Commit graph

405 commits

Author SHA1 Message Date
8f815a30c5 Remove useless date (already added by journald)
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 17:47:12 +01:00
acd5721a5b Fix typos in rotate-remote-logs.service.j2 2021-03-01 17:45:17 +01:00
9547868c7d Send nginx logs to local syslog
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 17:40:05 +01:00
cdb9f88614 Do not rate limit collection of journald logs
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 16:31:52 +01:00
9eeb8ccd73 Remove non-Ansible SSH root keys
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-01 16:08:08 +01:00
9252249d18 Use 'true' instead of 'yes'
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 04:15:54 +01:00
e4b58c0bf4 Fix typo in 20-collector.conf.j2
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 04:07:17 +01:00
c65b3f090b Compress and delete old remote logs
Some checks failed
continuous-integration/drone/push Build is failing
Logrotate is not used because I didn't found an easy way to configure it
to handle the compression/deletion of log files already rotated by
rsyslog (it is probably possible, but I found the script to be easier).
2021-03-01 03:58:58 +01:00
f7183095c1 Add explicit permissions for directories
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 02:26:22 +01:00
ba8b4e8c29 Fix the ordering of rsyslog.d files
Some checks failed
continuous-integration/drone/push Build is failing
A call to sendLogsToRemote for logs received through RELP/UDP has
been added (to send them to Logstash/Redis/…), so common.conf's prefix
must be lower than collector.conf's.

Note: future "third-party" config files will also call sendLogsToRemote
and thus will also have to use a prefix higher than 10.
2021-03-01 02:15:28 +01:00
7fd1b5ff5d Add rsyslog_collector role 2021-03-01 01:27:56 +01:00
6263c31785 Add rsyslog_common role 2021-03-01 01:27:30 +01:00
ba6da939ab
[certbot] Fix certificates for auro.re
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-24 13:57:59 +01:00
ae151321db
[nginx/certbot] Clone roles from Crans
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-24 11:46:37 +01:00
d7d0676f5e Remove .save file; remove fo fleming prometheus
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-02-18 17:53:15 +01:00
74c30b81df Merge branch 'master' into Global_monitoring
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-02-17 19:41:06 +01:00
b278b02bc2 Remove percentage sign for load alert
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-17 19:37:33 +01:00
0b90c9944b Fix CI warning from last commit
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-17 18:15:31 +01:00
61001e09f5 Add alert for load usage
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-17 18:08:39 +01:00
a5b4deacee Rename federate role; update of alerts of federate prometheus; update of configuration of federate prometheus
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-17 17:42:24 +01:00
5b2580056d 🐛 Final fix, should stop sending ill-formed mail from now on
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-16 18:10:39 +01:00
f607a76ec8 🐛 Fix a small bug. Postfix does not accept trailing comments
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-16 13:13:26 +01:00
3fceeff74f Fix ansible lint for rule [208] always specify mode and owner for template
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-16 02:47:04 +01:00
3925e32188 Repect ansible-lint [106] for role names 2021-02-16 02:45:35 +01:00
69d732e612 Fix case 2021-02-16 02:42:08 +01:00
ab3659adc2 Also config hostname just in case 2021-02-16 02:32:46 +01:00
1ca75ccfb0 Add postfix non mailhost conf 2021-02-16 02:22:41 +01:00
f08b11445d Add postfix non mailhost task 2021-02-16 02:15:52 +01:00
a9b03aed82 Add postfix non mailhost handlers 2021-02-16 02:02:15 +01:00
6ec449c3b3 Fix restarting prometheus snmp (not installed)
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-10 20:43:43 +01:00
d8924abe66 Add prometheus-federate role 2021-02-10 20:42:37 +01:00
4308bedf8f Monitoring of docker containers 2021-02-10 19:06:28 +01:00
bd5b88c4fc Correcting format of percentage
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2021-02-08 18:22:08 +01:00
428b6f5733 Correcting grafana stats for wireless 2021-02-08 13:57:32 +01:00
8bfe83f73c Adaptation of UPS alerts 2021-02-08 13:52:17 +01:00
faf5fc7362 fix re2o-service -> re2o_service role name
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-02-07 17:39:04 +01:00
e6b853a552 fix role name 2021-02-07 17:33:29 +01:00
679daa633f Fix ansible lint 2021-02-07 17:32:44 +01:00
1e136e3736 Remove rules from warn list when it is not needed 2021-02-07 17:31:21 +01:00
ynerant
f9e83e514e Merge pull request 'Captive portal' (#11) from accueil into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#11
2021-02-05 20:39:50 +01:00
0e224df41f
Install ipset on each router
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:26 +01:00
c527ce16b0
Use good output interface for the main router
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
a82edc3e24
Firewall configuration without MASQUERADE
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
bbac76023c
Update masquerade configuration for the captive portal
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
7e4a2d20c0
Clone nginx role from Crans
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
889cb764c1
Clone certbot role from Crans
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
154cbedec2
Deploy firewall config for the captive portal
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
9bd06520fb
Add reverse-proxy for Re2o on the portal VM
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
e02670afb0
Les caches unbound renvoie les addresses en 10/8 2021-02-05 20:38:50 +01:00
a7b073e1cc
Add captive portal firewall configuration
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:38:50 +01:00
89ebbd423e
Use the local firewall repository
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:38:50 +01:00
5a09b77070
Resolve DNS for the accueil vlan
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:38:49 +01:00
5fc2d0a3f9
Ajout d'accueil dans keepalived 2021-02-05 20:38:49 +01:00
7cdef7ee96
Fix: keep the logs for 90 days 2021-02-05 20:38:49 +01:00
3eb48edccd
Tmux everywhere
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-02 23:17:47 +01:00
otthorn
f6c9208a41 Merge pull request 'Limit floats in alerts to 2 decimal places' (#5) from human_readable_altermanager into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#5
2021-01-29 20:48:43 +01:00
otthorn
c9352fb9ab Merge pull request 'Use unattended-upgrades for Debian-Security' (#4) from unattended into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#4
2021-01-29 20:42:24 +01:00
otthorn
a8af3c9c72 Merge branch 'master' into monitoring_pdu
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-29 20:29:28 +01:00
eecf807b53 Delte main.yml.save
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-29 20:15:21 +01:00
a12bcbc97f Correct yamlint
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-29 20:12:14 +01:00
6ec89b88d8 Limit floats in alerts to 2 decimal places
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-29 19:33:38 +01:00
d59cb41d5e Use unattended-upgrades for Debian-Security
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-28 03:42:07 +01:00
e3ae912f44 Add prometheus-aurore to monitor all service VM and physical servers. Modifying monitoring role to exclude wireless access points when running the role on all hosts
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-23 22:10:57 +01:00
bac377f634 Update alert rules of UPS
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-23 19:01:27 +01:00
fff6ec5807 fix typo: restart -> reload
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-23 16:04:09 +01:00
795ee3846f fix indent 2021-01-23 16:02:10 +01:00
e6af0f2bd7 fix typo: groupe -> group
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2021-01-23 15:59:03 +01:00
e1a961273d fix typo: dst -> dest
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2021-01-23 15:42:52 +01:00
73142dbe03 Fix yaml syntax
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-23 14:41:25 +01:00
43274ef2ec Add the ansible_managed var at the begining of the config file 2021-01-23 14:40:29 +01:00
66c2ff6305 full path to logrotate for command 2021-01-23 14:37:18 +01:00
05326c15d3 Enforce logrotate rules 2021-01-23 14:27:09 +01:00
ddd69e04c0 create logrotate role 2021-01-23 14:25:35 +01:00
c7a3495ae5 Alert rules for UPS
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-22 12:16:36 +01:00
40d3c22276 Setup config snmp for Prometheus, to monitore Aurore's PDU
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-21 21:26:40 +01:00
f0e3bd78c9 use command instead of shell when you don't need sh features (pipes, env, etc...)
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-19 23:27:17 +01:00
4a57dad8a6 use handlers
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-19 23:19:25 +01:00
facfe3c169 Attempt to fix ansible lint
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-17 18:21:29 +01:00
ee1726589a Linter should pass now!
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-17 17:06:59 +01:00
0364006062
Install curl and net-tools by default
Some checks failed
continuous-integration/drone/push Build is failing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-01-17 12:13:30 +01:00
02e4e7d48f
Sort APT packages
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-01-17 12:12:53 +01:00
078d141236 Add task to remove smartmontools of the VM
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-08 22:43:18 +01:00
07f9ee1fbb yes -> true to please yaml linter (truthy)
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-07 11:21:53 +01:00
37e3fe2231 Add ldap replica rives
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-09 18:53:47 +01:00
b232d6b40b Renommage re2o_service en re2o-service 2020-11-09 18:10:34 +01:00
chirac
8bf080dbf7 Fix radius permission bug 2020-11-08 18:50:38 +01:00
chirac
5b56f9cfc9 Revert "Use command instead of shell"
This reverts commit 0f9169284f.
2020-11-08 18:13:21 +01:00
Yohann D'ANELLO
24ab53675a Automatically renew certificates if a new domain was added 2020-11-04 23:58:27 +01:00
Yohann D'ANELLO
03d48a2d82 Add possibility to configure port forwarding, like SSH for Gitea 2020-11-04 23:49:35 +01:00
Yohann D'ANELLO
ac7696c81f User cerbot-nginx to create certificates 2020-11-04 23:07:51 +01:00
Yohann D'ANELLO
f9b7e052b9 Store reverse proxy data in proxy host vars 2020-11-04 22:38:54 +01:00
Yohann D'ANELLO
26427665f3 Fix indentation 2020-11-04 20:11:31 +01:00
Yohann D'ANELLO
9505e87113 Use true instead of yes 2020-11-04 20:00:35 +01:00
Yohann D'ANELLO
0f9169284f Use command instead of shell 2020-11-04 19:49:49 +01:00
Yohann D'ANELLO
4c8e05e08f Use underscore instead of dashes 2020-11-04 19:36:40 +01:00
Yohann D'ANELLO
9b8dee098e Always set file permissions 2020-11-04 19:31:50 +01:00
Yohann D'ANELLO
3c405db661 Add Drone 2020-11-04 00:29:31 +01:00
Yohann D'ANELLO
2a6c005190 Replace ansible_header by ansible_managed 2020-11-03 23:29:30 +01:00
chirac
518560b392 Add new ldap replica at ovh 2020-11-03 14:21:26 +01:00
chirac
a213e18d9c Update Ldap priority 2020-11-02 17:25:38 +01:00