Compare commits

..

75 commits

Author SHA1 Message Date
2e10714a79 Merge pull request 'NTP: simple fixes (logdir + local stratum + logchange support)' (#101) from ntp into master
Reviewed-on: #101
2022-08-30 13:50:35 +02:00
9b5e1d78fa Merge pull request 'Configure keepalived' (#100) from keepalived into master
Reviewed-on: #100
2022-08-30 13:44:24 +02:00
e86b17094b
keepalived: print link-local VIP first + silence priority warning 2022-08-27 13:47:08 +02:00
1d40950604
keepalived: add IPv6 support in playbook 2022-08-27 13:17:35 +02:00
9820ae62e8
keepalived: better support for notify scripts 2022-08-27 12:55:53 +02:00
c6ac61aa53
keepalived: add minimal support for keepalived 2022-08-27 11:15:18 +02:00
7daa55ef98 Merge pull request 'Bridge and VLAN support for ifupdown2' (#99) from ifupdown2 into master
Reviewed-on: #99
2022-08-27 10:26:28 +02:00
8cc6e916b7
ifupdown2: add sample playbook 2022-08-27 10:21:04 +02:00
34b0ed5478
ifupdown2: add ipv6_addrgen option 2022-08-27 09:53:41 +02:00
5485254c47
ifupdown2: add forward option 2022-08-27 09:28:07 +02:00
d5b0fd85c8
ifupdown2: add bridge_disable_pvid option 2022-08-27 09:18:16 +02:00
f6b12fd696
ifupdown2: add minimal support for bridges 2022-08-27 08:31:42 +02:00
76f76a0ca4
ntp: add logdir + local + logchange support 2022-08-27 06:52:38 +02:00
8bcc0af539 Merge pull request 'Configure /etc/network/interfaces and /etc/resolv.conf using Ansible' (#98) from ifupdown2 into master
Reviewed-on: #98
2022-08-27 04:55:26 +02:00
f723c3e1a4
ifupdown2: notify ifup -a + auto instead of allow-hotplug 2022-08-27 04:46:16 +02:00
1281a6a51a
ifupdown2: add playbook 2022-08-27 04:26:14 +02:00
15e2db49f3
add remove_domain_suffix filter 2022-08-27 04:22:15 +02:00
5ae7126ce2
ifupdown2: add support for stanzas with no gateway 2022-08-27 04:10:11 +02:00
a5a4d28ccc
ifupdown2: simple interfaces file configuration 2022-08-26 20:52:23 +02:00
e26d5dfc27
resolvconf: add role 2022-08-26 19:11:40 +02:00
3d2ce8f79f
ifupdown2: add minimal role 2022-08-26 10:13:37 +02:00
a29a205576 Merge pull request 'NTP: deploy everywhere' (#97) from ntp into master
Reviewed-on: #97
2022-08-26 00:07:57 +02:00
f5f570f635
chronyd: deploy everywhere 2022-08-26 00:06:25 +02:00
b00d5bc09e
chronyd: fix unit name + remove other ntp packages 2022-08-25 23:51:57 +02:00
4b2868783f
chronyd: fix typo in chrony.conf.j2 2022-08-25 23:51:09 +02:00
3830022279 Merge pull request 'NTP server' (#96) from ntp into master
Reviewed-on: #96
2022-08-25 23:16:46 +02:00
d2c1b1c07a
chronyd: add role + playbook 2022-08-25 23:01:00 +02:00
69dc3052ab
Merge branch 'master' into ntp 2022-08-25 22:21:49 +02:00
dbe9dbdc27
Add ntp-1.int 2022-08-25 22:21:38 +02:00
5c780ffa62
Remove copy-keys.sh 2022-05-22 18:57:17 +02:00
765d24685e
Set ask_vault_pass in ansible.cfg 2022-05-22 18:56:55 +02:00
c291e836a9
Fix missing entries 2022-05-22 18:55:23 +02:00
89d0a682cf Merge pull request 'Add dolibarr' (#92) from dolibarr into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #92
2022-02-26 23:31:51 +01:00
2a2702c6ca
Add dolibarr.srv.auro.re + PostgreSQL DB
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2022-01-10 22:10:03 +01:00
4a3ba6f366 Merge pull request 'Prometheus: cleanup' (#90) from prometheus_cleanup into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #90
2022-01-01 17:58:15 +01:00
Alexandre Iooss
a320907047 prometheus: fix typo
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2022-01-01 17:55:32 +01:00
Alexandre Iooss
9e4b8c2509 prometheus: remove ipmi target
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2022-01-01 17:15:11 +01:00
Alexandre Iooss
a24b473566 prometheus: reduce iLO SNMP timeout
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2022-01-01 16:45:32 +01:00
Alexandre Iooss
70c8e0ebe0 prometheus: monitor iLO resilient mem and battery 2022-01-01 16:45:10 +01:00
Alexandre Iooss
5ab3dcdac2 prometheus: use enums for iLO SNMP
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2022-01-01 12:04:01 +01:00
Alexandre Iooss
9b53daf42a prometheus: ignore ups-ec-2.ups.auro.re 2022-01-01 12:03:51 +01:00
Alexandre Iooss
40d9108b37 prometheus: add iLO alert rules
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-31 21:26:27 +01:00
Alexandre Iooss
2830558545 prometheus_federation: add ilo_snmp and remove django
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-31 20:04:24 +01:00
Alexandre Iooss
16a2d36472 prometheus: add machines to ilo_snmp
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-31 20:03:27 +01:00
Alexandre Iooss
733e9f555d prometheus: add _snmp suffix to ilo target 2021-12-31 20:03:04 +01:00
Alexandre Iooss
7d9ff449a7 hosts: remove passbolt 2021-12-31 19:41:51 +01:00
Alexandre Iooss
bcded46ed6 prometheus: remove JSON targets cleanup
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-31 19:40:22 +01:00
Alexandre Iooss
860a26a8dc prometheus: federate ilo metrics
All checks were successful
continuous-integration/drone/push Build is passing
2021-12-31 19:39:38 +01:00
Alexandre Iooss
fdeaa355ad prometheus: use longer timeout for iLO scraping 2021-12-31 19:39:23 +01:00
Alexandre Iooss
456c6b47b8 prometheus: add missing snmp_ilo variables 2021-12-31 19:38:35 +01:00
b81af51ccf Merge pull request 'Monitor iLO using SNMP' (#89) from prometheus_ilo into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #89
Reviewed-by: jeltz <jeltz@noreply@auro.re>
2021-12-31 18:40:15 +01:00
Alexandre Iooss
8c7031d059 prometheus: add iLO SNMP target
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-31 18:31:58 +01:00
Alexandre Iooss
67064484d5 prometheus: add iLO SNMP auth information
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-31 17:27:36 +01:00
Alexandre Iooss
50d9282316 prometheus: show failing job when machine is down
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-31 17:26:26 +01:00
Alexandre Iooss
265bd5fbb7 prometheus: use static targets
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-31 15:08:44 +01:00
Alexandre Iooss
944e200394 prometheus: add ipmi job
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-31 14:45:05 +01:00
Alexandre Iooss
f50778ca96 prometheus: commit production alert configuration 2021-12-31 14:44:50 +01:00
Alexandre Iooss
bc4dc03029 prometheus: add newline at the end of targets JSON 2021-12-31 14:44:19 +01:00
Alexandre Iooss
cc2ba9ff7b prometheus: deploy targets_ipmi.json 2021-12-31 14:43:47 +01:00
ba0be43845 Merge pull request 'vault: fix RFC2136 secret' (#88) from fix_rfc2136 into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #88
2021-12-29 13:20:01 +01:00
Alexandre Iooss
d2331c18d0 vault: fix RFC2136 secret
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-29 11:28:40 +01:00
1b9fc70649 Merge branch 'bashrc_root'
All checks were successful
continuous-integration/drone/push Build is passing
2021-12-16 05:56:57 +01:00
8dca876bbc Add a very simple bashrc for root
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-16 05:48:39 +01:00
515222f404 Merge pull request 'Fix SSH CA deployment' (#86) from use_ssh_ca into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #86
2021-12-15 17:31:29 +01:00
2f3612fd8e Deploy SSH CA everywhere and set root password
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-15 17:15:57 +01:00
475715c5f9 Deploy on all Linux hosts
All checks were successful
continuous-integration/drone/push Build is passing
2021-12-15 16:17:30 +01:00
7db282fffb Fix sshd.service → ssh.service 2021-12-15 16:17:11 +01:00
1ecffc2742 Merge pull request 'Borgmatic improvements (very old changes I forgot to merge)' (#84) from borgmatic_hourly into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #84
2021-12-14 08:01:16 +01:00
11937776c8 Merge branch 'master' into borgmatic_hourly
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-14 07:58:13 +01:00
79c44554a3 Merge pull request 'Deploy the SSH CA for user authentication' (#80) from use_ssh_ca into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #80
Reviewed-by: erdnaxe <erdnaxe@noreply@auro.re>
2021-12-14 07:49:35 +01:00
7212154fbb Split public SSH key into multiple lines
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
Respect the 79 characters per line limit.
2021-12-12 06:08:27 +01:00
e6363e9668 Use the Users CA for authentication
Some checks failed
continuous-integration/drone/push Build is failing
2021-12-12 05:56:54 +01:00
bb97bca456 Increase RandomizedDelaySec when hourly = 0
Some checks reported errors
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build encountered an error
2021-05-23 14:09:01 +02:00
c8a877282f Add 9 & 10 for Debian distribution
Some checks failed
continuous-integration/drone/push Build is failing
2021-05-19 15:29:40 +02:00
c6b768e1bb Don't run borgmatic every hour if not needed
Some checks failed
continuous-integration/drone/push Build is failing
2021-05-10 13:02:45 +02:00
44 changed files with 1583 additions and 551 deletions

View file

@ -1,41 +1,17 @@
# Ansible configuration
[defaults] [defaults]
ask_vault_pass = True
# Explicitly redefine some defaults to make subfolder execution work
roles_path = ./roles roles_path = ./roles
# Do not create .retry files
retry_files_enabled = False retry_files_enabled = False
# Use inventory
inventory = ./hosts inventory = ./hosts
filter_plugins = ./filter_plugins
# Custom header in templates ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S by {uid}
# Do not use cows (with cowsay)
nocows = 1 nocows = 1
# Do more parallelism
forks = 15 forks = 15
# Some SSH connection will take time
timeout = 60 timeout = 60
remote_user = root
[privilege_escalation]
# Use sudo to get priviledge access
become = True
# Ask for password
become_ask_pass = True
[diff] [diff]
# TO know what changed
always = yes always = yes
[ssh_connection] [ssh_connection]
pipelining = True pipelining = True

View file

@ -1,20 +0,0 @@
#!/bin/bash
set -e
# Grab valid unique hostnames from the Ansible inventory.
HOSTS=$(grep -ve '^[#\[]' hosts \
| grep -F adm.auro.re \
| sort -u)
# Ask password
read -s -p "Hello adventurer, what is your LDAP password? " passwd
echo
for host in $HOSTS; do
echo "[+] Handling host $host"
# sshpass can be used for non-interactive password authentication.
# place your password in ldap-password.txt.
SSHPASS=${passwd} sshpass -v -e ssh-copy-id "$host"
done

View file

@ -0,0 +1,40 @@
import ipaddress
from operator import attrgetter
import dns.name
class FilterModule:
def filters(self):
return {
"remove_domain_suffix": remove_domain_suffix,
"ipaddr_sort": ipaddr_sort,
}
def remove_domain_suffix(name):
parent = dns.name.from_text(name).parent()
return parent.to_text()
def ipaddr_sort(addrs, types, unknown_after=True):
check_types = {
"global": attrgetter("is_global"),
"link-local": attrgetter("is_link_local"),
"loopback": attrgetter("is_loopback"),
"multicast": attrgetter("is_multicast"),
"private": attrgetter("is_private"),
"reserved": attrgetter("is_reserved"),
"site_local": attrgetter("is_site_local"),
"unspecified": attrgetter("is_unspecified"),
}
def addr_weight(addr):
if isinstance(addr, str):
addr = ipaddress.ip_address(addr.split("/")[0])
for index, ty in enumerate(types):
if check_types[ty](ipaddress.ip_address(addr)):
return index
return len(types) if unknown_after else -1
return sorted(addrs, key=addr_weight)

View file

@ -1,224 +1,246 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
66666438656133326638326138663066643238626366633137646134376233336639326365653163 64313161633263303464663933363265373935633862653634643862343232643432343966376438
3737613361383538663934626164356535313133643730610a663634653164623665336136326430 6134633764383937373966346538306530316539303966320a363035303038616435383366656532
63383735653262393538383663653966623462326332653163316138313832346532326535336263 39346463396563626166333362306464343836386365303836356461323663633831636562393039
6638373331343838610a323166393664633431323461396135653464396236333235333134613834 3832636432626238350a666566323435623834396166656233306639333830343130326265616234
37333866663935653832613036643131306333653565623261346134396534316163366636363134 61666365663963643437386530363261306438376665386463376366363662656161316263303831
34653939363835303037666333623230643339333165613265653638376234646438393630383165 61393136363934316462616131326463333736656136643038623061313363386538393833663637
38376162626538383263626664373634343063623630326334313265323330656465343865306361 36373565333566306632313865646538633532393731313430633462666334323762653337383338
37643835366461353335626639646430633135616130646638376461316434306537346532353630 63313433333835653366363061343839326131666139346563306366656365316663333438363837
31373039303862613264653836313763333566663065383361343261343462633934343139326135 33323165353936343165646464306434303161313139653561346461653537616164623434376534
66393363393962636438383362613162303931316337626665336362633030653430346436326530 33666662343734633766356230383761353239333632613031396365346536373432363433633564
62326664396534626664383834613936356462393163666431333731613339353038336634623532 61633762393033343336373864653438336436613630366539333731383336346665313732396265
33633432363730616439386536626163383563333265386134356231376665336332376439333232 32356138666135383562656366353131366436363464643630656130303437623131333239386363
31336466633135646461373364363534636439356137616632616431363638386234303637626537 66373866393064306565306565386230373638633733326661333065633136633130323963323765
37653332366234386562656365333533326539353837343631636662666236643761323463376137 30353262323835313365383562326363343965636634376133613331363133313030346561653931
35343834636562646339316139613265393736376265636564386639646537323136616464306630 39363636636235646131353034663861336362383263613165323230366439383561653165363764
66333065323533663536336238356537373030333630626464363731313533313537346138616664 65366130623362623539393461363832353435616266393036386439303834316635366438393936
34313635636664636135633035356666613261373065636462306438386461663361326132363439 33383933366262636232383066663130383965306137356363363539633661373664613738336539
34396162373635313732653039326639366362653962376135613636396639656634313234396136 31363131616135623039346465623530376533386263343836376662316562386530336266303062
65363639393532653237613237313563343865613833373562643764333930326539303138636166 64386531303938623939653635313163633261336339366139666135323130653862346132646636
39313565653462613337616263663739333136393966663664653335333237626565636462663261 30363065303235346331333434653331646333616337623562643564366435613938643235333664
62313831663732616133396662343332353365356162353436333135393738323761363164653161 30626164373030303237656366623631396138333265383566333664663061613536666363623630
64393137343738393939316532613639373430656630386532366136393235383063626433396338 61623362383439636239336234333161366635306432363230366630383836326330343932303863
66373337343232343964326435653039386338623166616537383466653030613361396462323038 39393232373831363863333332636362396639663831656266336430313837666463336439353332
33623637323135313664306538323137333763653263326533323039373139396633313135333166 63303036633433323439613535326663633332346565646338353761363733643766363132666365
38356236653731373132353063643038623866653330623537356230306563646262343531333830 34303865656262303563323665363730663062626537363461646363636461633762663237366366
38626161393330303161313932616531326331633938656236313166313035613163323539353535 64393133656464643065633634313261336662646435313735306266316132636530393631353830
63343136643361333431353762643631643262633266346139353165393962326634363764373930 61303939373363323131316463333136326365333430626266376636356130396239323464353937
30363463623434633032366338316332313736656465366461633864373236653863393637636330 64616232373532396334343433636332353530386662633164353235626361623164313039336666
34313936666432363562633531666466356633616664663063363263356632343931333766663466 31636434666437393839393133633961373139313663616366373239386163623064373836376164
64633438333436623639333036636633366337383065313162666231613337306532653335363739 62316638366366376134386231306435616138656461373633393339653532363434393834393430
36356139303461336139323963383465376366633064343031303864373735656430666261643565 37363335623934306661333135343266663464623438353665613330356236323036363139643064
61323236623330636561653962323738323332383331303335663036626638383334333730303965 62383934363465316338393065383935646134353230376131613935613431656333383565353134
33383063323438393532306330393366326561323632623238613836396635656631373430343662 34643866353131653061623236306536363163373639396564336434653839346263303930633663
39333464643037666233373565633132386233353333313135306133343765373565393937656163 39393935636235313431303032336361313730373238333732626465346662363038636361383631
38316238383832343063666334663733313162303337313262666430363538626134313065373336 65393433346363366337383233646166306339653533646632623262376630383265393438326135
32393763633530326161333861333137363066366332613963393734663130613735393764653334 31643039333835666338383762336163336337343532393063323165636531353361613731363065
39613439643364333665383465633765363063313536383835303964363731376165383830616265 65303637396332613432663636326334646635346237396461636366356133303333306239393739
39663762306232646533353963353663343832353739333132366662306335313435663434383431 34353966653662346230383865643231313239626533643761366162613164333132373636623237
36323032333731373032313263396565643561656531643462613931313435616438366132393135 32356335643766646266646266633366363165373861306433316561363166363865303133633939
34303334383662386261386537373438373334623235643037613136653639353164353763613965 34633132343438363034323638376666313061383965323566646463653163313235373364386666
62346231613333353331376433633633353537646639393739356137316131313536343736366532 62393865373137343237306637363536383939303833663532396333313931336162333837613935
62313438326264303638323832653232643266626561303032666432353935396262316538333361 66383266343735396337663936333162323738383264376533316536376563396333343263643931
39323138313234363764303036656631323636626633316436626637333863383230613132353563 65646535363337373865353265306434356432353066656665366638353331366334366339613538
30623161643535643431663535386130643662616263343535326433353764626264343937383730 32373637633564613861626538373365336362313434633137613966353861393462623862663330
66616433623234316262343531643531396662356135336336356233393438656263316138613138 64386431373066306334383863366133333564373163386433313231363366393830343230323734
62323432306563313462366464653965663137383536633437653135343739393839343335366634 61633962356637326538336663386330653563353763663236623539363630626363323237333237
30333834656335383763643637366565633339386330386237313236373463353663363463616636 30656139626561313064323330373032323031343137366638303966313832646365666238326337
61326539363461343639366534643363353038663539366565653234646332626661613333336563 63306363613361653933306234386163383837666430616663383664386563323839326232383761
63663939343465366565653665376237313366376162363833366666373264383131386531396436 35373539626438356539393266653864353066633365383437623437356464383335383039343137
36383430613036633734346561633366613731373133373261626331336266383133653735646638 61373539343631373932373033656233323964353666626162386537616333366562346265656238
64353266653531613264373864353631626331343166656263303165326665326163313539336230 35396130356166303564303036383664656435626534303064653363316464616335303965376330
33656438613833306538643737663763343836393234633630633665393631373736353963343431 61646638383138323265313631613037396561626162306661653231646230343139656135333236
63666366303230386336363933613935313636316361346632626561376562386264666464333639 63303838316266333665636335663361656262353066666430656162323236633564313337353665
65396136623735326462316565356337363537343764653562653731386136366537306137666438 35363565303736633564356632346632343832363934343962313030646132663566346664313632
63646364646138316264336334363437363638393561343138323762626666643039633130623537 38393061613163356265643434626166393366366634343032626637333332316361663639623534
62363938323136326134633039646464353262393731313962373032623966343264333661393934 62323239373639393337373537646232663531653835356165313264663561623633633830373734
38336435346161306238373963396265376263336632646436663837356331663138366561316433 31336234613633666538373961626430316530346462343061323661353564323938353338373961
36623139336231366632323133623639356633393035333761363630633563306436326361306662 64616637303734303333626166306330613238646265636136653939363936356165356232396436
31383261343035636164313463333532373064393765363332336465663430326164373538333530 65353731633836363433616534636330663565643561363233396538386430393964353433616437
62393131666539343933393339306466336235396430326265656661643865663362616332343065 36343936313936303165396236393463646363383338366238363961666530623335653234656139
66613561326162313235613131336130333565363263343665373565386164376165646136386136 65346337663437623134376137326166323933613861663032623965643538343638376234316232
65656361316138303865636462326331353934376365613665316538616164646433356262663931 36333065323234663263343630353739313661373536316162366532336438373263303730626464
65363166386139383736643664353266613133353263313336613361616237633066356562616534 38613136393166626663636631363064303736666235333036616435373063363762666565363136
61303038666338313063383431313239393062653661393336333938663937306536383431646632 38333966303831313333613831313132633062616235353365313533386236613338373130303836
63623031323034643664663134626433323466376133636330316533663462383736623463633332 61326262313833306437366364316433393931353265326131653563656131333436376338613266
32373166313562613461643163366563656638346464343064636632373835393236336438633061 39326632613366666136643137303635336631353230396435313537656366326239626362313833
63363363353437356339643333356531633033376230313330393365626164666335623262313533 62653039343261613265306362323234623264366664306561663839306631663465303962386462
65373234346666663264373238663430373262313435316134313832303964656330386431663833 39353934643562383762623937643034383534393962333466613636346637323235346438666636
33313363366566303535326365353135303863363534646439626664323032346664656530396530 31613838313535666166663063373333653439313035346266666463623666613837313933623837
37633666383162343231333464633439643637356437383866303235616462346664316363336132 63343565663739393764353761316432626237346234663032316131306262356233333439323961
62376661323764323936666165366566636531363736306561663934653533653433666466343438 38646664383030303832646563393836643135303731306435383338623633626638306165386637
35306130323336613764633438626339636531626135373530373066363839313132346538613836 65393238653464623032336437643838333932366131656332333165376261383539386466343139
65623635346233363331633261303761393466636137346331383038613739636366616164306265 65613733383837323832303738363664653138613830376333363038383839623463623631666237
35646333653666373930303535643961343832653062303736613436666661323965373433363537 63363263396533353763373934373034643763376665316638353435663635346135333265363235
35626533386162333364333538653166663838613433353138396661303930613838623635636366 62663432343935343964626432353563313036303761393039386231343530663737633466643035
37626662303434303331666437363138336261303031343964383364313239623739343233353636 65343835353037643539316439666666633866356530363237373230373439373133313337653237
34373433343539613664313164653364353835346263643031626434333037353766376233663236 66613631373637313534353862653437393234363365323032393035376438616264336661616262
61313735303437393230663766323262383130623039393637633039316335383032346261323534 37336435326135373065353564383637626637343532396331623334643139386364316431376435
35656666306262353638623638366339353364383939306330343430366631386161343061346462 36356566363033636539363430356565373039363863396565643730656531346364626334393436
31623431626239376538663463393265366430626565396266393063646532353563663630623363 33343839303538383530363231366166623233333730323163323432373831313639626337346230
36663436346161303066633435353863663163376231303732363563313263326637346234666231 30333930333064393337616564386163623436613933623466353933393733346339383534633239
37656331623838366535303863376233356336613237353966653334343835613738343435646630 30633365313364666566643533326163336330323232353533316633313739343035383465376330
31353731613934653462356630313164313262363966356336323437653037386234303531636465 65356139386463633565366132383832643032333234633964373437633836343435393631396166
39393433373931393234633363383864336465346434333436643139643437656238623737363630 34633439643764623936366536353931646132373539326238303761383339643661616266646130
35656334396438623132373164366464646462353033623965663963633437356337346636633563 30393166393465326365393130636136336433623262346435353936306133616135653734383635
30376236303661323764643536353230373333316237323065616366363262643765666433623735 65393530633836613937346430366337626365363361663533313837363063396538663766646566
64323663666434653761313431333131343536626537393161373063363163393563343465633664 63373639653732353135343562353266316164303863336365303635653464393232613939396131
61356637636161386362363065313730366362373833633830353466356435323533356335636138 30636361343932663233663566656131363938656161623966316366656561343166336532613666
64346266316530376437663336663161376330326331663664653634633537613835366233356132 65613534663762353662353262623634616264373964316336626166353330303539356130646166
62636337613966306439613666336539313866323465366235396630353461613339623830336332 63643435353765633766626165643465386331333637366562393861613834323464363932306430
31653865663734616462356637303332303339393937313031326330373639643934326336366431 32643836646266643031396262626136313363623663366430376432373036643835653863323631
61383465373564393337333137616432626233306631623463316131633331346465646632326231 30613164326430633664306630333632363931656135643465363439376263386561383534633666
32616261666531613265383536653139653335616130333030363433646561336634643464646164 64323763656466343064396639313264386239356664663461333166626332326536623132333434
61383536336139376134336662353931623365353238333835353731373031323535373764303235 62303261643164643330333662623935383037353338306135613737306563326336336162633138
39656362383665366463363730356264313564313035393332353136323763373538643864663966 33623066373265663362303133363032343933306336396466383034636131333837313333326531
35313364323863643063353261613036346533326336633562623730363661333336336266626562 39336163313633623639303462313763656632633030336236643030343262653366633939643536
35373037366166323363343362616562346264626564356631303463636432343635383965633136 31636535393864663363353930363761623264343630396336396431663330323436613462633136
35663632306465353533383166666230363635326637656561333137366263376261383562386538 37336464353730643566393432343762333336653932333366636265343663323462626232623635
63613563663463643737333537646335353137333434313363656531333465623562653864306665 34346136333630363539633666316561376266373032373961313437653564636537656630303261
34313736346131636261663035326361613036393433346233373963333134616235393532333763 37313639333233333365383763333061373730623939303530303832646365323739356564626137
62313136623031393364316361663536353063383065613334663239353932646230306461333764 35633366393636376463393961333830343232363266633931613332643134643234303733373466
62306532653130353032306530636164363730323538613965323661393439613161356237656335 35323831623931633436626636346431303965663639666566623433383736633834626330303265
30343330336131393636646639306532333864646563303363313331613630313430303834653864 37353337656233663938663839373931623137666662623266336537383631626631306235363064
38313465303332303530326466373939343161633534353064333731343431336334303133343531 33313564316438633139336261623736336336326239376630316335313631376132646563333430
64336534623066333863666636326364353839613565643132643266333861636663313930363434 33656432643130643832343065353834633366363339353964623762666564633835633636313731
37656338356566646632393831613237613936663934333766633365373636643234346136633264 63353637636165663136623736343234393038313235333363643237643566623766393838386635
64643865613938366530613365326163376566616562383032633636393234373439656538343130 33646233623032653233336266636335666233353032303837663162303939383262373761623261
63666535646163346166396538386631373532626133643530326532353066313139656266313135 35366661363966346233633739663635353361303264356534366235616164316138623730623632
38633131613364306165646630346361303136636434653234633164333235666166613061626337 62316362623736396264366632373661373835393434343364353431316362666235616635633566
66396461636264616562666337343831303335373835386265666265616366393934323265333235 64353530633334393737346663653562346335323065356665643132353738363132623031353664
30346332373635633935616539323331326165666362316462633432353666633135653136373662 66666639326238386634363664356664343161386435323736316636343536326435303066353035
66306138633738653266336164346566616266626434356665386137313631646565646331303961 37363731613138393333636562386363333932386362303139643262386237353863363764643139
30383961373962333133396665333339333230356666636636643235373236346666333239353763 64616561373239346464623165616332623434303433626638376232333733646136376431626438
62653737313566376461336230623962353136666263656239373138353162666464633239386265 66613134343639656331626630303030366133356636663735353466353834613430356265386162
39646336313932306236346534643431373562636265306166653433636565353037363633653530 66613332663232623438636661306332613162666561353537313336643134663664306630636639
36393638663965613337646633363664663432303231366662646435626233303538346537366130 61613363353264373831393962333631383236666130646333336431303735333165656438363432
65336232353162323337303234633734356236373131626339316363666537666538623438313833 38396530333631636135653534393531326434306362396237366430383166323832336434376364
65383535636234303036346661373630303731663839323663336236643739303836333030343136 38393431646338316232373431613930326532646333386435303034356564336665346133393866
62326539356535323731373938393238613133636432323166326133336362313465326262353530 61643533643361646265313334633463616437393437653935613261366635616430313064346532
32613765633035616431656632366264633134626335356133363561383163396334313738376437 32363831613565313836376338646466323130373032613863323037323566643164653132633735
66383266396365336338383338646465616438386234353635303565326365396432383431616636 65636562653535626461396666643330386333663137613333643165656336633038323036373162
39346566306535306534383965313861343336326462316566643962346465333764653131383031 31376338613862333334643561313332326237646565633934323032626662633631633033623063
32306533313137346166653863386134623062653637346535383130643936656331613866346337 63306664656437663732323339383735306132616531373865323835633264333639336163366466
61366632316332316664613031323033626235326461336133343335323531633639363465306438 33373433653839393638323034623835643531393266306331313563613265616633353763653438
66616262353066363637616530396362626161396439613134373537643266666562386436346638 65363532653163303861383531356639316331343531666666636336373634636134633331366364
63623033353734373062373365663733666161366262303030306162386366653933326234646333 62366230366435323435613964636533353236373935626632623536396664313264653031623062
61633337326265326334346261343663633539373533613963636438663638306130646234386434 33366166343630313839366262313234346262343336386538336335393835646138666330656361
38346537623566313763383064666639376237656662383865653162336234303232386439373962 61313936323838653832633130346539636363613838343363663431623063333933383466353938
31383961616333623736626534333536356136613137636662353664396135623134343663646638 65383361333561383631643938613862343236346233363466333237316339616362366565306639
64376366346534663132616265356263356638303162306233383230363636323962333963353262 39356563656132303463346138356435303038303165363935343266396462326365363262393336
64343232373063313036616634613939623433373262386134633233643635306137373630316334 37396235366639623761366239386165613065626431633733306234343866663266633631656237
65336466646532343633663739626336393730383836653065356632333533633162646437366665 63643430383433393835663635356265636635363137613064353066313338346436356632346265
31376531383262373566323664323161346563626366623133643462636363393835373834313862 38393730336465396263373137383238653337396364643061303234666266663064663265383434
61323533306137356330666531366466303230653864386566613535363465313063363962653666 36636138643432373633313038393737663735363838396164366234643533633762383062353831
62333639636332366537363631623430376163396333333663396430393334343732626361306439 66326231363337323666386263373438656630346336663239643030386434636264666634393631
31623862663736633362373466626333663964356162653337633039323138353035656562396132 39313364333761343532346165396365306463393037643935666363323630326664616638313338
33333837396164646564623735366266376562623835656566393361633730616130373931663461 39396336653738353333343835363861643166376565346463303135376439336134666235623230
62376537613661616135346562393539346632343530363335373965323664653463383637656336 32363031303732666133386164313437366164326539373564623236356432303132633436323563
31383835363931393537646132656164653730323639373835336334653561363835373663363730 36323634373538376133613736633133356638323861636434646465643432636366376138636232
32376435626431356336633939326636313834346666656237376264633162323062663238353537 63633830613462613831313938326339343632393038376639623131366364623536353338363439
34376336616234373165313064396361356263383239393036643761613630666230346361336666 32613331623863336165636364616634303264356630303665383638663737343836663831363263
32333462313161656563323534393936373535316236393865636630366263373765323632643065 63366562393734323030306436346534626530656465396535323835316139633562363830373437
66396465306234623565663139613830356139376135336230373364646465343562373361646337 63626530326530383538623165356532303862353763326432373966626436303465373431373762
63363937663461636334366630303530343065323065633965643561366264613865356235636337 38613539623164353732623636376630643465343839666531306438326633343362306665366132
65616564636635376635623937303330386537323966353034363331316363653136653939376439 39396537366266353864656232616334336130333337306463313932393832653661343036396261
33323262396138316665383163306131383331623338343263353638343033323638323462303439 64613461633433356334623631643861303133383963336635623138326139613564343838366565
33333631623638616430356666663161636534313038373130663030356537653265363232386530 36343130353462333162313736636139306233366466626231306561626335396262663531333839
31646637333263613937646330363139353531373361376466396331386266393264366239356237 61336437343137356335633764373730306466326133356331333530353537616661373062656438
66336333663665393035626639376163623435666530656563336434626238373736336335613036 35356235666464656466323937353837623535643937383866666133383633396563333338633034
37303038646534363161343735633330343734616339633039376539343438373264393938663463 38366531613164363966323137646237393135383164643230663331306335636432656565633636
32356562353161396230373239653631323038383661383037393761323131323038643064656665 34343031633632346533353666353034666266666561346464306665386634313263323333653330
65346362373430656162346438653533306638303364386438383436333232363033383933666562 66323033393531343633356466613837346164393332613037636465343230623731616361336338
32336630303932303636653438336462313466393463343363633662383237643837323363353765 61373332373636646435353734386366613334323161626437396232613534613330613532323534
31666537643665343431613462616663303732666535363536613534656236356237336564363134 65653065386432313733663165616333663666363733623162306536303833663136353334656466
33633266396630393837363364303963663435646166363566356530313835316236346332633164 64353931363838613761663561666639373865393438396565626661343934353662363834636535
62656636643930363235636162646166626337326535643565616139363738396631613665626536 65363664393433313036383438643864663339626331343230343337316437336634636363303563
66303238363335656538353265383864663436363834633664653433333163643537333433383766 35373539383535353235633730386232363539616632336566376264393832383637663330613133
66613437366632346263623233646338316239316430303336323465656531326637323263343162 37643261363966633138373935333438393536373938383265373261363232343030373539366335
31346632363464313637373766303765323435663939353063313236373632393866363562346335 61633162663137643061363366653135323639363838626266386262666133306461333432313738
33386334653833663832396536663031613432656665306662396135363632333961663663386635 30313332626166303630363839396663396564633961383863326663356230343938643833303933
62653631623636623963616431613131393734396365333131386433613561646266623739353330 34333032353935323565346633363537656639613663356130383264373739636231363364613066
35336234653334653030356261353438363232366230316366313661626261646633333365393563 36653664346434393933383337313630623131396461343930383537633536643365306564396665
66636532326239623463303662386536313461376464633738633038346664373032373364336166 31353861643335353538623838393335326364393738376239623431306231363739656438626265
65306433316365613261383534326530376430323938306265313838626536373530636533336462 37666532336661306262303761616238666239623265663231386165353437366631376234343035
33323034393765613737666237303233333439656463306633343237633634396331306338336139 33393037316563373534373765616238616639303031346430623561663430393536303163613338
30336637633064373033363333353838646365313733646461663763373661366237366433363638 65353062336164626335376235656235343637366438353334356436653266333062663838316263
31303565396133313932636665663261393136623730663535396337663961393363626435663062 32623732306462356162623437393035626433336631643833626463656634366332613936346465
34343536383864323231653632393839616539333438353039633764336535653962393135333035 34653331363133373635633330363564333264623566613432383439396537343963653239336265
39343332396130643239633639353661623565323861303137303764633266613130323431636164 33326132663434363065646265646130333935303662623037363938313464366564323734333437
65653235386661333363653665626231356331333666363133343830326431396366373064653063 36336335303738643634653164306332636130316161393335656536386131396662616366383139
61316233633635663866356261383766666430663130636166656330356639666233386131313737 36663863343736666665363337663537326330323437346565346465326231366563643136366365
62333637366430636362316166356464643361363165616630393461356661396263316234346562 37636361343961326261336437616266373962643765346438333766306537303137353764396330
61653032333639383762353335643036616566666230666465646338663834666161626263623862 39626635373631353635313935363834363730386132376363663462653330623130663266373432
36383166623766623730333337313932363337356430373165666537346637316438313133656362 65343237326535613535386363396236336536366165306463643162346638623638373433646163
65303936363730356131316232346433376261656661353533613265343065356539343366383538 62613935363636353639623839396231393838303135346536383037353636613563323234626131
32366561663366656562356666303936336663353964623263336435653964626133383332373436 64373666303436393861373164376564646235366131343433623733663832653039393738343537
30346236633266613363626632636464366435383430323365383436626361336531353363313439 65323534343464613230346532623966616462353532373064623566626563336464326336393364
65663664623531363039303431303137623164633332616436353631633361383536616330363737 39626237646431313135323036303065343138616632343237396136366332636132303037376132
39656535666131333863363832353664326534646233346435623937646566623466646131383335 33623031623635653162616265316366663262373666636638386130643336383130643232643662
37643038306363336638393132666464393636623331306366636435633335333064383630393763 34326663343562613962343033396332303261636230353331313730336630633461333736626333
62346366613238366532343761323663633137393133306564386533643132323661323938643933 66636430643330383032646634396133626339623036333963396662313234623466366634636334
37316165346536393465613233666166633935666361376131613762383933363935353034653662 33373762386662613966353664346239666133656435353365653536356331613632666132376264
30393138633665366336373038326436353932613138396462383163376361356435376462333237 62613433366633663065306166396166633836306139376533396165393966323465303638373563
66363535616639356336323838653633323064643635373630653639613834386465363536306664 63326330323161303065643365343363313338326238363137663139613463613434643834613662
34303831366364346361643564616435396661373765323530396635376161316334356137656664 64663365633965653363633165653038333335333232633434323037643936646561376431626230
61333762366365633038653934653436613637636132353062373134316162336539653239613333 66356138373136366134373533386634373061666330663364376336383433306331386162393633
34383666643136373337303466346165363137306563643964303839626264323231343262303836 33636330643531396464313736363061303466393861613730323563626363643731333633366532
36643664633535326166313832666230656532353538363765316362336136323430636666356339 64646130636234653566346533323962353332653335336239353630633535623935396638663366
30656635343038646131663837313232316262393863613863393031386336663730613761393466 37383661343636613261623833653032373764653164346634663431653664636233323734666166
65343331346435393764343565326531653263336463346633653231643937323237383134626462 36373664306566663930353338366431623563396166356638626166333165623263636336613138
32383362633666303131376164353261353232393036353636626566633862383063356136333036 34343936393964666564306637346561393538383137663162663630336462656663316338376236
64346239363633393065633631343061343639323437303163343565646661366265643133386465 63633666333263663734353861633164653132663334306664643133663736663766626639393236
30616235653231623263353736636231356136653236366531316131323635333137643666373437 32653430333163313363343731666135656662363838366132383732346130313130363365656263
61336435613237306430343966383839663261386335616234363864353632653433393033656433 32643533393163376264653632663262353966306630333064313932616262323134326361633764
39613835326130383864373832663536383261363135303664383131636164316634383831363233 63383837303936616434616630653833653833623263623532306363373836323431393335623530
34386639616233373731306537633962383565336565343434663361343062326435343565666632 34316562343035326265333164643163356230643639373431326431303538346363376332373434
64303830326436613932333161333930656666306165316333386237633161366161303537383465 31313666313663343363353130306561646136393732663164393232636330663635346434343134
63326265626662376136636131323261643234656239316131383235636336303733386632633436 33663138663336636430373763396435323138373633666438623234363631336232366635366532
65636663626434303637616366626463346533616237306130666365366564333735383032346635 62616239663934653462656163326134303261376635323864633435383666363065656665303538
31623663363164316362343933663530663038616137633235656466366565306331343961343362 62626538343638366236646136363232373437336630383739656438636465326531646664366462
65333935653664323266356637616532393538653231383935643432363838343335656165633832 36353663626634386538336239623734323234393463313034303837363164363263623065613061
65626531316161646233626337626165656133643362626263363261326363306439353863353633 38333162646232366339333662313965663336613238386530393162346266636532353433656136
38323161383739336631373266303633363964663833643130643235366137383637663134623664 66326436323836376432313238613165373565643233333435393361636637653361616435393438
37363363306632646433376133383964643965623833373436663436393164666430363663363036 32383763393561343734643438346635613663393736613839623263663866336165343235663933
62346538353538356566623562666166383162666537656335346337643132303339326333363933 66623137616561313462653631613830363666653635336534643935373739353138363934656134
31396461346434623362353863303335623866316562316234386538343364343561333937326166 35663063396162623432373534333463376231666466393963336231653939326663396336383735
33613237386239613533653036613636666662616461613031623065323630333766653265666439 34633763336163313432616163313638623963306666643432306661393632346339373963633265
37653936303438333235366232343436346463643330373038646330306236643737386330663266 32303862643661376433356661383335313365306534663534396638313531373538326236636363
33323631303836363239663731623435666630626335663134393532306235343033663365613237 37626138333437393363323261336663653163643565303063313231346131376261653763356631
61643233356264306465623062303231643335643737366434306663393035613365616139646538 62306262336337366134626632333663363139393131306666303235303761623665356431646234
34613338346633326432353064336233343765633638626639643430333233353235616639626239 33666461663035303066353137623762653565353533613435663839396238336337333463636465
61663361643636653930666437633865386537383163643832326665316465616232636266366539 38353135356634626137376232613330393235383432356436393030313564306537616363383136
62653061396265393831396431626462663033383637363565313531343764383931663665613064 66356463373138313661373565326565343066643133633630313031303132313031663739316631
39383461353133306434323562393136313536623739353235346565376134306636613465633630 66666631386163313034306532393862393930653931363235396662366262636466363464396466
34633737633536353338663061373738336337633134636639663730366537343463373635653833 61303962303066633764393831396632626233343633313061323838623134373036393164633139
62393937393232316161366135353638666466373639613363653032666530633634306639333366 30303861636335636131376334376239636235653233323435623262366132663934613661333135
38386432636639386435306638383035353134373261663038616137336164396235356131323038 61386136326435363337316363666330363431613135663661303438383664663930656564373730
61333031316666353336343638623963616266643432613533616466353362353565363237636630 32373731393666333364633835646431646662313232383136616238303264383438663766356462
38343662623838666134356537353434383564616335363032663436333133613762383063353562 32346664376430663934626661663039656461383738626265346162393861346163656161323333
66646138383064636463623939643834396165633164333038373938636631306439356436373561 39323666643031376530303230626166613233383731363766373634623430633635303963313466
64663835393863353131343334633137346162373838353738323938313162396165393632316566 34646331363539636133373134353535356265393265393635323532323134643034343663636362
65326462613361643964386564376464353666386133616666623039366638383236653832393665 38633261613433393634396234396265623063346138363133646532366638306632396464646432
623466653930303838323161316265323031 61373961383438386535336131393633303430346162613738343839653038303035303033626535
37343030623530333332306265373539633735616634663666356437303862636338363866613861
38346130336338373865343866306665616530313938616366346131376262346135323537663137
39383366313766666234323234363937623264353532323033363966313135653163343036666262
34393832613034383239393930383063336131356364303231323966303633333331633666373764
65383137333965663234663933303231356165376233326233303035316536666563656363343933
36633039666432643135636331353932633164633964623661373739633665313433306561303637
62373534346562363132643063643732343462653838393635343266626535353864656437313434
34376538303965616539626534613431623834376337643936613137323031323139393762636463
66346664666361623636666533663037613434353135393862376633636233656330366136646434
30653735323961383130393763333630306131376430363436623238646632363462383739653636
37346566663039383866323639633565366338353438386461616239313639343766333661346435
33316538366463383733346663316564656566656165396465393461363061613239666165346661
62346639623163363762366431313831663135643062336363323336303737393437653863303665
36643466336566336236353166333063633830646461626262333937316162353365353130353535
30383164363532363532306364393236303537383139643431393962333063633162313033613561
32323434336364343061386666616639336566373461633462393130336461303531353436623065
65663430623066336533373662306566396263376562343936666166626666323964373334613835
64633535303365643564626562643562636363363834353865353765356665643965663861366436
63333736613232353130616466316637613966646139323565356537666331666564623832333439
36376131663431616430616265323039646432393166613631313762613264313765323231663961
65616636306362386534626130636261636566626365643630616135323634343935653033653433
3061

View file

@ -13,6 +13,8 @@ loc_reverseproxy:
to: auro.re to: auro.re
- from: 92.222.211.195 - from: 92.222.211.195
to: auro.re to: auro.re
- from: codimd.auro.re
to: hedgedoc.auro.re
reverseproxy_sites: reverseproxy_sites:
- from: phabricator.auro.re - from: phabricator.auro.re
@ -27,6 +29,9 @@ loc_reverseproxy:
- from: passbolt.auro.re - from: passbolt.auro.re
to: 10.128.0.53 to: 10.128.0.53
- from: auth.auro.re
to: 10.128.0.150:8089
- from: riot.auro.re - from: riot.auro.re
to: "10.128.0.150:8080" to: "10.128.0.150:8080"
- from: element.auro.re - from: element.auro.re
@ -34,8 +39,6 @@ loc_reverseproxy:
- from: chat.auro.re - from: chat.auro.re
to: "10.128.0.150:8080" to: "10.128.0.150:8080"
- from: codimd.auro.re
to: "10.128.0.150:8081"
- from: hedgedoc.auro.re - from: hedgedoc.auro.re
to: "10.128.0.150:8081" to: "10.128.0.150:8081"
@ -56,6 +59,8 @@ loc_reverseproxy:
- from: cas.auro.re - from: cas.auro.re
to: "10.128.0.150:8085" to: "10.128.0.150:8085"
- from: rss.auro.re
to: 10.128.0.150:8090
- from: status.auro.re - from: status.auro.re
to: "10.128.0.150:8086" to: "10.128.0.150:8086"
- from: "kanboard.auro.re" - from: "kanboard.auro.re"

34
hosts
View file

@ -10,6 +10,9 @@
[aurore_pve] [aurore_pve]
escalope.adm.auro.re escalope.adm.auro.re
services-1.pve.auro.re
services-2.pve.auro.re
services-3.pve.auro.re
[aurore_vm] [aurore_vm]
routeur-aurore.adm.auro.re routeur-aurore.adm.auro.re
@ -39,9 +42,15 @@ litl.adm.auro.re
log.adm.auro.re log.adm.auro.re
netbox.adm.auro.re netbox.adm.auro.re
grafana.adm.auro.re grafana.adm.auro.re
dolibarr.adm.auro.re
infra-1.router.auro.re ansible_host=10.129.0.245
infra-2.router.auro.re ansible_host=10.129.0.246
[aurore_testing_vm] [aurore_testing_vm]
[aurore_ilo]
escalope-ilo.adm.auro.re
############################################################################### ###############################################################################
# OVH # OVH
@ -55,7 +64,6 @@ proxy-ovh.adm.auro.re
[ovh_vm] [ovh_vm]
serge.adm.auro.re serge.adm.auro.re
passbolt.adm.auro.re
docker-ovh.adm.auro.re docker-ovh.adm.auro.re
switchs-manager.adm.auro.re switchs-manager.adm.auro.re
ldap-replica-ovh.adm.auro.re ldap-replica-ovh.adm.auro.re
@ -81,14 +89,23 @@ dhcp-fleming.adm.auro.re
dhcp-fleming-backup.adm.auro.re dhcp-fleming-backup.adm.auro.re
dns-fleming.adm.auro.re dns-fleming.adm.auro.re
dns-fleming-backup.adm.auro.re dns-fleming-backup.adm.auro.re
ntp-1.int.infra.auro.re
prometheus-fleming.adm.auro.re prometheus-fleming.adm.auro.re
#prometheus-fleming-fo.adm.auro.re #prometheus-fleming-fo.adm.auro.re
radius-fleming.adm.auro.re radius-fleming.adm.auro.re
dns-1.int.infra.auro.re
isp-1.rtr.infra.auro.re
isp-2.rtr.infra.auro.re
dhcp-1.isp.auro.re
dhcp-2.isp.auro.re
radius-fleming-backup.adm.auro.re radius-fleming-backup.adm.auro.re
unifi-fleming.adm.auro.re unifi-fleming.adm.auro.re
routeur-fleming.adm.auro.re routeur-fleming.adm.auro.re
routeur-fleming-backup.adm.auro.re routeur-fleming-backup.adm.auro.re
[fleming_ilo]
marki-ilo.adm.auro.re
[fleming_unifi] [fleming_unifi]
fa-0-1.borne.auro.re fa-0-1.borne.auro.re
fa-1-1.borne.auro.re fa-1-1.borne.auro.re
@ -205,6 +222,10 @@ unifi-pacaterie.adm.auro.re
routeur-pacaterie.adm.auro.re routeur-pacaterie.adm.auro.re
routeur-pacaterie-backup.adm.auro.re routeur-pacaterie-backup.adm.auro.re
[pacaterie_ilo]
mordred-ilo.adm.auro.re
titan-ilo.adm.auro.re
[pacaterie_unifi] [pacaterie_unifi]
pc-1-1.borne.auro.re pc-1-1.borne.auro.re
pn-0-1.borne.auro.re pn-0-1.borne.auro.re
@ -260,6 +281,10 @@ radius-edc-backup.adm.auro.re
ldap-replica-edc.adm.auro.re ldap-replica-edc.adm.auro.re
prometheus-edc.adm.auro.re prometheus-edc.adm.auro.re
[edc_ilo]
caradoc-ilo.adm.auro.re
chapalux-ilo.adm.auro.re
[edc_unifi] [edc_unifi]
ee-2-1.borne.auro.re ee-2-1.borne.auro.re
ee-2-2.borne.auro.re ee-2-2.borne.auro.re
@ -291,6 +316,10 @@ radius-gs-backup.adm.auro.re
prometheus-gs.adm.auro.re prometheus-gs.adm.auro.re
ldap-replica-gs.adm.auro.re ldap-replica-gs.adm.auro.re
[gs_ilo]
lancelot-ilo.adm.auro.re
odin-ilo.adm.auro.re
[gs_unifi] [gs_unifi]
ga-0-1.borne.auro.re ga-0-1.borne.auro.re
ga-1-1.borne.auro.re ga-1-1.borne.auro.re
@ -360,6 +389,9 @@ dns-rives.adm.auro.re
radius-rives.adm.auro.re radius-rives.adm.auro.re
routeur-rives.adm.auro.re routeur-rives.adm.auro.re
[rives_ilo]
loki-ilo.adm.auro.re
[rives_unifi] [rives_unifi]
r1-1-1.borne.auro.re r1-1-1.borne.auro.re
r1-1-2.borne.auro.re r1-1-2.borne.auro.re

27
playbooks/chronyd.yml Executable file
View file

@ -0,0 +1,27 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- ntp-1.int.infra.auro.re
vars:
chronyd__allow_networks:
- 10.128.0.0/16
- 2a09:6840:128::/48
chronyd__pools:
- 0.pool.ntp.org
- 1.pool.ntp.org
- 2.pool.ntp.org
- 3.pool.ntp.org
chronyd__local_stratum: 10
roles:
- chronyd
- hosts:
- all
- "!ntp-1.int.infra.auro.re"
- "!unifi"
vars:
chronyd__pools:
- ntp-1.int.infra.auro.re
roles:
- chronyd
...

213
playbooks/ifupdown2.yml Executable file
View file

@ -0,0 +1,213 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- ntp-1.int.infra.auro.re
- dns-1.int.infra.auro.re
- dhcp-1.isp.auro.re
- dhcp-2.isp.auro.re
- isp-1.rtr.infra.auro.re
- isp-2.rtr.infra.auro.re
vars:
# TODO: netbox
ifupdown2__hosts:
ntp-1.int.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::203/56
- 10.128.0.203/16
dns-1.int.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::127/56
- 10.128.0.127/16
dhcp-1.isp.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::204/56
- 10.128.0.204/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
client-0:
addresses:
- 100.64.0.2/27
vlan_id: 1000
vlan_raw_device: clients
client-1:
addresses:
- 100.64.0.34/27
vlan_id: 1001
vlan_raw_device: clients
client-2:
addresses:
- 100.64.0.66/27
vlan_id: 1002
vlan_raw_device: clients
client-3:
addresses:
- 100.64.0.98/27
vlan_id: 1003
vlan_raw_device: clients
client-4:
addresses:
- 100.64.0.130/27
vlan_id: 1004
vlan_raw_device: clients
dhcp-2.isp.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::91/56
- 10.128.0.91/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
client-0:
addresses:
- 100.64.0.3/27
vlan_id: 1000
vlan_raw_device: clients
client-1:
addresses:
- 100.64.0.35/27
vlan_id: 1001
vlan_raw_device: clients
client-2:
addresses:
- 100.64.0.67/27
vlan_id: 1002
vlan_raw_device: clients
client-3:
addresses:
- 100.64.0.99/27
vlan_id: 1003
vlan_raw_device: clients
client-4:
addresses:
- 100.64.0.131/27
vlan_id: 1004
vlan_raw_device: clients
isp-1.rtr.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::255/56
- 10.128.0.255/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
bridge_disable_pvid: true
forward: true
ipv6_addrgen: false
client-0:
forward: true
vlan_id: 1000
vlan_raw_device: clients
ipv6_addrgen: false
client-1:
forward: true
vlan_id: 1001
vlan_raw_device: clients
ipv6_addrgen: false
client-2:
forward: true
vlan_id: 1002
vlan_raw_device: clients
ipv6_addrgen: false
client-3:
forward: true
vlan_id: 1003
vlan_raw_device: clients
ipv6_addrgen: false
client-4:
forward: true
vlan_id: 1004
vlan_raw_device: clients
ipv6_addrgen: false
isp-2.rtr.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::158/56
- 10.128.0.158/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
client-0:
forward: true
vlan_id: 1000
vlan_raw_device: clients
ipv6_addrgen: false
client-1:
forward: true
vlan_id: 1001
vlan_raw_device: clients
ipv6_addrgen: false
client-2:
forward: true
vlan_id: 1002
vlan_raw_device: clients
ipv6_addrgen: false
client-3:
forward: true
vlan_id: 1003
vlan_raw_device: clients
ipv6_addrgen: false
client-4:
forward: true
vlan_id: 1004
vlan_raw_device: clients
ipv6_addrgen: false
ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
roles:
- ifupdown2
- hosts:
- ntp-1.int.infra.auro.re
- dns-1.int.infra.auro.re
- dhcp-1.isp.auro.re
- dhcp-2.isp.auro.re
- isp-1.rtr.infra.auro.re
- isp-2.rtr.infra.auro.re
vars:
resolvconf__nameservers:
- 2a09:6840:128::127
- 10.128.0.127
resolvconf__domain: auro.re
resolvconf__search:
- "{{ inventory_hostname | remove_domain_suffix }}"
- auro.re
roles:
- resolvconf
...

32
playbooks/keepalived.yml Executable file
View file

@ -0,0 +1,32 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- isp-1.rtr.infra.auro.re
- isp-2.rtr.infra.auro.re
vars:
keepalived__virtual_router_id: 80
keepalived__interface: ens18
keepalived__virtual_addresses:
client-0:
- 100.64.0.1/27
- 2a09:6841::/56
- fe80::1/10
client-1:
- 100.64.0.33/27
- 2a09:6841:0:100::/56
- fe80::1/10
client-2:
- 100.64.0.65/27
- 2a09:6841:0:100::/56
- fe80::1/10
client-3:
- 100.64.0.97/27
- 2a09:6841:0:200::/56
- fe80::1/10
client-4:
- 100.64.0.129/27
- 2a09:6841:0:300::/56
- fe80::1/10
roles:
- keepalived
...

View file

@ -30,6 +30,14 @@
user: grafana user: grafana
net: 10.128.0.98/32 net: 10.128.0.98/32
method: md5 method: md5
- database: dolibarr
user: dolibarr
net: 10.128.0.236/32
method: md5
- database: rt5
user: rt5
net: 10.128.0.123/32
method: md5
databases: databases:
- nextcloud - nextcloud
- gitea - gitea
@ -37,6 +45,8 @@
- drone - drone
- netbox - netbox
- grafana - grafana
- dolibarr
- rt5
users: users:
- name: nextcloud - name: nextcloud
database: nextcloud database: nextcloud
@ -68,6 +78,16 @@
password: "{{ vault_postgresql_grafana_passwd }}" password: "{{ vault_postgresql_grafana_passwd }}"
privs: privs:
- ALL - ALL
- name: dolibarr
database: dolibarr
password: "{{ vault_postgresql_dolibarr_passwd }}"
privs:
- ALL
- name: rt5
database: rt5
password: "{{ vault_postgresql_rt5_passwd }}"
privs:
- ALL
update_motd: update_motd:
postgresql: PostgreSQL est déployé. postgresql: PostgreSQL est déployé.
roles: roles:
@ -100,12 +120,17 @@
user: cas user: cas
net: 10.128.0.150/32 net: 10.128.0.150/32
method: md5 method: md5
- database: appservice-discord
user: appservice-discord
net: 10.128.0.150/32
method: md5
databases: databases:
- synapse - synapse
- codimd - codimd
- etherpad - etherpad
- kanboard - kanboard
- cas - cas
- appservice-discord
users: users:
- name: synapse - name: synapse
database: synapse database: synapse
@ -132,6 +157,11 @@
password: "{{ vault_postgresql_cas_passwd }}" password: "{{ vault_postgresql_cas_passwd }}"
privs: privs:
- ALL - ALL
- name: appservice-discord
database: appservice-discord
password: "{{ vault_postgresql_appservice_discord_passwd }}"
privs:
- ALL
update_motd: update_motd:
postgresql: PostgreSQL est déployé. postgresql: PostgreSQL est déployé.
roles: roles:

View file

@ -7,13 +7,17 @@
snmp_switch_community: "{{ vault_snmp_switch_community }}" snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}" snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}" snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
# Prometheus targets.json prometheus_servers_targets: |
prometheus_targets:
- targets: |
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }} {{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
prometheus_unifi_snmp_targets: prometheus_unifi_snmp_targets: |
- targets: "{{ groups['fleming_unifi'] | list | sort }}" {{ groups['fleming_unifi'] | list | sort }}
prometheus_ilo_snmp_targets: |
{{ groups['fleming_ilo'] | list | sort }}
update_motd: update_motd:
prometheus: >- prometheus: >-
Prometheus (en configuration fleming) est déployé (/etc/prometheus). Prometheus (en configuration fleming) est déployé (/etc/prometheus).
@ -28,16 +32,20 @@
snmp_switch_community: "{{ vault_snmp_switch_community }}" snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}" snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}" snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
# Prometheus targets.json prometheus_servers_targets: |
prometheus_targets:
- targets: |
{{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }} {{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
prometheus_unifi_snmp_targets: prometheus_unifi_snmp_targets: |
- targets: "{{ groups['pacaterie_unifi'] | list | sort }}" {{ groups['pacaterie_unifi'] | list | sort }}
prometheus_ups_snmp_targets: prometheus_ups_snmp_targets:
- ups-pn-1.ups.auro.re - ups-pn-1.ups.auro.re
- ups-ps-1.ups.auro.re - ups-ps-1.ups.auro.re
prometheus_ilo_snmp_targets: |
{{ groups['pacaterie_ilo'] | list | sort }}
update_motd: update_motd:
prometheus: >- prometheus: >-
Prometheus (en configuration pacaterie) est déployé (/etc/prometheus). Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
@ -52,18 +60,21 @@
snmp_switch_community: "{{ vault_snmp_switch_community }}" snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}" snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}" snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
# Prometheus targets.json
prometheus_ups_snmp_targets: prometheus_ups_snmp_targets:
- ups-ec-1.ups.auro.re - ups-ec-1.ups.auro.re
- ups-ec-2.ups.auro.re # - ups-ec-2.ups.auro.re
- ups-ec-3.ups.auro.re - ups-ec-3.ups.auro.re
prometheus_servers_targets: |
prometheus_targets:
- targets: |
{{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }} {{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
prometheus_unifi_snmp_targets: prometheus_unifi_snmp_targets: |
- targets: "{{ groups['edc_unifi'] | list | sort }}" {{ groups['edc_unifi'] | list | sort }}
prometheus_ilo_snmp_targets: |
{{ groups['edc_ilo'] | list | sort }}
update_motd: update_motd:
prometheus: >- prometheus: >-
Prometheus (en configuration edc) est déployé (/etc/prometheus). Prometheus (en configuration edc) est déployé (/etc/prometheus).
@ -78,17 +89,21 @@
snmp_switch_community: "{{ vault_snmp_switch_community }}" snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}" snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}" snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
# Prometheus targets.json prometheus_servers_targets: |
prometheus_targets:
- targets: |
{{ groups['gs_pve'] + groups['gs_vm'] | list | sort }} {{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
prometheus_unifi_snmp_targets: prometheus_unifi_snmp_targets: |
- targets: "{{ groups['gs_unifi'] | list | sort }}" {{ groups['gs_unifi'] | list | sort }}
prometheus_ups_snmp_targets: prometheus_ups_snmp_targets:
- ups-gk-1.ups.auro.re - ups-gk-1.ups.auro.re
prometheus_pdu_snmp_targets: prometheus_apc_pdu_snmp_targets:
- pdu-ga-1.ups.auro.re - pdu-ga-1.ups.auro.re
prometheus_ilo_snmp_targets: |
{{ groups['gs_ilo'] | list | sort }}
update_motd: update_motd:
prometheus: >- prometheus: >-
Prometheus (en configuration gs) est déployé (/etc/prometheus). Prometheus (en configuration gs) est déployé (/etc/prometheus).
@ -103,17 +118,20 @@
snmp_switch_community: "{{ vault_snmp_switch_community }}" snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}" snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}" snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
# Prometheus targets.json
prometheus_ups_snmp_targets: prometheus_ups_snmp_targets:
- ups-r3-1.ups.auro.re - ups-r3-1.ups.auro.re
- ups-r1-1.ups.auro.re - ups-r1-1.ups.auro.re
prometheus_servers_targets: |
prometheus_targets:
- targets: |
{{ groups['rives_pve'] + groups['rives_vm'] | list | sort }} {{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
prometheus_unifi_snmp_targets: prometheus_unifi_snmp_targets: |
- targets: "{{ groups['rives_unifi'] | list | sort }}" {{ groups['rives_unifi'] | list | sort }}
prometheus_ilo_snmp_targets: |
{{ groups['rives_ilo'] | list | sort }}
update_motd: update_motd:
prometheus: >- prometheus: >-
Prometheus (en configuration rives) est déployé (/etc/prometheus). Prometheus (en configuration rives) est déployé (/etc/prometheus).
@ -128,16 +146,15 @@
snmp_switch_community: "{{ vault_snmp_switch_community }}" snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}" snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}" snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
# Prometheus targets.json prometheus_servers_targets: |
prometheus_targets:
- targets: |
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }} {{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
prometheus_postgres_targets: prometheus_postgresql_targets: |
- targets: |
{{ groups['bdd'] + groups['radius'] | list | sort }} {{ groups['bdd'] + groups['radius'] | list | sort }}
prometheus_switch_snmp_targets: prometheus_switch_snmp_targets:
- targets:
- yggdrasil.switch.auro.re - yggdrasil.switch.auro.re
- sw-pn-serveurs.switch.auro.re - sw-pn-serveurs.switch.auro.re
- sw-ec-serveurs.switch.auro.re - sw-ec-serveurs.switch.auro.re
@ -152,6 +169,9 @@
- sw-ec-core.switch.auro.re - sw-ec-core.switch.auro.re
- sw-gk-core.switch.auro.re - sw-gk-core.switch.auro.re
- sw-r3-core.switch.auro.re - sw-r3-core.switch.auro.re
prometheus_ilo_snmp_targets: |
{{ groups['aurore_ilo'] | list | sort }}
update_motd: update_motd:
prometheus: >- prometheus: >-
Prometheus (en configuration aurore) est déployé (/etc/prometheus). Prometheus (en configuration aurore) est déployé (/etc/prometheus).
@ -166,16 +186,17 @@
snmp_switch_community: "{{ vault_snmp_switch_community }}" snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}" snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}" snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
# Prometheus targets.json prometheus_servers_targets: |
prometheus_targets:
- targets: |
{{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }} {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
prometheus_postgres_targets: prometheus_postgresql_targets:
- targets:
- bdd-ovh.adm.auro.re - bdd-ovh.adm.auro.re
prometheus_docker_targets: prometheus_docker_targets:
- docker-ovh.adm.auro.re - docker-ovh.adm.auro.re
update_motd: update_motd:
prometheus: >- prometheus: >-
Prometheus (en configuration ovh) est déployé (/etc/prometheus). Prometheus (en configuration ovh) est déployé (/etc/prometheus).
@ -189,9 +210,11 @@
snmp_unifi_password: "{{ vault_snmp_unifi_password }}" snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}" snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}" snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
# Prometheus targets.json prometheus_servers_targets:
prometheus_targets:
- prometheus-edc.adm.auro.re - prometheus-edc.adm.auro.re
- prometheus-gs.adm.auro.re - prometheus-gs.adm.auro.re
- prometheus-fleming.adm.auro.re - prometheus-fleming.adm.auro.re
@ -199,6 +222,7 @@
- prometheus-rives.adm.auro.re - prometheus-rives.adm.auro.re
- prometheus-aurore.adm.auro.re - prometheus-aurore.adm.auro.re
- prometheus-ovh.adm.auro.re - prometheus-ovh.adm.auro.re
update_motd: update_motd:
prometheus_federate: >- prometheus_federate: >-
Prometheus (en configuration fédération) est déployé (/etc/prometheus). Prometheus (en configuration fédération) est déployé (/etc/prometheus).

9
playbooks/root.yml Executable file
View file

@ -0,0 +1,9 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all,!unifi
vars:
root_shell: /bin/bash
root_password: "{{ vault_root_password }}"
roles:
- root_account
...

14
playbooks/ssh.yml Executable file
View file

@ -0,0 +1,14 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all,!unifi
vars:
openssh_users_ca_public_key:
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\
hBIpT7d7WeR88bs53KkNkZNOzkPJ7CQ5Ui6Wl9LXzAjjIdH+hKJieBMHrKew7+kzxGYaTqXW\
F1fQWsACG6aniy7VZpsdgTaNw7qr9frGfmo950V7IlU6w1HRc5c+3oVBWpg=="
openssh_authorized_principals:
- any
- "{{ inventory_hostname }}"
roles:
- openssh_server
...

View file

@ -4,8 +4,13 @@
Description=Timer for borgmatic backup Description=Timer for borgmatic backup
[Timer] [Timer]
{% if borg_keep_hourly > 0 %}
OnCalendar=hourly OnCalendar=hourly
RandomizedDelaySec=60m RandomizedDelaySec=60m
{% else %}
OnCalendar=daily
RandomizedDelaySec=24h
{% endif %}
FixedRandomDelay=true FixedRandomDelay=true
[Install] [Install]

View file

@ -0,0 +1,11 @@
---
chronyd__pools: []
chronyd__key_file: /etc/chrony/chrony.keys
chronyd__drift_file: /var/lib/chrony/chrony.drift
chronyd__nts_dump_dir: /var/lib/chrony
chronyd__log_dir: /var/log/chrony
chronyd__max_update_skew: 100.0
chronyd__rtcsync: true
chronyd__allow_networks: []
chronyd__log_change_seconds: 0.5
...

View file

@ -0,0 +1,6 @@
---
- name: Restart chronyd
systemd:
name: chrony.service
state: restarted
...

View file

@ -0,0 +1,32 @@
---
- name: Uninstall ntp and sntp
apt:
name:
- sntp
- ntp
- systemd-timesyncd
state: absent
- name: Install chronyd
apt:
name: chrony
- name: Configure chronyd
template:
src: "{{ item }}.j2"
dest: "/etc/chrony/{{ item }}"
owner: root
group: root
mode: u=rw,g=r,o=
loop:
- chrony.conf
- chrony.keys
notify:
- Restart chronyd
- name: Enable and start chronyd
systemd:
name: chrony.service
enabled: true
state: started
...

View file

@ -0,0 +1,30 @@
{{ ansible_managed | comment }}
{% for pool in chronyd__pools %}
pool {{ pool }} iburst
{% endfor %}
keyfile {{ chronyd__key_file }}
driftfile {{ chronyd__drift_file }}
ntsdumpdir {{ chronyd__nts_dump_dir }}
logdir {{ chronyd__log_dir }}
log tracking measurements statistics
maxupdateskew {{ chronyd__max_update_skew | float }}
{% if chronyd__rtcsync %}
rtcsync
{% endif %}
{% if chronyd__local_stratum is defined %}
local stratum {{ chronyd__local_stratum | int }}
{% endif %}
logchange {{ chronyd__log_change_seconds | float }}
leapsectz right/UTC
{% for network in chronyd__allow_networks %}
allow {{ network | ipaddr }}
{% endfor %}

View file

@ -0,0 +1 @@
{{ ansible_managed | comment }}

View file

@ -0,0 +1,3 @@
---
ifupdown2__interfaces: {}
...

View file

@ -0,0 +1,9 @@
---
- name: Restart networking
systemd:
name: networking.service
state: restarted
- name: Bring all interfaces up
shell: /usr/sbin/ifup -a
...

View file

@ -0,0 +1,42 @@
---
- name: Gather package facts
package_facts:
manager: apt
- name: Check if ifupdown2 is installed
set_fact:
must_mask: "{{ 'ifupdown2' not in ansible_facts.packages }}"
- name: Mask networking before installing ifupdown2
systemd:
name: networking.service
masked: true
when: must_mask
- name: Install ifupdown2
apt:
name: ifupdown2
- name: Unmask networking now that ifupdown2 is installed
systemd:
name: networking.service
masked: false
when: must_mask
- name: Configure ifupdown2
template:
src: interfaces.j2
dest: /etc/network/interfaces
owner: root
group: root
mode: u=rw,g=r,o=
notify:
- Restart networking
- Bring all interfaces up
- name: Enable and start networking
systemd:
name: networking.service
state: started
enabled: true
...

View file

@ -0,0 +1,41 @@
{{ ansible_managed | comment }}
{% for name, iface in ifupdown2__interfaces.items() %}
auto {{ name }}
iface {{ name }}
{% for address in iface.addresses | default([]) %}
address {{ address | ipaddr }}
{% endfor %}
{% for gateway in iface.gateways | default([]) %}
gateway {{ gateway | ipaddr }}
{% endfor %}
{% if iface.bridge_ports is defined %}
bridge-ports {{ iface.bridge_ports | join(" ") }}
{% endif %}
{% if iface.bridge_vlan_aware is defined %}
bridge-vlan-aware {{ iface.bridge_vlan_aware
| ternary("yes", "no") }}
{% endif %}
{% if iface.bridge_vids is defined %}
bridge-vids {{ iface.bridge_vids | join(",") }}
{% endif %}
{% if iface.vlan_id is defined %}
vlan-id {{ iface.vlan_id | int }}
{% endif %}
{% if iface.vlan_raw_device is defined %}
vlan-raw-device {{ iface.vlan_raw_device }}
{% endif %}
{% if iface.bridge_disable_pvid | default(false) %}
bridge-pvid 0
post-up bridge vlan del dev {{ name }} vid 1 self
{% endif %}
{% if iface.forward | default(false) %}
ip-forward yes
ip6-forward yes
{% endif %}
{% if iface.ipv6_addrgen is defined %}
ipv6-addrgen {{ iface.ipv6_addrgen
| ternary("yes", "no") }}
{% endif %}
{% endfor %}

View file

@ -0,0 +1,7 @@
---
keepalived__virtual_addresses: {}
keepalived__notify_master: []
keepalived__notify_backup: []
keepalived__notify_fault: []
keepalived__max_auto_priority: -1
...

View file

@ -0,0 +1,6 @@
---
- name: Reload keepalived
systemd:
name: keepalived.service
state: reloaded
...

View file

@ -0,0 +1,28 @@
---
- name: Install keepalived
apt:
name: keepalived
- name: Configure keepalived
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
loop:
- src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
mode: u=rw,g=,o=
- src: notify.sh.j2
dest: /etc/keepalived/notify.sh
mode: u=rwx,g=,o=
notify:
- Reload keepalived
- name: Enable and start keepalived
systemd:
name: keepalived
enabled: true
state: started
...

View file

@ -0,0 +1,92 @@
{{ ansible_managed | comment }}
global_defs {
dynamic_interfaces
script_user root
enable_script_security
vrrp_version 3
{% if keepalived__max_auto_priority is defined %}
max_auto_priority {{ keepalived__max_auto_priority | int }}
{% endif %}
}
{%
set ipv4_enabled =
keepalived__ipv4_enabled
| default(keepalived__virtual_addresses.values()
| flatten | ansible.utils.ipv4)
%}
{%
set ipv6_enabled =
keepalived__ipv6_enabled
| default(keepalived__virtual_addresses.values()
| flatten | ansible.utils.ipv6)
%}
{% if ipv4_enabled and ipv6_enabled %}
vrrp_sync_group group {
group {
{% if ipv4_enabled %}
instance_v4
{% endif %}
{% if ipv6_enabled %}
instance_v6
{% endif %}
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
{% endif %}
{% if ipv4_enabled %}
vrrp_instance instance_v4 {
virtual_router_id {{ keepalived__virtual_router_id | int }}
interface {{ keepalived__interface }}
state BACKUP
priority 250
nopreempt
advert_int 1
accept
virtual_ipaddress {
{% for dev, addresses in keepalived__virtual_addresses.items() %}
{% for address in addresses %}
{% if address | ansible.utils.ipv4 %}
{{ address }} dev {{ dev }}
{% endif %}
{% endfor %}
{% endfor %}
}
{% if not (ipv4_enabled and ipv6_enabled) %}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
{% endif %}
}
{% endif %}
{% if ipv6_enabled %}
vrrp_instance instance_v6 {
virtual_router_id {{ keepalived__virtual_router_id | int }}
interface {{ keepalived__interface }}
state BACKUP
priority 250
nopreempt
advert_int 1
accept
virtual_ipaddress {
{% for dev, addresses in keepalived__virtual_addresses.items() %}
{% for address in addresses | ipaddr_sort(["link-local"]) %}
{% if address | ansible.utils.ipv6 %}
{{ address }} dev {{ dev }}
{% endif %}
{% endfor %}
{% endfor %}
}
{% if not (ipv4_enabled and ipv6_enabled) %}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
{% endif %}
}
{% endif %}

View file

@ -0,0 +1,33 @@
#!/bin/bash
master=(
{% for notify in keepalived__notify_master %}
{{ notify | quote }}
{% endfor %}
)
backup=(
{% for notify in keepalived__notify_backup %}
{{ notify | quote }}
{% endfor %}
)
fault=(
{% for notify in keepalived__notify_fault %}
{{ notify | quote }}
{% endfor %}
)
case "$1" in
master | backup | fault)
scripts="$1[@]"
;;
*)
echo "Usage: $0 (master|backup|fault)" >&2
exit 1
esac
for script in "${!scripts}"
do
eval "${script}"
done

View file

@ -0,0 +1,4 @@
---
openssh_authorized_principals:
- any
...

View file

@ -0,0 +1,6 @@
---
- name: Restart sshd
systemd:
name: ssh.service
state: restarted
...

View file

@ -0,0 +1,39 @@
---
- name: Install OpenSSH server
apt:
name: openssh-server
- name: Enable OpenSSH Server
systemd:
name: ssh.service
enabled: true
state: started
- name: Install sshd configuration file
template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: u=r,g=,o=
validate: "/usr/sbin/sshd -tf %s"
notify: Restart sshd
- name: Install Users CA public key
copy:
content: "{{ openssh_users_ca_public_key }}"
dest: /etc/ssh/users_ca.pub
owner: root
group: root
mode: u=r,g=,o=
notify: Restart sshd
- name: Install authorized principals file
copy:
content: "{{ openssh_authorized_principals | join('\n') }}"
dest: /etc/ssh/authorized_principals
owner: root
group: root
mode: u=r,g=,o=
notify: Restart sshd
...

View file

@ -0,0 +1,45 @@
{{ ansible_managed | comment }}
SyslogFacility AUTH
LogLevel VERBOSE
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::
Port 22
MaxStartups 10:30:100
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
# https://infosec.mozilla.org/guidelines/openssh.html
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
AuthenticationMethods publickey
TrustedUserCAKeys /etc/ssh/users_ca.pub
AuthorizedPrincipalsFile /etc/ssh/authorized_principals
StrictModes yes
UsePAM no
PermitRootLogin yes
PermitUserRC no
PermitUserEnvironment no
AllowAgentForwarding no
AllowTcpForwarding yes
X11Forwarding no
PermitTTY yes
PermitTunnel no
VersionAddendum none
PrintLastLog yes
PrintMotd yes
TCPKeepAlive yes
UseDNS no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO

View file

@ -38,10 +38,10 @@
loop: loop:
- server.rules.yml - server.rules.yml
- docker.rules.yml - docker.rules.yml
- django.rules.yml
- ups.rules.yml - ups.rules.yml
- postgres.rules.yml - postgres.rules.yml
- environmental.rules.yml - environmental.rules.yml
- ilo.rules.yml
notify: Restart Prometheus notify: Restart Prometheus
- name: Make Prometheus snmp-exporter listen on localhost only - name: Make Prometheus snmp-exporter listen on localhost only
@ -63,56 +63,6 @@
- snmp.yml - snmp.yml
notify: Restart prometheus-snmp-exporter notify: Restart prometheus-snmp-exporter
# We don't need to restart Prometheus when updating nodes
- name: Configure Prometheus nodes
copy:
content: "{{ prometheus_targets | to_nice_json }}"
dest: /etc/prometheus/targets.json
mode: 0644
# We don't need to restart Prometheus when updating nodes
- name: Configure Prometheus Ubiquity Unifi SNMP devices
copy:
content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}"
dest: /etc/prometheus/targets_unifi_snmp.json
mode: 0644
when: prometheus_unifi_snmp_targets is defined
- name: Configure Prometheus Switchs
copy:
content: "{{ prometheus_switch_snmp_targets | to_nice_json }}"
dest: /etc/prometheus/targets_switch_snmp.json
mode: 0644
when: prometheus_switch_snmp_targets is defined
- name: Configure Prometheus UPS SNMP devices
copy:
content: "{{ [{'targets': prometheus_ups_snmp_targets }] | to_nice_json }}\n"
dest: /etc/prometheus/targets_ups_snmp.json
mode: 0644
when: prometheus_ups_snmp_targets is defined
- name: Configure Prometheus docker monitoring
copy:
content: "{{ [{'targets': prometheus_docker_targets }] | to_nice_json }}\n"
dest: /etc/prometheus/targets_docker.json
mode: 0644
when: prometheus_docker_targets is defined
- name: Configure Prometheus postgres monitoring
copy:
content: "{{ prometheus_postgres_targets | to_nice_json }}\n"
dest: /etc/prometheus/targets_postgres.json
mode: 0644
when: prometheus_postgres_targets is defined
- name: Configure Prometheus apc_pdu monitoring
copy:
content: "{{ [{'targets': prometheus_pdu_snmp_targets }] | to_nice_json }}\n"
dest: /etc/prometheus/targets_apc_pdu_snmp.json
mode: 0644
when: prometheus_pdu_snmp_targets is defined
- name: Activate prometheus service - name: Activate prometheus service
systemd: systemd:
name: prometheus name: prometheus

View file

@ -1,106 +0,0 @@
# {{ ansible_managed }}
{# As this is also Jinja2 it will conflict without a raw block #}
{% raw %}
groups:
- name: django.rules
rules:
- record: job:django_http_requests_before_middlewares_total:sum_rate30s
expr: sum(rate(django_http_requests_before_middlewares_total[30s])) BY (job)
- record: job:django_http_requests_unknown_latency_total:sum_rate30s
expr: sum(rate(django_http_requests_unknown_latency_total[30s])) BY (job)
- record: job:django_http_ajax_requests_total:sum_rate30s
expr: sum(rate(django_http_ajax_requests_total[30s])) BY (job)
- record: job:django_http_responses_before_middlewares_total:sum_rate30s
expr: sum(rate(django_http_responses_before_middlewares_total[30s])) BY (job)
- record: job:django_http_requests_unknown_latency_including_middlewares_total:sum_rate30s
expr: sum(rate(django_http_requests_unknown_latency_including_middlewares_total[30s]))
BY (job)
- record: job:django_http_requests_body_total_bytes:sum_rate30s
expr: sum(rate(django_http_requests_body_total_bytes[30s])) BY (job)
- record: job:django_http_responses_streaming_total:sum_rate30s
expr: sum(rate(django_http_responses_streaming_total[30s])) BY (job)
- record: job:django_http_responses_body_total_bytes:sum_rate30s
expr: sum(rate(django_http_responses_body_total_bytes[30s])) BY (job)
- record: job:django_http_requests_total:sum_rate30s
expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job)
- record: job:django_http_requests_total_by_method:sum_rate30s
expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job, method)
- record: job:django_http_requests_total_by_transport:sum_rate30s
expr: sum(rate(django_http_requests_total_by_transport[30s])) BY (job, transport)
- record: job:django_http_requests_total_by_view:sum_rate30s
expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job,
view)
- record: job:django_http_requests_total_by_view_transport_method:sum_rate30s
expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job,
view, transport, method)
- record: job:django_http_responses_total_by_templatename:sum_rate30s
expr: sum(rate(django_http_responses_total_by_templatename[30s])) BY (job, templatename)
- record: job:django_http_responses_total_by_status:sum_rate30s
expr: sum(rate(django_http_responses_total_by_status[30s])) BY (job, status)
- record: job:django_http_responses_total_by_charset:sum_rate30s
expr: sum(rate(django_http_responses_total_by_charset[30s])) BY (job, charset)
- record: job:django_http_exceptions_total_by_type:sum_rate30s
expr: sum(rate(django_http_exceptions_total_by_type[30s])) BY (job, type)
- record: job:django_http_exceptions_total_by_view:sum_rate30s
expr: sum(rate(django_http_exceptions_total_by_view[30s])) BY (job, view)
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "50"
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "95"
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "99"
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "99.9"
- record: job:django_http_requests_latency_seconds:quantile_rate30s
expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "50"
- record: job:django_http_requests_latency_seconds:quantile_rate30s
expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "95"
- record: job:django_http_requests_latency_seconds:quantile_rate30s
expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "99"
- record: job:django_http_requests_latency_seconds:quantile_rate30s
expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
BY (job, le))
labels:
quantile: "99.9"
- record: job:django_model_inserts_total:sum_rate1m
expr: sum(rate(django_model_inserts_total[1m])) BY (job, model)
- record: job:django_model_updates_total:sum_rate1m
expr: sum(rate(django_model_updates_total[1m])) BY (job, model)
- record: job:django_model_deletes_total:sum_rate1m
expr: sum(rate(django_model_deletes_total[1m])) BY (job, model)
- record: job:django_db_new_connections_total:sum_rate30s
expr: sum(rate(django_db_new_connections_total[30s])) BY (alias, vendor)
- record: job:django_db_new_connection_errors_total:sum_rate30s
expr: sum(rate(django_db_new_connection_errors_total[30s])) BY (alias, vendor)
- record: job:django_db_execute_total:sum_rate30s
expr: sum(rate(django_db_execute_total[30s])) BY (alias, vendor)
- record: job:django_db_execute_many_total:sum_rate30s
expr: sum(rate(django_db_execute_many_total[30s])) BY (alias, vendor)
- record: job:django_db_errors_total:sum_rate30s
expr: sum(rate(django_db_errors_total[30s])) BY (alias, vendor, type)
- record: job:django_migrations_applied_total:max
expr: max(django_migrations_applied_total) BY (job, connection)
- record: job:django_migrations_unapplied_total:max
expr: max(django_migrations_unapplied_total) BY (job, connection)
{% endraw %}

View file

@ -0,0 +1,83 @@
---
{{ ansible_managed | comment }}
{% macro raw(string) -%}
{{ "{{" }} {{ string }} {{ "}}" }}
{%- endmacro %}
groups:
- name: ilo.rules
rules:
- alert: IloResilientMemoryDegraded
expr: cpqHeResilientMemCondition{cpqHeResilientMemCondition!~"ok|other"} == 1
for: 3m
labels:
severity: warning
annotations:
summary: >-
La mémoire vive n'est plus résiliente
({{ raw('$labels.cpqHeResilientMemCondition') }})
- alert: IloBiosSelfTestDegraded
expr: cpqHeHWBiosCondition{cpqHeHWBiosCondition!~"ok|other"} == 1
for: 3m
labels:
severity: critical
annotations:
summary: >-
Une erreur a été détectée lors du POST du serveur
({{ raw('$labels.cpqHeHWBiosCondition') }})
- alert: IloBatteryDegraded
expr: cpqHeSysBatteryCondition{cpqHeSysBatteryCondition!~"ok|other"} == 1
for: 3m
labels:
severity: warning
annotations:
summary: >-
La batterie est dégradée
({{ raw('$labels.cpqHeSysBatteryCondition') }})
- alert: IloTemperatureSensorDegraded
expr: cpqHeTemperatureCondition{cpqHeTemperatureCondition!~"ok|other"} == 1
for: 3m
labels:
severity: critical
annotations:
summary: >-
Le capteur de température est dégradé
({{ raw('$labels.cpqHeTemperatureCondition') }})
- alert: IloFanDegraded
expr: cpqHeFltTolFanCondition{cpqHeFltTolFanCondition!~"ok|other"} == 1
for: 3m
labels:
severity: critical
annotations:
summary: >-
Le ventilateur est dégradé
({{ raw('$labels.cpqHeFltTolFanCondition') }})
- alert: IloPowerSupplyDegraded
expr: cpqHeFltTolPowerSupplyStatus{cpqHeFltTolPowerSupplyStatus!="noError"} == 1
for: 3m
labels:
severity: critical
annotations:
summary: >-
L'alimentation est dégradée
({{ raw('$labels.cpqHeFltTolPowerSupplyStatus') }})
- alert: IloOverrideSwitchState
expr: cpqSm2CntlriLOSecurityOverrideSwitchState{cpqSm2CntlriLOSecurityOverrideSwitchState="set"} == 1
for: 3m
labels:
severity: critical
annotations:
summary: >-
Le switch de réinitialisation n'est pas à l'état d'origine,
l'authentification est bypassée
...

View file

@ -112,7 +112,7 @@ groups:
rate(pg_stat_database_xact_rollback{datname!~"template.*"}[3m]) / rate(pg_stat_database_xact_rollback{datname!~"template.*"}[3m]) /
rate(pg_stat_database_xact_commit{datname!~"template.*"}[3m]) rate(pg_stat_database_xact_commit{datname!~"template.*"}[3m])
) * 100 ) * 100
> 7 > 20
for: 0m for: 0m
labels: labels:
severity: warning severity: warning

View file

@ -25,17 +25,15 @@ rule_files:
# A scrape configuration containing exactly one endpoint to scrape: # A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself. # Here it's Prometheus itself.
scrape_configs: scrape_configs:
# The .json in file_sd_configs is dynamically reloaded
- job_name: prometheus - job_name: prometheus
static_configs: static_configs:
- targets: - targets:
- localhost:9090 - localhost:9090
{% if prometheus_servers_targets is defined %}
- job_name: servers - job_name: servers
file_sd_configs: static_configs:
- files: - targets: {{ prometheus_servers_targets | to_json }}
- '/etc/prometheus/targets.json'
relabel_configs: relabel_configs:
# Do not put :9100 in instance name, rather here # Do not put :9100 in instance name, rather here
- source_labels: [__address__] - source_labels: [__address__]
@ -45,11 +43,12 @@ scrape_configs:
- source_labels: [__param_target] - source_labels: [__param_target]
target_label: __address__ target_label: __address__
replacement: '$1:9100' replacement: '$1:9100'
{% endif %}
{% if prometheus_unifi_snmp_targets is defined %}
- job_name: unifi_snmp - job_name: unifi_snmp
file_sd_configs: static_configs:
- files: - targets: {{ prometheus_unifi_snmp_targets | to_json }}
- '/etc/prometheus/targets_unifi_snmp.json'
metrics_path: /snmp metrics_path: /snmp
params: params:
module: [ubiquiti_unifi] module: [ubiquiti_unifi]
@ -60,16 +59,12 @@ scrape_configs:
target_label: instance target_label: instance
- target_label: __address__ - target_label: __address__
replacement: 127.0.0.1:9116 replacement: 127.0.0.1:9116
{% endif %}
- job_name: django {% if prometheus_ups_snmp_targets is defined %}
scheme: https
static_configs:
- targets: []
- job_name: ups_snmp - job_name: ups_snmp
file_sd_configs: static_configs:
- files: - targets: {{ prometheus_ups_snmp_targets | to_json }}
- '/etc/prometheus/targets_ups_snmp.json'
metrics_path: /snmp metrics_path: /snmp
params: params:
module: [eatonups] module: [eatonups]
@ -80,11 +75,12 @@ scrape_configs:
target_label: instance target_label: instance
- target_label: __address__ - target_label: __address__
replacement: 127.0.0.1:9116 replacement: 127.0.0.1:9116
{% endif %}
{% if prometheus_switch_snmp_targets is defined %}
- job_name: switch_snmp - job_name: switch_snmp
file_sd_configs: static_configs:
- files: - targets: {{ prometheus_switch_snmp_targets | to_json }}
- "/etc/prometheus/targets_switch_snmp.json"
metrics_path: /snmp metrics_path: /snmp
params: params:
module: [procurve_switch] module: [procurve_switch]
@ -95,11 +91,12 @@ scrape_configs:
target_label: instance target_label: instance
- target_label: __address__ - target_label: __address__
replacement: 127.0.0.1:9116 replacement: 127.0.0.1:9116
{% endif %}
{% if prometheus_docker_targets is defined %}
- job_name: docker - job_name: docker
file_sd_configs: static_configs:
- files: - targets: {{ prometheus_docker_targets | to_json }}
- '/etc/prometheus/targets_docker.json'
relabel_configs: relabel_configs:
# Do not put :8087 in instance name, rather here # Do not put :8087 in instance name, rather here
- source_labels: [__address__] - source_labels: [__address__]
@ -109,11 +106,12 @@ scrape_configs:
- source_labels: [__param_target] - source_labels: [__param_target]
target_label: __address__ target_label: __address__
replacement: '$1:8087' replacement: '$1:8087'
{% endif %}
{% if prometheus_postgresql_targets is defined %}
- job_name: postgresql - job_name: postgresql
file_sd_configs: static_configs:
- files: - targets: {{ prometheus_postgresql_targets | to_json }}
- '/etc/prometheus/targets_postgres.json'
relabel_configs: relabel_configs:
# Do not put :9187 in instance name, rather here # Do not put :9187 in instance name, rather here
- source_labels: [__address__] - source_labels: [__address__]
@ -123,11 +121,12 @@ scrape_configs:
- source_labels: [__param_target] - source_labels: [__param_target]
target_label: __address__ target_label: __address__
replacement: '$1:9187' replacement: '$1:9187'
{% endif %}
{% if prometheus_apc_pdu_snmp_targets is defined %}
- job_name: apc_pdu_snmp - job_name: apc_pdu_snmp
file_sd_configs: static_configs:
- files: - targets: {{ prometheus_apc_pdu_snmp_targets | to_json }}
- '/etc/prometheus/targets_apc_pdu_snmp.json'
metrics_path: /snmp metrics_path: /snmp
params: params:
module: module:
@ -139,5 +138,23 @@ scrape_configs:
target_label: instance target_label: instance
- target_label: __address__ - target_label: __address__
replacement: 127.0.0.1:9116 replacement: 127.0.0.1:9116
{% endif %}
{% if prometheus_ilo_snmp_targets is defined %}
- job_name: ilo_snmp
static_configs:
- targets: {{ prometheus_ilo_snmp_targets | to_json }}
metrics_path: /snmp
params:
module:
- ilo
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9116
{% endif %}
... ...

View file

@ -10,23 +10,20 @@ groups:
- name: server.rules - name: server.rules
rules: rules:
- alert: InstanceDown - alert: MachineDown
expr: up{instance!~".*.borne.auro.re$"} == 0 expr: up{instance!~".*.borne.auro.re$"} == 0
for: 3m for: 3m
labels: labels:
severity: critical severity: critical
annotations: annotations:
summary: >- summary: >-
Invisible depuis plus de 3 minutes Le collecteur {{ raw('$labels.job') }} ne marche plus
- alert: AccessPointDown - alert: AccessPointDown
expr: up{instance=~".*.borne.auro.re$"} == 0 expr: up{instance=~".*.borne.auro.re$"} == 0
for: 3m for: 3m
labels: labels:
severity: warning severity: warning
annotations:
summary: >-
Invisible depuis plus de 3 minutes
- alert: OutOfMemory - alert: OutOfMemory
expr: >- expr: >-
@ -56,8 +53,7 @@ groups:
severity: warning severity: warning
annotations: annotations:
summary: >- summary: >-
La mémoire swap est utilisée à La mémoire swap est utilisée à {{ raw('$value | printf "%.1f"') }}%
{{ raw('$value | printf "%.1f"') }}%
- alert: HostPhysicalComponentTooHot - alert: HostPhysicalComponentTooHot
expr: node_hwmon_temp_celsius > 79 expr: node_hwmon_temp_celsius > 79
@ -156,24 +152,5 @@ groups:
labels: labels:
severity: "critical" severity: "critical"
annotations: annotations:
summary: > summary: "Le Disque {{ raw('$labels.disk') }} n'est pas en bonne santé !"
Le disque {{ raw('$labels.disk') }} n'est pas en bonne santé
- alert: AptUpgradesPending
expr: sum by (instance) (apt_upgrades_pending) > 0
for: 10m
labels:
severity: warning
annotations:
summary: >
Des mises à jour de paquets sont en attente
- alert: RebootRequired
expr: node_reboot_required == 1
for: 10m
labels:
severity: warning
annotations:
summary: >
Un redémarrage est nécessaire
... ...

View file

@ -482,4 +482,227 @@ apc_pdu:
priv_protocol: AES priv_protocol: AES
priv_password: {{ snmp_pdu_password }} priv_password: {{ snmp_pdu_password }}
ilo:
walk:
- 1.3.6.1.4.1.232.6.2.14.4 # Resilient memory
- 1.3.6.1.4.1.232.6.2.15.3 # Power meter
- 1.3.6.1.4.1.232.6.2.16.1 # POST tests
- 1.3.6.1.4.1.232.6.2.17.1 # Battery
- 1.3.6.1.4.1.232.6.2.6.8.1.3 # Temperature sensors location
- 1.3.6.1.4.1.232.6.2.6.8.1.4 # Temperature sensors value
- 1.3.6.1.4.1.232.6.2.6.8.1.5 # Temperature sensors limit
- 1.3.6.1.4.1.232.6.2.6.8.1.6 # Temperature sensors condition
- 1.3.6.1.4.1.232.6.2.6.7.1.3 # Fans location
- 1.3.6.1.4.1.232.6.2.6.7.1.9 # Fans condition
- 1.3.6.1.4.1.232.6.2.9.3.1.5 # Power supply
- 1.3.6.1.4.1.232.9.2.2 # iLO
metrics:
- name: cpqHeResilientMemCondition
oid: 1.3.6.1.4.1.232.6.2.14.4
type: EnumAsStateSet
help: The resilient memory condition - 1.3.6.1.4.1.232.6.2.14.4
enum_values:
1: other
2: ok
3: degraded
4: failed
- name: cpqHePowerMeterCurrReading
oid: 1.3.6.1.4.1.232.6.2.15.3
type: gauge
help: This is the current Power Meter reading in Watts - 1.3.6.1.4.1.232.6.2.15.3
- name: cpqHeHWBiosCondition
oid: 1.3.6.1.4.1.232.6.2.16.1
type: EnumAsStateSet
help: This value indicates an error has been detected during Pre-OS Test (POST)
or during initial hardware initialization - 1.3.6.1.4.1.232.6.2.16.1
enum_values:
1: other
2: ok
3: degraded
4: failed
- name: cpqHeSysBatteryCondition
oid: 1.3.6.1.4.1.232.6.2.17.1
type: EnumAsStateSet
help: The battery condition - 1.3.6.1.4.1.232.6.2.17.1
indexes:
- labelname: cpqHeSysBatteryChassis
type: gauge
- labelname: cpqHeSysBatteryIndex
type: gauge
enum_values:
1: other
2: ok
3: degraded
4: failed
- name: cpqHeTemperatureLocale
oid: 1.3.6.1.4.1.232.6.2.6.8.1.3
type: EnumAsInfo
help: This specifies the location of the temperature sensor present in the system.
- 1.3.6.1.4.1.232.6.2.6.8.1.3
indexes:
- labelname: cpqHeTemperatureChassis
type: gauge
- labelname: cpqHeTemperatureIndex
type: gauge
enum_values:
1: other
2: unknown
3: system
4: systemBoard
5: ioBoard
6: cpu
7: memory
8: storage
9: removableMedia
10: powerSupply
11: ambient
12: chassis
13: bridgeCard
- name: cpqHeTemperatureCelsius
oid: 1.3.6.1.4.1.232.6.2.6.8.1.4
type: gauge
help: This is the current temperature sensor reading in degrees celsius - 1.3.6.1.4.1.232.6.2.6.8.1.4
indexes:
- labelname: cpqHeTemperatureChassis
type: gauge
- labelname: cpqHeTemperatureIndex
type: gauge
- name: cpqHeTemperatureThreshold
oid: 1.3.6.1.4.1.232.6.2.6.8.1.5
type: gauge
help: This is the shutdown threshold temperature sensor setting in degrees celsius
- 1.3.6.1.4.1.232.6.2.6.8.1.5
indexes:
- labelname: cpqHeTemperatureChassis
type: gauge
- labelname: cpqHeTemperatureIndex
type: gauge
- name: cpqHeTemperatureCondition
oid: 1.3.6.1.4.1.232.6.2.6.8.1.6
type: EnumAsStateSet
help: The Temperature sensor condition - 1.3.6.1.4.1.232.6.2.6.8.1.6
indexes:
- labelname: cpqHeTemperatureChassis
type: gauge
- labelname: cpqHeTemperatureIndex
type: gauge
enum_values:
1: other
2: ok
3: degraded
4: failed
- name: cpqHeFltTolFanLocale
oid: 1.3.6.1.4.1.232.6.2.6.7.1.3
type: EnumAsInfo
help: This specifies the location of the fan present in the system.
- 1.3.6.1.4.1.232.6.2.6.7.1.3
indexes:
- labelname: cpqHeFltTolFanChassis
type: gauge
- labelname: cpqHeFltTolFanIndex
type: gauge
enum_values:
1: other
2: unknown
3: system
4: systemBoard
5: ioBoard
6: cpu
7: memory
8: storage
9: removableMedia
10: powerSupply
11: ambient
12: chassis
13: bridgeCard
- name: cpqHeFltTolFanCondition
oid: 1.3.6.1.4.1.232.6.2.6.7.1.9
type: EnumAsStateSet
help: The fan condition - 1.3.6.1.4.1.232.6.2.6.7.1.9
indexes:
- labelname: cpqHeFltTolFanChassis
type: gauge
- labelname: cpqHeFltTolFanIndex
type: gauge
enum_values:
1: other
2: ok
3: degraded
4: failed
- name: cpqHeFltTolPowerSupplyStatus
oid: 1.3.6.1.4.1.232.6.2.9.3.1.5
type: EnumAsStateSet
help: The status of the power supply. - 1.3.6.1.4.1.232.6.2.9.3.1.5
indexes:
- labelname: cpqHeFltTolPowerSupplyChassis
type: gauge
- labelname: cpqHeFltTolPowerSupplyBay
type: gauge
enum_values:
1: noError
2: generalFailure
3: bistFailure
4: fanFailure
5: tempFailure
6: interlockOpen
7: epromFailed
8: vrefFailed
9: dacFailed
10: ramTestFailed
11: voltageChannelFailed
12: orringdiodeFailed
13: brownOut
14: giveupOnStartup
15: nvramInvalid
16: calibrationTableInvalid
17: noPowerInput
- name: cpqSm2CntlrInterfaceStatus
oid: 1.3.6.1.4.1.232.9.2.2.17
type: EnumAsStateSet
help: Remote Insight/ Integrated Lights-Out Interface Status - 1.3.6.1.4.1.232.9.2.2.17
enum_values:
1: other
2: ok
3: notResponding
- name: cpqSm2CntlriLOSecurityOverrideSwitchState
oid: 1.3.6.1.4.1.232.9.2.2.27
type: EnumAsStateSet
help: Integrated Lights-Out Security Override Switch State - 1.3.6.1.4.1.232.9.2.2.27
enum_values:
1: notSupported
2: set
3: notSet
- name: cpqSm2CntlrLicenseActive
oid: 1.3.6.1.4.1.232.9.2.2.30
type: EnumAsStateSet
help: Remote Insight License State - 1.3.6.1.4.1.232.9.2.2.30
enum_values:
1: none
2: iloAdvanced
3: iloLight
4: iloAdvancedBlade
5: iloStandard
6: iloEssentials
7: iloScaleOut
8: iloAdvancedPremiumSecurity
- name: cpqSm2CntlrServerPowerState
oid: 1.3.6.1.4.1.232.9.2.2.32
type: EnumAsStateSet
help: The current power state for the server - 1.3.6.1.4.1.232.9.2.2.32
enum_values:
1: unknown
2: poweredOff
3: poweredOn
4: insufficientPowerOrPowerOnDenied
version: 3
# Reduce timeout to retry faster
timeout: 1s
auth:
security_level: authPriv
username: {{ snmp_ilo_user }}
password: {{ snmp_ilo_auth }}
auth_protocol: SHA
priv_protocol: AES
priv_password: {{ snmp_ilo_priv }}
... ...

View file

@ -34,9 +34,9 @@ scrape_configs:
- '{job="postgresql"}' - '{job="postgresql"}'
- '{job="prometheus"}' - '{job="prometheus"}'
- '{job="unifi_snmp"}' - '{job="unifi_snmp"}'
- '{job="django"}'
- '{job="ups_snmp"}' - '{job="ups_snmp"}'
- '{job="apc_pdu_snmp"}' - '{job="apc_pdu_snmp"}'
- '{job="docker"}' - '{job="docker"}'
- '{job="switch_snmp"}' - '{job="switch_snmp"}'
- '{job="ilo_snmp"}'
... ...

View file

@ -0,0 +1,9 @@
---
- name: Install resolv.conf
template:
src: resolv.conf.j2
dest: /etc/resolv.conf
owner: root
group: root
mode: u=rw,g=r,o=r
...

View file

@ -0,0 +1,11 @@
{{ ansible_managed | comment }}
{% for nameserver in resolvconf__nameservers %}
nameserver {{ nameserver | ipaddr }}
{% endfor %}
{% if resolvconf__domain is defined %}
domain {{ resolvconf__domain }}
{% endif %}
{% if resolvconf__search is defined %}
search {{ resolvconf__search | join(" ") }}
{% endif %}

View file

@ -0,0 +1,15 @@
---
- name: Set root password
user:
name: root
shell: "{{ root_shell }}"
password: "{{ root_password }}"
- name: Setup bashrc for root
template:
src: bashrc.j2
dest: /root/.bashrc
owner: root
group: root
mode: u=r,g=,o=
...

View file

@ -0,0 +1,9 @@
{{ ansible_managed | comment }}
PS1='\[\e[1;31m\]$(hostname -f)\[\e[0m\] \w \[\e[1;36m\]\$\[\e[0m\] '
export LS_OPTIONS='--color=auto'
eval "$(dircolors)"
alias ls='ls $LS_OPTIONS'
alias ll='ls $LS_OPTIONS -l'
alias l='ls $LS_OPTIONS -lA'