Compare commits
1 commit
master
...
fix-portai
Author | SHA1 | Date | |
---|---|---|---|
ec2506b9cd |
108 changed files with 1598 additions and 2324 deletions
|
@ -3,7 +3,9 @@ skip_list:
|
|||
- load-failure
|
||||
- document-start
|
||||
- meta-no-info
|
||||
- ignore-errors
|
||||
|
||||
warn_list:
|
||||
- experimental # all rules tagged as experimental
|
||||
|
||||
exclude_paths:
|
||||
- group_vars/all/vault.yml
|
||||
|
|
|
@ -5,7 +5,8 @@ name: check
|
|||
|
||||
steps:
|
||||
- name: ansible and yaml linting
|
||||
image: quay.io/ansible/toolset:3.5.0
|
||||
pull: never
|
||||
image: aurore-ansible-lint-image
|
||||
commands:
|
||||
- ansible-lint
|
||||
...
|
||||
|
|
12
README.md
12
README.md
|
@ -2,9 +2,8 @@
|
|||
|
||||
# Recettes Ansible d'Aurore
|
||||
|
||||
Dépendances requises :
|
||||
|
||||
* Ansible 2.9 ou plus récent.
|
||||
Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore.
|
||||
Pour les utiliser, vérifiez que vous avez au moins Ansible 2.7.
|
||||
|
||||
## Ansible 101
|
||||
|
||||
|
@ -89,11 +88,8 @@ On va utiliser plutôt `ProxyJump`.
|
|||
Dans la configuration SSH :
|
||||
|
||||
```
|
||||
Host *.adm.auro.re *.pve.auro.re
|
||||
# Accept new host keys
|
||||
StrictHostKeyChecking accept-new
|
||||
|
||||
# Use passerelle to connect to administration VLANs
|
||||
# Use a proxy jump server to log on all Aurore inventory
|
||||
Host 10.128.0.* *.adm.auro.re
|
||||
ProxyJump passerelle.auro.re
|
||||
```
|
||||
|
||||
|
|
31
ansible.cfg
31
ansible.cfg
|
@ -1,17 +1,38 @@
|
|||
# Ansible configuration
|
||||
|
||||
[defaults]
|
||||
ask_vault_pass = True
|
||||
roles_path = ./roles
|
||||
|
||||
# Do not create .retry files
|
||||
retry_files_enabled = False
|
||||
|
||||
# Use inventory
|
||||
inventory = ./hosts
|
||||
filter_plugins = ./filter_plugins
|
||||
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S
|
||||
|
||||
# Custom header in templates
|
||||
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S by {uid}
|
||||
|
||||
# Do not use cows (with cowsay)
|
||||
nocows = 1
|
||||
|
||||
# Do more parallelism
|
||||
forks = 15
|
||||
|
||||
# Some SSH connection will take time
|
||||
timeout = 60
|
||||
remote_user = root
|
||||
|
||||
[privilege_escalation]
|
||||
|
||||
# Use sudo to get priviledge access
|
||||
become = True
|
||||
|
||||
# Ask for password
|
||||
become_ask_pass = True
|
||||
|
||||
[diff]
|
||||
|
||||
# TO know what changed
|
||||
always = yes
|
||||
|
||||
|
||||
[ssh_connection]
|
||||
pipelining = True
|
||||
|
|
9
backups.yml
Normal file
9
backups.yml
Normal file
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
- hosts: perceval.adm.auro.re
|
||||
roles:
|
||||
- borgbackup_server
|
||||
|
||||
- hosts: all,!unifi,!unifi-*,!wiki.adm.auro.re
|
||||
roles:
|
||||
- borgbackup_client
|
||||
...
|
|
@ -5,6 +5,13 @@
|
|||
roles:
|
||||
- baseconfig
|
||||
- basesecurity
|
||||
|
||||
# Plug LDAP on all servers
|
||||
- hosts: all,!unifi
|
||||
roles:
|
||||
- ldap_client
|
||||
|
||||
# Install logrotate
|
||||
- hosts: all,!unifi,!pve
|
||||
roles:
|
||||
- logrotate
|
||||
- update_motd
|
7
bdd.yml
Normal file
7
bdd.yml
Normal file
|
@ -0,0 +1,7 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
# Install and configure bdd servers at Saclay and at OVH
|
||||
- hosts: bdd,!re2o-bdd.adm.auro.re,!services-bdd-local.adm.auro.re
|
||||
roles:
|
||||
- postgresql_server
|
||||
...
|
20
copy-keys.sh
Executable file
20
copy-keys.sh
Executable file
|
@ -0,0 +1,20 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# Grab valid unique hostnames from the Ansible inventory.
|
||||
HOSTS=$(grep -ve '^[#\[]' hosts \
|
||||
| grep -F adm.auro.re \
|
||||
| sort -u)
|
||||
|
||||
# Ask password
|
||||
read -s -p "Hello adventurer, what is your LDAP password? " passwd
|
||||
echo
|
||||
|
||||
for host in $HOSTS; do
|
||||
echo "[+] Handling host $host"
|
||||
|
||||
# sshpass can be used for non-interactive password authentication.
|
||||
# place your password in ldap-password.txt.
|
||||
SSHPASS=${passwd} sshpass -v -e ssh-copy-id -i ~/.ssh/id_rsa "$host"
|
||||
done
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
# Deploy all playbooks
|
||||
ansible-playbook playbooks/*.yml $@
|
8
deploy_postfix_non_mailhost.yml
Normal file
8
deploy_postfix_non_mailhost.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
# Deploy a correclty configured postfix on non mailhost servers
|
||||
- hosts: all,!unifi
|
||||
vars:
|
||||
local_network: 10.128.0.0/16
|
||||
relay_host: proxy.adm.auro.re
|
||||
roles:
|
||||
- postfix_non_mailhost
|
7
docker-ansible-lint/Dockerfile
Normal file
7
docker-ansible-lint/Dockerfile
Normal file
|
@ -0,0 +1,7 @@
|
|||
FROM python:3.9-alpine
|
||||
LABEL description="Aurore's docker image for ansible-lint"
|
||||
|
||||
RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
|
||||
RUN pip install --no-cache-dir "yamllint>=1.26.0,<2.0"
|
||||
RUN pip install --no-cache-dir "ansible-lint>=5.0.0"
|
||||
RUN pip install --no-cache-dir "ansible>=2.10,<2.11"
|
18
docker-ansible-lint/README.md
Normal file
18
docker-ansible-lint/README.md
Normal file
|
@ -0,0 +1,18 @@
|
|||
# Ansible-lint image
|
||||
|
||||
In order to build this image when a new version comes out, you need to
|
||||
1. ssh into the `drone.adm.auro.re` server
|
||||
2. git pull this repo to the lastest version
|
||||
3. optionally make the changes if it has not been done yet
|
||||
4. `sudo docker build -t aurore-ansible-lint-image docker-ansible-lint/`
|
||||
5. ???
|
||||
6. enjoy
|
||||
|
||||
You can verify that the image was correclty built by running
|
||||
```
|
||||
# list the images present
|
||||
sudo docker image ls
|
||||
|
||||
# run your image with an interactive shell
|
||||
sudo docker run -it --rm aurore-ansible-lint-image /bin/sh
|
||||
```
|
|
@ -1,40 +0,0 @@
|
|||
import ipaddress
|
||||
from operator import attrgetter
|
||||
|
||||
import dns.name
|
||||
|
||||
|
||||
class FilterModule:
|
||||
def filters(self):
|
||||
return {
|
||||
"remove_domain_suffix": remove_domain_suffix,
|
||||
"ipaddr_sort": ipaddr_sort,
|
||||
}
|
||||
|
||||
|
||||
def remove_domain_suffix(name):
|
||||
parent = dns.name.from_text(name).parent()
|
||||
return parent.to_text()
|
||||
|
||||
|
||||
def ipaddr_sort(addrs, types, unknown_after=True):
|
||||
check_types = {
|
||||
"global": attrgetter("is_global"),
|
||||
"link-local": attrgetter("is_link_local"),
|
||||
"loopback": attrgetter("is_loopback"),
|
||||
"multicast": attrgetter("is_multicast"),
|
||||
"private": attrgetter("is_private"),
|
||||
"reserved": attrgetter("is_reserved"),
|
||||
"site_local": attrgetter("is_site_local"),
|
||||
"unspecified": attrgetter("is_unspecified"),
|
||||
}
|
||||
|
||||
def addr_weight(addr):
|
||||
if isinstance(addr, str):
|
||||
addr = ipaddress.ip_address(addr.split("/")[0])
|
||||
for index, ty in enumerate(types):
|
||||
if check_types[ty](ipaddress.ip_address(addr)):
|
||||
return index
|
||||
return len(types) if unknown_after else -1
|
||||
|
||||
return sorted(addrs, key=addr_weight)
|
|
@ -18,6 +18,16 @@ ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}"
|
|||
|
||||
# Databases
|
||||
postgresql_services_url: 'bdd-ovh.adm.auro.re'
|
||||
postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}"
|
||||
postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}"
|
||||
postgresql_etherpad_passwd: "{{ vault_postgresql_etherpad_passwd }}"
|
||||
postgresql_kanboard_passwd: "{{ vault_postgresql_kanboard_passwd }}"
|
||||
postgresql_grafana_passwd: "{{ vault_postgresql_grafana_passwd }}"
|
||||
postgresql_cas_passwd: "{{ vault_postgresql_cas_passwd }}"
|
||||
postgresql_drone_passwd: "{{ vault_postgresql_drone_passwd }}"
|
||||
postgresql_wikijs_passwd: "{{ vault_postgresql_wikijs_passwd }}"
|
||||
postgresql_nextcloud_passwd: "{{ vault_postgresql_nextcloud_passwd }}"
|
||||
postgresql_gitea_passwd: "{{ vault_postgresql_gitea_passwd }}"
|
||||
|
||||
# Scripts will tell users to go there to manage their account
|
||||
intranet_url: 'https://re2o.auro.re/'
|
||||
|
|
|
@ -1,246 +1,218 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
64313161633263303464663933363265373935633862653634643862343232643432343966376438
|
||||
6134633764383937373966346538306530316539303966320a363035303038616435383366656532
|
||||
39346463396563626166333362306464343836386365303836356461323663633831636562393039
|
||||
3832636432626238350a666566323435623834396166656233306639333830343130326265616234
|
||||
61666365663963643437386530363261306438376665386463376366363662656161316263303831
|
||||
61393136363934316462616131326463333736656136643038623061313363386538393833663637
|
||||
36373565333566306632313865646538633532393731313430633462666334323762653337383338
|
||||
63313433333835653366363061343839326131666139346563306366656365316663333438363837
|
||||
33323165353936343165646464306434303161313139653561346461653537616164623434376534
|
||||
33666662343734633766356230383761353239333632613031396365346536373432363433633564
|
||||
61633762393033343336373864653438336436613630366539333731383336346665313732396265
|
||||
32356138666135383562656366353131366436363464643630656130303437623131333239386363
|
||||
66373866393064306565306565386230373638633733326661333065633136633130323963323765
|
||||
30353262323835313365383562326363343965636634376133613331363133313030346561653931
|
||||
39363636636235646131353034663861336362383263613165323230366439383561653165363764
|
||||
65366130623362623539393461363832353435616266393036386439303834316635366438393936
|
||||
33383933366262636232383066663130383965306137356363363539633661373664613738336539
|
||||
31363131616135623039346465623530376533386263343836376662316562386530336266303062
|
||||
64386531303938623939653635313163633261336339366139666135323130653862346132646636
|
||||
30363065303235346331333434653331646333616337623562643564366435613938643235333664
|
||||
30626164373030303237656366623631396138333265383566333664663061613536666363623630
|
||||
61623362383439636239336234333161366635306432363230366630383836326330343932303863
|
||||
39393232373831363863333332636362396639663831656266336430313837666463336439353332
|
||||
63303036633433323439613535326663633332346565646338353761363733643766363132666365
|
||||
34303865656262303563323665363730663062626537363461646363636461633762663237366366
|
||||
64393133656464643065633634313261336662646435313735306266316132636530393631353830
|
||||
61303939373363323131316463333136326365333430626266376636356130396239323464353937
|
||||
64616232373532396334343433636332353530386662633164353235626361623164313039336666
|
||||
31636434666437393839393133633961373139313663616366373239386163623064373836376164
|
||||
62316638366366376134386231306435616138656461373633393339653532363434393834393430
|
||||
37363335623934306661333135343266663464623438353665613330356236323036363139643064
|
||||
62383934363465316338393065383935646134353230376131613935613431656333383565353134
|
||||
34643866353131653061623236306536363163373639396564336434653839346263303930633663
|
||||
39393935636235313431303032336361313730373238333732626465346662363038636361383631
|
||||
65393433346363366337383233646166306339653533646632623262376630383265393438326135
|
||||
31643039333835666338383762336163336337343532393063323165636531353361613731363065
|
||||
65303637396332613432663636326334646635346237396461636366356133303333306239393739
|
||||
34353966653662346230383865643231313239626533643761366162613164333132373636623237
|
||||
32356335643766646266646266633366363165373861306433316561363166363865303133633939
|
||||
34633132343438363034323638376666313061383965323566646463653163313235373364386666
|
||||
62393865373137343237306637363536383939303833663532396333313931336162333837613935
|
||||
66383266343735396337663936333162323738383264376533316536376563396333343263643931
|
||||
65646535363337373865353265306434356432353066656665366638353331366334366339613538
|
||||
32373637633564613861626538373365336362313434633137613966353861393462623862663330
|
||||
64386431373066306334383863366133333564373163386433313231363366393830343230323734
|
||||
61633962356637326538336663386330653563353763663236623539363630626363323237333237
|
||||
30656139626561313064323330373032323031343137366638303966313832646365666238326337
|
||||
63306363613361653933306234386163383837666430616663383664386563323839326232383761
|
||||
35373539626438356539393266653864353066633365383437623437356464383335383039343137
|
||||
61373539343631373932373033656233323964353666626162386537616333366562346265656238
|
||||
35396130356166303564303036383664656435626534303064653363316464616335303965376330
|
||||
61646638383138323265313631613037396561626162306661653231646230343139656135333236
|
||||
63303838316266333665636335663361656262353066666430656162323236633564313337353665
|
||||
35363565303736633564356632346632343832363934343962313030646132663566346664313632
|
||||
38393061613163356265643434626166393366366634343032626637333332316361663639623534
|
||||
62323239373639393337373537646232663531653835356165313264663561623633633830373734
|
||||
31336234613633666538373961626430316530346462343061323661353564323938353338373961
|
||||
64616637303734303333626166306330613238646265636136653939363936356165356232396436
|
||||
65353731633836363433616534636330663565643561363233396538386430393964353433616437
|
||||
36343936313936303165396236393463646363383338366238363961666530623335653234656139
|
||||
65346337663437623134376137326166323933613861663032623965643538343638376234316232
|
||||
36333065323234663263343630353739313661373536316162366532336438373263303730626464
|
||||
38613136393166626663636631363064303736666235333036616435373063363762666565363136
|
||||
38333966303831313333613831313132633062616235353365313533386236613338373130303836
|
||||
61326262313833306437366364316433393931353265326131653563656131333436376338613266
|
||||
39326632613366666136643137303635336631353230396435313537656366326239626362313833
|
||||
62653039343261613265306362323234623264366664306561663839306631663465303962386462
|
||||
39353934643562383762623937643034383534393962333466613636346637323235346438666636
|
||||
31613838313535666166663063373333653439313035346266666463623666613837313933623837
|
||||
63343565663739393764353761316432626237346234663032316131306262356233333439323961
|
||||
38646664383030303832646563393836643135303731306435383338623633626638306165386637
|
||||
65393238653464623032336437643838333932366131656332333165376261383539386466343139
|
||||
65613733383837323832303738363664653138613830376333363038383839623463623631666237
|
||||
63363263396533353763373934373034643763376665316638353435663635346135333265363235
|
||||
62663432343935343964626432353563313036303761393039386231343530663737633466643035
|
||||
65343835353037643539316439666666633866356530363237373230373439373133313337653237
|
||||
66613631373637313534353862653437393234363365323032393035376438616264336661616262
|
||||
37336435326135373065353564383637626637343532396331623334643139386364316431376435
|
||||
36356566363033636539363430356565373039363863396565643730656531346364626334393436
|
||||
33343839303538383530363231366166623233333730323163323432373831313639626337346230
|
||||
30333930333064393337616564386163623436613933623466353933393733346339383534633239
|
||||
30633365313364666566643533326163336330323232353533316633313739343035383465376330
|
||||
65356139386463633565366132383832643032333234633964373437633836343435393631396166
|
||||
34633439643764623936366536353931646132373539326238303761383339643661616266646130
|
||||
30393166393465326365393130636136336433623262346435353936306133616135653734383635
|
||||
65393530633836613937346430366337626365363361663533313837363063396538663766646566
|
||||
63373639653732353135343562353266316164303863336365303635653464393232613939396131
|
||||
30636361343932663233663566656131363938656161623966316366656561343166336532613666
|
||||
65613534663762353662353262623634616264373964316336626166353330303539356130646166
|
||||
63643435353765633766626165643465386331333637366562393861613834323464363932306430
|
||||
32643836646266643031396262626136313363623663366430376432373036643835653863323631
|
||||
30613164326430633664306630333632363931656135643465363439376263386561383534633666
|
||||
64323763656466343064396639313264386239356664663461333166626332326536623132333434
|
||||
62303261643164643330333662623935383037353338306135613737306563326336336162633138
|
||||
33623066373265663362303133363032343933306336396466383034636131333837313333326531
|
||||
39336163313633623639303462313763656632633030336236643030343262653366633939643536
|
||||
31636535393864663363353930363761623264343630396336396431663330323436613462633136
|
||||
37336464353730643566393432343762333336653932333366636265343663323462626232623635
|
||||
34346136333630363539633666316561376266373032373961313437653564636537656630303261
|
||||
37313639333233333365383763333061373730623939303530303832646365323739356564626137
|
||||
35633366393636376463393961333830343232363266633931613332643134643234303733373466
|
||||
35323831623931633436626636346431303965663639666566623433383736633834626330303265
|
||||
37353337656233663938663839373931623137666662623266336537383631626631306235363064
|
||||
33313564316438633139336261623736336336326239376630316335313631376132646563333430
|
||||
33656432643130643832343065353834633366363339353964623762666564633835633636313731
|
||||
63353637636165663136623736343234393038313235333363643237643566623766393838386635
|
||||
33646233623032653233336266636335666233353032303837663162303939383262373761623261
|
||||
35366661363966346233633739663635353361303264356534366235616164316138623730623632
|
||||
62316362623736396264366632373661373835393434343364353431316362666235616635633566
|
||||
64353530633334393737346663653562346335323065356665643132353738363132623031353664
|
||||
66666639326238386634363664356664343161386435323736316636343536326435303066353035
|
||||
37363731613138393333636562386363333932386362303139643262386237353863363764643139
|
||||
64616561373239346464623165616332623434303433626638376232333733646136376431626438
|
||||
66613134343639656331626630303030366133356636663735353466353834613430356265386162
|
||||
66613332663232623438636661306332613162666561353537313336643134663664306630636639
|
||||
61613363353264373831393962333631383236666130646333336431303735333165656438363432
|
||||
38396530333631636135653534393531326434306362396237366430383166323832336434376364
|
||||
38393431646338316232373431613930326532646333386435303034356564336665346133393866
|
||||
61643533643361646265313334633463616437393437653935613261366635616430313064346532
|
||||
32363831613565313836376338646466323130373032613863323037323566643164653132633735
|
||||
65636562653535626461396666643330386333663137613333643165656336633038323036373162
|
||||
31376338613862333334643561313332326237646565633934323032626662633631633033623063
|
||||
63306664656437663732323339383735306132616531373865323835633264333639336163366466
|
||||
33373433653839393638323034623835643531393266306331313563613265616633353763653438
|
||||
65363532653163303861383531356639316331343531666666636336373634636134633331366364
|
||||
62366230366435323435613964636533353236373935626632623536396664313264653031623062
|
||||
33366166343630313839366262313234346262343336386538336335393835646138666330656361
|
||||
61313936323838653832633130346539636363613838343363663431623063333933383466353938
|
||||
65383361333561383631643938613862343236346233363466333237316339616362366565306639
|
||||
39356563656132303463346138356435303038303165363935343266396462326365363262393336
|
||||
37396235366639623761366239386165613065626431633733306234343866663266633631656237
|
||||
63643430383433393835663635356265636635363137613064353066313338346436356632346265
|
||||
38393730336465396263373137383238653337396364643061303234666266663064663265383434
|
||||
36636138643432373633313038393737663735363838396164366234643533633762383062353831
|
||||
66326231363337323666386263373438656630346336663239643030386434636264666634393631
|
||||
39313364333761343532346165396365306463393037643935666363323630326664616638313338
|
||||
39396336653738353333343835363861643166376565346463303135376439336134666235623230
|
||||
32363031303732666133386164313437366164326539373564623236356432303132633436323563
|
||||
36323634373538376133613736633133356638323861636434646465643432636366376138636232
|
||||
63633830613462613831313938326339343632393038376639623131366364623536353338363439
|
||||
32613331623863336165636364616634303264356630303665383638663737343836663831363263
|
||||
63366562393734323030306436346534626530656465396535323835316139633562363830373437
|
||||
63626530326530383538623165356532303862353763326432373966626436303465373431373762
|
||||
38613539623164353732623636376630643465343839666531306438326633343362306665366132
|
||||
39396537366266353864656232616334336130333337306463313932393832653661343036396261
|
||||
64613461633433356334623631643861303133383963336635623138326139613564343838366565
|
||||
36343130353462333162313736636139306233366466626231306561626335396262663531333839
|
||||
61336437343137356335633764373730306466326133356331333530353537616661373062656438
|
||||
35356235666464656466323937353837623535643937383866666133383633396563333338633034
|
||||
38366531613164363966323137646237393135383164643230663331306335636432656565633636
|
||||
34343031633632346533353666353034666266666561346464306665386634313263323333653330
|
||||
66323033393531343633356466613837346164393332613037636465343230623731616361336338
|
||||
61373332373636646435353734386366613334323161626437396232613534613330613532323534
|
||||
65653065386432313733663165616333663666363733623162306536303833663136353334656466
|
||||
64353931363838613761663561666639373865393438396565626661343934353662363834636535
|
||||
65363664393433313036383438643864663339626331343230343337316437336634636363303563
|
||||
35373539383535353235633730386232363539616632336566376264393832383637663330613133
|
||||
37643261363966633138373935333438393536373938383265373261363232343030373539366335
|
||||
61633162663137643061363366653135323639363838626266386262666133306461333432313738
|
||||
30313332626166303630363839396663396564633961383863326663356230343938643833303933
|
||||
34333032353935323565346633363537656639613663356130383264373739636231363364613066
|
||||
36653664346434393933383337313630623131396461343930383537633536643365306564396665
|
||||
31353861643335353538623838393335326364393738376239623431306231363739656438626265
|
||||
37666532336661306262303761616238666239623265663231386165353437366631376234343035
|
||||
33393037316563373534373765616238616639303031346430623561663430393536303163613338
|
||||
65353062336164626335376235656235343637366438353334356436653266333062663838316263
|
||||
32623732306462356162623437393035626433336631643833626463656634366332613936346465
|
||||
34653331363133373635633330363564333264623566613432383439396537343963653239336265
|
||||
33326132663434363065646265646130333935303662623037363938313464366564323734333437
|
||||
36336335303738643634653164306332636130316161393335656536386131396662616366383139
|
||||
36663863343736666665363337663537326330323437346565346465326231366563643136366365
|
||||
37636361343961326261336437616266373962643765346438333766306537303137353764396330
|
||||
39626635373631353635313935363834363730386132376363663462653330623130663266373432
|
||||
65343237326535613535386363396236336536366165306463643162346638623638373433646163
|
||||
62613935363636353639623839396231393838303135346536383037353636613563323234626131
|
||||
64373666303436393861373164376564646235366131343433623733663832653039393738343537
|
||||
65323534343464613230346532623966616462353532373064623566626563336464326336393364
|
||||
39626237646431313135323036303065343138616632343237396136366332636132303037376132
|
||||
33623031623635653162616265316366663262373666636638386130643336383130643232643662
|
||||
34326663343562613962343033396332303261636230353331313730336630633461333736626333
|
||||
66636430643330383032646634396133626339623036333963396662313234623466366634636334
|
||||
33373762386662613966353664346239666133656435353365653536356331613632666132376264
|
||||
62613433366633663065306166396166633836306139376533396165393966323465303638373563
|
||||
63326330323161303065643365343363313338326238363137663139613463613434643834613662
|
||||
64663365633965653363633165653038333335333232633434323037643936646561376431626230
|
||||
66356138373136366134373533386634373061666330663364376336383433306331386162393633
|
||||
33636330643531396464313736363061303466393861613730323563626363643731333633366532
|
||||
64646130636234653566346533323962353332653335336239353630633535623935396638663366
|
||||
37383661343636613261623833653032373764653164346634663431653664636233323734666166
|
||||
36373664306566663930353338366431623563396166356638626166333165623263636336613138
|
||||
34343936393964666564306637346561393538383137663162663630336462656663316338376236
|
||||
63633666333263663734353861633164653132663334306664643133663736663766626639393236
|
||||
32653430333163313363343731666135656662363838366132383732346130313130363365656263
|
||||
32643533393163376264653632663262353966306630333064313932616262323134326361633764
|
||||
63383837303936616434616630653833653833623263623532306363373836323431393335623530
|
||||
34316562343035326265333164643163356230643639373431326431303538346363376332373434
|
||||
31313666313663343363353130306561646136393732663164393232636330663635346434343134
|
||||
33663138663336636430373763396435323138373633666438623234363631336232366635366532
|
||||
62616239663934653462656163326134303261376635323864633435383666363065656665303538
|
||||
62626538343638366236646136363232373437336630383739656438636465326531646664366462
|
||||
36353663626634386538336239623734323234393463313034303837363164363263623065613061
|
||||
38333162646232366339333662313965663336613238386530393162346266636532353433656136
|
||||
66326436323836376432313238613165373565643233333435393361636637653361616435393438
|
||||
32383763393561343734643438346635613663393736613839623263663866336165343235663933
|
||||
66623137616561313462653631613830363666653635336534643935373739353138363934656134
|
||||
35663063396162623432373534333463376231666466393963336231653939326663396336383735
|
||||
34633763336163313432616163313638623963306666643432306661393632346339373963633265
|
||||
32303862643661376433356661383335313365306534663534396638313531373538326236636363
|
||||
37626138333437393363323261336663653163643565303063313231346131376261653763356631
|
||||
62306262336337366134626632333663363139393131306666303235303761623665356431646234
|
||||
33666461663035303066353137623762653565353533613435663839396238336337333463636465
|
||||
38353135356634626137376232613330393235383432356436393030313564306537616363383136
|
||||
66356463373138313661373565326565343066643133633630313031303132313031663739316631
|
||||
66666631386163313034306532393862393930653931363235396662366262636466363464396466
|
||||
61303962303066633764393831396632626233343633313061323838623134373036393164633139
|
||||
30303861636335636131376334376239636235653233323435623262366132663934613661333135
|
||||
61386136326435363337316363666330363431613135663661303438383664663930656564373730
|
||||
32373731393666333364633835646431646662313232383136616238303264383438663766356462
|
||||
32346664376430663934626661663039656461383738626265346162393861346163656161323333
|
||||
39323666643031376530303230626166613233383731363766373634623430633635303963313466
|
||||
34646331363539636133373134353535356265393265393635323532323134643034343663636362
|
||||
38633261613433393634396234396265623063346138363133646532366638306632396464646432
|
||||
61373961383438386535336131393633303430346162613738343839653038303035303033626535
|
||||
37343030623530333332306265373539633735616634663666356437303862636338363866613861
|
||||
38346130336338373865343866306665616530313938616366346131376262346135323537663137
|
||||
39383366313766666234323234363937623264353532323033363966313135653163343036666262
|
||||
34393832613034383239393930383063336131356364303231323966303633333331633666373764
|
||||
65383137333965663234663933303231356165376233326233303035316536666563656363343933
|
||||
36633039666432643135636331353932633164633964623661373739633665313433306561303637
|
||||
62373534346562363132643063643732343462653838393635343266626535353864656437313434
|
||||
34376538303965616539626534613431623834376337643936613137323031323139393762636463
|
||||
66346664666361623636666533663037613434353135393862376633636233656330366136646434
|
||||
30653735323961383130393763333630306131376430363436623238646632363462383739653636
|
||||
37346566663039383866323639633565366338353438386461616239313639343766333661346435
|
||||
33316538366463383733346663316564656566656165396465393461363061613239666165346661
|
||||
62346639623163363762366431313831663135643062336363323336303737393437653863303665
|
||||
36643466336566336236353166333063633830646461626262333937316162353365353130353535
|
||||
30383164363532363532306364393236303537383139643431393962333063633162313033613561
|
||||
32323434336364343061386666616639336566373461633462393130336461303531353436623065
|
||||
65663430623066336533373662306566396263376562343936666166626666323964373334613835
|
||||
64633535303365643564626562643562636363363834353865353765356665643965663861366436
|
||||
63333736613232353130616466316637613966646139323565356537666331666564623832333439
|
||||
36376131663431616430616265323039646432393166613631313762613264313765323231663961
|
||||
65616636306362386534626130636261636566626365643630616135323634343935653033653433
|
||||
3061
|
||||
34353636353331626234623838643238343237306237313336663433326164313030646263393165
|
||||
3964666632653139323634663061363763656533373538660a393464333663313633393866383432
|
||||
31303736366665306465333037373835383266383035626666353461623435393438303861376435
|
||||
3161393136653361610a336438393566393936633637613436366634353237313363653232333263
|
||||
38643566626564656635316564363362386236356164646238336265663839363430623739366266
|
||||
66333233666439656561626161653336633136396565336633356630303436303234613063396238
|
||||
62363437306639343236636537303363313236633765363430623865323734316531383662353763
|
||||
37636439356164303730323235346362393436656333393062333566336536316131343338663630
|
||||
31613063313034396162323034313562356662653266636638633665376531663932653461636363
|
||||
32653061386562376237653837333239326438656630646138393362383539616339393365343435
|
||||
63616462363733623930623435333435333937336538353735626161666162333337633931333338
|
||||
62316638373736326432373464326266373361613864633262656432313364343366373832643865
|
||||
64343866393966346534623238386437373632326632376166396630613630613365393932333066
|
||||
37663162656134346564353762383961386161343064373637373634353231653137383461626666
|
||||
34666365656632333764613931643266613737393032366431323764623830666131386566613535
|
||||
30346631396237336332636438653339613633636662663266663235613634346162316134336533
|
||||
61353361353437626231393137653464363934383233363830373961373033653336323666313836
|
||||
63643638353438363661653239346530366630336661343336303836383439613462333532653263
|
||||
63643437323166386230663635333130333632376661393830646365333666323239323134386636
|
||||
30656266323839633237663433376136313437366264633039376165633961656137363038616534
|
||||
32393330656464373739353833646232633634333937613932393834356535396464613633653334
|
||||
33386231313830656562366335333162386461616331333733343163313562636232646261383135
|
||||
36376131333931303566343337343539323265313931346538343539363230643030646531373134
|
||||
36636364326539356533363832333661396435363365633831346664393165626330356536343961
|
||||
64613935636333333331633931313266633732663430373166393362373431353363316630663235
|
||||
31353936343932386665366134643962313937366634396262386434396334383332343537383163
|
||||
37323235326161636339323237643366323430623136323937353665383364306436616664356662
|
||||
38616466636465313330303464343665333163626231613164663030623963626634383965613135
|
||||
31336632366231613062366430393636646535616134383232386334343137333138643866393633
|
||||
38636161623734613862313638666562393164356536613665303839633035636330353965356163
|
||||
65646530383162323630633865363334306234383466383033663762633933653162356166376138
|
||||
33343832323466333132386564336636323765383839366134636433613866623830626133303434
|
||||
64643066366638316633663338333335313466366433313134306239393233663233333730333138
|
||||
32666133633931393961323663353565653532323837316165653536396339316364623633613137
|
||||
30626636623037396438636261633939643363326136613631376139396538623932356237313637
|
||||
62656337663438623666633435373564313566636538373339663731393564653264623863353032
|
||||
33613639616135623735393364623439393432316632626239313837653464623563393663346163
|
||||
36303764343562376337366465643434646263383133336162376166383434633436633263303263
|
||||
61656536363037666230393063336263363865356465616231333966396332383434366265343434
|
||||
66363732313435656164613135333762306464373133343739636266346336346261366535316230
|
||||
36663433616332386166323965643436393433666264343062393463653339646264353264366663
|
||||
31653331613138316138383930336163616333666161386466616566323664346263396637393735
|
||||
38386462313763346164613430653133316631633261356663613738663435313963303734373364
|
||||
34353332643366353930633339373962376162383239316134346561336539643737656239336230
|
||||
33613662646466383434303638343362323933643831653932393030383762323539346332333961
|
||||
34616338386361353362366434663365663262383835383031393430633235393631666332623261
|
||||
36393231366164303165336633663565376334643864323366666434383634353031326633313266
|
||||
66346234323036396562313366346661333130363434643565333763316234353733383733623839
|
||||
37663761656131363932333330663638323733666333336636613264363164643230343964643061
|
||||
37633264313865373732653466356639653335313236646331623932303963326364343132656464
|
||||
65636665616364373538613732643938323364626166316437623166383734316662386134316233
|
||||
66313430626133303461336465333532373361616334393139663233363132393265643865656561
|
||||
63303734313934343636333135373164636536663935323030366563623635616535616230363061
|
||||
38653362343264626432373866313363373439333331333963333765356462323762333739313061
|
||||
33626365663433396562633534643630326364346135383531343063373266633635353130363166
|
||||
30363735386665346661343166373034663466636335323838666465613163353039366233386562
|
||||
39626462383635356230343031633666346561376462376634636236323164626537396337323337
|
||||
64653163623030326435623833383136386366613764623633303732613337373732386432303737
|
||||
61303530356461343339333165663161343262613434306162653563643765323837303537653963
|
||||
30383964336230326336313765333832323639626131303063363030313537346463393765303132
|
||||
33376633313135613832616239343939363562363132666433373966616166383836376636363630
|
||||
65376266323266636430383236616338373632323134626165393961383733363365383761653538
|
||||
61386365363262623665313637333761626561643530376433326531313161303733626432333866
|
||||
63663762313130336535666134343961353337653034643436363263306664666562356431313433
|
||||
63333034623762663630323031653363356666366538323064363866366662656466666361373938
|
||||
35653562383865363437346466663963326439316531396165376439383931366132386161346364
|
||||
66633334666239393336383336376130663633613161306564336131356435396639336566636131
|
||||
37653763373537353635393536363531626332313461626166373763613861346433653237306636
|
||||
39393435633163386164356131636530623732316538646133316365383561653061376431333431
|
||||
66356561333637353537316231616133646231306462626439326462393131633562393462396132
|
||||
62396337626436336230636338373439343839646266613033633930383530363932616463633538
|
||||
35646230393536396330383566346138633434333063333362313139643537346236313336376463
|
||||
31363335633333333262316239383735633139383332303235623430626539626466336365306465
|
||||
66396336323637613036616532363963363430383737343566366162663836396132353933346534
|
||||
35366565336462646364643137323864656334336635376435623561666530386334623964323136
|
||||
39653365646161366330376336353931633366653832383966656639393364386438363832333934
|
||||
34616536653064363739333363663233376631636134323162626333343035396265666662636230
|
||||
31343931323435373964383562616333333835326238623131646433366134343830616432643866
|
||||
36353363356532383963623364636363393834343132303434393331653335313938393662376534
|
||||
33376565613433373864666536313439656339306532643233336137363264303638346563643932
|
||||
35343838616538343262613066343665386433386339373362313533643639326136663430363135
|
||||
37393734306565613566663632643639343939353361656566663431386539333136393663656262
|
||||
34363537333431356363633932373736383262343336396666383237616661353763643861376537
|
||||
63306133353331653833346339663062353438356162356431333336373536623439366132343930
|
||||
31623736353532323230373264363163386339346563313236633061313239663962623136323962
|
||||
62333166636230363333633661336539373962623337666538636565643664396132613263633461
|
||||
64663430666630303562323065613838666265653438383838363561303637663931613239326639
|
||||
30663533376662333162613731636665646565336465396132663165613431343332313038613335
|
||||
62643030376564306335633138373937613934653738396361303064306263353566336232346639
|
||||
38323266373537646334633761643933653931646439353939326536383463373666646262353362
|
||||
61356230333461646435353332656564616464363539373966333535653365326330333230373539
|
||||
62613335363632393335306535643862653262363031356439386639656262353662656432656331
|
||||
34323431356337646238353135326332346431383535643735646562386161353164393961646264
|
||||
63396161316563323537396431646561633730373930306637623438323761613935396238363965
|
||||
61613339353234626565653939643139626665343439626365656165616437653234326530316464
|
||||
39303433333533643439313464623531646133316563306337386261356332393435613237653632
|
||||
63386439353136383265323965646538316334343661376532323461636666363630613836366233
|
||||
63326465633438633564396135386137383061663264373530313330666639333236343539653734
|
||||
62323637313131613839363665633163316235306536343039626166396263383332363365373936
|
||||
66356135646330373162346261326531616538303566663761626639363635633064623361663463
|
||||
34373937653165376262643064653738396365353532343864653836306231306566386665343963
|
||||
36353066346161323733346131386466653964653961343136643039653035383864653238663265
|
||||
35623565303731636164353664666636303430333933616230336330393530633032353037626339
|
||||
34326664373239663330356430346531663635646161356130623733303862613964613433393334
|
||||
33303735333934343964363230326634653465623465366465386639616361316139323536363261
|
||||
30313531363533356636303565303265363430363530356662313838646435316439363263346165
|
||||
37666463393332323066376464313339383138343235613438663464613436376237333565616563
|
||||
31363936393731623562363331666433626636396136636533353435386634336363613963636162
|
||||
33306233616636363432316236363665333162393133616130313530313764643738336666316639
|
||||
36613263303138633039376135396266613766666261373436626333373035393863376133386162
|
||||
38633333353963313433636236636339666135376530323731663761303938313764356636363963
|
||||
34393035333561626564313638656266313666643166633163636630633938346661653033643832
|
||||
36393632633765656661353236376432383034343766643336353236623437356638336264326364
|
||||
30616161633130653131373932303337616237656633346438323832623964323332613836326365
|
||||
66666666663766653865636435623562643637363134333336636231356332356439396262386338
|
||||
62643738326437343139616134386130616533653066666631633139653038646336306363373233
|
||||
30626134623732393361653637313235363463336331666231336434363432646363373534336661
|
||||
39623864643130613337336232313263323161313030353535313336393233643237343566373063
|
||||
64633935366430316566306461313261633031656562356461376632373031333462323237646263
|
||||
37343535393539393032653135653666393933326632653166666633613638333130623937383530
|
||||
35323737363662346337326134366239666137343031326663356533353033633332633931333738
|
||||
34383937316461313231313936626436633030373833306636643633343266343461363732373132
|
||||
66396233396432336336623166653361646561313432383861313061376234656636663864616132
|
||||
32336664636162346633376633353938613865323162356437373330306236383164376261613461
|
||||
37313839363331653139623264336631663534643530663434393535333865353965343161636638
|
||||
34653334373865356439333736366432323832323834633239333130386639366163643337303832
|
||||
37383637366231613930633661316466346136333666343266393137663965653331303034356661
|
||||
61643439383630353139613635636665616534396639643161653334626434616132333731323532
|
||||
39363462313039336661636332623530363832316564343135343330323362366633333632646239
|
||||
34633736383534653130343437376134616363363736613462326332643031376331636164623837
|
||||
32316331663030383762333562373937663663633931623535303139306163613962643762353633
|
||||
66643038633630633736316634316238643136363532396363323361323163363638653331616631
|
||||
30303832363163346663613433646432326566613738356133386238386266376261336532356338
|
||||
61383539336138666261636234316461646365373236383038363965626635393530346236666263
|
||||
38636164336463393565613362626334346565653464663136316564646631323835626364333536
|
||||
36633566613432346334656665636134386334663362633562623938343264396538656432366166
|
||||
65626635336139306335366265616430366337656265346235653333646362383232386434663832
|
||||
65636634646363323736323165666637373661333136636164613933396130633932373837393030
|
||||
38303466303363623038336363633037666631356262396631396464383065343730346537303534
|
||||
62383764653763313639313332386331653163313134303336396336323862323063643265383761
|
||||
35633939626636613030653564366266346338346239356163383864383762393261396561613032
|
||||
31313866356666666538613935653965373932366666303634636436633662333638396563336161
|
||||
32303934373238323838366563623035663863393835353839343230626235353830336532306532
|
||||
36303035613238656133643936353735646336396238363334326561336365666238363735633561
|
||||
62616338336664366631336364636564393539363163626465613530343939303961353364666364
|
||||
38666665326563333039386462656261666531646637306261316233336130343730663661336431
|
||||
62666138343766393262313431386136613139386265623939613830646233666134386235326564
|
||||
36353032383336353763363231313564396630363565666163316237323363633866323734326664
|
||||
30316533383363363461613564646137646337303738373833373238396661656265626139333637
|
||||
30353835363062393333646433356362613132653463656532366137356136306431633836653333
|
||||
65326266303038393233373263313933323637303539353065663233356333326235633064353536
|
||||
30626433356630316364386332393331626135656266376233363837303438636539386434613038
|
||||
31313938653662306533663635333564653232306436396331386433343561313365633664383865
|
||||
33356163343232626165353739386534346231336634656231613235383536616338383133383664
|
||||
31303734363836326662633062396130343637343731613532353533323164353934383230626436
|
||||
33356139303663326361333535306261386431343736396238616435633565613266306339363166
|
||||
61646233353636303739353336336662633662303861623864323033376133623734373436646365
|
||||
33626332366464393166613339623663346234653830386664396630376539656163633263663664
|
||||
63646539353035323263306136396537373561646264363939613737313462643063663136623136
|
||||
61643138623962383039313836633032323861313937643164343832303634643833393230656637
|
||||
35393566396562343863323235333835353135323139613166303539306266636265363931336162
|
||||
32363361356231326164376533346464613836373162323333336438333532333161633432343637
|
||||
65356364636264313036643836643863396435663837393564393833303037643331363633643065
|
||||
36396662626462303232386531653234373231306131353732656663353538356636646331646163
|
||||
32306362366264343966393237633831633263383236336133343166633639366266316235386538
|
||||
32623039366561643663653564633066306339613938386234666430666462316363373863626337
|
||||
37366232633365653462613732353064396539356432393661626462313663363634613434376462
|
||||
61316266366131343239616133613038303338323566633363666330336364393261636130313164
|
||||
32336237383536363562663537343661306434313964373034376263373262643635316664646130
|
||||
35333631626236653638633661363831323262336465323339356637356331313738666634656538
|
||||
34363438633566393866313662386365313030646230393862343735356535633366666138623863
|
||||
65306336356633326530303932373634613733643364336561653737363132343534333336376264
|
||||
34663965373532393330393763646232623533376332323239376232303935393339656230356537
|
||||
30306264636362353733656366363139613637303264323361333138666462666531323131663564
|
||||
62616362303035613733386231316431326333643739373738666135363232616564346238636462
|
||||
64623234363632613436636336323965383762626261626137386631393334666266343636323862
|
||||
34326431303365393234616263653862376466363861353835316336633336613534373235353436
|
||||
65663531303939386233353934376335643732373063666362343234353037363430356233356138
|
||||
34663530643266343535333336643938326131366239333630336163363263613561393639333631
|
||||
63333031643033623964303361383462343339353264656435626365393938613162623835646539
|
||||
62626331393339373839316166613965373862316438636561306162376535633861396531396637
|
||||
66623936323361616333326330616361323232343034343366643130623037653463333730316337
|
||||
61383965663130646334343833333737383931363339326266666437353030626262633263626135
|
||||
32626239383137303538623735343033633465653861316231636564653535646662646561333832
|
||||
30613639353563363534663764376232643630626434626466306663303331643565313239353131
|
||||
36303363306538393164663563313133636663653664616438346235646637636132373532393332
|
||||
35633533346432616532653937636565363431323161336430323566363239373035616264373636
|
||||
62306337323935336332663262396466323064633738306334386233663531313633656232373330
|
||||
38656635636264353635356165343233643061363836396266386631393433366265646662633239
|
||||
63303939363637663030663965626637336366666638386532666466613965396533373935346135
|
||||
62623837643462356334323234633263636130653762636461353037396461623961383330613731
|
||||
61626634383232313337313363363637623036653630396266623265363961303662366165373462
|
||||
66656364633735626231323335373135663462373966396136653634653865316238393263316464
|
||||
66663537383763386335383131303438353930366534616637636564313431346163353534366431
|
||||
34356262653134656633636631373963393032393061353636363333313464386463616638663939
|
||||
39306136373433346362613934626332316633353232373963633939336338656331366661666232
|
||||
37646566393062643738383832363230393337363361653566303433666561643936313037653662
|
||||
65666266353032313862666365313237323431666365613666373931383838383435663034343239
|
||||
39323139336266373463323465656237366166653230373236613335616433363465613131326234
|
||||
39393363386334303963613036333661373364633437386262363937333565316639313261643133
|
||||
62626235303163666435333030353039316432316661383933353834313733326435613366313030
|
||||
33303631323132323861613366313532333931623739623731353566373039656133653061633637
|
||||
36366365653836346662616135303536613331656364306163633731376634313739633634646132
|
||||
31396138663337656332653331616462333936313531646135663930616130623338323733663634
|
||||
62373866353663336138346335383637333738363035393366613434306536643239356436396333
|
||||
39333133366235666562383239363530343464353735666436356333313932613965613065663639
|
||||
39383962376264643337633365386164353166343165306634376634646233626466363661666465
|
||||
34306533616238616131306130323637656536663561306437346238303464616636306134366130
|
||||
30386566326465323962396130336661613433613938633565363635356166643263383364636164
|
||||
34643465353664386437316366396130383533626132363566656265353366663865616531386238
|
||||
32633831623334643166356237353164356563646132656130363634343664663765373839616430
|
||||
37346432616161636139643733346631643165313636323231643461313164646663623439663966
|
||||
33323230376337663566636233333038633465323238636533336136363037633065336538383033
|
||||
31356634363261643064326335656535356434373862663935316434613938663833626139646636
|
||||
63333936363637356234373237326430376232623561663461633138363032616138343730663939
|
||||
37353462326266636562373331326161646338623261303762316265323432313139356439306361
|
||||
32336132376439616662386132363566363438313739313830393336393439343839
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
---
|
||||
loc_nginx:
|
||||
servers: []
|
||||
|
||||
|
|
70
host_vars/bdd-ovh.adm.auro.re.yml
Normal file
70
host_vars/bdd-ovh.adm.auro.re.yml
Normal file
|
@ -0,0 +1,70 @@
|
|||
---
|
||||
postgresql:
|
||||
version: 13
|
||||
|
||||
postgresql_hosts:
|
||||
- database: etherpad
|
||||
user: etherpad
|
||||
net: 10.128.0.150/32
|
||||
method: md5
|
||||
- database: codimd
|
||||
user: codimd
|
||||
net: 10.128.0.150/32
|
||||
method: md5
|
||||
- database: synapse
|
||||
user: synapse
|
||||
net: 10.128.0.56/32
|
||||
method: md5
|
||||
- database: kanboard
|
||||
user: kanboard
|
||||
net: 10.128.0.150/32
|
||||
method: md5
|
||||
- database: grafana
|
||||
user: grafana
|
||||
net: 10.128.0.150/32
|
||||
method: md5
|
||||
- database: cas
|
||||
user: cas
|
||||
net: 10.128.0.150/32
|
||||
method: md5
|
||||
|
||||
postgresql_databases:
|
||||
- synapse
|
||||
- codimd
|
||||
- etherpad
|
||||
- kanboard
|
||||
- grafana
|
||||
- cas
|
||||
|
||||
postgresql_users:
|
||||
- name: synapse
|
||||
database: synapse
|
||||
password: "{{ postgresql_synapse_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: codimd
|
||||
database: codimd
|
||||
password: "{{ postgresql_codimd_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: etherpad
|
||||
database: etherpad
|
||||
password: "{{ postgresql_etherpad_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: kanboard
|
||||
database: kanboard
|
||||
password: "{{ postgresql_kanboard_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: grafana
|
||||
database: grafana
|
||||
password: "{{ postgresql_grafana_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: cas
|
||||
database: cas
|
||||
password: "{{ postgresql_cas_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
...
|
50
host_vars/bdd.adm.auro.re.yml
Normal file
50
host_vars/bdd.adm.auro.re.yml
Normal file
|
@ -0,0 +1,50 @@
|
|||
---
|
||||
postgresql:
|
||||
version: 13
|
||||
|
||||
postgresql_hosts:
|
||||
- database: nextcloud
|
||||
user: nextcloud
|
||||
net: 10.128.0.58/32
|
||||
method: md5
|
||||
- database: gitea
|
||||
user: gitea
|
||||
net: 10.128.0.60/32
|
||||
method: md5
|
||||
- database: wikijs
|
||||
user: wikijs
|
||||
net: 10.128.0.66/32
|
||||
method: md5
|
||||
- database: drone
|
||||
user: drone
|
||||
net: 10.128.0.64/32
|
||||
method: md5
|
||||
|
||||
postgresql_databases:
|
||||
- nextcloud
|
||||
- gitea
|
||||
- wikijs
|
||||
- drone
|
||||
|
||||
postgresql_users:
|
||||
- name: nextcloud
|
||||
database: nextcloud
|
||||
password: "{{ postgresql_nextcloud_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: gitea
|
||||
database: gitea
|
||||
password: "{{ postgresql_gitea_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: wikijs
|
||||
database: wikijs
|
||||
password: "{{ postgresql_wikijs_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: drone
|
||||
database: drone
|
||||
password: "{{ postgresql_drone_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
...
|
|
@ -10,7 +10,5 @@ rsyslog_inputs:
|
|||
port: 20514
|
||||
- proto: udp
|
||||
port: 514
|
||||
- proto: tcp
|
||||
port: 6514
|
||||
rsyslog_outputs: []
|
||||
...
|
||||
|
|
|
@ -6,7 +6,7 @@ loc_nginx:
|
|||
|
||||
servers:
|
||||
- server_name:
|
||||
- "10.13.0.247"
|
||||
- 10.13.0.247
|
||||
locations:
|
||||
- filter: "/"
|
||||
params:
|
||||
|
@ -24,8 +24,7 @@ loc_nginx:
|
|||
params:
|
||||
- "return 302 https://portail-fleming.auro.re/portail/"
|
||||
|
||||
- ssl: auro.re
|
||||
server_name:
|
||||
- server_name:
|
||||
- 10.23.0.247
|
||||
locations:
|
||||
- filter: "/"
|
||||
|
@ -44,9 +43,8 @@ loc_nginx:
|
|||
params:
|
||||
- "return 302 https://portail-pacaterie.auro.re/portail/"
|
||||
|
||||
- ssl: auro.re
|
||||
server_name:
|
||||
- "10.33.0.247"
|
||||
- server_name:
|
||||
- 10.33.0.247
|
||||
locations:
|
||||
- filter: "/"
|
||||
params:
|
||||
|
@ -64,9 +62,8 @@ loc_nginx:
|
|||
params:
|
||||
- "return 302 https://portail-rives.auro.re/portail/"
|
||||
|
||||
- ssl: auro.re
|
||||
server_name:
|
||||
- "10.43.0.247"
|
||||
- server_name:
|
||||
- 10.43.0.247
|
||||
locations:
|
||||
- filter: "/"
|
||||
params:
|
||||
|
@ -84,9 +81,8 @@ loc_nginx:
|
|||
params:
|
||||
- "return 302 https://portail-edc.auro.re/portail/"
|
||||
|
||||
- ssl: auro.re
|
||||
server_name:
|
||||
- "10.53.0.247"
|
||||
- server_name:
|
||||
- 10.53.0.247
|
||||
locations:
|
||||
- filter: "/"
|
||||
params:
|
||||
|
|
|
@ -13,8 +13,6 @@ loc_reverseproxy:
|
|||
to: auro.re
|
||||
- from: 92.222.211.195
|
||||
to: auro.re
|
||||
- from: codimd.auro.re
|
||||
to: hedgedoc.auro.re
|
||||
|
||||
reverseproxy_sites:
|
||||
- from: phabricator.auro.re
|
||||
|
@ -29,9 +27,6 @@ loc_reverseproxy:
|
|||
- from: passbolt.auro.re
|
||||
to: 10.128.0.53
|
||||
|
||||
- from: auth.auro.re
|
||||
to: 10.128.0.150:8089
|
||||
|
||||
- from: riot.auro.re
|
||||
to: "10.128.0.150:8080"
|
||||
- from: element.auro.re
|
||||
|
@ -39,6 +34,8 @@ loc_reverseproxy:
|
|||
- from: chat.auro.re
|
||||
to: "10.128.0.150:8080"
|
||||
|
||||
- from: codimd.auro.re
|
||||
to: "10.128.0.150:8081"
|
||||
- from: hedgedoc.auro.re
|
||||
to: "10.128.0.150:8081"
|
||||
|
||||
|
@ -59,8 +56,6 @@ loc_reverseproxy:
|
|||
|
||||
- from: cas.auro.re
|
||||
to: "10.128.0.150:8085"
|
||||
- from: rss.auro.re
|
||||
to: 10.128.0.150:8090
|
||||
- from: status.auro.re
|
||||
to: "10.128.0.150:8086"
|
||||
- from: "kanboard.auro.re"
|
||||
|
|
|
@ -41,6 +41,9 @@ loc_reverseproxy:
|
|||
- from: intranet.auro.re
|
||||
to: 10.128.0.20
|
||||
|
||||
- from: bbb.auro.re
|
||||
to: 10.128.0.54
|
||||
|
||||
- from: nextcloud.auro.re
|
||||
to: "10.128.0.58:8080"
|
||||
|
||||
|
@ -61,12 +64,3 @@ loc_reverseproxy:
|
|||
|
||||
- from: wikijs.auro.re
|
||||
to: "10.128.0.66:3000"
|
||||
|
||||
- from: wiki.auro.re
|
||||
to: "10.128.0.66:3000"
|
||||
|
||||
- from: netbox.auro.re
|
||||
to: 10.128.0.97
|
||||
|
||||
- from: grafana.auro.re
|
||||
to: "10.128.0.98:3000"
|
||||
|
|
1
host_vars/re2o-bdd.adm.auro.re.yml
Normal file
1
host_vars/re2o-bdd.adm.auro.re.yml
Normal file
|
@ -0,0 +1 @@
|
|||
postgresql_databases: true
|
48
hosts
48
hosts
|
@ -8,11 +8,10 @@
|
|||
###############################################################################
|
||||
# Aurore : main services
|
||||
|
||||
viviane.adm.auro.re
|
||||
|
||||
[aurore_pve]
|
||||
escalope.adm.auro.re
|
||||
services-1.pve.auro.re
|
||||
services-2.pve.auro.re
|
||||
services-3.pve.auro.re
|
||||
merlin.adm.auro.re
|
||||
|
||||
[aurore_vm]
|
||||
routeur-aurore.adm.auro.re
|
||||
|
@ -26,7 +25,7 @@ camelot.adm.auro.re
|
|||
gitea.adm.auro.re
|
||||
drone.adm.auro.re
|
||||
nextcloud.adm.auro.re
|
||||
galene.adm.auro.re
|
||||
stream.adm.auro.re
|
||||
re2o-server.adm.auro.re
|
||||
re2o-ldap.adm.auro.re
|
||||
re2o-db.adm.auro.re
|
||||
|
@ -40,16 +39,9 @@ bdd.adm.auro.re
|
|||
bdd-ovh.adm.auro.re
|
||||
litl.adm.auro.re
|
||||
log.adm.auro.re
|
||||
netbox.adm.auro.re
|
||||
grafana.adm.auro.re
|
||||
dolibarr.adm.auro.re
|
||||
infra-1.router.auro.re ansible_host=10.129.0.245
|
||||
infra-2.router.auro.re ansible_host=10.129.0.246
|
||||
|
||||
[aurore_testing_vm]
|
||||
|
||||
[aurore_ilo]
|
||||
escalope-ilo.adm.auro.re
|
||||
pendragon.adm.auro.re
|
||||
|
||||
###############################################################################
|
||||
# OVH
|
||||
|
@ -59,11 +51,15 @@ horus.adm.auro.re
|
|||
|
||||
[ovh_container]
|
||||
synapse.adm.auro.re
|
||||
phabricator.adm.auro.re
|
||||
wiki.adm.auro.re
|
||||
www.adm.auro.re
|
||||
proxy-ovh.adm.auro.re
|
||||
matrix-services.adm.auro.re
|
||||
|
||||
[ovh_vm]
|
||||
serge.adm.auro.re
|
||||
passbolt.adm.auro.re
|
||||
docker-ovh.adm.auro.re
|
||||
switchs-manager.adm.auro.re
|
||||
ldap-replica-ovh.adm.auro.re
|
||||
|
@ -81,6 +77,7 @@ prometheus-federate.adm.auro.re
|
|||
perceval.adm.auro.re
|
||||
|
||||
[fleming_pve]
|
||||
freya.adm.auro.re
|
||||
marki.adm.auro.re
|
||||
|
||||
[fleming_vm]
|
||||
|
@ -89,23 +86,14 @@ dhcp-fleming.adm.auro.re
|
|||
dhcp-fleming-backup.adm.auro.re
|
||||
dns-fleming.adm.auro.re
|
||||
dns-fleming-backup.adm.auro.re
|
||||
ntp-1.int.infra.auro.re
|
||||
prometheus-fleming.adm.auro.re
|
||||
#prometheus-fleming-fo.adm.auro.re
|
||||
radius-fleming.adm.auro.re
|
||||
dns-1.int.infra.auro.re
|
||||
isp-1.rtr.infra.auro.re
|
||||
isp-2.rtr.infra.auro.re
|
||||
dhcp-1.isp.auro.re
|
||||
dhcp-2.isp.auro.re
|
||||
radius-fleming-backup.adm.auro.re
|
||||
unifi-fleming.adm.auro.re
|
||||
routeur-fleming.adm.auro.re
|
||||
routeur-fleming-backup.adm.auro.re
|
||||
|
||||
[fleming_ilo]
|
||||
marki-ilo.adm.auro.re
|
||||
|
||||
[fleming_unifi]
|
||||
fa-0-1.borne.auro.re
|
||||
fa-1-1.borne.auro.re
|
||||
|
@ -222,10 +210,6 @@ unifi-pacaterie.adm.auro.re
|
|||
routeur-pacaterie.adm.auro.re
|
||||
routeur-pacaterie-backup.adm.auro.re
|
||||
|
||||
[pacaterie_ilo]
|
||||
mordred-ilo.adm.auro.re
|
||||
titan-ilo.adm.auro.re
|
||||
|
||||
[pacaterie_unifi]
|
||||
pc-1-1.borne.auro.re
|
||||
pn-0-1.borne.auro.re
|
||||
|
@ -281,10 +265,6 @@ radius-edc-backup.adm.auro.re
|
|||
ldap-replica-edc.adm.auro.re
|
||||
prometheus-edc.adm.auro.re
|
||||
|
||||
[edc_ilo]
|
||||
caradoc-ilo.adm.auro.re
|
||||
chapalux-ilo.adm.auro.re
|
||||
|
||||
[edc_unifi]
|
||||
ee-2-1.borne.auro.re
|
||||
ee-2-2.borne.auro.re
|
||||
|
@ -316,10 +296,6 @@ radius-gs-backup.adm.auro.re
|
|||
prometheus-gs.adm.auro.re
|
||||
ldap-replica-gs.adm.auro.re
|
||||
|
||||
[gs_ilo]
|
||||
lancelot-ilo.adm.auro.re
|
||||
odin-ilo.adm.auro.re
|
||||
|
||||
[gs_unifi]
|
||||
ga-0-1.borne.auro.re
|
||||
ga-1-1.borne.auro.re
|
||||
|
@ -374,6 +350,7 @@ gh-1-2.borne.auro.re
|
|||
###############################################################################
|
||||
# Les Rives
|
||||
[rives_pve]
|
||||
thor.adm.auro.re
|
||||
loki.adm.auro.re
|
||||
|
||||
[rives_vm]
|
||||
|
@ -389,9 +366,6 @@ dns-rives.adm.auro.re
|
|||
radius-rives.adm.auro.re
|
||||
routeur-rives.adm.auro.re
|
||||
|
||||
[rives_ilo]
|
||||
loki-ilo.adm.auro.re
|
||||
|
||||
[rives_unifi]
|
||||
r1-1-1.borne.auro.re
|
||||
r1-1-2.borne.auro.re
|
||||
|
|
|
@ -1,10 +1,7 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts: all
|
||||
roles: []
|
||||
|
||||
# Clone LDAP on local geographic location
|
||||
# DON'T DO THIS AS IT RECREATES THE REPLICA
|
||||
# - hosts: ldap_replica
|
||||
# roles:
|
||||
# - ldap_replica
|
||||
- hosts: ldap_replica
|
||||
roles:
|
||||
- ldap_replica
|
1
playbooks/rsyslog.yml → log.yml
Executable file → Normal file
1
playbooks/rsyslog.yml → log.yml
Executable file → Normal file
|
@ -1,4 +1,3 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts: log.adm.auro.re
|
||||
roles:
|
|
@ -1,18 +1,18 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
# Install Matrix Synapse
|
||||
# Install Matrix Synapse on corresponding containers
|
||||
- hosts: synapse.adm.auro.re
|
||||
vars:
|
||||
mxisd_releases: https://github.com/kamax-matrix/mxisd/releases
|
||||
mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb"
|
||||
update_motd:
|
||||
matrix-synapse: matrix-synapse est déployé.
|
||||
matrix-appservice-irc: matrix-appservice-irc est déployé.
|
||||
matrix-appservice-webhooks: matrix-appservice-webhooks est déployé.
|
||||
roles:
|
||||
- debian_backports
|
||||
- nodejs
|
||||
- matrix_synapse
|
||||
- matrix_appservice_irc
|
||||
- matrix_appservice_webhooks
|
||||
- update_motd
|
||||
|
||||
# Install Matrix services
|
||||
- hosts: matrix-services.adm.auro.re
|
||||
roles:
|
||||
- debian_backports
|
187
monitoring.yml
Executable file
187
monitoring.yml
Executable file
|
@ -0,0 +1,187 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts: prometheus-fleming.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
|
||||
# Prometheus targets.json
|
||||
prometheus_targets:
|
||||
- targets: |
|
||||
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
|
||||
prometheus_unifi_snmp_targets:
|
||||
- targets: "{{ groups['fleming_unifi'] | list | sort }}"
|
||||
roles:
|
||||
- prometheus
|
||||
|
||||
- hosts: prometheus-pacaterie.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
|
||||
# Prometheus targets.json
|
||||
prometheus_targets:
|
||||
- targets: |
|
||||
{{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
|
||||
prometheus_unifi_snmp_targets:
|
||||
- targets: "{{ groups['pacaterie_unifi'] | list | sort }}"
|
||||
prometheus_ups_snmp_targets:
|
||||
- ups-pn-1.ups.auro.re
|
||||
- ups-ps-1.ups.auro.re
|
||||
roles:
|
||||
- prometheus
|
||||
|
||||
- hosts: prometheus-edc.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
|
||||
# Prometheus targets.json
|
||||
prometheus_ups_snmp_targets:
|
||||
- ups-ec-1.ups.auro.re
|
||||
- ups-ec-2.ups.auro.re
|
||||
- ups-ec-3.ups.auro.re
|
||||
|
||||
prometheus_targets:
|
||||
- targets: |
|
||||
{{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
|
||||
prometheus_unifi_snmp_targets:
|
||||
- targets: "{{ groups['edc_unifi'] | list | sort }}"
|
||||
roles:
|
||||
- prometheus
|
||||
|
||||
- hosts: prometheus-gs.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
|
||||
# Prometheus targets.json
|
||||
prometheus_targets:
|
||||
- targets: |
|
||||
{{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
|
||||
prometheus_unifi_snmp_targets:
|
||||
- targets: "{{ groups['gs_unifi'] | list | sort }}"
|
||||
prometheus_ups_snmp_targets:
|
||||
- ups-gk-1.ups.auro.re
|
||||
prometheus_pdu_snmp_targets:
|
||||
- pdu-ga-1.ups.auro.re
|
||||
roles:
|
||||
- prometheus
|
||||
|
||||
- hosts: prometheus-rives.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
|
||||
# Prometheus targets.json
|
||||
prometheus_ups_snmp_targets:
|
||||
- ups-r3-1.ups.auro.re
|
||||
- ups-r1-1.ups.auro.re
|
||||
|
||||
prometheus_targets:
|
||||
- targets: |
|
||||
{{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
|
||||
prometheus_unifi_snmp_targets:
|
||||
- targets: "{{ groups['rives_unifi'] | list | sort }}"
|
||||
roles:
|
||||
- prometheus
|
||||
|
||||
- hosts: prometheus-aurore.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
|
||||
# Prometheus targets.json
|
||||
prometheus_targets:
|
||||
- targets: |
|
||||
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
|
||||
prometheus_postgres_targets:
|
||||
- targets: |
|
||||
{{ groups['bdd'] + groups['radius'] | list | sort }}
|
||||
prometheus_switch_snmp_targets:
|
||||
- targets:
|
||||
- yggdrasil.switch.auro.re
|
||||
- sw-pn-serveurs.switch.auro.re
|
||||
- sw-ec-serveurs.switch.auro.re
|
||||
- sw-gk-serveurs.switch.auro.re
|
||||
- sw-fl-serveurs.switch.auro.re
|
||||
- sw-ff-uplink.switch.auro.re
|
||||
- sw-fl-core.switch.auro.re
|
||||
- sw-fd-vcore.switch.auro.re
|
||||
- sw-fl-vcore.switch.auro.re
|
||||
- sw-ff-vcore.switch.auro.re
|
||||
- sw-pn-core.switch.auro.re
|
||||
- sw-ec-core.switch.auro.re
|
||||
- sw-gk-core.switch.auro.re
|
||||
- sw-r3-core.switch.auro.re
|
||||
roles:
|
||||
- prometheus
|
||||
|
||||
- hosts: prometheus-ovh.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
|
||||
# Prometheus targets.json
|
||||
prometheus_targets:
|
||||
- targets: |
|
||||
{{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
|
||||
prometheus_postgres_targets:
|
||||
- targets:
|
||||
- bdd-ovh.adm.auro.re
|
||||
prometheus_docker_targets:
|
||||
- docker-ovh.adm.auro.re
|
||||
roles:
|
||||
- prometheus
|
||||
|
||||
|
||||
- hosts: prometheus-federate.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
|
||||
# Prometheus targets.json
|
||||
prometheus_targets:
|
||||
- prometheus-edc.adm.auro.re
|
||||
- prometheus-gs.adm.auro.re
|
||||
- prometheus-fleming.adm.auro.re
|
||||
- prometheus-pacaterie.adm.auro.re
|
||||
- prometheus-rives.adm.auro.re
|
||||
- prometheus-aurore.adm.auro.re
|
||||
- prometheus-ovh.adm.auro.re
|
||||
roles:
|
||||
- prometheus_federate
|
||||
|
||||
# Postgres Exporters
|
||||
- hosts: bdd,radius
|
||||
roles:
|
||||
- prometheus_postgres
|
||||
|
||||
|
||||
# Monitor all hosts
|
||||
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
|
||||
roles:
|
||||
- prometheus_node
|
65
network.yml
Executable file
65
network.yml
Executable file
|
@ -0,0 +1,65 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
# Set up DHCP servers.
|
||||
- hosts: dhcp-*.adm.auro.re
|
||||
roles:
|
||||
- isc_dhcp_server
|
||||
|
||||
|
||||
# Deploy unbound DNS server (recursive).
|
||||
- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
|
||||
roles:
|
||||
- unbound
|
||||
|
||||
|
||||
# Déploiement du service re2o aurore-firewall et keepalived
|
||||
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
|
||||
# Must NOT be on routeur-aurore-*, or will with DHCPv6!
|
||||
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
|
||||
roles:
|
||||
- router
|
||||
- radvd
|
||||
|
||||
# No radvd here
|
||||
- hosts: ~routeur-aurore.*\.adm\.auro\.re
|
||||
roles:
|
||||
- router
|
||||
- ipv6_edge_router
|
||||
|
||||
# Radius (backup only for now)
|
||||
- hosts: radius-*.adm.auro.re
|
||||
roles:
|
||||
- radius
|
||||
|
||||
|
||||
# WIP: Deploy authoritative DNS servers
|
||||
# - hosts: authoritative_dns
|
||||
# vars:
|
||||
# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
|
||||
# service_name: dns
|
||||
# service_version: crans
|
||||
# service_config:
|
||||
# hostname: re2o-server.adm.auro.re
|
||||
# username: service-user
|
||||
# password: "{{ vault_serviceuser_passwd }}"
|
||||
# roles:
|
||||
# - re2o_service
|
||||
|
||||
|
||||
# Deploy Unifi Controller
|
||||
# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
|
||||
# roles:
|
||||
# - unifi-controller
|
||||
|
||||
# Deploy Re2o switch service
|
||||
# - hosts: switchs-manager.adm.auro.re
|
||||
# vars:
|
||||
# service_repo: https://gitlab.federez.net/re2o/switchs.git
|
||||
# service_name: switchs
|
||||
# service_version: master
|
||||
# service_config:
|
||||
# hostname: re2o-server.adm.auro.re
|
||||
# username: service-user
|
||||
# password: "{{ vault_serviceuser_passwd }}"
|
||||
# roles:
|
||||
# - re2o_service
|
|
@ -1,32 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts: perceval.adm.auro.re
|
||||
vars:
|
||||
update_motd:
|
||||
borgbackup_server: >-
|
||||
Les sauvegardes (borg) sont stockées dans
|
||||
{{ borg_server_backups_dir }}.
|
||||
roles:
|
||||
- borgbackup_server
|
||||
- update_motd
|
||||
|
||||
- hosts: all,!unifi,!unifi-*,!bdd
|
||||
vars:
|
||||
update_motd:
|
||||
borgbackup_client: >-
|
||||
BorgBackup est déployé (/etc/borgmatic/config.yaml)
|
||||
roles:
|
||||
- borgbackup_client
|
||||
- update_motd
|
||||
|
||||
# On databases server, also backup databases
|
||||
- hosts: bdd
|
||||
vars:
|
||||
borg_postgresql_databases: true
|
||||
update_motd:
|
||||
borgbackup_client: >-
|
||||
BorgBackup est déployé (/etc/borgmatic/config.yaml)
|
||||
roles:
|
||||
- borgbackup_client
|
||||
- update_motd
|
||||
...
|
|
@ -1,27 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- ntp-1.int.infra.auro.re
|
||||
vars:
|
||||
chronyd__allow_networks:
|
||||
- 10.128.0.0/16
|
||||
- 2a09:6840:128::/48
|
||||
chronyd__pools:
|
||||
- 0.pool.ntp.org
|
||||
- 1.pool.ntp.org
|
||||
- 2.pool.ntp.org
|
||||
- 3.pool.ntp.org
|
||||
chronyd__local_stratum: 10
|
||||
roles:
|
||||
- chronyd
|
||||
|
||||
- hosts:
|
||||
- all
|
||||
- "!ntp-1.int.infra.auro.re"
|
||||
- "!unifi"
|
||||
vars:
|
||||
chronyd__pools:
|
||||
- ntp-1.int.infra.auro.re
|
||||
roles:
|
||||
- chronyd
|
||||
...
|
|
@ -1,10 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
# Deploy Docker hosts
|
||||
- hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,wikijs.adm.auro.re
|
||||
vars:
|
||||
update_motd:
|
||||
docker: Docker est déployé.
|
||||
roles:
|
||||
- docker
|
||||
- update_motd
|
|
@ -1,27 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
# Deploy Grafana
|
||||
- hosts: grafana.adm.auro.re
|
||||
vars:
|
||||
grafana:
|
||||
root_url: https://grafana.auro.re
|
||||
database:
|
||||
type: postgres
|
||||
host: 10.128.0.95
|
||||
name: grafana
|
||||
user: grafana
|
||||
password: "{{ vault_postgresql_grafana_passwd }}"
|
||||
ldap:
|
||||
host: "re2o-ldap.adm.auro.re ldap-replica-ovh.adm.auro.re 10.128.0.21 10.128.0.149"
|
||||
bind_dn: cn=grafana,ou=service-users,dc=auro,dc=re
|
||||
bind_password: "{{ vault_ldap_grafana_password }}"
|
||||
search_base_dns: "cn=Utilisateurs,dc=auro,dc=re"
|
||||
group_search_base_dns: "ou=posix,ou=groups,dc=auro,dc=re"
|
||||
editors_group_dn:
|
||||
- cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
|
||||
- cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
|
||||
update_motd:
|
||||
grafana: Grafana est déployé (/etc/grafana).
|
||||
roles:
|
||||
- grafana
|
||||
- update_motd
|
|
@ -1,213 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- ntp-1.int.infra.auro.re
|
||||
- dns-1.int.infra.auro.re
|
||||
- dhcp-1.isp.auro.re
|
||||
- dhcp-2.isp.auro.re
|
||||
- isp-1.rtr.infra.auro.re
|
||||
- isp-2.rtr.infra.auro.re
|
||||
vars:
|
||||
# TODO: netbox
|
||||
ifupdown2__hosts:
|
||||
ntp-1.int.infra.auro.re:
|
||||
ens18:
|
||||
gateways:
|
||||
- 2a09:6840:128::254
|
||||
- 10.128.0.254
|
||||
addresses:
|
||||
- 2a09:6840:128::203/56
|
||||
- 10.128.0.203/16
|
||||
dns-1.int.infra.auro.re:
|
||||
ens18:
|
||||
gateways:
|
||||
- 2a09:6840:128::254
|
||||
- 10.128.0.254
|
||||
addresses:
|
||||
- 2a09:6840:128::127/56
|
||||
- 10.128.0.127/16
|
||||
dhcp-1.isp.auro.re:
|
||||
ens18:
|
||||
gateways:
|
||||
- 2a09:6840:128::254
|
||||
- 10.128.0.254
|
||||
addresses:
|
||||
- 2a09:6840:128::204/56
|
||||
- 10.128.0.204/16
|
||||
ens19: null
|
||||
clients:
|
||||
bridge_vlan_aware: true
|
||||
bridge_ports:
|
||||
- ens19
|
||||
bridge_vids:
|
||||
- 1000-1004
|
||||
client-0:
|
||||
addresses:
|
||||
- 100.64.0.2/27
|
||||
vlan_id: 1000
|
||||
vlan_raw_device: clients
|
||||
client-1:
|
||||
addresses:
|
||||
- 100.64.0.34/27
|
||||
vlan_id: 1001
|
||||
vlan_raw_device: clients
|
||||
client-2:
|
||||
addresses:
|
||||
- 100.64.0.66/27
|
||||
vlan_id: 1002
|
||||
vlan_raw_device: clients
|
||||
client-3:
|
||||
addresses:
|
||||
- 100.64.0.98/27
|
||||
vlan_id: 1003
|
||||
vlan_raw_device: clients
|
||||
client-4:
|
||||
addresses:
|
||||
- 100.64.0.130/27
|
||||
vlan_id: 1004
|
||||
vlan_raw_device: clients
|
||||
dhcp-2.isp.auro.re:
|
||||
ens18:
|
||||
gateways:
|
||||
- 2a09:6840:128::254
|
||||
- 10.128.0.254
|
||||
addresses:
|
||||
- 2a09:6840:128::91/56
|
||||
- 10.128.0.91/16
|
||||
ens19: null
|
||||
clients:
|
||||
bridge_vlan_aware: true
|
||||
bridge_ports:
|
||||
- ens19
|
||||
bridge_vids:
|
||||
- 1000-1004
|
||||
client-0:
|
||||
addresses:
|
||||
- 100.64.0.3/27
|
||||
vlan_id: 1000
|
||||
vlan_raw_device: clients
|
||||
client-1:
|
||||
addresses:
|
||||
- 100.64.0.35/27
|
||||
vlan_id: 1001
|
||||
vlan_raw_device: clients
|
||||
client-2:
|
||||
addresses:
|
||||
- 100.64.0.67/27
|
||||
vlan_id: 1002
|
||||
vlan_raw_device: clients
|
||||
client-3:
|
||||
addresses:
|
||||
- 100.64.0.99/27
|
||||
vlan_id: 1003
|
||||
vlan_raw_device: clients
|
||||
client-4:
|
||||
addresses:
|
||||
- 100.64.0.131/27
|
||||
vlan_id: 1004
|
||||
vlan_raw_device: clients
|
||||
isp-1.rtr.infra.auro.re:
|
||||
ens18:
|
||||
gateways:
|
||||
- 2a09:6840:128::254
|
||||
- 10.128.0.254
|
||||
addresses:
|
||||
- 2a09:6840:128::255/56
|
||||
- 10.128.0.255/16
|
||||
ens19: null
|
||||
clients:
|
||||
bridge_vlan_aware: true
|
||||
bridge_ports:
|
||||
- ens19
|
||||
bridge_vids:
|
||||
- 1000-1004
|
||||
bridge_disable_pvid: true
|
||||
forward: true
|
||||
ipv6_addrgen: false
|
||||
client-0:
|
||||
forward: true
|
||||
vlan_id: 1000
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
client-1:
|
||||
forward: true
|
||||
vlan_id: 1001
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
client-2:
|
||||
forward: true
|
||||
vlan_id: 1002
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
client-3:
|
||||
forward: true
|
||||
vlan_id: 1003
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
client-4:
|
||||
forward: true
|
||||
vlan_id: 1004
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
isp-2.rtr.infra.auro.re:
|
||||
ens18:
|
||||
gateways:
|
||||
- 2a09:6840:128::254
|
||||
- 10.128.0.254
|
||||
addresses:
|
||||
- 2a09:6840:128::158/56
|
||||
- 10.128.0.158/16
|
||||
ens19: null
|
||||
clients:
|
||||
bridge_vlan_aware: true
|
||||
bridge_ports:
|
||||
- ens19
|
||||
bridge_vids:
|
||||
- 1000-1004
|
||||
client-0:
|
||||
forward: true
|
||||
vlan_id: 1000
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
client-1:
|
||||
forward: true
|
||||
vlan_id: 1001
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
client-2:
|
||||
forward: true
|
||||
vlan_id: 1002
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
client-3:
|
||||
forward: true
|
||||
vlan_id: 1003
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
client-4:
|
||||
forward: true
|
||||
vlan_id: 1004
|
||||
vlan_raw_device: clients
|
||||
ipv6_addrgen: false
|
||||
ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
|
||||
roles:
|
||||
- ifupdown2
|
||||
|
||||
- hosts:
|
||||
- ntp-1.int.infra.auro.re
|
||||
- dns-1.int.infra.auro.re
|
||||
- dhcp-1.isp.auro.re
|
||||
- dhcp-2.isp.auro.re
|
||||
- isp-1.rtr.infra.auro.re
|
||||
- isp-2.rtr.infra.auro.re
|
||||
vars:
|
||||
resolvconf__nameservers:
|
||||
- 2a09:6840:128::127
|
||||
- 10.128.0.127
|
||||
resolvconf__domain: auro.re
|
||||
resolvconf__search:
|
||||
- "{{ inventory_hostname | remove_domain_suffix }}"
|
||||
- auro.re
|
||||
roles:
|
||||
- resolvconf
|
||||
...
|
|
@ -1,9 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts: dhcp-*.adm.auro.re
|
||||
vars:
|
||||
update_motd:
|
||||
unbound: isc-dhcp-server est déployé.
|
||||
roles:
|
||||
- isc_dhcp_server
|
||||
- update_motd
|
|
@ -1,32 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- isp-1.rtr.infra.auro.re
|
||||
- isp-2.rtr.infra.auro.re
|
||||
vars:
|
||||
keepalived__virtual_router_id: 80
|
||||
keepalived__interface: ens18
|
||||
keepalived__virtual_addresses:
|
||||
client-0:
|
||||
- 100.64.0.1/27
|
||||
- 2a09:6841::/56
|
||||
- fe80::1/10
|
||||
client-1:
|
||||
- 100.64.0.33/27
|
||||
- 2a09:6841:0:100::/56
|
||||
- fe80::1/10
|
||||
client-2:
|
||||
- 100.64.0.65/27
|
||||
- 2a09:6841:0:100::/56
|
||||
- fe80::1/10
|
||||
client-3:
|
||||
- 100.64.0.97/27
|
||||
- 2a09:6841:0:200::/56
|
||||
- fe80::1/10
|
||||
client-4:
|
||||
- 100.64.0.129/27
|
||||
- 2a09:6841:0:300::/56
|
||||
- fe80::1/10
|
||||
roles:
|
||||
- keepalived
|
||||
...
|
|
@ -1,17 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts: all
|
||||
roles: []
|
||||
|
||||
# WIP: Deploy authoritative DNS servers
|
||||
# - hosts: authoritative_dns
|
||||
# vars:
|
||||
# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
|
||||
# service_name: dns
|
||||
# service_version: crans
|
||||
# service_config:
|
||||
# hostname: re2o-server.adm.auro.re
|
||||
# username: service-user
|
||||
# password: "{{ vault_serviceuser_passwd }}"
|
||||
# roles:
|
||||
# - re2o_service
|
|
@ -1,170 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
# Install and configure database servers at Saclay
|
||||
- hosts: bdd.adm.auro.re
|
||||
vars:
|
||||
postgresql:
|
||||
version: 13
|
||||
hosts:
|
||||
- database: nextcloud
|
||||
user: nextcloud
|
||||
net: 10.128.0.58/32
|
||||
method: md5
|
||||
- database: gitea
|
||||
user: gitea
|
||||
net: 10.128.0.60/32
|
||||
method: md5
|
||||
- database: wikijs
|
||||
user: wikijs
|
||||
net: 10.128.0.66/32
|
||||
method: md5
|
||||
- database: drone
|
||||
user: drone
|
||||
net: 10.128.0.64/32
|
||||
method: md5
|
||||
- database: netbox
|
||||
user: netbox
|
||||
net: 10.128.0.97/32
|
||||
method: md5
|
||||
- database: grafana
|
||||
user: grafana
|
||||
net: 10.128.0.98/32
|
||||
method: md5
|
||||
- database: dolibarr
|
||||
user: dolibarr
|
||||
net: 10.128.0.236/32
|
||||
method: md5
|
||||
- database: rt5
|
||||
user: rt5
|
||||
net: 10.128.0.123/32
|
||||
method: md5
|
||||
databases:
|
||||
- nextcloud
|
||||
- gitea
|
||||
- wikijs
|
||||
- drone
|
||||
- netbox
|
||||
- grafana
|
||||
- dolibarr
|
||||
- rt5
|
||||
users:
|
||||
- name: nextcloud
|
||||
database: nextcloud
|
||||
password: "{{ vault_postgresql_nextcloud_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: gitea
|
||||
database: gitea
|
||||
password: "{{ vault_postgresql_gitea_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: wikijs
|
||||
database: wikijs
|
||||
password: "{{ vault_postgresql_wikijs_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: drone
|
||||
database: drone
|
||||
password: "{{ vault_postgresql_drone_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: netbox
|
||||
database: netbox
|
||||
password: "{{ vault_postgresql_netbox_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: grafana
|
||||
database: grafana
|
||||
password: "{{ vault_postgresql_grafana_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: dolibarr
|
||||
database: dolibarr
|
||||
password: "{{ vault_postgresql_dolibarr_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: rt5
|
||||
database: rt5
|
||||
password: "{{ vault_postgresql_rt5_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
update_motd:
|
||||
postgresql: PostgreSQL est déployé.
|
||||
roles:
|
||||
- postgresql
|
||||
- update_motd
|
||||
|
||||
# Install and configure database servers at OVH
|
||||
- hosts: bdd-ovh.adm.auro.re
|
||||
vars:
|
||||
postgresql:
|
||||
version: 13
|
||||
hosts:
|
||||
- database: etherpad
|
||||
user: etherpad
|
||||
net: 10.128.0.150/32
|
||||
method: md5
|
||||
- database: codimd
|
||||
user: codimd
|
||||
net: 10.128.0.150/32
|
||||
method: md5
|
||||
- database: synapse
|
||||
user: synapse
|
||||
net: 10.128.0.56/32
|
||||
method: md5
|
||||
- database: kanboard
|
||||
user: kanboard
|
||||
net: 10.128.0.150/32
|
||||
method: md5
|
||||
- database: cas
|
||||
user: cas
|
||||
net: 10.128.0.150/32
|
||||
method: md5
|
||||
- database: appservice-discord
|
||||
user: appservice-discord
|
||||
net: 10.128.0.150/32
|
||||
method: md5
|
||||
databases:
|
||||
- synapse
|
||||
- codimd
|
||||
- etherpad
|
||||
- kanboard
|
||||
- cas
|
||||
- appservice-discord
|
||||
users:
|
||||
- name: synapse
|
||||
database: synapse
|
||||
password: "{{ vault_postgresql_synapse_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: codimd
|
||||
database: codimd
|
||||
password: "{{ vault_postgresql_codimd_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: etherpad
|
||||
database: etherpad
|
||||
password: "{{ vault_postgresql_etherpad_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: kanboard
|
||||
database: kanboard
|
||||
password: "{{ vault_postgresql_kanboard_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: cas
|
||||
database: cas
|
||||
password: "{{ vault_postgresql_cas_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
- name: appservice-discord
|
||||
database: appservice-discord
|
||||
password: "{{ vault_postgresql_appservice_discord_passwd }}"
|
||||
privs:
|
||||
- ALL
|
||||
update_motd:
|
||||
postgresql: PostgreSQL est déployé.
|
||||
roles:
|
||||
- postgresql
|
||||
- update_motd
|
||||
...
|
|
@ -1,241 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts: prometheus-fleming.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
snmp_ilo_user: aurore
|
||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
|
||||
prometheus_servers_targets: |
|
||||
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
|
||||
prometheus_unifi_snmp_targets: |
|
||||
{{ groups['fleming_unifi'] | list | sort }}
|
||||
prometheus_ilo_snmp_targets: |
|
||||
{{ groups['fleming_ilo'] | list | sort }}
|
||||
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration fleming) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-pacaterie.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
snmp_ilo_user: aurore
|
||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
|
||||
prometheus_servers_targets: |
|
||||
{{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
|
||||
prometheus_unifi_snmp_targets: |
|
||||
{{ groups['pacaterie_unifi'] | list | sort }}
|
||||
prometheus_ups_snmp_targets:
|
||||
- ups-pn-1.ups.auro.re
|
||||
- ups-ps-1.ups.auro.re
|
||||
prometheus_ilo_snmp_targets: |
|
||||
{{ groups['pacaterie_ilo'] | list | sort }}
|
||||
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-edc.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
snmp_ilo_user: aurore
|
||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
|
||||
prometheus_ups_snmp_targets:
|
||||
- ups-ec-1.ups.auro.re
|
||||
# - ups-ec-2.ups.auro.re
|
||||
- ups-ec-3.ups.auro.re
|
||||
prometheus_servers_targets: |
|
||||
{{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
|
||||
prometheus_unifi_snmp_targets: |
|
||||
{{ groups['edc_unifi'] | list | sort }}
|
||||
prometheus_ilo_snmp_targets: |
|
||||
{{ groups['edc_ilo'] | list | sort }}
|
||||
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration edc) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-gs.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
snmp_ilo_user: aurore
|
||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
|
||||
prometheus_servers_targets: |
|
||||
{{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
|
||||
prometheus_unifi_snmp_targets: |
|
||||
{{ groups['gs_unifi'] | list | sort }}
|
||||
prometheus_ups_snmp_targets:
|
||||
- ups-gk-1.ups.auro.re
|
||||
prometheus_apc_pdu_snmp_targets:
|
||||
- pdu-ga-1.ups.auro.re
|
||||
prometheus_ilo_snmp_targets: |
|
||||
{{ groups['gs_ilo'] | list | sort }}
|
||||
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration gs) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-rives.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
snmp_ilo_user: aurore
|
||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
|
||||
prometheus_ups_snmp_targets:
|
||||
- ups-r3-1.ups.auro.re
|
||||
- ups-r1-1.ups.auro.re
|
||||
prometheus_servers_targets: |
|
||||
{{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
|
||||
prometheus_unifi_snmp_targets: |
|
||||
{{ groups['rives_unifi'] | list | sort }}
|
||||
prometheus_ilo_snmp_targets: |
|
||||
{{ groups['rives_ilo'] | list | sort }}
|
||||
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration rives) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-aurore.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
snmp_ilo_user: aurore
|
||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
|
||||
prometheus_servers_targets: |
|
||||
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
|
||||
prometheus_postgresql_targets: |
|
||||
{{ groups['bdd'] + groups['radius'] | list | sort }}
|
||||
prometheus_switch_snmp_targets:
|
||||
- yggdrasil.switch.auro.re
|
||||
- sw-pn-serveurs.switch.auro.re
|
||||
- sw-ec-serveurs.switch.auro.re
|
||||
- sw-gk-serveurs.switch.auro.re
|
||||
- sw-fl-serveurs.switch.auro.re
|
||||
- sw-ff-uplink.switch.auro.re
|
||||
- sw-fl-core.switch.auro.re
|
||||
- sw-fd-vcore.switch.auro.re
|
||||
- sw-fl-vcore.switch.auro.re
|
||||
- sw-ff-vcore.switch.auro.re
|
||||
- sw-pn-core.switch.auro.re
|
||||
- sw-ec-core.switch.auro.re
|
||||
- sw-gk-core.switch.auro.re
|
||||
- sw-r3-core.switch.auro.re
|
||||
prometheus_ilo_snmp_targets: |
|
||||
{{ groups['aurore_ilo'] | list | sort }}
|
||||
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration aurore) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-ovh.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
snmp_ilo_user: aurore
|
||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
|
||||
prometheus_servers_targets: |
|
||||
{{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
|
||||
prometheus_postgresql_targets:
|
||||
- bdd-ovh.adm.auro.re
|
||||
prometheus_docker_targets:
|
||||
- docker-ovh.adm.auro.re
|
||||
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration ovh) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-federate.adm.auro.re
|
||||
vars:
|
||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||
snmp_ilo_user: aurore
|
||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||
|
||||
prometheus_servers_targets:
|
||||
- prometheus-edc.adm.auro.re
|
||||
- prometheus-gs.adm.auro.re
|
||||
- prometheus-fleming.adm.auro.re
|
||||
- prometheus-pacaterie.adm.auro.re
|
||||
- prometheus-rives.adm.auro.re
|
||||
- prometheus-aurore.adm.auro.re
|
||||
- prometheus-ovh.adm.auro.re
|
||||
|
||||
update_motd:
|
||||
prometheus_federate: >-
|
||||
Prometheus (en configuration fédération) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus_federate
|
||||
- update_motd
|
||||
|
||||
# Postgres Exporters
|
||||
- hosts: bdd,radius
|
||||
roles:
|
||||
- prometheus_postgres
|
||||
|
||||
# Monitor all hosts
|
||||
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
|
||||
roles:
|
||||
- prometheus_node
|
|
@ -1,10 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
# Deploy Radius
|
||||
- hosts: radius-*.adm.auro.re
|
||||
vars:
|
||||
update_motd:
|
||||
unbound: FreeRADIUS est déployé.
|
||||
roles:
|
||||
- radius
|
||||
- update_motd
|
|
@ -1,9 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts: all,!unifi
|
||||
vars:
|
||||
root_shell: /bin/bash
|
||||
root_password: "{{ vault_root_password }}"
|
||||
roles:
|
||||
- root_account
|
||||
...
|
|
@ -1,23 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
# Deploy firewall and keepalived
|
||||
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
|
||||
# Must NOT be on routeur-aurore-*, or will with DHCPv6!
|
||||
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
|
||||
vars:
|
||||
update_motd:
|
||||
unbound: Le routage (avec radvd) est déployé.
|
||||
roles:
|
||||
- router
|
||||
- radvd
|
||||
- update_motd
|
||||
|
||||
# No radvd here
|
||||
- hosts: ~routeur-aurore.*\.adm\.auro\.re
|
||||
vars:
|
||||
update_motd:
|
||||
unbound: Le routage (avec DHCPv6) est déployé.
|
||||
roles:
|
||||
- router
|
||||
- ipv6_edge_router
|
||||
- update_motd
|
|
@ -1,14 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts: all,!unifi
|
||||
vars:
|
||||
openssh_users_ca_public_key:
|
||||
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\
|
||||
hBIpT7d7WeR88bs53KkNkZNOzkPJ7CQ5Ui6Wl9LXzAjjIdH+hKJieBMHrKew7+kzxGYaTqXW\
|
||||
F1fQWsACG6aniy7VZpsdgTaNw7qr9frGfmo950V7IlU6w1HRc5c+3oVBWpg=="
|
||||
openssh_authorized_principals:
|
||||
- any
|
||||
- "{{ inventory_hostname }}"
|
||||
roles:
|
||||
- openssh_server
|
||||
...
|
|
@ -1,17 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts: all
|
||||
roles: []
|
||||
|
||||
# Deploy Re2o switch service
|
||||
# - hosts: switchs-manager.adm.auro.re
|
||||
# vars:
|
||||
# service_repo: https://gitlab.federez.net/re2o/switchs.git
|
||||
# service_name: switchs
|
||||
# service_version: master
|
||||
# service_config:
|
||||
# hostname: re2o-server.adm.auro.re
|
||||
# username: service-user
|
||||
# password: "{{ vault_serviceuser_passwd }}"
|
||||
# roles:
|
||||
# - re2o_service
|
|
@ -1,10 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
# Deploy unbound DNS server (recursive).
|
||||
- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
|
||||
vars:
|
||||
update_motd:
|
||||
unbound: Unbound est déployé.
|
||||
roles:
|
||||
- unbound
|
||||
- update_motd
|
|
@ -1,9 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts: all
|
||||
roles: []
|
||||
|
||||
# Deploy Unifi Controller
|
||||
# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
|
||||
# roles:
|
||||
# - unifi-controller
|
432
proxmox.yml
Executable file
432
proxmox.yml
Executable file
|
@ -0,0 +1,432 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
# This is a special playbook to create a new VM !
|
||||
- hosts: proxy.adm.auro.re # Host with python-proxmoxer and python-requests
|
||||
become: false # We do not need root as we use Proxmox API
|
||||
|
||||
vars:
|
||||
vm_definitions:
|
||||
|
||||
# Réseau Pacaterie
|
||||
- name: ldap-replica-pacaterie
|
||||
virtu: mordred
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dhcp-pacaterie
|
||||
virtu: mordred
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dns-pacaterie
|
||||
virtu: mordred
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: prometheus-pacaterie
|
||||
virtu: mordred
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: radius-pacaterie
|
||||
virtu: mordred
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: unifi-pacaterie
|
||||
virtu: mordred
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-9.9.0-amd64-netinst.iso
|
||||
|
||||
# Réseau Fleming
|
||||
- name: ldap-replica-fleming1
|
||||
virtu: freya
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dhcp-fleming
|
||||
virtu: freya
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dns-fleming
|
||||
virtu: freya
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: prometheus-fleming
|
||||
virtu: freya
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: radius-fleming
|
||||
virtu: freya
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: unifi-fleming
|
||||
virtu: freya
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-9.9.0-amd64-netinst.iso
|
||||
|
||||
# Réseau EdC
|
||||
- name: ldap-replica-edc1
|
||||
virtu: chapalux
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dhcp-edc
|
||||
virtu: chapalux
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dns-edc
|
||||
virtu: chapalux
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: prometheus-edc
|
||||
virtu: chapalux
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: radius-edc
|
||||
virtu: chapalux
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: unifi-edc
|
||||
virtu: chapalux
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-9.9.0-amd64-netinst.iso
|
||||
|
||||
# Réseau George Sand
|
||||
- name: ldap-replica-gs1
|
||||
virtu: perceval
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dhcp-gs
|
||||
virtu: perceval
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dns-gs
|
||||
virtu: perceval
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: prometheus-gs
|
||||
virtu: perceval
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: radius-gs
|
||||
virtu: perceval
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: unifi-gs
|
||||
virtu: perceval
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-9.9.0-amd64-netinst.iso
|
||||
|
||||
vars_prompt:
|
||||
- name: "password"
|
||||
prompt: "Enter LDAP password for your user"
|
||||
private: true
|
||||
|
||||
tasks:
|
||||
- name: Define a virtual machine in Proxmox
|
||||
proxmox_kvm:
|
||||
api_user: "{{ ansible_user_id }}@pam"
|
||||
api_password: "{{ password }}"
|
||||
api_host: "{{ item.virtu }}.adm.auro.re"
|
||||
name: "{{ item.name }}"
|
||||
node: "{{ item.virtu }}"
|
||||
scsihw: virtio-scsi-pci
|
||||
scsi: '{"scsi0":"{{ item.virtu }}:{{ item.disksize }},format=raw"}'
|
||||
sata: '{"sata0":"local:iso/{{ item.installiso }},media=cdrom"}'
|
||||
net: '{"net0":"virtio,bridge=vmbr2"}' # Adm only by default
|
||||
cores: "{{ item.cores }}"
|
||||
memory: "{{ item.memory }}"
|
||||
balloon: "{{ item.memory // 2 }}"
|
||||
bios: seabios # Ansible module doesn't support UEFI boot disk
|
||||
loop:
|
||||
# Réseau Fleming
|
||||
- name: ldap-replica-fleming
|
||||
virtu: freya
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dhcp-fleming
|
||||
virtu: freya
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dns-fleming
|
||||
virtu: freya
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: prometheus-fleming
|
||||
virtu: freya
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: radius-fleming
|
||||
virtu: freya
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: unifi-fleming
|
||||
virtu: freya
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-9.9.0-amd64-netinst.iso
|
||||
- name: routeur-fleming
|
||||
virtu: freya
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
|
||||
- name: ldap-replica-fleming-fo
|
||||
virtu: marki
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dhcp-fleming-fo
|
||||
virtu: marki
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dns-fleming-fo
|
||||
virtu: marki
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: prometheus-fleming-fo
|
||||
virtu: marki
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: radius-fleming-fo
|
||||
virtu: marki
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: routeur-fleming-fo
|
||||
virtu: marki
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
|
||||
# Réseau Pacaterie
|
||||
- name: ldap-replica-pacaterie
|
||||
virtu: mordred
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dhcp-pacaterie
|
||||
virtu: mordred
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dns-pacaterie
|
||||
virtu: mordred
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: prometheus-pacaterie
|
||||
virtu: mordred
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: radius-pacaterie
|
||||
virtu: mordred
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: unifi-pacaterie
|
||||
virtu: mordred
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-9.9.0-amd64-netinst.iso
|
||||
- name: routeur-pacaterie
|
||||
virtu: mordred
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
|
||||
- name: ldap-replica-pacaterie-fo
|
||||
virtu: titan
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dhcp-pacaterie-fo
|
||||
virtu: titan
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dns-pacaterie-fo
|
||||
virtu: titan
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: prometheus-pacaterie-fo
|
||||
virtu: titan
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: radius-pacaterie-fo
|
||||
virtu: titan
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: routeur-pacaterie-fo
|
||||
virtu: titan
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
|
||||
# Réseau EDC
|
||||
- name: ldap-replica-edc
|
||||
virtu: chapalux
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dhcp-edc
|
||||
virtu: chapalux
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dns-edc
|
||||
virtu: chapalux
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: prometheus-edc
|
||||
virtu: chapalux
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: radius-edc
|
||||
virtu: chapalux
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: unifi-edc
|
||||
virtu: chapalux
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-9.9.0-amd64-netinst.iso
|
||||
- name: routeur-edc
|
||||
virtu: chapalux
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
|
||||
# Réseau George Sand
|
||||
- name: ldap-replica-georgesand
|
||||
virtu: perceval
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dhcp-georgesand
|
||||
virtu: perceval
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: dns-georgesand
|
||||
virtu: perceval
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: prometheus-georgesand
|
||||
virtu: perceval
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: radius-georgesand
|
||||
virtu: perceval
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
||||
- name: unifi-georgesand
|
||||
virtu: perceval
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-9.9.0-amd64-netinst.iso
|
||||
- name: routeur-georgesand
|
||||
virtu: perceval
|
||||
cores: 2 # 2 mimimum, 10 maximum
|
||||
memory: 1024 # M
|
||||
disksize: 16 # G
|
||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
@ -29,6 +29,10 @@
|
|||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Configure MOTD
|
||||
include_role:
|
||||
name: update_motd
|
||||
|
||||
# Configure APT mirrors on Debian Stretch
|
||||
- name: Configure APT mirrors
|
||||
when:
|
||||
|
|
|
@ -107,4 +107,11 @@
|
|||
name: borgmatic.timer
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: Configure MOTD
|
||||
include_role:
|
||||
name: update_motd
|
||||
vars:
|
||||
key: 10-borgmatic
|
||||
message: Borgmatic (client) est installé dans /etc/borgmatic/config.yaml.
|
||||
...
|
||||
|
|
|
@ -4,13 +4,8 @@
|
|||
Description=Timer for borgmatic backup
|
||||
|
||||
[Timer]
|
||||
{% if borg_keep_hourly > 0 %}
|
||||
OnCalendar=hourly
|
||||
RandomizedDelaySec=60m
|
||||
{% else %}
|
||||
OnCalendar=daily
|
||||
RandomizedDelaySec=24h
|
||||
{% endif %}
|
||||
FixedRandomDelay=true
|
||||
|
||||
[Install]
|
||||
|
|
|
@ -42,7 +42,7 @@ consistency:
|
|||
- repository
|
||||
- archives
|
||||
|
||||
{% if borg_postgresql_databases is defined %}
|
||||
{% if postgresql_databases is defined %}
|
||||
hooks:
|
||||
postgresql_databases:
|
||||
- name: all
|
||||
|
|
|
@ -35,4 +35,14 @@
|
|||
owner: "{{ borg_server_user }}"
|
||||
group: "{{ borg_server_group }}"
|
||||
mode: u=rwx,g=,o=
|
||||
|
||||
- name: Configure MOTD
|
||||
include_role:
|
||||
name: update_motd
|
||||
vars:
|
||||
motd_messages:
|
||||
- key: 10-borg-server
|
||||
message: >-
|
||||
Les sauvegardes (borg) sont stockées dans
|
||||
{{ borg_server_backups_dir }}.
|
||||
...
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
chronyd__pools: []
|
||||
chronyd__key_file: /etc/chrony/chrony.keys
|
||||
chronyd__drift_file: /var/lib/chrony/chrony.drift
|
||||
chronyd__nts_dump_dir: /var/lib/chrony
|
||||
chronyd__log_dir: /var/log/chrony
|
||||
chronyd__max_update_skew: 100.0
|
||||
chronyd__rtcsync: true
|
||||
chronyd__allow_networks: []
|
||||
chronyd__log_change_seconds: 0.5
|
||||
...
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
- name: Restart chronyd
|
||||
systemd:
|
||||
name: chrony.service
|
||||
state: restarted
|
||||
...
|
|
@ -1,32 +0,0 @@
|
|||
---
|
||||
- name: Uninstall ntp and sntp
|
||||
apt:
|
||||
name:
|
||||
- sntp
|
||||
- ntp
|
||||
- systemd-timesyncd
|
||||
state: absent
|
||||
|
||||
- name: Install chronyd
|
||||
apt:
|
||||
name: chrony
|
||||
|
||||
- name: Configure chronyd
|
||||
template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: "/etc/chrony/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=
|
||||
loop:
|
||||
- chrony.conf
|
||||
- chrony.keys
|
||||
notify:
|
||||
- Restart chronyd
|
||||
|
||||
- name: Enable and start chronyd
|
||||
systemd:
|
||||
name: chrony.service
|
||||
enabled: true
|
||||
state: started
|
||||
...
|
|
@ -1,30 +0,0 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
{% for pool in chronyd__pools %}
|
||||
pool {{ pool }} iburst
|
||||
{% endfor %}
|
||||
|
||||
keyfile {{ chronyd__key_file }}
|
||||
driftfile {{ chronyd__drift_file }}
|
||||
ntsdumpdir {{ chronyd__nts_dump_dir }}
|
||||
logdir {{ chronyd__log_dir }}
|
||||
|
||||
log tracking measurements statistics
|
||||
|
||||
maxupdateskew {{ chronyd__max_update_skew | float }}
|
||||
|
||||
{% if chronyd__rtcsync %}
|
||||
rtcsync
|
||||
{% endif %}
|
||||
|
||||
{% if chronyd__local_stratum is defined %}
|
||||
local stratum {{ chronyd__local_stratum | int }}
|
||||
{% endif %}
|
||||
|
||||
logchange {{ chronyd__log_change_seconds | float }}
|
||||
|
||||
leapsectz right/UTC
|
||||
|
||||
{% for network in chronyd__allow_networks %}
|
||||
allow {{ network | ipaddr }}
|
||||
{% endfor %}
|
|
@ -1 +0,0 @@
|
|||
{{ ansible_managed | comment }}
|
|
@ -50,4 +50,13 @@
|
|||
url: https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64
|
||||
dest: /usr/local/bin/docker-compose
|
||||
mode: "0755"
|
||||
|
||||
- name: Configure MOTD
|
||||
include_role:
|
||||
name: update_motd
|
||||
vars:
|
||||
motd_messages:
|
||||
- key: 10-docker
|
||||
message: >-
|
||||
Docker est installé sur ce serveur.
|
||||
...
|
||||
|
|
30
roles/dokuwiki/tasks/main.yml
Normal file
30
roles/dokuwiki/tasks/main.yml
Normal file
|
@ -0,0 +1,30 @@
|
|||
---
|
||||
# For DokuWiki package
|
||||
- name: Configure Debian Buster mirrors
|
||||
when:
|
||||
- ansible_distribution == 'Debian'
|
||||
- ansible_distribution_release == 'stretch'
|
||||
template:
|
||||
src: apt/buster.list.j2
|
||||
dest: /etc/apt/sources.list.d/buster.list
|
||||
mode: 0644
|
||||
|
||||
# For DokuWiki package
|
||||
- name: Configure DokuWiki pin
|
||||
when:
|
||||
- ansible_distribution == 'Debian'
|
||||
- ansible_distribution_release == 'stretch'
|
||||
template:
|
||||
src: apt/dokuwiki.j2
|
||||
dest: /etc/apt/preferences.d/dokuwiki
|
||||
mode: 0644
|
||||
|
||||
# Install
|
||||
- name: Install DokuWiki
|
||||
apt:
|
||||
update_cache: true
|
||||
name: dokuwiki
|
||||
state: present
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
9
roles/dokuwiki/templates/apt/buster.list.j2
Normal file
9
roles/dokuwiki/templates/apt/buster.list.j2
Normal file
|
@ -0,0 +1,9 @@
|
|||
# {{ ansible_managed }}
|
||||
{# #}
|
||||
{# Default mirror #}
|
||||
{% if debian_mirror is not defined %}
|
||||
{% set debian_mirror = 'http://ftp.fr.debian.org/debian' %}
|
||||
{% endif %}
|
||||
|
||||
deb {{ debian_mirror }} buster main
|
||||
deb-src {{ debian_mirror }} buster main
|
9
roles/dokuwiki/templates/apt/dokuwiki.j2
Normal file
9
roles/dokuwiki/templates/apt/dokuwiki.j2
Normal file
|
@ -0,0 +1,9 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
Package: *
|
||||
Pin: release n=stretch*
|
||||
Pin-Priority: 990
|
||||
|
||||
Package: dokuwiki
|
||||
Pin: release n=buster
|
||||
Pin-Priority: 990
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
- name: Restart grafana
|
||||
service:
|
||||
name: grafana-server
|
||||
state: restarted
|
|
@ -1,111 +0,0 @@
|
|||
---
|
||||
- name: Install gpg (to import Grafana key)
|
||||
apt:
|
||||
name: gpg
|
||||
state: present
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Import Grafana GPG signing key
|
||||
apt_key:
|
||||
url: https://packages.grafana.com/gpg.key
|
||||
state: present
|
||||
register: apt_key_result
|
||||
retries: 3
|
||||
until: apt_key_result is succeeded
|
||||
|
||||
- name: Add Grafana repository
|
||||
apt_repository:
|
||||
repo: deb https://packages.grafana.com/oss/deb stable main
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Install Grafana
|
||||
apt:
|
||||
name: grafana
|
||||
state: present
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Configure Grafana
|
||||
ini_file:
|
||||
path: /etc/grafana/grafana.ini
|
||||
section: "{{ item.section }}"
|
||||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
mode: 0640
|
||||
loop:
|
||||
- section: server
|
||||
option: root_url
|
||||
value: "{{ grafana.root_url }}"
|
||||
- section: analytics
|
||||
option: reporting_enabled
|
||||
value: "false"
|
||||
- section: analytics
|
||||
option: check_for_updates
|
||||
value: "false"
|
||||
- section: security
|
||||
option: disable_initial_admin_creation
|
||||
value: "true"
|
||||
- section: security
|
||||
option: cookie_secure
|
||||
value: "true"
|
||||
- section: security
|
||||
option: disable_gravatar
|
||||
value: "true"
|
||||
- section: snapshots
|
||||
option: external_enabled
|
||||
value: "false"
|
||||
- section: users
|
||||
option: allow_sign_up
|
||||
value: "false"
|
||||
- section: users
|
||||
option: allow_org_create
|
||||
value: "false"
|
||||
- section: auth.anonymous
|
||||
option: enabled
|
||||
value: "false" # no public access
|
||||
- section: auth.anonymous
|
||||
option: hide_version
|
||||
value: "true"
|
||||
- section: auth.basic # only LDAP auth
|
||||
option: enabled
|
||||
value: "false"
|
||||
- section: auth.ldap
|
||||
option: enabled
|
||||
value: "true"
|
||||
- section: alerting
|
||||
option: enabled
|
||||
value: "false"
|
||||
- section: database
|
||||
option: type
|
||||
value: "{{ grafana.database.type }}"
|
||||
- section: database
|
||||
option: host
|
||||
value: "{{ grafana.database.host }}"
|
||||
- section: database
|
||||
option: name
|
||||
value: "{{ grafana.database.name }}"
|
||||
- section: database
|
||||
option: user
|
||||
value: "{{ grafana.database.user }}"
|
||||
- section: database
|
||||
option: password
|
||||
value: "{{ grafana.database.password }}"
|
||||
notify: Restart grafana
|
||||
|
||||
- name: Configure Grafana LDAP
|
||||
template:
|
||||
src: ldap.toml.j2
|
||||
dest: /etc/grafana/ldap.toml
|
||||
mode: 0640
|
||||
notify: Restart grafana
|
||||
|
||||
- name: Enable and start Grafana
|
||||
systemd:
|
||||
name: grafana-server
|
||||
enabled: true
|
||||
state: started
|
||||
daemon_reload: true
|
|
@ -1,61 +0,0 @@
|
|||
{{ ansible_managed | comment }}
|
||||
# To troubleshoot and get more log info enable ldap debug logging in grafana.ini
|
||||
# [log]
|
||||
# filters = ldap:debug
|
||||
|
||||
[[servers]]
|
||||
# Ldap server host (specify multiple hosts space separated)
|
||||
host = "{{ grafana.ldap.host }}"
|
||||
# Default port is 389 or 636 if use_ssl = true
|
||||
port = 389
|
||||
# Set to true if ldap server supports TLS
|
||||
use_ssl = false
|
||||
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
|
||||
start_tls = false
|
||||
# set to true if you want to skip ssl cert validation
|
||||
ssl_skip_verify = false
|
||||
# set to the path to your root CA certificate or leave unset to use system defaults
|
||||
# root_ca_cert = "/path/to/certificate.crt"
|
||||
# Authentication against LDAP servers requiring client certificates
|
||||
# client_cert = "/path/to/client.crt"
|
||||
# client_key = "/path/to/client.key"
|
||||
|
||||
# Search user bind dn
|
||||
bind_dn = "{{ grafana.ldap.bind_dn }}"
|
||||
# Search user bind password
|
||||
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
|
||||
bind_password = '{{ grafana.ldap.bind_password }}'
|
||||
|
||||
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
|
||||
search_filter = "(cn=%s)"
|
||||
|
||||
# An array of base dns to search through
|
||||
search_base_dns = ["{{ grafana.ldap.search_base_dns }}"]
|
||||
|
||||
## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
|
||||
## Please check grafana LDAP docs for examples
|
||||
group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
|
||||
group_search_base_dns = ["{{ grafana.ldap.group_search_base_dns }}"]
|
||||
group_search_filter_user_attribute = "cn"
|
||||
|
||||
# Specify names of the ldap attributes your ldap uses
|
||||
[servers.attributes]
|
||||
name = "sn"
|
||||
surname = ""
|
||||
username = "cn"
|
||||
member_of = "dn"
|
||||
email = "mail"
|
||||
|
||||
# Editors
|
||||
{% for group_dn in grafana.ldap.editors_group_dn %}
|
||||
[[servers.group_mappings]]
|
||||
group_dn = "{{ group_dn }}"
|
||||
org_role = "Editor"
|
||||
{% endfor %}
|
||||
|
||||
# Viewers
|
||||
[[servers.group_mappings]]
|
||||
# If you want to match all (or no ldap groups) then you can use wildcard
|
||||
group_dn = "*"
|
||||
org_role = "Viewer"
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
ifupdown2__interfaces: {}
|
||||
...
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
- name: Restart networking
|
||||
systemd:
|
||||
name: networking.service
|
||||
state: restarted
|
||||
|
||||
- name: Bring all interfaces up
|
||||
shell: /usr/sbin/ifup -a
|
||||
...
|
|
@ -1,42 +0,0 @@
|
|||
---
|
||||
- name: Gather package facts
|
||||
package_facts:
|
||||
manager: apt
|
||||
|
||||
- name: Check if ifupdown2 is installed
|
||||
set_fact:
|
||||
must_mask: "{{ 'ifupdown2' not in ansible_facts.packages }}"
|
||||
|
||||
- name: Mask networking before installing ifupdown2
|
||||
systemd:
|
||||
name: networking.service
|
||||
masked: true
|
||||
when: must_mask
|
||||
|
||||
- name: Install ifupdown2
|
||||
apt:
|
||||
name: ifupdown2
|
||||
|
||||
- name: Unmask networking now that ifupdown2 is installed
|
||||
systemd:
|
||||
name: networking.service
|
||||
masked: false
|
||||
when: must_mask
|
||||
|
||||
- name: Configure ifupdown2
|
||||
template:
|
||||
src: interfaces.j2
|
||||
dest: /etc/network/interfaces
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=
|
||||
notify:
|
||||
- Restart networking
|
||||
- Bring all interfaces up
|
||||
|
||||
- name: Enable and start networking
|
||||
systemd:
|
||||
name: networking.service
|
||||
state: started
|
||||
enabled: true
|
||||
...
|
|
@ -1,41 +0,0 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
{% for name, iface in ifupdown2__interfaces.items() %}
|
||||
auto {{ name }}
|
||||
iface {{ name }}
|
||||
{% for address in iface.addresses | default([]) %}
|
||||
address {{ address | ipaddr }}
|
||||
{% endfor %}
|
||||
{% for gateway in iface.gateways | default([]) %}
|
||||
gateway {{ gateway | ipaddr }}
|
||||
{% endfor %}
|
||||
{% if iface.bridge_ports is defined %}
|
||||
bridge-ports {{ iface.bridge_ports | join(" ") }}
|
||||
{% endif %}
|
||||
{% if iface.bridge_vlan_aware is defined %}
|
||||
bridge-vlan-aware {{ iface.bridge_vlan_aware
|
||||
| ternary("yes", "no") }}
|
||||
{% endif %}
|
||||
{% if iface.bridge_vids is defined %}
|
||||
bridge-vids {{ iface.bridge_vids | join(",") }}
|
||||
{% endif %}
|
||||
{% if iface.vlan_id is defined %}
|
||||
vlan-id {{ iface.vlan_id | int }}
|
||||
{% endif %}
|
||||
{% if iface.vlan_raw_device is defined %}
|
||||
vlan-raw-device {{ iface.vlan_raw_device }}
|
||||
{% endif %}
|
||||
{% if iface.bridge_disable_pvid | default(false) %}
|
||||
bridge-pvid 0
|
||||
post-up bridge vlan del dev {{ name }} vid 1 self
|
||||
{% endif %}
|
||||
{% if iface.forward | default(false) %}
|
||||
ip-forward yes
|
||||
ip6-forward yes
|
||||
{% endif %}
|
||||
{% if iface.ipv6_addrgen is defined %}
|
||||
ipv6-addrgen {{ iface.ipv6_addrgen
|
||||
| ternary("yes", "no") }}
|
||||
{% endif %}
|
||||
|
||||
{% endfor %}
|
|
@ -1,7 +0,0 @@
|
|||
---
|
||||
keepalived__virtual_addresses: {}
|
||||
keepalived__notify_master: []
|
||||
keepalived__notify_backup: []
|
||||
keepalived__notify_fault: []
|
||||
keepalived__max_auto_priority: -1
|
||||
...
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
- name: Reload keepalived
|
||||
systemd:
|
||||
name: keepalived.service
|
||||
state: reloaded
|
||||
...
|
|
@ -1,28 +0,0 @@
|
|||
---
|
||||
- name: Install keepalived
|
||||
apt:
|
||||
name: keepalived
|
||||
|
||||
- name: Configure keepalived
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "{{ item.mode }}"
|
||||
loop:
|
||||
- src: keepalived.conf.j2
|
||||
dest: /etc/keepalived/keepalived.conf
|
||||
mode: u=rw,g=,o=
|
||||
- src: notify.sh.j2
|
||||
dest: /etc/keepalived/notify.sh
|
||||
mode: u=rwx,g=,o=
|
||||
notify:
|
||||
- Reload keepalived
|
||||
|
||||
- name: Enable and start keepalived
|
||||
systemd:
|
||||
name: keepalived
|
||||
enabled: true
|
||||
state: started
|
||||
...
|
|
@ -1,92 +0,0 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
global_defs {
|
||||
dynamic_interfaces
|
||||
script_user root
|
||||
enable_script_security
|
||||
vrrp_version 3
|
||||
{% if keepalived__max_auto_priority is defined %}
|
||||
max_auto_priority {{ keepalived__max_auto_priority | int }}
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
{%
|
||||
set ipv4_enabled =
|
||||
keepalived__ipv4_enabled
|
||||
| default(keepalived__virtual_addresses.values()
|
||||
| flatten | ansible.utils.ipv4)
|
||||
%}
|
||||
{%
|
||||
set ipv6_enabled =
|
||||
keepalived__ipv6_enabled
|
||||
| default(keepalived__virtual_addresses.values()
|
||||
| flatten | ansible.utils.ipv6)
|
||||
%}
|
||||
|
||||
{% if ipv4_enabled and ipv6_enabled %}
|
||||
vrrp_sync_group group {
|
||||
group {
|
||||
{% if ipv4_enabled %}
|
||||
instance_v4
|
||||
{% endif %}
|
||||
{% if ipv6_enabled %}
|
||||
instance_v6
|
||||
{% endif %}
|
||||
}
|
||||
notify_master "/etc/keepalived/notify.sh master"
|
||||
notify_backup "/etc/keepalived/notify.sh backup"
|
||||
notify_fault "/etc/keepalived/notify.sh fault"
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if ipv4_enabled %}
|
||||
vrrp_instance instance_v4 {
|
||||
virtual_router_id {{ keepalived__virtual_router_id | int }}
|
||||
interface {{ keepalived__interface }}
|
||||
state BACKUP
|
||||
priority 250
|
||||
nopreempt
|
||||
advert_int 1
|
||||
accept
|
||||
virtual_ipaddress {
|
||||
{% for dev, addresses in keepalived__virtual_addresses.items() %}
|
||||
{% for address in addresses %}
|
||||
{% if address | ansible.utils.ipv4 %}
|
||||
{{ address }} dev {{ dev }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
}
|
||||
{% if not (ipv4_enabled and ipv6_enabled) %}
|
||||
notify_master "/etc/keepalived/notify.sh master"
|
||||
notify_backup "/etc/keepalived/notify.sh backup"
|
||||
notify_fault "/etc/keepalived/notify.sh fault"
|
||||
{% endif %}
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if ipv6_enabled %}
|
||||
vrrp_instance instance_v6 {
|
||||
virtual_router_id {{ keepalived__virtual_router_id | int }}
|
||||
interface {{ keepalived__interface }}
|
||||
state BACKUP
|
||||
priority 250
|
||||
nopreempt
|
||||
advert_int 1
|
||||
accept
|
||||
virtual_ipaddress {
|
||||
{% for dev, addresses in keepalived__virtual_addresses.items() %}
|
||||
{% for address in addresses | ipaddr_sort(["link-local"]) %}
|
||||
{% if address | ansible.utils.ipv6 %}
|
||||
{{ address }} dev {{ dev }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
}
|
||||
{% if not (ipv4_enabled and ipv6_enabled) %}
|
||||
notify_master "/etc/keepalived/notify.sh master"
|
||||
notify_backup "/etc/keepalived/notify.sh backup"
|
||||
notify_fault "/etc/keepalived/notify.sh fault"
|
||||
{% endif %}
|
||||
}
|
||||
{% endif %}
|
|
@ -1,33 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
master=(
|
||||
{% for notify in keepalived__notify_master %}
|
||||
{{ notify | quote }}
|
||||
{% endfor %}
|
||||
)
|
||||
|
||||
backup=(
|
||||
{% for notify in keepalived__notify_backup %}
|
||||
{{ notify | quote }}
|
||||
{% endfor %}
|
||||
)
|
||||
|
||||
fault=(
|
||||
{% for notify in keepalived__notify_fault %}
|
||||
{{ notify | quote }}
|
||||
{% endfor %}
|
||||
)
|
||||
|
||||
case "$1" in
|
||||
master | backup | fault)
|
||||
scripts="$1[@]"
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $0 (master|backup|fault)" >&2
|
||||
exit 1
|
||||
esac
|
||||
|
||||
for script in "${!scripts}"
|
||||
do
|
||||
eval "${script}"
|
||||
done
|
|
@ -60,4 +60,3 @@ tls_cacertfile /etc/ssl/certs/ca-certificates.crt
|
|||
|
||||
# The search scope.
|
||||
#scope sub
|
||||
|
||||
|
|
|
@ -1,24 +1,7 @@
|
|||
# see "man logrotate" for details
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
# global options do not affect preceding include directives
|
||||
|
||||
# rotate log files weekly
|
||||
weekly
|
||||
|
||||
# keep 4 weeks worth of backlogs
|
||||
rotate 4
|
||||
|
||||
# create new (empty) log files after rotating old ones
|
||||
create
|
||||
|
||||
# use date as a suffix of the rotated file
|
||||
#dateext
|
||||
|
||||
# uncomment this if you want your log files compressed
|
||||
#compress
|
||||
|
||||
# packages drop log rotation information into this directory
|
||||
include /etc/logrotate.d
|
||||
|
||||
# system-specific logs may also be configured here.
|
||||
|
|
|
@ -148,6 +148,15 @@
|
|||
group: www-data
|
||||
mode: 0644
|
||||
|
||||
- name: Configure MOTD
|
||||
include_role:
|
||||
name: update_motd
|
||||
vars:
|
||||
motd_messages:
|
||||
- key: 10-nginx
|
||||
message: >-
|
||||
NGinx est installé sur ce serveur. Voir /etc/nginx.
|
||||
|
||||
- name: Clean old files
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
openssh_authorized_principals:
|
||||
- any
|
||||
...
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
- name: Restart sshd
|
||||
systemd:
|
||||
name: ssh.service
|
||||
state: restarted
|
||||
...
|
|
@ -1,39 +0,0 @@
|
|||
---
|
||||
- name: Install OpenSSH server
|
||||
apt:
|
||||
name: openssh-server
|
||||
|
||||
- name: Enable OpenSSH Server
|
||||
systemd:
|
||||
name: ssh.service
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
- name: Install sshd configuration file
|
||||
template:
|
||||
src: sshd_config.j2
|
||||
dest: /etc/ssh/sshd_config
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=r,g=,o=
|
||||
validate: "/usr/sbin/sshd -tf %s"
|
||||
notify: Restart sshd
|
||||
|
||||
- name: Install Users CA public key
|
||||
copy:
|
||||
content: "{{ openssh_users_ca_public_key }}"
|
||||
dest: /etc/ssh/users_ca.pub
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=r,g=,o=
|
||||
notify: Restart sshd
|
||||
|
||||
- name: Install authorized principals file
|
||||
copy:
|
||||
content: "{{ openssh_authorized_principals | join('\n') }}"
|
||||
dest: /etc/ssh/authorized_principals
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=r,g=,o=
|
||||
notify: Restart sshd
|
||||
...
|
|
@ -1,45 +0,0 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
SyslogFacility AUTH
|
||||
LogLevel VERBOSE
|
||||
|
||||
AddressFamily any
|
||||
ListenAddress 0.0.0.0
|
||||
ListenAddress ::
|
||||
|
||||
Port 22
|
||||
|
||||
MaxStartups 10:30:100
|
||||
|
||||
HostKey /etc/ssh/ssh_host_ed25519_key
|
||||
HostKey /etc/ssh/ssh_host_rsa_key
|
||||
HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||
|
||||
# https://infosec.mozilla.org/guidelines/openssh.html
|
||||
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
|
||||
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
||||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
|
||||
|
||||
AuthenticationMethods publickey
|
||||
|
||||
TrustedUserCAKeys /etc/ssh/users_ca.pub
|
||||
AuthorizedPrincipalsFile /etc/ssh/authorized_principals
|
||||
|
||||
StrictModes yes
|
||||
UsePAM no
|
||||
PermitRootLogin yes
|
||||
PermitUserRC no
|
||||
PermitUserEnvironment no
|
||||
AllowAgentForwarding no
|
||||
AllowTcpForwarding yes
|
||||
X11Forwarding no
|
||||
PermitTTY yes
|
||||
PermitTunnel no
|
||||
VersionAddendum none
|
||||
PrintLastLog yes
|
||||
PrintMotd yes
|
||||
TCPKeepAlive yes
|
||||
UseDNS no
|
||||
AcceptEnv LANG LC_*
|
||||
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
|
10
roles/passbolt/defaults/main.yml
Normal file
10
roles/passbolt/defaults/main.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
# URL to clone
|
||||
passbolt_repo: https://github.com/passbolt/passbolt_api.git
|
||||
passbolt_version: v2.10.0
|
||||
|
||||
# Install target
|
||||
passbolt_path: /var/www/passbolt
|
||||
|
||||
# User used to run passbolt
|
||||
passbolt_user: www-data
|
39
roles/passbolt/tasks/main.yml
Normal file
39
roles/passbolt/tasks/main.yml
Normal file
|
@ -0,0 +1,39 @@
|
|||
---
|
||||
# See https://help.passbolt.com/hosting/install/ce/from-source.html
|
||||
|
||||
- name: Clone passbolt project
|
||||
git:
|
||||
repo: "{{ passbolt_repo }}"
|
||||
dest: "{{ passbolt_path }}"
|
||||
version: "{{ passbolt_version }}"
|
||||
become: true
|
||||
become_user: "{{ passbolt_user }}"
|
||||
|
||||
- name: Install passbolt dependencies
|
||||
apt:
|
||||
name:
|
||||
- composer
|
||||
- php-fpm
|
||||
- php-intl
|
||||
- php-gnupg
|
||||
- php-gd
|
||||
- php-mysql
|
||||
- nginx
|
||||
- mariadb-server
|
||||
state: present
|
||||
update_cache: true
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
# Setup dependencies
|
||||
- name: Install passbolt PHP dependencies
|
||||
composer:
|
||||
command: install
|
||||
working_dir: "{{ passbolt_path }}"
|
||||
no_dev: true
|
||||
become: true
|
||||
become_user: "{{ passbolt_user }}"
|
||||
register: composer_result
|
||||
retries: 3
|
||||
until: composer_result is succeeded
|
5
roles/postgresql_server/defaults/main.yml
Normal file
5
roles/postgresql_server/defaults/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
postgresql_hosts: []
|
||||
postgresql_databases: []
|
||||
postgresql_users: []
|
||||
...
|
|
@ -55,7 +55,7 @@
|
|||
lc_collate: en_US.UTF-8
|
||||
lc_ctype: en_US.UTF-8
|
||||
template: template0
|
||||
loop: "{{ postgresql.databases | default([]) }}"
|
||||
loop: "{{ postgresql_databases }}"
|
||||
|
||||
- name: Create users
|
||||
become: true
|
||||
|
@ -65,7 +65,7 @@
|
|||
name: "{{ item.name }}"
|
||||
password: "{{ item.password }}"
|
||||
no_log: true
|
||||
loop: "{{ postgresql.users | default([]) }}"
|
||||
loop: "{{ postgresql_users }}"
|
||||
|
||||
- name: Grant privileges to users
|
||||
become: true
|
||||
|
@ -77,5 +77,5 @@
|
|||
privs: "{{ item.privs | join(',') }}"
|
||||
obj: "{{ item.database }}"
|
||||
no_log: true
|
||||
loop: "{{ postgresql.users | default([]) }}"
|
||||
loop: "{{ postgresql_users }}"
|
||||
...
|
|
@ -2,6 +2,6 @@
|
|||
|
||||
# TYPE DATABASE USER ADDRESS METHOD
|
||||
local all postgres peer map=map_local
|
||||
{% for host in postgresql.hosts | default([]) %}
|
||||
{% for host in postgresql_hosts %}
|
||||
host "{{ host.database }}" "{{ host.user }}" {{ host.net }} {{ host.method }}
|
||||
{% endfor %}
|
|
@ -38,10 +38,10 @@
|
|||
loop:
|
||||
- server.rules.yml
|
||||
- docker.rules.yml
|
||||
- django.rules.yml
|
||||
- ups.rules.yml
|
||||
- postgres.rules.yml
|
||||
- environmental.rules.yml
|
||||
- ilo.rules.yml
|
||||
notify: Restart Prometheus
|
||||
|
||||
- name: Make Prometheus snmp-exporter listen on localhost only
|
||||
|
@ -63,9 +63,68 @@
|
|||
- snmp.yml
|
||||
notify: Restart prometheus-snmp-exporter
|
||||
|
||||
# We don't need to restart Prometheus when updating nodes
|
||||
- name: Configure Prometheus nodes
|
||||
copy:
|
||||
content: "{{ prometheus_targets | to_nice_json }}"
|
||||
dest: /etc/prometheus/targets.json
|
||||
mode: 0644
|
||||
|
||||
# We don't need to restart Prometheus when updating nodes
|
||||
- name: Configure Prometheus Ubiquity Unifi SNMP devices
|
||||
copy:
|
||||
content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}"
|
||||
dest: /etc/prometheus/targets_unifi_snmp.json
|
||||
mode: 0644
|
||||
when: prometheus_unifi_snmp_targets is defined
|
||||
|
||||
- name: Configure Prometheus Switchs
|
||||
copy:
|
||||
content: "{{ prometheus_switch_snmp_targets | to_nice_json }}"
|
||||
dest: /etc/prometheus/targets_switch_snmp.json
|
||||
mode: 0644
|
||||
when: prometheus_switch_snmp_targets is defined
|
||||
|
||||
- name: Configure Prometheus UPS SNMP devices
|
||||
copy:
|
||||
content: "{{ [{'targets': prometheus_ups_snmp_targets }] | to_nice_json }}\n"
|
||||
dest: /etc/prometheus/targets_ups_snmp.json
|
||||
mode: 0644
|
||||
when: prometheus_ups_snmp_targets is defined
|
||||
|
||||
- name: Configure Prometheus docker monitoring
|
||||
copy:
|
||||
content: "{{ [{'targets': prometheus_docker_targets }] | to_nice_json }}\n"
|
||||
dest: /etc/prometheus/targets_docker.json
|
||||
mode: 0644
|
||||
when: prometheus_docker_targets is defined
|
||||
|
||||
- name: Configure Prometheus postgres monitoring
|
||||
copy:
|
||||
content: "{{ prometheus_postgres_targets | to_nice_json }}\n"
|
||||
dest: /etc/prometheus/targets_postgres.json
|
||||
mode: 0644
|
||||
when: prometheus_postgres_targets is defined
|
||||
|
||||
- name: Configure Prometheus apc_pdu monitoring
|
||||
copy:
|
||||
content: "{{ [{'targets': prometheus_pdu_snmp_targets }] | to_nice_json }}\n"
|
||||
dest: /etc/prometheus/targets_apc_pdu_snmp.json
|
||||
mode: 0644
|
||||
when: prometheus_pdu_snmp_targets is defined
|
||||
|
||||
- name: Activate prometheus service
|
||||
systemd:
|
||||
name: prometheus
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
- name: Configure MOTD
|
||||
include_role:
|
||||
name: update_motd
|
||||
vars:
|
||||
motd_messages:
|
||||
- key: 05-prometheus
|
||||
message: >-
|
||||
Prometheus est déployé sur cette machine (voir /etc/prometheus)
|
||||
...
|
||||
|
|
106
roles/prometheus/templates/django.rules.yml.j2
Normal file
106
roles/prometheus/templates/django.rules.yml.j2
Normal file
|
@ -0,0 +1,106 @@
|
|||
# {{ ansible_managed }}
|
||||
{# As this is also Jinja2 it will conflict without a raw block #}
|
||||
{% raw %}
|
||||
groups:
|
||||
- name: django.rules
|
||||
rules:
|
||||
- record: job:django_http_requests_before_middlewares_total:sum_rate30s
|
||||
expr: sum(rate(django_http_requests_before_middlewares_total[30s])) BY (job)
|
||||
- record: job:django_http_requests_unknown_latency_total:sum_rate30s
|
||||
expr: sum(rate(django_http_requests_unknown_latency_total[30s])) BY (job)
|
||||
- record: job:django_http_ajax_requests_total:sum_rate30s
|
||||
expr: sum(rate(django_http_ajax_requests_total[30s])) BY (job)
|
||||
- record: job:django_http_responses_before_middlewares_total:sum_rate30s
|
||||
expr: sum(rate(django_http_responses_before_middlewares_total[30s])) BY (job)
|
||||
- record: job:django_http_requests_unknown_latency_including_middlewares_total:sum_rate30s
|
||||
expr: sum(rate(django_http_requests_unknown_latency_including_middlewares_total[30s]))
|
||||
BY (job)
|
||||
- record: job:django_http_requests_body_total_bytes:sum_rate30s
|
||||
expr: sum(rate(django_http_requests_body_total_bytes[30s])) BY (job)
|
||||
- record: job:django_http_responses_streaming_total:sum_rate30s
|
||||
expr: sum(rate(django_http_responses_streaming_total[30s])) BY (job)
|
||||
- record: job:django_http_responses_body_total_bytes:sum_rate30s
|
||||
expr: sum(rate(django_http_responses_body_total_bytes[30s])) BY (job)
|
||||
- record: job:django_http_requests_total:sum_rate30s
|
||||
expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job)
|
||||
- record: job:django_http_requests_total_by_method:sum_rate30s
|
||||
expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job, method)
|
||||
- record: job:django_http_requests_total_by_transport:sum_rate30s
|
||||
expr: sum(rate(django_http_requests_total_by_transport[30s])) BY (job, transport)
|
||||
- record: job:django_http_requests_total_by_view:sum_rate30s
|
||||
expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job,
|
||||
view)
|
||||
- record: job:django_http_requests_total_by_view_transport_method:sum_rate30s
|
||||
expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job,
|
||||
view, transport, method)
|
||||
- record: job:django_http_responses_total_by_templatename:sum_rate30s
|
||||
expr: sum(rate(django_http_responses_total_by_templatename[30s])) BY (job, templatename)
|
||||
- record: job:django_http_responses_total_by_status:sum_rate30s
|
||||
expr: sum(rate(django_http_responses_total_by_status[30s])) BY (job, status)
|
||||
- record: job:django_http_responses_total_by_charset:sum_rate30s
|
||||
expr: sum(rate(django_http_responses_total_by_charset[30s])) BY (job, charset)
|
||||
- record: job:django_http_exceptions_total_by_type:sum_rate30s
|
||||
expr: sum(rate(django_http_exceptions_total_by_type[30s])) BY (job, type)
|
||||
- record: job:django_http_exceptions_total_by_view:sum_rate30s
|
||||
expr: sum(rate(django_http_exceptions_total_by_view[30s])) BY (job, view)
|
||||
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
|
||||
expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
|
||||
BY (job, le))
|
||||
labels:
|
||||
quantile: "50"
|
||||
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
|
||||
expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
|
||||
BY (job, le))
|
||||
labels:
|
||||
quantile: "95"
|
||||
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
|
||||
expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
|
||||
BY (job, le))
|
||||
labels:
|
||||
quantile: "99"
|
||||
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
|
||||
expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
|
||||
BY (job, le))
|
||||
labels:
|
||||
quantile: "99.9"
|
||||
- record: job:django_http_requests_latency_seconds:quantile_rate30s
|
||||
expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
|
||||
BY (job, le))
|
||||
labels:
|
||||
quantile: "50"
|
||||
- record: job:django_http_requests_latency_seconds:quantile_rate30s
|
||||
expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
|
||||
BY (job, le))
|
||||
labels:
|
||||
quantile: "95"
|
||||
- record: job:django_http_requests_latency_seconds:quantile_rate30s
|
||||
expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
|
||||
BY (job, le))
|
||||
labels:
|
||||
quantile: "99"
|
||||
- record: job:django_http_requests_latency_seconds:quantile_rate30s
|
||||
expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
|
||||
BY (job, le))
|
||||
labels:
|
||||
quantile: "99.9"
|
||||
- record: job:django_model_inserts_total:sum_rate1m
|
||||
expr: sum(rate(django_model_inserts_total[1m])) BY (job, model)
|
||||
- record: job:django_model_updates_total:sum_rate1m
|
||||
expr: sum(rate(django_model_updates_total[1m])) BY (job, model)
|
||||
- record: job:django_model_deletes_total:sum_rate1m
|
||||
expr: sum(rate(django_model_deletes_total[1m])) BY (job, model)
|
||||
- record: job:django_db_new_connections_total:sum_rate30s
|
||||
expr: sum(rate(django_db_new_connections_total[30s])) BY (alias, vendor)
|
||||
- record: job:django_db_new_connection_errors_total:sum_rate30s
|
||||
expr: sum(rate(django_db_new_connection_errors_total[30s])) BY (alias, vendor)
|
||||
- record: job:django_db_execute_total:sum_rate30s
|
||||
expr: sum(rate(django_db_execute_total[30s])) BY (alias, vendor)
|
||||
- record: job:django_db_execute_many_total:sum_rate30s
|
||||
expr: sum(rate(django_db_execute_many_total[30s])) BY (alias, vendor)
|
||||
- record: job:django_db_errors_total:sum_rate30s
|
||||
expr: sum(rate(django_db_errors_total[30s])) BY (alias, vendor, type)
|
||||
- record: job:django_migrations_applied_total:max
|
||||
expr: max(django_migrations_applied_total) BY (job, connection)
|
||||
- record: job:django_migrations_unapplied_total:max
|
||||
expr: max(django_migrations_unapplied_total) BY (job, connection)
|
||||
{% endraw %}
|
|
@ -1,83 +0,0 @@
|
|||
---
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
{% macro raw(string) -%}
|
||||
{{ "{{" }} {{ string }} {{ "}}" }}
|
||||
{%- endmacro %}
|
||||
|
||||
groups:
|
||||
|
||||
- name: ilo.rules
|
||||
rules:
|
||||
|
||||
- alert: IloResilientMemoryDegraded
|
||||
expr: cpqHeResilientMemCondition{cpqHeResilientMemCondition!~"ok|other"} == 1
|
||||
for: 3m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: >-
|
||||
La mémoire vive n'est plus résiliente
|
||||
({{ raw('$labels.cpqHeResilientMemCondition') }})
|
||||
|
||||
- alert: IloBiosSelfTestDegraded
|
||||
expr: cpqHeHWBiosCondition{cpqHeHWBiosCondition!~"ok|other"} == 1
|
||||
for: 3m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: >-
|
||||
Une erreur a été détectée lors du POST du serveur
|
||||
({{ raw('$labels.cpqHeHWBiosCondition') }})
|
||||
|
||||
- alert: IloBatteryDegraded
|
||||
expr: cpqHeSysBatteryCondition{cpqHeSysBatteryCondition!~"ok|other"} == 1
|
||||
for: 3m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: >-
|
||||
La batterie est dégradée
|
||||
({{ raw('$labels.cpqHeSysBatteryCondition') }})
|
||||
|
||||
- alert: IloTemperatureSensorDegraded
|
||||
expr: cpqHeTemperatureCondition{cpqHeTemperatureCondition!~"ok|other"} == 1
|
||||
for: 3m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: >-
|
||||
Le capteur de température est dégradé
|
||||
({{ raw('$labels.cpqHeTemperatureCondition') }})
|
||||
|
||||
- alert: IloFanDegraded
|
||||
expr: cpqHeFltTolFanCondition{cpqHeFltTolFanCondition!~"ok|other"} == 1
|
||||
for: 3m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: >-
|
||||
Le ventilateur est dégradé
|
||||
({{ raw('$labels.cpqHeFltTolFanCondition') }})
|
||||
|
||||
- alert: IloPowerSupplyDegraded
|
||||
expr: cpqHeFltTolPowerSupplyStatus{cpqHeFltTolPowerSupplyStatus!="noError"} == 1
|
||||
for: 3m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: >-
|
||||
L'alimentation est dégradée
|
||||
({{ raw('$labels.cpqHeFltTolPowerSupplyStatus') }})
|
||||
|
||||
- alert: IloOverrideSwitchState
|
||||
expr: cpqSm2CntlriLOSecurityOverrideSwitchState{cpqSm2CntlriLOSecurityOverrideSwitchState="set"} == 1
|
||||
for: 3m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: >-
|
||||
Le switch de réinitialisation n'est pas à l'état d'origine,
|
||||
l'authentification est bypassée
|
||||
|
||||
...
|
|
@ -112,7 +112,7 @@ groups:
|
|||
rate(pg_stat_database_xact_rollback{datname!~"template.*"}[3m]) /
|
||||
rate(pg_stat_database_xact_commit{datname!~"template.*"}[3m])
|
||||
) * 100
|
||||
> 20
|
||||
> 7
|
||||
for: 0m
|
||||
labels:
|
||||
severity: warning
|
||||
|
|
|
@ -25,15 +25,17 @@ rule_files:
|
|||
# A scrape configuration containing exactly one endpoint to scrape:
|
||||
# Here it's Prometheus itself.
|
||||
scrape_configs:
|
||||
# The .json in file_sd_configs is dynamically reloaded
|
||||
|
||||
- job_name: prometheus
|
||||
static_configs:
|
||||
- targets:
|
||||
- localhost:9090
|
||||
|
||||
{% if prometheus_servers_targets is defined %}
|
||||
- job_name: servers
|
||||
static_configs:
|
||||
- targets: {{ prometheus_servers_targets | to_json }}
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- '/etc/prometheus/targets.json'
|
||||
relabel_configs:
|
||||
# Do not put :9100 in instance name, rather here
|
||||
- source_labels: [__address__]
|
||||
|
@ -43,12 +45,11 @@ scrape_configs:
|
|||
- source_labels: [__param_target]
|
||||
target_label: __address__
|
||||
replacement: '$1:9100'
|
||||
{% endif %}
|
||||
|
||||
{% if prometheus_unifi_snmp_targets is defined %}
|
||||
- job_name: unifi_snmp
|
||||
static_configs:
|
||||
- targets: {{ prometheus_unifi_snmp_targets | to_json }}
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- '/etc/prometheus/targets_unifi_snmp.json'
|
||||
metrics_path: /snmp
|
||||
params:
|
||||
module: [ubiquiti_unifi]
|
||||
|
@ -59,12 +60,16 @@ scrape_configs:
|
|||
target_label: instance
|
||||
- target_label: __address__
|
||||
replacement: 127.0.0.1:9116
|
||||
{% endif %}
|
||||
|
||||
{% if prometheus_ups_snmp_targets is defined %}
|
||||
- job_name: ups_snmp
|
||||
- job_name: django
|
||||
scheme: https
|
||||
static_configs:
|
||||
- targets: {{ prometheus_ups_snmp_targets | to_json }}
|
||||
- targets: []
|
||||
|
||||
- job_name: ups_snmp
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- '/etc/prometheus/targets_ups_snmp.json'
|
||||
metrics_path: /snmp
|
||||
params:
|
||||
module: [eatonups]
|
||||
|
@ -75,12 +80,11 @@ scrape_configs:
|
|||
target_label: instance
|
||||
- target_label: __address__
|
||||
replacement: 127.0.0.1:9116
|
||||
{% endif %}
|
||||
|
||||
{% if prometheus_switch_snmp_targets is defined %}
|
||||
- job_name: switch_snmp
|
||||
static_configs:
|
||||
- targets: {{ prometheus_switch_snmp_targets | to_json }}
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- "/etc/prometheus/targets_switch_snmp.json"
|
||||
metrics_path: /snmp
|
||||
params:
|
||||
module: [procurve_switch]
|
||||
|
@ -91,12 +95,11 @@ scrape_configs:
|
|||
target_label: instance
|
||||
- target_label: __address__
|
||||
replacement: 127.0.0.1:9116
|
||||
{% endif %}
|
||||
|
||||
{% if prometheus_docker_targets is defined %}
|
||||
- job_name: docker
|
||||
static_configs:
|
||||
- targets: {{ prometheus_docker_targets | to_json }}
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- '/etc/prometheus/targets_docker.json'
|
||||
relabel_configs:
|
||||
# Do not put :8087 in instance name, rather here
|
||||
- source_labels: [__address__]
|
||||
|
@ -106,12 +109,11 @@ scrape_configs:
|
|||
- source_labels: [__param_target]
|
||||
target_label: __address__
|
||||
replacement: '$1:8087'
|
||||
{% endif %}
|
||||
|
||||
{% if prometheus_postgresql_targets is defined %}
|
||||
- job_name: postgresql
|
||||
static_configs:
|
||||
- targets: {{ prometheus_postgresql_targets | to_json }}
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- '/etc/prometheus/targets_postgres.json'
|
||||
relabel_configs:
|
||||
# Do not put :9187 in instance name, rather here
|
||||
- source_labels: [__address__]
|
||||
|
@ -121,12 +123,11 @@ scrape_configs:
|
|||
- source_labels: [__param_target]
|
||||
target_label: __address__
|
||||
replacement: '$1:9187'
|
||||
{% endif %}
|
||||
|
||||
{% if prometheus_apc_pdu_snmp_targets is defined %}
|
||||
- job_name: apc_pdu_snmp
|
||||
static_configs:
|
||||
- targets: {{ prometheus_apc_pdu_snmp_targets | to_json }}
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- '/etc/prometheus/targets_apc_pdu_snmp.json'
|
||||
metrics_path: /snmp
|
||||
params:
|
||||
module:
|
||||
|
@ -138,23 +139,5 @@ scrape_configs:
|
|||
target_label: instance
|
||||
- target_label: __address__
|
||||
replacement: 127.0.0.1:9116
|
||||
{% endif %}
|
||||
|
||||
{% if prometheus_ilo_snmp_targets is defined %}
|
||||
- job_name: ilo_snmp
|
||||
static_configs:
|
||||
- targets: {{ prometheus_ilo_snmp_targets | to_json }}
|
||||
metrics_path: /snmp
|
||||
params:
|
||||
module:
|
||||
- ilo
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
- target_label: __address__
|
||||
replacement: 127.0.0.1:9116
|
||||
{% endif %}
|
||||
|
||||
...
|
||||
|
|
|
@ -10,20 +10,23 @@ groups:
|
|||
- name: server.rules
|
||||
rules:
|
||||
|
||||
- alert: MachineDown
|
||||
- alert: InstanceDown
|
||||
expr: up{instance!~".*.borne.auro.re$"} == 0
|
||||
for: 3m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: >-
|
||||
Le collecteur {{ raw('$labels.job') }} ne marche plus
|
||||
Invisible depuis plus de 3 minutes
|
||||
|
||||
- alert: AccessPointDown
|
||||
expr: up{instance=~".*.borne.auro.re$"} == 0
|
||||
for: 3m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: >-
|
||||
Invisible depuis plus de 3 minutes
|
||||
|
||||
- alert: OutOfMemory
|
||||
expr: >-
|
||||
|
@ -47,7 +50,7 @@ groups:
|
|||
node_memory_SwapFree_bytes
|
||||
/ node_memory_SwapTotal_bytes
|
||||
)
|
||||
) * 100 >= 50
|
||||
) * 100 >= 20
|
||||
for: 3m
|
||||
labels:
|
||||
severity: warning
|
||||
|
|
|
@ -482,227 +482,4 @@ apc_pdu:
|
|||
priv_protocol: AES
|
||||
priv_password: {{ snmp_pdu_password }}
|
||||
|
||||
ilo:
|
||||
walk:
|
||||
- 1.3.6.1.4.1.232.6.2.14.4 # Resilient memory
|
||||
- 1.3.6.1.4.1.232.6.2.15.3 # Power meter
|
||||
- 1.3.6.1.4.1.232.6.2.16.1 # POST tests
|
||||
- 1.3.6.1.4.1.232.6.2.17.1 # Battery
|
||||
- 1.3.6.1.4.1.232.6.2.6.8.1.3 # Temperature sensors location
|
||||
- 1.3.6.1.4.1.232.6.2.6.8.1.4 # Temperature sensors value
|
||||
- 1.3.6.1.4.1.232.6.2.6.8.1.5 # Temperature sensors limit
|
||||
- 1.3.6.1.4.1.232.6.2.6.8.1.6 # Temperature sensors condition
|
||||
- 1.3.6.1.4.1.232.6.2.6.7.1.3 # Fans location
|
||||
- 1.3.6.1.4.1.232.6.2.6.7.1.9 # Fans condition
|
||||
- 1.3.6.1.4.1.232.6.2.9.3.1.5 # Power supply
|
||||
- 1.3.6.1.4.1.232.9.2.2 # iLO
|
||||
metrics:
|
||||
- name: cpqHeResilientMemCondition
|
||||
oid: 1.3.6.1.4.1.232.6.2.14.4
|
||||
type: EnumAsStateSet
|
||||
help: The resilient memory condition - 1.3.6.1.4.1.232.6.2.14.4
|
||||
enum_values:
|
||||
1: other
|
||||
2: ok
|
||||
3: degraded
|
||||
4: failed
|
||||
- name: cpqHePowerMeterCurrReading
|
||||
oid: 1.3.6.1.4.1.232.6.2.15.3
|
||||
type: gauge
|
||||
help: This is the current Power Meter reading in Watts - 1.3.6.1.4.1.232.6.2.15.3
|
||||
- name: cpqHeHWBiosCondition
|
||||
oid: 1.3.6.1.4.1.232.6.2.16.1
|
||||
type: EnumAsStateSet
|
||||
help: This value indicates an error has been detected during Pre-OS Test (POST)
|
||||
or during initial hardware initialization - 1.3.6.1.4.1.232.6.2.16.1
|
||||
enum_values:
|
||||
1: other
|
||||
2: ok
|
||||
3: degraded
|
||||
4: failed
|
||||
- name: cpqHeSysBatteryCondition
|
||||
oid: 1.3.6.1.4.1.232.6.2.17.1
|
||||
type: EnumAsStateSet
|
||||
help: The battery condition - 1.3.6.1.4.1.232.6.2.17.1
|
||||
indexes:
|
||||
- labelname: cpqHeSysBatteryChassis
|
||||
type: gauge
|
||||
- labelname: cpqHeSysBatteryIndex
|
||||
type: gauge
|
||||
enum_values:
|
||||
1: other
|
||||
2: ok
|
||||
3: degraded
|
||||
4: failed
|
||||
- name: cpqHeTemperatureLocale
|
||||
oid: 1.3.6.1.4.1.232.6.2.6.8.1.3
|
||||
type: EnumAsInfo
|
||||
help: This specifies the location of the temperature sensor present in the system.
|
||||
- 1.3.6.1.4.1.232.6.2.6.8.1.3
|
||||
indexes:
|
||||
- labelname: cpqHeTemperatureChassis
|
||||
type: gauge
|
||||
- labelname: cpqHeTemperatureIndex
|
||||
type: gauge
|
||||
enum_values:
|
||||
1: other
|
||||
2: unknown
|
||||
3: system
|
||||
4: systemBoard
|
||||
5: ioBoard
|
||||
6: cpu
|
||||
7: memory
|
||||
8: storage
|
||||
9: removableMedia
|
||||
10: powerSupply
|
||||
11: ambient
|
||||
12: chassis
|
||||
13: bridgeCard
|
||||
- name: cpqHeTemperatureCelsius
|
||||
oid: 1.3.6.1.4.1.232.6.2.6.8.1.4
|
||||
type: gauge
|
||||
help: This is the current temperature sensor reading in degrees celsius - 1.3.6.1.4.1.232.6.2.6.8.1.4
|
||||
indexes:
|
||||
- labelname: cpqHeTemperatureChassis
|
||||
type: gauge
|
||||
- labelname: cpqHeTemperatureIndex
|
||||
type: gauge
|
||||
- name: cpqHeTemperatureThreshold
|
||||
oid: 1.3.6.1.4.1.232.6.2.6.8.1.5
|
||||
type: gauge
|
||||
help: This is the shutdown threshold temperature sensor setting in degrees celsius
|
||||
- 1.3.6.1.4.1.232.6.2.6.8.1.5
|
||||
indexes:
|
||||
- labelname: cpqHeTemperatureChassis
|
||||
type: gauge
|
||||
- labelname: cpqHeTemperatureIndex
|
||||
type: gauge
|
||||
- name: cpqHeTemperatureCondition
|
||||
oid: 1.3.6.1.4.1.232.6.2.6.8.1.6
|
||||
type: EnumAsStateSet
|
||||
help: The Temperature sensor condition - 1.3.6.1.4.1.232.6.2.6.8.1.6
|
||||
indexes:
|
||||
- labelname: cpqHeTemperatureChassis
|
||||
type: gauge
|
||||
- labelname: cpqHeTemperatureIndex
|
||||
type: gauge
|
||||
enum_values:
|
||||
1: other
|
||||
2: ok
|
||||
3: degraded
|
||||
4: failed
|
||||
- name: cpqHeFltTolFanLocale
|
||||
oid: 1.3.6.1.4.1.232.6.2.6.7.1.3
|
||||
type: EnumAsInfo
|
||||
help: This specifies the location of the fan present in the system.
|
||||
- 1.3.6.1.4.1.232.6.2.6.7.1.3
|
||||
indexes:
|
||||
- labelname: cpqHeFltTolFanChassis
|
||||
type: gauge
|
||||
- labelname: cpqHeFltTolFanIndex
|
||||
type: gauge
|
||||
enum_values:
|
||||
1: other
|
||||
2: unknown
|
||||
3: system
|
||||
4: systemBoard
|
||||
5: ioBoard
|
||||
6: cpu
|
||||
7: memory
|
||||
8: storage
|
||||
9: removableMedia
|
||||
10: powerSupply
|
||||
11: ambient
|
||||
12: chassis
|
||||
13: bridgeCard
|
||||
- name: cpqHeFltTolFanCondition
|
||||
oid: 1.3.6.1.4.1.232.6.2.6.7.1.9
|
||||
type: EnumAsStateSet
|
||||
help: The fan condition - 1.3.6.1.4.1.232.6.2.6.7.1.9
|
||||
indexes:
|
||||
- labelname: cpqHeFltTolFanChassis
|
||||
type: gauge
|
||||
- labelname: cpqHeFltTolFanIndex
|
||||
type: gauge
|
||||
enum_values:
|
||||
1: other
|
||||
2: ok
|
||||
3: degraded
|
||||
4: failed
|
||||
- name: cpqHeFltTolPowerSupplyStatus
|
||||
oid: 1.3.6.1.4.1.232.6.2.9.3.1.5
|
||||
type: EnumAsStateSet
|
||||
help: The status of the power supply. - 1.3.6.1.4.1.232.6.2.9.3.1.5
|
||||
indexes:
|
||||
- labelname: cpqHeFltTolPowerSupplyChassis
|
||||
type: gauge
|
||||
- labelname: cpqHeFltTolPowerSupplyBay
|
||||
type: gauge
|
||||
enum_values:
|
||||
1: noError
|
||||
2: generalFailure
|
||||
3: bistFailure
|
||||
4: fanFailure
|
||||
5: tempFailure
|
||||
6: interlockOpen
|
||||
7: epromFailed
|
||||
8: vrefFailed
|
||||
9: dacFailed
|
||||
10: ramTestFailed
|
||||
11: voltageChannelFailed
|
||||
12: orringdiodeFailed
|
||||
13: brownOut
|
||||
14: giveupOnStartup
|
||||
15: nvramInvalid
|
||||
16: calibrationTableInvalid
|
||||
17: noPowerInput
|
||||
- name: cpqSm2CntlrInterfaceStatus
|
||||
oid: 1.3.6.1.4.1.232.9.2.2.17
|
||||
type: EnumAsStateSet
|
||||
help: Remote Insight/ Integrated Lights-Out Interface Status - 1.3.6.1.4.1.232.9.2.2.17
|
||||
enum_values:
|
||||
1: other
|
||||
2: ok
|
||||
3: notResponding
|
||||
- name: cpqSm2CntlriLOSecurityOverrideSwitchState
|
||||
oid: 1.3.6.1.4.1.232.9.2.2.27
|
||||
type: EnumAsStateSet
|
||||
help: Integrated Lights-Out Security Override Switch State - 1.3.6.1.4.1.232.9.2.2.27
|
||||
enum_values:
|
||||
1: notSupported
|
||||
2: set
|
||||
3: notSet
|
||||
- name: cpqSm2CntlrLicenseActive
|
||||
oid: 1.3.6.1.4.1.232.9.2.2.30
|
||||
type: EnumAsStateSet
|
||||
help: Remote Insight License State - 1.3.6.1.4.1.232.9.2.2.30
|
||||
enum_values:
|
||||
1: none
|
||||
2: iloAdvanced
|
||||
3: iloLight
|
||||
4: iloAdvancedBlade
|
||||
5: iloStandard
|
||||
6: iloEssentials
|
||||
7: iloScaleOut
|
||||
8: iloAdvancedPremiumSecurity
|
||||
- name: cpqSm2CntlrServerPowerState
|
||||
oid: 1.3.6.1.4.1.232.9.2.2.32
|
||||
type: EnumAsStateSet
|
||||
help: The current power state for the server - 1.3.6.1.4.1.232.9.2.2.32
|
||||
enum_values:
|
||||
1: unknown
|
||||
2: poweredOff
|
||||
3: poweredOn
|
||||
4: insufficientPowerOrPowerOnDenied
|
||||
version: 3
|
||||
# Reduce timeout to retry faster
|
||||
timeout: 1s
|
||||
auth:
|
||||
security_level: authPriv
|
||||
username: {{ snmp_ilo_user }}
|
||||
password: {{ snmp_ilo_auth }}
|
||||
auth_protocol: SHA
|
||||
priv_protocol: AES
|
||||
priv_password: {{ snmp_ilo_priv }}
|
||||
|
||||
...
|
||||
|
|
|
@ -42,4 +42,14 @@
|
|||
name: prometheus
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
- name: Configure MOTD
|
||||
include_role:
|
||||
name: update_motd
|
||||
vars:
|
||||
motd_messages:
|
||||
- key: 05-prometheus-federate
|
||||
message: >-
|
||||
Prometheus (en configuration fédération) est déployé sur cette
|
||||
machine (voir /etc/prometheus)
|
||||
...
|
||||
|
|
|
@ -34,9 +34,9 @@ scrape_configs:
|
|||
- '{job="postgresql"}'
|
||||
- '{job="prometheus"}'
|
||||
- '{job="unifi_snmp"}'
|
||||
- '{job="django"}'
|
||||
- '{job="ups_snmp"}'
|
||||
- '{job="apc_pdu_snmp"}'
|
||||
- '{job="docker"}'
|
||||
- '{job="switch_snmp"}'
|
||||
- '{job="ilo_snmp"}'
|
||||
...
|
||||
|
|
|
@ -39,4 +39,14 @@
|
|||
owner: "{{ service_user }}"
|
||||
group: nogroup
|
||||
state: link
|
||||
|
||||
- name: Configure MOTD
|
||||
include_role:
|
||||
name: update_motd
|
||||
vars:
|
||||
motd_messages:
|
||||
- key: "15-re2o-service-{{ service_name }}"
|
||||
message: >-
|
||||
Le service re2o {{ service_name }} est dans
|
||||
{{ service_homedir }}/{{ service_name }}.
|
||||
...
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
- name: Install resolv.conf
|
||||
template:
|
||||
src: resolv.conf.j2
|
||||
dest: /etc/resolv.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=r
|
||||
...
|
|
@ -1,11 +0,0 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
{% for nameserver in resolvconf__nameservers %}
|
||||
nameserver {{ nameserver | ipaddr }}
|
||||
{% endfor %}
|
||||
{% if resolvconf__domain is defined %}
|
||||
domain {{ resolvconf__domain }}
|
||||
{% endif %}
|
||||
{% if resolvconf__search is defined %}
|
||||
search {{ resolvconf__search | join(" ") }}
|
||||
{% endif %}
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue