:49:35 +01:00
Yohann D'ANELLO
ac7696c81f User cerbot-nginx to create certificates 2020-11-04 23:07:51 +01:00
Yohann D'ANELLO
f9b7e052b9 Store reverse proxy data in proxy host vars 2020-11-04 22:38:54 +01:00
Yohann D'ANELLO
26427665f3 Fix indentation 2020-11-04 20:11:31 +01:00
Yohann D'ANELLO
9505e87113 Use true instead of yes 2020-11-04 20:00:35 +01:00
Yohann D'ANELLO
0f9169284f Use command instead of shell 2020-11-04 19:49:49 +01:00
Yohann D'ANELLO
4c8e05e08f Use underscore instead of dashes 2020-11-04 19:36:40 +01:00
Yohann D'ANELLO
9b8dee098e Always set file permissions 2020-11-04 19:31:50 +01:00
Yohann D'ANELLO
3c405db661 Add Drone 2020-11-04 00:29:31 +01:00
Yohann D'ANELLO
2a6c005190 Replace ansible_header by ansible_managed 2020-11-03 23:29:30 +01:00
chirac
518560b392 Add new ldap replica at ovh 2020-11-03 14:21:26 +01:00