Compare commits

..

1 commit

Author SHA1 Message Date
ec2506b9cd
Fix Nginx configuration for captive portal
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-27 09:31:23 +02:00
108 changed files with 1598 additions and 2324 deletions

View file

@ -3,7 +3,9 @@ skip_list:
- load-failure
- document-start
- meta-no-info
- ignore-errors
warn_list:
- experimental # all rules tagged as experimental
exclude_paths:
- group_vars/all/vault.yml

View file

@ -5,7 +5,8 @@ name: check
steps:
- name: ansible and yaml linting
image: quay.io/ansible/toolset:3.5.0
pull: never
image: aurore-ansible-lint-image
commands:
- ansible-lint
...

View file

@ -2,9 +2,8 @@
# Recettes Ansible d'Aurore
Dépendances requises :
* Ansible 2.9 ou plus récent.
Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore.
Pour les utiliser, vérifiez que vous avez au moins Ansible 2.7.
## Ansible 101
@ -89,11 +88,8 @@ On va utiliser plutôt `ProxyJump`.
Dans la configuration SSH :
```
Host *.adm.auro.re *.pve.auro.re
# Accept new host keys
StrictHostKeyChecking accept-new
# Use passerelle to connect to administration VLANs
# Use a proxy jump server to log on all Aurore inventory
Host 10.128.0.* *.adm.auro.re
ProxyJump passerelle.auro.re
```

View file

@ -1,17 +1,38 @@
# Ansible configuration
[defaults]
ask_vault_pass = True
roles_path = ./roles
# Do not create .retry files
retry_files_enabled = False
# Use inventory
inventory = ./hosts
filter_plugins = ./filter_plugins
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S
# Custom header in templates
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S by {uid}
# Do not use cows (with cowsay)
nocows = 1
# Do more parallelism
forks = 15
# Some SSH connection will take time
timeout = 60
remote_user = root
[privilege_escalation]
# Use sudo to get priviledge access
become = True
# Ask for password
become_ask_pass = True
[diff]
# TO know what changed
always = yes
[ssh_connection]
pipelining = True

9
backups.yml Normal file
View file

@ -0,0 +1,9 @@
---
- hosts: perceval.adm.auro.re
roles:
- borgbackup_server
- hosts: all,!unifi,!unifi-*,!wiki.adm.auro.re
roles:
- borgbackup_client
...

View file

@ -5,6 +5,13 @@
roles:
- baseconfig
- basesecurity
# Plug LDAP on all servers
- hosts: all,!unifi
roles:
- ldap_client
# Install logrotate
- hosts: all,!unifi,!pve
roles:
- logrotate
- update_motd

7
bdd.yml Normal file
View file

@ -0,0 +1,7 @@
#!/usr/bin/env ansible-playbook
---
# Install and configure bdd servers at Saclay and at OVH
- hosts: bdd,!re2o-bdd.adm.auro.re,!services-bdd-local.adm.auro.re
roles:
- postgresql_server
...

20
copy-keys.sh Executable file
View file

@ -0,0 +1,20 @@
#!/bin/bash
set -e
# Grab valid unique hostnames from the Ansible inventory.
HOSTS=$(grep -ve '^[#\[]' hosts \
| grep -F adm.auro.re \
| sort -u)
# Ask password
read -s -p "Hello adventurer, what is your LDAP password? " passwd
echo
for host in $HOSTS; do
echo "[+] Handling host $host"
# sshpass can be used for non-interactive password authentication.
# place your password in ldap-password.txt.
SSHPASS=${passwd} sshpass -v -e ssh-copy-id -i ~/.ssh/id_rsa "$host"
done

View file

@ -1,3 +0,0 @@
#!/usr/bin/env bash
# Deploy all playbooks
ansible-playbook playbooks/*.yml $@

View file

@ -0,0 +1,8 @@
---
# Deploy a correclty configured postfix on non mailhost servers
- hosts: all,!unifi
vars:
local_network: 10.128.0.0/16
relay_host: proxy.adm.auro.re
roles:
- postfix_non_mailhost

View file

@ -0,0 +1,7 @@
FROM python:3.9-alpine
LABEL description="Aurore's docker image for ansible-lint"
RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
RUN pip install --no-cache-dir "yamllint>=1.26.0,<2.0"
RUN pip install --no-cache-dir "ansible-lint>=5.0.0"
RUN pip install --no-cache-dir "ansible>=2.10,<2.11"

View file

@ -0,0 +1,18 @@
# Ansible-lint image
In order to build this image when a new version comes out, you need to
1. ssh into the `drone.adm.auro.re` server
2. git pull this repo to the lastest version
3. optionally make the changes if it has not been done yet
4. `sudo docker build -t aurore-ansible-lint-image docker-ansible-lint/`
5. ???
6. enjoy
You can verify that the image was correclty built by running
```
# list the images present
sudo docker image ls
# run your image with an interactive shell
sudo docker run -it --rm aurore-ansible-lint-image /bin/sh
```

View file

@ -1,40 +0,0 @@
import ipaddress
from operator import attrgetter
import dns.name
class FilterModule:
def filters(self):
return {
"remove_domain_suffix": remove_domain_suffix,
"ipaddr_sort": ipaddr_sort,
}
def remove_domain_suffix(name):
parent = dns.name.from_text(name).parent()
return parent.to_text()
def ipaddr_sort(addrs, types, unknown_after=True):
check_types = {
"global": attrgetter("is_global"),
"link-local": attrgetter("is_link_local"),
"loopback": attrgetter("is_loopback"),
"multicast": attrgetter("is_multicast"),
"private": attrgetter("is_private"),
"reserved": attrgetter("is_reserved"),
"site_local": attrgetter("is_site_local"),
"unspecified": attrgetter("is_unspecified"),
}
def addr_weight(addr):
if isinstance(addr, str):
addr = ipaddress.ip_address(addr.split("/")[0])
for index, ty in enumerate(types):
if check_types[ty](ipaddress.ip_address(addr)):
return index
return len(types) if unknown_after else -1
return sorted(addrs, key=addr_weight)

View file

@ -18,6 +18,16 @@ ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}"
# Databases
postgresql_services_url: 'bdd-ovh.adm.auro.re'
postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}"
postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}"
postgresql_etherpad_passwd: "{{ vault_postgresql_etherpad_passwd }}"
postgresql_kanboard_passwd: "{{ vault_postgresql_kanboard_passwd }}"
postgresql_grafana_passwd: "{{ vault_postgresql_grafana_passwd }}"
postgresql_cas_passwd: "{{ vault_postgresql_cas_passwd }}"
postgresql_drone_passwd: "{{ vault_postgresql_drone_passwd }}"
postgresql_wikijs_passwd: "{{ vault_postgresql_wikijs_passwd }}"
postgresql_nextcloud_passwd: "{{ vault_postgresql_nextcloud_passwd }}"
postgresql_gitea_passwd: "{{ vault_postgresql_gitea_passwd }}"
# Scripts will tell users to go there to manage their account
intranet_url: 'https://re2o.auro.re/'

View file

@ -1,246 +1,218 @@
$ANSIBLE_VAULT;1.1;AES256
64313161633263303464663933363265373935633862653634643862343232643432343966376438
6134633764383937373966346538306530316539303966320a363035303038616435383366656532
39346463396563626166333362306464343836386365303836356461323663633831636562393039
3832636432626238350a666566323435623834396166656233306639333830343130326265616234
61666365663963643437386530363261306438376665386463376366363662656161316263303831
61393136363934316462616131326463333736656136643038623061313363386538393833663637
36373565333566306632313865646538633532393731313430633462666334323762653337383338
63313433333835653366363061343839326131666139346563306366656365316663333438363837
33323165353936343165646464306434303161313139653561346461653537616164623434376534
33666662343734633766356230383761353239333632613031396365346536373432363433633564
61633762393033343336373864653438336436613630366539333731383336346665313732396265
32356138666135383562656366353131366436363464643630656130303437623131333239386363
66373866393064306565306565386230373638633733326661333065633136633130323963323765
30353262323835313365383562326363343965636634376133613331363133313030346561653931
39363636636235646131353034663861336362383263613165323230366439383561653165363764
65366130623362623539393461363832353435616266393036386439303834316635366438393936
33383933366262636232383066663130383965306137356363363539633661373664613738336539
31363131616135623039346465623530376533386263343836376662316562386530336266303062
64386531303938623939653635313163633261336339366139666135323130653862346132646636
30363065303235346331333434653331646333616337623562643564366435613938643235333664
30626164373030303237656366623631396138333265383566333664663061613536666363623630
61623362383439636239336234333161366635306432363230366630383836326330343932303863
39393232373831363863333332636362396639663831656266336430313837666463336439353332
63303036633433323439613535326663633332346565646338353761363733643766363132666365
34303865656262303563323665363730663062626537363461646363636461633762663237366366
64393133656464643065633634313261336662646435313735306266316132636530393631353830
61303939373363323131316463333136326365333430626266376636356130396239323464353937
64616232373532396334343433636332353530386662633164353235626361623164313039336666
31636434666437393839393133633961373139313663616366373239386163623064373836376164
62316638366366376134386231306435616138656461373633393339653532363434393834393430
37363335623934306661333135343266663464623438353665613330356236323036363139643064
62383934363465316338393065383935646134353230376131613935613431656333383565353134
34643866353131653061623236306536363163373639396564336434653839346263303930633663
39393935636235313431303032336361313730373238333732626465346662363038636361383631
65393433346363366337383233646166306339653533646632623262376630383265393438326135
31643039333835666338383762336163336337343532393063323165636531353361613731363065
65303637396332613432663636326334646635346237396461636366356133303333306239393739
34353966653662346230383865643231313239626533643761366162613164333132373636623237
32356335643766646266646266633366363165373861306433316561363166363865303133633939
34633132343438363034323638376666313061383965323566646463653163313235373364386666
62393865373137343237306637363536383939303833663532396333313931336162333837613935
66383266343735396337663936333162323738383264376533316536376563396333343263643931
65646535363337373865353265306434356432353066656665366638353331366334366339613538
32373637633564613861626538373365336362313434633137613966353861393462623862663330
64386431373066306334383863366133333564373163386433313231363366393830343230323734
61633962356637326538336663386330653563353763663236623539363630626363323237333237
30656139626561313064323330373032323031343137366638303966313832646365666238326337
63306363613361653933306234386163383837666430616663383664386563323839326232383761
35373539626438356539393266653864353066633365383437623437356464383335383039343137
61373539343631373932373033656233323964353666626162386537616333366562346265656238
35396130356166303564303036383664656435626534303064653363316464616335303965376330
61646638383138323265313631613037396561626162306661653231646230343139656135333236
63303838316266333665636335663361656262353066666430656162323236633564313337353665
35363565303736633564356632346632343832363934343962313030646132663566346664313632
38393061613163356265643434626166393366366634343032626637333332316361663639623534
62323239373639393337373537646232663531653835356165313264663561623633633830373734
31336234613633666538373961626430316530346462343061323661353564323938353338373961
64616637303734303333626166306330613238646265636136653939363936356165356232396436
65353731633836363433616534636330663565643561363233396538386430393964353433616437
36343936313936303165396236393463646363383338366238363961666530623335653234656139
65346337663437623134376137326166323933613861663032623965643538343638376234316232
36333065323234663263343630353739313661373536316162366532336438373263303730626464
38613136393166626663636631363064303736666235333036616435373063363762666565363136
38333966303831313333613831313132633062616235353365313533386236613338373130303836
61326262313833306437366364316433393931353265326131653563656131333436376338613266
39326632613366666136643137303635336631353230396435313537656366326239626362313833
62653039343261613265306362323234623264366664306561663839306631663465303962386462
39353934643562383762623937643034383534393962333466613636346637323235346438666636
31613838313535666166663063373333653439313035346266666463623666613837313933623837
63343565663739393764353761316432626237346234663032316131306262356233333439323961
38646664383030303832646563393836643135303731306435383338623633626638306165386637
65393238653464623032336437643838333932366131656332333165376261383539386466343139
65613733383837323832303738363664653138613830376333363038383839623463623631666237
63363263396533353763373934373034643763376665316638353435663635346135333265363235
62663432343935343964626432353563313036303761393039386231343530663737633466643035
65343835353037643539316439666666633866356530363237373230373439373133313337653237
66613631373637313534353862653437393234363365323032393035376438616264336661616262
37336435326135373065353564383637626637343532396331623334643139386364316431376435
36356566363033636539363430356565373039363863396565643730656531346364626334393436
33343839303538383530363231366166623233333730323163323432373831313639626337346230
30333930333064393337616564386163623436613933623466353933393733346339383534633239
30633365313364666566643533326163336330323232353533316633313739343035383465376330
65356139386463633565366132383832643032333234633964373437633836343435393631396166
34633439643764623936366536353931646132373539326238303761383339643661616266646130
30393166393465326365393130636136336433623262346435353936306133616135653734383635
65393530633836613937346430366337626365363361663533313837363063396538663766646566
63373639653732353135343562353266316164303863336365303635653464393232613939396131
30636361343932663233663566656131363938656161623966316366656561343166336532613666
65613534663762353662353262623634616264373964316336626166353330303539356130646166
63643435353765633766626165643465386331333637366562393861613834323464363932306430
32643836646266643031396262626136313363623663366430376432373036643835653863323631
30613164326430633664306630333632363931656135643465363439376263386561383534633666
64323763656466343064396639313264386239356664663461333166626332326536623132333434
62303261643164643330333662623935383037353338306135613737306563326336336162633138
33623066373265663362303133363032343933306336396466383034636131333837313333326531
39336163313633623639303462313763656632633030336236643030343262653366633939643536
31636535393864663363353930363761623264343630396336396431663330323436613462633136
37336464353730643566393432343762333336653932333366636265343663323462626232623635
34346136333630363539633666316561376266373032373961313437653564636537656630303261
37313639333233333365383763333061373730623939303530303832646365323739356564626137
35633366393636376463393961333830343232363266633931613332643134643234303733373466
35323831623931633436626636346431303965663639666566623433383736633834626330303265
37353337656233663938663839373931623137666662623266336537383631626631306235363064
33313564316438633139336261623736336336326239376630316335313631376132646563333430
33656432643130643832343065353834633366363339353964623762666564633835633636313731
63353637636165663136623736343234393038313235333363643237643566623766393838386635
33646233623032653233336266636335666233353032303837663162303939383262373761623261
35366661363966346233633739663635353361303264356534366235616164316138623730623632
62316362623736396264366632373661373835393434343364353431316362666235616635633566
64353530633334393737346663653562346335323065356665643132353738363132623031353664
66666639326238386634363664356664343161386435323736316636343536326435303066353035
37363731613138393333636562386363333932386362303139643262386237353863363764643139
64616561373239346464623165616332623434303433626638376232333733646136376431626438
66613134343639656331626630303030366133356636663735353466353834613430356265386162
66613332663232623438636661306332613162666561353537313336643134663664306630636639
61613363353264373831393962333631383236666130646333336431303735333165656438363432
38396530333631636135653534393531326434306362396237366430383166323832336434376364
38393431646338316232373431613930326532646333386435303034356564336665346133393866
61643533643361646265313334633463616437393437653935613261366635616430313064346532
32363831613565313836376338646466323130373032613863323037323566643164653132633735
65636562653535626461396666643330386333663137613333643165656336633038323036373162
31376338613862333334643561313332326237646565633934323032626662633631633033623063
63306664656437663732323339383735306132616531373865323835633264333639336163366466
33373433653839393638323034623835643531393266306331313563613265616633353763653438
65363532653163303861383531356639316331343531666666636336373634636134633331366364
62366230366435323435613964636533353236373935626632623536396664313264653031623062
33366166343630313839366262313234346262343336386538336335393835646138666330656361
61313936323838653832633130346539636363613838343363663431623063333933383466353938
65383361333561383631643938613862343236346233363466333237316339616362366565306639
39356563656132303463346138356435303038303165363935343266396462326365363262393336
37396235366639623761366239386165613065626431633733306234343866663266633631656237
63643430383433393835663635356265636635363137613064353066313338346436356632346265
38393730336465396263373137383238653337396364643061303234666266663064663265383434
36636138643432373633313038393737663735363838396164366234643533633762383062353831
66326231363337323666386263373438656630346336663239643030386434636264666634393631
39313364333761343532346165396365306463393037643935666363323630326664616638313338
39396336653738353333343835363861643166376565346463303135376439336134666235623230
32363031303732666133386164313437366164326539373564623236356432303132633436323563
36323634373538376133613736633133356638323861636434646465643432636366376138636232
63633830613462613831313938326339343632393038376639623131366364623536353338363439
32613331623863336165636364616634303264356630303665383638663737343836663831363263
63366562393734323030306436346534626530656465396535323835316139633562363830373437
63626530326530383538623165356532303862353763326432373966626436303465373431373762
38613539623164353732623636376630643465343839666531306438326633343362306665366132
39396537366266353864656232616334336130333337306463313932393832653661343036396261
64613461633433356334623631643861303133383963336635623138326139613564343838366565
36343130353462333162313736636139306233366466626231306561626335396262663531333839
61336437343137356335633764373730306466326133356331333530353537616661373062656438
35356235666464656466323937353837623535643937383866666133383633396563333338633034
38366531613164363966323137646237393135383164643230663331306335636432656565633636
34343031633632346533353666353034666266666561346464306665386634313263323333653330
66323033393531343633356466613837346164393332613037636465343230623731616361336338
61373332373636646435353734386366613334323161626437396232613534613330613532323534
65653065386432313733663165616333663666363733623162306536303833663136353334656466
64353931363838613761663561666639373865393438396565626661343934353662363834636535
65363664393433313036383438643864663339626331343230343337316437336634636363303563
35373539383535353235633730386232363539616632336566376264393832383637663330613133
37643261363966633138373935333438393536373938383265373261363232343030373539366335
61633162663137643061363366653135323639363838626266386262666133306461333432313738
30313332626166303630363839396663396564633961383863326663356230343938643833303933
34333032353935323565346633363537656639613663356130383264373739636231363364613066
36653664346434393933383337313630623131396461343930383537633536643365306564396665
31353861643335353538623838393335326364393738376239623431306231363739656438626265
37666532336661306262303761616238666239623265663231386165353437366631376234343035
33393037316563373534373765616238616639303031346430623561663430393536303163613338
65353062336164626335376235656235343637366438353334356436653266333062663838316263
32623732306462356162623437393035626433336631643833626463656634366332613936346465
34653331363133373635633330363564333264623566613432383439396537343963653239336265
33326132663434363065646265646130333935303662623037363938313464366564323734333437
36336335303738643634653164306332636130316161393335656536386131396662616366383139
36663863343736666665363337663537326330323437346565346465326231366563643136366365
37636361343961326261336437616266373962643765346438333766306537303137353764396330
39626635373631353635313935363834363730386132376363663462653330623130663266373432
65343237326535613535386363396236336536366165306463643162346638623638373433646163
62613935363636353639623839396231393838303135346536383037353636613563323234626131
64373666303436393861373164376564646235366131343433623733663832653039393738343537
65323534343464613230346532623966616462353532373064623566626563336464326336393364
39626237646431313135323036303065343138616632343237396136366332636132303037376132
33623031623635653162616265316366663262373666636638386130643336383130643232643662
34326663343562613962343033396332303261636230353331313730336630633461333736626333
66636430643330383032646634396133626339623036333963396662313234623466366634636334
33373762386662613966353664346239666133656435353365653536356331613632666132376264
62613433366633663065306166396166633836306139376533396165393966323465303638373563
63326330323161303065643365343363313338326238363137663139613463613434643834613662
64663365633965653363633165653038333335333232633434323037643936646561376431626230
66356138373136366134373533386634373061666330663364376336383433306331386162393633
33636330643531396464313736363061303466393861613730323563626363643731333633366532
64646130636234653566346533323962353332653335336239353630633535623935396638663366
37383661343636613261623833653032373764653164346634663431653664636233323734666166
36373664306566663930353338366431623563396166356638626166333165623263636336613138
34343936393964666564306637346561393538383137663162663630336462656663316338376236
63633666333263663734353861633164653132663334306664643133663736663766626639393236
32653430333163313363343731666135656662363838366132383732346130313130363365656263
32643533393163376264653632663262353966306630333064313932616262323134326361633764
63383837303936616434616630653833653833623263623532306363373836323431393335623530
34316562343035326265333164643163356230643639373431326431303538346363376332373434
31313666313663343363353130306561646136393732663164393232636330663635346434343134
33663138663336636430373763396435323138373633666438623234363631336232366635366532
62616239663934653462656163326134303261376635323864633435383666363065656665303538
62626538343638366236646136363232373437336630383739656438636465326531646664366462
36353663626634386538336239623734323234393463313034303837363164363263623065613061
38333162646232366339333662313965663336613238386530393162346266636532353433656136
66326436323836376432313238613165373565643233333435393361636637653361616435393438
32383763393561343734643438346635613663393736613839623263663866336165343235663933
66623137616561313462653631613830363666653635336534643935373739353138363934656134
35663063396162623432373534333463376231666466393963336231653939326663396336383735
34633763336163313432616163313638623963306666643432306661393632346339373963633265
32303862643661376433356661383335313365306534663534396638313531373538326236636363
37626138333437393363323261336663653163643565303063313231346131376261653763356631
62306262336337366134626632333663363139393131306666303235303761623665356431646234
33666461663035303066353137623762653565353533613435663839396238336337333463636465
38353135356634626137376232613330393235383432356436393030313564306537616363383136
66356463373138313661373565326565343066643133633630313031303132313031663739316631
66666631386163313034306532393862393930653931363235396662366262636466363464396466
61303962303066633764393831396632626233343633313061323838623134373036393164633139
30303861636335636131376334376239636235653233323435623262366132663934613661333135
61386136326435363337316363666330363431613135663661303438383664663930656564373730
32373731393666333364633835646431646662313232383136616238303264383438663766356462
32346664376430663934626661663039656461383738626265346162393861346163656161323333
39323666643031376530303230626166613233383731363766373634623430633635303963313466
34646331363539636133373134353535356265393265393635323532323134643034343663636362
38633261613433393634396234396265623063346138363133646532366638306632396464646432
61373961383438386535336131393633303430346162613738343839653038303035303033626535
37343030623530333332306265373539633735616634663666356437303862636338363866613861
38346130336338373865343866306665616530313938616366346131376262346135323537663137
39383366313766666234323234363937623264353532323033363966313135653163343036666262
34393832613034383239393930383063336131356364303231323966303633333331633666373764
65383137333965663234663933303231356165376233326233303035316536666563656363343933
36633039666432643135636331353932633164633964623661373739633665313433306561303637
62373534346562363132643063643732343462653838393635343266626535353864656437313434
34376538303965616539626534613431623834376337643936613137323031323139393762636463
66346664666361623636666533663037613434353135393862376633636233656330366136646434
30653735323961383130393763333630306131376430363436623238646632363462383739653636
37346566663039383866323639633565366338353438386461616239313639343766333661346435
33316538366463383733346663316564656566656165396465393461363061613239666165346661
62346639623163363762366431313831663135643062336363323336303737393437653863303665
36643466336566336236353166333063633830646461626262333937316162353365353130353535
30383164363532363532306364393236303537383139643431393962333063633162313033613561
32323434336364343061386666616639336566373461633462393130336461303531353436623065
65663430623066336533373662306566396263376562343936666166626666323964373334613835
64633535303365643564626562643562636363363834353865353765356665643965663861366436
63333736613232353130616466316637613966646139323565356537666331666564623832333439
36376131663431616430616265323039646432393166613631313762613264313765323231663961
65616636306362386534626130636261636566626365643630616135323634343935653033653433
3061
34353636353331626234623838643238343237306237313336663433326164313030646263393165
3964666632653139323634663061363763656533373538660a393464333663313633393866383432
31303736366665306465333037373835383266383035626666353461623435393438303861376435
3161393136653361610a336438393566393936633637613436366634353237313363653232333263
38643566626564656635316564363362386236356164646238336265663839363430623739366266
66333233666439656561626161653336633136396565336633356630303436303234613063396238
62363437306639343236636537303363313236633765363430623865323734316531383662353763
37636439356164303730323235346362393436656333393062333566336536316131343338663630
31613063313034396162323034313562356662653266636638633665376531663932653461636363
32653061386562376237653837333239326438656630646138393362383539616339393365343435
63616462363733623930623435333435333937336538353735626161666162333337633931333338
62316638373736326432373464326266373361613864633262656432313364343366373832643865
64343866393966346534623238386437373632326632376166396630613630613365393932333066
37663162656134346564353762383961386161343064373637373634353231653137383461626666
34666365656632333764613931643266613737393032366431323764623830666131386566613535
30346631396237336332636438653339613633636662663266663235613634346162316134336533
61353361353437626231393137653464363934383233363830373961373033653336323666313836
63643638353438363661653239346530366630336661343336303836383439613462333532653263
63643437323166386230663635333130333632376661393830646365333666323239323134386636
30656266323839633237663433376136313437366264633039376165633961656137363038616534
32393330656464373739353833646232633634333937613932393834356535396464613633653334
33386231313830656562366335333162386461616331333733343163313562636232646261383135
36376131333931303566343337343539323265313931346538343539363230643030646531373134
36636364326539356533363832333661396435363365633831346664393165626330356536343961
64613935636333333331633931313266633732663430373166393362373431353363316630663235
31353936343932386665366134643962313937366634396262386434396334383332343537383163
37323235326161636339323237643366323430623136323937353665383364306436616664356662
38616466636465313330303464343665333163626231613164663030623963626634383965613135
31336632366231613062366430393636646535616134383232386334343137333138643866393633
38636161623734613862313638666562393164356536613665303839633035636330353965356163
65646530383162323630633865363334306234383466383033663762633933653162356166376138
33343832323466333132386564336636323765383839366134636433613866623830626133303434
64643066366638316633663338333335313466366433313134306239393233663233333730333138
32666133633931393961323663353565653532323837316165653536396339316364623633613137
30626636623037396438636261633939643363326136613631376139396538623932356237313637
62656337663438623666633435373564313566636538373339663731393564653264623863353032
33613639616135623735393364623439393432316632626239313837653464623563393663346163
36303764343562376337366465643434646263383133336162376166383434633436633263303263
61656536363037666230393063336263363865356465616231333966396332383434366265343434
66363732313435656164613135333762306464373133343739636266346336346261366535316230
36663433616332386166323965643436393433666264343062393463653339646264353264366663
31653331613138316138383930336163616333666161386466616566323664346263396637393735
38386462313763346164613430653133316631633261356663613738663435313963303734373364
34353332643366353930633339373962376162383239316134346561336539643737656239336230
33613662646466383434303638343362323933643831653932393030383762323539346332333961
34616338386361353362366434663365663262383835383031393430633235393631666332623261
36393231366164303165336633663565376334643864323366666434383634353031326633313266
66346234323036396562313366346661333130363434643565333763316234353733383733623839
37663761656131363932333330663638323733666333336636613264363164643230343964643061
37633264313865373732653466356639653335313236646331623932303963326364343132656464
65636665616364373538613732643938323364626166316437623166383734316662386134316233
66313430626133303461336465333532373361616334393139663233363132393265643865656561
63303734313934343636333135373164636536663935323030366563623635616535616230363061
38653362343264626432373866313363373439333331333963333765356462323762333739313061
33626365663433396562633534643630326364346135383531343063373266633635353130363166
30363735386665346661343166373034663466636335323838666465613163353039366233386562
39626462383635356230343031633666346561376462376634636236323164626537396337323337
64653163623030326435623833383136386366613764623633303732613337373732386432303737
61303530356461343339333165663161343262613434306162653563643765323837303537653963
30383964336230326336313765333832323639626131303063363030313537346463393765303132
33376633313135613832616239343939363562363132666433373966616166383836376636363630
65376266323266636430383236616338373632323134626165393961383733363365383761653538
61386365363262623665313637333761626561643530376433326531313161303733626432333866
63663762313130336535666134343961353337653034643436363263306664666562356431313433
63333034623762663630323031653363356666366538323064363866366662656466666361373938
35653562383865363437346466663963326439316531396165376439383931366132386161346364
66633334666239393336383336376130663633613161306564336131356435396639336566636131
37653763373537353635393536363531626332313461626166373763613861346433653237306636
39393435633163386164356131636530623732316538646133316365383561653061376431333431
66356561333637353537316231616133646231306462626439326462393131633562393462396132
62396337626436336230636338373439343839646266613033633930383530363932616463633538
35646230393536396330383566346138633434333063333362313139643537346236313336376463
31363335633333333262316239383735633139383332303235623430626539626466336365306465
66396336323637613036616532363963363430383737343566366162663836396132353933346534
35366565336462646364643137323864656334336635376435623561666530386334623964323136
39653365646161366330376336353931633366653832383966656639393364386438363832333934
34616536653064363739333363663233376631636134323162626333343035396265666662636230
31343931323435373964383562616333333835326238623131646433366134343830616432643866
36353363356532383963623364636363393834343132303434393331653335313938393662376534
33376565613433373864666536313439656339306532643233336137363264303638346563643932
35343838616538343262613066343665386433386339373362313533643639326136663430363135
37393734306565613566663632643639343939353361656566663431386539333136393663656262
34363537333431356363633932373736383262343336396666383237616661353763643861376537
63306133353331653833346339663062353438356162356431333336373536623439366132343930
31623736353532323230373264363163386339346563313236633061313239663962623136323962
62333166636230363333633661336539373962623337666538636565643664396132613263633461
64663430666630303562323065613838666265653438383838363561303637663931613239326639
30663533376662333162613731636665646565336465396132663165613431343332313038613335
62643030376564306335633138373937613934653738396361303064306263353566336232346639
38323266373537646334633761643933653931646439353939326536383463373666646262353362
61356230333461646435353332656564616464363539373966333535653365326330333230373539
62613335363632393335306535643862653262363031356439386639656262353662656432656331
34323431356337646238353135326332346431383535643735646562386161353164393961646264
63396161316563323537396431646561633730373930306637623438323761613935396238363965
61613339353234626565653939643139626665343439626365656165616437653234326530316464
39303433333533643439313464623531646133316563306337386261356332393435613237653632
63386439353136383265323965646538316334343661376532323461636666363630613836366233
63326465633438633564396135386137383061663264373530313330666639333236343539653734
62323637313131613839363665633163316235306536343039626166396263383332363365373936
66356135646330373162346261326531616538303566663761626639363635633064623361663463
34373937653165376262643064653738396365353532343864653836306231306566386665343963
36353066346161323733346131386466653964653961343136643039653035383864653238663265
35623565303731636164353664666636303430333933616230336330393530633032353037626339
34326664373239663330356430346531663635646161356130623733303862613964613433393334
33303735333934343964363230326634653465623465366465386639616361316139323536363261
30313531363533356636303565303265363430363530356662313838646435316439363263346165
37666463393332323066376464313339383138343235613438663464613436376237333565616563
31363936393731623562363331666433626636396136636533353435386634336363613963636162
33306233616636363432316236363665333162393133616130313530313764643738336666316639
36613263303138633039376135396266613766666261373436626333373035393863376133386162
38633333353963313433636236636339666135376530323731663761303938313764356636363963
34393035333561626564313638656266313666643166633163636630633938346661653033643832
36393632633765656661353236376432383034343766643336353236623437356638336264326364
30616161633130653131373932303337616237656633346438323832623964323332613836326365
66666666663766653865636435623562643637363134333336636231356332356439396262386338
62643738326437343139616134386130616533653066666631633139653038646336306363373233
30626134623732393361653637313235363463336331666231336434363432646363373534336661
39623864643130613337336232313263323161313030353535313336393233643237343566373063
64633935366430316566306461313261633031656562356461376632373031333462323237646263
37343535393539393032653135653666393933326632653166666633613638333130623937383530
35323737363662346337326134366239666137343031326663356533353033633332633931333738
34383937316461313231313936626436633030373833306636643633343266343461363732373132
66396233396432336336623166653361646561313432383861313061376234656636663864616132
32336664636162346633376633353938613865323162356437373330306236383164376261613461
37313839363331653139623264336631663534643530663434393535333865353965343161636638
34653334373865356439333736366432323832323834633239333130386639366163643337303832
37383637366231613930633661316466346136333666343266393137663965653331303034356661
61643439383630353139613635636665616534396639643161653334626434616132333731323532
39363462313039336661636332623530363832316564343135343330323362366633333632646239
34633736383534653130343437376134616363363736613462326332643031376331636164623837
32316331663030383762333562373937663663633931623535303139306163613962643762353633
66643038633630633736316634316238643136363532396363323361323163363638653331616631
30303832363163346663613433646432326566613738356133386238386266376261336532356338
61383539336138666261636234316461646365373236383038363965626635393530346236666263
38636164336463393565613362626334346565653464663136316564646631323835626364333536
36633566613432346334656665636134386334663362633562623938343264396538656432366166
65626635336139306335366265616430366337656265346235653333646362383232386434663832
65636634646363323736323165666637373661333136636164613933396130633932373837393030
38303466303363623038336363633037666631356262396631396464383065343730346537303534
62383764653763313639313332386331653163313134303336396336323862323063643265383761
35633939626636613030653564366266346338346239356163383864383762393261396561613032
31313866356666666538613935653965373932366666303634636436633662333638396563336161
32303934373238323838366563623035663863393835353839343230626235353830336532306532
36303035613238656133643936353735646336396238363334326561336365666238363735633561
62616338336664366631336364636564393539363163626465613530343939303961353364666364
38666665326563333039386462656261666531646637306261316233336130343730663661336431
62666138343766393262313431386136613139386265623939613830646233666134386235326564
36353032383336353763363231313564396630363565666163316237323363633866323734326664
30316533383363363461613564646137646337303738373833373238396661656265626139333637
30353835363062393333646433356362613132653463656532366137356136306431633836653333
65326266303038393233373263313933323637303539353065663233356333326235633064353536
30626433356630316364386332393331626135656266376233363837303438636539386434613038
31313938653662306533663635333564653232306436396331386433343561313365633664383865
33356163343232626165353739386534346231336634656231613235383536616338383133383664
31303734363836326662633062396130343637343731613532353533323164353934383230626436
33356139303663326361333535306261386431343736396238616435633565613266306339363166
61646233353636303739353336336662633662303861623864323033376133623734373436646365
33626332366464393166613339623663346234653830386664396630376539656163633263663664
63646539353035323263306136396537373561646264363939613737313462643063663136623136
61643138623962383039313836633032323861313937643164343832303634643833393230656637
35393566396562343863323235333835353135323139613166303539306266636265363931336162
32363361356231326164376533346464613836373162323333336438333532333161633432343637
65356364636264313036643836643863396435663837393564393833303037643331363633643065
36396662626462303232386531653234373231306131353732656663353538356636646331646163
32306362366264343966393237633831633263383236336133343166633639366266316235386538
32623039366561643663653564633066306339613938386234666430666462316363373863626337
37366232633365653462613732353064396539356432393661626462313663363634613434376462
61316266366131343239616133613038303338323566633363666330336364393261636130313164
32336237383536363562663537343661306434313964373034376263373262643635316664646130
35333631626236653638633661363831323262336465323339356637356331313738666634656538
34363438633566393866313662386365313030646230393862343735356535633366666138623863
65306336356633326530303932373634613733643364336561653737363132343534333336376264
34663965373532393330393763646232623533376332323239376232303935393339656230356537
30306264636362353733656366363139613637303264323361333138666462666531323131663564
62616362303035613733386231316431326333643739373738666135363232616564346238636462
64623234363632613436636336323965383762626261626137386631393334666266343636323862
34326431303365393234616263653862376466363861353835316336633336613534373235353436
65663531303939386233353934376335643732373063666362343234353037363430356233356138
34663530643266343535333336643938326131366239333630336163363263613561393639333631
63333031643033623964303361383462343339353264656435626365393938613162623835646539
62626331393339373839316166613965373862316438636561306162376535633861396531396637
66623936323361616333326330616361323232343034343366643130623037653463333730316337
61383965663130646334343833333737383931363339326266666437353030626262633263626135
32626239383137303538623735343033633465653861316231636564653535646662646561333832
30613639353563363534663764376232643630626434626466306663303331643565313239353131
36303363306538393164663563313133636663653664616438346235646637636132373532393332
35633533346432616532653937636565363431323161336430323566363239373035616264373636
62306337323935336332663262396466323064633738306334386233663531313633656232373330
38656635636264353635356165343233643061363836396266386631393433366265646662633239
63303939363637663030663965626637336366666638386532666466613965396533373935346135
62623837643462356334323234633263636130653762636461353037396461623961383330613731
61626634383232313337313363363637623036653630396266623265363961303662366165373462
66656364633735626231323335373135663462373966396136653634653865316238393263316464
66663537383763386335383131303438353930366534616637636564313431346163353534366431
34356262653134656633636631373963393032393061353636363333313464386463616638663939
39306136373433346362613934626332316633353232373963633939336338656331366661666232
37646566393062643738383832363230393337363361653566303433666561643936313037653662
65666266353032313862666365313237323431666365613666373931383838383435663034343239
39323139336266373463323465656237366166653230373236613335616433363465613131326234
39393363386334303963613036333661373364633437386262363937333565316639313261643133
62626235303163666435333030353039316432316661383933353834313733326435613366313030
33303631323132323861613366313532333931623739623731353566373039656133653061633637
36366365653836346662616135303536613331656364306163633731376634313739633634646132
31396138663337656332653331616462333936313531646135663930616130623338323733663634
62373866353663336138346335383637333738363035393366613434306536643239356436396333
39333133366235666562383239363530343464353735666436356333313932613965613065663639
39383962376264643337633365386164353166343165306634376634646233626466363661666465
34306533616238616131306130323637656536663561306437346238303464616636306134366130
30386566326465323962396130336661613433613938633565363635356166643263383364636164
34643465353664386437316366396130383533626132363566656265353366663865616531386238
32633831623334643166356237353164356563646132656130363634343664663765373839616430
37346432616161636139643733346631643165313636323231643461313164646663623439663966
33323230376337663566636233333038633465323238636533336136363037633065336538383033
31356634363261643064326335656535356434373862663935316434613938663833626139646636
63333936363637356234373237326430376232623561663461633138363032616138343730663939
37353462326266636562373331326161646338623261303762316265323432313139356439306361
32336132376439616662386132363566363438313739313830393336393439343839

View file

@ -1,4 +1,3 @@
---
loc_nginx:
servers: []

View file

@ -0,0 +1,70 @@
---
postgresql:
version: 13
postgresql_hosts:
- database: etherpad
user: etherpad
net: 10.128.0.150/32
method: md5
- database: codimd
user: codimd
net: 10.128.0.150/32
method: md5
- database: synapse
user: synapse
net: 10.128.0.56/32
method: md5
- database: kanboard
user: kanboard
net: 10.128.0.150/32
method: md5
- database: grafana
user: grafana
net: 10.128.0.150/32
method: md5
- database: cas
user: cas
net: 10.128.0.150/32
method: md5
postgresql_databases:
- synapse
- codimd
- etherpad
- kanboard
- grafana
- cas
postgresql_users:
- name: synapse
database: synapse
password: "{{ postgresql_synapse_passwd }}"
privs:
- ALL
- name: codimd
database: codimd
password: "{{ postgresql_codimd_passwd }}"
privs:
- ALL
- name: etherpad
database: etherpad
password: "{{ postgresql_etherpad_passwd }}"
privs:
- ALL
- name: kanboard
database: kanboard
password: "{{ postgresql_kanboard_passwd }}"
privs:
- ALL
- name: grafana
database: grafana
password: "{{ postgresql_grafana_passwd }}"
privs:
- ALL
- name: cas
database: cas
password: "{{ postgresql_cas_passwd }}"
privs:
- ALL
...

View file

@ -0,0 +1,50 @@
---
postgresql:
version: 13
postgresql_hosts:
- database: nextcloud
user: nextcloud
net: 10.128.0.58/32
method: md5
- database: gitea
user: gitea
net: 10.128.0.60/32
method: md5
- database: wikijs
user: wikijs
net: 10.128.0.66/32
method: md5
- database: drone
user: drone
net: 10.128.0.64/32
method: md5
postgresql_databases:
- nextcloud
- gitea
- wikijs
- drone
postgresql_users:
- name: nextcloud
database: nextcloud
password: "{{ postgresql_nextcloud_passwd }}"
privs:
- ALL
- name: gitea
database: gitea
password: "{{ postgresql_gitea_passwd }}"
privs:
- ALL
- name: wikijs
database: wikijs
password: "{{ postgresql_wikijs_passwd }}"
privs:
- ALL
- name: drone
database: drone
password: "{{ postgresql_drone_passwd }}"
privs:
- ALL
...

View file

@ -10,7 +10,5 @@ rsyslog_inputs:
port: 20514
- proto: udp
port: 514
- proto: tcp
port: 6514
rsyslog_outputs: []
...

View file

@ -6,7 +6,7 @@ loc_nginx:
servers:
- server_name:
- "10.13.0.247"
- 10.13.0.247
locations:
- filter: "/"
params:
@ -24,8 +24,7 @@ loc_nginx:
params:
- "return 302 https://portail-fleming.auro.re/portail/"
- ssl: auro.re
server_name:
- server_name:
- 10.23.0.247
locations:
- filter: "/"
@ -44,9 +43,8 @@ loc_nginx:
params:
- "return 302 https://portail-pacaterie.auro.re/portail/"
- ssl: auro.re
server_name:
- "10.33.0.247"
- server_name:
- 10.33.0.247
locations:
- filter: "/"
params:
@ -64,9 +62,8 @@ loc_nginx:
params:
- "return 302 https://portail-rives.auro.re/portail/"
- ssl: auro.re
server_name:
- "10.43.0.247"
- server_name:
- 10.43.0.247
locations:
- filter: "/"
params:
@ -84,9 +81,8 @@ loc_nginx:
params:
- "return 302 https://portail-edc.auro.re/portail/"
- ssl: auro.re
server_name:
- "10.53.0.247"
- server_name:
- 10.53.0.247
locations:
- filter: "/"
params:

View file

@ -13,8 +13,6 @@ loc_reverseproxy:
to: auro.re
- from: 92.222.211.195
to: auro.re
- from: codimd.auro.re
to: hedgedoc.auro.re
reverseproxy_sites:
- from: phabricator.auro.re
@ -29,9 +27,6 @@ loc_reverseproxy:
- from: passbolt.auro.re
to: 10.128.0.53
- from: auth.auro.re
to: 10.128.0.150:8089
- from: riot.auro.re
to: "10.128.0.150:8080"
- from: element.auro.re
@ -39,6 +34,8 @@ loc_reverseproxy:
- from: chat.auro.re
to: "10.128.0.150:8080"
- from: codimd.auro.re
to: "10.128.0.150:8081"
- from: hedgedoc.auro.re
to: "10.128.0.150:8081"
@ -59,8 +56,6 @@ loc_reverseproxy:
- from: cas.auro.re
to: "10.128.0.150:8085"
- from: rss.auro.re
to: 10.128.0.150:8090
- from: status.auro.re
to: "10.128.0.150:8086"
- from: "kanboard.auro.re"

View file

@ -41,6 +41,9 @@ loc_reverseproxy:
- from: intranet.auro.re
to: 10.128.0.20
- from: bbb.auro.re
to: 10.128.0.54
- from: nextcloud.auro.re
to: "10.128.0.58:8080"
@ -61,12 +64,3 @@ loc_reverseproxy:
- from: wikijs.auro.re
to: "10.128.0.66:3000"
- from: wiki.auro.re
to: "10.128.0.66:3000"
- from: netbox.auro.re
to: 10.128.0.97
- from: grafana.auro.re
to: "10.128.0.98:3000"

View file

@ -0,0 +1 @@
postgresql_databases: true

48
hosts
View file

@ -8,11 +8,10 @@
###############################################################################
# Aurore : main services
viviane.adm.auro.re
[aurore_pve]
escalope.adm.auro.re
services-1.pve.auro.re
services-2.pve.auro.re
services-3.pve.auro.re
merlin.adm.auro.re
[aurore_vm]
routeur-aurore.adm.auro.re
@ -26,7 +25,7 @@ camelot.adm.auro.re
gitea.adm.auro.re
drone.adm.auro.re
nextcloud.adm.auro.re
galene.adm.auro.re
stream.adm.auro.re
re2o-server.adm.auro.re
re2o-ldap.adm.auro.re
re2o-db.adm.auro.re
@ -40,16 +39,9 @@ bdd.adm.auro.re
bdd-ovh.adm.auro.re
litl.adm.auro.re
log.adm.auro.re
netbox.adm.auro.re
grafana.adm.auro.re
dolibarr.adm.auro.re
infra-1.router.auro.re ansible_host=10.129.0.245
infra-2.router.auro.re ansible_host=10.129.0.246
[aurore_testing_vm]
[aurore_ilo]
escalope-ilo.adm.auro.re
pendragon.adm.auro.re
###############################################################################
# OVH
@ -59,11 +51,15 @@ horus.adm.auro.re
[ovh_container]
synapse.adm.auro.re
phabricator.adm.auro.re
wiki.adm.auro.re
www.adm.auro.re
proxy-ovh.adm.auro.re
matrix-services.adm.auro.re
[ovh_vm]
serge.adm.auro.re
passbolt.adm.auro.re
docker-ovh.adm.auro.re
switchs-manager.adm.auro.re
ldap-replica-ovh.adm.auro.re
@ -81,6 +77,7 @@ prometheus-federate.adm.auro.re
perceval.adm.auro.re
[fleming_pve]
freya.adm.auro.re
marki.adm.auro.re
[fleming_vm]
@ -89,23 +86,14 @@ dhcp-fleming.adm.auro.re
dhcp-fleming-backup.adm.auro.re
dns-fleming.adm.auro.re
dns-fleming-backup.adm.auro.re
ntp-1.int.infra.auro.re
prometheus-fleming.adm.auro.re
#prometheus-fleming-fo.adm.auro.re
radius-fleming.adm.auro.re
dns-1.int.infra.auro.re
isp-1.rtr.infra.auro.re
isp-2.rtr.infra.auro.re
dhcp-1.isp.auro.re
dhcp-2.isp.auro.re
radius-fleming-backup.adm.auro.re
unifi-fleming.adm.auro.re
routeur-fleming.adm.auro.re
routeur-fleming-backup.adm.auro.re
[fleming_ilo]
marki-ilo.adm.auro.re
[fleming_unifi]
fa-0-1.borne.auro.re
fa-1-1.borne.auro.re
@ -222,10 +210,6 @@ unifi-pacaterie.adm.auro.re
routeur-pacaterie.adm.auro.re
routeur-pacaterie-backup.adm.auro.re
[pacaterie_ilo]
mordred-ilo.adm.auro.re
titan-ilo.adm.auro.re
[pacaterie_unifi]
pc-1-1.borne.auro.re
pn-0-1.borne.auro.re
@ -281,10 +265,6 @@ radius-edc-backup.adm.auro.re
ldap-replica-edc.adm.auro.re
prometheus-edc.adm.auro.re
[edc_ilo]
caradoc-ilo.adm.auro.re
chapalux-ilo.adm.auro.re
[edc_unifi]
ee-2-1.borne.auro.re
ee-2-2.borne.auro.re
@ -316,10 +296,6 @@ radius-gs-backup.adm.auro.re
prometheus-gs.adm.auro.re
ldap-replica-gs.adm.auro.re
[gs_ilo]
lancelot-ilo.adm.auro.re
odin-ilo.adm.auro.re
[gs_unifi]
ga-0-1.borne.auro.re
ga-1-1.borne.auro.re
@ -374,6 +350,7 @@ gh-1-2.borne.auro.re
###############################################################################
# Les Rives
[rives_pve]
thor.adm.auro.re
loki.adm.auro.re
[rives_vm]
@ -389,9 +366,6 @@ dns-rives.adm.auro.re
radius-rives.adm.auro.re
routeur-rives.adm.auro.re
[rives_ilo]
loki-ilo.adm.auro.re
[rives_unifi]
r1-1-1.borne.auro.re
r1-1-2.borne.auro.re

View file

@ -1,10 +1,7 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all
roles: []
# Clone LDAP on local geographic location
# DON'T DO THIS AS IT RECREATES THE REPLICA
# - hosts: ldap_replica
# roles:
# - ldap_replica
- hosts: ldap_replica
roles:
- ldap_replica

1
playbooks/rsyslog.yml → log.yml Executable file → Normal file
View file

@ -1,4 +1,3 @@
#!/usr/bin/env ansible-playbook
---
- hosts: log.adm.auro.re
roles:

View file

@ -1,18 +1,18 @@
#!/usr/bin/env ansible-playbook
---
# Install Matrix Synapse
# Install Matrix Synapse on corresponding containers
- hosts: synapse.adm.auro.re
vars:
mxisd_releases: https://github.com/kamax-matrix/mxisd/releases
mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb"
update_motd:
matrix-synapse: matrix-synapse est déployé.
matrix-appservice-irc: matrix-appservice-irc est déployé.
matrix-appservice-webhooks: matrix-appservice-webhooks est déployé.
roles:
- debian_backports
- nodejs
- matrix_synapse
- matrix_appservice_irc
- matrix_appservice_webhooks
- update_motd
# Install Matrix services
- hosts: matrix-services.adm.auro.re
roles:
- debian_backports

187
monitoring.yml Executable file
View file

@ -0,0 +1,187 @@
#!/usr/bin/env ansible-playbook
---
- hosts: prometheus-fleming.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
# Prometheus targets.json
prometheus_targets:
- targets: |
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
prometheus_unifi_snmp_targets:
- targets: "{{ groups['fleming_unifi'] | list | sort }}"
roles:
- prometheus
- hosts: prometheus-pacaterie.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
# Prometheus targets.json
prometheus_targets:
- targets: |
{{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
prometheus_unifi_snmp_targets:
- targets: "{{ groups['pacaterie_unifi'] | list | sort }}"
prometheus_ups_snmp_targets:
- ups-pn-1.ups.auro.re
- ups-ps-1.ups.auro.re
roles:
- prometheus
- hosts: prometheus-edc.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
# Prometheus targets.json
prometheus_ups_snmp_targets:
- ups-ec-1.ups.auro.re
- ups-ec-2.ups.auro.re
- ups-ec-3.ups.auro.re
prometheus_targets:
- targets: |
{{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
prometheus_unifi_snmp_targets:
- targets: "{{ groups['edc_unifi'] | list | sort }}"
roles:
- prometheus
- hosts: prometheus-gs.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
# Prometheus targets.json
prometheus_targets:
- targets: |
{{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
prometheus_unifi_snmp_targets:
- targets: "{{ groups['gs_unifi'] | list | sort }}"
prometheus_ups_snmp_targets:
- ups-gk-1.ups.auro.re
prometheus_pdu_snmp_targets:
- pdu-ga-1.ups.auro.re
roles:
- prometheus
- hosts: prometheus-rives.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
# Prometheus targets.json
prometheus_ups_snmp_targets:
- ups-r3-1.ups.auro.re
- ups-r1-1.ups.auro.re
prometheus_targets:
- targets: |
{{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
prometheus_unifi_snmp_targets:
- targets: "{{ groups['rives_unifi'] | list | sort }}"
roles:
- prometheus
- hosts: prometheus-aurore.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
# Prometheus targets.json
prometheus_targets:
- targets: |
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
prometheus_postgres_targets:
- targets: |
{{ groups['bdd'] + groups['radius'] | list | sort }}
prometheus_switch_snmp_targets:
- targets:
- yggdrasil.switch.auro.re
- sw-pn-serveurs.switch.auro.re
- sw-ec-serveurs.switch.auro.re
- sw-gk-serveurs.switch.auro.re
- sw-fl-serveurs.switch.auro.re
- sw-ff-uplink.switch.auro.re
- sw-fl-core.switch.auro.re
- sw-fd-vcore.switch.auro.re
- sw-fl-vcore.switch.auro.re
- sw-ff-vcore.switch.auro.re
- sw-pn-core.switch.auro.re
- sw-ec-core.switch.auro.re
- sw-gk-core.switch.auro.re
- sw-r3-core.switch.auro.re
roles:
- prometheus
- hosts: prometheus-ovh.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
# Prometheus targets.json
prometheus_targets:
- targets: |
{{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
prometheus_postgres_targets:
- targets:
- bdd-ovh.adm.auro.re
prometheus_docker_targets:
- docker-ovh.adm.auro.re
roles:
- prometheus
- hosts: prometheus-federate.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
# Prometheus targets.json
prometheus_targets:
- prometheus-edc.adm.auro.re
- prometheus-gs.adm.auro.re
- prometheus-fleming.adm.auro.re
- prometheus-pacaterie.adm.auro.re
- prometheus-rives.adm.auro.re
- prometheus-aurore.adm.auro.re
- prometheus-ovh.adm.auro.re
roles:
- prometheus_federate
# Postgres Exporters
- hosts: bdd,radius
roles:
- prometheus_postgres
# Monitor all hosts
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
roles:
- prometheus_node

65
network.yml Executable file
View file

@ -0,0 +1,65 @@
#!/usr/bin/env ansible-playbook
---
# Set up DHCP servers.
- hosts: dhcp-*.adm.auro.re
roles:
- isc_dhcp_server
# Deploy unbound DNS server (recursive).
- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
roles:
- unbound
# Déploiement du service re2o aurore-firewall et keepalived
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
# Must NOT be on routeur-aurore-*, or will with DHCPv6!
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
roles:
- router
- radvd
# No radvd here
- hosts: ~routeur-aurore.*\.adm\.auro\.re
roles:
- router
- ipv6_edge_router
# Radius (backup only for now)
- hosts: radius-*.adm.auro.re
roles:
- radius
# WIP: Deploy authoritative DNS servers
# - hosts: authoritative_dns
# vars:
# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
# service_name: dns
# service_version: crans
# service_config:
# hostname: re2o-server.adm.auro.re
# username: service-user
# password: "{{ vault_serviceuser_passwd }}"
# roles:
# - re2o_service
# Deploy Unifi Controller
# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
# roles:
# - unifi-controller
# Deploy Re2o switch service
# - hosts: switchs-manager.adm.auro.re
# vars:
# service_repo: https://gitlab.federez.net/re2o/switchs.git
# service_name: switchs
# service_version: master
# service_config:
# hostname: re2o-server.adm.auro.re
# username: service-user
# password: "{{ vault_serviceuser_passwd }}"
# roles:
# - re2o_service

View file

@ -1,32 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: perceval.adm.auro.re
vars:
update_motd:
borgbackup_server: >-
Les sauvegardes (borg) sont stockées dans
{{ borg_server_backups_dir }}.
roles:
- borgbackup_server
- update_motd
- hosts: all,!unifi,!unifi-*,!bdd
vars:
update_motd:
borgbackup_client: >-
BorgBackup est déployé (/etc/borgmatic/config.yaml)
roles:
- borgbackup_client
- update_motd
# On databases server, also backup databases
- hosts: bdd
vars:
borg_postgresql_databases: true
update_motd:
borgbackup_client: >-
BorgBackup est déployé (/etc/borgmatic/config.yaml)
roles:
- borgbackup_client
- update_motd
...

View file

@ -1,27 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- ntp-1.int.infra.auro.re
vars:
chronyd__allow_networks:
- 10.128.0.0/16
- 2a09:6840:128::/48
chronyd__pools:
- 0.pool.ntp.org
- 1.pool.ntp.org
- 2.pool.ntp.org
- 3.pool.ntp.org
chronyd__local_stratum: 10
roles:
- chronyd
- hosts:
- all
- "!ntp-1.int.infra.auro.re"
- "!unifi"
vars:
chronyd__pools:
- ntp-1.int.infra.auro.re
roles:
- chronyd
...

View file

@ -1,10 +0,0 @@
#!/usr/bin/env ansible-playbook
---
# Deploy Docker hosts
- hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,wikijs.adm.auro.re
vars:
update_motd:
docker: Docker est déployé.
roles:
- docker
- update_motd

View file

@ -1,27 +0,0 @@
#!/usr/bin/env ansible-playbook
---
# Deploy Grafana
- hosts: grafana.adm.auro.re
vars:
grafana:
root_url: https://grafana.auro.re
database:
type: postgres
host: 10.128.0.95
name: grafana
user: grafana
password: "{{ vault_postgresql_grafana_passwd }}"
ldap:
host: "re2o-ldap.adm.auro.re ldap-replica-ovh.adm.auro.re 10.128.0.21 10.128.0.149"
bind_dn: cn=grafana,ou=service-users,dc=auro,dc=re
bind_password: "{{ vault_ldap_grafana_password }}"
search_base_dns: "cn=Utilisateurs,dc=auro,dc=re"
group_search_base_dns: "ou=posix,ou=groups,dc=auro,dc=re"
editors_group_dn:
- cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
- cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
update_motd:
grafana: Grafana est déployé (/etc/grafana).
roles:
- grafana
- update_motd

View file

@ -1,213 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- ntp-1.int.infra.auro.re
- dns-1.int.infra.auro.re
- dhcp-1.isp.auro.re
- dhcp-2.isp.auro.re
- isp-1.rtr.infra.auro.re
- isp-2.rtr.infra.auro.re
vars:
# TODO: netbox
ifupdown2__hosts:
ntp-1.int.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::203/56
- 10.128.0.203/16
dns-1.int.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::127/56
- 10.128.0.127/16
dhcp-1.isp.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::204/56
- 10.128.0.204/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
client-0:
addresses:
- 100.64.0.2/27
vlan_id: 1000
vlan_raw_device: clients
client-1:
addresses:
- 100.64.0.34/27
vlan_id: 1001
vlan_raw_device: clients
client-2:
addresses:
- 100.64.0.66/27
vlan_id: 1002
vlan_raw_device: clients
client-3:
addresses:
- 100.64.0.98/27
vlan_id: 1003
vlan_raw_device: clients
client-4:
addresses:
- 100.64.0.130/27
vlan_id: 1004
vlan_raw_device: clients
dhcp-2.isp.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::91/56
- 10.128.0.91/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
client-0:
addresses:
- 100.64.0.3/27
vlan_id: 1000
vlan_raw_device: clients
client-1:
addresses:
- 100.64.0.35/27
vlan_id: 1001
vlan_raw_device: clients
client-2:
addresses:
- 100.64.0.67/27
vlan_id: 1002
vlan_raw_device: clients
client-3:
addresses:
- 100.64.0.99/27
vlan_id: 1003
vlan_raw_device: clients
client-4:
addresses:
- 100.64.0.131/27
vlan_id: 1004
vlan_raw_device: clients
isp-1.rtr.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::255/56
- 10.128.0.255/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
bridge_disable_pvid: true
forward: true
ipv6_addrgen: false
client-0:
forward: true
vlan_id: 1000
vlan_raw_device: clients
ipv6_addrgen: false
client-1:
forward: true
vlan_id: 1001
vlan_raw_device: clients
ipv6_addrgen: false
client-2:
forward: true
vlan_id: 1002
vlan_raw_device: clients
ipv6_addrgen: false
client-3:
forward: true
vlan_id: 1003
vlan_raw_device: clients
ipv6_addrgen: false
client-4:
forward: true
vlan_id: 1004
vlan_raw_device: clients
ipv6_addrgen: false
isp-2.rtr.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::158/56
- 10.128.0.158/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
client-0:
forward: true
vlan_id: 1000
vlan_raw_device: clients
ipv6_addrgen: false
client-1:
forward: true
vlan_id: 1001
vlan_raw_device: clients
ipv6_addrgen: false
client-2:
forward: true
vlan_id: 1002
vlan_raw_device: clients
ipv6_addrgen: false
client-3:
forward: true
vlan_id: 1003
vlan_raw_device: clients
ipv6_addrgen: false
client-4:
forward: true
vlan_id: 1004
vlan_raw_device: clients
ipv6_addrgen: false
ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
roles:
- ifupdown2
- hosts:
- ntp-1.int.infra.auro.re
- dns-1.int.infra.auro.re
- dhcp-1.isp.auro.re
- dhcp-2.isp.auro.re
- isp-1.rtr.infra.auro.re
- isp-2.rtr.infra.auro.re
vars:
resolvconf__nameservers:
- 2a09:6840:128::127
- 10.128.0.127
resolvconf__domain: auro.re
resolvconf__search:
- "{{ inventory_hostname | remove_domain_suffix }}"
- auro.re
roles:
- resolvconf
...

View file

@ -1,9 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: dhcp-*.adm.auro.re
vars:
update_motd:
unbound: isc-dhcp-server est déployé.
roles:
- isc_dhcp_server
- update_motd

View file

@ -1,32 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- isp-1.rtr.infra.auro.re
- isp-2.rtr.infra.auro.re
vars:
keepalived__virtual_router_id: 80
keepalived__interface: ens18
keepalived__virtual_addresses:
client-0:
- 100.64.0.1/27
- 2a09:6841::/56
- fe80::1/10
client-1:
- 100.64.0.33/27
- 2a09:6841:0:100::/56
- fe80::1/10
client-2:
- 100.64.0.65/27
- 2a09:6841:0:100::/56
- fe80::1/10
client-3:
- 100.64.0.97/27
- 2a09:6841:0:200::/56
- fe80::1/10
client-4:
- 100.64.0.129/27
- 2a09:6841:0:300::/56
- fe80::1/10
roles:
- keepalived
...

View file

@ -1,17 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all
roles: []
# WIP: Deploy authoritative DNS servers
# - hosts: authoritative_dns
# vars:
# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
# service_name: dns
# service_version: crans
# service_config:
# hostname: re2o-server.adm.auro.re
# username: service-user
# password: "{{ vault_serviceuser_passwd }}"
# roles:
# - re2o_service

View file

@ -1,170 +0,0 @@
#!/usr/bin/env ansible-playbook
---
# Install and configure database servers at Saclay
- hosts: bdd.adm.auro.re
vars:
postgresql:
version: 13
hosts:
- database: nextcloud
user: nextcloud
net: 10.128.0.58/32
method: md5
- database: gitea
user: gitea
net: 10.128.0.60/32
method: md5
- database: wikijs
user: wikijs
net: 10.128.0.66/32
method: md5
- database: drone
user: drone
net: 10.128.0.64/32
method: md5
- database: netbox
user: netbox
net: 10.128.0.97/32
method: md5
- database: grafana
user: grafana
net: 10.128.0.98/32
method: md5
- database: dolibarr
user: dolibarr
net: 10.128.0.236/32
method: md5
- database: rt5
user: rt5
net: 10.128.0.123/32
method: md5
databases:
- nextcloud
- gitea
- wikijs
- drone
- netbox
- grafana
- dolibarr
- rt5
users:
- name: nextcloud
database: nextcloud
password: "{{ vault_postgresql_nextcloud_passwd }}"
privs:
- ALL
- name: gitea
database: gitea
password: "{{ vault_postgresql_gitea_passwd }}"
privs:
- ALL
- name: wikijs
database: wikijs
password: "{{ vault_postgresql_wikijs_passwd }}"
privs:
- ALL
- name: drone
database: drone
password: "{{ vault_postgresql_drone_passwd }}"
privs:
- ALL
- name: netbox
database: netbox
password: "{{ vault_postgresql_netbox_passwd }}"
privs:
- ALL
- name: grafana
database: grafana
password: "{{ vault_postgresql_grafana_passwd }}"
privs:
- ALL
- name: dolibarr
database: dolibarr
password: "{{ vault_postgresql_dolibarr_passwd }}"
privs:
- ALL
- name: rt5
database: rt5
password: "{{ vault_postgresql_rt5_passwd }}"
privs:
- ALL
update_motd:
postgresql: PostgreSQL est déployé.
roles:
- postgresql
- update_motd
# Install and configure database servers at OVH
- hosts: bdd-ovh.adm.auro.re
vars:
postgresql:
version: 13
hosts:
- database: etherpad
user: etherpad
net: 10.128.0.150/32
method: md5
- database: codimd
user: codimd
net: 10.128.0.150/32
method: md5
- database: synapse
user: synapse
net: 10.128.0.56/32
method: md5
- database: kanboard
user: kanboard
net: 10.128.0.150/32
method: md5
- database: cas
user: cas
net: 10.128.0.150/32
method: md5
- database: appservice-discord
user: appservice-discord
net: 10.128.0.150/32
method: md5
databases:
- synapse
- codimd
- etherpad
- kanboard
- cas
- appservice-discord
users:
- name: synapse
database: synapse
password: "{{ vault_postgresql_synapse_passwd }}"
privs:
- ALL
- name: codimd
database: codimd
password: "{{ vault_postgresql_codimd_passwd }}"
privs:
- ALL
- name: etherpad
database: etherpad
password: "{{ vault_postgresql_etherpad_passwd }}"
privs:
- ALL
- name: kanboard
database: kanboard
password: "{{ vault_postgresql_kanboard_passwd }}"
privs:
- ALL
- name: cas
database: cas
password: "{{ vault_postgresql_cas_passwd }}"
privs:
- ALL
- name: appservice-discord
database: appservice-discord
password: "{{ vault_postgresql_appservice_discord_passwd }}"
privs:
- ALL
update_motd:
postgresql: PostgreSQL est déployé.
roles:
- postgresql
- update_motd
...

View file

@ -1,241 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: prometheus-fleming.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['fleming_unifi'] | list | sort }}
prometheus_ilo_snmp_targets: |
{{ groups['fleming_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration fleming) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-pacaterie.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['pacaterie_unifi'] | list | sort }}
prometheus_ups_snmp_targets:
- ups-pn-1.ups.auro.re
- ups-ps-1.ups.auro.re
prometheus_ilo_snmp_targets: |
{{ groups['pacaterie_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-edc.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_ups_snmp_targets:
- ups-ec-1.ups.auro.re
# - ups-ec-2.ups.auro.re
- ups-ec-3.ups.auro.re
prometheus_servers_targets: |
{{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['edc_unifi'] | list | sort }}
prometheus_ilo_snmp_targets: |
{{ groups['edc_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration edc) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-gs.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['gs_unifi'] | list | sort }}
prometheus_ups_snmp_targets:
- ups-gk-1.ups.auro.re
prometheus_apc_pdu_snmp_targets:
- pdu-ga-1.ups.auro.re
prometheus_ilo_snmp_targets: |
{{ groups['gs_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration gs) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-rives.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_ups_snmp_targets:
- ups-r3-1.ups.auro.re
- ups-r1-1.ups.auro.re
prometheus_servers_targets: |
{{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['rives_unifi'] | list | sort }}
prometheus_ilo_snmp_targets: |
{{ groups['rives_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration rives) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-aurore.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
prometheus_postgresql_targets: |
{{ groups['bdd'] + groups['radius'] | list | sort }}
prometheus_switch_snmp_targets:
- yggdrasil.switch.auro.re
- sw-pn-serveurs.switch.auro.re
- sw-ec-serveurs.switch.auro.re
- sw-gk-serveurs.switch.auro.re
- sw-fl-serveurs.switch.auro.re
- sw-ff-uplink.switch.auro.re
- sw-fl-core.switch.auro.re
- sw-fd-vcore.switch.auro.re
- sw-fl-vcore.switch.auro.re
- sw-ff-vcore.switch.auro.re
- sw-pn-core.switch.auro.re
- sw-ec-core.switch.auro.re
- sw-gk-core.switch.auro.re
- sw-r3-core.switch.auro.re
prometheus_ilo_snmp_targets: |
{{ groups['aurore_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration aurore) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-ovh.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
prometheus_postgresql_targets:
- bdd-ovh.adm.auro.re
prometheus_docker_targets:
- docker-ovh.adm.auro.re
update_motd:
prometheus: >-
Prometheus (en configuration ovh) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-federate.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets:
- prometheus-edc.adm.auro.re
- prometheus-gs.adm.auro.re
- prometheus-fleming.adm.auro.re
- prometheus-pacaterie.adm.auro.re
- prometheus-rives.adm.auro.re
- prometheus-aurore.adm.auro.re
- prometheus-ovh.adm.auro.re
update_motd:
prometheus_federate: >-
Prometheus (en configuration fédération) est déployé (/etc/prometheus).
roles:
- prometheus_federate
- update_motd
# Postgres Exporters
- hosts: bdd,radius
roles:
- prometheus_postgres
# Monitor all hosts
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
roles:
- prometheus_node

View file

@ -1,10 +0,0 @@
#!/usr/bin/env ansible-playbook
---
# Deploy Radius
- hosts: radius-*.adm.auro.re
vars:
update_motd:
unbound: FreeRADIUS est déployé.
roles:
- radius
- update_motd

View file

@ -1,9 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all,!unifi
vars:
root_shell: /bin/bash
root_password: "{{ vault_root_password }}"
roles:
- root_account
...

View file

@ -1,23 +0,0 @@
#!/usr/bin/env ansible-playbook
---
# Deploy firewall and keepalived
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
# Must NOT be on routeur-aurore-*, or will with DHCPv6!
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
vars:
update_motd:
unbound: Le routage (avec radvd) est déployé.
roles:
- router
- radvd
- update_motd
# No radvd here
- hosts: ~routeur-aurore.*\.adm\.auro\.re
vars:
update_motd:
unbound: Le routage (avec DHCPv6) est déployé.
roles:
- router
- ipv6_edge_router
- update_motd

View file

@ -1,14 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all,!unifi
vars:
openssh_users_ca_public_key:
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\
hBIpT7d7WeR88bs53KkNkZNOzkPJ7CQ5Ui6Wl9LXzAjjIdH+hKJieBMHrKew7+kzxGYaTqXW\
F1fQWsACG6aniy7VZpsdgTaNw7qr9frGfmo950V7IlU6w1HRc5c+3oVBWpg=="
openssh_authorized_principals:
- any
- "{{ inventory_hostname }}"
roles:
- openssh_server
...

View file

@ -1,17 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all
roles: []
# Deploy Re2o switch service
# - hosts: switchs-manager.adm.auro.re
# vars:
# service_repo: https://gitlab.federez.net/re2o/switchs.git
# service_name: switchs
# service_version: master
# service_config:
# hostname: re2o-server.adm.auro.re
# username: service-user
# password: "{{ vault_serviceuser_passwd }}"
# roles:
# - re2o_service

View file

@ -1,10 +0,0 @@
#!/usr/bin/env ansible-playbook
---
# Deploy unbound DNS server (recursive).
- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
vars:
update_motd:
unbound: Unbound est déployé.
roles:
- unbound
- update_motd

View file

@ -1,9 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all
roles: []
# Deploy Unifi Controller
# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
# roles:
# - unifi-controller

432
proxmox.yml Executable file
View file

@ -0,0 +1,432 @@
#!/usr/bin/env ansible-playbook
---
# This is a special playbook to create a new VM !
- hosts: proxy.adm.auro.re # Host with python-proxmoxer and python-requests
become: false # We do not need root as we use Proxmox API
vars:
vm_definitions:
# Réseau Pacaterie
- name: ldap-replica-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
# Réseau Fleming
- name: ldap-replica-fleming1
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
# Réseau EdC
- name: ldap-replica-edc1
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
# Réseau George Sand
- name: ldap-replica-gs1
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-gs
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-gs
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-gs
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-gs
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-gs
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
vars_prompt:
- name: "password"
prompt: "Enter LDAP password for your user"
private: true
tasks:
- name: Define a virtual machine in Proxmox
proxmox_kvm:
api_user: "{{ ansible_user_id }}@pam"
api_password: "{{ password }}"
api_host: "{{ item.virtu }}.adm.auro.re"
name: "{{ item.name }}"
node: "{{ item.virtu }}"
scsihw: virtio-scsi-pci
scsi: '{"scsi0":"{{ item.virtu }}:{{ item.disksize }},format=raw"}'
sata: '{"sata0":"local:iso/{{ item.installiso }},media=cdrom"}'
net: '{"net0":"virtio,bridge=vmbr2"}' # Adm only by default
cores: "{{ item.cores }}"
memory: "{{ item.memory }}"
balloon: "{{ item.memory // 2 }}"
bios: seabios # Ansible module doesn't support UEFI boot disk
loop:
# Réseau Fleming
- name: ldap-replica-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
- name: routeur-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: ldap-replica-fleming-fo
virtu: marki
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-fleming-fo
virtu: marki
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-fleming-fo
virtu: marki
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-fleming-fo
virtu: marki
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-fleming-fo
virtu: marki
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: routeur-fleming-fo
virtu: marki
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
# Réseau Pacaterie
- name: ldap-replica-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
- name: routeur-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: ldap-replica-pacaterie-fo
virtu: titan
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-pacaterie-fo
virtu: titan
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-pacaterie-fo
virtu: titan
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-pacaterie-fo
virtu: titan
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-pacaterie-fo
virtu: titan
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: routeur-pacaterie-fo
virtu: titan
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
# Réseau EDC
- name: ldap-replica-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
- name: routeur-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
# Réseau George Sand
- name: ldap-replica-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
- name: routeur-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso

View file

@ -29,6 +29,10 @@
retries: 3
until: apt_result is succeeded
- name: Configure MOTD
include_role:
name: update_motd
# Configure APT mirrors on Debian Stretch
- name: Configure APT mirrors
when:

View file

@ -107,4 +107,11 @@
name: borgmatic.timer
state: started
enabled: true
- name: Configure MOTD
include_role:
name: update_motd
vars:
key: 10-borgmatic
message: Borgmatic (client) est installé dans /etc/borgmatic/config.yaml.
...

View file

@ -4,13 +4,8 @@
Description=Timer for borgmatic backup
[Timer]
{% if borg_keep_hourly > 0 %}
OnCalendar=hourly
RandomizedDelaySec=60m
{% else %}
OnCalendar=daily
RandomizedDelaySec=24h
{% endif %}
FixedRandomDelay=true
[Install]

View file

@ -42,7 +42,7 @@ consistency:
- repository
- archives
{% if borg_postgresql_databases is defined %}
{% if postgresql_databases is defined %}
hooks:
postgresql_databases:
- name: all

View file

@ -35,4 +35,14 @@
owner: "{{ borg_server_user }}"
group: "{{ borg_server_group }}"
mode: u=rwx,g=,o=
- name: Configure MOTD
include_role:
name: update_motd
vars:
motd_messages:
- key: 10-borg-server
message: >-
Les sauvegardes (borg) sont stockées dans
{{ borg_server_backups_dir }}.
...

View file

@ -1,11 +0,0 @@
---
chronyd__pools: []
chronyd__key_file: /etc/chrony/chrony.keys
chronyd__drift_file: /var/lib/chrony/chrony.drift
chronyd__nts_dump_dir: /var/lib/chrony
chronyd__log_dir: /var/log/chrony
chronyd__max_update_skew: 100.0
chronyd__rtcsync: true
chronyd__allow_networks: []
chronyd__log_change_seconds: 0.5
...

View file

@ -1,6 +0,0 @@
---
- name: Restart chronyd
systemd:
name: chrony.service
state: restarted
...

View file

@ -1,32 +0,0 @@
---
- name: Uninstall ntp and sntp
apt:
name:
- sntp
- ntp
- systemd-timesyncd
state: absent
- name: Install chronyd
apt:
name: chrony
- name: Configure chronyd
template:
src: "{{ item }}.j2"
dest: "/etc/chrony/{{ item }}"
owner: root
group: root
mode: u=rw,g=r,o=
loop:
- chrony.conf
- chrony.keys
notify:
- Restart chronyd
- name: Enable and start chronyd
systemd:
name: chrony.service
enabled: true
state: started
...

View file

@ -1,30 +0,0 @@
{{ ansible_managed | comment }}
{% for pool in chronyd__pools %}
pool {{ pool }} iburst
{% endfor %}
keyfile {{ chronyd__key_file }}
driftfile {{ chronyd__drift_file }}
ntsdumpdir {{ chronyd__nts_dump_dir }}
logdir {{ chronyd__log_dir }}
log tracking measurements statistics
maxupdateskew {{ chronyd__max_update_skew | float }}
{% if chronyd__rtcsync %}
rtcsync
{% endif %}
{% if chronyd__local_stratum is defined %}
local stratum {{ chronyd__local_stratum | int }}
{% endif %}
logchange {{ chronyd__log_change_seconds | float }}
leapsectz right/UTC
{% for network in chronyd__allow_networks %}
allow {{ network | ipaddr }}
{% endfor %}

View file

@ -1 +0,0 @@
{{ ansible_managed | comment }}

View file

@ -50,4 +50,13 @@
url: https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64
dest: /usr/local/bin/docker-compose
mode: "0755"
- name: Configure MOTD
include_role:
name: update_motd
vars:
motd_messages:
- key: 10-docker
message: >-
Docker est installé sur ce serveur.
...

View file

@ -0,0 +1,30 @@
---
# For DokuWiki package
- name: Configure Debian Buster mirrors
when:
- ansible_distribution == 'Debian'
- ansible_distribution_release == 'stretch'
template:
src: apt/buster.list.j2
dest: /etc/apt/sources.list.d/buster.list
mode: 0644
# For DokuWiki package
- name: Configure DokuWiki pin
when:
- ansible_distribution == 'Debian'
- ansible_distribution_release == 'stretch'
template:
src: apt/dokuwiki.j2
dest: /etc/apt/preferences.d/dokuwiki
mode: 0644
# Install
- name: Install DokuWiki
apt:
update_cache: true
name: dokuwiki
state: present
register: apt_result
retries: 3
until: apt_result is succeeded

View file

@ -0,0 +1,9 @@
# {{ ansible_managed }}
{# #}
{# Default mirror #}
{% if debian_mirror is not defined %}
{% set debian_mirror = 'http://ftp.fr.debian.org/debian' %}
{% endif %}
deb {{ debian_mirror }} buster main
deb-src {{ debian_mirror }} buster main

View file

@ -0,0 +1,9 @@
# {{ ansible_managed }}
Package: *
Pin: release n=stretch*
Pin-Priority: 990
Package: dokuwiki
Pin: release n=buster
Pin-Priority: 990

View file

@ -1,5 +0,0 @@
---
- name: Restart grafana
service:
name: grafana-server
state: restarted

View file

@ -1,111 +0,0 @@
---
- name: Install gpg (to import Grafana key)
apt:
name: gpg
state: present
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Import Grafana GPG signing key
apt_key:
url: https://packages.grafana.com/gpg.key
state: present
register: apt_key_result
retries: 3
until: apt_key_result is succeeded
- name: Add Grafana repository
apt_repository:
repo: deb https://packages.grafana.com/oss/deb stable main
state: present
update_cache: true
- name: Install Grafana
apt:
name: grafana
state: present
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Configure Grafana
ini_file:
path: /etc/grafana/grafana.ini
section: "{{ item.section }}"
option: "{{ item.option }}"
value: "{{ item.value }}"
mode: 0640
loop:
- section: server
option: root_url
value: "{{ grafana.root_url }}"
- section: analytics
option: reporting_enabled
value: "false"
- section: analytics
option: check_for_updates
value: "false"
- section: security
option: disable_initial_admin_creation
value: "true"
- section: security
option: cookie_secure
value: "true"
- section: security
option: disable_gravatar
value: "true"
- section: snapshots
option: external_enabled
value: "false"
- section: users
option: allow_sign_up
value: "false"
- section: users
option: allow_org_create
value: "false"
- section: auth.anonymous
option: enabled
value: "false" # no public access
- section: auth.anonymous
option: hide_version
value: "true"
- section: auth.basic # only LDAP auth
option: enabled
value: "false"
- section: auth.ldap
option: enabled
value: "true"
- section: alerting
option: enabled
value: "false"
- section: database
option: type
value: "{{ grafana.database.type }}"
- section: database
option: host
value: "{{ grafana.database.host }}"
- section: database
option: name
value: "{{ grafana.database.name }}"
- section: database
option: user
value: "{{ grafana.database.user }}"
- section: database
option: password
value: "{{ grafana.database.password }}"
notify: Restart grafana
- name: Configure Grafana LDAP
template:
src: ldap.toml.j2
dest: /etc/grafana/ldap.toml
mode: 0640
notify: Restart grafana
- name: Enable and start Grafana
systemd:
name: grafana-server
enabled: true
state: started
daemon_reload: true

View file

@ -1,61 +0,0 @@
{{ ansible_managed | comment }}
# To troubleshoot and get more log info enable ldap debug logging in grafana.ini
# [log]
# filters = ldap:debug
[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = "{{ grafana.ldap.host }}"
# Default port is 389 or 636 if use_ssl = true
port = 389
# Set to true if ldap server supports TLS
use_ssl = false
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
start_tls = false
# set to true if you want to skip ssl cert validation
ssl_skip_verify = false
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = "/path/to/certificate.crt"
# Authentication against LDAP servers requiring client certificates
# client_cert = "/path/to/client.crt"
# client_key = "/path/to/client.key"
# Search user bind dn
bind_dn = "{{ grafana.ldap.bind_dn }}"
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
bind_password = '{{ grafana.ldap.bind_password }}'
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
search_filter = "(cn=%s)"
# An array of base dns to search through
search_base_dns = ["{{ grafana.ldap.search_base_dns }}"]
## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
## Please check grafana LDAP docs for examples
group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
group_search_base_dns = ["{{ grafana.ldap.group_search_base_dns }}"]
group_search_filter_user_attribute = "cn"
# Specify names of the ldap attributes your ldap uses
[servers.attributes]
name = "sn"
surname = ""
username = "cn"
member_of = "dn"
email = "mail"
# Editors
{% for group_dn in grafana.ldap.editors_group_dn %}
[[servers.group_mappings]]
group_dn = "{{ group_dn }}"
org_role = "Editor"
{% endfor %}
# Viewers
[[servers.group_mappings]]
# If you want to match all (or no ldap groups) then you can use wildcard
group_dn = "*"
org_role = "Viewer"

View file

@ -1,3 +0,0 @@
---
ifupdown2__interfaces: {}
...

View file

@ -1,9 +0,0 @@
---
- name: Restart networking
systemd:
name: networking.service
state: restarted
- name: Bring all interfaces up
shell: /usr/sbin/ifup -a
...

View file

@ -1,42 +0,0 @@
---
- name: Gather package facts
package_facts:
manager: apt
- name: Check if ifupdown2 is installed
set_fact:
must_mask: "{{ 'ifupdown2' not in ansible_facts.packages }}"
- name: Mask networking before installing ifupdown2
systemd:
name: networking.service
masked: true
when: must_mask
- name: Install ifupdown2
apt:
name: ifupdown2
- name: Unmask networking now that ifupdown2 is installed
systemd:
name: networking.service
masked: false
when: must_mask
- name: Configure ifupdown2
template:
src: interfaces.j2
dest: /etc/network/interfaces
owner: root
group: root
mode: u=rw,g=r,o=
notify:
- Restart networking
- Bring all interfaces up
- name: Enable and start networking
systemd:
name: networking.service
state: started
enabled: true
...

View file

@ -1,41 +0,0 @@
{{ ansible_managed | comment }}
{% for name, iface in ifupdown2__interfaces.items() %}
auto {{ name }}
iface {{ name }}
{% for address in iface.addresses | default([]) %}
address {{ address | ipaddr }}
{% endfor %}
{% for gateway in iface.gateways | default([]) %}
gateway {{ gateway | ipaddr }}
{% endfor %}
{% if iface.bridge_ports is defined %}
bridge-ports {{ iface.bridge_ports | join(" ") }}
{% endif %}
{% if iface.bridge_vlan_aware is defined %}
bridge-vlan-aware {{ iface.bridge_vlan_aware
| ternary("yes", "no") }}
{% endif %}
{% if iface.bridge_vids is defined %}
bridge-vids {{ iface.bridge_vids | join(",") }}
{% endif %}
{% if iface.vlan_id is defined %}
vlan-id {{ iface.vlan_id | int }}
{% endif %}
{% if iface.vlan_raw_device is defined %}
vlan-raw-device {{ iface.vlan_raw_device }}
{% endif %}
{% if iface.bridge_disable_pvid | default(false) %}
bridge-pvid 0
post-up bridge vlan del dev {{ name }} vid 1 self
{% endif %}
{% if iface.forward | default(false) %}
ip-forward yes
ip6-forward yes
{% endif %}
{% if iface.ipv6_addrgen is defined %}
ipv6-addrgen {{ iface.ipv6_addrgen
| ternary("yes", "no") }}
{% endif %}
{% endfor %}

View file

@ -1,7 +0,0 @@
---
keepalived__virtual_addresses: {}
keepalived__notify_master: []
keepalived__notify_backup: []
keepalived__notify_fault: []
keepalived__max_auto_priority: -1
...

View file

@ -1,6 +0,0 @@
---
- name: Reload keepalived
systemd:
name: keepalived.service
state: reloaded
...

View file

@ -1,28 +0,0 @@
---
- name: Install keepalived
apt:
name: keepalived
- name: Configure keepalived
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
loop:
- src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
mode: u=rw,g=,o=
- src: notify.sh.j2
dest: /etc/keepalived/notify.sh
mode: u=rwx,g=,o=
notify:
- Reload keepalived
- name: Enable and start keepalived
systemd:
name: keepalived
enabled: true
state: started
...

View file

@ -1,92 +0,0 @@
{{ ansible_managed | comment }}
global_defs {
dynamic_interfaces
script_user root
enable_script_security
vrrp_version 3
{% if keepalived__max_auto_priority is defined %}
max_auto_priority {{ keepalived__max_auto_priority | int }}
{% endif %}
}
{%
set ipv4_enabled =
keepalived__ipv4_enabled
| default(keepalived__virtual_addresses.values()
| flatten | ansible.utils.ipv4)
%}
{%
set ipv6_enabled =
keepalived__ipv6_enabled
| default(keepalived__virtual_addresses.values()
| flatten | ansible.utils.ipv6)
%}
{% if ipv4_enabled and ipv6_enabled %}
vrrp_sync_group group {
group {
{% if ipv4_enabled %}
instance_v4
{% endif %}
{% if ipv6_enabled %}
instance_v6
{% endif %}
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
{% endif %}
{% if ipv4_enabled %}
vrrp_instance instance_v4 {
virtual_router_id {{ keepalived__virtual_router_id | int }}
interface {{ keepalived__interface }}
state BACKUP
priority 250
nopreempt
advert_int 1
accept
virtual_ipaddress {
{% for dev, addresses in keepalived__virtual_addresses.items() %}
{% for address in addresses %}
{% if address | ansible.utils.ipv4 %}
{{ address }} dev {{ dev }}
{% endif %}
{% endfor %}
{% endfor %}
}
{% if not (ipv4_enabled and ipv6_enabled) %}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
{% endif %}
}
{% endif %}
{% if ipv6_enabled %}
vrrp_instance instance_v6 {
virtual_router_id {{ keepalived__virtual_router_id | int }}
interface {{ keepalived__interface }}
state BACKUP
priority 250
nopreempt
advert_int 1
accept
virtual_ipaddress {
{% for dev, addresses in keepalived__virtual_addresses.items() %}
{% for address in addresses | ipaddr_sort(["link-local"]) %}
{% if address | ansible.utils.ipv6 %}
{{ address }} dev {{ dev }}
{% endif %}
{% endfor %}
{% endfor %}
}
{% if not (ipv4_enabled and ipv6_enabled) %}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
{% endif %}
}
{% endif %}

View file

@ -1,33 +0,0 @@
#!/bin/bash
master=(
{% for notify in keepalived__notify_master %}
{{ notify | quote }}
{% endfor %}
)
backup=(
{% for notify in keepalived__notify_backup %}
{{ notify | quote }}
{% endfor %}
)
fault=(
{% for notify in keepalived__notify_fault %}
{{ notify | quote }}
{% endfor %}
)
case "$1" in
master | backup | fault)
scripts="$1[@]"
;;
*)
echo "Usage: $0 (master|backup|fault)" >&2
exit 1
esac
for script in "${!scripts}"
do
eval "${script}"
done

View file

@ -60,4 +60,3 @@ tls_cacertfile /etc/ssl/certs/ca-certificates.crt
# The search scope.
#scope sub

View file

@ -1,24 +1,7 @@
# see "man logrotate" for details
{{ ansible_managed | comment }}
# global options do not affect preceding include directives
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
#dateext
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d
# system-specific logs may also be configured here.

View file

@ -148,6 +148,15 @@
group: www-data
mode: 0644
- name: Configure MOTD
include_role:
name: update_motd
vars:
motd_messages:
- key: 10-nginx
message: >-
NGinx est installé sur ce serveur. Voir /etc/nginx.
- name: Clean old files
file:
path: "{{ item }}"

View file

@ -1,4 +0,0 @@
---
openssh_authorized_principals:
- any
...

View file

@ -1,6 +0,0 @@
---
- name: Restart sshd
systemd:
name: ssh.service
state: restarted
...

View file

@ -1,39 +0,0 @@
---
- name: Install OpenSSH server
apt:
name: openssh-server
- name: Enable OpenSSH Server
systemd:
name: ssh.service
enabled: true
state: started
- name: Install sshd configuration file
template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: u=r,g=,o=
validate: "/usr/sbin/sshd -tf %s"
notify: Restart sshd
- name: Install Users CA public key
copy:
content: "{{ openssh_users_ca_public_key }}"
dest: /etc/ssh/users_ca.pub
owner: root
group: root
mode: u=r,g=,o=
notify: Restart sshd
- name: Install authorized principals file
copy:
content: "{{ openssh_authorized_principals | join('\n') }}"
dest: /etc/ssh/authorized_principals
owner: root
group: root
mode: u=r,g=,o=
notify: Restart sshd
...

View file

@ -1,45 +0,0 @@
{{ ansible_managed | comment }}
SyslogFacility AUTH
LogLevel VERBOSE
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::
Port 22
MaxStartups 10:30:100
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
# https://infosec.mozilla.org/guidelines/openssh.html
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
AuthenticationMethods publickey
TrustedUserCAKeys /etc/ssh/users_ca.pub
AuthorizedPrincipalsFile /etc/ssh/authorized_principals
StrictModes yes
UsePAM no
PermitRootLogin yes
PermitUserRC no
PermitUserEnvironment no
AllowAgentForwarding no
AllowTcpForwarding yes
X11Forwarding no
PermitTTY yes
PermitTunnel no
VersionAddendum none
PrintLastLog yes
PrintMotd yes
TCPKeepAlive yes
UseDNS no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO

View file

@ -0,0 +1,10 @@
---
# URL to clone
passbolt_repo: https://github.com/passbolt/passbolt_api.git
passbolt_version: v2.10.0
# Install target
passbolt_path: /var/www/passbolt
# User used to run passbolt
passbolt_user: www-data

View file

@ -0,0 +1,39 @@
---
# See https://help.passbolt.com/hosting/install/ce/from-source.html
- name: Clone passbolt project
git:
repo: "{{ passbolt_repo }}"
dest: "{{ passbolt_path }}"
version: "{{ passbolt_version }}"
become: true
become_user: "{{ passbolt_user }}"
- name: Install passbolt dependencies
apt:
name:
- composer
- php-fpm
- php-intl
- php-gnupg
- php-gd
- php-mysql
- nginx
- mariadb-server
state: present
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
# Setup dependencies
- name: Install passbolt PHP dependencies
composer:
command: install
working_dir: "{{ passbolt_path }}"
no_dev: true
become: true
become_user: "{{ passbolt_user }}"
register: composer_result
retries: 3
until: composer_result is succeeded

View file

@ -0,0 +1,5 @@
---
postgresql_hosts: []
postgresql_databases: []
postgresql_users: []
...

View file

@ -55,7 +55,7 @@
lc_collate: en_US.UTF-8
lc_ctype: en_US.UTF-8
template: template0
loop: "{{ postgresql.databases | default([]) }}"
loop: "{{ postgresql_databases }}"
- name: Create users
become: true
@ -65,7 +65,7 @@
name: "{{ item.name }}"
password: "{{ item.password }}"
no_log: true
loop: "{{ postgresql.users | default([]) }}"
loop: "{{ postgresql_users }}"
- name: Grant privileges to users
become: true
@ -77,5 +77,5 @@
privs: "{{ item.privs | join(',') }}"
obj: "{{ item.database }}"
no_log: true
loop: "{{ postgresql.users | default([]) }}"
loop: "{{ postgresql_users }}"
...

View file

@ -2,6 +2,6 @@
# TYPE DATABASE USER ADDRESS METHOD
local all postgres peer map=map_local
{% for host in postgresql.hosts | default([]) %}
{% for host in postgresql_hosts %}
host "{{ host.database }}" "{{ host.user }}" {{ host.net }} {{ host.method }}
{% endfor %}

View file

@ -38,10 +38,10 @@
loop:
- server.rules.yml
- docker.rules.yml
- django.rules.yml
- ups.rules.yml
- postgres.rules.yml
- environmental.rules.yml
- ilo.rules.yml
notify: Restart Prometheus
- name: Make Prometheus snmp-exporter listen on localhost only
@ -63,9 +63,68 @@
- snmp.yml
notify: Restart prometheus-snmp-exporter
# We don't need to restart Prometheus when updating nodes
- name: Configure Prometheus nodes
copy:
content: "{{ prometheus_targets | to_nice_json }}"
dest: /etc/prometheus/targets.json
mode: 0644
# We don't need to restart Prometheus when updating nodes
- name: Configure Prometheus Ubiquity Unifi SNMP devices
copy:
content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}"
dest: /etc/prometheus/targets_unifi_snmp.json
mode: 0644
when: prometheus_unifi_snmp_targets is defined
- name: Configure Prometheus Switchs
copy:
content: "{{ prometheus_switch_snmp_targets | to_nice_json }}"
dest: /etc/prometheus/targets_switch_snmp.json
mode: 0644
when: prometheus_switch_snmp_targets is defined
- name: Configure Prometheus UPS SNMP devices
copy:
content: "{{ [{'targets': prometheus_ups_snmp_targets }] | to_nice_json }}\n"
dest: /etc/prometheus/targets_ups_snmp.json
mode: 0644
when: prometheus_ups_snmp_targets is defined
- name: Configure Prometheus docker monitoring
copy:
content: "{{ [{'targets': prometheus_docker_targets }] | to_nice_json }}\n"
dest: /etc/prometheus/targets_docker.json
mode: 0644
when: prometheus_docker_targets is defined
- name: Configure Prometheus postgres monitoring
copy:
content: "{{ prometheus_postgres_targets | to_nice_json }}\n"
dest: /etc/prometheus/targets_postgres.json
mode: 0644
when: prometheus_postgres_targets is defined
- name: Configure Prometheus apc_pdu monitoring
copy:
content: "{{ [{'targets': prometheus_pdu_snmp_targets }] | to_nice_json }}\n"
dest: /etc/prometheus/targets_apc_pdu_snmp.json
mode: 0644
when: prometheus_pdu_snmp_targets is defined
- name: Activate prometheus service
systemd:
name: prometheus
enabled: true
state: started
- name: Configure MOTD
include_role:
name: update_motd
vars:
motd_messages:
- key: 05-prometheus
message: >-
Prometheus est déployé sur cette machine (voir /etc/prometheus)
...

View file

@ -0,0 +1,106 @@
# {{ ansible_managed }}
{# As this is also Jinja2 it will conflict without a raw block #}
{% raw %}
groups:
- name: django.rules
rules:
- record: job:django_http_requests_before_middlewares_total:sum_rate30s
expr: sum(rate(django_http_requests_before_middlewares_total[30s])) BY (job)
- record: job:django_http_requests_unknown_latency_total:sum_rate30s
expr: sum(rate(django_http_requests_unknown_latency_total[30s])) BY (job)
- record: job:django_http_ajax_requests_total:sum_rate30s
expr: sum(rate(django_http_ajax_requests_total[30s])) BY (job)
- record: job:django_http_responses_before_middlewares_total:sum_rate30s
expr: sum(rate(django_http_responses_before_middlewares_total[30s])) BY (job)
- record: job:django_http_requests_unknown_latency_including_middlewares_total:sum_rate30s
expr: sum(rate(django_http_requests_unknown_latency_including_middlewares_total[30s]))
BY (job)
- record: job:django_http_requests_body_total_bytes:sum_rate30s
expr: sum(rate(django_http_requests_body_total_bytes[30s])) BY (job)
- record: job:django_http_responses_streaming_total:sum_rate30s
expr: sum(rate(django_http_responses_streaming_total[30s])) BY (job)
- record: job:django_http_responses_body_total_bytes:sum_rate30s
expr: sum(rate(django_http_responses_body_total_bytes[30s])) BY (job)
- record: job:django_http_requests_total:sum_rate30s
expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job)
- record: job:django_http_requests_total_by_method:sum_rate30s
expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job, method)
- record: job:django_http_requests_total_by_transport:sum_rate30s
expr: sum(rate(django_http_requests_total_by_transport[30s])) BY (job, transport)
- record: job:django_http_requests_total_by_view:sum_rate30s
expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job,
view)
- record: job:django_http_requests_total_by_view_transport_method:sum_rate30s
expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job,
view, transport, method)
- record: job:django_http_responses_total_by_templatename:sum_rate30s
expr: sum(rate(django_http_responses_total_by_templatename[30s])) BY (job, templatename)
- record: job:django_http_responses_total_by_status:sum_rate30s
expr: sum(rate(django_http_responses_total_by_status[30s])) BY (job, status)
- record: job:django_http_responses_total_by_charset:sum_rate30s
expr: sum(rate(django_http_responses_total_by_charset[30s])) BY (job, charset)
- record: job:django_http_exceptions_total_by_type:sum_rate30s
expr: sum(rate(django_http_exceptions_total_by_type[30s])) BY (job, type)
- record: job:django_http_exceptions_total_by_view:sum_rate30s
expr: sum(rate(django_http_exceptions_total_by_view[30s])) BY (job, view)
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "50"
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "95"
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "99"
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "99.9"
- record: job:django_http_requests_latency_seconds:quantile_rate30s
expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "50"
- record: job:django_http_requests_latency_seconds:quantile_rate30s
expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "95"
- record: job:django_http_requests_latency_seconds:quantile_rate30s
expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "99"
- record: job:django_http_requests_latency_seconds:quantile_rate30s
expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "99.9"
- record: job:django_model_inserts_total:sum_rate1m
expr: sum(rate(django_model_inserts_total[1m])) BY (job, model)
- record: job:django_model_updates_total:sum_rate1m
expr: sum(rate(django_model_updates_total[1m])) BY (job, model)
- record: job:django_model_deletes_total:sum_rate1m
expr: sum(rate(django_model_deletes_total[1m])) BY (job, model)
- record: job:django_db_new_connections_total:sum_rate30s
expr: sum(rate(django_db_new_connections_total[30s])) BY (alias, vendor)
- record: job:django_db_new_connection_errors_total:sum_rate30s
expr: sum(rate(django_db_new_connection_errors_total[30s])) BY (alias, vendor)
- record: job:django_db_execute_total:sum_rate30s
expr: sum(rate(django_db_execute_total[30s])) BY (alias, vendor)
- record: job:django_db_execute_many_total:sum_rate30s
expr: sum(rate(django_db_execute_many_total[30s])) BY (alias, vendor)
- record: job:django_db_errors_total:sum_rate30s
expr: sum(rate(django_db_errors_total[30s])) BY (alias, vendor, type)
- record: job:django_migrations_applied_total:max
expr: max(django_migrations_applied_total) BY (job, connection)
- record: job:django_migrations_unapplied_total:max
expr: max(django_migrations_unapplied_total) BY (job, connection)
{% endraw %}

View file

@ -1,83 +0,0 @@
---
{{ ansible_managed | comment }}
{% macro raw(string) -%}
{{ "{{" }} {{ string }} {{ "}}" }}
{%- endmacro %}
groups:
- name: ilo.rules
rules:
- alert: IloResilientMemoryDegraded
expr: cpqHeResilientMemCondition{cpqHeResilientMemCondition!~"ok|other"} == 1
for: 3m
labels:
severity: warning
annotations:
summary: >-
La mémoire vive n'est plus résiliente
({{ raw('$labels.cpqHeResilientMemCondition') }})
- alert: IloBiosSelfTestDegraded
expr: cpqHeHWBiosCondition{cpqHeHWBiosCondition!~"ok|other"} == 1
for: 3m
labels:
severity: critical
annotations:
summary: >-
Une erreur a été détectée lors du POST du serveur
({{ raw('$labels.cpqHeHWBiosCondition') }})
- alert: IloBatteryDegraded
expr: cpqHeSysBatteryCondition{cpqHeSysBatteryCondition!~"ok|other"} == 1
for: 3m
labels:
severity: warning
annotations:
summary: >-
La batterie est dégradée
({{ raw('$labels.cpqHeSysBatteryCondition') }})
- alert: IloTemperatureSensorDegraded
expr: cpqHeTemperatureCondition{cpqHeTemperatureCondition!~"ok|other"} == 1
for: 3m
labels:
severity: critical
annotations:
summary: >-
Le capteur de température est dégradé
({{ raw('$labels.cpqHeTemperatureCondition') }})
- alert: IloFanDegraded
expr: cpqHeFltTolFanCondition{cpqHeFltTolFanCondition!~"ok|other"} == 1
for: 3m
labels:
severity: critical
annotations:
summary: >-
Le ventilateur est dégradé
({{ raw('$labels.cpqHeFltTolFanCondition') }})
- alert: IloPowerSupplyDegraded
expr: cpqHeFltTolPowerSupplyStatus{cpqHeFltTolPowerSupplyStatus!="noError"} == 1
for: 3m
labels:
severity: critical
annotations:
summary: >-
L'alimentation est dégradée
({{ raw('$labels.cpqHeFltTolPowerSupplyStatus') }})
- alert: IloOverrideSwitchState
expr: cpqSm2CntlriLOSecurityOverrideSwitchState{cpqSm2CntlriLOSecurityOverrideSwitchState="set"} == 1
for: 3m
labels:
severity: critical
annotations:
summary: >-
Le switch de réinitialisation n'est pas à l'état d'origine,
l'authentification est bypassée
...

View file

@ -112,7 +112,7 @@ groups:
rate(pg_stat_database_xact_rollback{datname!~"template.*"}[3m]) /
rate(pg_stat_database_xact_commit{datname!~"template.*"}[3m])
) * 100
> 20
> 7
for: 0m
labels:
severity: warning

View file

@ -25,15 +25,17 @@ rule_files:
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
# The .json in file_sd_configs is dynamically reloaded
- job_name: prometheus
static_configs:
- targets:
- localhost:9090
{% if prometheus_servers_targets is defined %}
- job_name: servers
static_configs:
- targets: {{ prometheus_servers_targets | to_json }}
file_sd_configs:
- files:
- '/etc/prometheus/targets.json'
relabel_configs:
# Do not put :9100 in instance name, rather here
- source_labels: [__address__]
@ -43,12 +45,11 @@ scrape_configs:
- source_labels: [__param_target]
target_label: __address__
replacement: '$1:9100'
{% endif %}
{% if prometheus_unifi_snmp_targets is defined %}
- job_name: unifi_snmp
static_configs:
- targets: {{ prometheus_unifi_snmp_targets | to_json }}
file_sd_configs:
- files:
- '/etc/prometheus/targets_unifi_snmp.json'
metrics_path: /snmp
params:
module: [ubiquiti_unifi]
@ -59,12 +60,16 @@ scrape_configs:
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9116
{% endif %}
{% if prometheus_ups_snmp_targets is defined %}
- job_name: ups_snmp
- job_name: django
scheme: https
static_configs:
- targets: {{ prometheus_ups_snmp_targets | to_json }}
- targets: []
- job_name: ups_snmp
file_sd_configs:
- files:
- '/etc/prometheus/targets_ups_snmp.json'
metrics_path: /snmp
params:
module: [eatonups]
@ -75,12 +80,11 @@ scrape_configs:
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9116
{% endif %}
{% if prometheus_switch_snmp_targets is defined %}
- job_name: switch_snmp
static_configs:
- targets: {{ prometheus_switch_snmp_targets | to_json }}
file_sd_configs:
- files:
- "/etc/prometheus/targets_switch_snmp.json"
metrics_path: /snmp
params:
module: [procurve_switch]
@ -91,12 +95,11 @@ scrape_configs:
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9116
{% endif %}
{% if prometheus_docker_targets is defined %}
- job_name: docker
static_configs:
- targets: {{ prometheus_docker_targets | to_json }}
file_sd_configs:
- files:
- '/etc/prometheus/targets_docker.json'
relabel_configs:
# Do not put :8087 in instance name, rather here
- source_labels: [__address__]
@ -106,12 +109,11 @@ scrape_configs:
- source_labels: [__param_target]
target_label: __address__
replacement: '$1:8087'
{% endif %}
{% if prometheus_postgresql_targets is defined %}
- job_name: postgresql
static_configs:
- targets: {{ prometheus_postgresql_targets | to_json }}
file_sd_configs:
- files:
- '/etc/prometheus/targets_postgres.json'
relabel_configs:
# Do not put :9187 in instance name, rather here
- source_labels: [__address__]
@ -121,12 +123,11 @@ scrape_configs:
- source_labels: [__param_target]
target_label: __address__
replacement: '$1:9187'
{% endif %}
{% if prometheus_apc_pdu_snmp_targets is defined %}
- job_name: apc_pdu_snmp
static_configs:
- targets: {{ prometheus_apc_pdu_snmp_targets | to_json }}
file_sd_configs:
- files:
- '/etc/prometheus/targets_apc_pdu_snmp.json'
metrics_path: /snmp
params:
module:
@ -138,23 +139,5 @@ scrape_configs:
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9116
{% endif %}
{% if prometheus_ilo_snmp_targets is defined %}
- job_name: ilo_snmp
static_configs:
- targets: {{ prometheus_ilo_snmp_targets | to_json }}
metrics_path: /snmp
params:
module:
- ilo
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9116
{% endif %}
...

View file

@ -10,20 +10,23 @@ groups:
- name: server.rules
rules:
- alert: MachineDown
- alert: InstanceDown
expr: up{instance!~".*.borne.auro.re$"} == 0
for: 3m
labels:
severity: critical
annotations:
summary: >-
Le collecteur {{ raw('$labels.job') }} ne marche plus
Invisible depuis plus de 3 minutes
- alert: AccessPointDown
expr: up{instance=~".*.borne.auro.re$"} == 0
for: 3m
labels:
severity: warning
annotations:
summary: >-
Invisible depuis plus de 3 minutes
- alert: OutOfMemory
expr: >-
@ -47,7 +50,7 @@ groups:
node_memory_SwapFree_bytes
/ node_memory_SwapTotal_bytes
)
) * 100 >= 50
) * 100 >= 20
for: 3m
labels:
severity: warning

View file

@ -482,227 +482,4 @@ apc_pdu:
priv_protocol: AES
priv_password: {{ snmp_pdu_password }}
ilo:
walk:
- 1.3.6.1.4.1.232.6.2.14.4 # Resilient memory
- 1.3.6.1.4.1.232.6.2.15.3 # Power meter
- 1.3.6.1.4.1.232.6.2.16.1 # POST tests
- 1.3.6.1.4.1.232.6.2.17.1 # Battery
- 1.3.6.1.4.1.232.6.2.6.8.1.3 # Temperature sensors location
- 1.3.6.1.4.1.232.6.2.6.8.1.4 # Temperature sensors value
- 1.3.6.1.4.1.232.6.2.6.8.1.5 # Temperature sensors limit
- 1.3.6.1.4.1.232.6.2.6.8.1.6 # Temperature sensors condition
- 1.3.6.1.4.1.232.6.2.6.7.1.3 # Fans location
- 1.3.6.1.4.1.232.6.2.6.7.1.9 # Fans condition
- 1.3.6.1.4.1.232.6.2.9.3.1.5 # Power supply
- 1.3.6.1.4.1.232.9.2.2 # iLO
metrics:
- name: cpqHeResilientMemCondition
oid: 1.3.6.1.4.1.232.6.2.14.4
type: EnumAsStateSet
help: The resilient memory condition - 1.3.6.1.4.1.232.6.2.14.4
enum_values:
1: other
2: ok
3: degraded
4: failed
- name: cpqHePowerMeterCurrReading
oid: 1.3.6.1.4.1.232.6.2.15.3
type: gauge
help: This is the current Power Meter reading in Watts - 1.3.6.1.4.1.232.6.2.15.3
- name: cpqHeHWBiosCondition
oid: 1.3.6.1.4.1.232.6.2.16.1
type: EnumAsStateSet
help: This value indicates an error has been detected during Pre-OS Test (POST)
or during initial hardware initialization - 1.3.6.1.4.1.232.6.2.16.1
enum_values:
1: other
2: ok
3: degraded
4: failed
- name: cpqHeSysBatteryCondition
oid: 1.3.6.1.4.1.232.6.2.17.1
type: EnumAsStateSet
help: The battery condition - 1.3.6.1.4.1.232.6.2.17.1
indexes:
- labelname: cpqHeSysBatteryChassis
type: gauge
- labelname: cpqHeSysBatteryIndex
type: gauge
enum_values:
1: other
2: ok
3: degraded
4: failed
- name: cpqHeTemperatureLocale
oid: 1.3.6.1.4.1.232.6.2.6.8.1.3
type: EnumAsInfo
help: This specifies the location of the temperature sensor present in the system.
- 1.3.6.1.4.1.232.6.2.6.8.1.3
indexes:
- labelname: cpqHeTemperatureChassis
type: gauge
- labelname: cpqHeTemperatureIndex
type: gauge
enum_values:
1: other
2: unknown
3: system
4: systemBoard
5: ioBoard
6: cpu
7: memory
8: storage
9: removableMedia
10: powerSupply
11: ambient
12: chassis
13: bridgeCard
- name: cpqHeTemperatureCelsius
oid: 1.3.6.1.4.1.232.6.2.6.8.1.4
type: gauge
help: This is the current temperature sensor reading in degrees celsius - 1.3.6.1.4.1.232.6.2.6.8.1.4
indexes:
- labelname: cpqHeTemperatureChassis
type: gauge
- labelname: cpqHeTemperatureIndex
type: gauge
- name: cpqHeTemperatureThreshold
oid: 1.3.6.1.4.1.232.6.2.6.8.1.5
type: gauge
help: This is the shutdown threshold temperature sensor setting in degrees celsius
- 1.3.6.1.4.1.232.6.2.6.8.1.5
indexes:
- labelname: cpqHeTemperatureChassis
type: gauge
- labelname: cpqHeTemperatureIndex
type: gauge
- name: cpqHeTemperatureCondition
oid: 1.3.6.1.4.1.232.6.2.6.8.1.6
type: EnumAsStateSet
help: The Temperature sensor condition - 1.3.6.1.4.1.232.6.2.6.8.1.6
indexes:
- labelname: cpqHeTemperatureChassis
type: gauge
- labelname: cpqHeTemperatureIndex
type: gauge
enum_values:
1: other
2: ok
3: degraded
4: failed
- name: cpqHeFltTolFanLocale
oid: 1.3.6.1.4.1.232.6.2.6.7.1.3
type: EnumAsInfo
help: This specifies the location of the fan present in the system.
- 1.3.6.1.4.1.232.6.2.6.7.1.3
indexes:
- labelname: cpqHeFltTolFanChassis
type: gauge
- labelname: cpqHeFltTolFanIndex
type: gauge
enum_values:
1: other
2: unknown
3: system
4: systemBoard
5: ioBoard
6: cpu
7: memory
8: storage
9: removableMedia
10: powerSupply
11: ambient
12: chassis
13: bridgeCard
- name: cpqHeFltTolFanCondition
oid: 1.3.6.1.4.1.232.6.2.6.7.1.9
type: EnumAsStateSet
help: The fan condition - 1.3.6.1.4.1.232.6.2.6.7.1.9
indexes:
- labelname: cpqHeFltTolFanChassis
type: gauge
- labelname: cpqHeFltTolFanIndex
type: gauge
enum_values:
1: other
2: ok
3: degraded
4: failed
- name: cpqHeFltTolPowerSupplyStatus
oid: 1.3.6.1.4.1.232.6.2.9.3.1.5
type: EnumAsStateSet
help: The status of the power supply. - 1.3.6.1.4.1.232.6.2.9.3.1.5
indexes:
- labelname: cpqHeFltTolPowerSupplyChassis
type: gauge
- labelname: cpqHeFltTolPowerSupplyBay
type: gauge
enum_values:
1: noError
2: generalFailure
3: bistFailure
4: fanFailure
5: tempFailure
6: interlockOpen
7: epromFailed
8: vrefFailed
9: dacFailed
10: ramTestFailed
11: voltageChannelFailed
12: orringdiodeFailed
13: brownOut
14: giveupOnStartup
15: nvramInvalid
16: calibrationTableInvalid
17: noPowerInput
- name: cpqSm2CntlrInterfaceStatus
oid: 1.3.6.1.4.1.232.9.2.2.17
type: EnumAsStateSet
help: Remote Insight/ Integrated Lights-Out Interface Status - 1.3.6.1.4.1.232.9.2.2.17
enum_values:
1: other
2: ok
3: notResponding
- name: cpqSm2CntlriLOSecurityOverrideSwitchState
oid: 1.3.6.1.4.1.232.9.2.2.27
type: EnumAsStateSet
help: Integrated Lights-Out Security Override Switch State - 1.3.6.1.4.1.232.9.2.2.27
enum_values:
1: notSupported
2: set
3: notSet
- name: cpqSm2CntlrLicenseActive
oid: 1.3.6.1.4.1.232.9.2.2.30
type: EnumAsStateSet
help: Remote Insight License State - 1.3.6.1.4.1.232.9.2.2.30
enum_values:
1: none
2: iloAdvanced
3: iloLight
4: iloAdvancedBlade
5: iloStandard
6: iloEssentials
7: iloScaleOut
8: iloAdvancedPremiumSecurity
- name: cpqSm2CntlrServerPowerState
oid: 1.3.6.1.4.1.232.9.2.2.32
type: EnumAsStateSet
help: The current power state for the server - 1.3.6.1.4.1.232.9.2.2.32
enum_values:
1: unknown
2: poweredOff
3: poweredOn
4: insufficientPowerOrPowerOnDenied
version: 3
# Reduce timeout to retry faster
timeout: 1s
auth:
security_level: authPriv
username: {{ snmp_ilo_user }}
password: {{ snmp_ilo_auth }}
auth_protocol: SHA
priv_protocol: AES
priv_password: {{ snmp_ilo_priv }}
...

View file

@ -42,4 +42,14 @@
name: prometheus
enabled: true
state: started
- name: Configure MOTD
include_role:
name: update_motd
vars:
motd_messages:
- key: 05-prometheus-federate
message: >-
Prometheus (en configuration fédération) est déployé sur cette
machine (voir /etc/prometheus)
...

View file

@ -34,9 +34,9 @@ scrape_configs:
- '{job="postgresql"}'
- '{job="prometheus"}'
- '{job="unifi_snmp"}'
- '{job="django"}'
- '{job="ups_snmp"}'
- '{job="apc_pdu_snmp"}'
- '{job="docker"}'
- '{job="switch_snmp"}'
- '{job="ilo_snmp"}'
...

View file

@ -39,4 +39,14 @@
owner: "{{ service_user }}"
group: nogroup
state: link
- name: Configure MOTD
include_role:
name: update_motd
vars:
motd_messages:
- key: "15-re2o-service-{{ service_name }}"
message: >-
Le service re2o {{ service_name }} est dans
{{ service_homedir }}/{{ service_name }}.
...

View file

@ -1,9 +0,0 @@
---
- name: Install resolv.conf
template:
src: resolv.conf.j2
dest: /etc/resolv.conf
owner: root
group: root
mode: u=rw,g=r,o=r
...

View file

@ -1,11 +0,0 @@
{{ ansible_managed | comment }}
{% for nameserver in resolvconf__nameservers %}
nameserver {{ nameserver | ipaddr }}
{% endfor %}
{% if resolvconf__domain is defined %}
domain {{ resolvconf__domain }}
{% endif %}
{% if resolvconf__search is defined %}
search {{ resolvconf__search | join(" ") }}
{% endif %}

Some files were not shown because too many files have changed in this diff Show more