1908deee9c
fix CI
continuous-integration/drone/push Build is failing
2021-04-12 10:01:39 +02:00
e2b1f8eae5
Allow root to connect using peer authentication
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-11 22:08:11 +02:00
6c64bb214c
fix CI
continuous-integration/drone/push Build is failing
2021-04-11 22:01:21 +02:00
764f0f106d
Install postgres exporter when it is bullseye or buster
continuous-integration/drone/push Build is failing
2021-04-11 21:38:29 +02:00
c48fe1ae17
7% rollback for the warning
2021-04-11 20:57:53 +02:00
304437da97
Remove .save file
2021-04-11 20:56:40 +02:00
9d18ebb7f1
Fix docker rules
continuous-integration/drone/push Build is failing
2021-04-11 17:18:32 +02:00
6775d9ecde
Add docker rules
2021-04-11 16:43:34 +02:00
9ebdf15bb9
Splite alerts on some files
2021-04-11 15:58:35 +02:00
dd48302585
Configure Prometheus and Prometheus federate to scrape Postgres Exporter
continuous-integration/drone/push Build is failing
2021-04-10 18:01:55 +02:00
45041be2ab
Install postgres exporter
2021-04-10 17:29:50 +02:00
jeltz
6b2bc60589
Merge branch 'master' into add_rives_vm_master
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-06 19:37:57 +02:00
91817b324c
Increase the alert threshold for temperatures
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-04-03 08:04:10 +02:00
1c3127dbbe
Add more node-exporter alerts
...
continuous-integration/drone/push Build is passing
Source: https://awesome-prometheus-alerts.grep.to/rules.html
2021-04-02 22:55:51 +02:00
f80435cb31
Differentiate alerts for servers and Wi-Fi APs
continuous-integration/drone/push Build is passing
2021-04-02 21:54:38 +02:00
06f101527d
Use a dynamic interval for UPS output voltage alerts
continuous-integration/drone/push Build is passing
2021-04-02 13:57:34 +02:00
83f5b35e59
Fix a filename typo
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-04-01 18:24:21 +02:00
35286a661a
Change an alert description
2021-04-01 18:24:03 +02:00
11335a6077
Fix typo in alert description
continuous-integration/drone/push Build is passing
2021-04-01 18:15:22 +02:00
083fc4da9a
Fix permissions on prometheus.yml
2021-04-01 18:15:09 +02:00
a743ce09fb
Move templates of the prometheus_federate role
continuous-integration/drone/push Build is passing
2021-04-01 09:42:54 +02:00
bc35cd8e90
Move templates of the prometheus role
2021-04-01 09:40:22 +02:00
5bcc428895
Remove 'instance' from description and fix typos
2021-04-01 09:36:11 +02:00
eeaf0f8486
Fix syntax errors
continuous-integration/drone/push Build is passing
2021-04-01 06:02:40 +02:00
e247aa3f70
Uniform labels for alerts
2021-04-01 05:21:08 +02:00
jeltz
424aa80d8f
Merge pull request 'Use update_motd everywhere' ( #44 ) from use_update_motd_everywhere into master
...
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#44
2021-03-30 10:12:14 +02:00
ac05da7173
Use update_motd everywhere
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-30 10:08:21 +02:00
dff0d9922c
Store log.adm.auro.re local logs in /var/log/remote
2021-03-30 10:06:25 +02:00
dd274891a5
resolve conflicts
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-30 09:30:06 +02:00
2952c39f70
Fix issues for installing radius-rives (baq package for postgresql-client)
2021-03-30 09:20:31 +02:00
85e691a0a2
Don't store journald logs to disk
...
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
As they are already stored on disk by rsyslog.
2021-03-30 07:46:06 +02:00
606df65535
Cleanup logrotate role
2021-03-30 07:45:52 +02:00
3030d3bfab
Fix typo: use 'Reload' instead of 'Restart'
2021-03-30 07:42:46 +02:00
f59d9ee6f0
WIP: add logrotate config for rsyslog-managed files
2021-03-30 06:01:43 +02:00
jeltz
6d74f04db4
Merge pull request 'Better distribution of backups over time' ( #49 ) from backups into master
...
Reviewed-on: Aurore/ansible#49
2021-03-24 02:12:53 +01:00
21eaeb2d42
Better distribution of backups over time
2021-03-24 02:10:11 +01:00
jeltz
789c11c3e3
Merge pull request 'Cleanup borgmatic related roles' ( #47 ) from backups into master
...
Reviewed-on: Aurore/ansible#47
2021-03-18 22:19:39 +01:00
a1533b7efd
Fix issues for installing radius-rives (baq package for postgresql-client)
2021-03-17 20:41:46 +01:00
f662e4bd47
Remove bullseye for radius role. Add the oid for temperature of ups
2021-03-16 21:13:45 +01:00
3000f46c46
Randomize borgmatic timer
2021-03-16 15:05:29 +01:00
8524b9fa99
Fix typo
2021-03-16 14:13:12 +01:00
37582abfe1
Remove useless tasks from borgmatic_client
2021-03-16 13:47:14 +01:00
96a498c6de
Break long lines in borgmatic.service unit
2021-03-16 13:46:46 +01:00
1be92bad62
Log source port for NGinx
2021-03-16 09:43:13 +01:00
01bca6597d
Run borgmatic every hour
2021-03-16 09:38:51 +01:00
21a3d5af2a
Add bullseye support in 'prometheus_node'
2021-03-15 10:50:40 +01:00
jeltz
4305a60639
Merge pull request 'Backups with borg and borgmatic' ( #39 ) from backups into master
...
Reviewed-on: Aurore/ansible#39
2021-03-15 07:53:33 +01:00
3f3f688da4
Use 'present' instead of 'latest' (ansible-lint)
2021-03-15 07:51:48 +01:00
6713b550b6
Merge branch 'master' into backups
2021-03-15 07:50:11 +01:00
cb3ec07121
Use 'inventory_hostname' instead of 'ansible_fqdn'
...
While 'ansible_fdqn' can be changed by a compromised host,
'inventory_hostname' can't (hopefully).
It should therefore no longer be possible for the said host to access
the backups of another host.
2021-03-15 07:25:09 +01:00
243ec1fe9d
[borgbackup_client] VaRi0u5 f1X3s
2021-03-15 01:04:42 +01:00
f15b222cdc
Allow root to log as postgres
2021-03-14 23:45:36 +01:00
7480a7c565
[borgbackup_client] precedence rules and sain defaults for borg config
2021-03-14 22:02:34 +01:00
b14b359027
[borgbackup_client] add exlude path to conf
2021-03-14 19:21:15 +01:00
33a1ec02f3
[borgbackup_client] update config directory to be homogeneous
2021-03-14 19:07:02 +01:00
ebfc4f2a26
[borgbackup_client] do update cache
2021-03-14 19:03:44 +01:00
86f8b31159
Delegate facts for borgbackup_client
2021-03-14 18:44:13 +01:00
d9f1104309
Move id_remote to /etc/borgmatic
2021-03-14 18:42:26 +01:00
c6cae75031
[borgbackup_server] fix /borg permissions
2021-03-14 18:29:33 +01:00
46d10022ea
[borgbackup_client] fix rentention date to int and list correctly source directories
2021-03-14 18:24:36 +01:00
ff750c5b63
[borgbackup_client] remove 1 minute sleep and fix verbosity
2021-03-14 18:23:44 +01:00
2651432582
[WIP] various fixes
2021-03-14 18:22:52 +01:00
d928c7f7f0
[borgbackup_client] rename variable correclty
2021-03-14 16:11:40 +01:00
021a5ef1e8
[borgbackup_client] various fixes for ssh keys
2021-03-14 16:11:18 +01:00
c99b611b8f
Various fixes
2021-03-14 14:17:36 +01:00
8112788396
[borgbackup_client] Add 'user:' in authorized_key
2021-03-14 13:18:30 +01:00
2f2f71422f
[borgbackup_client] Move some handlers to tasks
2021-03-14 13:16:08 +01:00
637b74a2ad
Fix some linter issues
2021-03-13 05:05:30 +01:00
f45cd77510
Merge branch 'master' into logs-first-phase
2021-03-13 05:02:30 +01:00
f6e1949c21
Adding master VM for Rives and adapt radius role for bullseye
continuous-integration/drone/push Build is failing
2021-03-12 12:29:52 +01:00
965bbe62a4
[borgbackup_client] configure encryption passphrase and storage
2021-03-12 01:46:35 +01:00
3f8ffbe164
[borgbackup_client] Add borg username and group defaults
2021-03-12 00:01:11 +01:00
531f7593d2
[borgbackup_client] fix identation
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-11 23:37:55 +01:00
313314a674
[borgbackup_client] fix risky file permission on apt config for pinning version
2021-03-11 23:36:27 +01:00
4642395330
[borgbackup_client] Add initial role defintion
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-11 23:29:57 +01:00
f0f56ecd3f
Fix linter-related issues
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-11 20:15:35 +01:00
db8dbb6c7a
Add borgbackup_server role
2021-03-11 20:08:41 +01:00
jeltz
2a6c2b30de
Merge pull request 'Rôle pour motd' ( #38 ) from update_motd into master
...
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#38
2021-03-11 19:34:41 +01:00
6125856c60
Merge branch 'monitoring_ups'
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-11 14:06:38 +01:00
d233fc2759
Update of threesold for warning battery
2021-03-11 13:23:15 +01:00
6095d9cef9
Add 'no_log' for postgres passwords
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 18:18:08 +01:00
d16f444130
Use a dict for HBA hosts
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 15:59:21 +01:00
4f6eda8329
Use /run instead of /var/run to please systemd
2021-03-10 15:57:19 +01:00
628e11488d
Switch postgresql to english
2021-03-10 15:22:01 +01:00
bd05b702bb
Use '::' in place of '[::]'
2021-03-10 15:19:39 +01:00
06b54d5f89
Use postgresql_privs
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 14:27:14 +01:00
40eadf802c
Add template and no_log for postgresql_user
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 13:58:40 +01:00
8e855d7009
Listen addresses must be quoted
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 13:36:10 +01:00
7a07155237
Install python3-psycopg2 (required by Ansible)
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 13:35:18 +01:00
36b04239fd
Rename 'postgresql_db' to 'postgresql_databases'
2021-03-10 13:34:58 +01:00
f919ec689a
Fix 'ansible_header' → 'ansible_managed'
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 13:25:36 +01:00
9ef6202fdf
Add configuration for users and databases
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 13:23:52 +01:00
bbf4ac323c
Moniroting of ups environmental temperature
2021-03-10 12:55:11 +01:00
8b9bef865e
postgresql listen on pseudo-address
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 12:26:18 +01:00
dbbaf0d26d
remove tailling whitespaces
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 12:11:02 +01:00
a4c393d3fb
fix yaml ci truthy value
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 12:10:06 +01:00
d14306a86c
fix syntax for CI
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 12:08:05 +01:00
a625a58ddd
create role postgresql_server
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 12:01:32 +01:00
2c0727a419
Update the list of packages installed via baseconfig
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-07 21:41:42 +01:00
jeltz
41779fb172
Merge pull request 'Add backup root SSH keys' ( #27 ) from add-ssh-keys into master
...
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#27
2021-03-07 21:30:38 +01:00
deb4372588
Merge branch 'master' into add-ssh-keys
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-07 21:29:57 +01:00
929baa300f
Use 'update_motd' in 'prometheus_federate' (again)
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-06 04:48:39 +01:00
71ee06c9c0
Fix typo
continuous-integration/drone/push Build is failing
2021-03-06 04:45:00 +01:00
bc2701d8ba
Use 'update_motd' in 'prometheus_federate'
continuous-integration/drone/push Build is failing
2021-03-06 04:43:09 +01:00
2353589da6
Ensures /etc/update-motd.d exists
2021-03-06 04:42:21 +01:00
1d0200a1f0
Use 'update_motd' in 'prometheus'
2021-03-06 04:32:06 +01:00
b81600aef8
Use 'update_motd' in 'baseconfig'
2021-03-06 04:31:20 +01:00
7e92fdfab7
Create an 'update_motd' role
2021-03-06 04:30:32 +01:00
cf07de4ec4
Fetch switch_snmp jobs
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-06 02:41:58 +01:00
8abca7916f
Add switch_snmp job for prometheus
2021-03-06 01:57:32 +01:00
763cc2eb51
Generate targets_switch_snmp.json
2021-03-06 01:57:08 +01:00
eaa0d2e0fc
Fix bad indent in snmp.yml.j2
2021-03-06 01:56:18 +01:00
21fed6ae3f
Add useful lookups for switchs interfaces
2021-03-06 00:58:46 +01:00
52124d2cad
Cleanup prometheus_federate's prometheus.yml.j2
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-06 00:46:13 +01:00
7d527be1c0
Remove duplicate alerts from 'prometheus-federate'
2021-03-06 00:45:43 +01:00
32669e1fb1
Don't load Django rules prometheus-federate
2021-03-06 00:44:22 +01:00
4ca7ebd144
Add a unique exported label (useful for federation)
2021-03-06 00:40:44 +01:00
802bfcc698
'prometheus-federate' must not retrieve its own federated metrics
2021-03-06 00:38:36 +01:00
958eaa1bcb
Use label federated_instance instead of instance
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-05 00:54:44 +01:00
6525508401
Forward journald logs to rsyslog
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-02 01:24:53 +01:00
77a5fdac6f
Remove some duplicate logs from syslog.log
2021-03-02 00:56:28 +01:00
529550f594
Don't use 'imjournal' ('imuxsock' is already used)
...
I still don't understand why it increased the size of the firewall logs
by a factor of 5 to 10, but we don't really need structured logs from
systemd-journald and the author seems to discourage it's use, so I will
not investigate further.
2021-03-02 00:46:16 +01:00
ee041b9ead
Use 'simple' instead of 'oneshot' (rotate service)
2021-03-02 00:14:25 +01:00
1f6bfeee23
Fix broadcast address on routeur-aurore
continuous-integration/drone/push Build is failing
2021-03-01 20:04:38 +01:00
0f55b90de9
Remove 10.129.0.1 gateway on routeur-aurore-*
2021-03-01 20:04:02 +01:00
b13b22da05
Add ignored destinations for firewall logs
continuous-integration/drone/push Build is failing
2021-03-01 19:39:11 +01:00
8f815a30c5
Remove useless date (already added by journald)
continuous-integration/drone/push Build is failing
2021-03-01 17:47:12 +01:00
acd5721a5b
Fix typos in rotate-remote-logs.service.j2
2021-03-01 17:45:17 +01:00
9547868c7d
Send nginx logs to local syslog
continuous-integration/drone/push Build is failing
2021-03-01 17:40:05 +01:00
cdb9f88614
Do not rate limit collection of journald logs
continuous-integration/drone/push Build is failing
2021-03-01 16:31:52 +01:00
9eeb8ccd73
Remove non-Ansible SSH root keys
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-01 16:08:08 +01:00
9252249d18
Use 'true' instead of 'yes'
continuous-integration/drone/push Build is failing
2021-03-01 04:15:54 +01:00
e4b58c0bf4
Fix typo in 20-collector.conf.j2
continuous-integration/drone/push Build is failing
2021-03-01 04:07:17 +01:00
c65b3f090b
Compress and delete old remote logs
...
continuous-integration/drone/push Build is failing
Logrotate is not used because I didn't found an easy way to configure it
to handle the compression/deletion of log files already rotated by
rsyslog (it is probably possible, but I found the script to be easier).
2021-03-01 03:58:58 +01:00
f7183095c1
Add explicit permissions for directories
continuous-integration/drone/push Build is failing
2021-03-01 02:26:22 +01:00
ba8b4e8c29
Fix the ordering of rsyslog.d files
...
continuous-integration/drone/push Build is failing
A call to sendLogsToRemote for logs received through RELP/UDP has
been added (to send them to Logstash/Redis/…), so common.conf's prefix
must be lower than collector.conf's.
Note: future "third-party" config files will also call sendLogsToRemote
and thus will also have to use a prefix higher than 10.
2021-03-01 02:15:28 +01:00
7fd1b5ff5d
Add rsyslog_collector role
2021-03-01 01:27:56 +01:00
6263c31785
Add rsyslog_common role
2021-03-01 01:27:30 +01:00
ba6da939ab
[certbot] Fix certificates for auro.re
...
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-24 13:57:59 +01:00
ae151321db
[nginx/certbot] Clone roles from Crans
...
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-24 11:46:37 +01:00
d7d0676f5e
Remove .save file; remove fo fleming prometheus
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-02-18 17:53:15 +01:00
74c30b81df
Merge branch 'master' into Global_monitoring
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-02-17 19:41:06 +01:00
b278b02bc2
Remove percentage sign for load alert
continuous-integration/drone/push Build is failing
2021-02-17 19:37:33 +01:00
0b90c9944b
Fix CI warning from last commit
continuous-integration/drone/push Build is failing
2021-02-17 18:15:31 +01:00
61001e09f5
Add alert for load usage
continuous-integration/drone/push Build is failing
2021-02-17 18:08:39 +01:00
a5b4deacee
Rename federate role; update of alerts of federate prometheus; update of configuration of federate prometheus
continuous-integration/drone/push Build is failing
2021-02-17 17:42:24 +01:00
5b2580056d
🐛 Final fix, should stop sending ill-formed mail from now on
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-16 18:10:39 +01:00
f607a76ec8
🐛 Fix a small bug. Postfix does not accept trailing comments
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-16 13:13:26 +01:00
3fceeff74f
Fix ansible lint for rule [208] always specify mode and owner for template
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-16 02:47:04 +01:00
3925e32188
Repect ansible-lint [106] for role names
2021-02-16 02:45:35 +01:00