Switch ipv6_edge_router to quagga #8
78 changed files with 1926 additions and 425 deletions
|
@ -1,7 +1,10 @@
|
||||||
skip_list:
|
skip_list:
|
||||||
- '301'
|
- no-changed-when
|
||||||
|
- load-failure
|
||||||
|
- document-start
|
||||||
|
|
||||||
warn_list:
|
warn_list:
|
||||||
- '305' # Use shell only when shell functionality is required
|
|
||||||
- '503' # Tasks that run when changed should likely be handlers
|
|
||||||
- experimental # all rules tagged as experimental
|
- experimental # all rules tagged as experimental
|
||||||
|
|
||||||
|
exclude_paths:
|
||||||
|
- group_vars/all/vault.yml
|
||||||
|
|
15
.drone.yml
15
.drone.yml
|
@ -4,16 +4,9 @@ type: docker
|
||||||
name: check
|
name: check
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: yamllint
|
- name: ansible and yaml linting
|
||||||
image: python:3.9-alpine
|
pull: never
|
||||||
|
image: aurore-ansible-lint-image
|
||||||
commands:
|
commands:
|
||||||
- pip install yamllint==1.25.0
|
- ansible-lint
|
||||||
- yamllint -c .yamllint.yml .
|
|
||||||
|
|
||||||
- name: ansible-lint
|
|
||||||
image: python:3.9-alpine
|
|
||||||
commands:
|
|
||||||
- apk add --no-cache gcc libc-dev libffi-dev openssl-dev
|
|
||||||
- pip install ansible-lint==4.3.7
|
|
||||||
- ansible-lint *.yml
|
|
||||||
...
|
...
|
||||||
|
|
|
@ -1,19 +0,0 @@
|
||||||
---
|
|
||||||
image: python:3.9-alpine
|
|
||||||
|
|
||||||
stages:
|
|
||||||
- lint
|
|
||||||
|
|
||||||
yamllint:
|
|
||||||
stage: lint
|
|
||||||
script:
|
|
||||||
- pip install yamllint==1.25.0
|
|
||||||
- yamllint -c .yamllint.yml .
|
|
||||||
|
|
||||||
ansible-lint:
|
|
||||||
stage: lint
|
|
||||||
script:
|
|
||||||
- apk add gcc libc-dev libffi-dev openssl-dev
|
|
||||||
- pip install ansible-lint==4.3.7
|
|
||||||
- ansible-lint *.yml
|
|
||||||
...
|
|
|
@ -6,6 +6,5 @@ rules:
|
||||||
max: 120
|
max: 120
|
||||||
level: warning
|
level: warning
|
||||||
document-start:
|
document-start:
|
||||||
ignore: |
|
ignore: group_vars/all/vault.yml
|
||||||
/groups_var/all/vault.yml
|
|
||||||
...
|
...
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
[![Linter Status](https://drone.auro.re/api/badges/Aurore/ansible/status.svg)](https://drone.auro.re/Aurore/ansible)
|
||||||
|
|
||||||
# Recettes Ansible d'Aurore
|
# Recettes Ansible d'Aurore
|
||||||
|
|
||||||
Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore.
|
Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore.
|
||||||
|
|
8
deploy_postfix_non_mailhost.yml
Normal file
8
deploy_postfix_non_mailhost.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
# Deploy a correclty configured postfix on non mailhost servers
|
||||||
|
- hosts: all,!unifi
|
||||||
|
vars:
|
||||||
|
local_network: 10.128.0.0/16
|
||||||
|
relay_host: proxy.adm.auro.re
|
||||||
|
roles:
|
||||||
|
- postfix_non_mailhost
|
7
docker-ansible-lint/Dockerfile
Normal file
7
docker-ansible-lint/Dockerfile
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
FROM python:3.9-alpine
|
||||||
|
LABEL description="Aurore's docker image for ansible-lint"
|
||||||
|
|
||||||
|
RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
|
||||||
|
RUN pip install "yamllint>=1.26.0,<2.0"
|
||||||
|
RUN pip install "ansible-lint==5.0.0"
|
||||||
|
RUN pip install "ansible>=2.10,<2.11"
|
18
docker-ansible-lint/README.md
Normal file
18
docker-ansible-lint/README.md
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
# Ansible-lint image
|
||||||
|
|
||||||
|
In order to build this image when a new version comes out, you need to
|
||||||
|
1. ssh into the `drone.adm.auro.re` server
|
||||||
|
2. git pull this repo to the lastest version
|
||||||
|
3. optionally make the changes if it has not been done yet
|
||||||
|
4. `sudo docker build -t aurore-ansible-lint-image docker-ansible-lint/`
|
||||||
|
5. ???
|
||||||
|
6. enjoy
|
||||||
|
|
||||||
|
You can verify that the image was correclty built by running
|
||||||
|
```
|
||||||
|
# list the images present
|
||||||
|
sudo docker image ls
|
||||||
|
|
||||||
|
# run your image with an interactive shell
|
||||||
|
sudo docker run -it --rm aurore-ansible-lint-image /bin/sh
|
||||||
|
```
|
|
@ -1,174 +1,179 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
34336231623938346631313932323131336439623837626366646338396137633436646365386639
|
32313562646230353138303964366135656361616532343933353732313961323339653964353130
|
||||||
6332383765386235396331373836366230663563376665380a616436373136633933376435653230
|
3938346666633565356134343835633964626261363365370a663664663938383731343733386136
|
||||||
64333963663436393265666434653164643164616134353665306462326666623530383838343135
|
33356531323762313463326339333963336636353933326537333665313334616563626632336663
|
||||||
3531343533656332350a343432336636316131386132306238653736633966363235623833343638
|
6537363033663935660a613366613962626563643035663330343061353836646561623031323236
|
||||||
38643061383963396466346536343061653034333037393664356661376565643765306462626231
|
65313633383063373064613930623530656365396335663363643330636239643937373163623932
|
||||||
39326233363962373839303464333833306532343834306232653731326135653934643836323639
|
61373136303737333739316565323934376433316362353935363637373264616238373831666438
|
||||||
36343937626536346331613263663865346634666534646266623061303639626636393230616261
|
35343135383233653963333237393232353631636566373766366664656666313436323535393736
|
||||||
32336366356439353738633234326138656464656630303362623664616634306230623538373965
|
62323731343261373331393062633030356235313834373861323138663930613332643432386436
|
||||||
32346439306337623737616666353830626630373562366436653131393532313035303836326430
|
38383038616536316465343561643639353434396631643033633537393265646532613161343732
|
||||||
64613235646366616533313065396663366434363832333535336631323366336437396664303834
|
32363265643963386538326639353233363438643833306637336431303533396562613863633537
|
||||||
30336466313064636565326564356435306136396363373464326534303366323262303732626661
|
30303334643137313136633039393463346562306236353566333563633238313865313534326137
|
||||||
38326663313332633530353739346538343434316133343066313530366637376135323564306537
|
33623036376439653532313833633135326631643361333463633162303065623633636331666661
|
||||||
65626261303231656432333364333965663065346436626631666466643934623064333163626339
|
62303636653233666164383463356530633464306564383236373832616263653165373937303030
|
||||||
32633565303734303862326365336339346133393431636266303530626564326361653230626536
|
31323865656436366265303537306438303434613135396166313635656566373539303463393830
|
||||||
32313231373037633134623761663832393666353732613965613436323939343233613433343538
|
65383636363064333730623161316162373734626433346564333835393030616437636665316566
|
||||||
37326438383130303861316663396333376662386337353964633930353536653437653061356635
|
37353937626465383439633534316336313931663561336335653761396230393031393839336264
|
||||||
35646232343535313130646237643835376162623639333961323964353830653366626438346237
|
37623037663032646631656637386366333131356562376665333964393264643133626532653564
|
||||||
36343663346332656537363434396633336161373730663364306239306432343930643230656465
|
32353235633434656334663233303664613865343039613330663833396162646430623735653434
|
||||||
37633537616232656661313764626232303535383563353861396431643735326162383866626231
|
66633466306338373061326636366330643639383632353564353865623637303832306332653131
|
||||||
61383165613332666537656137636430323332326335323763303537386662646263353539613964
|
37343566393965326635613135613134316264616336303233616162313839626235386137343435
|
||||||
37323966306364306436653033393931663239383435613836356164633135306233356364313036
|
33633336636434343531633362633834376135303337363637303039323038313937646236366265
|
||||||
39356661613434633930633066646437636535313565356366303732613731333062643231313035
|
34303434373566313730623664653263653466366133363562333736393836393363326665353434
|
||||||
65333461396131663764626665393562623030343561313136363964393664376136303839333664
|
30333263323366326436623238353335323936346637646130623265366535653737343665373165
|
||||||
65313465623331333538393734373264313562643232666130303930333662616465656432363039
|
63336166633831623464343862353065653162613934646539396364353162633063303332313266
|
||||||
66616530336666343861336434633063343561323931323931346132376263376565313366306639
|
65656163396463363737663931353765376337643065646131303264363961366336343432653537
|
||||||
64646465303432333136353661323936633965666364356633653861363139616562653834313861
|
65306437623535393132343962333666366665316362366536663431646435633166333731303232
|
||||||
63306133613066373462383236613939316130623937643939323134343936356638376335323836
|
63313337353334623330623862386661306333366638306433373437623835636631376231373636
|
||||||
39383334656236633037633230313138326238303863623231353465346661663162623138353461
|
66666539363561313166396438343730656230663532633031353336636565343964366136663466
|
||||||
33343738613137366364633730346261366564646161373837613865393233663431636361663962
|
38316364663936303231633633613832313163646262313238346666336661613236343966353130
|
||||||
38313230363737306265636435353533666262333666383639343364633464396566333433333538
|
62656237663865306632333130653933633332623061633062363964643130383430613864663935
|
||||||
39643934646537653234336361613664333434623739353831316531313666396638333136343638
|
63663765356434626661346165653163626565336437613539653536306432376332616430393737
|
||||||
33653034366362363562633462303165626333306664326366353334363964663936616430643662
|
34366139336363383761366338623236383135373634613239616665343061396633383231663230
|
||||||
30616334326638323133366632663237356238353934323361376237613632396134663536336364
|
63653331336366666234626662356461663263626465663036326162343239373734346661626665
|
||||||
39363439326335363437373939353564646663616464663763353931323233316135656634343137
|
61666231613565356633343030343935393135653261376239303037373634386138393463363239
|
||||||
34396130386134386331643534353461663963323435656337653032376565313635623231343135
|
30356365663133646634333863616230646235656135336330393836353462323630376537366334
|
||||||
34303130316239303065386134663332393938636332363665643832326439653733633231346537
|
31306330363232326661616666623131383837353139643838326430653561346565393762323936
|
||||||
63383634333034323434376237663932613638363835393837613632663265616363303233653539
|
31623136656361383039653763613162356530653933376539336130376237396661663664393733
|
||||||
61333765313463616665613136303533343230303735626437343635303934613365326166333966
|
36396433303339613965316230613237303331646331383239356638333366653961303138343663
|
||||||
66613538393466666630363333643730653239393435616634303430396635383631613439623433
|
33393664303637333863313364356666383836633063643539333262633565623534323866316537
|
||||||
36646431393865666162373232343335356366366633633264326639643434396234313863333163
|
38623630363139643837396330353463303932383231663831363763656537386531383531303165
|
||||||
63396534623931633833656565396635333133376165613031663831633564663061656131303564
|
37366338343063346230656461393832383736636662656666636434363731623437303862636366
|
||||||
61303132666264636139313738643161313134643733633366376538366135663135333333333564
|
33613333393139613637623963373262323637653531336265333033333135613330313166633738
|
||||||
64366262353837363061653663616265393264373230346330636465336439623063636639356136
|
36353935383931363535656539333130653164613431616438613432313532373063353738656162
|
||||||
65383638643961326661396336373163643832366561363764626461623662333436373136616437
|
36616563383133623336396633343762376537663432356238653766666636323232623065313537
|
||||||
30316537653432356133616338353165633462643634323563306366343965326635363863316232
|
39636632326166323130646633626431323831373963313837613465356436326430616433303662
|
||||||
61633135643861333635383464383937306236626632366235363433313335663431366531356337
|
65343834663937306539663330366538643265626665613631323036616463313266303237613938
|
||||||
37303465323638383930336138356665343966336137356137656564303733373565366162343330
|
30613565306636306561643238326138623366343365303934306561623234313332636462383363
|
||||||
38326366653733376138356339313564616165626235356363343430353239616339656239323964
|
30623432326336396364636164366463326533613665333830656564626663383331323661663934
|
||||||
31643734653263653461333135386261646265323134633334376262323330396634643764323635
|
35353135323930656138373830623932396138626335343265623738383532333861306561323430
|
||||||
30336262323035613338333166353364333836623865393132613338393237363734616330366463
|
66333532333961636463656535636132323535313730333762633139306235373031363831363266
|
||||||
64646163303337323531636532383438356237306337656439663565643032633462316366663164
|
33646635316137616663653461393566303432386330623936633330373461333762356532663062
|
||||||
33613039326337353531303831313136653539353261373930613030383134653261363833653439
|
39666437363931313861356331653932303132353364623664656364316430653933653935616230
|
||||||
31343662623035393238646263633066653362323434306137633339393330376462356139333362
|
38376631316463646663626562366233626334323235633235653364623936643131356130343261
|
||||||
35363436356530363134663064653031376561343732346262383333353733363136396262643135
|
36396535393335366532313930623363663032386635396262363430303466373737633739626435
|
||||||
31326566303535343833326562376464643632363434323839366366626134303830323563633237
|
30636136396562336561393936353763383732653166353266376165663233626266353638363131
|
||||||
37313964353033316163303738636632346137353437333463303135323631383132623133663130
|
65323462633039323334613566373434343363633532656534663635363763396265663137636331
|
||||||
32373163393861366137303138363134653534613236636439623731393837306130626638343134
|
38613736353635613437663133616431396666316230393066343431336535626335373437393039
|
||||||
39313532386338343662333134353761653162663665396664366239633536613132313735373334
|
63666135353937313765316134326338376161353862373161653039333631306264343464353035
|
||||||
37613161383633653861376433633632333163653439633938386137313632396137616337373465
|
65353639313134346239646362663836643734373465353866373238613162303336306438376237
|
||||||
65383238396439666537313833663364333731613434333739393161363437306665363834653761
|
35363934333536376136666561333636653136316435316530366461306636333063313739626630
|
||||||
34303464386633633163353636643964393233383232623765373239376633393139326630653765
|
37633333333766613663636466373364663132613266343136376138663461383832356631303132
|
||||||
62646439646534376234323661383063656463313437323231333165626163626262626562376338
|
30363434336161393962363636313364663839383734373533356663343733333731613535646433
|
||||||
62646362346261313738323830613037663035666361386139666432613230346334323063326239
|
64396361643736653931336365313338313633383038306131333863306437386362633263646364
|
||||||
65303065343061613736343663363630336333623439383032313137616131623933323636306331
|
36656566326333333136636566613066623362363263373435356162396431396334386237383231
|
||||||
34636130626338303039356137353532346562363531623936316162336663306437386532363236
|
30326465646334613235666435613462633230353434653666336364646466613066346366376262
|
||||||
36333661316161613237343032623764396435346632363963643438316430666539393566353939
|
66633863333461626631383961663930383663666538613162643730323565653732386330613538
|
||||||
33333234313839636537366465356364303438313830663261373563346538626432313139303030
|
38666164353130386530376332643637333931313661633634303636643639613561643338373331
|
||||||
33333066626463663663643833323764643737386162663766356665643064313263376434353038
|
63333932306634313933366533623837613934366334396637396361623439383964333665383435
|
||||||
37643630643737663566653562353261333734636262626437393239383063613661643166626630
|
62316265356537616137643537366666336634393935613034393737313930333364323031653234
|
||||||
31313564346239396561326162333534376264616435313762623032636432363832383630343964
|
37366561356332666439623462396266623961653039626562393065393336643962373064343563
|
||||||
30343663643935633465393465626131633931623930653962303830333065363435383237653566
|
36346665666338623931343739386531343833386135356164303532643463346565316163656633
|
||||||
65646632376330306437663334313932653230653562356338663366616463303466366263366137
|
32616365623065626139383362613466633332666133313263393062373338653834363830333039
|
||||||
64633934626339633235386630396561376130373763313137386531356637633863393035306634
|
62626230343362393533633061663432363836616539643065643839623065633363393134643534
|
||||||
65353432323235363135633832373032623837376333346131303162303464616234313062316563
|
63343935376537393739333063333333386239663763383435633234376434366362616433363162
|
||||||
64646634633963663032613533636665333335656539323238623362306363313835626632306236
|
34363539633661633333306133363433313761303138363864373266333461303139613362663937
|
||||||
30663637356463363530316434316639326639633539333335633330333834643035353932313638
|
39626332356139396330393361613364643363366164376234316266316164393035386334366362
|
||||||
64356565653065666131373538356462306633343161376537323762313666373235353236313963
|
36373065626530333237636139336163623766623561656234333239646263626164323134633434
|
||||||
65613561633266306632616538616461626532666435663038646138386430376164663766363138
|
63326635393665333533383562633438303036616262366435373739386430353964333265393732
|
||||||
35316262393065653739323035666531333330326235386133383834383865356635666537333533
|
66643838303566626131323834646564613830333937616264383864316666343333396636303836
|
||||||
31376138353231313262646334386566376264323066373934666363313431643738383064666437
|
38633335656536653334626530303835623531666665326533303535313164323836373365636265
|
||||||
36656437313039656666373530346534393735353163646635663839326366643333393665626464
|
65393061363933373931396134623264643065633534313566346336343862346537343437363765
|
||||||
36616637303631653661373433653865323634363065303433386534363064356564636465366265
|
62663264376266326538616330376633353832353234653661613964373231666562326466663934
|
||||||
31333064383233636538393032376234663663353162343530376631356533653231303730396465
|
38393931643736626332623461613737383463663935656263656233306437653331343838343865
|
||||||
33366162376464633633313664303939306330613865663431653037303061633130626635653638
|
64343239636166343134336261656162393938396633376663366466653634373566336165323237
|
||||||
66626264363333376463386666313663333964333137333231303361616533393236373861656534
|
34386137313961653739393231616532346664366138356631353030623236343535363435636462
|
||||||
32326335306566623332396638383133353434363565316432353963353062313662326361336537
|
32323564306339396437633763613535393230386631616166656539373861386633363464653439
|
||||||
34396632656234333263663831326566353434316234613365316132363730643665373761666562
|
34323134626334356631623764356232366337646236313031336138333636633834353463363961
|
||||||
31393565653663653731633333633730326265376135666162656132623238333765333363653130
|
32316664383038633330383765356563353062303133333133336365346561643234386161383461
|
||||||
61353632313532616266363139336162336565356365316531336364623930636430353831623233
|
39323964303061313461386333613961396533646161663230666466616231386239386666306233
|
||||||
61616131313438306633333066613764313161333934316139633738623164623564646365663566
|
39343239323739323738373263313662336237346663663432343861343034633463386163303366
|
||||||
66356464376133363137313036623930373362306166623838373131313330393837396261656561
|
38333537626232663438383230623032623765336164653438653434396362633063333437366338
|
||||||
66396233313530643164353264656563383632363139333262626532376562613630643437666266
|
34373431323539306531323536363238333037643337626131336631356537626237656630393964
|
||||||
66656335656634613138316138643666623430363833663035616138336461303035633731636262
|
38393736633433306632323334613232303162313962616334376130353931336337303462363266
|
||||||
36393939333765346239666433323032323361343934656463396365333366623337316663396263
|
39643137643034396564303531346361336134353461653535336165323032323238663631653935
|
||||||
36616431626633663963636135643833666234613830366434636532373031343263316436306162
|
38366339366436376166333335663230306663633634336434323532316664666134313365323834
|
||||||
39356365376561643665323866656465313434623138326238353662653735613565623264333336
|
31363964346561373262393632366637396633323332393162666166326631383164643265353135
|
||||||
61393763363862613766653064636130323732663466366133666361636339356464313037353462
|
34303664353434373131653530346634386333663732373966613761616261323032336266646163
|
||||||
63633936653235656538383433393065393162643034393538666433616131343462346235393164
|
32663966656464633565356337653534623962663939333033613933633965666339653764663134
|
||||||
39353663373338626665663563663162633430343330373430376336326432346233663365376533
|
38363965393730633638653561393432303835303164396462366435353030643966316665333061
|
||||||
32656465343538643137326366653232343530363834383831386634366262303333636261353863
|
39643634646137626338323537393031356532616637666634333139396630663930636235333735
|
||||||
32633437343432653936643766363338636535613532323362656435613363393238626466303861
|
66336465666439356636623037653564393161393432346534656132346631396462356463336566
|
||||||
38633861333638613466306338613932353964393365356637306261626535323732316362623731
|
30303833386638333866396462633330306439613139636331636331333663386438623461343133
|
||||||
33313963623439613939333639346461663338373334396165636231666266613065323731373964
|
30643164366434353765633738356536643861303232393362343131353730376364623463326361
|
||||||
64313133383435333935376531313432663766633133633863356563663535333263636237386136
|
37363061623333653466636438666465616133396233616430393265626362663736613031383764
|
||||||
61653963633166383135333436646465383536373039383538326366636634313061613730653962
|
63353065306166646461623763643062383738376266353765643134376538393233383663346237
|
||||||
37623962643866396637336231363038373465393637356463656566666661313130313863383233
|
37643639663063383266373536323533343936633134386263616163343637613636303134343037
|
||||||
37343636346535363832626365396262303862393535336565393635663637323730373564336634
|
34626232303335393532643134646132323463396333386664333731646331343937363661323539
|
||||||
37363036323733306535336366373630356531353737303165376530656433626634343365626239
|
65663936366464643162633432666537393439313664643638343237653566613235353165663336
|
||||||
64346136363030663862313431653761666432393933366665346361626361623039326434633835
|
32373037346239356337633036306138343366666463363538373836616530313565613562383433
|
||||||
32666538653037613361343536383634643762356234366433663639653461303933306434333864
|
64616263626165343938363230613039356137643665653734366533393033316363663036363738
|
||||||
37386436393465323139306161333738383265323436376536656264356230303163326134323864
|
66323663663366666162623734363465663939383830396533383665393139633530616263663136
|
||||||
63396331666431666464656161633466333764653631623131646566303366333030653834333335
|
64333132633031623835373831636366643831626235303831313761653734666365386462393534
|
||||||
31323365353239366232643863386365633861376235643034303563613363663661616564363663
|
66303332656561653162636636313439663633396638353638363465663138353866376636326634
|
||||||
63326562613365653539383336383339646164623864323830653434623365393432666466323134
|
63613865613466326230323564323439393061653664393261373531306235333663373434636262
|
||||||
33626330373361393734656632393232363866613863373135636537613934343065306265623964
|
62353132653333313635653633346461323165373862343839316539653038633664353830643234
|
||||||
34643765636165393336356630353663343065333431656164363638646233663762346536343362
|
36633763653738323732386263643461333761306532303534663763323735636563366266653464
|
||||||
65653364343537383336373933313464663464653465383830363631316336303464313731356230
|
66636236393033613736656562663661346162316164616663306465623431613133633130383136
|
||||||
34336130323766386465373162346535396565346630353734303937396130656132376331326563
|
35313434346164653163396137383064656538353766653237646237663639663039663665666236
|
||||||
36386339383338346533646331666262396432336434646333653664326635386238333763626637
|
62346139633234343735303762653030326333333764356562656435623330663066353333326239
|
||||||
31363464306465666339316436323265623437636533643431363161323139653065323534636533
|
39646465393362323537343766366432323765363139643361643037373739643636623437386636
|
||||||
64386334353439373133313937343234373963353331646233346432646430636530663336316134
|
32353233303337623136343062623633306361383737303431613663633163643832343434656335
|
||||||
66303337313034396232643531643262343036313762633165353665653938313665386363353865
|
39633434393466646366376534333865633361333861653366316238626637363537303335363662
|
||||||
66333166303636626565613136653365313763303263313239333033353638616566656134396131
|
61353830303733623665643864333134623062356334616331363565333235666261653732633264
|
||||||
38356434343931303134303362313363343634613361353538636634336332373132356165326163
|
62663238663461343738303764303636366638393830623264613730303635623635626364646464
|
||||||
30386130326239366532363962316435663862393836326439623862366166376234343439306465
|
35623239356235316136343532616638663930313565383264663936633733386663326161623830
|
||||||
36346639623939353232366333643963646336383833386565643435393734653936313638663930
|
62626634313963323866653432343561303233343035353433613731353538356438613033346638
|
||||||
32323065343737663564333961373034393261613862333431663562353964666561643831316432
|
33613466656633626261326465336437613630376335663933303061393731313065636131393762
|
||||||
35313832356639333937333266306166656538643065386639346337306134613536356137316331
|
65613037653363636235613838613535316635613066393436356537633662313539323163613361
|
||||||
38376434666332366531393639303561663934353130333161636530383932653236313530616531
|
36356632323634363335366665376663346565393439313031636331633235333664663830636135
|
||||||
61656664626663373164343863333039356362343034326131376666623264663732303734366363
|
64653266616262336437623731383161383437613461323837653066656233643230663064616432
|
||||||
30306430353732616131346637626332656434393163313661356465393263393235396662623962
|
65383337323333633465316533623465303735396430326334643634626436303263396534356335
|
||||||
62643538623331646265643561623366383937313136383939366164613235666234663137653432
|
34373134653232303866386433643864363536643138353965323130616338353731633434326361
|
||||||
34316138643139336331356663333632656539653632626136613431393736613630353237356164
|
66303133353264343664323435653133383431626263373237613631616235666465616333343937
|
||||||
33623632643335663163656236633134343464353837346237316162346634633336663564656531
|
37323333653565363665376236396232393132336137346461613831623063326631636335333365
|
||||||
39373730346130363963376463326238366235613539613466653139306237343164336462353236
|
65376538396265313732323932383061633464393630393563386163393230623238633938396535
|
||||||
39323361636333353661633863663162633563343937366461346338363061623730633537626562
|
34333330386131353336646361313634353862663762653234373235366565343232306432653731
|
||||||
30353938383664333861366431343033313961376436363065373430353736343563313531386663
|
61383863306632626463653831383735636233623966353130626634366638626236383864316531
|
||||||
37313534303564333237616331396437376436383833373936376664666366373235613533663239
|
37353062336539626531356133313132663330663135393930356565323364353761393439373533
|
||||||
64653863613531356666646233393533646131333961343730663461346235633961306263343831
|
61366465313462313033306631333432646163653832363564313838643362316263353562373262
|
||||||
64386332653330323937643266373437633465363933653833343930616134626566363339366362
|
33343664666230303065373836306663643135303439356362336634346637353438633364306365
|
||||||
36356163333730656233653431326430326566386264343330666131393166323537623137396237
|
30623332363436353865633738663464636132306134386465306164363333386338323433643163
|
||||||
65386234653231666631366533383762643830333261363532666138386263643662633932626335
|
37626235303062393933393363656339636139323464373439363765316266646536316336666163
|
||||||
66303363613035643931393933303035323566373634663037313338616132373162366334373962
|
34306262326238343937623432643262646263666266623933623565363535326235623637396237
|
||||||
33666463613435396331326565353433336361303562326562663035313639333232333430373266
|
64623961663037653033383933333062393932613933303962326538333739303731363137623365
|
||||||
65383235356132353838636565636436356361653831356430663935613766613237366564316566
|
30363030353433646133666166383938356232396331656165343531343232613934663834633464
|
||||||
37396130393363386566306162346466326165353863636633306335383265306139396339383866
|
36353331373233393861636131393238363031383135613633373665613364373466356663376431
|
||||||
34326335323962633032386162623033353036643437313832323166363764653339343638343964
|
66303331383837663261313838363266656164633836623661326331356566653938306266376632
|
||||||
66626662326234306362656162336538353131366337643761643930306163333661653062663832
|
63613238356135373938663030343634393566653963306237303138626461613931356565663835
|
||||||
61303963623433313565633235306132366663336662616232613339366363373934613631623431
|
64386433613937643730396130663333646334386336613864333533626661626166346232333964
|
||||||
34323736383366333032343364373533363761323338346163323836653235653136646162306166
|
66316664346231376639393132613936323261383131633737386331343966363961633237666334
|
||||||
65333734623663346233343961396566313838653036396430396134393839326535363237363638
|
38353363383761333439373437623937393534626435386262383732363833346166656233666332
|
||||||
38333232333863396334366561303136333863356666656335633630616531363766343535616533
|
62636130323536663432633434646666303664393130626437636132316264613535306463623964
|
||||||
35656166303837653365303436623431613931336331356531666665346562613263363666626238
|
30633030613665343631373366363737313130666337326230633631646461356362363963306361
|
||||||
62626236323863383366643162356462306163653032626130333863656337623136646439316337
|
64393639353339303436346438313833333432356666666339613666623132636235383866343838
|
||||||
33306432663134383038646133346131333732633932383239643733643138303434646565663266
|
36666263343538633537303665616366656363373736306235333264336466313939356131303561
|
||||||
34616265383733343963323538656138656331396438616133393063356638633965323363653066
|
33363030653966316232313933323665663330303338366333656536623861623537313266383565
|
||||||
65353837333363613762333839313631373137363064383830353565333832356162323862393030
|
65633866663665393635646531353539623362646663356664333866623432333465333335333333
|
||||||
35373038613133643466636537626437393837633865363566343565626633376262373766613738
|
31616262356537646261373166343665633238633235373335343134393366663462393465643135
|
||||||
39343334336238363131373762646564653839623531323066356430326263376534373664363331
|
35326336613835663132343233386564373462353561333066323631313664373865323233653336
|
||||||
64373735383933303638303661333964333464306338613363326261623438336530636262373766
|
65333731336565633664636562326365343263373263373162653239633964396138616335616230
|
||||||
35346339643939666162386232666236326131366366303432393838326239313730323431376231
|
63376562383064663330363562306338346465666563306365306639353632396633323830353337
|
||||||
39363032616666393431326533643865643937363937356431623763363037373333653266376561
|
65666233376239333436633566623535383065646235353832363030303565623531333539613864
|
||||||
63323462363063343234373534663063353865363037383932386231313338343239653131633561
|
63393339656238323466343564333134636164383062613138656138373936636531636166393062
|
||||||
34623439396232633265616438623562666333303932396366663330326565363736633461333463
|
32613431636233316533353937326234663336343231313630393037313663383034383238346562
|
||||||
66346537323061306662323062393061353565393165363532306439343262343632616465363364
|
36383264626366383835623261643562323037303661383832323939363939623038626664393530
|
||||||
30376331346430313536313963333136663833323064633631653935326366633862336163316538
|
65353061313266633764353331313532383766613735333131373365366336306139343265306634
|
||||||
33383434336666303434363236396662366664393637656462363331356631613332353766636663
|
66313435313965633362356563313763653634643362616138633832633136333362343731346166
|
||||||
62323264336235306532343065323834313730353237616463373766303439663533336366363565
|
34613431653134363732353833643962636431623036393935666237663833373934373438666434
|
||||||
35646461636263646633343634323735383235376330616334373937646165623639363663353361
|
36633538306632383439323465636665303863646532653165666638316137633738363736386633
|
||||||
65613034353736633332663333616564356265323731613537393430633137333337643663323137
|
33303234306531356136316463353232303737323661333430333137636633306131316434376665
|
||||||
31623732663331653935316337306433333633353565343265666333363864346562363961333439
|
64323633383735313536373534626331356631316464643530363866633730353239346633396364
|
||||||
30656136636661396335623566386362333861616663393738626632633537613564636261383138
|
36323437306165363465613365383666353037313333653230316234626439623964343336343762
|
||||||
3233
|
66343831343133343330336536613134303836626434663731343636613835623364633236653962
|
||||||
|
63356635363239663533336265306261393337313136313937356662616231636461373230376232
|
||||||
|
64313738333966633265626166653266313932666134356235373238376530303437646464333364
|
||||||
|
31613631386335356561363938323831313061373566323638663864393266656361366463353736
|
||||||
|
63386361373737383837336435633562626566656666373737313464323466313364626466633537
|
||||||
|
6661656232313066363235616364646663623039386561636332
|
||||||
|
|
8
group_vars/certbot.yml
Normal file
8
group_vars/certbot.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
glob_certbot:
|
||||||
|
- dns_rfc2136_server: '10.128.0.30'
|
||||||
|
dns_rfc2136_name: certbot_challenge.
|
||||||
|
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
|
||||||
|
mail: tech.aurore@lists.crans.org
|
||||||
|
certname: auro.re
|
||||||
|
domains: "*.auro.re"
|
32
group_vars/nginx.yml
Normal file
32
group_vars/nginx.yml
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
---
|
||||||
|
glob_nginx:
|
||||||
|
contact: tech.aurore@lists.crans.org
|
||||||
|
who: "L'équipe technique d'Aurore"
|
||||||
|
service_name: service
|
||||||
|
ssl:
|
||||||
|
# Add adm.auro.re if necessary
|
||||||
|
- name: auro.re
|
||||||
|
cert: /etc/letsencrypt/live/auro.re/fullchain.pem
|
||||||
|
cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
|
||||||
|
trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
|
||||||
|
servers:
|
||||||
|
- ssl: false # Replace by auro.re or adm.auro.re
|
||||||
|
default: true
|
||||||
|
server_name:
|
||||||
|
- "default"
|
||||||
|
- "_"
|
||||||
|
root: "/var/www/html"
|
||||||
|
locations:
|
||||||
|
- filter: "/"
|
||||||
|
params: []
|
||||||
|
additional_params: []
|
||||||
|
upstreams: []
|
||||||
|
|
||||||
|
auth_passwd: []
|
||||||
|
default_server:
|
||||||
|
default_ssl_server:
|
||||||
|
default_ssl_domain: auro.re
|
||||||
|
real_ip_from:
|
||||||
|
- "10.128.0.0/16"
|
||||||
|
- "2a09:6840:128::/64"
|
||||||
|
deploy_robots_file: false
|
11
group_vars/reverseproxy.yml
Normal file
11
group_vars/reverseproxy.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
loc_nginx:
|
||||||
|
servers: []
|
||||||
|
|
||||||
|
glob_reverseproxy:
|
||||||
|
redirect_dnames:
|
||||||
|
- aurores.net
|
||||||
|
- fede-aurore.net
|
||||||
|
|
||||||
|
reverseproxy_sites: []
|
||||||
|
|
||||||
|
redirect_sites: []
|
105
host_vars/portail.adm.auro.re.yml
Normal file
105
host_vars/portail.adm.auro.re.yml
Normal file
|
@ -0,0 +1,105 @@
|
||||||
|
---
|
||||||
|
loc_nginx:
|
||||||
|
service_name: captive_portal
|
||||||
|
default_server: '$server_addr'
|
||||||
|
default_ssl_server: '$server_addr'
|
||||||
|
|
||||||
|
servers:
|
||||||
|
- server_name:
|
||||||
|
- "10.13.0.247"
|
||||||
|
locations:
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-fleming.auro.re/portail/"
|
||||||
|
|
||||||
|
- ssl: auro.re
|
||||||
|
server_name:
|
||||||
|
- portail-fleming.auro.re
|
||||||
|
locations:
|
||||||
|
- filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
|
||||||
|
params:
|
||||||
|
- "proxy_pass http://10.128.0.20"
|
||||||
|
- "include /etc/nginx/snippets/options-proxypass.conf"
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-fleming.auro.re/portail/"
|
||||||
|
|
||||||
|
- ssl: auro.re
|
||||||
|
server_name:
|
||||||
|
- 10.23.0.247
|
||||||
|
locations:
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-pacaterie.auro.re/portail/"
|
||||||
|
|
||||||
|
- ssl: auro.re
|
||||||
|
server_name:
|
||||||
|
- portail-pacaterie.auro.re
|
||||||
|
locations:
|
||||||
|
- filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
|
||||||
|
params:
|
||||||
|
- "proxy_pass http://10.128.0.20"
|
||||||
|
- "include /etc/nginx/snippets/options-proxypass.conf"
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-pacaterie.auro.re/portail/"
|
||||||
|
|
||||||
|
- ssl: auro.re
|
||||||
|
server_name:
|
||||||
|
- "10.33.0.247"
|
||||||
|
locations:
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-rives.auro.re/portail/"
|
||||||
|
|
||||||
|
- ssl: auro.re
|
||||||
|
server_name:
|
||||||
|
- portail-rives.auro.re
|
||||||
|
locations:
|
||||||
|
- filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
|
||||||
|
params:
|
||||||
|
- "proxy_pass http://10.128.0.20"
|
||||||
|
- "include /etc/nginx/snippets/options-proxypass.conf"
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-rives.auro.re/portail/"
|
||||||
|
|
||||||
|
- ssl: auro.re
|
||||||
|
server_name:
|
||||||
|
- "10.43.0.247"
|
||||||
|
locations:
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-edc.auro.re/portail/"
|
||||||
|
|
||||||
|
- ssl: auro.re
|
||||||
|
server_name:
|
||||||
|
- portail-edc.auro.re
|
||||||
|
locations:
|
||||||
|
- filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
|
||||||
|
params:
|
||||||
|
- "proxy_pass http://10.128.0.20"
|
||||||
|
- "include /etc/nginx/snippets/options-proxypass.conf"
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-edc.auro.re/portail/"
|
||||||
|
|
||||||
|
- ssl: auro.re
|
||||||
|
server_name:
|
||||||
|
- "10.53.0.247"
|
||||||
|
locations:
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-gs.auro.re/portail/"
|
||||||
|
|
||||||
|
- ssl: auro.re
|
||||||
|
server_name:
|
||||||
|
- portail-gs.auro.re
|
||||||
|
locations:
|
||||||
|
- filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
|
||||||
|
params:
|
||||||
|
- "proxy_pass http://10.128.0.20"
|
||||||
|
- "include /etc/nginx/snippets/options-proxypass.conf"
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-gs.auro.re/portail/"
|
|
@ -1,39 +1,13 @@
|
||||||
---
|
---
|
||||||
certbot:
|
loc_certbot:
|
||||||
domains:
|
- dns_rfc2136_server: '10.128.0.30'
|
||||||
- auro.re
|
dns_rfc2136_name: certbot_challenge.
|
||||||
- chat.auro.re # cname to riot.auro.re
|
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
|
||||||
- codimd.auro.re
|
mail: tech.aurore@lists.crans.org
|
||||||
- element.auro.re # cname to riot.auro.re
|
certname: auro.re
|
||||||
- ehterpad.auro.re # cname to pad.auro.re
|
domains: "auro.re, *.auro.re"
|
||||||
- grafana.auro.re
|
|
||||||
- hedgedoc.auro.re # cname to codimd.auro.re
|
|
||||||
- pad.auro.re
|
|
||||||
- passbolt.auro.re
|
|
||||||
- paste.auro.re # cname to privatebin.auro.re
|
|
||||||
- phabricator.auro.re
|
|
||||||
- privatebin.auro.re
|
|
||||||
- riot.auro.re
|
|
||||||
- sharelatex.auro.re
|
|
||||||
- status.auro.re
|
|
||||||
- wiki.auro.re
|
|
||||||
- www.auro.re
|
|
||||||
- zero.auro.re # cname to privatebin.auro.re
|
|
||||||
mail: tech.aurore@lists.crans.org
|
|
||||||
certname: auro.re
|
|
||||||
|
|
||||||
nginx:
|
|
||||||
ssl:
|
|
||||||
cert: /etc/letsencrypt/live/auro.re/fullchain.pem
|
|
||||||
cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
|
|
||||||
trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
|
|
||||||
|
|
||||||
redirect_dnames:
|
|
||||||
- aurores.net
|
|
||||||
- fede-aurore.net
|
|
||||||
|
|
||||||
redirect_tcp: {}
|
|
||||||
|
|
||||||
|
loc_reverseproxy:
|
||||||
redirect_sites:
|
redirect_sites:
|
||||||
- from: www.auro.re
|
- from: www.auro.re
|
||||||
to: auro.re
|
to: auro.re
|
||||||
|
|
|
@ -1,31 +1,31 @@
|
||||||
---
|
---
|
||||||
certbot:
|
loc_certbot:
|
||||||
domains:
|
- dns_rfc2136_server: '10.128.0.30'
|
||||||
- bbb.auro.re
|
dns_rfc2136_name: certbot_adm_challenge.
|
||||||
- drone.auro.re
|
dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
|
||||||
- gitea.auro.re
|
mail: tech.aurore@lists.crans.org
|
||||||
- intranet.auro.re
|
certname: adm.auro.re
|
||||||
- litl.auro.re
|
domains: "*.adm.auro.re"
|
||||||
- nextcloud.auro.re
|
- dns_rfc2136_server: '10.128.0.30'
|
||||||
- re2o.auro.re
|
dns_rfc2136_name: certbot_challenge.
|
||||||
- vote.auro.re
|
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
|
||||||
- re2o-server.auro.re
|
mail: tech.aurore@lists.crans.org
|
||||||
- re2o-test.auro.re
|
certname: auro.re
|
||||||
- wikijs.auro.re
|
domains: "*.auro.re"
|
||||||
|
|
||||||
mail: tech.aurore@lists.crans.org
|
loc_nginx:
|
||||||
certname: auro.re
|
servers: []
|
||||||
|
|
||||||
nginx:
|
|
||||||
ssl:
|
ssl:
|
||||||
cert: /etc/letsencrypt/live/auro.re/fullchain.pem
|
- name: adm.auro.re
|
||||||
cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
|
cert: /etc/letsencrypt/live/adm.auro.re/fullchain.pem
|
||||||
trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
|
cert_key: /etc/letsencrypt/live/adm.auro.re/privkey.pem
|
||||||
|
trusted_cert: /etc/letsencrypt/live/adm.auro.re/chain.pem
|
||||||
redirect_dnames:
|
- name: auro.re
|
||||||
- aurores.net
|
cert: /etc/letsencrypt/live/auro.re/fullchain.pem
|
||||||
- fede-aurore.net
|
cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
|
||||||
|
trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
|
||||||
|
|
||||||
|
loc_reverseproxy:
|
||||||
redirect_tcp:
|
redirect_tcp:
|
||||||
- name: Gitea
|
- name: Gitea
|
||||||
port: 2222
|
port: 2222
|
||||||
|
@ -33,7 +33,7 @@ nginx:
|
||||||
|
|
||||||
redirect_sites:
|
redirect_sites:
|
||||||
- from: 45.66.111.61
|
- from: 45.66.111.61
|
||||||
to: auro.re
|
to: intranet.auro.re
|
||||||
|
|
||||||
reverseproxy_sites:
|
reverseproxy_sites:
|
||||||
- from: re2o.auro.re
|
- from: re2o.auro.re
|
||||||
|
@ -49,6 +49,9 @@ nginx:
|
||||||
|
|
||||||
- from: gitea.auro.re
|
- from: gitea.auro.re
|
||||||
to: "10.128.0.60:3000"
|
to: "10.128.0.60:3000"
|
||||||
|
- from: git.adm.auro.re
|
||||||
|
to: "10.128.0.60:3000"
|
||||||
|
ssl: adm.auro.re
|
||||||
|
|
||||||
- from: drone.auro.re
|
- from: drone.auro.re
|
||||||
to: "10.128.0.64:8000"
|
to: "10.128.0.64:8000"
|
||||||
|
|
20
hosts
20
hosts
|
@ -35,6 +35,8 @@ services-web.adm.auro.re
|
||||||
mail.adm.auro.re
|
mail.adm.auro.re
|
||||||
wikijs.adm.auro.re
|
wikijs.adm.auro.re
|
||||||
prometheus-aurore.adm.auro.re
|
prometheus-aurore.adm.auro.re
|
||||||
|
portail.adm.auro.re
|
||||||
|
jitsi-aurore.adm.auro.re
|
||||||
|
|
||||||
[aurore_testing_vm]
|
[aurore_testing_vm]
|
||||||
pendragon.adm.auro.re
|
pendragon.adm.auro.re
|
||||||
|
@ -61,6 +63,8 @@ vpn-ovh.adm.auro.re
|
||||||
docker-ovh.adm.auro.re
|
docker-ovh.adm.auro.re
|
||||||
switchs-manager.adm.auro.re
|
switchs-manager.adm.auro.re
|
||||||
ldap-replica-ovh.adm.auro.re
|
ldap-replica-ovh.adm.auro.re
|
||||||
|
prometheus-ovh.adm.auro.re
|
||||||
|
prometheus-federate.adm.auro.re
|
||||||
|
|
||||||
[ovh_testing_vm]
|
[ovh_testing_vm]
|
||||||
#re2o-test.adm.auro.re
|
#re2o-test.adm.auro.re
|
||||||
|
@ -265,6 +269,7 @@ ep-1-3.borne.auro.re
|
||||||
ep-1-2.borne.auro.re
|
ep-1-2.borne.auro.re
|
||||||
ep-0-1.borne.auro.re
|
ep-0-1.borne.auro.re
|
||||||
eo-2-1.borne.auro.re
|
eo-2-1.borne.auro.re
|
||||||
|
ee-2-1.borne.auro.re
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# George Sand
|
# George Sand
|
||||||
|
@ -488,3 +493,18 @@ ldap-replica-ovh.adm.auro.re
|
||||||
[ldap_replica_rives]
|
[ldap_replica_rives]
|
||||||
ldap-replica-rives.adm.auro.re
|
ldap-replica-rives.adm.auro.re
|
||||||
|
|
||||||
|
[certbot]
|
||||||
|
portail.adm.auro.re
|
||||||
|
|
||||||
|
[certbot:children]
|
||||||
|
reverseproxy
|
||||||
|
|
||||||
|
[nginx]
|
||||||
|
portail.adm.auro.re
|
||||||
|
|
||||||
|
[nginx:children]
|
||||||
|
reverseproxy
|
||||||
|
|
||||||
|
[reverseproxy]
|
||||||
|
proxy-ovh.adm.auro.re
|
||||||
|
proxy.adm.auro.re
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
- hosts: prometheus-fleming.adm.auro.re,prometheus-fleming-fo.adm.auro.re
|
- hosts: prometheus-fleming.adm.auro.re
|
||||||
vars:
|
vars:
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
@ -88,10 +88,43 @@
|
||||||
# Prometheus targets.json
|
# Prometheus targets.json
|
||||||
prometheus_targets:
|
prometheus_targets:
|
||||||
- targets: |
|
- targets: |
|
||||||
{{ groups['aurore_pve'] + groups['aurore_vm'] + groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
|
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
|
||||||
roles:
|
roles:
|
||||||
- prometheus
|
- prometheus
|
||||||
|
|
||||||
|
- hosts: prometheus-ovh.adm.auro.re
|
||||||
|
vars:
|
||||||
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
|
||||||
|
# Prometheus targets.json
|
||||||
|
prometheus_targets:
|
||||||
|
- targets: |
|
||||||
|
{{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
|
||||||
|
prometheus_docker_targets:
|
||||||
|
- docker-ovh.adm.auro.re:8087
|
||||||
|
roles:
|
||||||
|
- prometheus
|
||||||
|
|
||||||
|
|
||||||
|
- hosts: prometheus-federate.adm.auro.re
|
||||||
|
vars:
|
||||||
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
|
||||||
|
# Prometheus targets.json
|
||||||
|
prometheus_targets:
|
||||||
|
- prometheus-edc.adm.auro.re
|
||||||
|
- prometheus-gs.adm.auro.re
|
||||||
|
- prometheus-fleming.adm.auro.re
|
||||||
|
- prometheus-pacaterie.adm.auro.re
|
||||||
|
- prometheus-rives.adm.auro.re
|
||||||
|
- prometheus-aurore.adm.auro.re
|
||||||
|
- prometheus-ovh.adm.auro.re
|
||||||
|
- prometheus-federate.adm.auro.re
|
||||||
|
roles:
|
||||||
|
- prometheus_federate
|
||||||
|
|
||||||
|
|
||||||
# Monitor all hosts
|
# Monitor all hosts
|
||||||
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
|
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
|
||||||
|
|
|
@ -43,7 +43,7 @@
|
||||||
# username: service-user
|
# username: service-user
|
||||||
# password: "{{ vault_serviceuser_passwd }}"
|
# password: "{{ vault_serviceuser_passwd }}"
|
||||||
# roles:
|
# roles:
|
||||||
# - re2o-service
|
# - re2o_service
|
||||||
|
|
||||||
|
|
||||||
# Deploy Unifi Controller
|
# Deploy Unifi Controller
|
||||||
|
@ -62,4 +62,4 @@
|
||||||
# username: service-user
|
# username: service-user
|
||||||
# password: "{{ vault_serviceuser_passwd }}"
|
# password: "{{ vault_serviceuser_passwd }}"
|
||||||
# roles:
|
# roles:
|
||||||
# - re2o-service
|
# - re2o_service
|
||||||
|
|
|
@ -23,6 +23,7 @@
|
||||||
- oidentd # postgresql identification
|
- oidentd # postgresql identification
|
||||||
- screen # Vulcain asked for this
|
- screen # Vulcain asked for this
|
||||||
- sudo
|
- sudo
|
||||||
|
- tmux # For shirenn
|
||||||
- tree # create a graphical tree of files
|
- tree # create a graphical tree of files
|
||||||
- vim # better than nano
|
- vim # better than nano
|
||||||
- zsh # to be able to ssh @erdnaxe
|
- zsh # to be able to ssh @erdnaxe
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
- name: Reload nginx
|
|
||||||
service:
|
|
||||||
name: nginx
|
|
||||||
state: reloaded
|
|
||||||
|
|
||||||
- name: Generate certificates
|
|
||||||
command: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
|
|
|
@ -1,13 +1,28 @@
|
||||||
---
|
---
|
||||||
- name: Install certbot and nginx plugin
|
- name: Install certbot and RFC2136 plugin
|
||||||
apt:
|
apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
name:
|
name:
|
||||||
- certbot
|
- certbot
|
||||||
- python3-certbot-nginx
|
- python3-certbot-dns-rfc2136
|
||||||
register: pkg_result
|
state: present
|
||||||
|
register: apt_result
|
||||||
retries: 3
|
retries: 3
|
||||||
until: pkg_result is succeeded
|
until: apt_result is succeeded
|
||||||
|
|
||||||
|
- name: Add DNS credentials
|
||||||
|
template:
|
||||||
|
src: letsencrypt/rfc2136.ini.j2
|
||||||
|
dest: "/etc/letsencrypt/rfc2136.{{ item.certname }}.ini"
|
||||||
|
mode: 0600
|
||||||
|
owner: root
|
||||||
|
loop: "{{ certbot }}"
|
||||||
|
|
||||||
|
- name: Add dhparam
|
||||||
|
template:
|
||||||
|
src: "letsencrypt/dhparam.j2"
|
||||||
|
dest: "/etc/letsencrypt/dhparam"
|
||||||
|
mode: 0600
|
||||||
|
|
||||||
- name: Create /etc/letsencrypt/conf.d
|
- name: Create /etc/letsencrypt/conf.d
|
||||||
file:
|
file:
|
||||||
|
@ -18,8 +33,19 @@
|
||||||
- name: Add Certbot configuration
|
- name: Add Certbot configuration
|
||||||
template:
|
template:
|
||||||
src: "letsencrypt/conf.d/certname.ini.j2"
|
src: "letsencrypt/conf.d/certname.ini.j2"
|
||||||
dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
|
dest: "/etc/letsencrypt/conf.d/{{ item.certname }}.ini"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
notify:
|
loop: "{{ certbot }}"
|
||||||
- Generate certificates
|
|
||||||
- Reload nginx
|
- name: Run certbot
|
||||||
|
command: certbot --non-interactive --config /etc/letsencrypt/conf.d/{{ item.certname }}.ini certonly
|
||||||
|
loop: "{{ certbot }}"
|
||||||
|
|
||||||
|
- name: Clean old files
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: absent
|
||||||
|
loop:
|
||||||
|
- "/etc/letsencrypt/options-ssl-nginx.conf"
|
||||||
|
- "/etc/letsencrypt/ssl-dhparams.pem"
|
||||||
|
- "/etc/letsencrypt/rfc2136.ini"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# {{ ansible_managed }}
|
{{ ansible_managed | comment(decoration='# ') }}
|
||||||
|
|
||||||
# Pour appliquer cette conf et générer la conf de renewal :
|
# To generate the certificate, please use the following command
|
||||||
# certbot --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini certonly
|
# certbot --config /etc/letsencrypt/conf.d/{{ item.certname }}.ini certonly
|
||||||
|
|
||||||
# Use a 4096 bit RSA key instead of 2048
|
# Use a 4096 bit RSA key instead of 2048
|
||||||
rsa-key-size = 4096
|
rsa-key-size = 4096
|
||||||
|
@ -10,14 +10,19 @@ rsa-key-size = 4096
|
||||||
# server = https://acme-staging.api.letsencrypt.org/directory
|
# server = https://acme-staging.api.letsencrypt.org/directory
|
||||||
|
|
||||||
# Uncomment and update to register with the specified e-mail address
|
# Uncomment and update to register with the specified e-mail address
|
||||||
email = {{ certbot.mail }}
|
email = {{ item.mail }}
|
||||||
|
|
||||||
# Uncomment to use a text interface instead of ncurses
|
# Uncomment to use a text interface instead of ncurses
|
||||||
text = True
|
text = True
|
||||||
|
|
||||||
# Use nginx challenge
|
# Yes I want to sell my soul and my guinea pig.
|
||||||
authenticator = nginx
|
agree-tos = True
|
||||||
|
|
||||||
|
# Use DNS-01 challenge
|
||||||
|
authenticator = dns-rfc2136
|
||||||
|
dns-rfc2136-credentials = /etc/letsencrypt/rfc2136.{{ item.certname }}.ini
|
||||||
|
dns-rfc2136-propagation-seconds = 30
|
||||||
|
|
||||||
# Wildcard the domain
|
# Wildcard the domain
|
||||||
cert-name = {{ certbot.certname }}
|
cert-name = {{ item.certname }}
|
||||||
domains = {{ ", ".join(certbot.domains) }}
|
domains = {{ item.domains }}
|
||||||
|
|
7
roles/certbot/templates/letsencrypt/rfc2136.ini.j2
Normal file
7
roles/certbot/templates/letsencrypt/rfc2136.ini.j2
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{{ ansible_managed | comment(decoration='# ') }}
|
||||||
|
|
||||||
|
dns_rfc2136_server = {{ item.dns_rfc2136_server }}
|
||||||
|
dns_rfc2136_port = 53
|
||||||
|
dns_rfc2136_name = {{ item.dns_rfc2136_name }}
|
||||||
|
dns_rfc2136_secret = {{ item.dns_rfc2136_secret }}
|
||||||
|
dns_rfc2136_algorithm = HMAC-SHA512
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: force run dhcp re2o-service
|
- name: force run dhcp re2o-service
|
||||||
shell: /var/local/re2o-services/dhcp/main.py --force
|
command: /var/local/re2o-services/dhcp/main.py --force
|
||||||
become_user: re2o-services
|
become_user: re2o-services
|
||||||
|
|
||||||
- name: restart dhcpd
|
- name: restart dhcpd
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
- name: Install dhcp (re2o-service)
|
- name: Install dhcp (re2o-service)
|
||||||
import_role:
|
import_role:
|
||||||
name: re2o-service
|
name: re2o_service
|
||||||
vars:
|
vars:
|
||||||
service_repo: https://gitlab.federez.net/re2o/dhcp.git
|
service_repo: https://gitlab.federez.net/re2o/dhcp.git
|
||||||
service_name: dhcp
|
service_name: dhcp
|
||||||
|
@ -18,7 +18,7 @@
|
||||||
owner: re2o-services
|
owner: re2o-services
|
||||||
group: nogroup
|
group: nogroup
|
||||||
recurse: true
|
recurse: true
|
||||||
mode: 755
|
mode: 0755
|
||||||
|
|
||||||
- name: Install isc-dhcp-server
|
- name: Install isc-dhcp-server
|
||||||
apt:
|
apt:
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
/var/log/debug
|
/var/log/debug
|
||||||
/var/log/messages
|
/var/log/messages
|
||||||
{
|
{
|
||||||
rotate 1
|
rotate 90
|
||||||
daily
|
daily
|
||||||
missingok
|
missingok
|
||||||
notifempty
|
notifempty
|
||||||
|
|
146
roles/nginx/tasks/main.yml
Normal file
146
roles/nginx/tasks/main.yml
Normal file
|
@ -0,0 +1,146 @@
|
||||||
|
---
|
||||||
|
- name: Install NGINX
|
||||||
|
apt:
|
||||||
|
update_cache: true
|
||||||
|
name: nginx
|
||||||
|
register: apt_result
|
||||||
|
retries: 3
|
||||||
|
until: apt_result is succeeded
|
||||||
|
|
||||||
|
- name: Copy proxypass snippets
|
||||||
|
template:
|
||||||
|
src: "nginx/snippets/options-proxypass.conf.j2"
|
||||||
|
dest: "/etc/nginx/snippets/options-proxypass.conf"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Copy SSL snippets
|
||||||
|
template:
|
||||||
|
src: "nginx/snippets/options-ssl.conf.j2"
|
||||||
|
dest: "/etc/nginx/snippets/options-ssl.{{ item.name }}.conf"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
loop: "{{ nginx.ssl }}"
|
||||||
|
|
||||||
|
- name: Disable default site
|
||||||
|
file:
|
||||||
|
dest: "/etc/nginx/sites-enabled/default"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Copy reverse proxy sites
|
||||||
|
when: reverseproxy is defined
|
||||||
|
template:
|
||||||
|
src: "nginx/sites-available/{{ item }}.j2"
|
||||||
|
dest: "/etc/nginx/sites-available/{{ item }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
loop:
|
||||||
|
- reverseproxy
|
||||||
|
- reverseproxy_redirect_dname
|
||||||
|
- redirect
|
||||||
|
notify: Reload nginx
|
||||||
|
|
||||||
|
- name: Activate reverse proxy sites
|
||||||
|
when: reverseproxy is defined
|
||||||
|
file:
|
||||||
|
src: "/etc/nginx/sites-available/{{ item }}"
|
||||||
|
dest: "/etc/nginx/sites-enabled/{{ item }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
state: link
|
||||||
|
loop:
|
||||||
|
- reverseproxy
|
||||||
|
- reverseproxy_redirect_dname
|
||||||
|
- redirect
|
||||||
|
notify: Reload nginx
|
||||||
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
|
|
||||||
|
- name: Copy forward modules
|
||||||
|
when: reverseproxy.redirect_tcp is defined and reverseproxy.redirect_tcp|length > 0
|
||||||
|
template:
|
||||||
|
src: "nginx/modules-available/60-forward.conf.j2"
|
||||||
|
dest: "/etc/nginx/modules-available/60-forward.conf"
|
||||||
|
mode: 0644
|
||||||
|
notify: Reload nginx
|
||||||
|
|
||||||
|
- name: Activate modules
|
||||||
|
when: reverseproxy.redirect_tcp is defined and reverseproxy.redirect_tcp|length > 0
|
||||||
|
file:
|
||||||
|
src: "/etc/nginx/modules-available/60-forward.conf"
|
||||||
|
dest: "/etc/nginx/modules-enabled/60-forward.conf"
|
||||||
|
state: link
|
||||||
|
mode: 0644
|
||||||
|
notify: Reload nginx
|
||||||
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
|
|
||||||
|
- name: Copy service nginx configuration
|
||||||
|
when: nginx.servers is defined and nginx.servers|length > 0
|
||||||
|
template:
|
||||||
|
src: "nginx/sites-available/service.j2"
|
||||||
|
dest: "/etc/nginx/sites-available/{{ nginx.service_name }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify: Reload nginx
|
||||||
|
|
||||||
|
- name: Activate local nginx service site
|
||||||
|
when: nginx.servers is defined and nginx.servers|length > 0
|
||||||
|
file:
|
||||||
|
src: "/etc/nginx/sites-available/{{ nginx.service_name }}"
|
||||||
|
dest: "/etc/nginx/sites-enabled/{{ nginx.service_name }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
state: link
|
||||||
|
notify: Reload nginx
|
||||||
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
|
|
||||||
|
- name: Copy 50x error page
|
||||||
|
template:
|
||||||
|
src: www/html/50x.html.j2
|
||||||
|
dest: /var/www/html/50x.html
|
||||||
|
owner: www-data
|
||||||
|
group: www-data
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Copy robots.txt file
|
||||||
|
when: nginx.deploy_robots_file
|
||||||
|
template:
|
||||||
|
src: www/html/robots.txt.j2
|
||||||
|
dest: /var/www/html/robots.txt
|
||||||
|
owner: www-data
|
||||||
|
group: www-data
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Install passwords
|
||||||
|
when: nginx.auth_passwd|length > 0
|
||||||
|
template:
|
||||||
|
src: nginx/passwd.j2
|
||||||
|
dest: /etc/nginx/passwd
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Copy 401 error page
|
||||||
|
when: nginx.auth_passwd|length > 0
|
||||||
|
template:
|
||||||
|
src: www/html/401.html.j2
|
||||||
|
dest: /var/www/html/401.html
|
||||||
|
owner: www-data
|
||||||
|
group: www-data
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Indicate role in motd
|
||||||
|
template:
|
||||||
|
src: update-motd.d/05-service.j2
|
||||||
|
dest: /etc/update-motd.d/05-nginx
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Clean old files
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: absent
|
||||||
|
loop:
|
||||||
|
- "/etc/nginx/snippets/options-ssl.conf"
|
||||||
|
- "/var/www/custom_401.html"
|
||||||
|
- "/var/www/robots.txt"
|
8
roles/nginx/templates/letsencrypt/dhparam.j2
Normal file
8
roles/nginx/templates/letsencrypt/dhparam.j2
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
-----BEGIN DH PARAMETERS-----
|
||||||
|
MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
|
||||||
|
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
|
||||||
|
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
|
||||||
|
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
|
||||||
|
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
|
||||||
|
ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
|
||||||
|
-----END DH PARAMETERS-----
|
|
@ -1,6 +1,6 @@
|
||||||
# {{ ansible_managed }}
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
{% for site in nginx.redirect_tcp %}
|
{% for site in reverseproxy.redirect_tcp %}
|
||||||
# Forward port {{ site.port }} to {{ site.name }}
|
# Forward port {{ site.port }} to {{ site.name }}
|
||||||
stream {
|
stream {
|
||||||
server {
|
server {
|
||||||
|
@ -12,3 +12,4 @@ stream {
|
||||||
}
|
}
|
||||||
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
4
roles/nginx/templates/nginx/passwd.j2
Normal file
4
roles/nginx/templates/nginx/passwd.j2
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
{% for user, hash in nginx.auth_passwd.items() -%}
|
||||||
|
{{ user }}:{{ hash }}
|
||||||
|
{% endfor -%}
|
|
@ -1,6 +1,6 @@
|
||||||
# {{ ansible_managed }}
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
{% for site in nginx.redirect_sites %}
|
{% for site in reverseproxy.redirect_sites %}
|
||||||
# Redirect http://{{ site.from }} to http://{{ site.to }}
|
# Redirect http://{{ site.from }} to http://{{ site.to }}
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
|
@ -8,6 +8,11 @@ server {
|
||||||
|
|
||||||
server_name {{ site.from }};
|
server_name {{ site.from }};
|
||||||
|
|
||||||
|
{% for realip in nginx.real_ip_from %}
|
||||||
|
set_real_ip_from {{ realip }};
|
||||||
|
{% endfor %}
|
||||||
|
real_ip_header P-Real-Ip;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
return 302 http://{{ site.to }}$request_uri;
|
return 302 http://{{ site.to }}$request_uri;
|
||||||
}
|
}
|
||||||
|
@ -21,7 +26,12 @@ server {
|
||||||
server_name {{ site.from }};
|
server_name {{ site.from }};
|
||||||
|
|
||||||
# SSL common conf
|
# SSL common conf
|
||||||
include "/etc/nginx/snippets/options-ssl.conf";
|
include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf";
|
||||||
|
|
||||||
|
{% for realip in nginx.real_ip_from %}
|
||||||
|
set_real_ip_from {{ realip }};
|
||||||
|
{% endfor %}
|
||||||
|
real_ip_header P-Real-Ip;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
return 302 https://{{ site.to }}$request_uri;
|
return 302 https://{{ site.to }}$request_uri;
|
||||||
|
@ -31,8 +41,8 @@ server {
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
{# Also redirect for DNAMEs #}
|
{# Also redirect for DNAMEs #}
|
||||||
{% for dname in nginx.redirect_dnames %}
|
{% for dname in reverseproxy.redirect_dnames %}
|
||||||
{% for site in nginx.redirect_sites %}
|
{% for site in reverseproxy.redirect_sites %}
|
||||||
{% set from = site.from | regex_replace('crans.org', dname) %}
|
{% set from = site.from | regex_replace('crans.org', dname) %}
|
||||||
{% if from != site.from %}
|
{% if from != site.from %}
|
||||||
# Redirect http://{{ from }} to http://{{ site.to }}
|
# Redirect http://{{ from }} to http://{{ site.to }}
|
||||||
|
@ -42,6 +52,11 @@ server {
|
||||||
|
|
||||||
server_name {{ from }};
|
server_name {{ from }};
|
||||||
|
|
||||||
|
{% for realip in nginx.real_ip_from %}
|
||||||
|
set_real_ip_from {{ realip }};
|
||||||
|
{% endfor %}
|
||||||
|
real_ip_header P-Real-Ip;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
return 302 http://{{ site.to }}$request_uri;
|
return 302 http://{{ site.to }}$request_uri;
|
||||||
}
|
}
|
||||||
|
@ -55,7 +70,12 @@ server {
|
||||||
server_name {{ from }};
|
server_name {{ from }};
|
||||||
|
|
||||||
# SSL common conf
|
# SSL common conf
|
||||||
include "/etc/nginx/snippets/options-ssl.conf";
|
include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf";
|
||||||
|
|
||||||
|
{% for realip in nginx.real_ip_from %}
|
||||||
|
set_real_ip_from {{ realip }};
|
||||||
|
{% endfor %}
|
||||||
|
real_ip_header P-Real-Ip;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
return 302 https://{{ site.to }}$request_uri;
|
return 302 https://{{ site.to }}$request_uri;
|
|
@ -1,4 +1,4 @@
|
||||||
# {{ ansible_managed }}
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
# Automatic Connection header for WebSocket support
|
# Automatic Connection header for WebSocket support
|
||||||
# See http://nginx.org/en/docs/http/websocket.html
|
# See http://nginx.org/en/docs/http/websocket.html
|
||||||
|
@ -7,7 +7,7 @@ map $http_upgrade $connection_upgrade {
|
||||||
'' close;
|
'' close;
|
||||||
}
|
}
|
||||||
|
|
||||||
{% for site in nginx.reverseproxy_sites %}
|
{% for site in reverseproxy.reverseproxy_sites %}
|
||||||
# Redirect http://{{ site.from }} to https://{{ site.from }}
|
# Redirect http://{{ site.from }} to https://{{ site.from }}
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
|
@ -15,6 +15,11 @@ server {
|
||||||
|
|
||||||
server_name {{ site.from }};
|
server_name {{ site.from }};
|
||||||
|
|
||||||
|
{% for realip in nginx.real_ip_from %}
|
||||||
|
set_real_ip_from {{ realip }};
|
||||||
|
{% endfor %}
|
||||||
|
real_ip_header P-Real-Ip;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
return 302 https://$host$request_uri;
|
return 302 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
|
@ -28,7 +33,7 @@ server {
|
||||||
server_name {{ site.from }};
|
server_name {{ site.from }};
|
||||||
|
|
||||||
# SSL common conf
|
# SSL common conf
|
||||||
include "/etc/nginx/snippets/options-ssl.conf";
|
include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf";
|
||||||
|
|
||||||
# Log into separate log files
|
# Log into separate log files
|
||||||
access_log /var/log/nginx/{{ site.from }}.log;
|
access_log /var/log/nginx/{{ site.from }}.log;
|
||||||
|
@ -43,8 +48,9 @@ server {
|
||||||
root /var/www/html;
|
root /var/www/html;
|
||||||
}
|
}
|
||||||
|
|
||||||
set_real_ip_from 10.231.136.0/24;
|
{% for realip in nginx.real_ip_from %}
|
||||||
set_real_ip_from 2a0c:700:0:2::/64;
|
set_real_ip_from {{ realip }};
|
||||||
|
{% endfor %}
|
||||||
real_ip_header P-Real-Ip;
|
real_ip_header P-Real-Ip;
|
||||||
|
|
||||||
location / {
|
location / {
|
|
@ -1,7 +1,7 @@
|
||||||
# {{ ansible_managed }}
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
{% for dname in nginx.redirect_dnames %}
|
{% for dname in reverseproxy.redirect_dnames %}
|
||||||
{% for site in nginx.reverseproxy_sites %}
|
{% for site in reverseproxy.reverseproxy_sites %}
|
||||||
{% set from = site.from | regex_replace('auro.re', dname) %}
|
{% set from = site.from | regex_replace('auro.re', dname) %}
|
||||||
{% set to = site.from %}
|
{% set to = site.from %}
|
||||||
{% if from != site.from %}
|
{% if from != site.from %}
|
||||||
|
@ -12,6 +12,11 @@ server {
|
||||||
|
|
||||||
server_name {{ from }};
|
server_name {{ from }};
|
||||||
|
|
||||||
|
{% for realip in nginx.real_ip_from %}
|
||||||
|
set_real_ip_from {{ realip }};
|
||||||
|
{% endfor %}
|
||||||
|
real_ip_header P-Real-Ip;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
return 302 http://{{ to }}$request_uri;
|
return 302 http://{{ to }}$request_uri;
|
||||||
}
|
}
|
||||||
|
@ -25,7 +30,12 @@ server {
|
||||||
server_name {{ from }};
|
server_name {{ from }};
|
||||||
|
|
||||||
# SSL common conf
|
# SSL common conf
|
||||||
include "/etc/nginx/snippets/options-ssl.conf";
|
include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf";
|
||||||
|
|
||||||
|
{% for realip in nginx.real_ip_from %}
|
||||||
|
set_real_ip_from {{ realip }};
|
||||||
|
{% endfor %}
|
||||||
|
real_ip_header P-Real-Ip;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
return 302 https://{{ to }}$request_uri;
|
return 302 https://{{ to }}$request_uri;
|
132
roles/nginx/templates/nginx/sites-available/service.j2
Normal file
132
roles/nginx/templates/nginx/sites-available/service.j2
Normal file
|
@ -0,0 +1,132 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
# Automatic Connection header for WebSocket support
|
||||||
|
# See http://nginx.org/en/docs/http/websocket.html
|
||||||
|
map $http_upgrade $connection_upgrade {
|
||||||
|
default upgrade;
|
||||||
|
'' close;
|
||||||
|
}
|
||||||
|
|
||||||
|
{% for upstream in nginx.upstreams -%}
|
||||||
|
upstream {{ upstream.name }} {
|
||||||
|
# Path of the server
|
||||||
|
server {{ upstream.server }};
|
||||||
|
}
|
||||||
|
{% endfor -%}
|
||||||
|
|
||||||
|
{% if nginx.default_ssl_server -%}
|
||||||
|
# Redirect all services to the main site
|
||||||
|
server {
|
||||||
|
listen 443 default_server ssl;
|
||||||
|
listen [::]:443 default_server ssl;
|
||||||
|
include "/etc/nginx/snippets/options-ssl.{{ nginx.default_ssl_domain }}.conf";
|
||||||
|
|
||||||
|
server_name _;
|
||||||
|
charset utf-8;
|
||||||
|
|
||||||
|
# Hide Nginx version
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
{% for realip in nginx.real_ip_from %}
|
||||||
|
set_real_ip_from {{ realip }};
|
||||||
|
{% endfor %}
|
||||||
|
real_ip_header P-Real-Ip;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 302 https://{{ nginx.default_ssl_server }}$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
{% endif -%}
|
||||||
|
|
||||||
|
{% if nginx.default_server -%}
|
||||||
|
# Redirect all services to the main site
|
||||||
|
server {
|
||||||
|
listen 80 default_server;
|
||||||
|
listen [::]:80 default_server;
|
||||||
|
|
||||||
|
server_name _;
|
||||||
|
charset utf-8;
|
||||||
|
|
||||||
|
# Hide Nginx version
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
{% for realip in nginx.real_ip_from %}
|
||||||
|
set_real_ip_from {{ realip }};
|
||||||
|
{% endfor %}
|
||||||
|
real_ip_header P-Real-Ip;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 302 http://{{ nginx.default_server }}$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
{% endif -%}
|
||||||
|
|
||||||
|
{% for server in nginx.servers %}
|
||||||
|
{% if server.ssl is defined and server.ssl -%}
|
||||||
|
# Redirect HTTP to HTTPS
|
||||||
|
server {
|
||||||
|
listen 80{% if server.default is defined and server.default %} default_server{% endif %};
|
||||||
|
listen [::]:80{% if server.default is defined and server.default %} default_server{% endif %};
|
||||||
|
|
||||||
|
server_name {{ server.server_name|join(" ") }};
|
||||||
|
charset utf-8;
|
||||||
|
|
||||||
|
# Hide Nginx version
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
{% for realip in nginx.real_ip_from %}
|
||||||
|
set_real_ip_from {{ realip }};
|
||||||
|
{% endfor %}
|
||||||
|
real_ip_header P-Real-Ip;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 302 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
{% endif -%}
|
||||||
|
|
||||||
|
server {
|
||||||
|
{% if server.ssl is defined and server.ssl -%}
|
||||||
|
listen 443{% if server.default is defined and server.default %} default_server{% endif %} ssl;
|
||||||
|
listen [::]:443{% if server.default is defined and server.default %} default_server{% endif %} ssl;
|
||||||
|
include "/etc/nginx/snippets/options-ssl.{{ server.ssl }}.conf";
|
||||||
|
{% else -%}
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
{% endif -%}
|
||||||
|
|
||||||
|
server_name {{ server.server_name|join(" ") }};
|
||||||
|
charset utf-8;
|
||||||
|
|
||||||
|
# Hide Nginx version
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
{% for realip in nginx.real_ip_from %}
|
||||||
|
set_real_ip_from {{ realip }};
|
||||||
|
{% endfor %}
|
||||||
|
real_ip_header P-Real-Ip;
|
||||||
|
|
||||||
|
{% if server.root is defined %}root {{ server.root }};{% endif %}
|
||||||
|
{% if server.index is defined %}index {{ server.index|join(" ") }};{% endif %}
|
||||||
|
|
||||||
|
{% if server.access_log is defined %}access_log {{ server.access_log }};{% endif %}
|
||||||
|
{% if server.error_log is defined %}error_log {{ server.error_log }};{% endif %}
|
||||||
|
|
||||||
|
{% if server.additional_params is defined %}
|
||||||
|
{% for param in server.additional_params %}
|
||||||
|
{{ param }};
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if server.locations is defined %}
|
||||||
|
{% for location in server.locations %}
|
||||||
|
location {{ location.filter }} {
|
||||||
|
{% for param in location.params %}
|
||||||
|
{{ param }};
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
{% endfor %}
|
18
roles/nginx/templates/nginx/snippets/fastcgi.conf.j2
Normal file
18
roles/nginx/templates/nginx/snippets/fastcgi.conf.j2
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
|
||||||
|
fastcgi_split_path_info (^/[^/]*)(.*)$;
|
||||||
|
|
||||||
|
# check that the PHP script exists before passing it
|
||||||
|
try_files $fastcgi_script_name =404;
|
||||||
|
|
||||||
|
# Bypass the fact that try_files resets $fastcgi_path_info
|
||||||
|
# see: http://trac.nginx.org/nginx/ticket/321
|
||||||
|
set $path_info $fastcgi_path_info;
|
||||||
|
fastcgi_param PATH_INFO $path_info;
|
||||||
|
|
||||||
|
# Let NGINX handle errors
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
|
||||||
|
include /etc/nginx/fastcgi.conf;
|
||||||
|
fastcgi_pass unix:/var/run/fcgiwrap.socket;
|
|
@ -1,4 +1,4 @@
|
||||||
# {{ ansible_managed }}
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
proxy_redirect off;
|
proxy_redirect off;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
|
@ -1,7 +1,7 @@
|
||||||
# {{ ansible_managed }}
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
ssl_certificate {{ nginx.ssl.cert }};
|
ssl_certificate {{ item.cert }};
|
||||||
ssl_certificate_key {{ nginx.ssl.cert_key }};
|
ssl_certificate_key {{ item.cert_key }};
|
||||||
ssl_session_timeout 1d;
|
ssl_session_timeout 1d;
|
||||||
ssl_session_cache shared:MozSSL:10m;
|
ssl_session_cache shared:MozSSL:10m;
|
||||||
ssl_session_tickets off;
|
ssl_session_tickets off;
|
||||||
|
@ -13,5 +13,5 @@ ssl_prefer_server_ciphers off;
|
||||||
# Enable OCSP Stapling, point to certificate chain
|
# Enable OCSP Stapling, point to certificate chain
|
||||||
ssl_stapling on;
|
ssl_stapling on;
|
||||||
ssl_stapling_verify on;
|
ssl_stapling_verify on;
|
||||||
ssl_trusted_certificate {{ nginx.ssl.trusted_cert }};
|
ssl_trusted_certificate {{ item.trusted_cert }};
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
#!/usr/bin/tail +14
|
#!/usr/bin/tail +14
|
||||||
# {{ ansible_managed }}
|
{{ ansible_managed | comment }}
|
||||||
[0m> [38;5;82mNGINX[0m a été déployé sur cette machine. Voir [38;5;6m/etc/nginx/[0m.
|
[0m> [38;5;82mNGINX[0m a été déployé sur cette machine. Voir [38;5;6m/etc/nginx/[0m.
|
18
roles/nginx/templates/www/html/401.html.j2
Normal file
18
roles/nginx/templates/www/html/401.html.j2
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
{{ ansible_header | comment('xml') }}
|
||||||
|
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Accès refusé</title>
|
||||||
|
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Accès refusé</h1>
|
||||||
|
<p>
|
||||||
|
Pour éviter le scan des adresses de diffusions par un robot, cette page demande un identifiant et mot de passe.
|
||||||
|
</p>
|
||||||
|
<ul>
|
||||||
|
<li>Identifiant : <em>Stop</em></li>
|
||||||
|
<li>Mot de passe : <em>Spam</em></li>
|
||||||
|
</ul>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -57,7 +57,7 @@
|
||||||
<h1>502</h1>
|
<h1>502</h1>
|
||||||
<p>Whoops, le service prend trop de temps à répondre…</p>
|
<p>Whoops, le service prend trop de temps à répondre…</p>
|
||||||
<p>Essayez de rafraîchir la page. Si le problème persiste, pensez
|
<p>Essayez de rafraîchir la page. Si le problème persiste, pensez
|
||||||
à contacter <a href="mailto:tech.aurore@lists.crans.org">l'équipe technique d'Aurore</a>.</p>
|
à contacter <a href="mailto:{{ nginx.contact }}">{{ nginx.who }}</a>.</p>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
2
roles/nginx/templates/www/html/robots.txt.j2
Normal file
2
roles/nginx/templates/www/html/robots.txt.j2
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
User-agent: *
|
||||||
|
Disallow: /
|
|
@ -1,73 +0,0 @@
|
||||||
---
|
|
||||||
- name: Install NGINX
|
|
||||||
apt:
|
|
||||||
update_cache: true
|
|
||||||
name: nginx
|
|
||||||
register: apt_result
|
|
||||||
retries: 3
|
|
||||||
until: apt_result is succeeded
|
|
||||||
|
|
||||||
- name: Copy snippets
|
|
||||||
template:
|
|
||||||
src: "nginx/snippets/{{ item }}.j2"
|
|
||||||
dest: "/etc/nginx/snippets/{{ item }}"
|
|
||||||
mode: 0644
|
|
||||||
loop:
|
|
||||||
- options-ssl.conf
|
|
||||||
- options-proxypass.conf
|
|
||||||
|
|
||||||
- name: Copy dhparam
|
|
||||||
template:
|
|
||||||
src: letsencrypt/dhparam.j2
|
|
||||||
dest: /etc/letsencrypt/dhparam
|
|
||||||
mode: 0644
|
|
||||||
|
|
||||||
- name: Copy reverse proxy sites
|
|
||||||
template:
|
|
||||||
src: "nginx/sites-available/{{ item }}.j2"
|
|
||||||
dest: "/etc/nginx/sites-available/{{ item }}"
|
|
||||||
mode: 0644
|
|
||||||
loop:
|
|
||||||
- reverseproxy
|
|
||||||
- reverseproxy_redirect_dname
|
|
||||||
- redirect
|
|
||||||
notify: Reload nginx
|
|
||||||
|
|
||||||
- name: Activate sites
|
|
||||||
file:
|
|
||||||
src: "/etc/nginx/sites-available/{{ item }}"
|
|
||||||
dest: "/etc/nginx/sites-enabled/{{ item }}"
|
|
||||||
state: link
|
|
||||||
mode: 0644
|
|
||||||
loop:
|
|
||||||
- reverseproxy
|
|
||||||
- reverseproxy_redirect_dname
|
|
||||||
- redirect
|
|
||||||
notify: Reload nginx
|
|
||||||
|
|
||||||
- name: Copy forward modules
|
|
||||||
template:
|
|
||||||
src: "nginx/modules-available/60-forward.conf.j2"
|
|
||||||
dest: "/etc/nginx/modules-available/60-forward.conf"
|
|
||||||
mode: 0644
|
|
||||||
notify: Reload nginx
|
|
||||||
|
|
||||||
- name: Activate modules
|
|
||||||
file:
|
|
||||||
src: "/etc/nginx/modules-available/60-forward.conf"
|
|
||||||
dest: "/etc/nginx/modules-enabled/60-forward.conf"
|
|
||||||
state: link
|
|
||||||
mode: 0644
|
|
||||||
notify: Reload nginx
|
|
||||||
|
|
||||||
- name: Copy 50x error page
|
|
||||||
template:
|
|
||||||
src: www/html/50x.html.j2
|
|
||||||
dest: /var/www/html/50x.html
|
|
||||||
mode: 0644
|
|
||||||
|
|
||||||
- name: Indicate role in motd
|
|
||||||
template:
|
|
||||||
src: update-motd.d/05-service.j2
|
|
||||||
dest: /etc/update-motd.d/05-nginx
|
|
||||||
mode: 0755
|
|
10
roles/postfix_non_mailhost/handlers/main.yml
Normal file
10
roles/postfix_non_mailhost/handlers/main.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- name: restart postfix
|
||||||
|
service:
|
||||||
|
name: postfix
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: reload postfix
|
||||||
|
service:
|
||||||
|
name: postfix
|
||||||
|
state: reloaded
|
17
roles/postfix_non_mailhost/tasks/main.yml
Normal file
17
roles/postfix_non_mailhost/tasks/main.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
- name: Install postfix
|
||||||
|
apt:
|
||||||
|
name: postfix
|
||||||
|
update_cache: true
|
||||||
|
register: result
|
||||||
|
retries: 3
|
||||||
|
until: result is succeeded
|
||||||
|
|
||||||
|
- name: Configure postfix
|
||||||
|
template:
|
||||||
|
src: main.cf.j2
|
||||||
|
dest: /etc/postfix/main.cf
|
||||||
|
mode: 0644
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
notify: restart postfix
|
32
roles/postfix_non_mailhost/templates/main.cf.j2
Normal file
32
roles/postfix_non_mailhost/templates/main.cf.j2
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
|
||||||
|
# Template based on /usr/share/postfix/main.cf.debian
|
||||||
|
|
||||||
|
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
|
||||||
|
biff = no
|
||||||
|
|
||||||
|
# appending .domain is the MUA's job.
|
||||||
|
append_dot_mydomain = no
|
||||||
|
|
||||||
|
# Uncomment the next line to generate "delayed mail" warnings
|
||||||
|
#delay_warning_time = 4h
|
||||||
|
|
||||||
|
readme_directory = no
|
||||||
|
|
||||||
|
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
|
||||||
|
# fresh installs.
|
||||||
|
compatibility_level = 2
|
||||||
|
|
||||||
|
# Send mail as user@{{ ansible_fqdn }}
|
||||||
|
myhostname = {{ ansible_fqdn }}
|
||||||
|
myorigin = $myhostname
|
||||||
|
mydomain = $myhostname
|
||||||
|
|
||||||
|
# Specify the trusted networks
|
||||||
|
mynetworks = 127.0.0.0/8 {{ local_network }}
|
||||||
|
|
||||||
|
# This host does not relay mail from untrusted networks
|
||||||
|
relay_domains =
|
||||||
|
|
||||||
|
# This is needed if no direct Internet access is available
|
||||||
|
relayhost = {{ relay_host }}
|
|
@ -64,6 +64,13 @@
|
||||||
mode: 0644
|
mode: 0644
|
||||||
when: prometheus_ups_snmp_targets is defined
|
when: prometheus_ups_snmp_targets is defined
|
||||||
|
|
||||||
|
- name: Configure Prometheus docker monitoring
|
||||||
|
copy:
|
||||||
|
content: "{{ [{'targets': prometheus_docker_targets }] | to_nice_json }}\n"
|
||||||
|
dest: /etc/prometheus/targets_docker.json
|
||||||
|
mode: 0644
|
||||||
|
when: prometheus_docker_targets is defined
|
||||||
|
|
||||||
- name: Activate prometheus service
|
- name: Activate prometheus service
|
||||||
systemd:
|
systemd:
|
||||||
name: prometheus
|
name: prometheus
|
||||||
|
|
|
@ -22,7 +22,7 @@ groups:
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: "Mémoire libre de {{ $labels.instance }} à {{ $value | printf "%.2f" }}%."
|
summary: "Mémoire libre de {{ $labels.instance }} à {{ humanize $value }}%."
|
||||||
|
|
||||||
# Alert for out of disk space
|
# Alert for out of disk space
|
||||||
- alert: OutOfDiskSpace
|
- alert: OutOfDiskSpace
|
||||||
|
@ -31,7 +31,7 @@ groups:
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.instance }} à {{ $value | printf "%.2f" }}%."
|
summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.instance }} à {{ humanize $value }}%."
|
||||||
|
|
||||||
# Alert for out of inode space on disk
|
# Alert for out of inode space on disk
|
||||||
- alert: OutOfInodes
|
- alert: OutOfInodes
|
||||||
|
@ -49,7 +49,7 @@ groups:
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: "CPU sur {{ $labels.instance }} à {{ $value | printf "%.2f" }}%."
|
summary: "CPU sur {{ $labels.instance }} à {{ humanize $value }}%."
|
||||||
|
|
||||||
# Check systemd unit (> buster)
|
# Check systemd unit (> buster)
|
||||||
- alert: SystemdServiceFailed
|
- alert: SystemdServiceFailed
|
||||||
|
@ -59,11 +59,20 @@ groups:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: "{{ $labels.name }} a échoué sur {{ $labels.instance }}"
|
summary: "{{ $labels.name }} a échoué sur {{ $labels.instance }}"
|
||||||
|
|
||||||
|
# Check load of instance
|
||||||
|
- alert: LoadUsage
|
||||||
|
expr: node_load1 > 5
|
||||||
|
for: 2m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: "La charge de {{ $labels.instance }} est à {{ $value }} !"
|
||||||
|
|
||||||
# Check UPS
|
# Check UPS
|
||||||
- alert: UpsOutputSourceChanged
|
- alert: UpsOutputSourceChanged
|
||||||
expr: upsOutputSource != 3
|
expr: upsOutputSource != 3
|
||||||
for: 5m
|
for: 1m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
@ -71,7 +80,7 @@ groups:
|
||||||
|
|
||||||
- alert: UpsBatteryStatusWarning
|
- alert: UpsBatteryStatusWarning
|
||||||
expr: upsBatteryStatus == 3
|
expr: upsBatteryStatus == 3
|
||||||
for: 5m
|
for: 2m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
@ -79,7 +88,7 @@ groups:
|
||||||
|
|
||||||
- alert: UpsBatteryStatusCritical
|
- alert: UpsBatteryStatusCritical
|
||||||
expr: upsBatteryStatus == 4
|
expr: upsBatteryStatus == 4
|
||||||
for: 5m
|
for: 10m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
@ -95,7 +104,7 @@ groups:
|
||||||
|
|
||||||
- alert: UpsWrongInputVoltage
|
- alert: UpsWrongInputVoltage
|
||||||
expr: (upsInputVoltage < 210) or (upsInputVoltage > 250)
|
expr: (upsInputVoltage < 210) or (upsInputVoltage > 250)
|
||||||
for: 5m
|
for: 10m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
@ -103,7 +112,7 @@ groups:
|
||||||
|
|
||||||
- alert: UpsWrongOutputVoltage
|
- alert: UpsWrongOutputVoltage
|
||||||
expr: (upsOutputVoltage < 220) or (upsOutputVoltage > 240)
|
expr: (upsOutputVoltage < 220) or (upsOutputVoltage > 240)
|
||||||
for: 5m
|
for: 10m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
@ -111,7 +120,7 @@ groups:
|
||||||
|
|
||||||
- alert: UpsTimeRemainingWarning
|
- alert: UpsTimeRemainingWarning
|
||||||
expr: upsEstimatedMinutesRemaining < 15
|
expr: upsEstimatedMinutesRemaining < 15
|
||||||
for: 5m
|
for: 1m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
@ -119,7 +128,7 @@ groups:
|
||||||
|
|
||||||
- alert: UpsTimeRemainingCritical
|
- alert: UpsTimeRemainingCritical
|
||||||
expr: upsEstimatedMinutesRemaining < 5
|
expr: upsEstimatedMinutesRemaining < 5
|
||||||
for: 5m
|
for: 1m
|
||||||
labels:
|
labels:
|
||||||
severity: critical
|
severity: critical
|
||||||
annotations:
|
annotations:
|
||||||
|
|
|
@ -81,3 +81,7 @@ scrape_configs:
|
||||||
- target_label: __address__
|
- target_label: __address__
|
||||||
replacement: 127.0.0.1:9116
|
replacement: 127.0.0.1:9116
|
||||||
|
|
||||||
|
- job_name: docker
|
||||||
|
file_sd_configs:
|
||||||
|
- files:
|
||||||
|
- '/etc/prometheus/targets_docker.json'
|
||||||
|
|
|
@ -162,13 +162,31 @@ ubiquiti_unifi:
|
||||||
indexes:
|
indexes:
|
||||||
- labelname: unifiVapIndex
|
- labelname: unifiVapIndex
|
||||||
type: gauge
|
type: gauge
|
||||||
- name: unifiVapNumStations
|
- name: unifi_vap_num_stations
|
||||||
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8
|
||||||
type: gauge
|
type: gauge
|
||||||
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8'
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8'
|
||||||
indexes:
|
indexes:
|
||||||
- labelname: unifiVapIndex
|
- labelname: unifi_vap_index
|
||||||
type: gauge
|
type: gauge
|
||||||
|
lookups:
|
||||||
|
- labels: [unifi_vap_index]
|
||||||
|
labelname: unifi_vap_essid
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6
|
||||||
|
type: DisplayString
|
||||||
|
- labels: [unifi_vap_index]
|
||||||
|
labelname: unifi_vap_radio
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9
|
||||||
|
type: DisplayString
|
||||||
|
- labels: []
|
||||||
|
labelname: unifi_vap_index
|
||||||
|
# - name: unifiVapNumStations
|
||||||
|
# oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8
|
||||||
|
# type: gauge
|
||||||
|
# help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8'
|
||||||
|
# indexes:
|
||||||
|
# - labelname: unifiVapIndex
|
||||||
|
# type: gauge
|
||||||
- name: unifiVapRadio
|
- name: unifiVapRadio
|
||||||
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9
|
||||||
type: DisplayString
|
type: DisplayString
|
||||||
|
|
5
roles/prometheus_federate/handlers/main.yml
Normal file
5
roles/prometheus_federate/handlers/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: Restart Prometheus
|
||||||
|
service:
|
||||||
|
name: prometheus
|
||||||
|
state: restarted
|
46
roles/prometheus_federate/tasks/main.yml
Normal file
46
roles/prometheus_federate/tasks/main.yml
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
---
|
||||||
|
- name: Install Prometheus
|
||||||
|
apt:
|
||||||
|
update_cache: true
|
||||||
|
name:
|
||||||
|
- prometheus
|
||||||
|
register: apt_result
|
||||||
|
retries: 3
|
||||||
|
until: apt_result is succeeded
|
||||||
|
|
||||||
|
- name: Configure Prometheus
|
||||||
|
template:
|
||||||
|
src: prometheus/prometheus.yml.j2
|
||||||
|
dest: /etc/prometheus/prometheus.yml
|
||||||
|
mode: 0644
|
||||||
|
notify: Restart Prometheus
|
||||||
|
|
||||||
|
- name: Configure Prometheus alert rules
|
||||||
|
template:
|
||||||
|
src: "prometheus/{{ item }}.j2"
|
||||||
|
dest: "/etc/prometheus/{{ item }}"
|
||||||
|
mode: 0644
|
||||||
|
notify: Restart Prometheus
|
||||||
|
loop:
|
||||||
|
- alert.rules.yml
|
||||||
|
- django.rules.yml
|
||||||
|
|
||||||
|
# We don't need to restart Prometheus when updating nodes
|
||||||
|
- name: Configure Prometheus Federate devices
|
||||||
|
copy:
|
||||||
|
content: "{{ [{'targets': prometheus_targets }] | to_nice_json }}"
|
||||||
|
dest: /etc/prometheus/targets.json
|
||||||
|
mode: 0644
|
||||||
|
when: prometheus_targets is defined
|
||||||
|
|
||||||
|
- name: Activate prometheus service
|
||||||
|
systemd:
|
||||||
|
name: prometheus
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
|
||||||
|
- name: Indicate role in motd
|
||||||
|
template:
|
||||||
|
src: update-motd.d/05-service.j2
|
||||||
|
dest: /etc/update-motd.d/05-prometheus
|
||||||
|
mode: 0755
|
|
@ -0,0 +1,138 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
{# As this is also Jinja2 it will conflict without a raw block #}
|
||||||
|
{# Depending of Prometheus Node exporter version, rules can change depending of version #}
|
||||||
|
{% raw %}
|
||||||
|
groups:
|
||||||
|
- name: alert.rules
|
||||||
|
rules:
|
||||||
|
|
||||||
|
# Alert for any instance that is unreachable for >3 minutes.
|
||||||
|
- alert: InstanceDown
|
||||||
|
expr: up == 0
|
||||||
|
for: 3m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: "Federate : {{ $labels.exported_instance }} est invisible depuis plus de 3 minutes !"
|
||||||
|
|
||||||
|
# Alert for out of memory
|
||||||
|
- alert: OutOfMemory
|
||||||
|
expr: (node_memory_MemFree_bytes + node_memory_Cached_bytes + node_memory_Buffers_bytes) / node_memory_MemTotal_bytes * 100 < 10
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: "Federate : Mémoire libre de {{ $labels.exported_instance }} à {{ humanize $value }}%."
|
||||||
|
|
||||||
|
# Alert for out of disk space
|
||||||
|
- alert: OutOfDiskSpace
|
||||||
|
expr: node_filesystem_free_bytes{fstype="ext4"} / node_filesystem_size_bytes{fstype="ext4"} * 100 < 10
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: "Espace libre de {{ $labels.mountpoint }} sur {{ $labels.exported_instance }} à {{ humanize $value }}%."
|
||||||
|
|
||||||
|
# Alert for out of inode space on disk
|
||||||
|
- alert: OutOfInodes
|
||||||
|
expr: node_filesystem_files_free{fstype="ext4"} / node_filesystem_files{fstype="ext4"} * 100 < 10
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: "Federate : Presque plus d'inodes disponibles ({{ $value }}% restant) dans {{ $labels.mountpoint }} sur {{ $labels.exported_instance }}."
|
||||||
|
|
||||||
|
# Alert for high CPU usage
|
||||||
|
- alert: CpuUsage
|
||||||
|
expr: (100 - avg by (instance) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 75
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: "Federate : CPU sur {{ $labels.exported_instance }} à {{ humanize $value }}%."
|
||||||
|
|
||||||
|
# Check systemd unit (> buster)
|
||||||
|
- alert: SystemdServiceFailed
|
||||||
|
expr: node_systemd_unit_state{state="failed"} == 1
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: "Federate : {{ $labels.name }} a échoué sur {{ $labels.exported_instance }}"
|
||||||
|
|
||||||
|
# Check load of instance
|
||||||
|
- alert: LoadUsage
|
||||||
|
expr: node_load1 > 5
|
||||||
|
for: 2m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: "Federate : la charge de {{ $labels.exported_instance }} est à {{ $value }} !"
|
||||||
|
|
||||||
|
# Check UPS
|
||||||
|
- alert: UpsOutputSourceChanged
|
||||||
|
expr: upsOutputSource != 3
|
||||||
|
for: 1m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: "Federate : La source d'alimentation de {{ $labels.exported_instance }} a changé !"
|
||||||
|
|
||||||
|
- alert: UpsBatteryStatusWarning
|
||||||
|
expr: upsBatteryStatus == 3
|
||||||
|
for: 2m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: "Federate : L'état de la batterie de {{ $labels.exported_instance }} est faible !"
|
||||||
|
|
||||||
|
- alert: UpsBatteryStatusCritical
|
||||||
|
expr: upsBatteryStatus == 4
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: "L'état de la batterie de {{ $labels.exported_instance }} est affaibli !"
|
||||||
|
|
||||||
|
- alert: UpsHighLoad
|
||||||
|
expr: upsOutputPercentLoad > 70
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: "Federate : La charge de {{ $labels.exported_instance }} est de {{ $value }}% !"
|
||||||
|
|
||||||
|
- alert: UpsWrongInputVoltage
|
||||||
|
expr: (upsInputVoltage < 210) or (upsInputVoltage > 250)
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: "Federate : La tension d'entrée de {{ $labels.exported_instance }} est de {{ $value }}V."
|
||||||
|
|
||||||
|
- alert: UpsWrongOutputVoltage
|
||||||
|
expr: (upsOutputVoltage < 220) or (upsOutputVoltage > 240)
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: "Federate : La tension de sortie de {{ $labels.exported_instance }} est de {{ $value }}V."
|
||||||
|
|
||||||
|
- alert: UpsTimeRemainingWarning
|
||||||
|
expr: upsEstimatedMinutesRemaining < 15
|
||||||
|
for: 1m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: "Federate : L'autonomie restante sur {{ $labels.exported_instance }} est de {{ $value }} min."
|
||||||
|
|
||||||
|
- alert: UpsTimeRemainingCritical
|
||||||
|
expr: upsEstimatedMinutesRemaining < 5
|
||||||
|
for: 1m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: "Federate : L'autonomie restante sur {{ $labels.exported_instance }} est de {{ $value }} min."
|
||||||
|
|
||||||
|
|
||||||
|
{% endraw %}
|
|
@ -0,0 +1,106 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
{# As this is also Jinja2 it will conflict without a raw block #}
|
||||||
|
{% raw %}
|
||||||
|
groups:
|
||||||
|
- name: django.rules
|
||||||
|
rules:
|
||||||
|
- record: job:django_http_requests_before_middlewares_total:sum_rate30s
|
||||||
|
expr: sum(rate(django_http_requests_before_middlewares_total[30s])) BY (job)
|
||||||
|
- record: job:django_http_requests_unknown_latency_total:sum_rate30s
|
||||||
|
expr: sum(rate(django_http_requests_unknown_latency_total[30s])) BY (job)
|
||||||
|
- record: job:django_http_ajax_requests_total:sum_rate30s
|
||||||
|
expr: sum(rate(django_http_ajax_requests_total[30s])) BY (job)
|
||||||
|
- record: job:django_http_responses_before_middlewares_total:sum_rate30s
|
||||||
|
expr: sum(rate(django_http_responses_before_middlewares_total[30s])) BY (job)
|
||||||
|
- record: job:django_http_requests_unknown_latency_including_middlewares_total:sum_rate30s
|
||||||
|
expr: sum(rate(django_http_requests_unknown_latency_including_middlewares_total[30s]))
|
||||||
|
BY (job)
|
||||||
|
- record: job:django_http_requests_body_total_bytes:sum_rate30s
|
||||||
|
expr: sum(rate(django_http_requests_body_total_bytes[30s])) BY (job)
|
||||||
|
- record: job:django_http_responses_streaming_total:sum_rate30s
|
||||||
|
expr: sum(rate(django_http_responses_streaming_total[30s])) BY (job)
|
||||||
|
- record: job:django_http_responses_body_total_bytes:sum_rate30s
|
||||||
|
expr: sum(rate(django_http_responses_body_total_bytes[30s])) BY (job)
|
||||||
|
- record: job:django_http_requests_total:sum_rate30s
|
||||||
|
expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job)
|
||||||
|
- record: job:django_http_requests_total_by_method:sum_rate30s
|
||||||
|
expr: sum(rate(django_http_requests_total_by_method[30s])) BY (job, method)
|
||||||
|
- record: job:django_http_requests_total_by_transport:sum_rate30s
|
||||||
|
expr: sum(rate(django_http_requests_total_by_transport[30s])) BY (job, transport)
|
||||||
|
- record: job:django_http_requests_total_by_view:sum_rate30s
|
||||||
|
expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job,
|
||||||
|
view)
|
||||||
|
- record: job:django_http_requests_total_by_view_transport_method:sum_rate30s
|
||||||
|
expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) BY (job,
|
||||||
|
view, transport, method)
|
||||||
|
- record: job:django_http_responses_total_by_templatename:sum_rate30s
|
||||||
|
expr: sum(rate(django_http_responses_total_by_templatename[30s])) BY (job, templatename)
|
||||||
|
- record: job:django_http_responses_total_by_status:sum_rate30s
|
||||||
|
expr: sum(rate(django_http_responses_total_by_status[30s])) BY (job, status)
|
||||||
|
- record: job:django_http_responses_total_by_charset:sum_rate30s
|
||||||
|
expr: sum(rate(django_http_responses_total_by_charset[30s])) BY (job, charset)
|
||||||
|
- record: job:django_http_exceptions_total_by_type:sum_rate30s
|
||||||
|
expr: sum(rate(django_http_exceptions_total_by_type[30s])) BY (job, type)
|
||||||
|
- record: job:django_http_exceptions_total_by_view:sum_rate30s
|
||||||
|
expr: sum(rate(django_http_exceptions_total_by_view[30s])) BY (job, view)
|
||||||
|
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
|
||||||
|
expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
|
||||||
|
BY (job, le))
|
||||||
|
labels:
|
||||||
|
quantile: "50"
|
||||||
|
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
|
||||||
|
expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
|
||||||
|
BY (job, le))
|
||||||
|
labels:
|
||||||
|
quantile: "95"
|
||||||
|
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
|
||||||
|
expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
|
||||||
|
BY (job, le))
|
||||||
|
labels:
|
||||||
|
quantile: "99"
|
||||||
|
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
|
||||||
|
expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s]))
|
||||||
|
BY (job, le))
|
||||||
|
labels:
|
||||||
|
quantile: "99.9"
|
||||||
|
- record: job:django_http_requests_latency_seconds:quantile_rate30s
|
||||||
|
expr: histogram_quantile(0.5, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
|
||||||
|
BY (job, le))
|
||||||
|
labels:
|
||||||
|
quantile: "50"
|
||||||
|
- record: job:django_http_requests_latency_seconds:quantile_rate30s
|
||||||
|
expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
|
||||||
|
BY (job, le))
|
||||||
|
labels:
|
||||||
|
quantile: "95"
|
||||||
|
- record: job:django_http_requests_latency_seconds:quantile_rate30s
|
||||||
|
expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
|
||||||
|
BY (job, le))
|
||||||
|
labels:
|
||||||
|
quantile: "99"
|
||||||
|
- record: job:django_http_requests_latency_seconds:quantile_rate30s
|
||||||
|
expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_seconds_bucket[30s]))
|
||||||
|
BY (job, le))
|
||||||
|
labels:
|
||||||
|
quantile: "99.9"
|
||||||
|
- record: job:django_model_inserts_total:sum_rate1m
|
||||||
|
expr: sum(rate(django_model_inserts_total[1m])) BY (job, model)
|
||||||
|
- record: job:django_model_updates_total:sum_rate1m
|
||||||
|
expr: sum(rate(django_model_updates_total[1m])) BY (job, model)
|
||||||
|
- record: job:django_model_deletes_total:sum_rate1m
|
||||||
|
expr: sum(rate(django_model_deletes_total[1m])) BY (job, model)
|
||||||
|
- record: job:django_db_new_connections_total:sum_rate30s
|
||||||
|
expr: sum(rate(django_db_new_connections_total[30s])) BY (alias, vendor)
|
||||||
|
- record: job:django_db_new_connection_errors_total:sum_rate30s
|
||||||
|
expr: sum(rate(django_db_new_connection_errors_total[30s])) BY (alias, vendor)
|
||||||
|
- record: job:django_db_execute_total:sum_rate30s
|
||||||
|
expr: sum(rate(django_db_execute_total[30s])) BY (alias, vendor)
|
||||||
|
- record: job:django_db_execute_many_total:sum_rate30s
|
||||||
|
expr: sum(rate(django_db_execute_many_total[30s])) BY (alias, vendor)
|
||||||
|
- record: job:django_db_errors_total:sum_rate30s
|
||||||
|
expr: sum(rate(django_db_errors_total[30s])) BY (alias, vendor, type)
|
||||||
|
- record: job:django_migrations_applied_total:max
|
||||||
|
expr: max(django_migrations_applied_total) BY (job, connection)
|
||||||
|
- record: job:django_migrations_unapplied_total:max
|
||||||
|
expr: max(django_migrations_unapplied_total) BY (job, connection)
|
||||||
|
{% endraw %}
|
|
@ -0,0 +1,56 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
global:
|
||||||
|
# scrape_interval is set to the global default (60s)
|
||||||
|
# evaluation_interval is set to the global default (60s)
|
||||||
|
# scrape_timeout is set to the global default (10s).
|
||||||
|
|
||||||
|
# Attach these labels to any time series or alerts when communicating with
|
||||||
|
# external systems (federation, remote storage, Alertmanager).
|
||||||
|
external_labels:
|
||||||
|
monitor: 'example'
|
||||||
|
|
||||||
|
# Alertmanager configuration
|
||||||
|
# Use prometheus alertmanager installed on the same machine
|
||||||
|
alerting:
|
||||||
|
alertmanagers:
|
||||||
|
- static_configs:
|
||||||
|
- targets: ['{{ prometheus_alertmanager }}']
|
||||||
|
|
||||||
|
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
|
||||||
|
rule_files:
|
||||||
|
- "alert.rules.yml" # Monitoring alerts, this is the file you may be searching!
|
||||||
|
- "django.rules.yml" # Custom rules specific for Django project monitoring
|
||||||
|
|
||||||
|
# A scrape configuration containing exactly one endpoint to scrape:
|
||||||
|
# Here it's Prometheus itself.
|
||||||
|
scrape_configs:
|
||||||
|
# The .json in file_sd_configs is dynamically reloaded
|
||||||
|
|
||||||
|
|
||||||
|
- job_name: federate
|
||||||
|
scrape_interval: 15s
|
||||||
|
metrics_path: '/federate'
|
||||||
|
file_sd_configs:
|
||||||
|
- files:
|
||||||
|
- '/etc/prometheus/targets.json'
|
||||||
|
relabel_configs:
|
||||||
|
# Do not put :9100 in instance name, rather here
|
||||||
|
- source_labels: [__address__]
|
||||||
|
target_label: __param_target
|
||||||
|
- source_labels: [__param_target]
|
||||||
|
target_label: instance
|
||||||
|
- source_labels: [__param_target]
|
||||||
|
target_label: __address__
|
||||||
|
replacement: '$1:9090'
|
||||||
|
params:
|
||||||
|
'match[]':
|
||||||
|
- '{job="servers"}'
|
||||||
|
- '{job="prometheus"}'
|
||||||
|
- '{job="unifi_snmp"}'
|
||||||
|
- '{job="django"}'
|
||||||
|
- '{job="ups_snmp"}'
|
||||||
|
- '{job="django"}'
|
||||||
|
- '{job="docker"}'
|
||||||
|
- '{job="switch"}'
|
||||||
|
|
387
roles/prometheus_federate/templates/prometheus/snmp.yml.j2
Normal file
387
roles/prometheus_federate/templates/prometheus/snmp.yml.j2
Normal file
|
@ -0,0 +1,387 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
# TODOlist :
|
||||||
|
# - Faire fonctionner le monitoring des switchs défini ici
|
||||||
|
# * Configurer tous les switchs avec un compte SNMPv3
|
||||||
|
# * Mettre l'inventaire des switchs dans Ansible
|
||||||
|
# - Optimiser les règles pour les bornes Unifi,
|
||||||
|
# on pourrait indexer avec les SSID
|
||||||
|
|
||||||
|
eatonups:
|
||||||
|
walk:
|
||||||
|
- 1.3.6.1.2.1.33.1.2
|
||||||
|
- 1.3.6.1.2.1.33.1.3
|
||||||
|
- 1.3.6.1.2.1.33.1.4
|
||||||
|
- 1.3.6.1.4.1.534.1.6
|
||||||
|
get:
|
||||||
|
- 1.3.6.1.2.1.1.3.0
|
||||||
|
metrics:
|
||||||
|
- name: sysUpTime
|
||||||
|
oid: 1.3.6.1.2.1.1.3
|
||||||
|
type: gauge
|
||||||
|
help: The time (in hundredths of a second) since the network management portion
|
||||||
|
of the system was last re-initialized. - 1.3.6.1.2.1.1.3
|
||||||
|
- name: upsBatteryStatus
|
||||||
|
oid: 1.3.6.1.2.1.33.1.2.1
|
||||||
|
type: gauge
|
||||||
|
help: The indication of the capacity remaining in the UPS system's batteries -
|
||||||
|
1.3.6.1.2.1.33.1.2.1
|
||||||
|
- name: upsEstimatedMinutesRemaining
|
||||||
|
oid: 1.3.6.1.2.1.33.1.2.3
|
||||||
|
type: gauge
|
||||||
|
help: An estimate of the time to battery charge depletion under the present load
|
||||||
|
conditions if the utility power is off and remains off, or if it were to be
|
||||||
|
lost and remain off. - 1.3.6.1.2.1.33.1.2.3
|
||||||
|
- name: upsInputVoltage
|
||||||
|
oid: 1.3.6.1.2.1.33.1.3.3.1.3
|
||||||
|
type: gauge
|
||||||
|
help: The magnitude of the present input voltage. - 1.3.6.1.2.1.33.1.3.3.1.3
|
||||||
|
indexes:
|
||||||
|
- labelname: upsInputLineIndex
|
||||||
|
type: gauge
|
||||||
|
- name: upsOutputSource
|
||||||
|
oid: 1.3.6.1.2.1.33.1.4.1
|
||||||
|
type: gauge
|
||||||
|
help: The present source of output power - 1.3.6.1.2.1.33.1.4.1
|
||||||
|
- name: upsOutputVoltage
|
||||||
|
oid: 1.3.6.1.2.1.33.1.4.4.1.2
|
||||||
|
type: gauge
|
||||||
|
help: The present output voltage. - 1.3.6.1.2.1.33.1.4.4.1.2
|
||||||
|
indexes:
|
||||||
|
- labelname: upsOutputLineIndex
|
||||||
|
type: gauge
|
||||||
|
- name: upsOutputPower
|
||||||
|
oid: 1.3.6.1.2.1.33.1.4.4.1.4
|
||||||
|
type: gauge
|
||||||
|
help: The present output true power. - 1.3.6.1.2.1.33.1.4.4.1.4
|
||||||
|
indexes:
|
||||||
|
- labelname: upsOutputLineIndex
|
||||||
|
type: gauge
|
||||||
|
- name: upsOutputPercentLoad
|
||||||
|
oid: 1.3.6.1.2.1.33.1.4.4.1.5
|
||||||
|
type: gauge
|
||||||
|
help: The percentage of the UPS power capacity presently being used on this output
|
||||||
|
line, i.e., the greater of the percent load of true power capacity and the percent
|
||||||
|
load of VA. - 1.3.6.1.2.1.33.1.4.4.1.5
|
||||||
|
indexes:
|
||||||
|
- labelname: upsOutputLineIndex
|
||||||
|
type: gauge
|
||||||
|
- name: xupsEnvRemoteTemp
|
||||||
|
oid: 1.3.6.1.4.1.534.1.6.5
|
||||||
|
type: gauge
|
||||||
|
help: The reading of an EMP's temperature sensor. - 1.3.6.1.4.1.534.1.6.5
|
||||||
|
- name: xupsEnvRemoteHumidity
|
||||||
|
oid: 1.3.6.1.4.1.534.1.6.6
|
||||||
|
type: gauge
|
||||||
|
help: The reading of an EMP's humidity sensor. - 1.3.6.1.4.1.534.1.6.6
|
||||||
|
version: 1
|
||||||
|
auth:
|
||||||
|
community: public
|
||||||
|
|
||||||
|
|
||||||
|
procurve_switch:
|
||||||
|
walk:
|
||||||
|
- 1.3.6.1.2.1.31.1.1.1.10
|
||||||
|
- 1.3.6.1.2.1.31.1.1.1.6
|
||||||
|
get:
|
||||||
|
- 1.3.6.1.2.1.1.3.0
|
||||||
|
- 1.3.6.1.2.1.1.5.0
|
||||||
|
- 1.3.6.1.2.1.1.6.0
|
||||||
|
metrics:
|
||||||
|
- name: sysUpTime
|
||||||
|
oid: 1.3.6.1.2.1.1.3
|
||||||
|
type: gauge
|
||||||
|
help: The time (in hundredths of a second) since the network management portion
|
||||||
|
of the system was last re-initialized. - 1.3.6.1.2.1.1.3
|
||||||
|
- name: sysName
|
||||||
|
oid: 1.3.6.1.2.1.1.5
|
||||||
|
type: DisplayString
|
||||||
|
help: An administratively-assigned name for this managed node - 1.3.6.1.2.1.1.5
|
||||||
|
- name: sysLocation
|
||||||
|
oid: 1.3.6.1.2.1.1.6
|
||||||
|
type: DisplayString
|
||||||
|
help: The physical location of this node (e.g., 'telephone closet, 3rd floor')
|
||||||
|
- 1.3.6.1.2.1.1.6
|
||||||
|
- name: ifHCOutOctets
|
||||||
|
oid: 1.3.6.1.2.1.31.1.1.1.10
|
||||||
|
type: counter
|
||||||
|
help: The total number of octets transmitted out of the interface, including framing
|
||||||
|
characters - 1.3.6.1.2.1.31.1.1.1.10
|
||||||
|
indexes:
|
||||||
|
- labelname: ifIndex
|
||||||
|
type: gauge
|
||||||
|
- name: ifHCInOctets
|
||||||
|
oid: 1.3.6.1.2.1.31.1.1.1.6
|
||||||
|
type: counter
|
||||||
|
help: The total number of octets received on the interface, including framing
|
||||||
|
characters - 1.3.6.1.2.1.31.1.1.1.6
|
||||||
|
indexes:
|
||||||
|
- labelname: ifIndex
|
||||||
|
type: gauge
|
||||||
|
version: 3
|
||||||
|
auth:
|
||||||
|
username: prometheus
|
||||||
|
|
||||||
|
ubiquiti_unifi:
|
||||||
|
walk:
|
||||||
|
- 1.3.6.1.4.1.41112.1.6
|
||||||
|
get:
|
||||||
|
- 1.3.6.1.2.1.1.5.0
|
||||||
|
- 1.3.6.1.2.1.1.6.0
|
||||||
|
metrics:
|
||||||
|
# Pour faire une WifiMap un jour, on peut entrer la location dans la conf des bornes
|
||||||
|
# - name: sysLocation
|
||||||
|
# oid: 1.3.6.1.2.1.1.6
|
||||||
|
# type: DisplayString
|
||||||
|
# help: The physical location of this node (e.g., 'telephone closet, 3rd floor')
|
||||||
|
# - 1.3.6.1.2.1.1.6
|
||||||
|
- name: unifiVapIndex
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.1
|
||||||
|
type: gauge
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.1'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiVapChannel
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.4
|
||||||
|
type: gauge
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.4'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiVapEssId
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6
|
||||||
|
type: DisplayString
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.6'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiVapName
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.7
|
||||||
|
type: DisplayString
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.7'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifi_vap_num_stations
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8
|
||||||
|
type: gauge
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifi_vap_index
|
||||||
|
type: gauge
|
||||||
|
lookups:
|
||||||
|
- labels: [unifi_vap_index]
|
||||||
|
labelname: unifi_vap_essid
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.6
|
||||||
|
type: DisplayString
|
||||||
|
- labels: [unifi_vap_index]
|
||||||
|
labelname: unifi_vap_radio
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9
|
||||||
|
type: DisplayString
|
||||||
|
- labels: []
|
||||||
|
labelname: unifi_vap_index
|
||||||
|
# - name: unifiVapNumStations
|
||||||
|
# oid: 1.3.6.1.4.1.41112.1.6.1.2.1.8
|
||||||
|
# type: gauge
|
||||||
|
# help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.8'
|
||||||
|
# indexes:
|
||||||
|
# - labelname: unifiVapIndex
|
||||||
|
# type: gauge
|
||||||
|
- name: unifiVapRadio
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.9
|
||||||
|
type: DisplayString
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.9'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiVapRxBytes
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.10
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.10'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiVapRxCrypts
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.11
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.11'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiVapRxDropped
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.12
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.12'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiVapRxErrors
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.13
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.13'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiVapRxFrags
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.14
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.14'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiVapRxPackets
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.15
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.15'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiVapTxBytes
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.16
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.16'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiVapTxDropped
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.17
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.17'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiVapTxErrors
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.18
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.18'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiVapTxPackets
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.19
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.19'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiVapTxRetries
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.20
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.20'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiVapTxPower
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.21
|
||||||
|
type: gauge
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.21'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiVapUp
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.22
|
||||||
|
type: gauge
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.1.2.1.22'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiVapUsage
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.1.2.1.23
|
||||||
|
type: DisplayString
|
||||||
|
help: guest or regular user - 1.3.6.1.4.1.41112.1.6.1.2.1.23
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiVapIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiIfIndex
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.1
|
||||||
|
type: gauge
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.1'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiIfIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiIfName
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.5
|
||||||
|
type: DisplayString
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.5'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiIfIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiIfRxBytes
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.6
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.6'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiIfIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiIfRxDropped
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.7
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.7'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiIfIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiIfRxError
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.8
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.8'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiIfIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiIfRxMulticast
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.9
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.9'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiIfIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiIfRxPackets
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.10
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.10'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiIfIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiIfTxBytes
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.12
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.12'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiIfIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiIfTxDropped
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.13
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.13'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiIfIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiIfTxError
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.14
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.14'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiIfIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiIfTxPackets
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.2.1.1.15
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.2.1.1.15'
|
||||||
|
indexes:
|
||||||
|
- labelname: unifiIfIndex
|
||||||
|
type: gauge
|
||||||
|
- name: unifiApSystemModel
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.3.3
|
||||||
|
type: DisplayString
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.3.3'
|
||||||
|
- name: unifiApSystemUptime
|
||||||
|
oid: 1.3.6.1.4.1.41112.1.6.3.5
|
||||||
|
type: counter
|
||||||
|
help: ' - 1.3.6.1.4.1.41112.1.6.3.5'
|
||||||
|
version: 3
|
||||||
|
auth:
|
||||||
|
security_level: authPriv
|
||||||
|
username: snmp_prometheus
|
||||||
|
password: {{ snmp_unifi_password }}
|
||||||
|
auth_protocol: SHA
|
||||||
|
priv_protocol: AES
|
||||||
|
priv_password: {{ snmp_unifi_password }}
|
4
roles/prometheus_federate/templates/update-motd.d/05-service.j2
Executable file
4
roles/prometheus_federate/templates/update-motd.d/05-service.j2
Executable file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
echo "> prometheus a été déployé sur cette machine."
|
||||||
|
echo " Voir /etc/prometheus/"
|
|
@ -106,12 +106,11 @@
|
||||||
|
|
||||||
- name: Install radius requirements (except freeradius-python3)
|
- name: Install radius requirements (except freeradius-python3)
|
||||||
shell:
|
shell:
|
||||||
cmd: "{{ item }}"
|
cmd: "cat apt_requirements_radius.txt | grep -v freeradius-python3 | xargs apt-get -y install"
|
||||||
chdir: /var/www/re2o/
|
chdir: /var/www/re2o/
|
||||||
loop:
|
|
||||||
- "cat apt_requirements_radius.txt | grep -v freeradius-python3 | xargs apt-get -y install"
|
|
||||||
- "pip3 install -r pip_requirements.txt"
|
|
||||||
|
|
||||||
|
- name: Install PyPi requirements for radius
|
||||||
|
command: "pip3 install -r /var/www/re2o/pip_requirements.txt"
|
||||||
|
|
||||||
# End of hideousness (hopefully).
|
# End of hideousness (hopefully).
|
||||||
|
|
||||||
|
|
|
@ -30,11 +30,19 @@
|
||||||
mode: 0644
|
mode: 0644
|
||||||
when: "'routeur-aurore' in ansible_hostname"
|
when: "'routeur-aurore' in ansible_hostname"
|
||||||
|
|
||||||
|
- name: Install ipset
|
||||||
|
apt:
|
||||||
|
name: ipset
|
||||||
|
update_cache: true
|
||||||
|
register: apt_result
|
||||||
|
retries: 3
|
||||||
|
until: apt_result is succeeded
|
||||||
|
|
||||||
- name: Install aurore-firewall (re2o-service)
|
- name: Install aurore-firewall (re2o-service)
|
||||||
import_role:
|
import_role:
|
||||||
name: re2o-service
|
name: re2o_service
|
||||||
vars:
|
vars:
|
||||||
service_repo: https://gitlab.federez.net/aurore/aurore-firewall.git
|
service_repo: https://gitea.auro.re/Aurore/aurore-firewall.git
|
||||||
service_name: aurore-firewall
|
service_name: aurore-firewall
|
||||||
service_version: aurore
|
service_version: aurore
|
||||||
service_config:
|
service_config:
|
||||||
|
|
|
@ -31,7 +31,7 @@ role = ['routeur']
|
||||||
### Specify each interface role
|
### Specify each interface role
|
||||||
|
|
||||||
interfaces_type = {
|
interfaces_type = {
|
||||||
'routable' : ['ens20', 'ens21'],
|
'routable' : ['ens20', 'ens21', 'ens23'],
|
||||||
'sortie' : ['ens19'],
|
'sortie' : ['ens19'],
|
||||||
'admin' : ['ens18']
|
'admin' : ['ens18']
|
||||||
}
|
}
|
||||||
|
@ -57,9 +57,53 @@ nat = [
|
||||||
},
|
},
|
||||||
'ip_sources' : '10.{{ subnet_ids.users_wired }}.0.0/16',
|
'ip_sources' : '10.{{ subnet_ids.users_wired }}.0.0/16',
|
||||||
'extra_nat' : {
|
'extra_nat' : {
|
||||||
'10.129.{{ apartment_block_id }}.{{ '1' if "backup" in inventory_hostname else '2' }}40' : '45.66.108.25{{
|
'ens19': {
|
||||||
|
'10.129.{{ apartment_block_id }}.{{ '1' if "backup" in inventory_hostname else '2' }}40' : '45.66.108.25{{
|
||||||
apartment_block_id }}',
|
apartment_block_id }}',
|
||||||
'10.129.{{ apartment_block_id }}.254' : '45.66.108.25{{ apartment_block_id }}'
|
'10.129.{{ apartment_block_id }}.254' : '45.66.108.25{{ apartment_block_id }}',
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
'name': 'Accueil',
|
||||||
|
'ip_sources': '10.{{ subnet_ids.users_accueil }}.0.0/16',
|
||||||
|
'extra_nat': {
|
||||||
|
'ens19': {
|
||||||
|
'10.{{ subnet_ids.users_accueil }}.1.0/24': '45.66.108.25{{ apartment_block_id }}',
|
||||||
|
'10.{{ subnet_ids.users_accueil }}.2.0/24': '45.66.108.25{{ apartment_block_id }}',
|
||||||
|
},
|
||||||
|
'ens23' : {
|
||||||
|
'10.{{ subnet_ids.users_accueil }}.1.0/24': '10.{{ subnet_ids.users_accueil }}.0.240',
|
||||||
|
'10.{{ subnet_ids.users_accueil }}.2.0/24': '10.{{ subnet_ids.users_accueil }}.0.240',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'extra_nat_group': {
|
||||||
|
'ens19': 'accueil_ens23_allowed',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
]
|
||||||
|
|
||||||
|
# ATTENTION: on doit avoir retry ≥ grace
|
||||||
|
# ATTENTION: il faut que ip_redirect gère tous les ports
|
||||||
|
# autorisés dans le profile re2o, sinon on laisse sortir
|
||||||
|
# du trafic
|
||||||
|
accueils = [
|
||||||
|
{
|
||||||
|
'iface': 'ens23',
|
||||||
|
'grace_period': 1800,
|
||||||
|
'retry_period': 86400,
|
||||||
|
'ip_sources': [
|
||||||
|
'10.{{ subnet_ids.users_accueil }}.1.0/24',
|
||||||
|
'10.{{ subnet_ids.users_accueil }}.2.0/24',
|
||||||
|
],
|
||||||
|
'ip_redirect': {
|
||||||
|
"tcp": {
|
||||||
|
"10.{{ subnet_ids.users_accueil }}.0.247": ["80", "443"],
|
||||||
|
}
|
||||||
|
},
|
||||||
|
'triggers': [
|
||||||
|
('4', 'tcp', '46.255.53.35', 443), # ComNPay
|
||||||
|
('4', 'tcp', '46.255.53.35', 80),
|
||||||
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
|
@ -41,9 +41,11 @@ nat = [
|
||||||
{
|
{
|
||||||
'name' : 'AdminVlans',
|
'name' : 'AdminVlans',
|
||||||
'extra_nat' : {
|
'extra_nat' : {
|
||||||
'10.129.0.254/32' : '45.66.111.{{ router_hard_ip_suffix }}',
|
'ens18': {
|
||||||
'10.128.0.0/16' : '45.66.111.{{ router_hard_ip_suffix }}',
|
'10.129.0.254/32' : '45.66.111.{{ router_hard_ip_suffix }}',
|
||||||
'10.130.0.0/16' : '45.66.111.{{ router_hard_ip_suffix }}'
|
'10.128.0.0/16' : '45.66.111.{{ router_hard_ip_suffix }}',
|
||||||
|
'10.130.0.0/16' : '45.66.111.{{ router_hard_ip_suffix }}',
|
||||||
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
|
@ -50,6 +50,9 @@ vrrp_instance VI_ROUT_{{ apartment_block }}_IPv4 {
|
||||||
|
|
||||||
# Wifi
|
# Wifi
|
||||||
10.{{ subnet_ids.users_wifi }}.0.254/16 brd 10.{{ subnet_ids.users_wifi }}.255.255 dev ens21 scope global
|
10.{{ subnet_ids.users_wifi }}.0.254/16 brd 10.{{ subnet_ids.users_wifi }}.255.255 dev ens21 scope global
|
||||||
|
|
||||||
|
# Accueil
|
||||||
|
10.{{ subnet_ids.users_accueil }}.0.254/16 brd 10.{{ subnet_ids.users_accueil }}.255.255 dev ens23 scope global
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -23,12 +23,14 @@ server:
|
||||||
interface: 10.{{ subnet_ids.ap }}.0.{{ dns_host_suffix }}
|
interface: 10.{{ subnet_ids.ap }}.0.{{ dns_host_suffix }}
|
||||||
interface: 10.{{ subnet_ids.users_wired }}.0.{{ dns_host_suffix }}
|
interface: 10.{{ subnet_ids.users_wired }}.0.{{ dns_host_suffix }}
|
||||||
interface: 10.{{ subnet_ids.users_wifi }}.0.{{ dns_host_suffix }}
|
interface: 10.{{ subnet_ids.users_wifi }}.0.{{ dns_host_suffix }}
|
||||||
|
interface: 10.{{ subnet_ids.users_accueil }}.0.{{ dns_host_suffix }}
|
||||||
|
|
||||||
|
|
||||||
# IPv6
|
# IPv6
|
||||||
interface: {{ ipv6_base_prefix }}:{{ subnet_ids.ap }}::0:{{ dns_host_suffix }}
|
interface: {{ ipv6_base_prefix }}:{{ subnet_ids.ap }}::0:{{ dns_host_suffix }}
|
||||||
interface: {{ ipv6_base_prefix }}:{{ subnet_ids.users_wired }}::0:{{ dns_host_suffix }}
|
interface: {{ ipv6_base_prefix }}:{{ subnet_ids.users_wired }}::0:{{ dns_host_suffix }}
|
||||||
interface: {{ ipv6_base_prefix }}:{{ subnet_ids.users_wifi }}::0:{{ dns_host_suffix }}
|
interface: {{ ipv6_base_prefix }}:{{ subnet_ids.users_wifi }}::0:{{ dns_host_suffix }}
|
||||||
|
interface: {{ ipv6_base_prefix }}:{{ subnet_ids.users_accueil }}::0:{{ dns_host_suffix }}
|
||||||
|
|
||||||
|
|
||||||
# By default, anything other than localhost is refused.
|
# By default, anything other than localhost is refused.
|
||||||
|
@ -36,12 +38,11 @@ server:
|
||||||
access-control: 10.{{ subnet_ids.ap }}.0.0/16 allow
|
access-control: 10.{{ subnet_ids.ap }}.0.0/16 allow
|
||||||
access-control: 10.{{ subnet_ids.users_wired }}.0.0/16 allow
|
access-control: 10.{{ subnet_ids.users_wired }}.0.0/16 allow
|
||||||
access-control: 10.{{ subnet_ids.users_wifi }}.0.0/16 allow
|
access-control: 10.{{ subnet_ids.users_wifi }}.0.0/16 allow
|
||||||
|
access-control: 10.{{ subnet_ids.users_accueil }}.0.0/16 allow
|
||||||
access-control: {{ ipv6_base_prefix }}::/32 allow # Fuck it... :)
|
access-control: {{ ipv6_base_prefix }}::/32 allow # Fuck it... :)
|
||||||
|
|
||||||
num-threads: {{ ansible_processor_vcpus }}
|
num-threads: {{ ansible_processor_vcpus }}
|
||||||
|
|
||||||
private-address: 10.0.0.0/8
|
|
||||||
|
|
||||||
# The host cache TTL affects blacklisting of supposedly bogus hosts.
|
# The host cache TTL affects blacklisting of supposedly bogus hosts.
|
||||||
# The default was 900 (15 minutes).
|
# The default was 900 (15 minutes).
|
||||||
infra-host-ttl: 60
|
infra-host-ttl: 60
|
||||||
|
|
|
@ -10,8 +10,19 @@
|
||||||
roles:
|
roles:
|
||||||
- passbolt
|
- passbolt
|
||||||
|
|
||||||
# Deploy reverse proxy
|
- hosts: reverseproxy
|
||||||
- hosts: proxy*.adm.auro.re
|
vars:
|
||||||
|
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
|
||||||
|
nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
|
||||||
|
reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
|
||||||
roles:
|
roles:
|
||||||
- certbot
|
- certbot
|
||||||
- nginx_reverseproxy
|
- nginx
|
||||||
|
|
||||||
|
- hosts: nginx,!reverseproxy
|
||||||
|
vars:
|
||||||
|
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
|
||||||
|
nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
|
||||||
|
roles:
|
||||||
|
- certbot
|
||||||
|
- nginx
|
||||||
|
|
4
utils/README.md
Normal file
4
utils/README.md
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
# Utils
|
||||||
|
|
||||||
|
A repository of Ansible Playbooks that are useful, as little script or various
|
||||||
|
utilities, but not used in production.
|
13
utils/re2o_mail_server.yml
Executable file
13
utils/re2o_mail_server.yml
Executable file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
# Deploy Re2o mail service
|
||||||
|
- hosts: mail.auro.re
|
||||||
|
vars:
|
||||||
|
service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git
|
||||||
|
service_name: mail-server
|
||||||
|
service_version: aurore
|
||||||
|
service_config:
|
||||||
|
hostname: re2o-test.adm.auro.re # use test instance for now, should be changed for prod!
|
||||||
|
username: service-user
|
||||||
|
password: "{{ vault_serviceuser_passwd }}"
|
||||||
|
roles:
|
||||||
|
- re2o-service
|
31
utils/reboot_needed_check.yml
Executable file
31
utils/reboot_needed_check.yml
Executable file
|
@ -0,0 +1,31 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Check if a reboot is required by the installation of some packages (ie kernel)
|
||||||
|
- hosts: localhost
|
||||||
|
tasks:
|
||||||
|
- name: Make sure local file exist but is empty # weird hack, I know
|
||||||
|
copy:
|
||||||
|
dest: /tmp/ansible_dump_reboot_needed.txt
|
||||||
|
content: ""
|
||||||
|
force: true
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- hosts: all,!unifi,!escalope.adm.auro.re,!loki.adm.auro.re,!viviane.adm.auro.re,!vpn-ovh.adm.auro.re
|
||||||
|
tasks:
|
||||||
|
# Register the output of the file /var/run/reboot-required.pkgs
|
||||||
|
- name: Register if boot is required
|
||||||
|
shell: if [ -e /var/run/reboot-required.pkgs ]; then cat /var/run/reboot-required.pkgs; fi
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- name: DEBUG
|
||||||
|
debug:
|
||||||
|
msg: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}"
|
||||||
|
when: result.stdout is defined
|
||||||
|
|
||||||
|
# Add info line by line
|
||||||
|
- name: Dump all info into the local file
|
||||||
|
delegate_to: localhost
|
||||||
|
lineinfile:
|
||||||
|
path: /tmp/ansible_dump_reboot_needed.txt
|
||||||
|
line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}"
|
||||||
|
when: result.stdout is defined
|
21
utils/version_check.yml
Executable file
21
utils/version_check.yml
Executable file
|
@ -0,0 +1,21 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Check for the distribution
|
||||||
|
- hosts: localhost
|
||||||
|
tasks:
|
||||||
|
- name: Make sure local file exist but is empty # weird hack, I know
|
||||||
|
copy:
|
||||||
|
dest: /tmp/ansible_dump_reboot_needed.txt
|
||||||
|
content: ""
|
||||||
|
force: true
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- hosts: all,!unifi
|
||||||
|
tasks:
|
||||||
|
# Add info line by line
|
||||||
|
- name: Dump all info into the local file
|
||||||
|
delegate_to: localhost
|
||||||
|
lineinfile:
|
||||||
|
path: /tmp/ansible_dump_dist_version.txt
|
||||||
|
line: "[{{ ansible_facts['nodename'] }}] {{ ansible_fqdn }} : {{
|
||||||
|
ansible_distribution }} {{ ansible_distribution_version }}"
|
Loading…
Reference in a new issue